Audit Audit, Oxford English Dictionary: To make an official systematic examination of (accounts), so...

AuditAudit

Audit, Oxford English Dictionary: Audit, Oxford English Dictionary:

• To make an official systematic To make an official systematic examination of (accounts), so as to examination of (accounts), so as to ascertain their accuracy.ascertain their accuracy.

AuditAudit

An environmental auditAn environmental audit consists of consists of collecting and assessing audit evidence in collecting and assessing audit evidence in order to determine whether or not the order to determine whether or not the audit subject matter conforms with the audit subject matter conforms with the audit criteria. audit criteria.

It is a tool that is used to check whether a It is a tool that is used to check whether a company is doing what it should be doing. company is doing what it should be doing.

AuditAudit

There are many reasons to conduct an audit There are many reasons to conduct an audit and they will be reflected in the scope and and they will be reflected in the scope and objectives of the audit. objectives of the audit.

• Pre-aquisition or conveyance audits Pre-aquisition or conveyance audits • Regulatory compliance audits Regulatory compliance audits • Environmental management system audits Environmental management system audits • Total environmental risk audits Total environmental risk audits • Green audits Green audits • Specific topic auditsSpecific topic audits

AuditAudit

Pre-aquisition or conveyance audits Pre-aquisition or conveyance audits

• to determine liability of new to determine liability of new acquisitionsacquisitions

Regulatory compliance audits Regulatory compliance audits

• to determine compliance with laws to determine compliance with laws and regulationsand regulations

AuditAudit

Environmental management system Environmental management system audits audits

• to evaluate environmental to evaluate environmental performance and conformance with performance and conformance with environmental management systemenvironmental management system

AuditAudit

Total environmental risk audits Total environmental risk audits

• all the above to give an overview of all the above to give an overview of historical, current and future historical, current and future environmental performance environmental performance

Green audits Green audits

• all the above plus such organizational all the above plus such organizational aspects such as life cycle assessmentaspects such as life cycle assessment

Specific topic auditsSpecific topic audits

AuditAudit

Qualities needed in an auditor: Qualities needed in an auditor:

• Independence Independence

• Impartiality Impartiality

• Inquisitiveness Inquisitiveness

• IntegrityIntegrity

AuditAudit

The parties involved in an audit The parties involved in an audit

• Auditee - the organization to be audited Auditee - the organization to be audited

• Audit team - the group of auditors, or a Audit team - the group of auditors, or a single auditor designated to perform a single auditor designated to perform a given audit. The leader of the team is given audit. The leader of the team is known as the lead auditor known as the lead auditor

• Client - the organization commissioning Client - the organization commissioning the auditthe audit

EMS AuditEMS Audit

ISO14001 - The organisation shall ISO14001 - The organisation shall establish and maintain (a) establish and maintain (a) programme(s) and procedures for programme(s) and procedures for periodic environmental management periodic environmental management system audits to be carried out.system audits to be carried out.

EMS AuditEMS Audit

to determine whether or not the system to determine whether or not the system

1.1. conforms to planned arrangements for conforms to planned arrangements for environmental management including the environmental management including the requirements of this International requirements of this International Standard; and Standard; and

2.2. has been properly implemented and has been properly implemented and maintained; andmaintained; and

to provide information on the results of to provide information on the results of audits to managementaudits to management

EMS AuditEMS Audit

The organisation’s audit programme, The organisation’s audit programme, including any schedule, shall be based on including any schedule, shall be based on the environmental importance of the the environmental importance of the activity concerned and the results of activity concerned and the results of previous audits. In order to be previous audits. In order to be comprehensive, the audit procedures shall comprehensive, the audit procedures shall cover the audit scope, frequency and cover the audit scope, frequency and methodologies, as well as the methodologies, as well as the responsibilities and requirements for responsibilities and requirements for conducting audits and reporting results. conducting audits and reporting results.

EMS audit processEMS audit process

1.1. initiating the audit initiating the audit

2.2. preparing the audit preparing the audit

3.3. executing the audit executing the audit

4.4. audit reports and recordsaudit reports and records

Initiating the auditInitiating the audit

• Define audit objectives Define audit objectives

• Appoint the lead auditor Appoint the lead auditor

• Preliminary document review Preliminary document review

• Appointing the audit teamAppointing the audit team


Define audit objectivesDefine audit objectivesThe first step in the auditing process The first step in the auditing process is to define the objectives of the is to define the objectives of the audit.audit.

