OUTLINE

Part I -Basics of Internal QESH Auditing

Part II -Planning & Preparing for the
Internal QESH Audit
Part III - Performing the Internal QESH
Audit
Part IV - Reporting & Follow-up of Internal
QESH Audit Results
Part V - Auditor’s Attributes and Training
Needs

Leyte Geothermal Power Plant - 1

 PART I

Basics of
INTERNAL
QESH AUDITING

Leyte Geothermal Power Plant - 1

 INTERNAL AUDITING
(QESHMS)

AUDIT – Systematic, independent,

documented process for obtaining audit
evidence and evaluating it objectively
to determine the extent to which audit
criteria are fulfilled

Leyte Geothermal Power Plant - 1

 PRINCIPLES OF AUDITING
(ISO 19011)
 Ethical Conduct – the foundation of
professionalism; the role of
auditor is one of trust, integrity,
confidentiality and discretion
 Fair Presentation – the obligation to report
truthfully and accurately
 Due Professional Care – application of
reasonable care in auditing
– competence is an
important prerequisite

Leyte Geothermal Power Plant - 1

 PRINCIPLES OF AUDITING
(ISO 19011)
 Independence – the basis for the impartially and
objectivity of the audit conclusion
– Audit Team members are free
from bias and conflict of interest
 Evidence – the rational basis for reaching
audit conclusion
– Verifiable – obtained thru
sampling appropriate to the
confidence placed in the
audit conclusion

Leyte Geothermal Power Plant - 1

COMMON TYPES OF AUDIT

1ST Party

2ND Party

3RD Party

Leyte Geothermal Power Plant - 1

1st Party

 Only one party involved in audit process

 A self check of one’s own system, product, etc.
 Better known as term ‘Internal Audit’
managing/ controlling
 Purpose – provide factual basis for identifying
opportunities and needs for continual
improvement

Leyte Geothermal Power Plant - 1

 2nd Party

 Two parties involved in audit process

 Examples – customer auditing supplier,
regulatory body auditing provider
 Purpose – ( Supplier ) to ensure that aonly
supplier of known accepted capability are used

Leyte Geothermal Power Plant - 1

3rd Party

 Three parties involved in audit process

 Normally conducted by a Certification Body (3
parties + BPS – CB – You ) to confirm
conformance to specifications

Leyte Geothermal Power Plant - 1

 AUDIT PHASES

PDCA 3 Ps RF

Plan Planning
Do Preparation
Performance
Check Reporting & Follow-up
Act Review by Management

Leyte Geothermal Power Plant - 1

 PURPOSE OF AUDIT

 To determine whether QESHMS conforms to

 The planned arrangement
 Requirements of standards
 Company’s QESHMS requirements
 To determine whether the QESHMS is
effectively/properly implemented and maintained
 To review the results of previous audits
 To provide information on the results of the audit to
the management

Leyte Geothermal Power Plant - 1

CBs RELIANCE IN INTERNAL AUDIT

Useful for Certification Body in:

 Planning the areas/activities to e targeted in the
main assessment
 Determining how much sampling to undertake
Problematic areas may need more sampling

Note: More training of auditors may be needed if records show a number of

undetected system inadequacies

Leyte Geothermal Power Plant - 1

 What to be Audited

 Training & Competence of Internal Auditors

Adequate auditing skills
Understanding of ESH risks and best
practices
 Audit Program
Comprehensive coverage
Previous audit findings considered
Relevant to the ESH risks
Changeable, when necessary

Leyte Geothermal Power Plant - 1

 What to be Audited

 Audit Planning and Preparation

Selection of auditors ensures impartially
and objectivity
Use of checklist

 Audit Results
Audit activity documented ( records
complete )
Demonstrate effective training of auditors

Leyte Geothermal Power Plant - 1

 What to be Audited

 Finding Statements
NCs clearly described and classified
Cause of NCs investigated and provide a
basis from which C/P can be taken
Timeliness and effectiveness of actions
Monitoring of CARs
 Audit Reports
Adequate for Management review
Commitment of Top Management

