EMS Internal Auditing

TRAINING OBJECTIVES

To provide sufficient
knowledge and tools to be
able to audit an ISO-14001
environmental management
system (EMS)
 TYPE OF AUDITS

First-party Audits – Internal Audits
• Conducted by or on behalf of the organization
for management review

Second-party Audits – External Audits
• Conducted by parties having interest in the
organization, such as customers, or by persons
on their behalf

Third-party Audits – External Audits
• Conducted by external, independent auditing
organizations, such as those providing
registration or certification
WHAT IS INTERNAL AUDITING?
 The assessment of processes to verify that
they are operating within planned
arrangements
- are procedures followed?
- are procedures effective for their purpose?
- do they meet the tenets of ISO 14001?
 Factual statements of observations backed
by evidence
 Evaluation of processes NOT people!
 WHY AUDIT?
WHAT IS THE OBJECTIVE?
• Conformance of EMS towards audit
criteria
• Checking proper implementation &
maintenance of EMS
• Identify areas for improvement
• Provide Feed back on EMS to
Management
 EVIDENCE & CONFORMANCE
Auditors collect EVIDENCE & evaluate it for
CONFORMANCE
Evidence :
• Something that proves or demonstrates a truth
• Is verifiable (the same evidence can be collected by
independent auditors)
• You can hold in your hand (record)

Conformance:
• Meeting Criteria (Requirements)
 EXERCISE 1: WHAT WOULD BE EVIDENCE OF
IMPLEMENTATION OF AN ISO 14001 EMS ?
Element Measure of Implementation
4.2 Environmental
Policy
4.3.2 Legal and
Other Requirements
4.3.3 Targets,
Objectives and
Programs
4.4.2 Competency,
Training and
Awareness
4.4.3 Communication
4.4.6 Operational
Control
4.4.7 Emergency
Preparedness and
Response
COLLECTING AUDIT EVIDENCE

Collect sufficient evidence through
interviews, examination of documents and
observation of activities and conditions

Information from interviews should be
verified through observations, independent
sources, records and existing measurements

Audit findings should be reviewed with
auditee to establish their factual basis
 EMS AUDIT INDICATORS

Adequacy of documents, procedures, programs,
records

Implementation/integration/consistency

Progress towards objectives and targets for:
- Compliance - Operational controls
- Reductions - Efficiencies
- Financial returns

Commitment by management to:
- Environmental policy - EMS

Awareness and competency of employees

Continual improvement of EMS
 SELECTION OF AUDITORS
Selection of auditors and conduct of
audits shall ensure:

Objectivity

Impartiality of the audit process

Auditors shall not audit their own work
 AUDITOR KNOWLEDGE
& SKILLS

ISO 14001 Requirements & Reference Docs

Auditing Techniques and Procedures

The System Being Audited

Applicable Laws, Regulations and Other
Requirements relevant to established
system
LEAD AUDITOR KNOWLEDGE & SKILLS

Lead auditor require additional generic knowledge and
skill to lead the efficient & effective conduct of the audit.

Plan Audit
• Insuring effective use of resources

Organize and direct team members
• Guidance to auditors-in-training

Communication
• Representing team in communications with Client and
Auditee
• Preventing and resolving conflicts
• Leading auditors to reach conclusions

Audit Report
• Prepare , complete, sign (if required)
 AUDITEE

Determine the need for the audit

Contacting the EMR to obtain his/her full
cooperation and initiating the audit process
with necessary facilities

Defining the objectives of the audit and
informing the employees

If appropriate, approving the composition
of the audit team and providing
competent staff to accompany the team

Continue…
 AUDITEE

Providing appropriate authority and
resources to enable the audit to be
conducted. This includes access to the
facilities, personnel, relevant information
and records as requested by the auditors

Consulting with the EMR to determine the
scope of the audit

Approving the EMS audit criteria

Approving the audit plan

Receiving the audit report and determining
its distribution
 INITIATING THE AUDIT
1. Audit Scope

The extent and boundaries of the audit in terms
of factors such as physical location and
organizational activities as well as the manner of
reporting

The scope of the audit is determined by the
management and EMR

The auditee should normally be consulted when
determining the scope of the audit

The resources committed to the audit should be
sufficient to meet its intended scope
 INITIATING THE AUDIT
2. Preliminary Document Review

At the beginning of the audit process, the EMR
should review the organization’s documentation
such as environmental policy statements,
programs, records or manuals for meeting its EMS
requirements.

