28 August 2010
I need the list of items to be checked at the time of internal audit for a private limited company. pls send me the complete details since I need to go for internal auditing next week.
28 August 2010
1 Internal Audit Check Policy q Verify required elements q Verify management commitment q Verify available to the public q Verify implementation by tracing links back to policy statement q Check review/revisions q Determine how communicated q Check if temps are trained q Check if vendors/suppliers were notified of policy 4.3.1 Aspects q Verify organization has approved procedure to identify aspects q Verify/determine process for identification, ranking of significant aspects q Verify significant aspects are managed q Verify appropriate document links (ID links) are in place q Verify training needs have been met as related to significant and job activities that can result in impacts q Verify objectives and targets are linked to significant aspects with appro. ID numbers q Determine how aspects are communicated q Verify up to date q Interview/sample employees for aware Regulatory Requirements q Verify requirements are in place and managed q See if legal requirement are in Standard Operating Procedures (related to significant) q Verify training has been conducted q Check identifiers are in place and linked q Determine if communicated to employees q Verify accessible and available q Verify appropriate links to related documents Objectives and Targets q Verify objectives and targets are consistent with significant aspects and policy q Do objectives and targets consider pollution prevention and other preventive measures q Verify individual roles and responsibilities on objectives and targets are defined q Are objectives specific and measurable? q Are timeframes set and met? q I.D. link back to aspects? q Process for review and revision q Process for changing target dates q Identify how progress is tracked and communicated to management 2 q Ensure monthly operating reports (or method) include status of objectives including measurable performance indicators Environmental Programs q Review improvement programs to assure link back to significant aspects and objectives and targets q Verify roles and responsibilities are defined q Verify the improvement program will accomplish objective q Determine methods used to measure and report progress q Determine if improvement programs are supported by sufficient resources q Determine if individual is assigned responsibility or implementation and oversight include reviewing and updating q Verify that new projects/processes/modifications are subject to EMS requirements Structure and Responsibility q Ensure that organizational chart is consistent with the EMS q Verify roles, responsibilities and authorities are clearly defined in Environmental Programs improvement plans, work instructions and procedures q Interview EMS Steering committee chairperson and verify appropriate resources are available to fulfill requirement of the EMS q Verify roles and authorities of steering committees q Review job description or memo, or documentation of management representative to ensure responsibilities and authorities are defined q Ensure work groups, steering committee roles are defined and is consistent with org. chart or structure q Although not required, is there a manual that defines the EMS structure and responsibilities Training, Awareness and Competence q Verify a training, awareness and competency procedure has been developed q Verify the organization has identified the job functions that may have significant environmental impact. q Determine if training needs have been identified q Review supporting documentation q Verify that all employees whose work may impact he environment have been identified q Verify process to review training records to assure required training has been scheduled and given q Verify employees (with potential for impact) have received the appropriate training and are certified as competent q Have organization explain process for EMS refresher training q Verify employees have received appropriate emergency response training q Verify that employees have received policy and EMS procedures training q Interview (sample) employees to assure proper understanding and are competent based upon criteria such as: licenses, experience, work instruction training, supervisor signoff, etc. 3 q Verify employees whose work may impact have been trained on consequences of deviating from procedure q Verify employees have been made aware of aspects and significant aspects of their department and the benefits of following approved EMS procedures Communication q Verify by sampling the process of how EMS information is communicated between various levels and functions q Verify by sampling, the process for receiving, documenting and responding to external communications from interested parties (regulators, customers, public etc.) q Determine by interviews the raising of employee awareness of EMS policies, objectives and targets and improvement programs q Determine how the department communicates results of audits and management review to employees q Have department provide evidence of external communication to the public q Review examples of how the organization determines to communicate its significant aspects (note only states to consider and record, not necessarily communicate to outside parties.) Documentation q Verify EMS Manual (optional) q Verify EMS Procedures q Verify meeting (steering committee, EMS team) meeting records q Verify Environmental Directory (optional) q Verify EMS organization charts q Verify the organization has clear documented references to related EMS procedures, work instructions, legal requirements, etc. q Verify manual has been reviewed, understood and communicated to employees (awareness training) q Trace through sample of documents, ensuring that referenced documents exist and are readily available 4.4.5 Document Control q Determine document control procedure or process clearly established responsibility for creation and modification of various types of EMS documents q Check EMS organizational chart and job descriptions for those responsibilities and roles governing review, approval, revision and distribution of documents q Verify that documents have proper revision status, approval, signature, effective date and appropriate links to related documents q Verify a master list exists to identify all controlled documents q Verify the department has appropriate retention schedules q Verify there is a well defined system to indicate the names and locations of all holders of controlled documents q Verify that documentation essential to operations (linked to aspects and impacts) is available to employees in those locations 4 q Verify that obsolete or invalid EMS documents are promptly removed and appropriately marked. q Have the department explain this process