4. System Audit (Conduct)

System Revision ID ASEMS Document Version Effective From State
3254 3.0 09/01/2017 - 00:15 Extant

4.1. Overview

4.1.0.1.

This procedure describes how system audits should be performed. Once the audit plan has been agreed and the audit question set compiled, the audit fieldwork phase can take place. Details of how the audit will be undertaken should have been defined in the Audit Plan and should include the opening and closing meetings and the collection, verification and documentation of audit findings and conclusions through interviews and desktop reviews.

4.1.1. Required Outputs

4.1.1.1.

  1. Non-conformance and Corrective Action Form;
  2. Audit Question Set – Fully completed;
  3. Record of Audit Opening Meeting;
  4. Record of Audit Interviews; 
  5. Record of Audit Closing Meeting.

4.2. Procedure

4.2.1. Step 1 - Opening meeting

4.2.1.1.

On the day of the audit it is good practice to hold an opening meeting on-site before the audit commences. This should be chaired by the Lead Auditor and be attended by the Auditee and relevant Audit Team members. It should cover  the following:

  1. Introduction of Audit Team to the Auditee(s);
  2. Confirmation that the resources and facilities needed by the Audit Team are available;
  3. Audit scope, objectives and methodology;
  4. Audit Plan (e.g. personnel and areas to be interviewed);
  5. Communication arrangements between the Audit Team and the Auditee;
  6. Roles and responsibilities of any guides and observers that may be used;
  7. Security or confidentiality arrangements;
  8. Safety and housekeeping arrangements; and
  9. Time and date for the closing meeting and any interim meetings of the Audit Team and the Auditees

4.2.1.2.

It is important that the meeting is used to allay any concerns the Auditee may have, for example by explaining that the audit is to assist them rather than to judge. The Auditee should be allowed the opportunity to clarify any concerns they may have regarding the audit. Minutes of this meeting, including a record of attendees should be taken and kept.

4.2.2. Step 2 – Perform the audit

4.2.2.1.

The aim of the fieldwork phase is to identify the degree of compliance with the Safety and/or Environmental Management System by obtaining objective evidence on the actual practices in use. Identification of any non-compliance should allow any areas for potential improvement to be identified.

4.2.2.2.

The audit findings should be recorded and any non-conformances and any subsequent recommendations should be recorded using the Non-conformance and Corrective Action process.

4.2.2.3.

Interviews, observations, document review and reviews of previous audits are all acceptable methods for collecting evidence to support the audit findings. Auditors should aim to follow an audit trail and may ask additional questions to those in the Audit question set, where they consider that this will assist the audit process.

4.2.2.4.

Auditors should attempt to compile and document evidence that can be evaluated against the audit criteria to form the audit findings. Where possible this should be objective and verifiable, although anecdotal evidence can be used as a basis for audit findings as long as it is clearly annotated as such. In many cases, findings may be based on evidence gathered by examining samples of data or information, rather than whole datasets, and this element of uncertainty should be acknowledged when presenting the audit findings.

4.2.2.5.

Any potential non-conformance should be discussed immediately with the interviewee so they understand the basis of the non-conformance and agree that the audit finding is accurate.

4.2.2.6.

Evidence collected during the audit which suggests that there is a safety or environmental risk which requires immediate attention (even if this is not within the scope of the audit) should be reported without delay to the Lead Auditor, who should report it immediately to the Auditee. Any concerns relating to non-urgent issues identified that are outside the scope of the audit should be noted and reported to the Lead Auditor who should then report it to the Audit Client and Auditee.

4.2.2.7.

If during the course of the audit it becomes apparent that the objectives of the audit are not going to be achieved, this should be reported and appropriate action determined between the Lead Auditor, the Audit Client and the Auditee. Such actions may include the modification to the Audit Plan, changes to the audit objectives or scope or exceptionally the termination of the audit.

4.2.2.8.

