Internal Audit checklist - STMA

Internal Audit Checklist4.2 Policyq Verify required elementsq Verify management commitmentq Verify available to the publicq Verify implementation by tracing links back to policy statementq Check review/revisionsq Determine how communicatedq Check if temps are trainedq Check if vendors/suppliers were notified of policy4.3.1 Aspectsq Verify organization has approved procedure to identify aspectsq Verify/determine process for identification, ranking of significant aspectsq Verify significant aspects are managedq Verify appropriate document links (ID links) are in placeq Verify training needs have been met as related to significant and job activities thatcan result in impactsq Verify objectives and targets are linked to significant aspects with appro. IDnumbersq Determine how aspects are communicatedq Verify up to dateq Interview/sample employees for awareness4.3.2 Regulatory Requirementsq Verify requirements are in place and managedq See if legal requirement are in Standard Operating Procedures (related tosignificant)q Verify training has been conductedq Check identifiers are in place and linkedq Determine if communicated to employeesq Verify accessible and availableq Verify appropriate links to related documents4.3.3 Objectives and Targetsq Verify objectives and targets are consistent with significant aspects and policyq Do objectives and targets consider pollution prevention and other preventivemeasuresq Verify individual roles and responsibilities on objectives and targets are definedq Are objectives specific and measurable?q Are timeframes set and met?q I.D. link back to aspects?q Process for review and revisionq Process for changing target datesq Identify how progress is tracked and communicated to management1

qEnsure monthly operating reports (or method) include status of objectivesincluding measurable performance indicators4.3.4 Environmental Programsq Review improvement programs to assure link back to significant aspects andobjectives and targetsq Verify roles and responsibilities are definedq Verify the improvement program will accomplish objectiveq Determine methods used to measure and report progressq Determine if improvement programs are supported by sufficient resourcesq Determine if individual is assigned responsibility or implementation and oversightinclude reviewing and updatingq Verify that new projects/processes/modifications are subject to EMS requirements4.4.1 Structure and Responsibilityq Ensure that organizational chart is consistent with the EMSq Verify roles, responsibilities and authorities are clearly defined in EnvironmentalPrograms improvement plans, work instructions and proceduresq Interview EMS Steering committee chairperson and verify appropriate resourcesare available to fulfill requirement of the EMSq Verify roles and authorities of steering committeesq Review job description or memo, or documentation of management representativeto ensure responsibilities and authorities are definedq Ensure work groups, steering committee roles are defined and is consistent withorg. chart or structureq Although not required, is there a manual that defines the EMS structure andresponsibilities4.4.2 Training, Awareness and Competenceq Verify a training, awareness and competency procedure has been developedq Verify the organization has identified the job functions that may have significantenvironmental impact.q Determine if training needs have been identifiedq Review supporting documentationq Verify that all employees whose work may impact he environment have beenidentifiedq Verify process to review training records to assure required training has beenscheduled and givenq Verify employees (with potential for impact) have received the appropriatetraining and are certified as competentq Have organization explain process for EMS refresher trainingq Verify employees have received appropriate emergency response trainingq Verify that employees have received policy and EMS procedures trainingq Interview (sample) employees to assure proper understanding and are competentbased upon criteria such as: licenses, experience, work instruction training,supervisor signoff, etc.2

qqVerify employees whose work may impact have been trained on consequences ofdeviating from procedureVerify employees have been made aware of aspects and significant aspects oftheir department and the benefits of following approved EMS procedures4.4.3 Communicationq Verify by sampling the process of how EMS information is communicatedbetween various levels and functionsq Verify by sampling, the process for receiving, documenting and responding toexternal communications from interested parties (regulators, customers, publicetc.)q Determine by interviews the raising of employee awareness of EMS policies,objectives and targets and improvement programsq Determine how the department communicates results of audits and managementreview to employeesq Have department provide evidence of external communication to the publicq Review examples of how the organization determines to communicate itssignificant aspects (note only states to consider and record, not necessarilycommunicate to outside parties.)4.4.4 Documentationq Verify EMS Manual (optional)q Verify EMS Proceduresq Verify meeting (steering committee, EMS team) meeting recordsq Verify Environmental Directory (optional)q Verify EMS organization chartsq Verify the organization has clear documented references to related EMSprocedures, work instructions, legal requirements, etc.q Verify manual has been reviewed, understood and communicated to employees(awareness training)q Trace through sample of documents, ensuring that referenced documents exist andare readily available4.4.5 Document Controlq Determine document control procedure or process clearly establishedresponsibility for creation and modification of various types of EMS documentsq Check EMS organizational chart and job descriptions for those responsibilitiesand roles governing review, approval, revision and distribution of documentsq Verify that documents have proper revision status, approval, signature, effectivedate and appropriate links to related documentsq Verify a master list exists to identify all controlled documentsq Verify the department has appropriate retention schedulesq Verify there is a well defined system to indicate the names and locations of allholders of controlled documentsq Verify that documentation essential to operations (linked to aspects and impacts)is available to employees in those locations3

