Audit

1
Audit

• Audit, Oxford English Dictionary
• To make an official systematic examination of
  (accounts), so as to ascertain their accuracy.

2
Audit

• An environmental audit consists of collecting and
  assessing audit evidence in order to determine
  whether or not the audit subject matter conforms
  with the audit criteria.
• It is a tool that is used to check whether a
  company is doing what it should be doing.

3
Audit

• There are many reasons to conduct an audit and
  they will be reflected in the scope and
  objectives of the audit.
• Pre-aquisition or conveyance audits
• Regulatory compliance audits
• Environmental management system audits
• Total environmental risk audits
• Green audits
• Specific topic audits

4
Audit

• Pre-aquisition or conveyance audits
• to determine liability of new acquisitions
• Regulatory compliance audits
• to determine compliance with laws and regulations

5
Audit

• Environmental management system audits
• to evaluate environmental performance and
  conformance with environmental management system

6
Audit

• Total environmental risk audits
• all the above to give an overview of historical,
  current and future environmental performance
• Green audits
• all the above plus such organizational aspects
  such as life cycle assessment
• Specific topic audits

7
Audit

• Qualities needed in an auditor
• Independence
• Impartiality
• Inquisitiveness
• Integrity

8
Audit

• The parties involved in an audit
• Auditee - the organization to be audited
• Audit team - the group of auditors, or a single
  auditor designated to perform a given audit. The
  leader of the team is known as the lead auditor
• Client - the organization commissioning the audit

9
EMS Audit

• ISO14001 - The organisation shall establish and
  maintain (a) programme(s) and procedures for
  periodic environmental management system audits
  to be carried out.

10
EMS Audit

• to determine whether or not the system
• conforms to planned arrangements for
  environmental management including the
  requirements of this International Standard and
• has been properly implemented and maintained and
• to provide information on the results of audits
  to management

11
EMS Audit

• The organisations audit programme, including any
  schedule, shall be based on the environmental
  importance of the activity concerned and the
  results of previous audits. In order to be
  comprehensive, the audit procedures shall cover
  the audit scope, frequency and methodologies, as
  well as the responsibilities and requirements for
  conducting audits and reporting results.

12
EMS audit process

1. initiating the audit
2. preparing the audit
3. executing the audit
4. audit reports and records

13
Initiating the audit

• Define audit objectives
• Appoint the lead auditor
• Preliminary document review
• Appointing the audit team

14
Initiating the audit

• Define audit objectivesThe first step in the
  auditing process is to define the objectives of
  the audit.
• According to ISO 14011 it is the responsibility
  of the client (i.e. the organization
  commissioning the audit) to set the audit
  objectives.

15
Initiating the audit

• Appoint the lead auditorThe lead auditor will
  either be an external auditor or an employee who
  has been trained to fulfil this role (in many
  companies this is the environmental manager).

16
Initiating the audit

• Preliminary document reviewThe lead auditor
  needs to review the companys EMS documentation -
  e.g. environmental policy statements, programmes,
  records and manuals in order to assess whether or
  not there is sufficient and appropriate
  information about the EMS to undertake the audit.

17
Initiating the audit

• Appointing the audit teamHaving decided that the
  audit can go ahead, the lead auditor should, if
  they are needed, appoint other auditors to assist
  in carrying out the audit. Depending on your
  companys approach, the audit team will consist
  of either external auditors or staff members that
  have received the necessary auditing training.

18
Preparing the audit

• Audit plan
• Audit team assignments
• Working documents

19
Preparing the audit

• Audit planThe plan should include, if applicable
  
• the audit objectives and scope
• the audit criteria
• identification of the organizational units to be
  audited
• identification of those elements of the EMS that
  are of high audit priority

20
Preparing the audit

• the audit procedures to be used
• identification of reference documents
• the expected time and duration for major audit
  activities
• the dates and places where the audit is to be
  conducted
• identification of audit team members

21
Preparing the audit

• the schedule of meetings to be held with
  management
• confidentiality requirements
• content, format, structure, expected date of
  issue and distribution of the audit report
• document retention requirements

22
Preparing the audit

• Audit team assignmentsThe lead auditor, in
  consultation with audit team, should assign the
  various members to specific EMS elements or
  activities and instruct them on the audit
  procedures to be followed.

