Management Systems
Preparing Your Organizations Audit Program
Internal Audits are a requirement of Clause 9.2, which is a fundamental requirement for continual improvement and a dynamic Environmental Management System (EMS).
Internal audit(s) are held at planned intervals, with the express outcome to provide information on whether or not the EMS conforms to the organization’s requirements for its EMS, the requirements of ISO14001, and that the EMS is effectively implemented and maintained.
However, most organization’s will not only have internal audits forming part of their audit program, but second or third-party audits separate from their ISO14001 certification audit as well. These, when included in the audit program, allow for the organization to plan and prepare in advance.
Which audits should be included in the audit program?
All audits which fall within the scope of the EMS should be included in the audit program. This will include the certification audit(s) for ISO14001, internal EMS audits, and compliance evaluation audits.
Compliance evaluation audits will be audits required to determine the compliance of the organization against it’s legal and other requirements. These audits may be internal, or external (third-party), with various reporting requirements pertaining to the audit and the close-out of the findings.
What time-period should the audit program cover?
Many organizations will set up an annual audit program, to keep track of the audits that are required within the year (whether the year is in sync with the financial year, or simply from January to December).
However, some organizations may have requirements that stipulate a specific audit only needs to be conducted every 2 or 3 years. For example, a full-site complete legal audit may only need to be conducted every 3 years to determine the organization’s compliance will all major legal obligations.
The organization can either have an audit program which covers the longest break between audits or can stipulate that certain audits only need to be conducted every 2 to 3 years within the procedure governing audits (Performance Evaluation Procedure, for example).
What information should an audit program contain?
Audit programs should contain the following:
- The section or area that is being audited
- The frequency of the audit which can contain notes for audits only conducted every 2 to 3 years if your organization has an annual audit program.
- The date on which the audit will occur, which can also inform the length of the audit. This can simply be an indication in which month the audit should be conducted.
- The audit scope and criteria which will be used for the audit.
- The proposed audit teams. If team members are known in advance they can be put in, otherwise, indications such as job title(s) or consultancy firm names can be inserted instead. Keep in mind that the auditor(s) should be independent of the activity being audited, wherever practicable, to ensure the audit is conducted in a manner free from bias and conflict of interest.
- A section for planning and reporting. This is to indicate who or which department is responsible for collating audit evidence, booking dates and venues, setting up audit plans, preparing inductions, PPE, and investigating any findings, etc.
What about the auditor’s audit program/plan?
Good auditors will send out a more detailed audit program or plan before the audit is conducted. This is especially true for external auditors, who should indicate exactly which clauses or legal documents are being audited.
This plan should also indicate the schedule that needs to be followed for each day of the audit, the previous findings, the documents, records and evidence required for the audit, who will be writing the report, how long this should take, etc.
An audit program which includes second and third-party audits is a planning tool to make sure all audits which need to be conducted are covered, that there is a variety in sites or clause(s) that will be audited, and ensure that any changes within the organization that impact on the EMS have been taken into consideration.
As with all planning within the EMS, specific actions and tasks can be added to the overall action tracker or software used to assign and track actions.
You can visit Bloberg at bloberg.com or find us on Linkedin and Twitter.
Originally published at https://www.bloberg.com on August 24, 2020.
