IMS Internal Auditing - Refresher Workshop

TONGONAN GEOTHERMAL POWER PLANT

595MW UNIFIED LEYTE

106MW MT APO

50 MW N. NEGROS

192.5 MW S. NEGROS

150MW BACMAN

112.5 MW TONGONAN

GREEN CORE Geothermal Incorporated

REFRESHER WORKSHOP in

IMS INTERNAL AUDITING (Nov. 26, 2012)


2

Time Table

TIME SESSION

13:00 – 14:00 1. REVIEW OF AUDITING PRINCIPLES

14:00 – 15:00 2. REVIEW OF AUDIT CHECKLIST

15:00 – 15:15 Tea & Coffee Break

15:15 – 16:00 3. REVIEW OF AUDIT REPORTING

16:00 – 16:45 4. Q&A and AUDIT ASSIGNMENT


Overview of typical audit activities

Initiating the audit

Conducting document review

Preparing, approving & distributing the audit report

Completing the audit

Conducting audit follow up

1. Planning for the audit

2. Conducting the audit

3. Reporting the audit

4. Corrective action & follow-up 3

Preparing for the on-site audit activities

Conducting on-site audit activities



Initiating the audit

- Appoint the audit team leader

- defining audit objectives, scope & criteria

- determining the feasibility of the audit

- selecting the audit team - establishing initial

contact with the auditee

Conducting document review

- reviewing relevant management system documents, including records, and determining their adequacy with respect to audit criteria.

Preparing for the on-site

audit activities

- preparing the audit plan

- assigning work to the audit team

- preparing work documents

Planning the Audit 1 4



Conducting on-site audit activities

- conducting opening meeting - communication during audit - roles and responsibilities of guides and observers - collecting and verifying information - generating audit findings - preparing audit conclusions - conducting closing meeting

Conducting on-site audit activities 2 5


A Value Added Auditor

3

INTEGRATED MANAGEMENT SYSTEM PROCESS BASED INTERNAL AUDITING


Personal Attributes

Ethical – fair, truthful, sincere, honest and discreet

Open minded – willing to consider alternative ideas or points of view

Diplomatic – tactful in dealing with people Observant – actively aware of physical

surroundings and activities. Perceptive – instinctively aware of and able to

understand situations.

7


Personal Attributes

Versatile – adjust readily to different situations Tenacious – persistent, focused on achieving

objectives Decisive – reaches timely conclusions based on

logical reasoning and analysis; and Self reliant – acts and functions independently

while interacting effectively with others.

8


Initiate the Audit Program

4



Audit Objectives

Ensure conformance to the standards and own policies Evaluate the effectiveness of the measures planned Improve the current Integrated Management System Investigate nonconformities including incidents.

In Summary: To take an independent and accurate snapshot to see

what an organization or process looks like at a point in time.

10


Process Approach to Auditing

7



What to Look for during Internal Audit?

12

Conformance

Effectiveness

Improvement 3 key aspects of process


Conformance

Conformance is the basic principle. Compare the actual activities against the audit criteria.

In other words, “do what have written and recorded down what you have done.”

13

What shall be done

What is actually done VS


Conformance Auditing

14

IMS Manual

Procedure

Activities Records


Effectiveness

How do we know if a process is effective? Is it … able to maintain ‘mountains’ of documentation? able to follow procedures strictly? able to produce results?

15


Effectiveness of a Process

Effectiveness of a process is shown by the results it achieved with the delivered output.

Hence, auditors shall look at indicators/ measurable metrics to tell whether organization requirements (objectives) are met.

16


Process Characteristics

Every process has these characteristics: Process owner(s) Process is defined and if appropriate, documented Process linkages/ interfaces are established Process Performance Measurement is defined and

monitored Records to show evidence of achievement and

control

17


Process Analysis

18

Why? (target, measurement &

improvement)

With Who? (responsibility, competency)

OUTPUT INPUT PROCESS

HOW? (procedures & methods of

controls)

With What? (equipment, material

resources)

4 Questions about a Process • WHO – responsibility, authority and competencies required • WHAT – kinds of resources needed to perform the process • WHY – objective/target for the process, plus measurement & improvement • HOW – controls method to achieve desired results


Audit Planning

8



Preparations for the Audit

Select audit team.

Assign audit team activities

Audit plan.

Check-lists

Assemble working documents.

20


Check-lists

Aide memoire

Concise

Avoid tick sheets or standard

Should not take over audits

Useful for new auditors

Helps in time management

Can update or add on during course of audit

Can evolve over time.

21


Why Use Check-lists?

Ensures continuity and depth of audit

Ensures all relevant aspects are covered

Gives structure to interviews

Provides help if stuck

More professional.

22


Inputs to Check-list Creation

ISO 9001, ISO 14001 and OHSAS 18001 Standard

Documented Integrated Management Systems (IMS)

Regulatory requirements

Known or classic problems

Knowledge of area/system/process

Previous check-lists

23


Process Approach to Checklist Creation

Consider the applicable requirements from the standards Look at:

• Input • Output • Interface (i.e. supporting processes)

The 4 basic questions from process analysis i.e. • Who (responsibility & competency) • What (resources) • How (controls and methods) • Why (objectives/goals & measures)

Applicable regulatory requirements or code of practice.

24


Typical Questions …

Who is the process owner?

What is the purpose of your process?

Why did you set this as your performance indicator?

What are the inputs to your process?

What are your process outputs?

What are the process parameters?

How do you control your process?

What do you do with these measurements?

25


Conducting the On-site Audits

9



The Audit Triangle

27

Observe (See what they actually do)

Question (Ask them what they do)

Check (Confirm evidence of conduct)


Asking Questions – Filter Funnel

Open questions

Encourage auditees to talk freely

Use What, Where, When, Why, How and Who?

