Tuesday, February 24, 2009

Audit Objective & Scope

The audit objective defines the goals for the audit and what is to be verified.



The audit scope describes the extent and boundaries (depth and breadht) of the audit, eg.. physical location, organisational units, activities, processes, management system components, and reporting methods.



The scope is determined by the organisation (departement / business unit). Whilst there may be the requirements to satisfy a standard, code or regulation, there may also be other considerations for inclusion whithin the scope, for example :


  • What are the department's expectations ?

  • What are the areas that management wants reviewed or covered ?

  • To what extent are these areas being audited ?

  • What issues exist that need to be focussed on ?

  • Is a review required of recent changes or new strategies ?

Examples of an audit objective :



  • to determine the adequacy of environmentally-safe practices and procedures in the business unit.

  • to identify opportunities for improvements to environmental policies and procedures.

  • to determine the effectiveness of the current environmental management system inm meeting the goal of regulatory compliance.

  • to identify opportunities for improvements to environmental performance regarding resources consumption.

The audit abjectives and scope are important considerations when preparing the audit program/schedule.


Clear and effective communication of the objectives will ensure that the scope, the organisation's expectations and customers of the organisation, are satisfied.

There are four common terms used to describe the general scope of an audit, however, the term used to describe the scope of the audit is not important. Importance lies with ensuring the auditee/departement/area are involved in determining the scope of the audit. Any subsequent changes to the objectives and scope require the agreement of all parties involved.

Full Audits

Full audits cover all the activities and departements involved :

  • In satisfying a prticular contract or project;
  • In the development and supply of particular goods and services, including post sales support;
  • Or, company wide, including all line and staff activities.

Process Audits

Sometime referred to as partial or phased audits. These are performed only on certain processes or areas that are of interest to the audit objectives. They may cover activities up to and including the development of a product and / or service, or they may cover particular capabilities, eg. Waste water treatment plant, solid waste management, etc.

This approach relates to a single audit activity. It does not suggest that other processes or areas are ignored.

Follow-Up Audits

These are performed to verify and determine the effectiveness of corrective action as a result of a previous audit.

Unscheduled Audits

These are often prompted by a significant change in the organisation's management system or as a result society complaint, environmental legislation breaching, major pollution, etc.

The success of an unscheduled audit can depend on the culture of an organisation. In some organisations they are perceived as a "catch them out" tactic. However, they ban be vary effective when approached carefully.

In many cases, the audit objectives and scope are combined into one statement, or series or statements.

Posted by rengorose at Tuesday, February 24, 2009
Labels:

Program / Schedule

Audits may be programmed / scheduled based on a number of factors, for example :
  • A basis of cost;
  • Regulatory requirements;
  • Interested parties feedback (including feedback from regulaory requirements, environmental complaints);
  • Environmental Aspect and Impact, etc;

Some companies structure their audit programs annually, quarterly, or on a day to day basis.
The audit program should be tailored to meet the specific needs, resources and culture of the organisation. Each organisation should consider its budget and resource limitationss to ensure that the audit quality is not compromised, minimising the audit's effectiveness.

Management of the audit program is defined in the organisation's policies and procedures, eg.. Business Manager, Managing Director, management committee, etc.

When developing an audit program, consideration should be given to the documentation which will be audited againts during audits.
Such documents may include : Legislation, Regulations, Standards, Pplicy, Procedures, Instructions, Plans, Audit Reports, etc.
Each audit may be scheduled againts the above documents as : a section/part, a whole, or a combination.

Benefits of an audit program/schedule

  • It commucates throughout the organisation what audits will be performed, the time allocated, and the personnel, processes, products, services, projects, and contracts involved. This helps people to plan their work schedules.
  • It enables audits to be planned so as to ensure that all aspects of an organisation are audited.
  • It allows areas of risk to the organisation to be managed and reviewed at an appropriate frequency.

The resources committed to the audit should be sufficient to meet its intended purpose. Sometimes insufficient time is allocated for the preparation and conduct of an audit which impacts on the value of the results obtained.

