Slides 01 - Ems Lac, Ig, Issue 4.2, 10-23-08

ISO 14001:2004 Environmental
Management Systems
Lead Auditor Course
Issue 4.2 10/23/08 EMS-042-01-EN-US

2
Welcome!
• Safety – be aware of emergency exits
• Restroom and Telephones – nearest locations
• Contact Number – for urgent messages
• Personal Property – keep possessions secure
• Phones and Pagers – Turn them off please to
avoid interruptions
• No laptops on during class please
• Recording Devices – not allowed in class
• Lunch and Breaks – please return on time
• Smoking – not permitted in the classroom
• Special Needs – please inform the instructor
3
Student Introductions
• Student name
• Company and product/service
• Your job position
• Any ISO experience
• Any auditing experience
• Your course expectations
• Something personal (hobbies, background, etc)
4
Learning Objectives
• Understand environmental management
definitions, concepts, and guidelines
• Understand the purpose of the
ISO 14000 series
• Understand the requirements of the
ISO 14001:2004 standard
• Understand aspects and impacts
• Develop and manage an audit program
• Initiate the audit and conduct opening meetings
5
Learning Objectives
• Understand auditor responsibilities
• Conduct on-site activities
• Collect information
• Communicate effectively during the audit
• Generate audit findings
• Prepare audit conclusions
• Conduct closing meetings
• Reporting audit results
• Conduct an audit follow-up
• Understand the registration process
6
Course Overview
This course includes:
• A detailed student manual
• 40 hours of class time (see Agenda Tab)
• Tutorial sessions
• Practical exercises:
 Case studies
 Role-plays
• Possible daily homework
• Continual evaluation
• Written Examination
7
Student Assessment
Max Needed
ACTIVITY
Points To Pass
Written Examination 100 70
Continuous Assessment 100 70

8
Continual Assessment
The continual assessment includes:
• Participation in class and team activities
• Written assignments
• Attitude and personal attributes
• Attendance and punctuality
• Role playing
• Communication skills
• Feedback
9
Certificates
“Certificate of Successful Completion”:
• Accepted by RABQSA for
auditor certification
• Numbered
• Valid for 3 years for
RABQSA certification
• 4.0 CEUs
– OR –
“Certificate of Attendance”
10
RABQSA Auditor
Certification Program
• Attend accredited Lead Auditor course
• Pass continuous assessment
• Pass written exam
• Meet other criteria:
 Education
 Environmental industry experience
 Audit experience
More to be covered later

11
RABQSA Code of Conduct

• Act professionally
• Increase competence
• Assist subordinates
• Avoid any activity that may
cause a conflict of interest
• Disclose conflict of interest
• Don’t accept bribes
• Be truthful, accurate, fair, and
responsible to the public
12

• Don’t communicate false or
misleading information
• Support CB’s reputation
• Disclose who you represent
• Faithfully represent employer/
client in professional matters
• Give credit to others
• Don’t misrepresent credentials
13

• Don’t charge multiple parties
for the same service without
everyone’s consent
• Don’t seek employment or
consult with a competitor
without written approval of
both parties
• Maintain confidentiality of audit
14
Course Complaints/Appeals
• Complaints may be sent in writing to
BSI or the RABQSA
• BSI will respond in writing
• Final arbitration of complaints by the RABQSA
15
Clarification Auditor
Auditor
Focus
Focus
• After each clause, an additional slide labeled

“Auditor Focus” is included to help provide
guidance and some of the evidence
necessary to effectively audit the system
• Additionally there are references to clauses

(i.e. 4.4, 4.3.1, 4.4.5, etc…) provided that are
intended to illustrate some of the linkages to
other requirements in the
system and to help illustrate the process
approach to system management and the
audit process
16
Clarification
• The term “establish and maintain Auditor
Auditor
Focus
procedure(s)” when used in standards or Focus
specification documents means for the

organization to develop a process,
methodology or way to do what is required.
Unless specifically stated by the standard or
specification (or by the organization in its own
system requirements), documentation of
“procedures” is not required
• Particular attention must be paid to the

word “document” and “record” or their
variations when used in a standard or
specification document
17
Clarification
• The material being presented is paraphrased
from ISO14001:2004. It is recommended that
you follow along with your copy of the standard
to see the exact wording
• Additionally the paraphrased material may

have words and phrases such as will, must,
has to, is required etc. in place of shall to help
emphasize the intent of the requirement and
to assist in its understanding
Auditing
Issue 4.2 10/23/08 EMS-042-01-EN-US

19
Why Do We Have To Audit?

• Auditing is not a choice or option, it must be done and
every organization must do it. Additionally, if
organizations desire a 3rd party certification audits
must be performed
• ISO 14001:2004, Clause 4.5.5 - Internal Audit,

requires that audits be planned and conducted to
determine whether or not the management system:
 Conforms to the planned arrangements for each
management system
 Has been properly implemented and maintained
 Is effective in meeting the organization’s
policy and objectives
20
What Do We Audit For? Evidence!

• As auditors we look for the evidence necessary to verify whether
or not the management systems put into place
meets or conforms to established requirements and is performing
as specified
• Additionally we look for evidence that verifies that planning

arrangements, procedures and objectives are also being met
• Auditors look for the evidence of conformance
• ISO 14001 requires that audits be conducted to determine

whether the systems “conform” to requirements. Many of the
exercises in this course require just that, the determination of
conformance based on the evidence provided
• During the review of the requirements for ISO 14001:2004

think about what type of evidence you could and
should be looking for to verify conformance
21
Conformity vs. Compliance

Conformity: Compliance:
• Fulfillment of a • Fulfillment of
requirement of the legal/statutory or other
standard mandated requirements
• Nonconformity can lead to • Legal noncompliance can
suspension or revocation lead to fines/incarceration
of a registration
• Voluntary • Mandatory
22
Management System Success

Management systems will only succeed when:
• Management fully understands and
provides support
• The implementation is well planned and
effectively communicated to the organization
• Personnel at all levels are trained and motivated
to have an active role
• The systems are regularly and continually
reviewed and audited
• And audit programs are a strong, pro-active,
evidence based and a value added process
Environmental Management
Issue 4.2 10/23/08 EMS-042-01-EN-US

24
Why Should Business Organizations

Strive to Manage the Environment?
Companies face environmental issues
that can also cost money related to:
• Energy consumption
• Waste generation
• Transportation
• Chemical usage
• Production processes
• Decommissioning of equipment
25
Why Manage Environmental

Performance?
A standardized EMS can help a company to:
• Manage risk on complex
liability issues
• Provide assurance
to stakeholders
• Plan and achieve
continual improvement
• Promote a positive
company image
• Reduce costs
ISO 14000 Series of Standards
Issue 4.2 10/23/08 EMS-042-01-EN-US

27

ISO 14000:
• Contains a series of standards for
taking a systems approach for
environmental management
• Provides guidance for voluntary development
and implementation of sound EMS principles
• Applicable to any organization, regardless of
size, type, level of maturity
Standards are not intended to replace
legislative requirements
28

Parties responsible for the ISO 14000 series
of standards may include:
• The International Organization for
Standardization and its members
• Technical Committees and Working Groups
• Accreditation Bodies
• Certification Bodies
• EMS Auditors
29

ISO 14000 EMS standards are:
 Consensus-based
 Voluntary
 Designed with integration in mind
 Designed to verify conformance
 Practical
30
ISO 14000 Series of Standards for

Management Systems
SYSTEMS
SYSTEMS
Environmental
Environmental Management
Management Environmental
Environmental
Systems
Systems Auditing
Auditing
ISO
ISO ISO
ISO ISO
ISO
14001:2004
14001:2004 14004:2004
14004:2004 19011:2002
19011:2002
Specification General Guidelines for
guidelines quality and/or
on principles, environmental
systems, and management
supporting systems auditing
techniques
Concepts of ISO 14001:2004
Issue 4.2 10/23/08 EMS-042-01-EN-US

32
ISO 14001:2004
ISO 14001 is: ISO 14001 is not:
• A structure for managing • A performance standard

significant environmental • A standard that
aspects over which a requires disclosure of
company can be expected to performance levels
have control • A standard that
• Designed to be used by requires specific
any company of any size in performance levels
any place • A standard that requires
a company to surpass
• Developed through a regulatory compliance limits
consensus process • A standard that requires a
• A system that defines company to use best
roles from “top down” and available technologies
“bottom up”
• A system that requires
appropriate resources
and support
33
ISO 14001:2004
• Culmination of
significant history
• 61 “shalls”
• 5 major sections,
21 elements
• Nationalized by more than
80 countries
• Referenced by
supporting documents
Exercise 1
Prerequisite Review
Issue 4.2 10/23/08 EMS-042-01-EN-US

The Process Approach and
Plan-Do-Check-Act Cycle
Issue 4.2 10/23/08 EMS-042-01-EN-US

36
Process Approach
AAprocess
processisisaasetsetof
ofinterrelated
interrelatedor
or
interacting
interactingactivities
activitiesthat
thatuses
usesresources
resources
to
totransform
transforminputs
inputsinto
intooutputs
outputs
The
The process
process approach
approach systematically
systematically
identifies
identifies and
and manages
manages thethe linkage,
linkage,
combination,
combination, andand interaction
interaction of
of aa system
system of
of
processes
processes within
within an
an organization
organization
ISO
ISO 14001
14001 isis based
based on
on aa process
process
approach
approach to
to environmental
environmental management
management
37
Process Approach
The process approach emphasizes the
importance of:
• Understanding and meeting requirements
• Looking at processes in terms of added value
• Obtaining results of process performance
• Continual improvement of processes
38
Process Approach
PROCEDURE
(Specified way to carry out an activity or
process – may be documented or not)
Input PROCESS Output

PROCESS
(set
(set of
of interrelated
interrelated or
or
interacting
interacting activities)
activities)
Resources Product
Monitoring and Measurement Opportunities

(Before, During, and After the Process)
39
Plan-Do-Check-Act
Shewhart-Demings Cycle
• Activities • Deploy and
• Controls conform with plan
• Documentation
• Resources
• Objectives PLAN DO
Continual
Improvement
Your
Process
ACT CHECK
• Analyze/review • Measure and
• Decide/change monitor for
• Improve conformity and
effectiveness
effectiveness
40
Plan-Do-Check-Act and ISO 14001:2004

Shewhart-Demings Cycle
4.2 Environmental 4.4 Implementation
Policy and Operation
4.3 Planning
PLAN DO
Continual
Improvement
Your
Process
ACT CHECK
4.5 Checking 4.5 Checking
4.6 Management
Review
41
ISO 14001:2004 Process Model
Continual
Improvement
Environmental
Policy
Plan
Plan
Management
Review
Act
Act Do
Do
Check
Check Planning
Checking
Implementation
and
Operation
Process Approach = “the application of a system of

processes and their interactions” (ISO 14001:2004)
ISO Standards Terminology
Issue 4.2 10/23/08 EMS-042-01-EN-US

43
Basic Standards Terminology

Term: Definition: Example: Information:
Section A standard element identified 1 Total of 4 in
by a numeral and a title Scope ISO 14001
Clause A standard element identified 4.2 Contains
by two numerals separated Policy specific
by a decimal point and a title requirements
(Shall’s)
Sub- Standard element identified 4.3.3 Also contains
clause by three or more numerals Objectives requirements
divided by decimal points
and a title
Both clause’s and sub-clause’s may be further

divided by lower case letter designations containing
additional more specific requirements
(ie. 4.4.5 Document and data control, (a) or 4.4.5a)
Introduction to ISO 14001:2004
Issue 4.2 10/23/08 EMS-042-01-EN-US

45
Contents of ISO 14001:2004

1. Scope
2. Normative references
3. Terms and definitions
4. Environmental management system requirements:
4.1 General requirements
4.2 Environmental policy
4.3 Planning
4.4 Implementation and operation
4.5 Checking
4.6 Management review
46
Contents of ISO 14001:2004 (…cont.)

• Annex A – Guidance on the use of this
International Standard
• Annex B - Correspondence between ISO

14001:2004 and ISO 9001:2000
• Bibliography
47
1 Scope
This International Standard is applicable to any
organization that wishes to:
a) establish, implement, maintain and improve an
environmental management system
b) Assure itself of conformity with its stated
environmental policy
c) Demonstrate conformity with this International
Standard by:
1) making a self-determination and self-declaration
2) seeking confirmation of its conformance by parties having an
interest in the organization, such as customers
3) seeking confirmation of its self-declaration by a party external
to the organization
4) seeking certification/registration of its environmental
management system by an external organization
48
2 Normative References
No normative references are cited
Note: This means ISO 14001:2004 is a stand alone

document and requires no other documents or
references for use
49
3 Terms and Definitions (selected)

3.2 recurring process of enhancing the
continual environmental management system in order to
improvement achieve improvements in overall environmental
performance consistent with the organization’s
environmental policy
3.5 environment surroundings in which an organization operates,
including air, water, land, natural resources,
flora,
fauna, humans, and their interrelation
NOTE Surroundings in this context extend from
within an organization to the global system.
3.15 non-fulfillment of a requirement
nonconformity
Note: A definition for Major and Minor Nonconformity

for use during this course is provided later in the materials.
As such there is no industry standard
definition for categories of nonconformity.
50
3 Terms and Definitions (selected)

3.19 procedure Specified way to carry out an activity
or process
Note: procedures may be documented or not
3.20 record Document stating results achieved or

providing
evidence of activities performed
ISO 14001:2004 Requirements
Issue 4.2 10/23/08 EMS-042-01-EN-US

52
Guidance
• Follow along with your copy of ISO
14001:2004 during the review of the
following material
• Please feel free to discuss any material that

is unclear
53
4.1 General Requirements

• The organization shall establish, document,
implement, maintain, and continually
improve an environmental management
system in accordance with
ISO 14001:2004
• The organization shall define and

document the scope of its EMS
54
4.1 General Requirements

What evidence is needed to Auditor
Auditor
Focus
demonstrate conformity? Focus
• Conformity to the 1st part of 4.1 cannot be achieved

until all the other requirements (shall’s) have been
met
• The scope (or that which is to be covered by the
EMS) must be documented but there is no
requirement for where the documentation of the
system scope must be located, It can be in the:
 Policy
 EMS manual (if there is one)
 As a stand alone statement
 Description of the organization
55
4.2 Environmental Policy
Overall intentions and direction

of an organization related to its
environmental performance as
formally expressed by
top management
Clause 3.11, ISO 14001:2004
56

The environmental policy must:
• Be appropriate to the nature, scale, and impacts
of activities
• Contain a specific commitment to continual
improvement and prevention of pollution
• Contain a specific commitment to comply with
legal and other requirements
• Be documented, implemented, maintained,
and communicated to all…
• Be made available to the public
• Serve as the framework for objectives
and targets
57

What evidence can demonstrate conformity? Auditor
Auditor
Focus
Focus
1. A policy a that is documented and controlled
as a system document (4.4.5)
2. Evidence that the organization’s top management
approved it (4.4.1)
3. Clear statement that environmental objectives
will be established (4.3.3)
4. Clear statement that compliance to legal
and other requirements will complied with
(4.3.2, 4.5.2)
5. Clear commitment to the continual improvement
of environmental performance
58

• What evidence can demonstrate Auditor
Auditor
Focus
Focus
conformity? Cont…
6. Specific commitment to prevention of pollution
7. Availability to all interested parties (4.4.3)
8. Regular review and revision as necessary
(4.4.5)
9. Evidence of understanding by all (4.4.1,
4.4.2, 4.4.3)
• Why is this done?
 To clearly demonstrate the organization’s
environmental system intent and promise
to meet it
Exercise 2
Reviewing Environmental Policy Statement
Issue 4.2 10/23/08 EMS-042-01-EN-US

60
4.3 Planning
Clause 4.3 includes:
4.3.1 Environmental Aspects
4.3.2 Legal and Other Requirements
4.3.3 Objectives, Targets, and Programs
61
4.3.1 Environmental Aspects

The organization is required to:
• Establish a procedure that will allow it to:
 Identify the environmental aspects of its activities,
products and services within the defined scope of
its EMS that it can control and those that it can
influence taking into consideration planned or new
developments, or new or modified activities,
products and services:
• Determine those aspects that have or can have
significant impacts on the environment
• Ensure that the aspects related to the significant
impacts are considered in establishing,
implementing, and maintaining the EMS
62
Identifying Aspects and Impacts

Note: Once organizations have identified
aspects and impacts, they must:
• Establish a method for determining significance

and apply it consistently
• Prepare procedures for the management of the
significant aspects
63
Environmental Aspects
Common aspects can include:
Energy Facility
•Natural Gas • Buildings
•Electricity • Parking lots
•Fossil Fuel • Drainage
Materials Abnormal or Emergency
• Raw materials • Fire
• Processed materials • Weather
• Recycled materials • Flood
• Reused materials • Increase/decrease in
production
• Equipment malfunction
Grounds Keeping Custodial
• Fertilizer • Detergents
• Herbicides • Aerosol cleaners
• Plant clippings • Water
64
Environmental Impacts
Common impacts could include:
• Impact on flora or fauna
• Soil, water, or air contamination
• Ecological disruption
• Resource use and depletion
• Climate change
65
Aspects and Impacts have a “cause and

effect” based relationship
Activity Environmental Environmental

Product Aspect Impact
Service (Cause) (Effect)
66
Environmental Aspects
Environmental aspects can be related to
operations, products, or services.
Input
Input Process
Process Output
Output
Raw
Raw Material
Material Manufacture
Manufacture Product
Product
Specification
Specification Service
Service Delivery
Delivery
Aspect
Aspect
Impact
67
Environmental Aspects and Impacts

Impact Impact Impact
Aspect Aspect Aspect

Inputs Outputs
Impact Impact
68
Painting Process Example

Processes:
Receiving
Receivingof Storage
of Storageof
of
solvents, catalysts, materials Painting Removal
Removalof
of
solvents, catalysts, materials Painting
and (Paint Booth) waste products
andpaint
paint (Paint
(Paint (Paint Booth) waste products
(Shipping/Receiving) Kitchen/Storage)
Kitchen/Storage)
(Shipping/Receiving)
Aspects:
Spillage
Spillageof
of Emission
Emissionof
of Disposal
Disposalofof
materials
materials gaseous vapors
gaseous vapors paint cans
paint cans
Impacts:
Use
Useof ofland
land
Contamination
Contamination Contamination
Contamination Air
Airpollution
pollution (i.e., disposal
(i.e., disposal
of
ofsoil
soil of
ofwater
water ininlandfill)
landfill)
69
Examples
Activity, Product, Environmental Environmental
or Service Aspect Impact
Potential Contamination of
Handling of for spill soil or water
Hazardous Waste Volatile Organic
Air release
Compounds
Improper burn Air pollution
Vehicle
Maintenance Increased use of Depletion
fossil fuel of resources
Air filer use Hazardous waste
Product Painting Volatile Organic
Air pollution
Compounds
70
Determining Significance
• A number of methodologies can be used to determine
significance including those that consider:
 Legal liability
 Public concern
 Environmental criteria
• It is up to each organization to decide what type of

significance evaluation methodology to use
• Remember, as an auditor we aren’t looking for a right

way or wrong way, we are looking for the application of
a consistent and effective way
Example Aspect, Impact, and Significance
71
Table (A larger version is behind the Reference Tab)

Example of Significance Determination
72
Process (A larger version is behind the Reference Tab)

Code:
Srv-Service Related
Pro-Process Service, Process or Product Documents
Prd-Product Description Environmental Aspect Environmental Impact Evaluation Team Reference
SIGNIFICANCE EVALUATION CRITERIA

Frequency: How often the impact could occur. Regulated: Probability: The likelihood that an impact will
1= Seldom (rarely, 6 months or more) 1= Not regulated occur.
2= Intermittently (from time to time, 1 to 6 monthes) 2= Voluntary 1= Improbable
3= Regularly (recurring, 1 week to 1 month) 3= Company policy 2= Remote (slight possibility of occurance)
4= Often (1 day to 1 week) 4= Potential to become regulated 3= Moderate (50 / 50 chance of occurance)
5= Repeatedly (happening again and again; daily) 5= Regulated (permitted, part of government 4= Probably will occur (difficult to predict when)
mandated program, defined regulations)
5= Very like to occur
Severity: The degree to which the impact can effect
the environment. Controllability: The extent to which the impact
Multiply:
1= Not likely can be controlled or influenced.
2= Minor (easily correctable, short-term, clearable) 5= Very difficult to control (requires extensive resources)
Ex Fx Gx Hx I = J
3= Moderate (correctable) 4= Difficult to control (requires significant resources)
4= Serious (More difficult to correct; recoverable) 3= Requires moderate resources Significance is based upon a pre-determined
5= Severe (Complex effect with complicated solution 2= Requires some resources to address cut-off number (J) or any other method / total
and great effort to recover) 1= Easily controlled (requires very few resources) desired / determined to be significant
73

ISO 14001:2004 requires an organization to
establish, implement, and maintain
procedures that allow it to:
• Identify and maintain access to the legal and
other requirements it is required to meet
• Determine how its legal and other
requirements apply to its aspects
74

The organization must also take into account
its applicable legal and other requirements
when establishing, implementing, and
maintaining the EMS
75
Legal and Other Requirements

• A distinction must be made between
conformity and compliance:
 Conformity: acting in accordance with
prevailing
standards or customs
 Compliance: fulfilling official requirements
• An organization conforms to standards

requirements by choice, while it complies with
the law and other requirements by legislative
or other mandate
76
Compliance to Legal and

Other Requirements
ISO 14001:2004 requires a commitment of
compliance to:
• Federal statutes, regulations, and permits
• State/Provincial statutes and regulations
• Municipal laws
• Other requirements, including:
 Corporate, national, and international agreements
 Industry specific standards and codes of practice
 Agreements with public authorities
 Those specific to an activity
77
Compliance to Legal and

Other Requirements
Below are a few clauses of ISO 14001:2004
that require consideration of compliance with
legal and other requirements:
• Environmental Policy (4.2)
• Legal and Other Requirements (4.3.2)
• Objectives, Targets and Program(s) (4.3.3)
• Operational Control (4.4.6)
• Evaluation of Compliance (4.5.2)
78

• What evidence can demonstrate conformity? Auditor
Auditor
Focus
Focus
 Procedure to identify applicable legal and
other requirements. (4.2, 4.4.5)
 The communication of legal and other requirements
to relevant personnel and parties (4.4.2, 4.4.3)
 The up to date maintenance of this information (4.5.4)
 To promote awareness and understanding of the
legal and other responsibilities of the organization
(4.4.1, 4.4.2)
 To enable the organization achieve its
commitment in the policy (4.2, 4.5.2)
79
4.3.3 Objectives, Targets and Programs

• The organization must establish documented
environmental objectives at relevant organizational
levels and functions
• When objectives are established the organization show
that it considered the following:
 Legal and other requirements
 Significant environmental aspects
 Technological options
 Financial, operational, business requirements
 Views of interested and relevant parties
• Objectives must be measurable where it is practicable
and consistent with the commitments made in the policy
80
Programs must include:

• Designation of those responsible for
achieving objectives and targets
• Means and time frame to achieve objectives
and targets
81
Environmental Objectives
“Overall environmental goal, consistent with

the environmental policy, that an organization
sets itself to achieve”
Clause 3.9, ISO 14001:2004
82
Environmental Targets
“Detailed, performance requirement,

applicable to the organization or parts
thereof, that arises from the environmental
objectives and that needs to be set and met
in order to achieve those objectives”
Clause 3.12, ISO 14001:2004
83
Objectives and Targets Example
OBJECTIVE TARGET
Reduce greenhouse Achieve 25% reduction in
gases produced in energy use per million parts
manufacturing produced within 3 years
(specify base year)
84
Objectives and Targets Examples

Objective Target
• Reduce waste and depletion • Reduce water consumption by 15%
of resources by January 1, 2009
• Identify five options for energy
• Control environmental impact of
savings and produce an action
use of coal
program
• Design program to minimize
• Initiate recycling program for used
environmental impact of disposal
tires by 3rd quarter 2008
of products
• Adopt technologies that will • Implement new water cooling
minimize pollution process by July 2008
• Reduce or eliminate the release • Reduce air emissions from paint
of pollutants shop by 20% by 2008
85
Example of Objective, Targets

and Programs
Waltham Public School
Energy Conservation:
 Environmental Objective:
• Incorporate the use of natural lighting in new schools
in order to:
 conserve natural resources
 allow for a better learning environment for students
 Aspect Description:
• Energy conservation
 Project Manager:
• David King
86
Example of Objective, Targets

and Programs
Waltham Public School
South Street Elementary “Green” School:
Target 1:
• Fifty percent of the new schools shall incorporate the use of
natural day lighting as a portion of their lighting needs
Action Plan:
• Provide input to new school design
• Communicate natural day lighting commitments for new
schools within the school community
Milestone:
• As School building design and construction progresses
responsible individual/group: David King
87

Auditor
Focus
Focus
 Documented goals (measurable where
practical), in terms of OH&S performance, the
organization has set for itself to achieve
(4.2, 4.5.1, 4.5.4)
 Documented plans for achieving OH&S Objectives
(4.4.5, 4.4.6)
• Responsibilities for achieving objectives at relevant
functions/levels of organization (4.4.1, 4.4.2)
• Means and time frame for achieving objectives
(4.2, 4.4.6, 4.5.1)
88

Auditor
Focus
Focus
 Regular and planned reviews (4.4.5, 4.5.4)
 Necessary changes in programs and or
objectives reflecting changes in:
• Operating conditions
• Activities, products or services (4.3.1)
 To achieve the commitment in the policy and
provide evidence of continual improvement (4.2)
Exercise 3
Aspects, Impacts, Objectives, and Targets
Issue 4.2 10/23/08 EMS-042-01-EN-US

90
4.4 Implementation and Operation

4.4.1 Resources, Roles, Responsibility and Authority
4.4.2 Competence, Training and Awareness
4.4.3 Communication
4.4.4 Documentation
4.4.5 Control of Documents
4.4.6 Operational Control
4.4.7 Emergency Preparedness and Response
91
4.4.1 Resources, Roles,

Responsibility and Authority
Management shall ensure the availability
of resources essential to the implementation,
maintenance, and improvement of the
EMS including:
• Human resources
• Specialized skills
• Infrastructure
• Technology
• Financial resources
92

Roles, responsibilities, and authorities shall be
defined, documented, and communicated to
facilitate effective environmental management
93

Management must appoint a management
representative with the responsibilities and
authority for:
• Ensuring an EMS is established,
implemented, and maintained in accordance
with ISO 14001:2004
• Reporting to top management on the
performance of the EMS for review, including
recommendations for improvement
94
4.4.2 Competence, Training,

and Awareness
For personnel whose work has significant
impact upon the environment, the
organization must:
 Ensure their competency on the basis
of education, training, or experience and
retain records
 Identify training needs associated with aspects
and the EMS
 Provide training or take other action to meet
needs and retain associated records
95
4.4.2 Competence, Training

and Awareness
The organization must establish, implement
and maintain procedures to make staff aware of:
• The importance of conformance with the policy
• Significant environmental impacts – actual or
potential benefits of improved personal
performance
• Roles and responsibilities including emergency
preparedness and response
• Potential consequences of departing from
the procedures
96
4.4.2 Competence, Training,

and Awareness
Auditor
Focus
Focus
 Identification of what individual competencies
are required for anyone who could effect the environment,
how competencies are to be achieved and are to be
evaluated (4.3.1, 4.5.1, 4.5.4)
 A process established to achieve competence
(4.4.5, 4.4.6)
 Verification of the evaluation and achievement of
competence (4.5.1, 4.4.5, 4.4.6, 4.5.4)
 A competent workforce is essential to enable
the achievement of meeting the policy
commitments, objectives, and operational
controls (4.2, 4.3.1, 4.4.3, 4.4.6)
97
4.4.3 Communication
The organization must establish, implement, and
maintain procedures for the communication of
information relevant to the EMS for:
• Persons working for or on behalf of the organization
at various levels and functions
• Receiving, documenting and responding to external
interested parties
98
4.4.3 Communication
The organization make a decision on external
communication of its significant aspects and:
• Record this decision
• Establish and implement a method for external
communication of significant aspects if applicable
99
4.4.3 Communication
What evidence can demonstrate conformity to? Auditor
Auditor
Focus
Focus
• A process, procedure or method developed to

ensure employees, contractors, visitors and other
interested parties are informed of relevant EMS
information that may effect them or they may have
specific interest in (4.4.2, 4.4.5, 4.4.6, 4.5.4)
• A procedure that details how information to and
from external parties such as regulatory agencies,
insurance companies, equipment and material
manufacturers, suppliers, service providers, etc.,
is to be managed. (4.3.2, 4.5.2, 4.5.4, 4.6)
100
4.4.3 Communication
Auditor
Focus
Focus
 Documentation of relevant internal
communications (4.5.4)
 Documentation of relevant external
communications (4.5.4)
 Documentation of the plan to communicate and
evidence of the external communication of
significant aspects (based upon decision) (4.5.4)
 To encourage involvement and awareness
across the organization of the EMS and support
for the program (4.2, 4.4.2)
 To manage the external flow of information
related to the environment and compliance
efforts (4.2, 4.3.2, 4.5.2)
101
4.4.4 Documentation
Minimum documentation must include:
• The policy, objectives, and targets
• A description of the scope of the system
• A description of the main elements of the
system and their interaction and reference to
related documents
• All documents required by ISO 14001 including
specified records
• Any necessary documents, including records, to
ensure effective planning operation and control of
processes relating to significant aspects
102
Documentation
Notes on system documentation:
• A documented manual is not required
• Documented procedures are not required for
all elements
• Documentation can be in paper or
electronic form or any other format usable
by the organization
103
4.4.4 Documentation
Auditor
 Detailed information that shows what the core elements of Focus
Focus
the EMS are (requirements of
ISO 14001) and their relationships to each other
(4.4.4, 4.4.5)
 Detailed information that identifies system documents, how
they can be located and are related (policy, procedures,
records, etc)
(4.4.5, 4.5.4)
 All documents specifically called out by
the standard
 To ensure the system is adequately understood and
effectively and efficiently operated
(4.1, 4.4.2, 4.4.3)
104

The organization shall establish, implement,
and maintain procedures to:
• Approve documents for adequacy
• Review, update, and re-approve
documents as necessary
• Ensure changes and the current revision
status are identified
• Ensure relevant versions of applicable
documents are available at points of use
105

The organization shall establish, implement, and
maintain procedures to: cont…
• Ensure documents remain legible and
readily identifiable
• Ensure necessary external documents are
identified and controlled
• Prevent the use of obsolete documents
Note: Records are a special type of document and shall be

controlled in accordance with the requirements of 4.5.4
106
Common Document Hierarchy
Level 1 Policy Environmental

Describes company policy relating Policy
to each ISO 14001:2004 req.
Level 2 Procedures Procedures

(who, what, when,
(4.4.6a, 4.5.1, where)
and other documents)
Level 3 Optional Job Instructions Work

Instructions
Describes how tasks and specific (how)
activities are done
Level 4 Other documents prompting recording of Forms, tags,

evidence of conformity/compliance labels, etc.
to requirements
(4.5.4)
107

Auditor
Focus
Focus
 A procedure for document control that states how:
• Documents can be located and identified
• Documents are to be reviewed (4.4.1, 4.4.2)
• Documents are kept current and accessible in
essential areas
• Obsolete documents are to be removed and
controlled (4.5.4)
• Archived documents for legal and knowledge
preservation purposes are to be identified and
made available (4.3.2, 4.5.4)
108

Why is this done? Auditor
Auditor
Focus
Focus
• To identify
• To control critical EMS documentation
Critical Note: Ensure that documents of a technical or

regulatory nature are reviewed and
approved by personnel with competence in the
subject matter
109

The organization shall identify and plan operations
associated with significant aspects by establishing,
implementing, and maintaining:
• Documented procedures to control situations where
their absence could lead to deviation from the policy,
objectives, or targets
• Procedures related to aspects of goods and services
used by the organization and communicating them
to suppliers
110

The organization shall identify and plan operations
associated with significant aspects by stipulating the
operating criteria in the procedures
111
Operational Controls
Sample procedures can include:
• Those developed to guide regulatory
compliance for activities such as:
 Transferring chemicals to or between tanks
 Minimizing waste when painting
 Hazardous waste management
 Permitted operations (air emissions, waste
water, storm water, etc)
 Spill control contingency countermeasures
plans (SPCCP)
 Purchasing guidelines for hazardous materials
112

Auditor
Focus
Focus
• Documented procedures to ensure commitments
made in the Environmental Policy are achieved
and that objectives are met
(4.2, 4.3.1, 4.3.2, 4.3.3, 4.4.1, 4.4.2, 4.4.3,
4.4.5, 4.5.1)
• Procedures specifically related to the significant

aspects of goods and services used by the
organization, developed for suppliers and
contractors, and evidence of their being
communicated to them and for their use
and understanding (4.3.1, 4.3.2, 4.4.1, 4.4.2,
4.4.3, 4.4.5)
113

Auditor
Focus
Focus
 To help ensure the effective fulfilment of the

environmental policy, the achievement of
objectives, and compliance to legal and
other requirements
114
4.4.7 Emergency Preparedness

and Response
The organization must:
 Establish, implement, and maintain
procedures to identify:
• Potential emergency situations and
accidents that could impact the environment
• How they will respond to those emergencies
 Respond to actual emergency situations
and accidents to prevent adverse
environmental impacts
 Periodically test procedures (when practicable)
115

and Response
Auditor
What evidence demonstrates conformity? Auditor
Focus
Focus
• Plans and/or procedures to identify and
respond to potential incidents and emergency
situations. (4.3.1, 4.3.2, 4.4.1, 4.4.2, 4.4.3,
4.4.5, 4.4.6)
• Periodic testing of these plans (4.5.4)
• Review after actual occurrence or test (4.5.1)
• Corrective action when plans or activities are
found to be insufficient (4.3.1, 4.5.3, 4.5.4)
116

and Response
Auditor
Focus
Focus
• For the active assessment of:
 Potential accident
 Emergency situations:
• the development
• testing of response planning
 Required mitigation activities
 Necessary improvements of the process
117

and Response
What do you do as an auditor when Auditor
Auditor
Focus
Focus
told that it is not practical to practice
emergency procedures?
 This is always a judgement call on the part of
the auditor
 Review the following slide to help discern
when more information may be necessary
other than “It’s not practical”
118
Emergency Planning – A True Story

“We can’t stop work to practice emergency drills!”
 Trained and conditioned after the initial bombing of the World

Trade Center in 1993, the employees of Morgan Stanley – Dean
Witter immediately responded to the evacuation order of their VP
for Security, Rick Rescorla on Sep 11, 2001
 From 1993 to 2001 without warning, Rick would sound an alarm

and then lead the entire company through a mandatory, rapid,
efficient, and safe evacuation practice. They grumbled and they
griped, but they did it. After the 1st bombing of the WTC Rick
Rescorla anticipated a 2nd attack and he wanted his people
prepare to act
 2700 employees located in the South Tower and 1000 additional

employees in World Trade Center 5 safely left the area and
survived. Only 6 employees were lost and 4 of these, including
Rick Rescorla were lost because they went back into the WTC
to help evacuate people working for other companies
119
4.5 Checking
4.5.1 Monitoring and Measurement
4.5.2 Evaluation of Compliance
4.5.3 Nonconformity, Corrective Action and
Preventive Action
4.5.4 Control of Records
4.5.5 Internal Audit
120

• Establish, implement, and maintain
procedures to monitor and measure the key
characteristics of operations that can have a
significant impact on the environment
• Record information to track:
 System Performance
 Relevant operational controls performance
 Conformance with achieving objectives
and targets
121

• ISO 14001 also requires that procedures be
established and maintained for the calibration
and maintenance of any equipment used to
monitor or measure the performance of controls
and the characteristics of operations related to
significant aspects
• Records of calibration and maintenance
activities must be generated and maintained
122
4.5.1 Performance Measurement

and Monitoring
Auditor
Focus
Focus
 Procedure(s) for and the monitoring and measuring
of the management system performance (4.4.5, 4.4.6,
4.5.5, 4.6)
 Documentation of the monitoring and measuring of
objectives, programs, legal compliance, operational
criteria and the management system on a regular
basis (4.2, 4.3.3, 4.4.6, 4.5.2, 4.5.5, 4.6)
 Calibration and maintenance procedures for
monitoring equipment and associated records
(4.4.6, 4.5.4)
123
4.5.1 Performance Measurement

and Monitoring
Auditor
Focus
Focus
• To help determine the environmental

management system performance
and effectiveness
124
4.5.2 Evaluation of Compliance (4.5.2.1)
The organization has to:

• Establish, implement, and maintain procedures for
periodically evaluating compliance with applicable
legal requirements
• Keep records of the results of the
periodic evaluations
125
4.5.2 Evaluation of Compliance (4.5.2.2)

• Evaluate compliance with other requirements to
which it subscribes
• Keep records of the results of the
periodic evaluations
Note: The organization can combine this evaluation

with legal requirements mentioned in 4.5.2.1
or establish a separate procedure
126
4.5.2 Evaluation of Compliance

Auditor
Focus
Focus
 Records demonstrating the planning and
accomplishment of compliance evaluations
(4.3.2, 4.4.1, 4.4.2, 4.5.4)
 Inclusion of identified instances of non-compliance into the
corrective/preventive action process
(4.3.2, 4.4.1, 4.5.3.2, 4.5.4)
 Inclusion of compliance evaluations in the management
review process. (4.4.1, 4.5.4, 4.6)
 To help determine system performance and effectiveness
127
4.5.3 Nonconformity, Corrective

Action, and Preventive Action
The organization must establish, implement, and
maintain procedures stating how it will:
• Identify and correct nonconformities and take action to
mitigate environmental impacts
• Investigate, determine causes, and take action to avoid
recurrence of the nonconformity
• Evaluate the need for preventive action and implement
actions to avoid the occurrence of
a nonconformity
• Record results of corrective and preventive
actions taken
• Review effectiveness of corrective and
preventive actions
128

Action, and Preventive Action
• All actions must be appropriate to the magnitude
of problems and correspond with impacts or
potential impacts
• Any required changes to system
documentation resulting from corrective
or preventive actions must be implemented
and recorded
129

Action and Preventive Action
Auditor
Focus
Focus
 Procedures for the handling and investigation of non-
conformances including: (4.4.1, 4.4.2,
4.4.5, 4.4.6)
• Actions taken to minimize actual or potential damage or
harm
• Initiated corrective/preventive actions
• Confirmation of the effectiveness of any corrective or
preventive actions (4.3.2, 4.5.1, 4.5.2,
4.5.4, 4.5.5)
 Corrective or preventive actions appropriate to the
scope of the condition requiring them
 Records of changes to system documents resulting
from corrective or preventive actions (4.4.5, 4.54)
130

Action and Preventive Action
Auditor
Focus
Focus
• To prevent further occurrences by identifying
and dealing with root causes of non-
conformances, and to detect, analyze and
eliminate their potential recurrence
• To help mitigate potentially negative
environmental impacts
• To correct or prevent legal or other required
non-compliance situations
131

• The organization shall generate and maintain
records to demonstrate conformity to requirements
and achieved results
• The organization shall establish, implement, and
maintain procedures detailing how records will be:
 Identified
 Stored
 Protected
 Retrieved
 Retained
 Disposed of
• Records will remain legible, identifiable,

and traceable
132
Examples of EMS Records

• Management Review Minutes • Complaint records
• Compliance audit • Inspection, maintenance, and
• List of environmental aspects calibration records
• Environmental objectives • Pertinent contractor and
and targets supplier information
• Non-conformances / CAR’s • Incident reports
• Internal audits reports • Information on emergency
• Training records preparedness and response
133

Auditor
Focus
Focus
• Procedure for the identification, maintenance and
disposition of records, results of audits and
reviews that are: legible, identifiable and traceable
to specific activities:
 Safely stored, protected against damage,
deterioration or loss; and obtainable
 Documented retention times and
disposal instructions (4.3.1, 4.3.2, 4.4.1, 4.5.1,
4.5.2, 4.5.3, 4.5.5, 4.6)
• Appropriate records to demonstrate specific
conformance to the requirements of
ISO 14001:2004 (4.4.4)
134

Auditor
Focus
Focus
• To demonstrate the EMS is operating
effectively, objectives are being met and
planned results achieved
135

Internal audits of the EMS must be conducted
at planned intervals to:
• Determine whether the EMS:
 Conforms to prior arrangements and
ISO 14001:2004
 Has been properly implemented
and maintained
• Information on audit results
must be provided to management
136

• The audit program, including a schedule,
must be based on:
 Environmental importance of activities
 Results of previous audits
• Selection of auditors and conduct of audits

shall ensure objectivity and the impartiality of
the audit process
*Covered in Days 2-4 with ISO 19011:2002

137

Audit procedures must cover:
• Responsibilities and requirements for:
 Planning and conducting audits
 Reporting results
 Retaining Records
• Audit criteria
• Audit scope
• Frequency
• Methodologies
*Covered in Days 2-4 with ISO 19011:2002

138

Auditor
Focus
Focus
 A procedure for establishing and managing an
audit program detailing audit scopes, frequencies,
methodologies and auditor competencies (4.3.1,
4.4.1, 4.4.5, 4.4.6, 4.5.1, 4.5.2, 4.5.4, 4.6)
 An implemented and functioning audit
program that is effective in determining if the
management system:
• Conforms to planned arrangements
• Has been properly implemented and maintained
• Is effective in meeting the organization’s policy
and objectives
 A program and schedule based upon the
results of significance determination and
previous audits
139

Auditor
Focus
Focus
• To review and evaluate the effectiveness
and performance of the environmental
management system
140
4.6 Management Review

• Top management has to establish periodic
and planned reviews of the EMS in order for
it to be aware of and plan its continuing:
 Suitability
 Adequacy
 Effectiveness
• Reviews will include opportunities for
• Improvement and possible changes to the
EMS, including the policy, objectives,
and targets
• Records of the reviews must be retained
141

At a minimum inputs to management reviews will be:
• Results of internal audits
• Evaluation of compliance with legal and
other requirements
• Relevant communications from external parties
• The environmental performance of the organization
• The extent to which objectives and targets have
been met
• Status of preventive and corrective actions
• Actions from previous management reviews
• Changing requirements including legal and other
• Recommendations for improvement
142

Outputs from management reviews will at least:
• Include decisions and actions related to changes
in the:
 Policy
 Objectives
 Targets
 Other requirements
• Be consistent with continual improvement
143

Auditor
Focus
Focus
 A systematic review of the management system by
Top Management that covers:
• Reports of system performance
(4.4.1, 4.5.1, 4.5.2, 4.5.3, 4.5.4. 4.5.5)
• Required or decided changes to policy, objectives
or system elements
(4.2, 4.3.3, 4.5.1, 4.5.4)
 Documentation of review (4.5.4)
 For top management to be provided opportunities to
review the management system to assess whether it
is being fully implemented and remains suitable for
achieving the stated EMS Policy and objectives
Exercise 4
Application of ISO 14001:2004
Issue 4.2 10/23/08 EMS-042-01-EN-US

145
EMS Regulations
Click the flag for US Regulations
Click the flag for Canadian Regulations
Click the flag for Mexican Regulations
Click the flag for Brazilian Regulations

Exercise 5
EMS Regulations
Issue 4.2 10/23/08 EMS-042-01-EN-US

Concepts and Principles
of Auditing
Based on ISO 19011:2002
Issue 4.2 10/23/08 EMS-042-01-EN-US

148
Documents Containing Auditing Guidance

Guidelines for quality and/or
ISO 19011:2002 environmental management
systems auditing
EMS – Requirements with guidance
ISO 14001:2004
for use
EMS – General guidelines
ISO 14004:2004 on principles, systems and
supporting techniques
Conformity assessment –
ISO/IEC Requirements for bodies providing
17021:2006 audit and certification of
management systems
149
Potential Benefits of Auditing

• Verifying conformity to requirements
• Increasing awareness and understanding
• Providing a measurement of effectiveness
of the system to management
• Reducing risk of system failure
• Identifying improvement opportunities
• Initiate the corrective action cycle
• Initiate the preventive action cycle
150
ISO 19011:2002
ISO 19011:2002 provides guidance on:
• Auditing principles
• Managing audit programs
• Conducting internal and external audits
• Competence of auditors
ISO 19011:2002 provides guidance

for both QMS and EMS auditors
ISO 19011:2002 lists ISO 9000:2000

as a normative reference
151
Contents of ISO 19011:2002

1. Scope
2. Normative references
3. Terms and definitions
4. Principles of auditing
5. Managing an audit program
6. Audit activities
7. Competence and evaluation of auditors
152
3 Terms and Definitions

Audit Systematic, independent and documented
process for obtaining audit evidence and
evaluating it objectively to determine the
extent to which the audit criteria are fulfilled
(ISO 19011:2002, 3.1)
Audit Set of policies, procedures, or requirements
Criteria (ISO 19011:2002, 3.2)
Audit Records, statement of fact or other
Evidence information, which are relevant to the audit
criteria and verifiable
(ISO 19011:2002, 3.3)
Audit Results of the evaluation of the collected audit
Findings evidence against audit criteria
(ISO 19011:2002, 3.4)
153

Audit Outcome of an audit, provided by the audit
Conclusion team after consideration of the audit
objectives and all audit findings
(ISO 19011:2002, 3.5)
Audit Organization or person requesting an audit
Client (ISO 19011:2002, 3.6)
Auditee Organization being audited
(ISO 19011:2002, 3.7)
Auditor Person with the competence to conduct an
audit (ISO 19011:2002, 3.8)
Audit Team One or more auditors conducting an audit,
supported if needed by technical experts
(ISO 19011:2002, 3.9)
154

Technical Person who provides specific knowledge or
Expert expertise to the audit team
(ISO 19011:2002, 3.10)
Audit Set of one or more audits planned for a
Program specific time frame and directed towards a
specific purpose
(ISO 19011:2002, 3.11)
Audit Plan Description of the activities and arrangements for
an audit
(ISO 19011:2002, 3.12)
Audit Scope Extent and boundaries of an audit
(ISO 19011:2002, 3.13)
Competence Demonstrated personal attributes and
demonstrated ability to apply knowledge
and skills
(ISO 19011:2002, 3.14)
155
Nonconformity Classifications
For this course we will use the following
definitions and classification for Nonconformities
Major The absence of, or total systemic
Nonconformity breakdown of a management system
element specified in the standard or the
EMS; any nonconformances where the
effect is judged to be seriously
detrimental to the environment; and any
serious noncompliance to legal and
other requirements applicable to
the organization
Minor A single system failure or lapse in
Nonconformity conformance with a procedure relating
to the applicable standard or EMS
156
Differences in Audit Relationships

1st Party Organization auditing its own
(Internal) management system
2nd Party
Organization auditing a supplier
(External)
An audit of the organization by an
3rd Party
independent organization
(Extrinsic)
(i.e. certification body / registrar)
157
Various Types of Audits

• Registration
• Process
• Product
• Customer contract
• Gap assessment/pre-assessment
• Surveillance
• Compliance
• Combined audit/joint audit
158
The 3 Dimensions of Auditing

Intent How does the organization intend to
implement the EMS and how is this
intent documented?
Implementation Does the implementation of the
EMS reflect the intent reflected in
the Design?
Effectiveness Is the system operating in an
effective manner (i.e., does it
meet the parameters established
by the intent)
159

An audit of intent:
• Addresses the “design” of the system
• Is often referred to as a documentation review,
adequacy audit, or desk audit
• Typically includes documentation such as the
environmental policy, procedures, etc.
• Is often part of the 1st Stage of an ISO 14001:2004
audit per ISO 17021
• Does not require interviews
• May be performed on or off site
160

An audit of implementation:
• Addresses the “operation” of the system
• Audits the creation and implementation of a system
that meets the intent
• Typically includes Tier 2 documents (procedures)
and Tier 3 documents
(work instructions) and interviewing people
• Needs to be flexible; it should change with
changing circumstances
• Must be performed on-site
• Required as part of the Stage 2 audit per
ISO 17021
161

An audit of effectiveness:
• Asks if the implemented system achieves the
desired results
• Typically Tier IV documents (records, results of
audits, reviews, compliance assessments)
• Should audit a system that changes as it
continually improves
• Performed during the Stage 2 audit per ISO 17021
162
Applying the Process Approach to

the Audit
Auditors can apply the process approach to
auditing by ensuring the auditee:
• Can define the objectives, inputs, outputs,
activities, and resources for its processes
• Analyzes, monitors, measures, and improves
its processes
• Understands the sequence and interaction of
its processes
163
Applying the Process Approach

to Auditing
• To examine individual processes, concentrate on:
 Inputs/Required Actions/Outputs
 Application of Plan-Do-Check-Act
 Resources (those needed, applied)
• To examine relationships between processes,
concentrate on:
 Flow/sequence/linkage/combination
 Interaction/communication
 Audit trails
164
Process Auditing “Turtle Diagram”

With what? With Who?
Resources Personnel
Inputs
From
Process Outputs
(specific value To whom/
whom/
added activities) where
where
How done? What results?

Methods/ Performance
Documentation indicators
165
Process Auditing “Turtle Diagram”

With What? With Who?
Secondary containments, defined Chemical committee,
storage areas, spill kits maintenance personnel,
emergency response
team
Inputs
40 CFR Part Outputs
112 – Oil Chemical Verified
Pollution Management reduction in oil
use,
Prevention,
Corporate Process fewer reportable
spill (oil) spills
requirements
How Done? What Results?

Chemical approval Reduction in costs of oil
process, use and cleanup
SPCC plan, materials,
spill training reduced reporting time
166
4 Principles of Auditing
Ethical • Trust, integrity, confidentiality,
Conduct discretion
Fair • Audit findings and conclusions are
Presentation accurate and truthful
Due • Exercise care according to the
Professional confidence placed
Care in them by their clients
• Competence is essential
ISO 19011:2002, clause 4

167
4 Principles of Auditing
Independence • Auditors are independent of the
activities being audited and are
free from bias or conflict
of interest
• Conclusions will be objective and
based only on audit evidence
Evidence- • Audit evidence is based on
Based samples of information
Approach
• Conclusions are verifiable
ISO 19011:2002, clause 4
168
Auditor Relationships
• 3rd Party Auditor (especially Registration auditors):
 Abide by an applicable code of conduct
 Cannot consult or help
• 1st and 2nd Party Auditor:
 Management interface; facilitator
 Interface with customer and external auditors if
used as a guide
 May consult, assist
• All Auditors:
 Should follow the principles of auditing
Managing an Audit Program
Issue 4.2 10/23/08 EMS-042-01-EN-US

170

PLAN DO CHECK ACT
Authorize
ISO 19011, 5.1
Establish Implement Monitor

Improve
ISO 19011, ISO 19011, and Review
5.2, 5.3 ISO 19011, 5.6
5.4, 5.5 ISO 19011, 5.6
• Objectives • Schedule Audits • Monitor
• Extent • Evaluate Auditors • Review
• Roles • Select Teams • Identify Need for
• Resources • Direct Activities CA/PA Identify OPP’S
• Procedures • Maintain Records to Improve
Authorize Specific Audit

Competence Activities
and Evaluation ISO 19011, 6.
ISO 19011, 7.
171

An audit program includes: 5.1
5.1
• One or more audits depending on:
 Size of the auditee
 Nature of the auditee be r s
:n u m
 Complexity of the auditee N o t e
m a rgin
e th e
• All activities necessary for: ins id
c e ISO
en
 Planning and organizing audits refer 1:2002
1 901
 Providing resources to conduct audits
172
The Audit Program in a

Pictorial Representation
The organization and its
management system
173
Audit Program
Audit #4
Audit #1
The Audit
Program
Audit #2
Audit #3
Set of one or more audits planned for a specific time frame

and directed towards a specific purpose (ISO 19011:2002, 3.11)
174
The Audit
Audit based on environmental importance and
previous audit results
Audit
Less
Importance / Less Greater
previous weakness Importance / More
previous weakness
175
The Complete Audit Program

The organization and its
management system
The audit
program
Audit
Less
Importance / Less Greater
previous weakness Importance / More
previous weakness
176

• Top management should authorize 5.1
5.1
responsibility for program management
• Those assigned responsibility should:
 Establish, implement, monitor, review, and
improve the audit program
 Identify the necessary resources and ensure
they are provided
177
Audit Program Objectives and Extent

Objectives help direct planning and conduct 5.2.1
5.2.1
of audits and should consider:
• Management priorities
• Commercial intentions
• Management system requirements
• Statutory, regulatory, contractual requirements
• Need for supplier evaluation
• Customer requirements
• Needs of other interested parties
• Risks to the organization
178

Extent of audit program is influenced by: 5.2.2
5.2.2
• Size, nature, and complexity of the auditee
• Scope, objective, and duration of audits
• Frequency of audits
• Number, importance, complexity, similarity,
and locations of activities to be audited
• Standards, statutory, regulatory, and
contractual requirements
179

Extent of audit program is influenced by: 5.2.2
5.2.2
• Need for accreditation or registration
or certification
• Conclusions of previous audits or audit results
• Language, cultural, and social issues
• Concerns of interested parties
• Significant changes to an organization of
its operations
180
Audit Program Responsibilities

Audit program manager should have: 5.3.1
5.3.1
• Understanding of audit principles, competence
of auditors, application of audit techniques
• Management skills
• Business understanding relevant to activities
being audited
181
Audit Program Responsibilities

Audit program manager should: 5.3.1
5.3.1
• Establish objectives and extent of program
• Establish responsibilities and procedures
• Ensure resources are provided
• Ensure implementation of program
• Ensure appropriate audit records are maintained
• Monitor, review, and improve program
182
Audit Program Resources

When identifying resources, consider: 5.3.2
5.3.2
• Financial resources to develop, implement,
manage, and improve audit activities
• Audit techniques
• Processes to achieve and maintain auditor
competence and improve audit activities
• Availability of auditors and technical experts
• Extent of the audit program
• Traveling, accommodations, and other needs
183
Audit Program Procedures

Audit program procedures should address: 5.3.3
5.3.3
• Planning and scheduling
• Ensuring auditor competence
• Selecting audit teams, roles, responsibilities
• Conducting audits and follow-up
• Maintaining records
• Monitoring performance and effectiveness
of audits
• Reporting on achievements of the audit
program to top management
184
Audit Program Implementation

Audit program implementation 5.4
5.4
should address:
• Communicating program to relevant parties
• Coordinating and scheduling audits
• Establishing and maintaining a process for
evaluation of auditors and their development
• Ensuring selections of audit teams
• Providing necessary resources to audit teams
185
Audit Program Implementation

Audit program implementation 5.4
5.4
should address:
• Ensuring conduct of audits according to the
audit program program
• Ensuring control of audit records
• Ensuring review, approval, and distribution of
audit reports
• Ensuring audit follow-up
186
Audit Program Records

Records that demonstrate audit program 5.5
5.5
implementation should include:
• Records related to individual audits
• Results of audit program review
• Records related to audit personnel
187
Audit Program Monitoring

and Reviewing
Performance indicators should be used for 5.6
5.6
monitoring, such as:
 The ability of audit teams to implement
audit plan
 Conformity with program and schedule
 Feedback from audit clients, auditors,
and auditees
188
Audit Program Monitoring

and Reviewing
Audit program review should consider: 5.6
5.6
• Results and trends from monitoring
• Conformity with procedures
• Evolving needs and expectations of
interested parties
• Program records
• Alternative or new auditing practices
• Consistency between audit teams
Audit Activities
Issue 4.2 10/23/08 EMS-042-01-EN-US

190
The “7” Audit Activities

Initiating the Audit 6.1
6.1
Conducting Document Review
Preparing for On-site Activities
Conducting On-site Activities
Preparing, Approving, Distributing Audit Report
Completing the Audit
Conducting Audit Follow-up

Initiating the Audit
Issue 4.2 10/23/08 EMS-042-01-EN-US

192
Activity #1 - Initiating the Audit

6.1
Conducting On-site Activities
Preparing, Approving, Distributing Audit Report

193
Initiating the Audit

Initiating the audit includes: 6.2
6.2
• Appointing the audit team leader
• Defining audit objectives, scope, criteria
• Determining feasibility of the audit
• Selecting the audit team
• Establishing initial contact with the auditee
194
Appointing the Audit Team Leader

• Audit program manager should appoint 6.2.1
6.2.1
audit team leader
• Auditing organizations should come to
consensus regarding authority of audit team
leader before joint audit begins
195
Defining Audit Objectives,

Scope, Criteria
• Audits should be based on documented 6.2.2
6.2.2
objectives, scope, and criteria
• Audit objectives define what is to be
accomplished by the audits
196

Scope, Criteria
Audit objectives may include: 6.2.2
6.2.2
• Determination of the extent of conformity of
auditee’s EMS with audit criteria
• Evaluation of capability of EMS to ensure
compliance with statutory, regulatory, and
• Evaluation of effectiveness of the EMS to
meet its objectives
• Identification of areas of improvement
197

Scope, Criteria
Audit scope describes extent and boundaries 6.2.2
6.2.2
of audit, including:
• Physical locations
• Organizational units
• Activities and processes
• Time period covered by audit
198

Scope, Criteria
Audit criteria are references against which 6.2.2
6.2.2
conformity is determined, including:
• Policies
• Procedures
• Standards
• Laws and regulations
• EMS requirements
• Contractual requirements
• Industry/business sector codes of conduct
199

Scope, Criteria
Audit Defined by audit client 6.2.3
6.2.3
Objectives
Audit Scope Defined by audit client and
reviewed by audit team leader
Audit Criteria Defined by audit client and

reviewed by audit team leader
Changes to Defined between audit client

All Above and audit team leader
Note: The Scope and Criteria must compliment and be
able to achieve the Objective of the audit, if not
then something has to change
200
Determining Feasibility of the Audit

• To determine the feasibility of the audit, 6.2.3
6.2.3
take into consideration:
 Sufficient and appropriate information
for planning (Do you have?)
 Adequate cooperation from auditee
(Do you have?)
 Adequate time and resources (Do you have?)
• When audit is not feasible, propose alternative
to audit client
Note: Team Leader/ Lead Auditor, this is your responsibility.

If any answer is no, the audit is not feasible and
something has to change
201
Selecting the Audit Team

For team size and competence, consider: 6.2.4
6.2.4
• Audit objectives, scope, criteria, and duration
• Whether audit is combined or joint
• Competence of team to meet objectives
• Statutory, regulatory, contractual and
accreditation/certification requirements
• Independence of the team
• Ability of team members to interact with
auditee and each other
• Language of the audit
• Auditee’s social and cultural characteristics
202
Selecting the Audit Team

To determine audit team competence: 6.2.4
6.2.4
• Identify knowledge and skills needed to
achieve objectives of the audit
• Select team members to ensure all needed
knowledge and skills are represented in the
audit team
203
B es t
Auditor Responsibilities Prac
tice
• Assist in the audit • Plan and carry out assigned

activities under the responsibilities effectively and
direction of the team efficiently
leader (lead auditor) • Document all observations
• Comply with applicable • Report the audit results
audit requirements • Verify effectiveness of
• Communicate and corrective actions
clarify audit • Retain and safeguard
requirements audit documents
Ultimately responsibilities must be established be each
organization in its own audit program procedures
204
Establishing Initial Contact with

the Auditee
The purpose of initial contact is to: 6.2.5
6.2.5
• Establish communication with auditee
• Confirm authority to conduct the audit
• Provide information on proposed timing and
audit team composition
• Request access to relevant documentation
• Determine safety rules
• Make arrangements for audits
• Agree on attendance of observers or guides
205
Audit Schedule
B es t
Prac
• An audit schedule often serves as the tice
output of the audit program
• Audit schedules give details about the
audit, including:
 Which processes
 Which areas
 Which clauses
 How often and when
206
Audit Schedule
B es t
Prac
Audit schedule considerations include: tice
• Status of activity
• Importance of activity/product
• Results of past audits
• New methods/new technology
• Organizational changes
• Corrective action pending
• Complexity and size of the area
• Size of audit team
• Team planning and reporting time
207
Example of an Audit Program Schedule

Processes J F M A M J J A S O N D
Emergency Response P P P
Corrective Action P P
Chemical
P A P
management
Air management P P
Document Control P A
Production P P P P
Management Review A P
B es t
Prac
Waste Monitoring P tice
P = Planned A = Additional
Note: This example is not all inclusive See additional example of

and audit program schedule behind the “Reference Tab”
Issue 4.2 10/23/08 EMS-042-01-EN-US

209
Activity #2 - Conducting
Document Review
6.1
Conducting On-site Audit Activities
Preparing, Approving, and Distributing the Audit Report

210

A review of auditee’s documentation: 6.3
6.3
• Should be conducted prior to on-site audit
activities unless deferring review is not
detrimental to the effectiveness of the audit
• Should include relevant EMS documents,
records, and previous audit reports
• May include a preliminary site visit
Note: Document review will take part during Stage 1

of the system certification process according to
ISO 17021:2006
211

If auditee’s documentation is inadequate: 6.3
6.3
• Audit team leader should inform audit client,
audit program manager, and auditee
• A decision should be made to continue or
suspend the audit
Note: Nonconformity may come from inadequate or

incomplete documentation during the Stage 1 audit
212

When conducting a document review, ask:
• Are all documentation requirements of B es t
Prac
ISO 14001 addressed? tice
• Does the documentation match the
audit scope?
• Is management commitment and intent clearly
defined in the documentation?
• Have responsibilities been adequately defined?
Issue 4.2 10/23/08 EMS-042-01-EN-US

214
Activity #3 - Preparing for

On-site Activities
6.1

215

Preparing for on-site activities includes: 6.4
6.4
• Preparing the audit plan
• Assigning work to the audit team
• Preparing work documents
216
Preparing the Audit Plan

The audit plan should: 6.4.1
6.4.1
• Be prepared by the audit team leader
• Be signed-off by audit client, audit team, and
auditee (including revisions made to the plan)
• Facilitate scheduling and coordination of
audit activities
• Reflect audit scope and complexity
• Be flexible to permit changes
217

The audit plan should cover: 6.4.1
6.4.1
• Audit objectives
• Audit criteria and reference documents
• Audit scope
• Dates and places where audit activities will
be conducted
• Expected time and duration of activities
• Roles and responsibilities of audit team
members and accompanying persons
• Allocation of resources
218

The audit plan should also cover: 6.4.1
6.4.1
• Identification of auditee’s representative
• Working and reporting language when
different from auditee’s
• Audit report topics
• Logistic arrangements
• Confidentiality matters
• Audit follow-up actions
219
Assigning Work to the Audit Team

• Audit team leader should assign 6.4.2
6.4.2
responsibilities to audit team members
• Assignments should take into account:
 Need for independence and competence
 Effective use of resources
 Different roles of auditors, auditors-in-
training, and technical experts
• Changes to work assignments may be
made during audit to meet objectives
220
Preparing Work Documents

Work documents used by auditors: 6.4.3
6.4.3
• May include sampling plans, checklist,
notes generated
• Should not restrict extent of audit activities
• Should at least be retained until audit
completion (see ISO 19011:2002, 6.7)
• Should be safeguarded if they include
confidential or proprietary information
Exercise 6
Creating an Audit Plan
Issue 4.2 10/23/08 EMS-042-01-EN-US

222
Checklists B es t
Prac
tice
The benefits of an audit checklist can include:

• Keeping the audit scope and objectives clear
• Providing evidence of audit planning
• Maintaining audit pace and continuity
• Reducing auditor bias
• Reducing workload during audit
• Providing space for auditor notes
• Identifying expected evidence
223
Checklists B es t
Prac
tice
Potential drawbacks of checklists can include:

• Checklists tend to lose value if they become:
 Tick lists
 Questionnaires
• Checklists may lead to rigid adherence to
pre-planned questions
Note: “Prepare them as memory aids – Reduce that

mental workload”
224
Checklists B es t
Prac
tice
One approach for preparing checklists is to:

• Identify the audit scope and processes
within the scope
• Identify applicable factors (inputs, outputs,
measures, etc.)
• Use these points and other requirements
(ISO, EMS, etc.) to:
 Plan what to look at
 Plan what to look for (audit evidence)
• Prepare checklist
225
B es t
Checklist Example Prac
tice
Area Audited: Document Control
Look at Procedure DC-05
Compliance of procedure to policies
and ISO 14001 standard
Look for
Control of all document types,
including external documents
Look at Document Approvals
Approvals by authorized persons prior
to document issue
Look for
Evidence of approvals, e.g., signature
or electronic proof
226
B es t
Checklist Example Prac
tice
Look at Document Changes

Documents reviewed, updated as
necessary, and re-approved
Look for
Current revision status identified
along with nature of changes
Look at Document Usage
Legible and retrievable versions
Look for available at points of use
No obsolete documents in use;
retained documents identified
Exercise 7
Creating an Audit Checklist
Issue 4.2 10/23/08 EMS-042-01-EN-US

Conducting On-site
Audit Activities
Issue 4.2 10/23/08 EMS-042-01-EN-US

229
Activity #4 - Conducting On-site

Audit Activities
6.1

230

Conducting on-site activities includes: 6.5
6.5
• Conducting the opening meeting
• Communication during the audit
• Roles and responsibilities of guides and observers
• Collecting and verifying information
• Generating audit findings
• Preparing audit conclusions
• Conducting the closing meeting
231
Conducting the Opening Meeting

The opening meeting should be held with: 6.5.1
6.5.1
• The auditee’s management
• Those responsible for functions or processes
to be audited
232

The purpose of the meeting is to: 6.5.1
6.5.1
• Confirm the audit plan
• Provide a short summary of how the audit
activities will be conducted
• Confirm communication channels
• Allow auditee to ask questions
233

B es t
Matters to be addressed include: Prac
tice
• Introduction of personnel
• Audit purpose and scope
• Review of the audit plan
• Guides for the auditors
• Audit methods
• Reporting methods
• Audit is a sample
• Confidentiality
• Logistics
• Restrictions
• Clarification
Exercise 8
Conducting an Opening Meeting
Issue 4.2 10/23/08 EMS-042-01-EN-US

235
Communication During the Audit

Audit team should confer periodically to: 6.5.2
6.5.2
• Exchange information
• Assess audit progress
• Reassign work as necessary
Note: The auditee should never be surprised regarding

the progress of the audit.
236

Audit team leader should: 6.5.2
6.5.2
• Communicate audit progress to auditee and
audit client periodically
• Report immediate or significant risks to
auditee immediately
• Note and possibly communicate issues of
concern that are outside of audit scope
• Report reasons to auditee and audit client if
audit objectives are unattainable
237

Changes made to the audit scope during the 6.5.2
6.5.2
audit should be reviewed and approved by
the audit client and auditee, as appropriate
238

Auditees can create difficult situations
for auditors if the auditees: B es t
Prac
tice
• Cannot find documents • Are called away
• Act uncooperatively • Work in a noisy
• Are unprepared environment
• Take long • Suffer from
telephone calls interdepartmental or
• Provoke the auditor personality conflicts
• Are long-winded • Get constantly
• Practice diversionary interrupted
tactics
239

Auditors can handle difficult situations by: B es t
Prac
• Always staying focused on audit objectives tice
• Being patient but firm during difficult situations
• Interviewing another person if auditee is difficult
• Controlling time by moving on to next step if person
is not available
• Asking auditee to hold calls during audit
• Asking for information to be brought later
• Not arguing, debating, or taking sides
• Notifying the EMS management representative
immediately if they cannot handle the situation
240
Roles and Responsibilities of

Guides and Observers
Guides and observers: 6.5.3
6.5.3
• Should not influence or interfere with conduct
of the audit
• May assist audit team with:
 Establishing contacts or interviews
 Arranging site visits
 Ensuring adherence to safety and security
 Witnessing the audit on behalf of auditee
 Providing clarification or assisting with
information collection
241
Collecting and Verifying Information

Sources of Information 6.5.4
6.5.4
Collecting by Appropriate Sampling

and Verifying
Audit Evidence
Evaluating against Audit Criteria
Audit Findings
Reviewing
Audit Conclusions
242

Audit evidence should be: 6.5.4
6.5.4
• Relevant to audit objectives, scope, and criteria
• Collected by appropriate sampling
• Verified
• Recorded
Remember: If the information cannot be verified, then it

cannot be audit evidence
243

Methods for collecting information include: 6.5.4
6.5.4
• Interviews
• Observations of activities, work environment,
conditions, etc.
• Reviews of documents
• Reviews of records
• Data summaries and analyses
• Auditee’s sampling processes
• Other reports, such as customer feedback
• Databases and websites
244

To conduct sampling correctly, auditors B es t
must ensure: Prac
tice
• The size and selection is determined by
the auditor
• Samples are based on the size of the
organization, scope of the audit, results of
previous audits, and nature of the process
• The sample size matches the audit risk
• That auditees understand that an absence of
nonconformities in the sample does not mean
an absence of nonconformities in the system
245

When conducting interviews, auditors 6.5.4
6.5.4
should consider:
• Interviewing people from appropriate levels
who perform the processes within the scope
• Conducting interviews during normal working
hours, and if possible, at the work space
• Putting the interviewees at ease
• Explaining the reason for the interview and
any note taking by the auditor
246

When conducting interviews, auditors 6.5.4
6.5.4
should consider:
 Initiating by asking interviewees to describe
their work
 Avoiding questions that bias the answers
 Summarizing and reviewing results of
interviews with the interviewees
 Thanking interviewees for their cooperation
and participation
247

Open-ended Relies on why, who, what, where, when, or
Question how to get more than a yes or no answer
(preferred)
Expansive Further elaborates the current point B es t
Question Prac
tice
Opinion Asks opinion about current point
Question
Non-verbal Uses body language, for example: raise eye-
brow to elicit further information
Repetitive Repeats back response in form of question
Question
Hypothetical Uses what if, suppose that, etc.
Question
Closed Gets a yes or no answer and used for
Question confirmation (avoid using too often)
Silence Draws more information
248

Unhelpful interview practices include: B es t
Prac
tice
• Asking too many questions at once
• Arguing/challenging
• Saying you understand, when you don’t
• Criticizing an approach
• Blaming the person
• Judging success of the audit by the
nonconformity count
249

If evidence should prove the auditor has B es t
made an error, he or she should: Prac
tice
• Admit it
• Apologize
• Learn from the mistake
• Move on
250

Clear, complete, and accurate notes of B es t
observations can: Prac
tice
• Serve as a record of samples taken
• Be valuable in writing the audit report
Exercise 9
Auditing Scenarios
Issue 4.2 10/23/08 EMS-042-01-EN-US

Exercise 10
Auditing the AEG Case Study
Issue 4.2 10/23/08 EMS-042-01-EN-US

Generating Audit Findings
Issue 4.2 10/23/08 EMS-042-01-EN-US

254

Audit findings: 6.5.5
6.5.5
• Are generated by evaluating audit evidence
against audit criteria
• Can indicate conformity with audit criteria
• Can identify an opportunity for improvement
• Should be reviewed by the audit team at
appropriate stages during the audit
255

Nonconformities should be: 6.5.5
6.5.5
• Recorded along with supporting evidence
• Reviewed with the auditee to ensure auditee
understands and acknowledges findings:
 Auditor should resolve any diverging opinions
 Unresolved issues should be recorded
256

B es t
Nonconformity report typical contents: Prac
tice
• Reference # and/or date

• Location
• Classification of severity
• The requirement
• Statement of nonconformity, including the
audit evidence
• Name of auditor who identified the non-conformity
• Name of authorized person who can acknowledge
receipt of non-conformity for organization
257

B es t
A poor nonconformity statement: Prac
tice
“Maintenance people do not know how

to clean up spills.”
258

B es t
Better: Prac
tice
“It was observed that a maintenance crew

incorrectly followed Oil Spill Procedure
(EMS-#1834) when cleaning an oil spill in
the delivery vehicle maintenance bay.”
259

B es t
Pretty good: Prac
tice
“When cleaning an oil spill in the delivery

vehicle maintenance bay, it was observed
that the maintenance crew disposed of oil in
the general trash bin when cleaning up an oil
spill. When questioned, the maintenance
crew were not aware that Oil Spill Procedure
(EMS-#1834) requires special disposal
instructions for oil.”
260

B es t
• When classifying nonconformities, Prac
tice
consider the seriousness:
 What could go wrong if the nonconformity
remains uncorrected?
 What is the probability of it going wrong?
 Is it likely the system would detect it before
the environment is affected?
• If you think you have a nonconformity, you
don’t. You must know and you must have:
• A requirement
• Evidence that it has been broken
261
Generating Audit Findings B es t

Prac
tice
EMS Audit Nonconformity Report Incident Number: 1
Company under Audit:
ISO 14001 Clause

Area under Review:
Number:
Category:  Major  Minor
Requirement:
Nonconformity/Evidence:
262

Prac
tice
Company under Audit: XYZ, Inc.
ISO 14001 Clause

Area under Review: Chemical Processing
Number: 4.4.5(b)
Category:  Major  Minor
Requirement:
Document Control procedure #DC-003, issue 1, revision B, dated 10/15/2006
requires that all documents be reviewed, revised and approved by authorized
personnel prior to release.
There is no evidence that Materials and Processes procedure #MP-010, issue 2,
revision A, dated 02/23/2007 was approved by anyone listed on the “Authorized
Approval List” that was in effect at the time the procedure was created.
263

Prac
tice
Company under Audit: XYZ, Inc.
ISO 14001 Clause

Area under Review: Paint Booth #4
Number: 4.5.1
Category:  Major  Minor
Requirement:
Paragraph 3.4 of the Metrology Operations Manual, revision C, dated 4/10/2007
requires that all paint booth manometers be calibrated every six months.
The manometer on paint booth #4, located in the assembly paint area (building #45,
column 13B) had a calibration sticker indicating that the last calibration occurred on
9/12/2006. A review of the associated calibration records confirmed that the last
calibration occurred on 9/12/2006.
Exercise 11
Writing Nonconformity Statements
Issue 4.2 10/23/08 EMS-042-01-EN-US

265
Preparing Audit Conclusions

Audit team should meet to: 6.5.6
6.5.6
• Review audit findings against objectives
• Come to consensus on audit conclusions
• Prepare recommendations if required
• Discuss audit follow-up
266
Preparing Audit Conclusions

Audit conclusions can address the: 6.5.6
6.5.6
• Extent of conformity of the system with
audit criteria
• Effective implementation, maintenance, and
improvement of the system
• Capability of the management reviews to
ensure suitability, adequacy, effectiveness,
and improvement of the system
267
Conducting the Closing Meeting

• Hold closing meeting with auditee, audit client, 6.5.7
6.5.7
and others to present findings and conclusions
• Gain acknowledgement of nonconformities
• Cover situations encountered during audit that
may decrease reliance on audit conclusions
• Discuss and resolve diverging audit findings
and conclusions; keep records if not resolved
• Provide recommendations for improvement
where specified by audit objectives
• Keep minutes and attendance records
• Make recommendations for improvements
if required
268
Closing Meeting
Team Leader prepares and works to an B es t
agenda and controls the meeting: Prac
tice
1. Attendees 7. Audit Summary
2. Thanks 8. Nonconformities
3. Objective / Scope 9. Agreement (sign)
4. Reporting system 10. Recommendation
5. Limitations 11. Clarification
6. Confidentiality 12. Depart
269
3rd Party Audit Recommendation Options

Options for recommending B es t
Prac
registration include: tice
1. Recommend registration without conditions

2. Recommend conditional registration based
on submission of acceptable plan
and follow-up:
• Verification at next surveillance visit
• Evaluation of the mailed evidence
• Special visit to verify corrective action
3. Unable to recommend registration at
this time:
• Partial re-audit
• Full re-audit
Preparing, Approving, and
Distributing the Audit Report
Issue 4.2 10/23/08 EMS-042-01-EN-US

271
Activity #5 - Preparing, Approving,

and Distributing the Audit Report
6.1

272
Preparing the Audit Report

• The audit team leader is responsible for 6.6.1
6.6.1
preparation and contents of the report
• The audit report should provide a complete,

accurate, concise, and clear record of the audit
273

The audit report should include: 6.6.1
6.6.1
• Audit objectives
• Audit scope
• Identification of audit client
• Identification of audit team leader
and members
• Dates and places where audit conducted
• Audit criteria
• Audit findings
• Audit conclusions
274

The audit report may also include or refer to: 6.6.1
6.6.1
• Audit plan
• List of auditee representatives
• Summary of audit process and uncertainties or
obstacles encountered during the audit
• Confirmation that audit objectives were met
• Any areas not covered although within scope
• Unresolved diverging opinions
• Recommendations for improvement
• Agreed follow-up action plans
• Statement of confidentiality
• Distribution list for the report
275
The Audit Report – An Example

AUDIT SUMMARY REPORT: No. 01 DATE: 1/16/2004
Processes Audited: Emergency Response, Correction Action, Identification of Legal Requirements, Waste
Management, Internal Communication, Aspect and Impact Identification, Internal Auditing
Date of Audit: 1/16/2004
Scope of Audit: EMS Documentation
Audit Basis (standard/procedure/project etc.): ISO 14001:2004
Auditor(s): Len Allen, Audrey Brown
Summary: (See attached matrix of findings for detail)
Strengths:
• Commitment of management to the environmental efforts
• Use of notice boards to keep staff informed of aspects, impacts, objectives, and targets
Number of nonconformities identified: 24

Number of major/minor nonconformities: 3 major/21 minor
Weaknesses:
• Major system failures in corrective action program and identification of legal requirements
Corrective action must be addressed for each of the written nonconformity reports. Please outline tentative action
plans, responsibility, and implementation timing. Submit CAR forms back to the audit team leader.
NCR Ref Nos: D01 thru D24
Report Prepared by: __________________________ Date: _______________
Report Approved by: _________________________ Date: _______________
Audit Manager
Distribution: department managers as listed
276
Approving and Distributing the

Audit Report
The audit report should: 6.6.2
6.6.2
• Be issued within agreed time period
• Be dated, reviewed, and approved according
to audit program procedures
• Be distributed, when approved, to individuals
designated by audit client
• Remain confidential
Exercise 12
Conducting the Closing Meeting and Preparing the Audit Report
Issue 4.2 10/23/08 EMS-042-01-EN-US

278
Discussion
During the closing meeting what do you do if:
• Top Management doesn’t show?
• A nonconformity is contested?
• Someone wants to argue?
• A nonconformity was corrected and they want to
have it removed from the report?
Issue 4.2 10/23/08 EMS-042-01-EN-US

280
Activity #6 - Completing the Audit

6.1

281

The audit is complete when: 6.7
6.7
• All activities described in audit plan have been
carried out
• The approved audit report has been distributed
282

Documents must be destroyed or retained 6.7
6.7
according to:
• Agreements made between parties
• Audit program procedures
• Applicable statutory, regulatory, and
Note: Auditors must ensure confidentiality of documents

unless otherwise directed by audit client or by law
Issue 4.2 10/23/08 EMS-042-01-EN-US

284
Activity #7 - Conducting Audit Follow-up

6.1

285

• Audit conclusions may indicate need for: 6.8
6.8
 Corrective action
 Preventive action
 Improvement actions
• Auditor and auditee typically agree on time
for completion of such activities
• Auditor should verify effectiveness of
corrective actions, either onsite or through
subsequent audits
286
Conducting Audit Follow-up B es t

Prac
tice
The following process for conducting audit
follow-up is often used:
• Auditee receives the nonconformity report
• Auditee prepares and approves a corrective
action plan
• Auditee submits the plan to auditor
• Auditor evaluates and agrees with the plan
• Auditee implements the agreed to corrective
action plan
287

Prac
tice
The following process for conducting
audit follow-up is often used:
• Auditee collects and evaluates evidence
of effectiveness
• Auditee revises the plan, if necessary
• Auditee documents the changes in the
environmental management system
• Auditor verifies the implementation and
effectiveness (through mailed evidence,
re-audit, partial audit, or during next audit)
• Auditor and auditee records all actions
288