q Check to see if they have established an obsolete file folder or location q Check for documents (historical) retained for knowledge preservation are so marked q Check for evidence that EMS documents (in use) do not have hand written changes or revisions q Verify that EMS documentation is periodically reviewed and maintained- have the department explain this process 4.4.6 Operational Control q Verify operation and maintenance activities that can have significant impact have been identified and that associated work instructions have been prepared q Interview key personnel and look for evidence of a systematic approach to the identification of the aspects and impacts of the organizations activities q Verify that documented work instructions are in place to manage the significant aspects q Verify that those persons who can have adverse impact have received the appropriate training and there is documented evidence they are competent to perform associated task q Verify that sufficient organizational controls are in place and are maintained to ensure that the significant aspects are managed to prevent adverse impacts. q Check for evidence to suggest that equipment/procedures (or lack thereof) in the work environment is not suitable/suitable to achieve the defined targets and objectives q Verify procedures/plans address such issues as emergency organization and responsibilities, listing of key personnel, details of emergency equipment/services available, internal and external communication plans, actions to be taken for different types of emergencies or incidents, information on hazardous materials, training programs and testing procedures (start-up or shut-down procedures during emergency events if tied to significant aspects) 4.4.7 Emergency Response and Preparedness q Verify organization has appropriate emergency response plans in place q Verify that the plans have a review schedule and their is documented evidence of reviews, particularly after occurrence of an accident or emergency situations q Verify that employees have received appropriate emergency response training q Verify that the organization has an emergency drill schedule and has documented evidence of drills conducted (where practicable) Review the organization’s external communication plans for emergency situations 4.5.1 Monitor and Measurement q Verify EMS measurement procedure* q Verify technical calibrations procedures* q Verify regulatory compliance assessments* 5 q Verify that the organization submits an operating report (on an established frequency) which provides data on its operations and the status of its objectives and targets and performance indicators q Verify key monitoring equipment has been identified and is calibrated and maintained q Verify a system identifying the frequency, means and methods of calibration are in place q Verify that calibration records are maintained and have appropriate links and identification numbers q Identify how performance indicators are chosen, reviewed and revised q Ensure that performance indicators are objective, verifiable, reproducible and consistent with the EMS policy q Verify that a schedule of regulatory compliance inspections is in place and inspections are performed and documented q Have the organization discuss the process used to address noncompliance conditions * not required to have separate procedures but recommended 4.5.2 Nonconformance and Corrective and Preventive Action q Determine process used in investigating EMS non-conformance q Determine process used for mitigation on non-conformance q Verify procedure (process) addresses means for identifying the root cause and implementing effective corrective actions (CA’s) q Review any open and completed CA’s and ensure action plans have been developed, followed and closed out as scheduled q Determine if there is evidence of lack of understanding or commitment on the part of department management or their staff regarding corrective or preventive action q Determine if corrective or preventive actions implemented are appropriate to magnitude of the problem and resolve the environmental impact from re-occuring q Verify that corrective actions are recorded and presented to management for review q Verify there is a process to track the status of corrective or preventive actions 4.5.3 Records q Verify the organization has identified the required records for implementation and operation of the EMS q Verify the person responsible for EMS records maintenance, control and disposal of records q Verify that records are readily available and identifiable (proper ID numbers) q Ensure a records retention schedule has been developed and implemented q Check to see if records are indexed, filed, stored and maintained to provide secure storage q Examine and evaluate a variety of records (including training) when auditing each EMS functional area q Check for a master log (EMS Directory) of EMS records 6 q Does the organization have a procedure for storage of various records including electronic 4.5.3 EMS Audits q Remain within the scope of the audit q Remain objective q Gather objective evidence to draw conclusions q Document audit results q Interpret policies and procedures and determine conformance with the standard q Develop an audit schedule (annually) q Train audit team (document training) q Develop audit plan q Schedule audit and necessary resources- meeting room, appropriate people are available, etc. q Conduct opening meetingq Tour facility- to gain understanding of facility (if auditor doesn’t know facility operations) q Perform Audit q Auditors meet to discuss preliminary results- group should reach consensus on findings, if consensus not reached, then lead auditor makes the call q Conduct closeout meeting – discuss audit results objectively ie, strengths, weaknesses, non-conformances- this is not a discussion. q Issue audit report – as discussed in close out meeting (can document potential non-conformance discussions with notes and understandings stating what, who, why…and correction) (Should have some way to follow up with regulatory noncompliance issues) q Review previous audit report and check on status of any previous findings. Note; findings not corrected can be considered a major deficiency q Check for corrective action status including any Incident Reviews q Assure Environmental Compliance Inspections have been conducted q Interview a variety of employees to assure the EMS is understood and that commitment to the EMS is in place 4.6 Management Review q Verify that management reviews have been scheduled and conducted according to plan q Look for management review actions and assure they have been completed q Verify Management Review Agenda should includes status of objectives and targets, corrective and preventive actions, audit reports, interested party issues, regulatory compliance, suitability of the EMS and need for any changes End of Checklist