Posted by rengorose at Tuesday, February 24, 2009
Labels:

Stages of an Internal Audit

There are five critical stages in preparing for and performing a satisfactory environmental management system audit. The degree of activity completed at each stage will vary between organisations, however, consideration of these stages should be made.

1. Program / Schedule

- Audit Objective and Scope
- What to Audit ?
- When to Audit ?
- Approaches to Programming / Scheduling
- Audit Schedule Structure

2. Planning & Preparation

- Notification
- Preliminary Informastion
- Audit Team Composition
- Audit Planning
- Document Review
- Audit Guidance Tools

3. Performing the Audit

- Getting Started
- Team Meeting
- Nonverbal Communications
- Time Management
- Resolving Differences
- Information Collection
- Audit Methods
- Recording Information
- Question Technique

4. Presentation of Audit Findings

- Evaluation of Audit Findings
- Reporting Categories
- The Deficiency Statement
- Audit Report Structure
- Feedback Meeting

5. Follow-up Activities

- Follow-up Audit
- Review Activities
Posted by rengorose at Tuesday, February 24, 2009
Labels:

Monday, February 23, 2009

Auditor Qualifications

To maintain the integrity of the audit process and its result, auditors should prossess the personal attributes, education, training, work and audit experience and competencies to conduct audits.

Auditor qualifications may vary according to the audit circumsyances; the audit program; and the organisation's size, nature, complexity and culture.

Auditor qualifications impact on the reliability of the audit findings and conclusions.

Auditor Competencies

Competence is achieved through a combination of education, training and / or work and audit experience. The following extract from ISO 19011 illustrates some of the competencies for auditors.

Audit principles, procedures and techniques - to enable the auditor to select and apply those appropriate to different audits and ensure that audits are conducted in a consistent and systematic manner. An auditor should be able to :

  • apply audit principles, procedures and techniques;
  • plan and organise the work effectively;
  • conduct the audit in a timely manner;
  • prioritise and focus on matters of significance;
  • collect information through effective interviewing, listening, observing and reviewing documents, including records.
  • verify the accuracy of collected information;
  • confirm the sufficiency and appropriateness of audit evidence to support audit finding and conclusions;
  • assess those factors that can affect the reability of the audit findings and conclusions;
  • understand the appropriateness and consequences of using sampling techniques;
  • record audit activities through work documents;
  • prepare audit reports that are clear and concise;
  • hold information confidential;
  • communicate effectively, either through personal linguistic skills or through the support of a competent interpreter.

Management system and reference documents - to enable the auditor to comprehend the scopeof the audit and apply audit criteria. Knowledge and skills in this area should cover;

  • application of management systems to different organisations (where applicable);
  • interact between the components of the management system;
  • quality or environmental management system standars, applicable procedures or other management system documents used as audit criteria;
  • differences between and priority among the reference documents;
  • application of the reference documents to different audits;
  • information systems and technology for the management, authorisation, distribution and control of documents, data and records.

Organisation situations - to enable the auditor to comprehend the organisation's operational context. Knowledge and skill in this area should cover :

  • organizational size, structure, functions and relationships;
  • general business processess and related terminology
  • cultural and social customs of the auditee;

Applicable laws, regulations and other requirements relevant to the discipline - to enable the auditor to work within, and be aware of the requirements that apply to the organisation being audited. Knowledge and skills in this area should cover as applicable :

  • contarct and agreements;
  • labour, workplace safety, and working conditions;
  • international treaties and services;
  • environment;

Auditor Certification

Auditors wishing to become certified with RABSQA International must meet the auditor certification criteria and also maintain RABSQA International's Code of conduct as detailed below :

RABSQA Code of Conduct

All auditors have an obligation to improve the standing of the auditing profession by observing the following RABSQA International Auditors' Code of Conduct. Compliance with Code of Conduct is a condition of continuing registration.

