BERGER PAINTS BANGLADESH LIMITED

TITLE : PROCEDURE ON INTERNAL SYSTEM AUDITING COPY NO.:

PAGE NO.: 1 OF 2
DOCUMENT NO.: PR /16 ISSUE NO.: 05 REVISION NO.: 02
ISO 9001:2015, ISO14001:2015, ISO 27001: 2013 & OHSAS 18001:2007

PURPOSE

To establish and maintain documented procedures for planning and implementing a

comprehensive system of documented and planned Internal Audit for Quality,
Environment, Information Security and Occupational Health and Safety management
system to verify the compliance and effectiveness of the system.

SCOPE

All operations/functions which are covered under the documented Integrated

Management System (IMS) with reference to ISO 9001:2015, ISO 14001: 2015, ISO
27001: 2013 and OHSAS 18001: 2007 Standard.

RESPONSIBILITY

Management Representative is overall responsible for Planning and co-ordination of

Internal Audit and maintenance of associated records.

REFERENCE

 ISO 9001: 2015 Clause 9.2 Internal audit

 ISO 14001: 2015 Clause 9.2 Internal audit
 ISO 27001: 2013 Clause 9.2 Internal audit
 OHSAS 18001: 2007 Clause 4.5.5 Conduct Internal Audits of your OHSMS
 Procedure on Management Review No. PR/01

DEFINITION OF TERMS

IA: Internal Audit.

MR: Management representative
CISO: Chief Information Security Officer

METHOD/ACTIVITY

1.0 Internal Audits are conducted once in every year in the areas covered by the ISO
9001 : 2015, ISO 14001: 2015, ISO 27001: 2013 and OHSAS 18001: 2007 certification
scope. MR and CISO maintains an Annual Calendar to show the plan for the year.

2.0 IA plan for each cycle of audit is prepared by the MR and CISO as per Internal Audit
Plan (Format No. QR/16/01). The same is circulated to all personnel concerned.

Issued By: Management Representative / Approved By: Managing Director

Date: 10.09.2017 Copy No.:

 BERGER PAINTS BANGLADESH LIMITED
TITLE : PROCEDURE ON INTERNAL SYSTEM AUDITING COPY NO.:
PAGE NO.: 2 OF 2
DOCUMENT NO.: PR /16 ISSUE NO.: 05 REVISION NO.: 02
ISO 9001:2015, ISO14001:2015, ISO 27001: 2013 & OHSAS 18001:2007

3.0 Management Representative and CISO maintains the list of Trained Internal Auditor.
Audit of an activity is carried out by Internal Auditor(s) independent of the area being
audited.

4.0 Any nonconformity observed and its attribution to the international standard is recorded
in Non Conformance Report (Format No.QR/16/02). The auditees’ signature is taken
on the report as witness to the observations made by the auditors. The correction and
corrective action proposed by the auditee, is recorded in the same record.

5.0 Non Conformity Reports are prepared in duplicate. The duplicate copy is retained by
the auditee and the original is submitted to the MR/CISO by the auditors.

6.0 The summary Report for each cycle of IA is prepared by the Management
Representative and CISO as per IA Summary Report (Format No.QR/16/03)
collecting all NCRs generated during that cycle. This Report is a summary of the
observations pertaining to the concerned areas being audited.

7.0 The non conformities & the various corrective actions taken are reviewed by the
Steering Committee in the Management Review Meeting for any further Corrective
action that may be required.

8.0 Follow-Up Audits are conducted to verify and record the implementation and
effectiveness of the corrective action taken.

LIST OF FORMATS USED

Format no. Title

QR/16/01 Internal Audit Plan

QR/16/02 Non Conformance Report
QR/16/03 IA Summary Report

LIST OF WORK INSTRUCTION/ DOCUMENTS

Nil

Issued By: Management Representative / Approved By: Managing Director

Date: 10.09.2017 Copy No.: