Upload
thed-young
View
36
Download
1
Embed Size (px)
DESCRIPTION
Training slides for internal auditing.
Citation preview
TONGONAN GEOTHERMAL POWER PLANT
595MW UNIFIED LEYTE
106MW MT APO
50 MW N. NEGROS
192.5 MW S. NEGROS
150MW BACMAN
112.5 MW TONGONAN
GREEN CORE Geothermal Incorporated
REFRESHER WORKSHOP in
IMS INTERNAL AUDITING (Nov. 26, 2012)
GREEN CORE Geothermal Incorporated
2
Time Table
TIME SESSION
13:00 – 14:00 1. REVIEW OF AUDITING PRINCIPLES
14:00 – 15:00 2. REVIEW OF AUDIT CHECKLIST
15:00 – 15:15 Tea & Coffee Break
15:15 – 16:00 3. REVIEW OF AUDIT REPORTING
16:00 – 16:45 4. Q&A and AUDIT ASSIGNMENT
GREEN CORE Geothermal Incorporated
Overview of typical audit activities
Initiating the audit
Conducting document review
Preparing, approving & distributing the audit report
Completing the audit
Conducting audit follow up
1. Planning for the audit
2. Conducting the audit
3. Reporting the audit
4. Corrective action & follow-up 3
Preparing for the on-site audit activities
Conducting on-site audit activities
GREEN CORE Geothermal Incorporated
Overview of typical audit activities
Initiating the audit
- Appoint the audit team leader
- defining audit objectives, scope & criteria
- determining the feasibility of the audit
- selecting the audit team - establishing initial
contact with the auditee
Conducting document review
- reviewing relevant management system documents, including records, and determining their adequacy with respect to audit criteria.
Preparing for the on-site
audit activities
- preparing the audit plan
- assigning work to the audit team
- preparing work documents
Planning the Audit 1 4
GREEN CORE Geothermal Incorporated
Overview of typical audit activities
Conducting on-site audit activities
- conducting opening meeting - communication during audit - roles and responsibilities of guides and observers - collecting and verifying information - generating audit findings - preparing audit conclusions - conducting closing meeting
Conducting on-site audit activities 2 5
GREEN CORE Geothermal Incorporated
A Value Added Auditor
3
INTEGRATED MANAGEMENT SYSTEM PROCESS BASED INTERNAL AUDITING
GREEN CORE Geothermal Incorporated
Personal Attributes
Ethical – fair, truthful, sincere, honest and discreet
Open minded – willing to consider alternative ideas or points of view
Diplomatic – tactful in dealing with people Observant – actively aware of physical
surroundings and activities. Perceptive – instinctively aware of and able to
understand situations.
7
GREEN CORE Geothermal Incorporated
Personal Attributes
Versatile – adjust readily to different situations Tenacious – persistent, focused on achieving
objectives Decisive – reaches timely conclusions based on
logical reasoning and analysis; and Self reliant – acts and functions independently
while interacting effectively with others.
8
GREEN CORE Geothermal Incorporated
Initiate the Audit Program
4
INTEGRATED MANAGEMENT SYSTEM PROCESS BASED INTERNAL AUDITING
GREEN CORE Geothermal Incorporated
Audit Objectives
Ensure conformance to the standards and own policies Evaluate the effectiveness of the measures planned Improve the current Integrated Management System Investigate nonconformities including incidents.
In Summary: To take an independent and accurate snapshot to see
what an organization or process looks like at a point in time.
10
GREEN CORE Geothermal Incorporated
Process Approach to Auditing
7
INTEGRATED MANAGEMENT SYSTEM PROCESS BASED INTERNAL AUDITING
GREEN CORE Geothermal Incorporated
What to Look for during Internal Audit?
12
Conformance
Effectiveness
Improvement 3 key aspects of process
GREEN CORE Geothermal Incorporated
Conformance
Conformance is the basic principle. Compare the actual activities against the audit criteria.
In other words, “do what have written and recorded down what you have done.”
13
What shall be done
What is actually done VS
GREEN CORE Geothermal Incorporated
Conformance Auditing
14
IMS Manual
Procedure
Activities Records
GREEN CORE Geothermal Incorporated
Effectiveness
How do we know if a process is effective? Is it … able to maintain ‘mountains’ of documentation? able to follow procedures strictly? able to produce results?
15
GREEN CORE Geothermal Incorporated
Effectiveness of a Process
Effectiveness of a process is shown by the results it achieved with the delivered output.
Hence, auditors shall look at indicators/ measurable metrics to tell whether organization requirements (objectives) are met.
