ISO 9001 Standard - ISO 9001 Standards

Read more on ISO 9001 Standard at http://www.iso9001store.com

The Audit Plan In ISO 14001

The audit plan is the document that establishes the scope, objectives and criteria, and schedule of the audit. It also goes into specific details on what areas will be audited, when, and by whom.

Other details such as which checklists may be used, how the report is to be formatted and distributed, and how meetings will be conducted can also be included in the plan. In essence, the audit plan reflects the programs, procedures, and methodologies of the EMS audit process, in accordance with element 4.5.4 of ISO 14001. These planning items are usually described in the procedures for element 4.5.4 and do not need to be re-created every time an audit occurs. For example, it can be determined that the entire EMS will be audited once per year, but in four partial events. This schedule then becomes part of the procedure.

The audit scope defines what part of the organization will be audited. Obviously, this should coincide with the scope of the EMS itself, and is usually the site in question. If the full EMS audit is divided in smaller segments conducted throughout the year, then the scope of any given segment is what portion of the organization will be audited at that time. Typically, an organization will create a chart or matrix showing the various divisions of the site or activity and when it will be audited. A typical entry may show the maintenance department being audited in the first quarter and production in the fourth quarter, for example.

Also noted in the audit plan is the audit objective(s). The audit objective describes why an audit is being conducted. Typically the reason is to conform to ISO 14001 4.5.4 requiring that the EMS be periodically evaluated. Another reason is demonstrate conformance to others.

Although EMS audits may appear in their own right to be “good practice”, it is essential that auditors have a clear concept of what the general objectives of such audits are.

The definition of EMS audits highlights the need to confirm conformance with planned arrangements and to ensure that these arrangements are effective and suitable to achieve objectives. ISO 14011 expands this to form a number of general objectives for any type of EMS audit. Audits should be carried out to:

- determine conformance of an auditee’s EMS with the EMS audit criteria

- determine whether the auditee’s EMS has been properly implemented and maintained

- to identify areas of potential improvement in the auditee’s EMS

- assess the ability of the internal management review process to ensure the continuing suitability and effectiveness of the EMS

- evaluate the EMS of an organization where there is a desire to establish a contractual relationship, such as with a potential supplier or a joint-venture partner.

Using this definition and sources such as ISO 14010 and 14011, the following statement of the specific objectives of an internal EMS audit has been developed. Internal audits should be carried out to ensure that:

- The EMS continues to meet the needs of the business

- The necessary documented procedures that exist are practical and satisfy any specified requirements

- The necessary documented procedures are understood and followed by appropriately trained personnel

- Areas of conformity and nonconformity with respect to implementation of the EMS system are identified and corrective action implemented

- The effectiveness of the system in meeting the EMS objectives is determined and that a basis is created for identifying opportunities and initiating actions to improve the EMS system

The above objectives imply that internal audits are concerned with more than just the policing of an established system. If auditors and managers are to remain committed to the implementation of the EMS system, it must also contribute to the process of developing that system and seeking improvements.

Internal auditing must not be carried out in a way that results in the transfer of responsibility from the operating staff to the auditor or auditing organization, i.e., at all times the individual or department must retain and accept responsibility for his or her role in the EMS.

If the internal audit process is not designed and implemented to meet the objectives and to avoid the pitfalls described above, it is unlikely that the top management commitment essential to an effective audit process will be readily forthcoming.

The audit criteria define what the “rules” are. For the sake of this guide, the criteria will be the elements of ISO 14001. A subtle point to note however is that the site’s EMS requirements are also part of the criteria. This means that in addition to responding to the requirements of ISO 14001, the EMS must also respond to “planned arrangements”, or what the organization said it was going to do. In audits, a common response is “the standard does not require such and such detail”. However, if the site’s procedure does require some specific response, then it becomes part of the criteria. In essence, the auditors are verifying the system not only to ISO 14001, but also to what the EMS documentation states.

How the audit is divided and scheduled throughout the time interval is up to the organization and will be a function of minimizing disruption to site operations and resource needs. The only requirement is that the full audit be completed within the frequency established in the procedures under 14001, 4.5.4. One of the requirements regarding frequency is that how often an area is audited be in part a function of prior audit results. This means that the planned frequency may change with time based on what auditors are finding.

How long each audit takes again is a function of resource needs and operations. It is recommended, however, that any individual audit event not be protracted out over long time periods. The longer a task takes, the easier it is to get distracted and lose focus.

