Internal Auditing

The Purpose of Auditing

To ensure the organisation is

continually improving its

EMS and environmental

performance

A systematic and documented verification

process of objectively obtaining and

evaluating audit evidence to determine

whether an organisation’s EMS conforms

with the EMS audit criteria set by the

organisation (i.e., ISO 14001), and

communicating the results of this process

to management

The Definition of Auditing

Some Key Words In The Audit Process

Systematic: organized, methodical, planned

Documented: recorded in writing

Verification: information is confirmed, cross-checked, validated

Objective: independent, unbiased, no conflict of interest

Evaluating: assessing

Evidence: verified observations, verified verbal and written information

The Objectives Of The Audit

Identify opportunities for improving the EMS

Assess: whether the EMS has been implemented and maintained effectively

whether the EMS meets industry requirements, and the principles of due diligence

The Implementation Steps

The Audit Schedule determines the timing and frequency of the specific elements to be audited

The Auditors Checklist outlines the audit questions

for the specific element to be audited

The Audit is conducted with the responsible person

The Audit Report is completed

Please Review The Complete Guide To ISO14001

Audit Schedule

Audit Checklist

Corrective Action Request

The Environmental Representative will assign the responsibility for specific audits

The Audit Schedule

The Audit Schedule identifies the timing and the frequency of the mandatory audits of each

of the individual elements of the standard

The schedule is prepared by the Environmental Representative in accordance

with the Internal Audit procedure

Audit Preparation

The Auditor must have a detailed

understanding of the requirements of the

standard

Please review Section 2 –

Requirements in The Complete Guide

To ISO14001

The Auditor uses a prepared set of questions

designed to ensure that all of the requirements of

a specific element are examined during the

course of the audit.

The Audit Checklist

The Auditor may ask additional questions based

on observations made during the audit.

The Auditor records observations in the space

provided

Observations

The Auditor assigns a Pass or Fail for the

question based on the objective evidence

Corrective Action

A Non Conformance Report must be raised for

each question assigned a Fail

Corrective Action

Section 16 –Non Conformance

Section 17 –Internal Audit

ISO19011 –Guidelines For Auditing

Please Review The Complete Guide To ISO14001

Non Conformance

A non-conformance means that something went wrong – a problem has occurred and needs to be addressed

Non-conformances are addressed with corrective actions.

What is a Major Non-Conformance?

A deficiency that seriously impairs the effectiveness of the EMS

Examples:

• An element of ISO 14001 not implemented

• Procedures not developed or not implemented

• Failure to take corrective or preventive action

• Several minor non-conformances

What is a Minor Non-Conformance?

A minor deficiency that does not seriously impair the effectiveness of the EMS

Examples:

• One or a few individuals (out of many) do not use a procedure correctly

• Procedure needs minor changes to be effective

• One or a few records incomplete

Corrective action fixes the immediate problem (e.g.,

repair a leaking valve)

Preventive action is designed to stop the

problem occurring again, or stop problems before

they happen (e.g., improved maintenance

procedures)

Effective preventive actions are a key to

CONTINUAL IMPROVEMENT

What are Correctiveand Preventive Actions?

ISO 14001 Non-ConformanceCorrective and Preventive Action says:

The organisation shall establish and maintain procedures for defining responsibility and authority for handling and investigating non-conformance, taking action to mitigate any impacts caused, and for initiating and completing corrective and preventive action

ISO 14001 4.5.2 also says:

Any corrective and preventive action taken to eliminate the causes of actual and potential non-conformances shall be appropriate to the magnitude of problems and commensurate with the environmental impact encountered

Steps to Identify andCorrect Non-Conformance

• Identify problem through routine inspection, monitoring, audit findings, trend analysis, employee comments, complaint, experience

• Investigate problem and its underlying causes. Involve persons with first-hand knowledge of the issues, and authority to achieve solutions

• Identify best solution(s) and persons responsible for implementing them

• Ensure solution is adequate for the size and nature of the problem, i.e., fix the underlying cause(s) once and for all

• Follow-up with monitoring to confirm that implemented solution is effective long-term

• Involve people throughout with sufficient influence to 'make things happen' promptly

Steps to Identify andCorrect Non-Conformance

Non-Conformance InvestigationExample

Problem:

• Environmental monitoring results not submitted to the government on time

Possible underlying causes

• Responsibility for reporting not clearly communicate

• Inadequate training or awareness of reporting schedule requirements

• Written procedure not available

• Insufficient supervision and checking

Principles of Corrective and Preventive Action

Don't ignore problems and hope they'll go away

Ask:Who? What? When? How? Where? WHY?

until you arrive at the root cause of the problem

Fix deficiencies in the system, not just symptoms of the problem

One More Thing fromISO 14001 4.5.2

The organisation shall implement and record any changes in the documented procedures resulting from corrective and preventive action

This means that procedures must be kept up to date (i.e., maintained) to include new actions required to prevent previous problems

Consequences of Non-Conformance

MAJOR NON-CONFORMANCERegistration to ISO 14001 delayed until problem is

corrected and re-audited

MINOR NON-CONFORMANCECan receive registration to ISO 14001 but must commit

to fix problem within 60 days;correction will be confirmed on next audit

More Consequences of Non-Conformance

EMS is an inter-dependent system; if one component is defective, the whole system is broken

One problem usually leads to another; pay now or pay much more later if first problem, and underlying

causes, is not fixed quickly

Essential Elements of Corrective & Preventative Action

Need open communication, without fear of punishment for identifying a non-

conformance

Need somebody with authority in charge of responding to non-conformances

Need thorough investigation of symptoms and underlying causes of each non-

conformance involving knowledgeable persons and those affected by the non-

conformance

Need identification and implementation of lasting solutions that change the system (i.e., the way things are done), not just the

symptoms

Need follow-up to ensure the solution provides lasting improvement

Need update documented procedures to include corrective and preventive actions

Essential Elements of Corrective & Preventative Action

Management Review

Purpose

• Top management meets to review and assess the EMS

• Management Reviews are major opportunities for top management to:

• reaffirm commitment to continual improvement

• demonstrate environmental leadership

The organisation's top management shall, at intervals it determines, review the EMS to ensure

its continuing suitability, adequacy, andeffectiveness. The management review process shall ensure that the necessary information is

collected to allow management to carry out this evaluation.

This review shall be documented

ISO14001 Requires That:

Top management must:• hold regular Management Reviews to assess the

suitability and effectiveness of the EMS and the Environmental Policy; and base their discussions on reviews of:

• the results of environmental audits• non-conformances, corrective and preventive actions• progress towards objectives and targets• other relevant information about the EMS

Management Review

Overview

Management Responsibility

Management Review Reviewed

How often?

• Not less than once per year, preferably more frequently

• EF18 calls for Management Review on a twice yearly basis

Who should be involved?

• Senior executives at the facility, including the CEO (i.e., guiding minds of the organisation)

How long should the review take?

• As much time as is needed for thorough discussion and decision making

• At least half a day

The management review shall address the possible need for changes to policy , objectives and other elements of

the EMS in the light of EMS audit results, changing circumstances, and the commitment to continual

improvement

ISO14001 Requires That:

Management Review Input

• Attendance by all top management and the Environmental Management Representative

• Pre-meeting review by management of:• Environmental Policy• EMS audit reports• Non-conformances, corrective and preventive

actions• Progress towards objectives and targets• Meeting agenda and briefing notes on key

issues

Format of a Management

Review Meeting

• Summary of key issues in pre-meeting materials by the Environmental Management Representative

• Discussion by top management of:• continued suitability of the Environmental

Policy and of environmental objectives and targets, taking into account business, production, legal, economic, social, and technological changes

• concerns of interested parties

• Discussion by top management of:• types of, and trends in, non-conformances• effectiveness of corrective and preventive

actions, considering need for due diligence• resources needed to maintain the EMS, and for

continual improvement in the EMS and in environmental performance

• the vision for environmental management at the facility

Format of a Management

Review Meeting

Management reviews must consider changes in :

• legislative requirements• business and economic conditions• the organisation's products or services• technology• public opinion and societal needs

Top management must allocate adequate resources to maintain the EMS and achieve continual improvement

Format of a Management

Review Meeting

Management Review Outcomes

Documented minutes of discussions and decisions reached

Action plans, with responsibilities, deadlines, and required resources

Date of next meeting, taking into account the current 'health' of the EMS and priorities

Please Review The Complete Guide To ISO14001

Section 19 -Management Review

Standard Agenda

Management Review Record