According to ISO 14011 it is the According to ISO 14011 it is the responsibility of the client (i.e. the responsibility of the client (i.e. the organization commissioning the organization commissioning the audit) to set the audit objectives. audit) to set the audit objectives.


Appoint the lead auditorAppoint the lead auditorThe lead auditor will either be an The lead auditor will either be an external auditor or an employee who external auditor or an employee who has been trained to fulfil this role (in has been trained to fulfil this role (in many companies this is the many companies this is the environmental manager). environmental manager).


Preliminary document reviewPreliminary document reviewThe lead auditor needs to review the The lead auditor needs to review the company’s EMS documentation - e.g. company’s EMS documentation - e.g. environmental policy statements, environmental policy statements, programmes, records and manuals in programmes, records and manuals in order to assess whether or not there order to assess whether or not there is sufficient and appropriate is sufficient and appropriate information about the EMS to information about the EMS to undertake the audit. undertake the audit.


Appointing the audit teamAppointing the audit teamHaving decided that the audit can go Having decided that the audit can go ahead, the lead auditor should, if they are ahead, the lead auditor should, if they are needed, appoint other auditors to assist in needed, appoint other auditors to assist in carrying out the audit. Depending on your carrying out the audit. Depending on your company’s approach, the audit team will company’s approach, the audit team will consist of either external auditors or staff consist of either external auditors or staff members that have received the members that have received the necessary auditing training. necessary auditing training.

Preparing the auditPreparing the audit

• Audit plan Audit plan

• Audit team assignments Audit team assignments

• Working documentsWorking documents


Audit planAudit planThe plan should include, if applicable The plan should include, if applicable

• the audit objectives and scope the audit objectives and scope • the audit criteria the audit criteria • identification of the organizational identification of the organizational

units to be audited units to be audited • identification of those elements of identification of those elements of

the EMS that are of high audit priority the EMS that are of high audit priority


• the audit procedures to be used the audit procedures to be used

• identification of reference documents identification of reference documents

• the expected time and duration for the expected time and duration for major audit activities major audit activities

• the dates and places where the audit the dates and places where the audit is to be conducted is to be conducted

• identification of audit team members identification of audit team members


• the schedule of meetings to be held the schedule of meetings to be held with management with management

• confidentiality requirements confidentiality requirements

• content, format, structure, expected content, format, structure, expected date of issue and distribution of the date of issue and distribution of the audit report audit report

• document retention requirementsdocument retention requirements


Audit team assignmentsAudit team assignmentsThe lead auditor, in consultation with The lead auditor, in consultation with audit team, should assign the audit team, should assign the various members to specific EMS various members to specific EMS elements or activities and instruct elements or activities and instruct them on the audit procedures to be them on the audit procedures to be followed. followed.


Working documentsWorking documentsThe lead auditor needs to coordinate the The lead auditor needs to coordinate the preparation of the working documents preparation of the working documents required to undertake the audit:required to undertake the audit:

• forms for documenting supporting forms for documenting supporting evidence and audit findings evidence and audit findings

• procedures and checklists used for procedures and checklists used for evaluating EMS elements evaluating EMS elements

• records of meetingsrecords of meetings

Executing the auditExecuting the audit

• Opening meeting Opening meeting

• Collecting evidence Collecting evidence

• Auditing findings Auditing findings

• Closing meetingClosing meeting


Opening meetingOpening meetingThe purpose of the opening meeting is to: The purpose of the opening meeting is to:

• introduce the members of the audit team introduce the members of the audit team to your company’s management; to your company’s management;

• review the scope, objectives and audit review the scope, objectives and audit plan and agree on an audit timetable; plan and agree on an audit timetable;

• provide a short summary of the methods provide a short summary of the methods and procedures to be used to conduct the and procedures to be used to conduct the audit; audit;


• establish the official communication links establish the official communication links between the audit team and your MD; between the audit team and your MD;

• confirm that the resources and facilities confirm that the resources and facilities needed by the audit team are available; needed by the audit team are available;

• confirm the time and date for the closing confirm the time and date for the closing meeting; meeting;

• promote the active participation of company promote the active participation of company staff in the audit; staff in the audit;

• review relevant site, safety and emergency review relevant site, safety and emergency procedures for the audit team.procedures for the audit team.