Much has been written about how to audit a system if the full audit is not completed in one event. Unlike other audits, including quality audits, where a more segmented approach can be taken, ISO 14001 systems tend to be very sensitive to consistency. For example, the emergency planning process may conform to the standard element 4.4.7 in that a procedure exists; however,

it may not reflect the potential significant impacts identified in element 4.3.1. Had the audit team focused only on element 4.4.7, they would not have noted the apparent nonconformance.

When developing an audit plan, it is wise to consider the three C’s of ISO 14001 EMS auditing:

Conformance, Consistency, and Continual Improvement. Conformance relates to addressing each of the requirements of the standard, i.e., the “shalls”. Consistency relates to how well each procedure or process of the EMS relates to the others. In other words, do objectives and targets reflect the policy commitments? Are personnel trained on the correct legal and other requirements? Finally, Continual Improvement requires that the system lead to improvements in the system itself as well as with environmental performance. A system that has all the prerequisite procedures, but remains static, is not in conformance.

The concepts of consistency and continual improvement are more subtle because they are through-running threads of the standard and not always a definitive statement. The required commitment to continual improvement and the text of the standard itself however do go some way towards reminding the auditor.

With the three C’s in mind, one now sees why it is best to audit all applicable elements of the standard in a given area at one time, rather that tracing any one standard element throughout various areas. For example, during the first quarter audit event, Company X may audit all of ISO 14001 in maintenance. During the second quarter event, all of ISO 14001 will be audited in the production area, and so on. This is in contrast to auditing only a certain element, i.e., corrective action, across several site areas in one audit event.

Now we know what is being audited, when it is being audited, and to what “rules” it is being audited. The remainder of the plan is simply then the logistics of the audit. The logistics include identification of team members, noting if and what checklists will be used, schedule and formats of meeting to name a few. Below is the full list of recommended audit plan elements as described in ISO 14011:

• the audit objectives and scope;

• the audit criteria;

• identification of the auditee’s organizational and functional units to be audited;

• identification of the functions and/or individuals within the auditee’s organization having significant direct responsibilities regarding the auditee’s EMS;

• identification of those elements of the auditee’s EMS that are of high audit priority;

• the procedures for auditing the auditee’s EMS elements as appropriate for the auditee’s organization;

• the working and reporting languages of the audit;

• identification of reference documents;

• the expected time and duration for major audit activities;

• the dates and places where the audit is to be conducted;

• identification of audit team members;

• the schedule of meetings to be held with the auditee’s management;

• confidentiality requirements;

• report content and format, expected date of issue and distribution of the audit report;

• document retention requirements.

If the internal audit is to proceed smoothly, it is helpful for the internal auditor to establish a dialogue prior to the actual audit with the person responsible for the area being audited. This dialogue may be conducted by memo, telephone, or during a formal or informal meeting. The main factor that should influence the auditor’s choice of method for setting up this dialogue should be the organization’s normal style or culture. Irrespective of the method of communication the auditor adopts, the following points should be established:

• The overall duration of the proposed audit

• The starting location and time

• The proposed scope and areas to be covered by the audit

• A timetable for approximate progress of the audit where applicable, e.g., if a number of different departments or geographical areas are to be included in the scope of the audit

• The arrangements for any close out meeting where the findings of the audit can be agreed and corrective action requirements discussed

• The personnel liable to be involved at each stage of the audit

If an auditor does not give sufficient attention to ensuring that clear agreement is reached with respect to the above points, the potential for misunderstandings that can affect the conduct of the audit is greatly increased. However, these initial communications with the personnel of the area being audited not only affect the “tone” of the forthcoming audit, but they can significantly influence the commitment and level of cooperation shown by that area throughout the audit process and for many subsequent audits.

Prior to commencing the audit, but once the plan is prepared, the audit team assignments are made, and working documents are defined. Working documents are those documents such as observation logs and checklists that are used during the audit to collect evidence, but are not necessarily retained as records. In other words, they may be discarded after the audit is complete and the report prepared.

Of these, only the checklist should require an input at this stage from the auditor. However, before compiling a checklist, the auditor must determine if the function and format of the checklist are prescribed by the audit procedure or whether personal preference can be exercised.

The format of the checklist may vary considerably, depending on whether it is intended to act as an aide or as a part of audit records showing the scope and conduct of the audit. The former may consist only of general topics to be covered during the audit, whereas the latter may be an extensive and detailed questionnaire on which details of sampling and answers to the questions are to be recorded.

The need for checklists and the type appropriate will vary according to other experience of the auditors and the culture of the company. It is recommended that for purposes of internal audits, checklists, even if limited, should always be developed. However, standard questionnaire type checklists not prepared by the auditor that must be slavishly followed and completed, should be

avoided. This latter type is likely to result in an unnecessary restriction in the scope of the audit and a stifling of auditor initiative.