When guides from the Auditee organisation have been used to accompany the Audit Team should not be permitted to have any influence over, or cause interference with, the conduct of the audit. Their purpose is only to assist the Audit Team and act on the request of the Lead Auditor. They may be required to undertake any or all of the following:

  1. Establish contacts and times for interviews;
  2. Arrange visits;
  3. Ensure that safety and security arrangements are communicated and followed;
  4. Act as witness for the Auditee; and
  5. Provide clarification or assist in the collection of information.

4.2.2.9.

The Lead Auditor should supervise the Audit Team throughout the audit and review any audit findings at the close of each day. He/she should also ensure that the Audit Team can contact him/her to discuss any issues that may arise through the course of the audit.

4.2.3. Step 3 - Prepare audit conclusions

4.2.3.1.

Depending on the scale of the audit, at regular points and at  completion of the fieldwork phase,  the Audit Team should meet to:

  1. Review the audit findings, and any other appropriate information collected during the audit, against the audit objectives;
  2. Agree on the audit conclusions, taking into account the uncertainty inherent in the audit sampling processes;
  3. Prepare audit recommendations, and
  4. Discuss audit follow-up, if the Audit Client has specified that this will be part of the auditor role.
4.2.4. Step 4 – Closure meeting

4.2.4.1.

The closing meeting should be chaired by the Lead Auditor and be attended by the Auditee, and possibly the Audit Client. Minutes of the meeting, including a list of attendees, should be made by a member of the Audit Team and included in the Audit Report. The closing meeting should provide:

  1. An informal debrief for the Auditee;
  2. A summary of the audit activities and findings;
  3. An overview of system strengths and weaknesses;
  4. A discussion on the preliminary findings, including non-conformances (highlighting any findings requiring immediate attention);
  5. A discussion of any findings that can be closed out immediately by the Auditee;
  6. Highlight the audit limitations (e.g. situations encountered during the audit that may decrease the reliance that can be placed on the audit conclusions);
  7. Address Auditee questions or concerns;
  8. Recommended corrective/preventive actions where this requirement is included within the objectives of the audit, (The Auditee should be made aware that these are recommendations, and they will have the opportunity to later propose actions they consider more appropriate);
  9.  Discuss the timeframe for issuing the draft Audit Report;
  10. Discuss scope, contents and recipients of the Audit Report; and
  11. Where required, agree timeframe for the Auditee to present a corrective/preventive action plan.

4.2.4.2.

Diverging opinions regarding the audit findings and/or conclusions between the Audit Team and the Auditee should be discussed and resolved where possible. Any unresolved issues should be noted and reported to the Audit Client.

4.3. Responsibilities

4.3.1. Procedure Management and Procedure Completion

4.3.1.1.

The Lead Auditor is responsible for ensuring that this procedure is managed appropriately and completed. The Lead Auditor may delegate tasks to members of the Audit Team in regards to the management and completion of this procedure.

4.4. When

4.4.0.1.

This procedure should be conducted in accordance with the Audit Plan.

4.5. Required Inputs

4.5.0.1.

  1. Audit Plan;
  2. Audit question set;
  3. Relevant Project Team documentation;
  4. Non-conformance and Corrective Action Form (if needed); and
  5. Record of Audit Opening Meeting.

4.6. Required Outputs

4.6.0.1.

  1. Non-conformance and Corrective Action Form;
  2. Audit Checklists – Fully completed;
  3. Record of Audit Opening Meeting;
  4. Record of Audit Interviews;
  5. Record of Audit Closing.
4.6.1. Records and Project Documentation

4.6.1.1.

Where relevant, the outputs from this procedure should feed into the following:

  1. Assurance and Audit Reporting Procedure

4.7. Version Control

4.7.1. Version 2.3 to 3.0 Uplift

4.7.1.1.

Major uplift from the Acquisition System Guidance (ASG) to online version. POEMS has undergone major revision. Refer to the POEMS Transition Document for details.