Collecting evidenceCollecting evidenceSufficient audit evidence should be Sufficient audit evidence should be collected to be able to determine whether collected to be able to determine whether or not your EMS conforms to the EMS or not your EMS conforms to the EMS audit criteria through: audit criteria through:

• interviews interviews

• examination of documents examination of documents

• observation of activities and conditionsobservation of activities and conditions


Information gathered through interviews Information gathered through interviews should be verified by acquiring supporting should be verified by acquiring supporting information from independent sources, information from independent sources, such as observations, records and results such as observations, records and results of existing measurements.of existing measurements.

Non verifiable information should be Non verifiable information should be identified as such. identified as such.

Indications of non-conformity with any EMS Indications of non-conformity with any EMS audit criteria should be recorded. audit criteria should be recorded.


Auditing findingsAuditing findingsHaving collected the audit evidence, the Having collected the audit evidence, the audit team needs to review it in order to audit team needs to review it in order to determine instances where the EMS does determine instances where the EMS does not conform to the audit criteria. not conform to the audit criteria.

Non-conformities should be documented in a Non-conformities should be documented in a clear, concise manner and supported by clear, concise manner and supported by audit evidence. audit evidence.


The audit findings should be reviewed The audit findings should be reviewed with the person responsible for the with the person responsible for the EMS with a view to obtaining EMS with a view to obtaining acknowledgement from him/her of acknowledgement from him/her of the factual basis of all findings of the factual basis of all findings of non-conformity. non-conformity.


Findings of conformity can also be Findings of conformity can also be documented, if within the agreed documented, if within the agreed scope of the audit. However care scope of the audit. However care needs to be taken that no absolute needs to be taken that no absolute assurance of conformity is given or assurance of conformity is given or implied. implied.


Closing meetingClosing meetingPrior to preparing the audit report, Prior to preparing the audit report, the audit team should hold a meeting the audit team should hold a meeting with those responsible for the with those responsible for the functions audited.functions audited.


The main purpose of this meeting is for The main purpose of this meeting is for the team to present the audit the team to present the audit findings with a view to ensuring that findings with a view to ensuring that they are fully understood and to they are fully understood and to obtaining an acknowledgement of obtaining an acknowledgement of the factual basis of the findings. the factual basis of the findings.


The closing meeting is an opportunity The closing meeting is an opportunity to resolve any disagreements to resolve any disagreements between the auditing team and the between the auditing team and the MD. The final decision on the MD. The final decision on the significance and description of the significance and description of the findings rests with the lead auditor. findings rests with the lead auditor.

Audit reports and recordsAudit reports and records

• Audit report preparation Audit report preparation

• Report distribution Report distribution

• Audit completionAudit completion


Audit report preparationAudit report preparationThe audit report is prepared under The audit report is prepared under the direction of the lead author, who the direction of the lead author, who is responsible for its accuracy and is responsible for its accuracy and completeness. completeness.

The topics to be addressed in the report The topics to be addressed in the report should be those determined in the should be those determined in the audit plan. audit plan.


Any changes to these topics which are Any changes to these topics which are desired at the time of preparation of desired at the time of preparation of the report should be agreed by the the report should be agreed by the all the parties concerned. all the parties concerned.

The audit report should contain the The audit report should contain the audit findings (or a summary of audit findings (or a summary of these findings) with reference to these findings) with reference to supporting evidence.supporting evidence.