Although an auditor should always work within the scope defined for the audit, the working documents must not be designed so that they restrict additional audit activities or investigations that may become necessary as a result of information gained during the audit. There are differences of opinion over whether it is preferable to create the checklist anew or whether a previously developed checklist can be used. Although the former is desirable in principle, it is not always practical in terms of the best use of the resources available. The best compromise is to utilize whatever available checklists are already in existence, but to review these critically

against the relevant documents previously identified. In this way, time can be saved in using them as a foundation without detracting from effectiveness.

The Audit Report In ISO 14001

Once agreement has been reached, both among the audit team and with the auditee, it is time to prepare the audit report. Note that ISO 14001 does not require a documented audit report. However, it is very difficult to verify that the auditing requirement has been satisfied without a supporting record, which is typically a documented audit report.

The audit report is prepared by the lead auditor, although he or she may have other team members prepare portions. The content of the audit report is determined by the audit plan and the organization’s EMS audit procedures. Having completed the examination phase and evaluated the collected data observations, etc., the assessor is faced with the problem of documenting any deficiencies he or she may have found. There are many different methods of documenting deficiencies, ranging from inclusion in the body of the audit report to producing non-conformance notes or corrective action requests. Irrespective of which method is adopted, the basic principles to be followed are similar. ISO 14001 does not dictate what should be in the report, and ISO 14011 only suggests contents. ISO 14011 indicates that at a minimum, the findings need to be in the report. The findings appear as a statement that the EMS is or is not in conformance with the criteria, and states what the criteria and supporting evidence are for the statement. ISO 14011 also lists other optional items to include such as:

• the identification of the organization audited and of the client;

• the agreed objectives, scope and plan of the audit;

• the agreed criteria, including a list of reference documents against which the audit was conducted;

• the period covered by the audit and the date(s) the audit was conducted;

• the identification of the auditee’s representatives participating in the audit;

• the identification of the audit team members;

• a statement of the confidential nature of the contents;

• the distribution list for the audit report;

• a summary of the audit process including any obstacles encountered;

• audit conclusions such as:

- EMS conformance to the EMS audit criteria;

- whether the system is properly implemented and maintained;

- whether the internal management review process is able to ensure the continuing suitability and effectiveness of the EMS.

The format of such reports can vary considerably and may range from completion of a simple pro-forma to expansive documents describing all aspects of the audit performance and findings. However, irrespective of the style and format, the audit report should cover the key topics already identified as being essential for discussion and presentation at the opening and closing meetings. In constructing the report two specific objectives must be borne in mind.

(1) The report has to provide objective evidence of effective implementation of the audit procedure.

(2) The report has to allow for corrective action to be addressed and that the follow-up requirements can be established and initiated.

Where there are non-conformances, there are various options regarding deficiency reporting. One option is to describe each of the deficiencies identified in the main body of the report along with any supporting evidence, and if requested, corresponding recommendations. Although this may result in a comprehensive report of audit findings, it has the disadvantage that the individual

deficiencies are often difficult to locate, particularly when trying to monitor follow-up actions.

This can be partly overcome by writing separate corrective action requests for this purpose. A useful alternative that is less time consuming is to restrict the description of deficiencies in the body of the report to general summaries only. Details of deficiencies can then be included in non-conformance notes. Ideally, the non-conformance note should also provide space for agreeing corrective actions and recording subsequent monitoring of that corrective action. In this manner, any duplication of effort with respect to audit reporting is minimized, thus producing a more easily managed system. It is important that however non-conformances are handled, it be constant with the EMS correction action process (ISO 14001, Section 4.5.2).

Before considering the steps in preparing the non-conformance note we must be clear about their purpose.

• To convey to the auditee the findings in a clear and accurate manner so that they know what to do next.

• To advise the EMS personnel or other auditors what you have found so that he can follow it up.

• To present a record that can be reviewed remotely from the scene and be understood.

All non-conformance notes must contain certain basic information.

• The physical area being audited.

- Failure to record this often results in great confusion 3 to 6 months later when a follow up visit is carried out to review corrective action implementation.

• The specific clause(s) of the assessment standard(s) against which the non-conformance is issued.

- If the auditor is unable to readily identify the applicable section of the EMS manual or the procedure against which to issue the non-conformance, he must question whether or not he is justified in writing the non-conformance. It is good practice to re-read the

requirements of the relevant system documentation to confirm that these can be interpreted as supporting the non-conformance. If they do not, then the non-conformance cannot be issued.

• The detailed nature of the non-conformance including the specific identity of documents/procedures/material, etc.