Leyte Geothermal Power Plant - 1

 PART II

Planning & Preparation

for INTERNAL
QESH AUDITING

Leyte Geothermal Power Plant - 1

 AUDIT PHASES

PDCA 3 Ps RF

Plan Planning
Do Preparation
Performance
Check Reporting & Follow-up
Act Review by Management

Leyte Geothermal Power Plant - 1

 PLANNING

Purpose
 Appropriately qualified, experienced, skilled
auditors are assigned to the particular scope
 Audit is carried out at an appropriate
time/frequency with sufficient time allocated to
allow a complete audit activity

Leyte Geothermal Power Plant - 1

 PLANNING
Main Activities
 Prepare / update annual audit program –
timetable, frequency and duration
 Decide / define audit scope and purpose
 Select audit team members – define
responsibilities
 Collect relevant documents (system
documentation, reports, relevant legislation, etc.)

Leyte Geothermal Power Plant - 1

 PLANNING

Audit Program – set of one or more audit/s planned

for a specific time frame and directed towards a
specific purpose
 Also refers to an Audit Plan
 Contains audit objectives, criteria and reference
documents
 Show areas, processes, function to be audited

Leyte Geothermal Power Plant - 1

 PLANNING
Audit Program
 Time duration of audit ( month or date )
 Roles and responsibilities of members
 Flexible to allow unexpected changes in
priorities
 Logistic arrangement
 Supported by the management

Leyte Geothermal Power Plant - 1

 PLANNING

Factors to be Considered
 The nature and level of the hazard
 Regulatory requirements
 Incident/ Accident records
 Results of previous audit
 Significant changes in the system –
management, organization, policy, processes/
products
 Numbers of auditors

Leyte Geothermal Power Plant - 1

 PLANNING

Audit Scope and Purpose

 Clearly defined to all functions concerned
 Consider system weaknesses and areas for
improvement (focus)
 Ensure that there are no gaps

Leyte Geothermal Power Plant - 1

 PLANNING
Sample Purposes of Audit
 To determine the effectiveness/implementation
status
 To determine adequacy/effectiveness of risk
control measures
 To determine understanding of policy
 To determine effectiveness of training
 To evaluate progress of objectives, targets, plans
 To determine control of suppliers
 To determine compliance to procedures and own
standards

Leyte Geothermal Power Plant - 1

 PLANNING
Sample Scope
 Whole company
 Specific function/area/department
 Specific activities
 All system procedures
 All objectives and plans
 Emergency Preparedness and Response

Leyte Geothermal Power Plant - 1

 PLANNING

Considerations in the Selection of Auditors

 Nature and extent of audit
 Independence from the activity
 Availability of auditors
 Skills of auditors
 The level of audit experience required
 Training requirement

Leyte Geothermal Power Plant - 1

 PLANNING

Considerations in the Selection of Auditors

 Internal versus external auditors
 Internal auditor being over familiar or satisfied
with the organization’s arrangements
 Unfamiliarity or lack of understanding where
complex technical issues or processes are
involved

Leyte Geothermal Power Plant - 1

 PLANNING
Typical QESHMS Documentation
 QESHMS manual
 Plant lay-out, site map/information
 Results of HIRAC
 Objectives, targets, programs/plans
 Procedures, best practices and guidelines
 Records of implementation
 Audit reports

Leyte Geothermal Power Plant - 1

 PLANNING

Typical QESHMS Documentation

 Applicable legislation/regulations
 Incident/Accident reports
 Non-conformance reports
 Chemical data, if any

Leyte Geothermal Power Plant - 1

 PREPARATION

Purpose
 Validity of the on-site/actual audit to
follow is assured by thorough approaches

Leyte Geothermal Power Plant - 1

 PREPARATION

Main Activities
 Review documents and records
 Prepare checklist
 Prepare itinerary

