NCCOS EMS AUDIT PROGRAM
Internal Audit Date | Audit Report |
Corrective Actions |
Management Response |
---|---|---|---|
11/1/05 - 11/4/05 |
n/a |
||
7/10/06 - 7/14/06 |
n/a |
||
9/10/07 - 9/14/07 |
n/a |
||
6/17/08 - 6/25/08 |
DECLARATION OF CONFORMANCE Date | Audit Report |
Corrective Actions |
---|---|---|
12/1,5 & 6, 2005 | ||
NCCOS EMS Declaration Of Conformance Statement
Audit Program
The following documents should be used for the Internal audit:
- Additional EMS Audit Procedures for NCCOS
- Audit Criteria (Sample)
- FY Audit Plans:
1. Audit Program Purpose
The NCCOS EMS Audit Program is implemented to ensure the
organization allocates resources, provides qualified auditors,
plans the execution of audits and otherwise arranges for
the efficient and effective conduct of internal EMS audits
in support of the EMS. Internal EMS audits support the EMS
and provide a periodic check of its status so that management
can make decisions regarding its continuing suitability,
adequacy and effectiveness. Internal EMS audits also assess
conformance to the NOAA audit protocol based on the requirements
of the ISO-14001 standard and are used either to check compliance
status or to verify that the organization periodically does
such checks. The NCCOS Audit Program is based on the ISO-19011
standard.
For additional detail regarding the EMS Internal Audit, refer
to NOAA EMS Standard:
EMS.013 Regulatory Compliance And EMS Audits And Self-Assessments
Audit Program Chart: International Organization for Standardization.
(Final Draft 2002). ISO-19011: Guidelines for quality and/or
environmental management systems auditing. ISO/FBIS 19011:
2002(E).
2. Definitions
a. Internal EMS Audit - A periodic audit of the EMS to verify
that it is properly implemented and that it continues to
conform to planned arrangements for environmental management.
It is an audit of the system and findings are expressed as
non-conformities. Audit conclusions are based on the findings
and focus on the root causes that led to the non-conformities.
It is appropriate to seek the root causes of known compliance
findings during an EMS audit, since these may reflect EMS
deficiencies.
b. Compliance Audit - A periodic audit of compliance with regulatory and other requirements that are imposed on the organization. Findings are expressed as non-compliances. The search for root causes in a typical compliance audit may not be as intense as it should be during an EMS audit.
c.
Non-conformity - Any deviations from established procedures,
programs and other elements of the EMS. They may include
non-compliance with regulations, but not all instances of
non-compliance are necessarily non-conformities of the EMS.
d. Correction: The totality of immediate and long-term steps
taken to mitigate the consequences of a nonconformity (e.g.,
cleanup of spilled hazardous material; remediation of groundwater;
natural habitat restoration). The correction does not by
itself remove the underlying cause of the nonconformity.
e. Corrective Action - Action to address the underlying cause
of an actual event that has been identified as a non-conformity
through an audit.
f. Preventive Action - Action to prevent potential problems
before they occur at other areas or functions of the organization
that may have similar vulnerabilities to that which caused
the original non-conformity.
g. Verification – A follow-up visit by the audit team
to ascertain that corrections, and corrective and preventive
actions have been appropriately completed. The decision to
do this is based upon the frequency, severity, and/or risk
of continued nonconformity, as well as on whether the finding
was either a major or critical audit finding.
3. Approach
Audit
Program Manager Responsibilities - The Management
Representative may also act as the EMS Audit Program Manager
and has the following responsibilities:
a. Ensures adequate resources have been budgeted or allocated
for the conduct of planned internal EMS audits.
b. At the beginning of each fiscal year, plans the audit strategy (e.g., functions to be audited, elements to be audited, schedule of audits, team members for each audit, lead auditor for each audit, etc.).
c. Ensures sufficient auditors will be available and that they remain competent through annual training or other means of maintaining competency.
d. Stores and manages all documentation from previous audits (e.g., audit reports, corrective action requests, records of corrective actions, etc.)
e. Maintains audit templates and checklists of criteria for use by the audit teams.
f. Evaluates auditors and makes decisions on qualifying additional individuals as competent internal auditors.
g. Works with the lead auditor assigned to a given audit to establish the objectives for that audit and to ensure that the proper resources and information are available to conduct the audit.
h. Ensures that the audit team conducts and completes the
audit.
4. Frequency of EMS Audits
Internal EMS audits shall be scheduled on the basis of need as reflected by the importance of activities or the results of previous audits, but not less than annually, in order to verify that the system is implemented and functioning as expected. An individual audit may be limited to a sampling of EMS elements or areas and can be both random and/or focused on certain activities based on their importance and/or results of previous audits. The audit program manager will decide on the strategy to be pursued in the audit at the beginning of each fiscal year.