  1. To act professionally, accurately and in unbiased manner
  2. To stive to increase the competence and prestige of the auditing profession.
  3. To assist those in my employ or under my supervision in developing their management, professional and auditing skills.
  4. No to undertake audits that I am not competent to perform
  5. No to represent conflicting or competing interest and to disclose to any client or employer any relationships that may influence my judgement.
  6. Not to discuss or disclose any information relating to an audit unless required by law or authorised in writing by auditee and the auditing organisation.
  7. Not to accept any inducement, comission, gift or any other benefit from auditee organisations, their employees ar any interested party or knowingly allow colleagues to do so.
  8. Not intentionally communicate false or misleading information that may compromise the integrity of any audit or the auditor certification process.
  9. Not to act in any way that would prejudice the reputation of RABSQA International or the auditor certification process and to co-operate fully with an enquiry in the event of any alleged breach of this code.

Personal Attributes

The personal attributes which a person should possess in order to become a competent auditor include, but are not limited to, the following :

  • ethical - fair, truthful, sincere, honest and discreet;
  • open minded - willing to consider alternative ideas or points of view;
  • diplomatic - tactful in dealing with people;
  • observant - constantly and active aware of physical surroundings and activities;
  • perceptive - instinctively aware of and able to understand and adapt to situations;
  • versalite - able to adapt to different situations;
  • tenacious - persistent, focused on achieving objectives;
  • decisive - reaching timely conclusions based on logical reasoning and analysis;
  • self-reliant - acts and functions independently while interacting effectively with others.

Posted by rengorose at Monday, February 23, 2009
Labels:

Audit Depth

For each of the audit categories, the audit depth can vary according to the focus of the feview.

Adequacy

Determines the extent to wich the documented system (policies, procedures, plans, etc) adequately meets the ruquirements of the applicable standard or criteria.

"Is what we say we do in line with the standard or other applicable criteria ? "

Also known as a desk-top or documentation audit. It may involve little interaction with the auditee, as it essentially involves the review of the documnetation.
This activity is performed as a part of the preparation for the audit.

Compliance

An in-depth review of procedures/plans and their content (records), verifyng that procedures are implemented and observed within the organisation.

"Are we doing what we say we do ?" - "Can we do better?"

A compliance audit can not be satisfactorily performed unless an adequacy audit has been performed. This is because the auditor needs to understand the nature of the organisation's management system in order to determine compliance.


System

Broadly reviews the management system to confirm that it follows the planned arrangements of management and their documented plans.
Conclusion can be made about the degree of continued :
- compliance- effectiveness of the documented system and its implemented, and- maintenance of the documented system.

System = Adequacy + Compliance

A system is the combinantion of the findings from the adequacy and compliance.
Posted by rengorose at Monday, February 23, 2009
Labels: , , ,

Friday, February 20, 2009

Categories of Management System Audits

Audit categories vary in their depth and scope.

The relationship between the auditor and the auditee also varies according the audit category.

An auditor should be clear about the category of auditing being performed, as this will have an impact on the preparation of the audit and the structure of the audit team.

It must be emphasised that an audit is, and always remains, a "snapshot" in time - a sampling process.
Internal Audit
An organisation is performing an audit upos its own system, procedures and facilities. Often referred to as a first party audit.
Auditors are generally used from within the organisation or in some instances, hired as subcontractors.
The internal audit is often viewed as a 'health check' for the organisation, identifying performances, needs, strenghts and weaknesses.
It is widely recognised that an effective internal audit has the greates potential to identify improvement opportunities within the organisation.
Similarly, it is recognised that the result or internal audits are not always given the priority and attention that they deserve.
External Audits
External audits can be divided into second and third party audits.
Second party audits are conducted by parties having an interest in the organisation, such as customers, or by other persons on their behalf. Usually audits are performed by an organisation upon its own suppliers or sub-suppliers. This audit is performed to assess the status of contracts in order to determine whether the organisation will be receiving what it has specified.
It is not unusual for organisation to conduct audits of customers where there is potential risk to business and brand name, should a labelled product be mishandled or misused during the transport/distribution/resale chain, eg. storage of food products.
Third party audits are conducted by external independent organisations. Such organisations provide certivication or registration of conformity with defined requirements and may be done at the customer's request. Such defined requirements can include : ISO9001, AS4801, QS9000, AS4360, etc.
Audits by statutory or regulatory authorities are akin to second party audits. An implied contract exists which requies the organisation to satify legal and regulatory requirements.
In Australia and New Zaeland, cerifiers of products and systems to standards are accredited by JAS-ANZ (Joint Accreditation System for Australia and New Zaeland). Certification bodies are accredited to work in specific industry sectors and must have a through knowledge of the industry, its technical environment, processes and regulations. External auditors are not permitted to consult and are limited in the advice they can provide to organisations. RABQSA International certifies individual auditors.
RABQSA International maintains a Register of Certified Auditors in QUality, Food Safety, Environment, Occupation Healt adn Safety, etc.
Information regarding this and other services provided by RABQSA International are available from their web site - www.RABQSA.com
Posted by rengorose at Friday, February 20, 2009
Labels:

What is a "Internal Audit" ?

An Internal Audit is a systematic, independet and documnented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the environmental management system audit criteria set by the organization are fulfilled. (ISO 14001:2004 caluse 3.14)

An audit is a fact gathering exercise not a fault finding exercise.

There will be times when deficiencies are found - but that is a fact !

Fact Finding Not Fault Finding
Other terms which relate to auditing are :
An auditor is a person with competence to conduct an audit. One or more auditors conducting an audit is known as an audit team. (ISO 9000:2000)
An auditee is the organisation being audited, where organisation relates to a group of people and facilities. The people who interact with the auditor are therefore referred to as auditees. (ISO 9000:2000)
Posted by rengorose at Friday, February 20, 2009
Labels:

Audit and Auditing

It is well recognised that a properly conducted internal audit program is an effective management tool. Used appropriately,
audits assist in adding value to an organisation's actitvities and contribute towards improvement.

Audits are also used to determine compliace with specified requirements, which vary between organisations and can include criteria such as :

- Customer requirements, eg. contracts, orders, specifications, briefs
- Plans, eg. strategic, project
- Legislation and regulations, eg. Work Cover, EPA
- Codes of Practice, eg. Industry specific
- Quality Management, eg. ISO 9001, QS 9000
- Environmental Management, eg. ISO 14001
- Occupation Helat & Safety, eg. AS 4801, SafetyMAP
- Industry Best Practice, Risk Management
- Food Safety, eg. HACCP, SQF 2000
- Domesic or international conventions, eg. World Helat Organisation

The word audit was used over two thousand years ago to refer to a hearing of oral evidence

General priciples for auditing include the following :

- audits are an effective management tool to examine activities and processes. The result of an audit is information on which management can act.
- objectivity, independence and a systematic approach are core principles, which are essential for conducting effective and efficient audits.
- audits are authirised, and authority may result from the decision of the management, policy, provisions of contract, the customer, legislation or regulation.
- audit programs and audit are planned and managed to ensure that they are conducted in an effective and consistent manner, and that the audit conclisons
are credible.
- audits are conducted using established methods and techniques to ensure that audit evidence and audit findings are relevant, reliable and sufficient, such
that audit teams working independently form one another will reach similiar audit conclusions.
- the scope, objective and audit criteria of each audit are clearly defined and agreed, prior to commencing the audit.
- audit team members and audit program managers are competent for the tasks they perform.
- audit team members act with due professional care and behaviour, integrity, confidentiality and other attributes. Audit team members are free from bias and
conflict of interest throughout their activities.
Posted by rengorose at Friday, February 20, 2009
Labels:

Tuesday, February 17, 2009

Boot Up Windows Faster

There is one quick edit to the registry that can make Windows XP or Vista shut down quicker:
1. At the Start Menu, type "regedit" without the quotes in the search box and hit Enter.
2. Find HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control and go to the Control folder
3. Right click the entry "WaitToKillServiceTimeout”
4. Set the value to something lower, 1000 is usually good (the numbers represent milliseconds).

