ISO14011 Environmental Audit Guide - Audit Procedure

ISO14011 Environmental Audit Guide - Audit Procedure Introduction All kinds of organizations may have the need to demonstrate environmental responsibility. The concept of environmental management system (EMS) [Note] and the corresponding environmental audit practice provide a way to meet this need. These systems are established to help organizations develop and continuously meet their environmental policies, objectives, standards and other requirements.

This standard provides procedures for conducting EMS audits and is applicable to organizations of all types and sizes that implement EMS.

Note: EMS is the abbreviation of environmental management system. When directly adopted below, no additional notes are required. National Standard of the People's Republic of China Guidelines for environmental auditing-Audit procedures－Auditing of environmental management systems

1 Scope This standard specifies a set of procedures for planning and conducting EMS audits to determine whether the system conforms to the EMS audit criteria.

2 Cited standards This standard refers to the relevant clauses of the following standards. When this standard was issued, these referenced standards were valid versions. All standards are subject to revision, therefore, parties to agreements based on GB/T24001 are encouraged to adopt the latest versions of the following standards as much as possible. IEC and ISO members hold currently valid international standards. GB/T 24001--1996 Environmental Management System Specifications and User Guide GB/T 24010--1996 Environmental Audit Guide General Principles GB/T 24012--1996 Environmental Audit Guide Environmental Auditor Qualification Requirements

3 Definitions The definitions in GB/T 24010 and GB/T 24001 and the following definitions apply to this standard. Note: The terms and definitions regarding environmental management are given in ISO 14050.

3.1 Environmental management system An integral part of the overall management system, including the organization, planned activities, responsibilities, practices, procedures, processes and resources needed to develop, implement, achieve, review and maintain the environmental policy (GB/T 24001-1996).

3.2 Environmental management system audit is a systematic process of obtaining and evaluating audit evidence objectively to determine whether an organization's environmental management system conforms to the specified environmental management system audit criteria, including reporting the results of this process to the client.

3.3 Environmental management system audit criteria The policies, practices, procedures or requirements used by auditors as a reference to compare the audit evidence collected about the organization's environmental management system, such as the requirements mentioned in GB/T 24001 and other applicable environmental management system requirements.

4 Purpose, role and responsibilities of EMS audit

4.1 Audit Purpose The purpose of each EMS audit should be clearly stated. Typical examples of audit purposes are as follows:
(a) Determine the compliance of the auditee’s EMS against the EMS audit criteria;
(b) Determine whether the auditee’s EMS has been properly implemented and maintained;
(c) Identify areas where improvements can be made in the auditee’s EMS;
(d) Evaluation of the effectiveness of internal management reviews in ensuring the continuing suitability and effectiveness of the EMS;
(e) Evaluate the EMS of an organization with which a contractual relationship may be established (e.g. a potential supplier or joint venture partner).

4.2 Roles, responsibilities and activities

4.2.1 Audit team leader The responsibility of the audit team leader is to ensure that the audit is effectively implemented and completed in accordance with the audit scope and plan approved by the client. In addition, the responsibilities and activities of the audit team leader should also include:

(a) agreeing the audit criteria and scope with the client (and, where necessary, the auditee);
(b) Obtaining background information necessary to achieve the audit objectives, such as the auditee’s activities, products, services, details of the work site and surrounding environment, details of previous audits, etc.;
(c) Determine whether the environmental audit requirements specified in GB/T 24010 have been met;
(d) Establish an audit team. In selecting personnel, possible conflicts of interest should be taken into consideration. The final composition should be agreed upon with the client; (e) Guide the activities of the audit team according to the two guidelines GB/T 24010 and GB/T 24011;
(f) prepare an audit plan, consulting with the client, the auditee and the audit team members as necessary;
(g) communicating the final audit plan to the audit team, client and auditee;
(h) Coordinate the preparation of working documents and detailed procedures and issue them to the audit team;
(i) seek to resolve issues arising from the audit;
(j) confirm when the audit objectives cannot be achieved and communicate the reasons to the client and the auditee;
(k) represent the audit team in negotiations with the auditee during, before and after the audit;
(l) promptly notify the auditee of audit findings of major nonconformities;
(m) provide the client with clear and unambiguous information on the audit status within the time specified in the audit plan;
(n) Provide recommendations for improvements to the EMS, if agreed within the scope of the audit.

