Internal Auditing - training.iso14001certification.com · organisation (i.e., ISO 14001), and...
Transcript of Internal Auditing - training.iso14001certification.com · organisation (i.e., ISO 14001), and...
Internal Auditing
The Purpose of Auditing
To ensure the organisation is
continually improving its
EMS and environmental
performance
A systematic and documented verification
process of objectively obtaining and
evaluating audit evidence to determine
whether an organisation’s EMS conforms
with the EMS audit criteria set by the
organisation (i.e., ISO 14001), and
communicating the results of this process
to management
The Definition of Auditing
Some Key Words In The Audit Process
Systematic: organized, methodical, planned
Documented: recorded in writing
Verification: information is confirmed, cross-checked, validated
Objective: independent, unbiased, no conflict of interest
Evaluating: assessing
Evidence: verified observations, verified verbal and written information
The Objectives Of The Audit
Identify opportunities for improving the EMS
Assess: whether the EMS has been implemented and maintained effectively
whether the EMS meets industry requirements, and the principles of due diligence
The Implementation Steps
The Audit Schedule determines the timing and frequency of the specific elements to be audited
The Auditors Checklist outlines the audit questions
for the specific element to be audited
The Audit is conducted with the responsible person
The Audit Report is completed
Please Review The Complete Guide To ISO14001
Audit Schedule
Audit Checklist
Corrective Action Request
The Environmental Representative will assign the responsibility for specific audits
The Audit Schedule
The Audit Schedule identifies the timing and the frequency of the mandatory audits of each
of the individual elements of the standard
The schedule is prepared by the Environmental Representative in accordance
with the Internal Audit procedure
Audit Preparation
The Auditor must have a detailed
understanding of the requirements of the
standard
Please review Section 2 –
Requirements in The Complete Guide
To ISO14001
The Auditor uses a prepared set of questions
designed to ensure that all of the requirements of
a specific element are examined during the
course of the audit.
The Audit Checklist
The Auditor may ask additional questions based
on observations made during the audit.
The Auditor records observations in the space
provided
Observations
The Auditor assigns a Pass or Fail for the
question based on the objective evidence
Corrective Action
A Non Conformance Report must be raised for
each question assigned a Fail
Corrective Action
Section 16 –Non Conformance
Section 17 –Internal Audit
ISO19011 –Guidelines For Auditing
Please Review The Complete Guide To ISO14001
Non Conformance
A non-conformance means that something went wrong – a problem has occurred and needs to be addressed
Non-conformances are addressed with corrective actions.
What is a Major Non-Conformance?
A deficiency that seriously impairs the effectiveness of the EMS
Examples:
• An element of ISO 14001 not implemented
• Procedures not developed or not implemented
• Failure to take corrective or preventive action
• Several minor non-conformances
What is a Minor Non-Conformance?
A minor deficiency that does not seriously impair the effectiveness of the EMS
Examples:
• One or a few individuals (out of many) do not use a procedure correctly
• Procedure needs minor changes to be effective
• One or a few records incomplete
Corrective action fixes the immediate problem (e.g.,
repair a leaking valve)
Preventive action is designed to stop the
problem occurring again, or stop problems before
they happen (e.g., improved maintenance
procedures)
Effective preventive actions are a key to
CONTINUAL IMPROVEMENT
What are Correctiveand Preventive Actions?
ISO 14001 Non-ConformanceCorrective and Preventive Action says:
The organisation shall establish and maintain procedures for defining responsibility and authority for handling and investigating non-conformance, taking action to mitigate any impacts caused, and for initiating and completing corrective and preventive action
ISO 14001 4.5.2 also says:
Any corrective and preventive action taken to eliminate the causes of actual and potential non-conformances shall be appropriate to the magnitude of problems and commensurate with the environmental impact encountered
Steps to Identify andCorrect Non-Conformance
• Identify problem through routine inspection, monitoring, audit findings, trend analysis, employee comments, complaint, experience
• Investigate problem and its underlying causes. Involve persons with first-hand knowledge of the issues, and authority to achieve solutions
• Identify best solution(s) and persons responsible for implementing them
• Ensure solution is adequate for the size and nature of the problem, i.e., fix the underlying cause(s) once and for all
• Follow-up with monitoring to confirm that implemented solution is effective long-term
• Involve people throughout with sufficient influence to 'make things happen' promptly
Steps to Identify andCorrect Non-Conformance
Non-Conformance InvestigationExample
Problem:
• Environmental monitoring results not submitted to the government on time
Possible underlying causes
• Responsibility for reporting not clearly communicate
• Inadequate training or awareness of reporting schedule requirements
• Written procedure not available
• Insufficient supervision and checking
Principles of Corrective and Preventive Action
Don't ignore problems and hope they'll go away
Ask:Who? What? When? How? Where? WHY?
until you arrive at the root cause of the problem
Fix deficiencies in the system, not just symptoms of the problem
One More Thing fromISO 14001 4.5.2
The organisation shall implement and record any changes in the documented procedures resulting from corrective and preventive action
This means that procedures must be kept up to date (i.e., maintained) to include new actions required to prevent previous problems
Consequences of Non-Conformance
MAJOR NON-CONFORMANCERegistration to ISO 14001 delayed until problem is
corrected and re-audited
MINOR NON-CONFORMANCECan receive registration to ISO 14001 but must commit
to fix problem within 60 days;correction will be confirmed on next audit
More Consequences of Non-Conformance
EMS is an inter-dependent system; if one component is defective, the whole system is broken
One problem usually leads to another; pay now or pay much more later if first problem, and underlying
causes, is not fixed quickly
Essential Elements of Corrective & Preventative Action
Need open communication, without fear of punishment for identifying a non-
conformance
Need somebody with authority in charge of responding to non-conformances
Need thorough investigation of symptoms and underlying causes of each non-
conformance involving knowledgeable persons and those affected by the non-
conformance
Need identification and implementation of lasting solutions that change the system (i.e., the way things are done), not just the
symptoms
Need follow-up to ensure the solution provides lasting improvement
Need update documented procedures to include corrective and preventive actions
Essential Elements of Corrective & Preventative Action
Management Review
Purpose
• Top management meets to review and assess the EMS
• Management Reviews are major opportunities for top management to:
• reaffirm commitment to continual improvement
• demonstrate environmental leadership
The organisation's top management shall, at intervals it determines, review the EMS to ensure
its continuing suitability, adequacy, andeffectiveness. The management review process shall ensure that the necessary information is
collected to allow management to carry out this evaluation.
This review shall be documented
ISO14001 Requires That:
Top management must:• hold regular Management Reviews to assess the
suitability and effectiveness of the EMS and the Environmental Policy; and base their discussions on reviews of:
• the results of environmental audits• non-conformances, corrective and preventive actions• progress towards objectives and targets• other relevant information about the EMS
Management Review
Overview
Management Responsibility
Management Review Reviewed
How often?
• Not less than once per year, preferably more frequently
• EF18 calls for Management Review on a twice yearly basis
Who should be involved?
• Senior executives at the facility, including the CEO (i.e., guiding minds of the organisation)
How long should the review take?
• As much time as is needed for thorough discussion and decision making
• At least half a day
The management review shall address the possible need for changes to policy , objectives and other elements of
the EMS in the light of EMS audit results, changing circumstances, and the commitment to continual
improvement
ISO14001 Requires That:
Management Review Input
• Attendance by all top management and the Environmental Management Representative
• Pre-meeting review by management of:• Environmental Policy• EMS audit reports• Non-conformances, corrective and preventive
actions• Progress towards objectives and targets• Meeting agenda and briefing notes on key
issues
Format of a Management
Review Meeting
• Summary of key issues in pre-meeting materials by the Environmental Management Representative
• Discussion by top management of:• continued suitability of the Environmental
Policy and of environmental objectives and targets, taking into account business, production, legal, economic, social, and technological changes
• concerns of interested parties
• Discussion by top management of:• types of, and trends in, non-conformances• effectiveness of corrective and preventive
actions, considering need for due diligence• resources needed to maintain the EMS, and for
continual improvement in the EMS and in environmental performance
• the vision for environmental management at the facility
Format of a Management
Review Meeting
Management reviews must consider changes in :
• legislative requirements• business and economic conditions• the organisation's products or services• technology• public opinion and societal needs
Top management must allocate adequate resources to maintain the EMS and achieve continual improvement
Format of a Management
Review Meeting
Management Review Outcomes
Documented minutes of discussions and decisions reached
Action plans, with responsibilities, deadlines, and required resources
Date of next meeting, taking into account the current 'health' of the EMS and priorities
Please Review The Complete Guide To ISO14001
Section 19 -Management Review
Standard Agenda
Management Review Record