Probing questions?

Follow-up or focus on more precise details

Closed questions

Used where you want a clear ‘Yes’ or ‘No’ answer

Don’t forget the ‘Please Show Me’!

28


Key Points for Interview

Who do we audit?

• The person responsible for the activity to be audited

How to begin?

• Ask the auditee to explain / describe the activity

When?

• Normal working hours

29


Audit Process

Introduce yourself

Explain purpose of audit

Ask open question(s)

Use probing questions for details

Follow “audit triangle” & look for evidence

Where nonconformities are detected, confirm with auditee to ensure not mistaken

Thank auditee & move on to next

30


Auditors Should . . .

Avoid ‘nit-picking’

Take good points into account

Be punctual

Avoid arguments

Audit against specifications

Respect confidentiality

Audit the system not the individual

31


Interviews

Techniques

Be courteous at all times (never act superior)

Ask auditee to explain tasks

Match questions to levels of responsibility

- Management/ Executive Officer – about policy, management structure, support, etc.

- Operators – about areas of operation, specific controls, tasks

Use appropriate language for questioning (tone or level)


Techniques

Listen carefully to what is said. Allow time for auditee to think

Use open-ended questions. Avoid closed, direct or leading questions

Follow a “trail of questioning”

Validate (please show me)

Interviews


Techniques Remember alternative situations (what happens if) Use the “silent question” where appropriate Be systematic (summarize to show understanding) Feedback results Thank the auditee

Interviews


Types of Questioning

Leading question

[ I am sure that you have a procedure for operating your forklift? ]

Closed question

[ Do you have a procedure for operating your forklift? ]

Open question

[ Could you explain to me your procedure for operating the forklift? ]


Controlling the Audit

Auditor Should

Remain assertive

Avoid lengthy discussion or observation

Keep track of schedule – not to be led or misled

Be thorough and efficient

Avoid becoming sidetracked or bogged down

Do not antagonize or dictate


Basic Rules

Establish that relevant documents are of correct issue

Do not let only one person do all the talking

Observe work progression when necessary

Evaluate physical evidence and controls

Make comprehensive notes

Seek verification

Do not assume people will lie but need to verify statement, if necessary

Controlling the Audit


Audit Reporting

10



Nonconformities Must Be

Factual/objective

Clear & concise

Define the exact instance

Give reference (to ISO 9001, ISO 14001 and OHSAS 18001/ documented IMS)

Locatable

Acknowledged

39


Non-Conformance

Definitions Audit findings No-conformance vs. Non-conformance Non-conformity

NC Requires Documented Request for Action Documented as Corrective/Preventive Action Request (CPAR) Non-conformance Report (NCR) Finding Statement


Requirements Non-conformance should be raised clearly

against audit criteria State clearly the nature of non-conformance - Absence of documentation - Inadequate documentation - Lack of implementation - Inadequate implementation - Lack of evidence

Non-Conformance


Classification

Major – (System Breakdown) total failure to fulfill a specified requirement of the standard that is applicable to the organization - Absence of documented procedure required by the standard

- Non-implementation of the entire procedure

- Absence of documentation to demonstrate conformance to the system requirements of the standard

- Aggregation of minor non-conformances

Non-Conformance


Classification

Major

- When a non-conformance is directly related to a significant and immediate hazard to the organization’s ESH performance.

- When a non-conformance is directly related to a failure to report a legal non-compliance to an enforcement authority where required to do so by a license condition, authorization, etc.

Non-Conformance


Classification Major

- When a non-conformance is directly related to a failure to recognize and record when an objective or target is not met.

- When a non-conformance has led to, or is a failure of a procedure to identify and/or evaluate a hazard or which is obviously and highly significant.

- When a non-conformance is failure to act, either by means of setting of an objective or applying operational control, or monitoring related parameter in instances where ESH risks is identified and evaluated as highly significant.

Non-Conformance


Classification

Minor –lapse in the system that has limited effect on the integrity of ESHMS

- Part of a procedure not implemented - Missing records, data, document

Observation – potential source of a non-conformance

- Trivial lapse in the system - No direct evidence of failure - Suspect in terms of a long-term sustainability of the system - Action taken is not mandatory but encourage

Non-Conformance


Documenting the Finding

Should include

- QESHMS documents or clause of the standard not being complied

- Area/ Function where the NC was found

- Audit evidence

- Classification (where applicable)

- Name of auditor, date of audit and agreed close-out date

Non-Conformance


CLEAR

CONCISE

SUPPORTED BY EVIDENCE

BASED ON FACTS

Non-Conformance


Finding statement System-Based

- The current method of handling, storage and disposing hazardous wastes is inadequate against the requirements of DAO 29, as evidenced by: • WTP sludge is not secured and labeled • Contaminated materials are mixed and disposed with

ordinary wastes, • Storage area is accessible to everybody

Non-Conformance (Finding Statement)


How To Get The Most Out Of Internal Audit

Must be a ‘ no-blame’ culture

Auditor and Auditee should work in partnership.

Encourage staff to reveal problem areas

Both Auditor and Auditee should look for improvements

Audits must be seen as essential part of business

Positive terms can be used (e.g. ‘finding’ not ‘nonconformity’)

‘Findings’ or ‘nonconformities’ should be seen as ‘opportunity to improve’

Must be adequate time and resources for Auditee/Auditor to perform audit

49


AUDIT ASSIGNMENTS

50


end INTEGRATED MANAGEMENT SYSTEM PROCESS BASED

INTERNAL AUDITING

Documents

IMS Internal Auditing - Refresher Workshop