5. Scope of EMS Audits
On an annual basis, internal EMS audits assess all operations
and facilities described within the scope of the EMS to
determine conformance for these operations and facilities
against the requirements of ISO-14001, and the organization’s
internal performance objectives. Depending on the results
of previous audits, the organization may opt to conduct
one yearly audit or a series of audits that focus only
on specific elements.
6. Selection of Audit Team
The audit team shall be selected by the audit program manager
and shall consist of NCCOS EMS team or other NOAA EHS staff
that have received internal EMS auditor training and/or are
deemed competent to conduct such audits. He or she is also
responsible for selecting the lead auditor for a given audit.
The designated lead auditor is responsible to ensure that
the audit team conducts and completes the audit as planned.
Every four years the organization shall bring in an outside
contracted audit team to get a fresh perspective and overview
if its EMS regarding meeting established goals and functionality.
The audit program manager will not be a member of the audit
team.
7. Internal Audit Procedure
The internal audit will be conducted in accordance with NOAA EMS Standard: EMS.013 Regulatory Compliance And EMS Audits And Self-Assessments. EMS internal audits shall be conducted against NOAA Audit Criteria, which can be tailored to suit the specific needs and goals of the organization based on input from the Management Representative and the lead auditor.
Audit criteria shall consist of questions based upon the specified arrangements for the EMS, and shall be designed to elicit evidence of conformity with the organization’s EMS requirements. The focus of the EMS audit is to ascertain whether the EMS has been effectively implemented and is functioning in accordance with established arrangements.
Audit findings must be based on objective evidence that is properly corroborated and authenticated. (Auditors should avoid reaching conclusions on the basis of hearsay or opinion.)
8. Compliance Status
The EMS audit may also be used to record the status of regulatory compliance. This status may be based on the results of a recent compliance audit that may have occurred, or it may be based on the data generated in the EMS to track the achievement of objectives and targets. Since the organization has objectives and targets for compliance, the degree to which those have been accomplished should give an accurate reading of the compliance posture. If this method is not reliable, then the organization will rely on compliance audits to ascertain compliance status.
Alternatively, the internal EMS auditor will ascertain that the organization has previously conducted periodic compliance checks as required by the ISO-14001 standard. In this case, the auditor establishes that the checks did occur and that they were done in a manner that would produce reliable results.
9. Corrective Action
As part of the audit procedure, corrective actions will be requested by the audit team by use of the Corrective Actions Request form. This will be made available along with the Internal Audit Report to Management Representatives, the EMS Team, the Management Representative and the supervisor(s) of the area(s) audited.
After conferring with the Management Representative, the appropriate area or functional manager will address findings within a specified number of days by developing corrective actions which will be included in the summary response to the corrective action request.
If a nonconformity relates to the EMS itself, the Management Representative will have the primary responsibility to apply the corrective and preventive actions. In this instance, the audit team ensures that the corrective and preventive actions have been completed when the next scheduled audit is conducted.
For more detailed information, refer to NOAA Standard EMS.014 Corrective Action To Regulatory Compliance Audits And EMS Non-Conformances Corrective And Preventive Actions.
10. Preventive Action
Preventive action is undertaken to avoid repetition of the non-conformity in other areas or functions of the organization that may have similar vulnerabilities that caused the original non-conformity. It is the responsibility of the Management Representative to initiate preventive actions as specified in the EMS procedure for Non-Conformance, Corrective and Preventive Actions. The execution of preventive actions may be recorded in the Corrective Action Request report or it may be documented separately.
For more detailed information, refer to NOAA Standard EMS.014
Corrective Action To Regulatory
Compliance Audits And EMS Non-Conformances Corrective And
Preventive Actions.
11. Verification
At the conclusion of the audit, the audit team will determine whether any findings require verification after the corrective and preventive actions are applied. This will be based upon the frequency, severity, and/or risk of continued or potential nonconformities, as well as on whether the finding was either a major or critical audit finding.
12. Closing the Audit
EMS audits are closed when the audit team leader establishes that the corrective and preventive actions have been completed.
13. Input to Management Review and to Next EMS Audit
The Audit Report and actions taken to address findings will be inputs to the Management Review. For more detailed information on the purpose and content of the Management Review, please refer to the Management Review Procedure. (The audit report, corrective action requests and records of corrective and preventive actions will also be available to auditors preparing the next scheduled audit.)
14. Audit Resources
The organization should be able to demonstrate that it has committed to provide the resources necessary to support the continual improvement of its EMS by providing the budget and staff resources necessary to maintain this EMS Audit Program. In addition, it should be able to show that auditor training will be provided for the audit team as necessary and that contracted resources may also be utilized, as necessary, to perform internal and external audits.
15. Audit Process Documentation
Documentation that result from the conduct of an EMS audit may include the items listed below. The audit program manager provides proper templates for these items to the audit teams for their use on audits:
i. Audit Plan
ii. Audit Criteria
iii. Internal Audit Report
iv. Completed corrective action requests showing actions
that were taken
v. Statement on compliance status