Leyte Geothermal Power Plant - 1

 PREPARATION
Review of Document/Records
 Understanding of the QESHMS
 Familiarity with the ESH risks and controls
 Familiarity with relevant laws and other requirements
 Adequacy and conformance to requirements and
interfaces with other documents and processes
 Revision status of documents and status of CARs, if
any
 Performance data and understand process/ drivers of
continual improvement
 Audit checklist
Leyte Geothermal Power Plant - 1
 PREPARATION
Audit Checklist
 Ensure systematic, structured and uniform approach
 Not a script of questions to be asked
 Guide to remember key points for thorough coverage of
scope
Where to go
When to talk
What record/documents
What details
 Aids in time management
Audit is systematically done without sidetracking
Indicate the full scope to be covered

Leyte Geothermal Power Plant - 1

 PREPARATION
Audit Checklist
 Serves as valuable record of what was audited
and the results
 Useful in
 Taking notes (objective evidence)
 Follow-up
 Writing details of NCs
 Bulleted list usually works well

Leyte Geothermal Power Plant - 1

 PREPARATION
In Checklist Preparation, Consider the following:
 The requirements of the standards
 Processes taking place in an area, associated
risks, and appropriate controls
 Availability of procedures
 Deficiencies from previous audits
 Records being generated
Complexity or detail of checklist depends on the
experience of the auditor

Leyte Geothermal Power Plant - 1

 EXAMPLES OF AUDIT CHECKLIST
A. Based on the Standard
 Hazard identification and risk assessment/
environmental aspects
 Procedure available?
 Method for identification of hazards and risk
assessment sound?
 Controls/action plans adequate?
 Risk assessment results linked to objectives?
 Information being updated?
 Records available?
Leyte Geothermal Power Plant - 1
 EXAMPLES OF AUDIT CHECKLIST
A. Based on the Standard
Legal and other requirements
 Procedure available?
 Identification of QEHS legal and other
requirements comprehensive?
 Access to legal and other requirements
adequate?
 Amendments being tracked?
 Communicated to employees and other
relevant parties?

Leyte Geothermal Power Plant - 1

 EXAMPLES OF AUDIT CHECKLIST
A. Based on the Standard
Awareness, Training & Competence
 Procedure available?
 Personnel competent to perform jobs?
 Responsibility, ability, literacy considered?
 Risk considered?
 Importance of conformance to ESH policy and
procedures?
 Aware of consequences of work activities and
benefits of improved personal performance
 Roles and responsibilities communicated?
 Understand consequences of departure from
procedures?
Leyte Geothermal Power Plant - 1
 EXAMPLES OF AUDIT CHECKLIST
A.Based on the Standard
Consultation and communication
 Procedure available?
 Communication to and from employees and other
interested parties defined?
 Employees’ involved and consulted in:
 Development and review of policies and
procedures
 Changes in workplace
 Health & safety matters
 Employees’ informed of their representative and
management appointee
Leyte Geothermal Power Plant - 1
 EXAMPLES OF AUDIT CHECKLIST
A.Based on Critical Process/System
 Forklift operation
 Hazards identified?
 Risks controlled?
 Personnel trained?
 Checks/inspections done?
 Practices acceptable?
 Routes of operation defined?
 Parking arrangements acceptable?

Leyte Geothermal Power Plant - 1

 EXAMPLES OF AUDIT CHECKLIST
A. Based on Critical Process/System
 Chemical Storage
 Hazards (toxic, corrosive, flammable)
identified/ assessed?
 Controls in place?
 Personnel trained?
 Records available?
 Spill prevention and control adequate?
 PPE appropriate/used?

Leyte Geothermal Power Plant - 1

 PREPARATION
Audit Itinerary
Shows scope and purpose of audit
Indicates activities for the defined period
Preferably per area or processes
Audits of all applicable system requirements and
controls for associated ESH issues
Auditors assignment carefully planned (maybe based
on audit matrix)
Allows auditors meeting as the audit progresses
Identifies expected time and duration of each of the
audit activities
Allows time for breaks

Leyte Geothermal Power Plant - 1