Prac
tice
If the corrective action is not effective,
auditors may:
• Refuse acceptance of the corrective action
• Deny certification (if initial assessment)
• Suspend/revoke certification (if a
continuing assessment)
• Escalate nonconformity to a major (if a
minor nonconformity)
Exercise 13
Reviewing Corrective Actions and Audit Follow Up
Issue 4.2 10/23/08 EMS-042-01-EN-US

Exercise 14
Sample Exam
Issue 4.2 10/23/08 EMS-042-01-EN-US

Requirements for Auditors
Issue 4.2 10/23/08 EMS-042-01-EN-US

292
Competence and Evaluation of Auditors
• Competence and reliance in the audit 7.1

7.1
process depends on the competence
of auditors
• Auditor competence is based demonstration of:
 Personal attributes
 Ability to apply knowledge and skills gained
through education, training, work, and
audit experience
293
Competence and Evaluation of Auditors
• Some knowledge and skills are common to 7.1

7.1
auditors of both QMS and EMS and some
are specific to each discipline
• Auditors must develop, maintain, and
improve their competence through continual
professional development and audits
294
Personal Attributes
Ethical Fair, truthful, sincere, honest, discreet 7.2
7.2
Open- Willing to consider alternative ideas
minded
Diplomatic Tactful in dealing with people
Observant Aware of surroundings and activities
Perceptive Instinctively aware of and
understand situations
Versatile Able to adjust to different situations
Tenacious Persistent, focused on achieving
objectives
Decisive Reaches timely conclusions
Self-reliant Functions independently
295
Generic Knowledge and Skills of

QMS and EMS Auditors
An auditor should have knowledge and 7.3.1
7.3.1
skills in:
• Audit principles, procedures, and techniques
• Management system and reference documents
• Organizational situations
• Applicable laws, regulations, and other
requirements relevant to QMS or EMS disciplines
296

An auditor should be able to: 7.3.1
7.3.1
• Apply audit principles, procedures,
and techniques
• Plan and organize work effectively
• Conduct audit within agreed time schedule
• Prioritize and focus on matters of significance
• Collecting objective audit evidence
• Understand sampling and its limitations
297

An auditor should be able to: 7.3.1
7.3.1
• Verify accuracy of collected information
• Evaluate adequacy of audit evidence
and other factors affecting audit findings
and conclusions
• Use work documents to record activities
during the audit
• Maintain confidentiality and security
of information
• Communicate effectively
298

The auditor should: 7.3.1
7.3.1
• Apply systems to different organizations
• Interact between components of the system
• Know standards, applicable procedures, and
other documents
• Recognize difference and priority of
reference documents
• Apply reference documents to different
audit situations
• Information systems and technology for
control of documents, data, and information
299

The auditor should be knowledgeable in: 7.3.1
7.3.1
• Organizational situations
• Organizational size, structure, functions,
and relationships
• General business processes and terminology
• Cultural and social customs of the auditee
300

The auditor should be knowledgeable in: 7.3.1
7.3.1
• Applicable laws, regulations, and other
requirements relevant to QMS or
EMS disciplines
• Local, regional, and national codes, laws,
and regulations
• Contracts and agreements
• International treaties and conventions
• Other requirements applicable to
the organization
301

Team Leaders
The audit team leader should be able to: 7.3.2
7.3.2
• Plan the audit and make effective use
of resources
• Represent audit team in communication
• Organize and direct team members
• Direct and guide auditors-in-training
• Lead team to reach audit conclusions
• Prevent and resolve conflicts
• Prepare and complete the audit report
302
Specific Knowledge and Skills of

EMS Auditors
Knowledge of environmental management 7.3.4
7.3.4
methods and techniques should include:
• Environmental terminology
• Environmental management principles and
their application
• Environmental management tools and their
application (aspect/impact evaluation; life
cycle assessment; performance evaluation)
303

EMS Auditors
Knowledge of environmental science and 7.3.4
7.3.4
terminology should include:
• Impact of human activities on
the environment
• Interaction of ecosystems
• Environment media (air, water, land)
• Management of natural resources
• Methods of environmental protection
304

EMS Auditors
Knowledge of technical and environmental 7.3.4
7.3.4
aspects of operations should include:
• Sector-specific terminology
• Environmental aspects and impacts
• Methods for evaluating the significance of
environmental aspects
• Critical characteristics of operational
processes, products, and services
• Monitoring and measuring techniques
• Techniques for the prevention of pollution
305
Education, Work, Auditor Training,

and Audit Experience
Education requirements include: 7.4
7.4
• Sufficient education to acquire generic
and EMS specific knowledge and skills
described in 7.3
• Completion of generic and specific EMS
auditor training, internally or externally
306

Work experience requirements include: 7.4
7.4
• Experience with technical, managerial, or
professional positions involving judgment,
problem-solving, and communication with
various parties
• Experience in a position that contributes to
knowledge and skills in environmental fields
307

Audit experience requirements include audit 7.4
7.4
experience in audit life-cycle activities gained
under an audit team leader
308

Audit team leaders should have additional 7.4
7.4
knowledge, skills, and experience as per
clause 7.3.2 gained under a competent
team leader
Note: The extent of direction and guidance needed during

an audit is at the discretion of audit team leader or
person responsible for managing the audit program
309
Auditors Who Audit both QMS and EMS
• QMS or EMS auditors who wish to become 7.4.3

7.4.3
qualified in the second discipline should:
 Acquire knowledge, skills, training, and
experience in that discipline
 Conduct audits in that discipline under
direction of a competent team leader in
that discipline
• The team leader in one discipline must
acquire the credentials for being the team
leader in the second discipline.
310
Continual Professional Development (CPD)

Auditors should maintain and improve 7.5.1
7.5.1
knowledge, skills, and attributes through:
• Work experience
• Training
• Private study
• Coaching
• Attending meetings, seminars, conferences,
or other relevant activities
311
Maintenance of Auditing Ability

Auditors should maintenance auditing ability 7.5.2
7.5.2
by regular participation in QMS and/or
EMS audits
Accreditation and
Certification Programs
Issue 4.2 10/23/08 EMS-042-01-EN-US

313
Accreditation Programs
National Government/Trade Associations
Training Auditors Registration
Accrediting
RABQSA
RABQSA RABQSA
RABQSA Authority
Training Independent
Independent Certification
Training
Organization Auditors
Auditors Bodies
Organization 3rd Party
Auditors
Lead
Lead Auditor
Auditor Registered
Training
Training Organizations
Internal Auditors
Customers
314
RABQSA Criteria for Environmental

Auditor Certification
• Education
• Work experience
• Environmental experience
• Auditing experience
• Managing audits
• Communication skills
• Training and examination
• Maintenance of proficiency
Registration Process for
ISO 14001:2004
Issue 4.2 10/23/08 EMS-042-01-EN-US

316
Requirements for Certification/

Registration Bodies
• Effective September 15, 2008 all accredited
Certification Bodies must meet the
requirements specified in ISO/IEC 17021,
Conformity assessment – Requirements for
bodies providing audit and certification of
management systems
• IAF Guidance 66 to ISO/IEC Guide 66, General

Requirements for Bodies Operating
Assessment and Certification/registration of
Environmental Management Systems (EMS)
has been revised and will be replaced by ISO
17021 effective September 15, 2008
317
Requirements for Certification/

Registration Bodies
As previously specified with IAF Guide 66,
ISO 17021 includes the requirements by
which CB’s must:
• Establish internal procedures for planning
and conducting audits
• Manage clients files and records
• Develop auditor competency
• Maintain confidentiality
• Conduct auditing services under a 2 Stage
audit process
• Perform periodic surveillance audits
318
Possible Reasons for Seeking ISO

14001:2004 Registration
• Verify execution of environmental strategies
• Meet legal requirements and reduce liability/risk
• Satisfy customer/contract requirements
• Demonstrate due diligence
• Establish leadership position in the industry
• Expand markets and customer base
• Improve environmental performance
• Improve or maintain public image
319
Registration Process
Seven steps of the registration process are:
1. Agree on audit objective, scope, and date
2. Select CB and submit application
3. Arrange for the documentation review
4. Consider a pre-assessment visit (optional)
5. Participate in the assessment visit:
• Stage I - Assessment of EMS design
• Stage II - Assessment of EMS implementation
6. Receive the registration certificate
7. Begin the ongoing surveillance audits
320
Five Typical Registration Situations

• Single site, single operation
• Shared site – separate organizations
• Similar activities at multiple sites
• Service organizations
• One activity in a larger organization
ALSO:
• Single-source registrations – multiple
management systems
321
Recommendation for Registration

The audit team will do one of the following:
 Recommend your system for certification

Recommend your system for certification based on
? acceptable corrective action plans
Be unable to recommend your system due to one or more

X major nonconformities
322
Questions/Final Thoughts
323
Environmental Lead Auditor Course
BSI Management Systems Inc.

thanks you for your attendance,
participation and hard work!

Slides 01 - Ems Lac, Ig, Issue 4.2, 10-23-08

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Slides 01 - Ems Lac, Ig, Issue 4.2, 10-23-08

Uploaded by

Copyright:

Available Formats

ISO 14001:2004 Environmental

Issue 4.2 10/23/08 EMS-042-01-EN-US

Written Examination 100 70

Continuous Assessment 100 70

More to be covered later

RABQSA Code of Conduct

RABQSA Code of Conduct

RABQSA Code of Conduct

• After each clause, an additional slide labeled

• Additionally there are references to clauses

specification documents means for the

• Particular attention must be paid to the

• Additionally the paraphrased material may

Issue 4.2 10/23/08 EMS-042-01-EN-US

Why Do We Have To Audit?

• ISO 14001:2004, Clause 4.5.5 - Internal Audit,

What Do We Audit For? Evidence!

• Additionally we look for evidence that verifies that planning

• Auditors look for the evidence of conformance

• ISO 14001 requires that audits be conducted to determine

• During the review of the requirements for ISO 14001:2004

Conformity vs. Compliance

Management System Success

Issue 4.2 10/23/08 EMS-042-01-EN-US

Why Should Business Organizations

Why Manage Environmental

Issue 4.2 10/23/08 EMS-042-01-EN-US

ISO 14000 Series of Standards

ISO 14000 Series of Standards

ISO 14000 Series of Standards

ISO 14000 Series of Standards for

Issue 4.2 10/23/08 EMS-042-01-EN-US

• A structure for managing • A performance standard

Issue 4.2 10/23/08 EMS-042-01-EN-US

Issue 4.2 10/23/08 EMS-042-01-EN-US

Input PROCESS Output

Monitoring and Measurement Opportunities

Plan-Do-Check-Act and ISO 14001:2004

ISO 14001:2004 Process Model

Process Approach = “the application of a system of

Issue 4.2 10/23/08 EMS-042-01-EN-US

Basic Standards Terminology

Both clause’s and sub-clause’s may be further

Issue 4.2 10/23/08 EMS-042-01-EN-US

Contents of ISO 14001:2004

Contents of ISO 14001:2004 (…cont.)

• Annex B - Correspondence between ISO

Note: This means ISO 14001:2004 is a stand alone

3 Terms and Definitions (selected)

Note: A definition for Major and Minor Nonconformity

3 Terms and Definitions (selected)

Note: procedures may be documented or not

3.20 record Document stating results achieved or

Issue 4.2 10/23/08 EMS-042-01-EN-US

• Please feel free to discuss any material that

4.1 General Requirements

• The organization shall define and

4.1 General Requirements

• Conformity to the 1st part of 4.1 cannot be achieved

4.2 Environmental Policy

Overall intentions and direction

4.2 Environmental Policy

4.2 Environmental Policy

4.2 Environmental Policy