Use should be made of all appropriate
background information on the auditees
 PREPARING THE AUDIT
1. Audit Plan

The audit plan should include:
 Audit objectives and scope
 Audit criteria
 Area to be audited
 Key personnel in EMS
 High audit priority concerns
 Applicable procedures/manuals
 Reference documents
 Time duration of major audit activities
 Dates and places where the audit is to be conducted
 Audit team
 Schedule of meetings
 PREPARING THE AUDIT

Audit plan should be communicated to
auditees, and audit-team members. The
auditee should review and confirm the plan

Any objections from auditee must be resolved
(by the EMR)
 PREPARING THE AUDIT
2. Audit Team Assignments

As appropriate, each audit-team member
should be assigned specific EMS elements,
functions, or activities to audit and be
instructed on the audit procedure to
follow. Such assignments should be made
by the EMR, in consultation with the audit-
team members concerned. During the
audit, the EMR may make changes to the
work assignments to ensure optimal
achievement of the audit objectives
 PREPARING THE AUDIT
3. Working Document

The working documents required to facilitate the
auditor’s investigations may include:
• Forms for documenting supporting audit
evidence and audit findings
• Procedures and checklists used for evaluating
EMS elements
• Records of meetings
• Copies of applicable standards to be followed

Working documents should be maintained at

least until completion of the audit
 SAMPLE OF AUDIT CHECKLIST

4.3.2 Regulatory Requirements
• Verify requirements are in place and
managed
• See if legal requirement are in Standard
Operating Procedures (related to significant)
• Verify training has been conducted
• Check identifiers are in place and linked
• Determine if communicated to employees
• Verify accessible and available
• Verify appropriate links to related documents
 CONDUCTING THE AUDIT
1. Opening Meeting
An opening meeting is required. The purpose is to:

Review the scope, objectives and audit plan and
agree to the audit timetable

Provide a short summary of the methods and
procedures to be used to conduct the audit

Confirm that the resources and facilities needed
by the auditor are available

Confirm the time and date of the closing meeting

Promote the active participation by the auditee

Review relevant site safety and emergency
procedures before the site audit
 CONDUCTING THE AUDIT
2. Collecting Audit Evidence

Audit evidence should be collected through
interviews, examination of documents and
observation of activities and conditions.

Indications of nonconformity to the EMS audit
criteria should be recorded

Information gathered through interviews should
be verified by acquiring supporting information
from independent sources, such as observations,
records and results of existing measurements.

Appropriate samples should be collected
 CONDUCTING THE AUDIT
3. Audit Findings

The audit-team should review all of their audit evidence
to determine where the EMS does not conform to the
EMS audit criteria.

Nonconformities should be documented in a clear, concise
manner and supported by audit evidence.

Audit findings should be reviewed with the responsible
auditee manager with a view to obtaining
acknowledgement of the factual basis of all findings of
nonconformities

If within the agreed scope, details of audit findings of
conformity may also be documented, but with due care
to avoid any implication of absolute assurance
 CONDUCTING THE AUDIT
4. Closing Meeting

Required before writing the report

Purpose is to present audit findings to the auditee in
such a manner as to obtain their clear understanding
and acknowledgement of the factual basis of the
audit findings

Disagreement should be resolved, if possible before
EMR issues the report

Final decisions on the significance and description of
the audit findings ultimately rest with the EMR,
though the auditee may still disagree with these
findings
 AUDIT REPORTING
1. Preparation of the Audit Report

The audit report is prepared under the direction
of the EMR, who is responsible for its accuracy
and completeness

The topics to be addressed in the audit report
should be those determined in the audit plan
 AUDIT REPORTING
2. Contents
• Dated and signed by the EMR
• Should contain findings/summary with reference to supporting
evidences
• The agreed objectives, scope and plan of the audit
• The agreed criteria, including a list of reference documents
against which the audit was conducted
• Dates and times
• Identification of the auditees' representatives participating in
the audit
• The identification of the audit-team members
• Distribution list
• Summary of the audit process including any obstacles
encountered
• Audit conclusions on conformance, suitability, and effectiveness
TRACE FORWARD AUDIT APPROACH
 Activity
 Aspect
 Legal Requirement
 Significant Aspect
 Objective(s) & Target(s)
 Management Program
 Operational Controls
 Performance Indicators
 Management Review
 Records
 THE AUDIT INTERVIEW
 Auditor introductions
 Discuss purpose of audit
 Discuss procedure
• Notes taken
• Reports will be issued
• Corrective actions may be implemented
 Opening questions
• Tell me about your Job?
• Policy, Emergency, Training Questions
 Leading questions (if needed)
 Thank auditee
AUDITING QUESTIONS – DO’S AND DON’TS
 Try Not to ask Yes or No Questions?
• If you do, follow up the questions by asking
for proof (evidence)
 Use Broad, Open Ended Questions, such as
• Describe to Me ..
• Walk me through how you do this
• How do you ….
• Show me …
 Keep the Burden of Proof on the auditee (don’t
give them the answer)
 You may have to lead them if they don’t cover
the material
• i.e., Do you have any environmental work
instructions?
DESIRABLE AUDITOR ATTRIBUTES
 Knowledge
• Of management principles and practices
• Of requirements
• Of techniques
 Sound judgment
 Patience and interest
 Communicates at all levels
 Good listener
 Honest and courteous
 Organized
 Professional
UNDESIRABLE AUDITOR ATTRIBUTES
 Argumentative and opinionated
 Inflexible and jumps to conclusions
 Easy to influence (believes everything)
 Lazy, lacks desire, poor planner
 Non-communicative
 Insincere
 Devious exercise
 Nonprofessional