Earlier we considered the requirements for recording observations during the assessment and emphasized the need for them to be factual and to contain objective evidence that the system requirements were not being satisfied. Although this appears to be fairly straightforward, in practice this is often not the case. It is not unusual for inexperienced auditors to identify a deficiency only to fail to communicate the findings in a manner that facilitates implementation of the appropriate corrective action. The non-conformance note, while not being over long, must contain sufficient information to enable a person not present during the audit to be able to gauge the seriousness or otherwise of the observation.

The use of descriptive terms such as extensive, several, isolated, etc… is essential to communicate accurately the nature and extent of the deficiency, but care must be taken to ensure that their use does not result in a lack of objectivity; e.g., the term extensive can only be included if there is irrefutable evidence to justify its use. The auditor must also take care to ensure that the description is not only accurate but it is also fair, e.g., a statement that 50% of manifests were incorrectly signed may be accurate but is hardly fair if only two manifests were sampled.

Having documented the nature of the deficiency, some audit systems require the auditor to grade the deficiency or non-conformance, e.g., major and minor. It is not intended to discuss grading systems in detail since there are many potential variations that companies may wish to adopt. Irrespective of what system is being adopted, the auditor must ensure that the grading given and

the text describing the deficiency are completely compatible.

Distribution of the audit report and nature of documentation are decided between the auditor and auditee, although this too is usually addressed in the audit plan. An audit is considered successful when the auditee and client feel that they have useful, constructive feedback that allows them to improve the system.

ISO 9001 Standards Quality Manual Preparation

An ISO 9001 quality manual details how an organization will actively ensure customer satisfaction through the application of established quality management principles. For this reason, the quality manual is one of the most scrutinised high-level documents present in an organization. This article discusses a number of issues surrounding the format and content of the manual.

There are no requirements defining the format of the ISO 9001 quality manual, most organizations often use a pre-formatted template which is easily modified as the quality system develops. Using a quality template will afford an organization more time to focus on documenting systems and processes with greater accuracy during the implementation phase.

There is often considerable debate about the format and content of the manual. The balance of opinion is divided between those who believe the manual’s format does not matter, as long as, what occurs out in the field complies with the requirements and those who believe the quality manual should say something ‘personal’ about the organization’s approach to quality management.

It would be true to say that every company has their own style of operation which will inevitably be reflected in the manual and procedures. This variance is fine; all that matters is that the quality manual and procedures are able to respond positively to these questions:

1. Does it define the scope of the organization’s approach to quality management?

2. Does it define how the scope is applied?

3. Does it give suitable reason for permissible exclusions from that scope?

4. Does it contain, or make reference to, documented procedures?

5. Does it ensure a cycle of feedback exists to allow improvement?

It is important to maintain a clear distinction between the contents of the manual and the purpose and scope of the procedures. The QMS should define top management’s intent to operate an effective quality management system, while the procedures define how those intentions will be implemented at an operational level.

The quality manual should not be over burdened with excessive detail which requires frequent change to ensure relevance is maintained. The approach taken many companies to avoid over-burdening their manual is by allowing lower-level documents, such as procedures and work instructions to contain operational detail. Then, simple reference is made to the procedures and work instructions from within the manual itself. In other words, let the procedures take the strain of controlling day-to-day activities; after all, they are ‘working’ documents the organization uses to achieve the goal of customer satisfaction.

How to Get an ISO 14001 Accreditation

If you are someone who is looking into getting an ISO 14001, then you may be wondering exactly why it is that you have to get this accreditation. First, you have to understand that ISO stands for the International Organisation of Standardisation. This is a series of standards that have been developed with a singular level of guidance for all companies to measure up to. The particular 14001 deals with the requirements that you will need to have in order to measure up to the environmental standards that have been set forth by the ISO.

While you do not necessarily have to get the ISO 14001 accreditation to operate your business, it is something you can do to prove to your clients and customers that you are doing your part to help out with the environment. However, you may be confused on how to go about getting this important accreditation, but it is not as difficult to attain as you might think, and most businesses should be able to get the certification within a year of the application. You should know that they will want to make sure that you have been following some form of environmental standards for at least three months prior to your application. To do this you can write an environmental review of your company’s environmental impact as it is in its current operating state. You will then want to make sure that you provide this information when you send off your initial paperwork to begin the overall process.

In order to help prove that your company is doing its part to be environmentally aware you will have to go through an initial audit once the application has been filled out and filed. After the audit has been completed you will get a list of issues that the auditor feels you need to resolve before you can be certified for the ISO 14001. You will need to work on and correct these issues before the second audit is conducted, and they will give you a time period (usually three to six months) when they will return to check on your progress.

