Auditing 101A guide to auditing of environmental and social

Standards

1

Useful Terminology

Term Meaning

Certification Scheme The entity responsible for developing and deciding on the requirements, procedures, and management of the certification.

Certification System(Certification Body)

The entity that is responsible for conducting assessments of products/operations against a set of requirements.

Conformance Occurs when a product or company is determined through an assessment to meet a specific requirement.

Audit (assessment)

An evidence gathering process. The evaluation of a product, system or company against a set of requirements.

Certification A third-party confirmation that specific requirements have been met.

Standard Set of rules or requirements that a product or company must meet in order to be certified.

2

What is an Audit?

• An audit is a systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled.

• In order to do an audit, you must have the following:– Standard: the specific set of requirements that a product,

system, site or company must meet.– Auditor(s): the independent individual(s) that evaluate

whether the entity is in conformance with these requirements.

– Certification System: the processes and procedures for how audits are conducted, and certification decisions made.

3

Qualities of an effective audit

An AUDIT and the AUDITORS must be:

• Objective: Decisions are based on evidence collected. Multiple auditors should be able to evaluate the evidence and come to the same conclusion.

• Impartial: There is no bias towards any particular interest, perspective, or viewpoint.

• Independent: There is no substantive or perceived relationship between the auditor and auditee.

• Competent: The auditor conducting the audit must have the skills, knowledge and experience in order to evaluate evidence objectively and impartially and come to a conclusion around conformance.

4

Who is involved in an audit?

• Certification scheme: the owner and developed of the requirements, rules and procedures that must be followed for certification.

• Certification body (system): the certification system is the collection of processes and procedures that define how sites are evaluated against the standard. These are delivered by the ‘certification body’.

• Applicant/Company/Site: the entity undergoing assessment against the standard.

• Auditor: The individual(s) that are evaluating the site against the standard.

• Stakeholders: any and all individual or organization that is interested in providing feedback or comment regarding the site’s conformance to the standard.

• Certificate holder: what you call an applicant/company/site once they have been assessed against the standard, found in conformance, and have been issued a certificate. 5

Typical Audit Process

1. Application: Auditee expresses an interest in being assessed.2. Audit Plan: The certification body prepares the audit plan, in

discussion with the auditee.3. Pre-audit preparation: The auditor(s) collect evidence, contact

stakeholders and prepare for the on-site audit.4. Field Audit: The auditor(s) goes to the site to evaluate evidence.5. Report writing: The auditor(s) analyses the evidence and identifies

any non-conformances.6. Peer review: A qualified individual, other than the auditor(s), reviews

the report. 7. Certification Decision: The certification body decides whether the

applicant has met all of the requirements of the assessment, based on the auditor(s) report.

8. Monitoring: The certified site is assessed on a regular basis to confirm continued conformance with requirements.

6

Audit Scope and Plan

• The Audit Scope identifies the focus, extent,and boundary of a particular audit.

• This may include the:– Standard requirements;– physical locations;– organizational units; and/or– time period covered

• An audit plan explains the activities and timelines that will be followed for a particular audit.

7

Audit Evidence

• Audit evidence is any record, factual statement of other verifiable information related to the audit criteria (e.g. Standard, policies, procedures)

• Audit evidence can be either qualitative or quantitative. It is gathered through:

– Direct observation

– Document review

– Interviews

8

Conclusion

Documentation

ObservationsInterviews

Conformance

• Conformance is the act of meeting the established requirement.

• To make a determination of conformance, auditors must: – Gather evidence of such quantity and quality that

another auditor given the same information would reach the same conclusion.

– Triangulate evidence by looking for multiple pieces of evidence that support the same conclusion. 9

Non-conformance

Non-conformance is the failure to meet an established requirement. These can be Minor or Major.

10

Minor Non-Conformance Major Non-Conformance

• Is a temporary lapse, or • Continues over a long period of time, or

• Is unusual and non-systematic, or • Repeated or systematic, or

• Impacts of non-conformance are limited in temporal and spatial scale, and

• Affects a wide portion of operation, or

• Prompt corrective action has been taken to ensure that it will not be repeated

• Are not corrected or adequately responded to by the operation managers once they have been identified.

• Does not result in a fundamental failure. •A series of minors cumulate to indicate a fundamental failure.

Certificate Issuance

• It is the certification scheme that decides the rules for issuing, withdrawing or suspending a certificate.

• It is the certification body that makes the decision as to whether a certificate will be granted (i.e. when the rules identified by the cert. scheme have been met).

• Once a certificate is issued, the company will have to demonstrate continued conformance with the requirements, through regular audits. There may also be requirements for logo and/or label use.

11

Monitoring

• For all schemes, monitoring of a certificate holders’ continued conformance with the requirements is necessary for them to maintain certification.

• The frequency of monitoring depends upon the certification scheme.

• The scope of ‘surveillance’ or ‘observation’ audits may be less than for initial ‘evaluation’ audits.

• A certificate can be suspended or terminated based on the results of surveillance audits.

12

References and Resources

• Definitions and terminology provided here are based on ISO. For more, visit www.iso.org.

– ISO 19011: 2011 (Guidelines for auditing management systems)

13