23
Preparing the audit

• Working documentsThe lead auditor needs to
  coordinate the preparation of the working
  documents required to undertake the audit
• forms for documenting supporting evidence and
  audit findings
• procedures and checklists used for evaluating EMS
  elements
• records of meetings

24
Executing the audit

• Opening meeting
• Collecting evidence
• Auditing findings
• Closing meeting

25
Executing the audit

• Opening meetingThe purpose of the opening
  meeting is to
• introduce the members of the audit team to your
  companys management
• review the scope, objectives and audit plan and
  agree on an audit timetable
• provide a short summary of the methods and
  procedures to be used to conduct the audit

26
Executing the audit

• establish the official communication links
  between the audit team and your MD
• confirm that the resources and facilities needed
  by the audit team are available
• confirm the time and date for the closing
  meeting
• promote the active participation of company staff
  in the audit
• review relevant site, safety and emergency
  procedures for the audit team.

27
Executing the audit

• Collecting evidenceSufficient audit evidence
  should be collected to be able to determine
  whether or not your EMS conforms to the EMS audit
  criteria through
• interviews
• examination of documents
• observation of activities and conditions

28
Executing the audit

• Information gathered through interviews should be
  verified by acquiring supporting information from
  independent sources, such as observations,
  records and results of existing measurements.
• Non verifiable information should be identified
  as such.
• Indications of non-conformity with any EMS audit
  criteria should be recorded.

29
Executing the audit

• Auditing findingsHaving collected the audit
  evidence, the audit team needs to review it in
  order to determine instances where the EMS does
  not conform to the audit criteria.
• Non-conformities should be documented in a clear,
  concise manner and supported by audit evidence.

30
Executing the audit

• The audit findings should be reviewed with the
  person responsible for the EMS with a view to
  obtaining acknowledgement from him/her of the
  factual basis of all findings of non-conformity.

31
Executing the audit

• Findings of conformity can also be documented, if
  within the agreed scope of the audit. However
  care needs to be taken that no absolute assurance
  of conformity is given or implied.

32
Executing the audit

• Closing meetingPrior to preparing the audit
  report, the audit team should hold a meeting with
  those responsible for the functions audited.

33
Executing the audit

• The main purpose of this meeting is for the team
  to present the audit findings with a view to
  ensuring that they are fully understood and to
  obtaining an acknowledgement of the factual basis
  of the findings.

34
Executing the audit

• The closing meeting is an opportunity to resolve
  any disagreements between the auditing team and
  the MD. The final decision on the significance
  and description of the findings rests with the
  lead auditor.

35
Audit reports and records

• Audit report preparation
• Report distribution
• Audit completion

36
Audit reports and records

• Audit report preparationThe audit report is
  prepared under the direction of the lead author,
  who is responsible for its accuracy and
  completeness.
• The topics to be addressed in the report should
  be those determined in the audit plan.

37
Audit reports and records

• Any changes to these topics which are desired at
  the time of preparation of the report should be
  agreed by the all the parties concerned.
• The audit report should contain the audit
  findings (or a summary of these findings) with
  reference to supporting evidence.

38
Audit reports and records

• Subject to agreement between the lead auditor and
  your MD, the audit report may also include the
  following
• the identification of the organization audited
  and of the client
• the agreed objectives, scope and plan of the
  audit

39
Audit reports and records

• the agreed audit criteria including a list of
  reference documents against which the audit was
  conducted
• the period covered by the audit and the date(s)
  the audit was conducted
• the identification of the audit team members

40
Audit reports and records

• a statement of the confidential nature of the
  report contents
• the distribution list for the audit report
• a summary of the audit process including any
  obstacles encountered

41
Audit reports and records

• audit conclusion i.e. EMS fully conforms/does not
  fully conform with audit criteria and has/has not
  been properly implemented and maintained.
• The audit report should be dated and signed by
  the lead auditor.

42
Audit reports and records

• Report distributionThe audit report should be
  sent to the MD by the lead author. Distribution
  of the audit report should be determined by the
  the MD in accordance with the audit plan.
• Audit reports are the sole property of the
  company and confidentiality should be respected
  and appropriately safeguarded by the auditors and
  all recipients of the report.

