NCCOS Internal Audits

NCCOS Self-declaration Audits

NCCOS EMS Self-Declaration Statement

Current Fiscal Year Audit Plan-Audit Date Revised to 9/10-14/07

Audit Program Templates
The following documents should be used for the Internal audit:

          i. Audit Plan Template
          ii. Audit Criteria

1. Audit Program Purpose
The NCCOS EMS Audit Program is implemented to ensure the organization allocates resources, provides qualified auditors, plans the execution of audits and otherwise arranges for the efficient and effective conduct of internal EMS audits in support of the EMS. Internal EMS audits support the EMS and provide a periodic check of its status so that management can make decisions regarding its continuing suitability, adequacy and effectiveness. Internal EMS audits also assess conformance to the NOAA audit protocol based on the requirements of the ISO-14001 standard and are used either to check compliance status or to verify that the organization periodically does such checks. The NCCOS Audit Program is based on the ISO-19011 standard.
For additional detail regarding the EMS Internal Audit, refer to NOAA EMS Standard:
EMS.013 Regulatory Compliance And EMS Audits And Self-Assessments
Audit Program Chart: International Organization for Standardization. (Final Draft 2002). ISO-19011: Guidelines for quality and/or environmental management systems auditing. ISO/FBIS 19011: 2002(E).

2. Definitions

a. Internal EMS Audit - A periodic audit of the EMS to verify that it is properly implemented and that it continues to conform to planned arrangements for environmental management. It is an audit of the system and findings are expressed as non-conformities. Audit conclusions are based on the findings and focus on the root causes that led to the non-conformities. It is appropriate to seek the root causes of known compliance findings during an EMS audit, since these may reflect EMS deficiencies.

b. Compliance Audit - A periodic audit of compliance with regulatory and other requirements that are imposed on the organization. Findings are expressed as non-compliances. The search for root causes in a typical compliance audit may not be as intense as it should be during an EMS audit.

c. Non-conformity - Any deviations from established procedures, programs and other elements of the EMS. They may include non-compliance with regulations, but not all instances of non-compliance are necessarily non-conformities of the EMS.

d. Correction: The totality of immediate and long-term steps taken to mitigate the consequences of a nonconformity (e.g., cleanup of spilled hazardous material; remediation of groundwater; natural habitat restoration). The correction does not by itself remove the underlying cause of the nonconformity,

e. Corrective Action - Action to address the underlying cause of an actual event that has been identified as a non-conformity through an audit.

f. Preventive Action - Action to prevent potential problems before they occur at other areas or functions of the organization that may have similar vulnerabilities to that which caused the original non-conformity.

g. Verification – A follow-up visit by the audit team to ascertain that corrections, and corrective and preventive actions have been appropriately completed. The decision to do this is based upon the frequency, severity, and/or risk of continued nonconformity, as well as on whether the finding was either a major or critical audit finding.

3. Approach

Audit Program Manager Responsibilities - The Management Representative may also act as the EMS Audit Program Manager and has the following responsibilities:

a. Ensures adequate resources have been budgeted or allocated for the conduct of planned internal EMS audits.

b. At the beginning of each fiscal year, plans the audit strategy (e.g., functions to be audited, elements to be audited, schedule of audits, team members for each audit, lead auditor for each audit, etc.).

c. Ensures sufficient auditors will be available and that they remain competent through annual training or other means of maintaining competency.

d. Stores and manages all documentation from previous audits (e.g., audit reports, corrective action requests, records of corrective actions, etc.)

e. Maintains audit templates and checklists of criteria for use by the audit teams.

f. Evaluates auditors and makes decisions on qualifying additional individuals as competent internal auditors.

g. Works with the lead auditor assigned to a given audit to establish the objectives for that audit and to ensure that the proper resources and information are available to conduct the audit.

h. Ensures that the audit team conducts and completes the audit.

Additional EMS Audit Procedures for NCCOS

4. Frequency of EMS Audits

Internal EMS audits shall be scheduled on the basis of need as reflected by the importance of activities or the results of previous audits, but not less than annually, in order to verify that the system is implemented and functioning as expected. An individual audit may be limited to a sampling of EMS elements or areas and can be both random and/or focused on certain activities based on their importance and/or results of previous audits. The audit program manager will decide on the strategy to be pursued in the audit at the beginning of each fiscal year.

5. Scope of EMS Audits
On an annual basis, internal EMS audits assess all operations and facilities described within the scope of the EMS to determine conformance for these operations and facilities against the requirements of ISO-14001, and the organization’s internal performance objectives. Depending on the results of previous audits, the organization may opt to conduct one yearly audit or a series of audits that focus only on specific elements

6. Selection of Audit Team

The audit team shall be selected by the audit program manager and shall consist of NCCOS EMS team or other NOAA EHS staff that have received internal EMS auditor training and/or are deemed competent to conduct such audits. He or she is also responsible for selecting the lead auditor for a given audit. The designated lead auditor is responsible to ensure that the audit team conducts and completes the audit as planned.