Subject to agreement between the lead Subject to agreement between the lead auditor and your MD, the audit report auditor and your MD, the audit report may also include the following: may also include the following:

• the identification of the organization the identification of the organization audited and of the client audited and of the client

• the agreed objectives, scope and the agreed objectives, scope and plan of the audit plan of the audit


• the agreed audit criteria including a the agreed audit criteria including a list of reference documents against list of reference documents against which the audit was conducted which the audit was conducted

• the period covered by the audit and the period covered by the audit and the date(s) the audit was conducted the date(s) the audit was conducted

• the identification of the audit team the identification of the audit team members members


• a statement of the confidential a statement of the confidential nature of the report contents nature of the report contents

• the distribution list for the audit the distribution list for the audit report report

• a summary of the audit process a summary of the audit process including any obstacles encountered including any obstacles encountered


• audit conclusion i.e. EMS fully audit conclusion i.e. EMS fully conforms/does not fully conform conforms/does not fully conform with audit criteria and has/has not with audit criteria and has/has not been properly implemented and been properly implemented and maintained.maintained.

The audit report should be dated and The audit report should be dated and signed by the lead auditor.signed by the lead auditor.


Report distributionReport distributionThe audit report should be sent to the MD The audit report should be sent to the MD by the lead author. Distribution of the by the lead author. Distribution of the audit report should be determined by the audit report should be determined by the the MD in accordance with the audit plan.the MD in accordance with the audit plan.

Audit reports are the sole property of the Audit reports are the sole property of the company and confidentiality should be company and confidentiality should be respected and appropriately safeguarded respected and appropriately safeguarded by the auditors and all recipients of the by the auditors and all recipients of the report. report.


The audit report should be issued within the The audit report should be issued within the agreed time period in accordance with the agreed time period in accordance with the audit plan. If this is not possible, the audit plan. If this is not possible, the reasons for the delay should be formally reasons for the delay should be formally communicated to the MD and a revised communicated to the MD and a revised issue date established. issue date established.

All working documents, and draft and final All working documents, and draft and final reports pertaining to the audit should be reports pertaining to the audit should be retained by agreement between the the MD, retained by agreement between the the MD, the lead auditor and in accordance with any the lead auditor and in accordance with any applicable requirements. applicable requirements.

Audit completionAudit completion

The audit is completed once all The audit is completed once all activities defined in the audit plan activities defined in the audit plan have been concluded. have been concluded.

EMS Audit ComponentsEMS Audit Components

1.1. Objectives and scope Objectives and scope

2.2. Objectivity, independence and scope Objectivity, independence and scope

3.3. Due profession care Due profession care

4.4. Systematic procedures Systematic procedures

5.5. Audit criteria, evidence and findings Audit criteria, evidence and findings

6.6. Reliability of audit findings and Reliability of audit findings and conclusions conclusions

7.7. Audit reportAudit report

Objectives and scopeObjectives and scope

An audit should be based on An audit should be based on objectives defined by the client. The objectives defined by the client. The scope of the audit (i.e. its extent and scope of the audit (i.e. its extent and boundaries) is determined by the boundaries) is determined by the lead auditor and must be adequate to lead auditor and must be adequate to meet the audit objectives. The meet the audit objectives. The objectives and scope of the audit objectives and scope of the audit should be communicated to the should be communicated to the auditee prior to the audit. auditee prior to the audit.

Objectivity, independence and scopeObjectivity, independence and scope

An environmental audit should be as An environmental audit should be as objective as is possible. In order to ensure objective as is possible. In order to ensure this, the members of the audit team should this, the members of the audit team should be independent of the activities they are to be independent of the activities they are to audit. If an internal audit is being performed audit. If an internal audit is being performed (i.e. the audit team consists of employees (i.e. the audit team consists of employees of the company being audited) then none of of the company being audited) then none of the audit team members should be the audit team members should be accountable to those directly responsible accountable to those directly responsible for the subject matter being audited.for the subject matter being audited.

Objectivity, independence and scopeObjectivity, independence and scope

The audit team members should, of The audit team members should, of course, have the knowledge, skills course, have the knowledge, skills and experience necessary to carry and experience necessary to carry out the audit. Guidance on these out the audit. Guidance on these matters is provided in ISO 14012, the matters is provided in ISO 14012, the international standard on international standard on qualification criteria for qualification criteria for environmental auditors.environmental auditors.

Due profession careDue profession care

When conducting an audit, auditors When conducting an audit, auditors should exercise the care, diligence, should exercise the care, diligence, skill and judgement expected of any skill and judgement expected of any auditor in similar circumstances. auditor in similar circumstances.