When the second audit occurs they will once again assess the overall business and then they will address the issues that were laid out in the previous audit. If everything goes well then your company will have proven that they are doing what they can to meet the standard set forth in ISO 14001, and they will then receive accreditation. However, this is not the end of the process. Even though you are now recognised as having environmentally conscious policies that are congruent with the international standards, you will have to go through periodic audits every three years to make sure that you are still operating correctly. Not only this, but every three months partial aspects of your company will be analysed to see that they are still working within the standards as well. As long as you remain within the compliance terms you will continue to receive your ISO 14001 certification.

Is Green Business Really Environmentally Sustainable ?

Is Green Business Really Environmentally Sustainable ?

Green Business is about a good management of a range of issues including reduced carbon footprint and good energy management but also including a broader environmental sustainability, within a practical environmental management system. The most effective system is ISO 14001. Many other approaches are less than effective

There is a wide variety of concepts that are understood by some as environmental management systems or EMS and this varies in different industries. The concept has evolved over time. Essentially the name says it all – A system to enable the business owner or manager to manage environmental problems both real and potential.

Owners and managers setting out to have a green business do not always achieve their aim of environmental sustainability and may not even include reduced carbon footprint and good energy management.

Many industry groups have developed industry wide simplistic programs that they call EMS that actually miss the S for system and some really only have a checklist approach that is based on an “average” or “typical” business in that industry. So effectively they also miss much of the environment. Many do not really involve any management either. Some are very superficial in the way that they select the environmental aspects they manage because they have been drawn up to be generic and cut out the need for the business owner to stop and think. In this case it is difficult to understand how any process of continual improvement can result.

One of these programs are as simple as a checklist, or what many involved call a “tick and flick” exercise. These are barely even educational for the business owner and have no ongoing benefits like reduction of costs or legal protection.

Even where the business owners and or managers spend a lot of time filling in forms and communicating with neighbours, there is often a real lack of understanding of how to identify and varied environmental risks in an individual businesses and why these need to be manage. They can easily miss things and even find they are risking legal implications in areas that are not typical and so not covered by the so called system..

An effective management system needs individual businesses to identify and understand what their environmental risks are or may be. These risks need to be managed and there also needs to be a feedback system going into a regularly reviewed system for continual improvement. This can be enhanced with auditing by qualified independent auditors, whether internal or external; although the greatest benefit does come from employing and independent external auditing body such as a certification body.

There were some early ISO 14001 systems that gave the system a bad name because they were based on outdated engineering and military approaches to ISO systems are overly paper heavy and full of jargon. These were not suitable for small business and farms. These systems have given ISO 140001 a bad name in some circles.

Unfortunately many consultants have come from an old style quality management background without any real understanding of or training in the environment. The training to upgrade from quality auditing only involves doing a three day seminar with a minimal assessment by a training organization. Then they audit with a rigid paper based approach and do a serious disservice to both their clients and to the auditing industry.

Small to medium businesses benefit from a simpler approach based on a real understanding of the issues involved and a genuine understanding of risks. Such systems are based on ISO 14001 and have a real emphasis on keeping things simple and minimizing paperwork. These give very real benefits to the businesses involved.

Environmental Aspects In ISO 14001 Standards EMS

Environmental Aspects In ISO 14001 Standards EMS

First make lists of the environmental aspects (issues) that are relevant

to the business. The environmental review mentioned earlier should

provide most of this information and the Annex to ISO 14001 provides

guidance on the format for doing this.

Consider the inputs, outputs and processes/activities of the business in

relation to;

a) emissions to air

b) releases to water

c) waste management

d) contamination of land

e) use of raw materials and natural resources

f) other local environmental and community issues

Consider both site (direct) and offsite (ie. indirect) aspects that you

control or have influence over (such as suppliers) and in relation to

normal operations, shut-down and start-up conditions and reasonably

foreseeable and emergencies situations

A simple written procedure is then required to determine which of the

aspects identified are really or probably significant (important) and should

therefore be managed by the EMS. This process which is

similar to health and safety risk assessment ranks the aspects by order

of importance and the significant aspects identified are then the core

of the environmental management system.

There are various methods of determining significance but most are

based on the principle of attributing a relative value for the

environmental hazard or potential to cause harm (eg. on a scale of 1-

5) and the risk or likelihood of occurrence (eg. on a scale of 1-5). The

relative significance is then determined by multiplying the hazard by

the risk. (eg. max score of 25). An arbitrary but cautious threshold

value is then set above which environmental aspects are considered to

be significant. This threshold can be determined by a common sense

consideration of the aspects identified.