Every four years the organization shall bring in an outside contracted audit team to get a fresh perspective and overview if its EMS regarding meeting established goals and functionality. The audit program manager will not be a member of the audit team.

7. Internal Audit Procedure

The internal audit will be conducted in accordance with NOAA EMS Standard: EMS.013 Regulatory Compliance And EMS Audits And Self-Assessments. EMS internal audits shall be conducted against NOAA Audit Criteria, which can be tailored to suit the specific needs and goals of the organization based on input from the Management Representative and the lead auditor.

Audit criteria shall consist of questions based upon the specified arrangements for the EMS, and shall be designed to elicit evidence of conformity with the organization’s EMS requirements. The focus of the EMS audit is to ascertain whether the EMS has been effectively implemented and is functioning in accordance with established arrangements.

Audit findings must be based on objective evidence that is properly corroborated and authenticated. (Auditors should avoid reaching conclusions on the basis of hearsay or opinion.)

7. Compliance Status

The EMS audit may also be used to record the status of regulatory compliance. This status may be based on the results of a recent compliance audit that may have occurred, or it may be based on the data generated in the EMS to track the achievement of objectives and targets. Since the organization has objectives and targets for compliance, the degree to which those have been accomplished should give an accurate reading of the compliance posture. If this method is not reliable, then the organization will rely on compliance audits to ascertain compliance status.

Alternatively, the internal EMS auditor will ascertain that the organization has previously conducted periodic compliance checks as required by the ISO-14001 standard. In this case, the auditor establishes that the checks did occur and that they were done in a manner that would produce reliable results.

8. Corrective Action

As part of the audit procedure, corrective actions will be requested by the audit team by use of the Corrective Actions Request form. This will be made available along with the Internal Audit Report to Management Representatives, the EMS Team, the Management Representative and the supervisor(s) of the area(s) audited.

After conferring with the Management Representative, the appropriate area or functional manager will address findings within a specified number of days by developing corrective actions which will be included in the summary response to the corrective action request.

If a nonconformity relates to the EMS itself, the Management Representative will have the primary responsibility to apply the corrective and preventive actions. In this instance, the audit team ensures that the corrective and preventive actions have been completed when the next scheduled audit is conducted.

For more detailed information, refer to NOAA Standard EMS.014 Corrective Action To Regulatory Compliance Audits And EMS Non-Conformances Corrective And Preventive Actions.

9. Preventive Action

Preventive action is undertaken to avoid repetition of the non-conformity in other areas or functions of the organization that may have similar vulnerabilities that caused the original non-conformity. It is the responsibility of the Management Representative to initiate preventive actions as specified in the EMS procedure for Non-Conformance, Corrective and Preventive Actions. The execution of preventive actions may be recorded in the Corrective Action Request report or it may be documented separately.

For more detailed information, refer to NOAA Standard EMS.014 Corrective Action To Regulatory
Compliance Audits And EMS Non-Conformances Corrective And Preventive Actions.

10. Verification

At the conclusion of the audit, the audit team will determine whether any findings require verification after the corrective and preventive actions are applied. This will be based upon the frequency, severity, and/or risk of continued or potential nonconformities, as well as on whether the finding was either a major or critical audit finding.

11. Closing the Audit

EMS audits are closed when the audit team leader establishes that the corrective and preventive actions have been completed.

12. Input to Management Review and to Next EMS Audit

The Audit Report and actions taken to address findings will be inputs to the Management Review. For more detailed information on the purpose and content of the Management Review, please refer to the Management Review Procedure. (The audit report, corrective action requests and records of corrective and preventive actions will also be available to auditors preparing the next scheduled audit.)

13. Audit Resources

The organization should be able to demonstrate that it has committed to provide the resources necessary to support the continual improvement of its EMS by providing the budget and staff resources necessary to maintain this EMS Audit Program. In addition, it should be able to show that auditor training will be provided for the audit team as necessary and that contracted resources may also be utilized, as necessary, to perform internal and external audits.

14. Audit Process Documentation

Documentation that result from the conduct of an EMS audit may include the items listed below. The audit program manager provides proper templates for these items to the audit teams for their use on audits:

i. Audit Plan
ii. Audit Criteria
iii. Internal Audit Report
iv. Completed corrective action requests showing actions that were taken
v. Statement on compliance status

Page Last Updated February 12, 2008