Due profession careDue profession care

The audit team/client relationship should be The audit team/client relationship should be one of confidentiality and discretion. one of confidentiality and discretion. Unless required to do so by law, the audit Unless required to do so by law, the audit team should not disclose team should not disclose information/documents obtained during information/documents obtained during the audit or the final audit report to any the audit or the final audit report to any third party without the approval of the third party without the approval of the client. client.

The audit team should follow procedures The audit team should follow procedures that provide for quality assurance.that provide for quality assurance.

Systematic proceduresSystematic procedures

To enhance consistency and reliability, an To enhance consistency and reliability, an environmental audit should be conducted environmental audit should be conducted according to documented and well-defined according to documented and well-defined methodologies and systematic methodologies and systematic procedures. It should be carried out it procedures. It should be carried out it accordance with any guidelines developed accordance with any guidelines developed for that particular type of environmental for that particular type of environmental audit. (For example ISO have published audit. (For example ISO have published guidelines for conducting environmental guidelines for conducting environmental management system audits - ISO 14011.)management system audits - ISO 14011.)

Audit criteria, evidence and findingsAudit criteria, evidence and findings

Audit criteria should be determined at Audit criteria should be determined at an early stage of the audit process. an early stage of the audit process. They should be agreed between the They should be agreed between the lead auditor and the client and lead auditor and the client and communicated to the auditee. Audit communicated to the auditee. Audit evidence should then be collected evidence should then be collected and evaluated in order to determine and evaluated in order to determine whether the audit criteria have been whether the audit criteria have been met. met.

Reliability of audit findings and Reliability of audit findings and conclusionsconclusions

The audit evidence collected during an The audit evidence collected during an environmental audit will inevitably environmental audit will inevitably only be a sample of the information only be a sample of the information available, as audits are conducted available, as audits are conducted over a limited period of time and with over a limited period of time and with limited resources. limited resources.

Reliability of audit findings and Reliability of audit findings and conclusionsconclusions

There will therefore be an element of There will therefore be an element of uncertainty inherent in all audits and uncertainty inherent in all audits and the users of the results of the users of the results of environmental audits should be environmental audits should be aware of this uncertainty. The aware of this uncertainty. The auditing process should be designed auditing process should be designed to provide the client with the desired to provide the client with the desired level of confidence in the reliability of level of confidence in the reliability of the audit findings.the audit findings.

Audit reportAudit report

The client should be provided with a The client should be provided with a written report of the audit findings written report of the audit findings (and/or a summary thereof). Unless (and/or a summary thereof). Unless the client states otherwise, the the client states otherwise, the auditee should also receive a copy of auditee should also receive a copy of the report. the report.

Audit report informationAudit report information

• the identification of the organization the identification of the organization audited and of the client audited and of the client

• the agreed objectives and scope of the agreed objectives and scope of the audit the audit

• the agreed criteria against which the the agreed criteria against which the audit was conducted audit was conducted

• the period covered by the audit and the period covered by the audit and the date(s) the audit was conductedthe date(s) the audit was conducted


• the identification of the audit-team the identification of the audit-team • the identification of the auditee’s the identification of the auditee’s

representatives participating in the audit representatives participating in the audit • a statement of the confidentialitya statement of the confidentiality• the distribution listthe distribution list• a summary of the audit process including a summary of the audit process including

any obstacles encountered any obstacles encountered • the audit conclusionsthe audit conclusions


The lead auditor, in consultation with the The lead auditor, in consultation with the client, should determine which of these client, should determine which of these items, together with any additional items, items, together with any additional items, should be included in the report. Normally should be included in the report. Normally it is the responsibility of the auditee to it is the responsibility of the auditee to determine any corrective action need in determine any corrective action need in the light of the audit findings. However the the light of the audit findings. However the auditor may provide recommendations auditor may provide recommendations when there has been prior agreement to when there has been prior agreement to do so with the client. do so with the client.

Audit Audit, Oxford English Dictionary: To make an official systematic examination of (accounts), so...

Documents

Transcript of Audit Audit, Oxford English Dictionary: To make an official systematic examination of (accounts), so...