The default value is a (too) generous 20000. However, the cost with this is that it won’t give running programs much time to save data so losing work using the tweak is a definite possibility. Any risk which may occur doe to the result of the change is your resposibility. So backup the registry before make any change.
Posted by rengorose at Tuesday, February 17, 2009
Labels:

Ad-Aware 2008 7.1.0.8

Filename: aaw2008.exe
Location: ftp here
File Size: 18.27MB
Requirements: Windows 2000/XP/2003 Server/Vista(32- and 64-bit)
License: Freeware

With the ability to scan your RAM, Registry, hard drives, and external storage devices for known data-mining, advertising, and tracking components, Ad-Aware 2008 can clean your system easily, allowing you to maintain a higher degree of privacy while you surf the Web
Posted by rengorose at Tuesday, February 17, 2009

Smart Defrag 1.02

Filename: Defrag102.exe
Location: ftp here
File Size: 2.37MB
Requirements: Windows 2000/XP/2003 Server/Vista
License: Freeware

Disk fragmentation is generally main cause of slow and unstable computer performance. Smart Defrag helps defragment your hard drive most efficiently. Smart Defrag not only defragments computer deeply but optimizes disk performance. With 'install it and forget it' feature, Smart Defrag works automatically and quietly in the background on your PC, keeping your hard disk running at its speediest. Smart Defrag is complete free for home, organization, and business.
Posted by rengorose at Tuesday, February 17, 2009

Revo Uninstaller 1.75

Filename: revo175.exe
Location: ftp here
File Size: 1.56MB
Requirements: Windows 2000/XP/2003 Server/Vista
License: Freeware

Revo Uninstaller is a freeware innovative uninstall utility much faster than Windows Add/Remove applet. With its advanced and fast algorithm, Revo Uninstaller scans before and after you uninstall an application. After the program's regular uninstaller runs, you can remove additional unnecessary files, folders and registry keys that are usually left over on your computer. Even if you have a broken installation, Revo Uninstaller scans for an application's data on your hard disk drives and in the Windows registry and shows all found files, folders and registry items so you can delete them.
Posted by rengorose at Tuesday, February 17, 2009

ICQ 6

Filename: Install_ICQ6.exe
Location: ftp here
File Size: 11MB
Requirements: Windows 98SE/Me/2000/XP/Vista
License: Freeware

For user who always use ICQ, now ICQ 6 provides users with an innovative communication experience and enables quick and simple interaction among users across all communication platforms. ICQ 6 offers the entire suite of digital and mobile communication tools available today, all integrated seamlessly in a single message window.

Innovations and improved features in ICQ 6 include:
* Quick IM--enabling users to send messages to contacts without opening a message window.
* Easy access simple navigation between incoming messages.
* Tabbed conversations--management of all active conversations in one message window by using tabs.
* History--new and improved search history of messages, files, and calls.
* Search capabilities--advanced and easy-to-use search through contacts, on ICQ, and on the web.
Posted by rengorose at Tuesday, February 17, 2009

Mac OS X Leopard Transformation Pack for XP

Filename: XPtoMacOSX.zip
Location: ftp here
File Size: 12MB
Requirements: Windows XP SP2
License: Freeware

Mac OS X Leopard Transformation Pack will transform your Windows XP user interface to Mac OS X Leopard alike looks that everyone will never notice it’s the same old. The installation of Mac OS X Leopard transformation pack that changes some of the windows component and get Mac OS X 10.5 Leopard mods on your XP operating system.

The windows component includes explorer.exe, shell32.dll, xpsp2res.dll, mydocs.dll, and msgina.dll. However, it’s advisable to create a system restore point before installing the transformation from Windows XP to Mac OS X Leopard GUI interfaces. Meanwhile, this Mac OS X Leopard transformation pack is workable on Win XP Service Pack 2 English version
Posted by rengorose at Tuesday, February 17, 2009

VistaMizer 3.1.0.0

Filename: VistaMizer_3.1.0.0.exe
Location: ftp here
File Size: 18MB
Requirements: Windows XP/2003
License: Freeware

VistaMizer modifies your system files, so that when you reboot after installing VistaMizer, you won't even remember how your old desktop looked like. With VistaMizer you are now able to transform your Windows XP, MCE or Server 2003 by giving it the look of Windows Vista.
Posted by rengorose at Tuesday, February 17, 2009
Subscribe to: Posts (Atom)