16
GREEN CORE Geothermal Incorporated
Process Characteristics
Every process has these characteristics: Process owner(s) Process is defined and if appropriate, documented Process linkages/ interfaces are established Process Performance Measurement is defined and
monitored Records to show evidence of achievement and
control
17
GREEN CORE Geothermal Incorporated
Process Analysis
18
Why? (target, measurement &
improvement)
With Who? (responsibility, competency)
OUTPUT INPUT PROCESS
HOW? (procedures & methods of
controls)
With What? (equipment, material
resources)
4 Questions about a Process • WHO – responsibility, authority and competencies required • WHAT – kinds of resources needed to perform the process • WHY – objective/target for the process, plus measurement & improvement • HOW – controls method to achieve desired results
GREEN CORE Geothermal Incorporated
Audit Planning
8
INTEGRATED MANAGEMENT SYSTEM PROCESS BASED INTERNAL AUDITING
GREEN CORE Geothermal Incorporated
Preparations for the Audit
Select audit team.
Assign audit team activities
Audit plan.
Check-lists
Assemble working documents.
20
GREEN CORE Geothermal Incorporated
Check-lists
Aide memoire
Concise
Avoid tick sheets or standard
Should not take over audits
Useful for new auditors
Helps in time management
Can update or add on during course of audit
Can evolve over time.
21
GREEN CORE Geothermal Incorporated
Why Use Check-lists?
Ensures continuity and depth of audit
Ensures all relevant aspects are covered
Gives structure to interviews
Provides help if stuck
More professional.
22
GREEN CORE Geothermal Incorporated
Inputs to Check-list Creation
ISO 9001, ISO 14001 and OHSAS 18001 Standard
Documented Integrated Management Systems (IMS)
Regulatory requirements
Known or classic problems
Knowledge of area/system/process
Previous check-lists
23
GREEN CORE Geothermal Incorporated
Process Approach to Checklist Creation
Consider the applicable requirements from the standards Look at:
• Input • Output • Interface (i.e. supporting processes)
The 4 basic questions from process analysis i.e. • Who (responsibility & competency) • What (resources) • How (controls and methods) • Why (objectives/goals & measures)
Applicable regulatory requirements or code of practice.
24
GREEN CORE Geothermal Incorporated
Typical Questions …
Who is the process owner?
What is the purpose of your process?
Why did you set this as your performance indicator?
What are the inputs to your process?
What are your process outputs?
What are the process parameters?
How do you control your process?
What do you do with these measurements?
25
GREEN CORE Geothermal Incorporated
Conducting the On-site Audits
9
INTEGRATED MANAGEMENT SYSTEM PROCESS BASED INTERNAL AUDITING
GREEN CORE Geothermal Incorporated
The Audit Triangle
27
Observe (See what they actually do)
Question (Ask them what they do)
Check (Confirm evidence of conduct)
GREEN CORE Geothermal Incorporated
Asking Questions – Filter Funnel
Open questions
Encourage auditees to talk freely
Use What, Where, When, Why, How and Who?
Probing questions?
Follow-up or focus on more precise details
Closed questions
Used where you want a clear ‘Yes’ or ‘No’ answer
Don’t forget the ‘Please Show Me’!
28
GREEN CORE Geothermal Incorporated
Key Points for Interview
Who do we audit?
• The person responsible for the activity to be audited
How to begin?
• Ask the auditee to explain / describe the activity
When?
• Normal working hours
29
GREEN CORE Geothermal Incorporated
Audit Process
Introduce yourself
Explain purpose of audit
Ask open question(s)
Use probing questions for details
Follow “audit triangle” & look for evidence
Where nonconformities are detected, confirm with auditee to ensure not mistaken
Thank auditee & move on to next
30
GREEN CORE Geothermal Incorporated
Auditors Should . . .
Avoid ‘nit-picking’
Take good points into account
Be punctual
Avoid arguments
Audit against specifications
Respect confidentiality
Audit the system not the individual
31
GREEN CORE Geothermal Incorporated
Interviews
Techniques
Be courteous at all times (never act superior)
Ask auditee to explain tasks
Match questions to levels of responsibility
- Management/ Executive Officer – about policy, management structure, support, etc.