4.2.2 Auditor The responsibilities and activities of the auditor shall include:
(a) Support the audit team leader in carrying out his/her work in accordance with his/her guidance;
(b) plan and perform assigned work within the scope of the audit objectively, efficiently and effectively;
(c) fully collect and analyze relevant audit evidence to determine audit findings and make audit conclusions about the EMS;
(d) Prepare working documents under the guidance of the audit team leader;
(e) documenting individual audit findings;
(f) keep the documents related to the audit safe and return them upon request;
(g) Assist in the preparation of audit reports.

4.2.3 Audit Team The audit team should be formed to ensure that it has the comprehensive experience and skills to carry out the audit. In addition, the following issues should be considered:
(a) Qualification requirements for auditors, such as those specified in GB/T 24012;
(b) the type of organization, process, activity or function to be audited;
(c) the number, language proficiency and skills of the team members;
(d) any conflicts of interest that may exist between team members and the auditee;
(e) Requirements of the client and the certification and accreditation body. The audit team may include technical experts and, when agreed by the client, the auditee and the audit team leader, trainee auditors.

4.2.4 Client The client's responsibilities and activities shall include:
(a) decide whether an audit is necessary;
(b) engage with the auditee to obtain its full cooperation before initiating the audit;
(c) determine the purpose of the audit;
(d) Select the audit team leader or audit body and, where necessary, approve the composition of the audit team;
(e) provide the authority and resources necessary to conduct the audit;
(f) agreeing on the audit scope with the audit team leader;
(h) Recognition of EMS audit criteria;
(i) approve the audit plan;
(j) Receive audit reports and determine their distribution.

4.2.5 Auditee The responsibilities and activities of the auditee shall include:
(a) communicate the purpose and scope of the audit to staff as necessary;
(b) provide the audit team with the necessary facilities to ensure the effective conduct of the audit;
(c) appoint responsible and competent personnel to assist the audit team, act as on-site guides, and ensure that the audit team is aware of health, safety and other relevant requirements;
(d) provide auditors with access to facilities, personnel, relevant information and records upon their request;
(e) assisting auditors in achieving the audit objectives;
(f) unless specifically prohibited by the client, may receive a copy of the audit report.

5 Audit

5.1 Start the audit

5.1.1 Audit Scope The audit scope defines the content and area to be audited, including the physical location, or organizational activities and reporting methods. The audit scope is determined by the client and the audit team leader. When determining the audit scope, the auditee should usually be consulted. Once the audit scope is determined, any changes must be approved by the client and the audit team leader. The resources used for the audit should be sufficient to meet the needs of the audit scope.

5.1.2 Document pre-review At the beginning of the audit process, the audit team leader shall review the organization's documents, such as environmental policy statements, implementation plans, records or manuals compiled to achieve EMS requirements. During this process, full use should be made of the background information about the audited organization. If it is considered that the documents used to implement the audit are not sufficient, the client should be notified. No further resources should be consumed before receiving further instructions from the client.

5.2 Audit Preparation

5.2.1 Audit plan The audit plan should be developed in a flexible manner to allow for adjustment of focus based on information obtained during the audit and to ensure effective use of resources. The plan should include, as appropriate:
(a) the purpose and scope of the audit;
(b) audit criteria;
(c) The names of the organizational units and functional departments of the auditee to be audited;
(d) A list of the functional departments and/or personnel in the auditee’s organization that have direct and significant responsibility for its EMS;
(e) Determine the elements of the auditee’s EMS that should be audited in detail;
(f) the audit procedures for the elements of the auditee’s EMS to be audited;
(g) the working language of the audit and the language of the report;
(h) List of cited documents;
(i) Scheduled time and start and end dates of major audit activities:
(j) the date and place where the audit is to be conducted;
(k) List of members of the audit team;
(l) A schedule of meetings with auditee management;
(m) confidentiality requirements;
(n) the content and format of the report, and the expected date of issuance and distribution of the audit report;
(o) Document retention requirements. The audit plan should be communicated to the client, auditors and auditee and reviewed and approved by the client. If the auditee disagrees with any content in the audit plan, the audit team leader should be informed. Disagreements should be resolved through consultations between the audit team leader, auditee and client before the audit is conducted. Any changes to the audit plan should be agreed to by all parties involved before or during the audit.

5.2.2 The audit team assignment shall be based on the need to implement the specific EMS elements, functions or activities that each audit team member is responsible for auditing, and instruct them on the audit procedures to be followed. The assignment of tasks shall be jointly agreed upon by the audit team leader and the audit team members involved. During the audit, the audit team leader may make changes to the assignment of tasks in order to better achieve the audit objectives.

