Once agreement has been reached, both among the audit team and with the auditee, it is time to prepare the audit report. Note that ISO 14001 does not require a documented audit report. However, it is very difficult to verify that the auditing requirement has been satisfied without a supporting record, which is typically a documented audit report.
The audit report is prepared by the lead auditor, although he or she may have other team members prepare portions. The content of the audit report is determined by the audit plan and the organization’s EMS audit procedures. Having completed the examination phase and evaluated the collected data observations, etc., the assessor is faced with the problem of documenting any deficiencies he or she may have found. There are many different methods of documenting deficiencies, ranging from inclusion in the body of the audit report to producing non-conformance notes or corrective action requests. Irrespective of which method is adopted, the basic principles to be followed are similar. ISO 14001 does not dictate what should be in the report, and ISO 14011 only suggests contents. ISO 14011 indicates that at a minimum, the findings need to be in the report. The findings appear as a statement that the EMS is or is not in conformance with the criteria, and states what the criteria and supporting evidence are for the statement. ISO 14011 also lists other optional items to include such as:
• the identification of the organization audited and of the client;
• the agreed objectives, scope and plan of the audit;
• the agreed criteria, including a list of reference documents against which the audit was conducted;
• the period covered by the audit and the date(s) the audit was conducted;
• the identification of the auditee’s representatives participating in the audit;
• the identification of the audit team members;
• a statement of the confidential nature of the contents;
• the distribution list for the audit report;
• a summary of the audit process including any obstacles encountered;
• audit conclusions such as:
- EMS conformance to the EMS audit criteria;
- whether the system is properly implemented and maintained;
- whether the internal management review process is able to ensure the continuing suitability and effectiveness of the EMS.
The format of such reports can vary considerably and may range from completion of a simple pro-forma to expansive documents describing all aspects of the audit performance and findings. However, irrespective of the style and format, the audit report should cover the key topics already identified as being essential for discussion and presentation at the opening and closing meetings. In constructing the report two specific objectives must be borne in mind.
(1) The report has to provide objective evidence of effective implementation of the audit procedure.
(2) The report has to allow for corrective action to be addressed and that the follow-up requirements can be established and initiated.
Where there are non-conformances, there are various options regarding deficiency reporting. One option is to describe each of the deficiencies identified in the main body of the report along with any supporting evidence, and if requested, corresponding recommendations. Although this may result in a comprehensive report of audit findings, it has the disadvantage that the individual
deficiencies are often difficult to locate, particularly when trying to monitor follow-up actions.
This can be partly overcome by writing separate corrective action requests for this purpose. A useful alternative that is less time consuming is to restrict the description of deficiencies in the body of the report to general summaries only. Details of deficiencies can then be included in non-conformance notes. Ideally, the non-conformance note should also provide space for agreeing corrective actions and recording subsequent monitoring of that corrective action. In this manner, any duplication of effort with respect to audit reporting is minimized, thus producing a more easily managed system. It is important that however non-conformances are handled, it be constant with the EMS correction action process (ISO 14001, Section 4.5.2).
Before considering the steps in preparing the non-conformance note we must be clear about their purpose.
• To convey to the auditee the findings in a clear and accurate manner so that they know what to do next.
• To advise the EMS personnel or other auditors what you have found so that he can follow it up.
• To present a record that can be reviewed remotely from the scene and be understood.
All non-conformance notes must contain certain basic information.
• The physical area being audited.
- Failure to record this often results in great confusion 3 to 6 months later when a follow up visit is carried out to review corrective action implementation.
• The specific clause(s) of the assessment standard(s) against which the non-conformance is issued.
- If the auditor is unable to readily identify the applicable section of the EMS manual or the procedure against which to issue the non-conformance, he must question whether or not he is justified in writing the non-conformance. It is good practice to re-read the
requirements of the relevant system documentation to confirm that these can be interpreted as supporting the non-conformance. If they do not, then the non-conformance cannot be issued.
• The detailed nature of the non-conformance including the specific identity of documents/procedures/material, etc.
Earlier we considered the requirements for recording observations during the assessment and emphasized the need for them to be factual and to contain objective evidence that the system requirements were not being satisfied. Although this appears to be fairly straightforward, in practice this is often not the case. It is not unusual for inexperienced auditors to identify a deficiency only to fail to communicate the findings in a manner that facilitates implementation of the appropriate corrective action. The non-conformance note, while not being over long, must contain sufficient information to enable a person not present during the audit to be able to gauge the seriousness or otherwise of the observation.
The use of descriptive terms such as extensive, several, isolated, etc… is essential to communicate accurately the nature and extent of the deficiency, but care must be taken to ensure that their use does not result in a lack of objectivity; e.g., the term extensive can only be included if there is irrefutable evidence to justify its use. The auditor must also take care to ensure that the description is not only accurate but it is also fair, e.g., a statement that 50% of manifests were incorrectly signed may be accurate but is hardly fair if only two manifests were sampled.
Having documented the nature of the deficiency, some audit systems require the auditor to grade the deficiency or non-conformance, e.g., major and minor. It is not intended to discuss grading systems in detail since there are many potential variations that companies may wish to adopt. Irrespective of what system is being adopted, the auditor must ensure that the grading given and
the text describing the deficiency are completely compatible.
Distribution of the audit report and nature of documentation are decided between the auditor and auditee, although this too is usually addressed in the audit plan. An audit is considered successful when the auditee and client feel that they have useful, constructive feedback that allows them to improve the system.
No comments:
Post a Comment