- Operators – about areas of operation, specific controls, tasks
Use appropriate language for questioning (tone or level)
GREEN CORE Geothermal Incorporated
Techniques
Listen carefully to what is said. Allow time for auditee to think
Use open-ended questions. Avoid closed, direct or leading questions
Follow a “trail of questioning”
Validate (please show me)
Interviews
GREEN CORE Geothermal Incorporated
Techniques Remember alternative situations (what happens if) Use the “silent question” where appropriate Be systematic (summarize to show understanding) Feedback results Thank the auditee
Interviews
GREEN CORE Geothermal Incorporated
Types of Questioning
Leading question
[ I am sure that you have a procedure for operating your forklift? ]
Closed question
[ Do you have a procedure for operating your forklift? ]
Open question
[ Could you explain to me your procedure for operating the forklift? ]
GREEN CORE Geothermal Incorporated
Controlling the Audit
Auditor Should
Remain assertive
Avoid lengthy discussion or observation
Keep track of schedule – not to be led or misled
Be thorough and efficient
Avoid becoming sidetracked or bogged down
Do not antagonize or dictate
GREEN CORE Geothermal Incorporated
Basic Rules
Establish that relevant documents are of correct issue
Do not let only one person do all the talking
Observe work progression when necessary
Evaluate physical evidence and controls
Make comprehensive notes
Seek verification
Do not assume people will lie but need to verify statement, if necessary
Controlling the Audit
GREEN CORE Geothermal Incorporated
Audit Reporting
10
INTEGRATED MANAGEMENT SYSTEM PROCESS BASED INTERNAL AUDITING
GREEN CORE Geothermal Incorporated
Nonconformities Must Be
Factual/objective
Clear & concise
Define the exact instance
Give reference (to ISO 9001, ISO 14001 and OHSAS 18001/ documented IMS)
Locatable
Acknowledged
39
GREEN CORE Geothermal Incorporated
Non-Conformance
Definitions Audit findings No-conformance vs. Non-conformance Non-conformity
NC Requires Documented Request for Action Documented as Corrective/Preventive Action Request (CPAR) Non-conformance Report (NCR) Finding Statement
GREEN CORE Geothermal Incorporated
Requirements Non-conformance should be raised clearly
against audit criteria State clearly the nature of non-conformance - Absence of documentation - Inadequate documentation - Lack of implementation - Inadequate implementation - Lack of evidence
Non-Conformance
GREEN CORE Geothermal Incorporated
Classification
Major – (System Breakdown) total failure to fulfill a specified requirement of the standard that is applicable to the organization - Absence of documented procedure required by the standard
- Non-implementation of the entire procedure
- Absence of documentation to demonstrate conformance to the system requirements of the standard
- Aggregation of minor non-conformances
Non-Conformance
GREEN CORE Geothermal Incorporated
Classification
Major
- When a non-conformance is directly related to a significant and immediate hazard to the organization’s ESH performance.
- When a non-conformance is directly related to a failure to report a legal non-compliance to an enforcement authority where required to do so by a license condition, authorization, etc.
Non-Conformance
GREEN CORE Geothermal Incorporated
Classification Major
- When a non-conformance is directly related to a failure to recognize and record when an objective or target is not met.
- When a non-conformance has led to, or is a failure of a procedure to identify and/or evaluate a hazard or which is obviously and highly significant.
- When a non-conformance is failure to act, either by means of setting of an objective or applying operational control, or monitoring related parameter in instances where ESH risks is identified and evaluated as highly significant.
Non-Conformance
GREEN CORE Geothermal Incorporated
Classification
Minor –lapse in the system that has limited effect on the integrity of ESHMS
- Part of a procedure not implemented - Missing records, data, document
Observation – potential source of a non-conformance
- Trivial lapse in the system - No direct evidence of failure - Suspect in terms of a long-term sustainability of the system - Action taken is not mandatory but encourage
Non-Conformance
GREEN CORE Geothermal Incorporated
Documenting the Finding
Should include
- QESHMS documents or clause of the standard not being complied
- Area/ Function where the NC was found
- Audit evidence
- Classification (where applicable)
- Name of auditor, date of audit and agreed close-out date
Non-Conformance
GREEN CORE Geothermal Incorporated
CLEAR
CONCISE
SUPPORTED BY EVIDENCE
BASED ON FACTS
Non-Conformance
GREEN CORE Geothermal Incorporated
Finding statement System-Based
- The current method of handling, storage and disposing hazardous wastes is inadequate against the requirements of DAO 29, as evidenced by: • WTP sludge is not secured and labeled • Contaminated materials are mixed and disposed with
ordinary wastes, • Storage area is accessible to everybody
Non-Conformance (Finding Statement)
GREEN CORE Geothermal Incorporated
How To Get The Most Out Of Internal Audit
Must be a ‘ no-blame’ culture
Auditor and Auditee should work in partnership.
Encourage staff to reveal problem areas
Both Auditor and Auditee should look for improvements
Audits must be seen as essential part of business
Positive terms can be used (e.g. ‘finding’ not ‘nonconformity’)
‘Findings’ or ‘nonconformities’ should be seen as ‘opportunity to improve’
Must be adequate time and resources for Auditee/Auditor to perform audit
49
GREEN CORE Geothermal Incorporated
AUDIT ASSIGNMENTS
50
GREEN CORE Geothermal Incorporated
end INTEGRATED MANAGEMENT SYSTEM PROCESS BASED
INTERNAL AUDITING