43
Audit reports and records

• The audit report should be issued within the
  agreed time period in accordance with the audit
  plan. If this is not possible, the reasons for
  the delay should be formally communicated to the
  MD and a revised issue date established.
• All working documents, and draft and final
  reports pertaining to the audit should be
  retained by agreement between the the MD, the
  lead auditor and in accordance with any
  applicable requirements.

44
Audit completion

• The audit is completed once all activities
  defined in the audit plan have been concluded.

45
EMS Audit Components

1. Objectives and scope
2. Objectivity, independence and scope
3. Due profession care
4. Systematic procedures
5. Audit criteria, evidence and findings
6. Reliability of audit findings and conclusions
7. Audit report

46
Objectives and scope

• An audit should be based on objectives defined by
  the client. The scope of the audit (i.e. its
  extent and boundaries) is determined by the lead
  auditor and must be adequate to meet the audit
  objectives. The objectives and scope of the audit
  should be communicated to the auditee prior to
  the audit.

47
Objectivity, independence and scope

• An environmental audit should be as objective as
  is possible. In order to ensure this, the members
  of the audit team should be independent of the
  activities they are to audit. If an internal
  audit is being performed (i.e. the audit team
  consists of employees of the company being
  audited) then none of the audit team members
  should be accountable to those directly
  responsible for the subject matter being audited.

48
Objectivity, independence and scope

• The audit team members should, of course, have
  the knowledge, skills and experience necessary to
  carry out the audit. Guidance on these matters is
  provided in ISO 14012, the international standard
  on qualification criteria for environmental
  auditors.

49
Due profession care

• When conducting an audit, auditors should
  exercise the care, diligence, skill and judgement
  expected of any auditor in similar circumstances.

50
Due profession care

• The audit team/client relationship should be one
  of confidentiality and discretion. Unless
  required to do so by law, the audit team should
  not disclose information/documents obtained
  during the audit or the final audit report to any
  third party without the approval of the client.
• The audit team should follow procedures that
  provide for quality assurance.

51
Systematic procedures

• To enhance consistency and reliability, an
  environmental audit should be conducted according
  to documented and well-defined methodologies and
  systematic procedures. It should be carried out
  it accordance with any guidelines developed for
  that particular type of environmental audit. (For
  example ISO have published guidelines for
  conducting environmental management system audits
  - ISO 14011.)

52
Audit criteria, evidence and findings

• Audit criteria should be determined at an early
  stage of the audit process. They should be agreed
  between the lead auditor and the client and
  communicated to the auditee. Audit evidence
  should then be collected and evaluated in order
  to determine whether the audit criteria have been
  met.

53
Reliability of audit findings and conclusions

• The audit evidence collected during an
  environmental audit will inevitably only be a
  sample of the information available, as audits
  are conducted over a limited period of time and
  with limited resources.

54
Reliability of audit findings and conclusions

• There will therefore be an element of uncertainty
  inherent in all audits and the users of the
  results of environmental audits should be aware
  of this uncertainty. The auditing process should
  be designed to provide the client with the
  desired level of confidence in the reliability of
  the audit findings.

55
Audit report

• The client should be provided with a written
  report of the audit findings (and/or a summary
  thereof). Unless the client states otherwise, the
  auditee should also receive a copy of the report.

56
Audit report information

• the identification of the organization audited
  and of the client
• the agreed objectives and scope of the audit
• the agreed criteria against which the audit was
  conducted
• the period covered by the audit and the date(s)
  the audit was conducted

57
Audit report information

• the identification of the audit-team
• the identification of the auditees
  representatives participating in the audit
• a statement of the confidentiality
• the distribution list
• a summary of the audit process including any
  obstacles encountered
• the audit conclusions

58
Audit report information

• The lead auditor, in consultation with the
  client, should determine which of these items,
  together with any additional items, should be
  included in the report. Normally it is the
  responsibility of the auditee to determine any
  corrective action need in the light of the audit
  findings. However the auditor may provide
  recommendations when there has been prior
  agreement to do so with the client.