5.2.3 Working documents To facilitate the audit work, the working documents required may include:
(a) forms to record audit evidence and audit findings;
(b) Procedures and checklists for evaluating EMS elements;
(c) Meeting minutes. Working documents should be retained at least until the end of the audit; audit team members should protect confidential and proprietary information.

5.3 Implementation of Audit

5.3.1 Initial Meeting An initial meeting shall be convened for the following purposes:
(a) Introducing the audit team members to the auditee’s management;
(b) confirm the audit scope, objectives and plan, and jointly agree on the audit schedule;
(c) briefly describe the methods and procedures used in the audit;
(d) establishing formal communication channels between the audit team and the auditee;
(e) confirming that the resources and equipment required by the audit team are available;
(f) confirm the date and time of the final meeting;
(g) promote the participation of auditees;
(h) Review of the audit team’s on-site safety and emergency procedures.

5.3.2 Collection of Audit Evidence Sufficient evidence should be collected to determine whether the auditee's EMS complies with the EMS audit criteria. Evidence should be collected through interviews, document review, and observation of activities and conditions. Performance (behavior) that does not comply with the EMS audit criteria should be recorded. Information from interviews should be verified with supporting information obtained from independent sources (such as observations, records, and existing test results). Information that cannot be verified should be marked. The audit team should review the basis for the sampling plan in the auditee's EMS activities and the procedures to ensure effective quality control of the sampling and measurement processes.

5.3.3 Audit findings The audit team shall review all audit evidence to determine where the EMS does not comply with the audit criteria. It shall ensure that audit findings regarding non-compliance are clearly and unambiguously documented and based on audit evidence. Audit findings shall be reviewed with the relevant responsible persons of the audited party to confirm the factual basis for all non-compliance. Note: Audit findings regarding compliance may also be documented in detail within the agreed scope, but care shall be taken to avoid the implication of absolute assurance.

5.3.4 Final meeting After the evidence collection phase and before the audit report is written, the audit team should hold a meeting with the management of the auditee and the heads of the audited departments. The main purpose of the meeting is to present the audit findings to the auditee so that they can clearly understand and recognize the factual basis of the audit findings. If possible, differences of opinion should be resolved before the audit team leader issues the report. The final decision on the significance and wording of the audit findings belongs to the audit team leader, regardless of whether the client and the auditee have objections.

5.3.5 Audit report and document retention

5.3.5.1 Preparation of audit report The audit report is prepared under the guidance of the audit team leader, who is responsible for the accuracy and completeness of the audit report. The items covered in the audit report should be those determined in the audit plan. If changes are desired during the preparation process, the unanimous consent of all parties concerned should be obtained.

5.3.5.2 Contents of the report The audit report shall be dated and signed by the audit team leader. The audit report shall contain the audit findings or a summary thereof, supplemented by supporting evidence. Based on the agreement between the audit team leader and the client, the report may also contain the following:
(a) The names of the auditee and the client;
(b) agreed audit objectives, scope and plan;
(c) agreed audit criteria, including a list of documents referenced in the audit;
(d) the duration of the audit and the date on which the audit was conducted;
(e) A list of the auditee’s representatives who participated in the audit;
(f) List of members of the audit team;
(g) a statement regarding the confidential nature of the contents of the report;
(h) List of entities to which the audit report is distributed;
(i) a brief description of the review process, including any obstacles encountered;
(j) Audit conclusions, such as: - the conformity of the EMS with the EMS audit criteria; - whether the system has been correctly implemented and maintained; - whether the internal management review process is sufficient to ensure the continued applicability and effectiveness of the EMS.

5.3.5.3 Distribution of the report The audit report shall be submitted to the client by the audit team leader. The scope of distribution shall be determined by the client in accordance with the audit plan. The auditee shall receive a copy of the audit report unless specifically prohibited by the client. Distribution outside the audited organization requires its consent. The client has exclusive ownership of the audit report and the auditors and other parties receiving the audit report shall be careful to maintain confidentiality. The audit report shall be issued within the agreed time limit in accordance with the audit plan. If it cannot be issued on time, the client and the auditee shall be notified of the reason for the delay in advance and a new issuance date shall be determined.

5.3.5.4 Document Retention All working documents and drafts related to the audit, as well as the final report, shall be retained in accordance with the agreement between the client, the audit team leader and the auditee and other relevant requirements.

5.4 Completion of the Audit The audit is concluded once the activities specified in the audit plan have been completed.