Both compliance and systems audits are important and the various approaches to auditing have value when applied appropriately to the scope and purposes. External audits may be conducted by regulatory agencies, ISO Registrars, and customers. Internal audits may be required by standards to which the organization subscribes such as ISO 14001 and ISO 45001, and also have value in assessing the effectiveness of internal systems and processes. Internal audits can also be used as a training or education opportunity to enhance personnel awareness and engagement with organizational goals as well as improve EHS and business performance.
To provide assurance to board of directors, investors, customers and other important stakeholders and identify opportunities to improve, an organization may retain independent auditors with appropriate expertise to evaluate compliance with regulations, conformance with standards or other industry requirements, and effectiveness of systems to achieve intended purposes. When delivered in an action plan format, these audits can also provide a direct path to continual improvement.
Addressing Audit Findings
ISO or similar management systems include corrective and preventive action processes. Initially an audit deficiency report or corrective & preventive action (CAPA) form may be issued to the person with primary responsibility for addressing the finding (for example, the manager or supervisor of a functional/department area where finding was identified).
General guidelines and best practices for addressing audit findings and tracking to enclosure include:
- The auditor documents the finding (see below for general guidance on documenting findings) including a reference to applicable standard or internal procedure requirement.
- Within a reasonable timeframe of receiving the non-conformance (Item 1 above), the responsible party (auditee) identifies:
a.) The action to be taken to correct the finding
b.) The root cause of the finding (the reason it occurred)
c.) The preventive action to be taken to avoid recurrence of the finding in this
specific area or similar areas (addresses the root cause and identifies system
or process improvements)
d.) The date(s) when the actions will be implemented (the corrective and
preventive actions may occur on different dates)
- The auditor may review the proposed solutions (Item 2 above) with the auditee to assess whether it appears to properly address the finding and provide guidance if needed.
- After the actions are taken, the auditee may provide evidence to the auditor and/or the auditor may review to verify that both the corrective and preventive actions have been implemented. Retaining documentation confirming implementation is helpful (e.g., training records, photos, document references).
- Tracking audit findings to closure (completion of Item 4) helps ensure that they are not forgotten and are addressed.
- Periodic review of findings helps evaluate effectiveness of corrective and preventive actions. Repeat findings may indicate that an appropriate root cause and/or preventive action may not have been identified.
In addition to findings of non-conformance or non-compliance, and auditor might also identify opportunities for improvement (OFIs) which could either help prevent a future non-conformance/non-compliance or could improve a system or process to be more effective. Although not required, addressing these OFIs can be very valuable to an organization.
Download our guide: “Do’s and Don’ts for Documenting EHS Audit Findings”
At CAPACCIO, we live our mission of “Helping Industry and the Environment Prosper”. We align EHS with your overall business objectives to strategically position you for success. Our unique approach combines our extensive EHS experience with innovative tools, such as our EHS Dashboard™, to effectively address your challenges. Our comprehensive solutions have resulted in award-winning EHS and overall business performance for our clients. We are certified WBENC, WBE.