qqqqqqVerify that obsolete or invalid EMS documents are promptly removed andappropriately marked.Have the department explain this processCheck to see if they have established an obsolete file folder or locationCheck for documents (historical) retained for knowledge preservation are somarkedCheck for evidence that EMS documents (in use) do not have hand writtenchanges or revisionsVerify that EMS documentation is periodically reviewed and maintained- havethe department explain this process4.4.6 Operational Controlq Verify operation and maintenance activities that can have significant impact havebeen identified and that associated work instructions have been preparedq Interview key personnel and look for evidence of a systematic approach to theidentification of the aspects and impacts of the organizations activitiesq Verify that documented work instructions are in place to manage the significantaspectsq Verify that those persons who can have adverse impact have received theappropriate training and there is documented evidence they are competent toperform associated taskq Verify that sufficient organizational controls are in place and are maintained toensure that the significant aspects are managed to prevent adverse impacts.q Check for evidence to suggest that equipment/procedures (or lack thereof) in thework environment is not suitable/suitable to achieve the defined targets andobjectivesq Verify procedures/plans address such issues as emergency organization andresponsibilities, listing of key personnel, details of emergency equipment/servicesavailable, internal and external communication plans, actions to be taken fordifferent types of emergencies or incidents, information on hazardous materials,training programs and testing procedures (start-up or shut-down proceduresduring emergency events if tied to significant aspects)4.4.7 Emergency Response and Preparednessq Verify organization has appropriate emergency response plans in placeq Verify that the plans have a review schedule and their is documented evidence ofreviews, particularly after occurrence of an accident or emergency situationsq Verify that employees have received appropriate emergency response trainingq Verify that the organization has an emergency drill schedule and has documentedevidence of drills conducted (where practicable)Review the organization’s external communication plans for emergency situations4.5.1 Monitor and Measurementq Verify EMS measurement procedure*q Verify technical calibrations procedures*q Verify regulatory compliance assessments*4

qqqqqqqqVerify that the organization submits an operating report (on an establishedfrequency) which provides data on its operations and the status of its objectivesand targets and performance indicatorsVerify key monitoring equipment has been identified and is calibrated andmaintainedVerify a system identifying the frequency, means and methods of calibration arein placeVerify that calibration records are maintained and have appropriate links andidentification numbersIdentify how performance indicators are chosen, reviewed and revisedEnsure that performance indicators are objective, verifiable, reproducible andconsistent with the EMS policyVerify that a schedule of regulatory compliance inspections is in place andinspections are performed and documentedHave the organization discuss the process used to address noncomplianceconditions* not required to have separate procedures but recommended4.5.2 Nonconformance and Corrective and Preventive Actionq Determine process used in investigating EMS non-conformanceq Determine process used for mitigation on non-conformanceq Verify procedure (process) addresses means for identifying the root cause andimplementing effective corrective actions (CA’s)q Review any open and completed CA’s and ensure action plans have beendeveloped, followed and closed out as scheduledq Determine if there is evidence of lack of understanding or commitment on the partof department management or their staff regarding corrective or preventive actionq Determine if corrective or preventive actions implemented are appropriate tomagnitude of the problem and resolve the environmental impact from re-occuringq Verify that corrective actions are recorded and presented to management forreviewq Verify there is a process to track the status of corrective or preventive actions4.5.3 Recordsq Verify the organization has identified the required records for implementation andoperation of the EMSq Verify the person responsible for EMS records maintenance, control and disposalof recordsq Verify that records are readily available and identifiable (proper ID numbers)q Ensure a records retention schedule has been developed and implementedq Check to see if records are indexed, filed, stored and maintained to provide securestorageq Examine and evaluate a variety of records (including training) when auditing eachEMS functional areaq Check for a master log (EMS Directory) of EMS records5

qDoes the organization have a procedure for storage of various records includingelectronic4.5.3 EMS Auditsq Remain within the scope of the auditq Remain objectiveq Gather objective evidence to draw conclusionsq Document audit resultsq Interpret policies and procedures and determine conformance with the standardq Develop an audit schedule (annually)q Train audit team (document training)q Develop audit planq Schedule audit and necessary resources- meeting room, appropriate people areavailable, etc.q Conduct opening meetingqTour facility- to gain understanding of facility (if auditor doesn’t know facilityoperations)q Perform Auditq Auditors meet to discuss preliminary results- group should reach consensus onfindings, if consensus not reached, then lead auditor makes the callq Conduct closeout meeting – discuss audit results objectively ie, strengths,weaknesses, non-conformances- this is not a discussion.q Issue audit report – as discussed in close out meeting (can document potentialnon-conformance discussions with notes and understandings stating what, who,why…and correction) (Should have some way to follow up with regulatory noncomplianceissues)q Review previous audit report and check on status of any previous findings. Note;findings not corrected can be considered a major deficiencyq Check for corrective action status including any Incident Reviewsq Assure Environmental Compliance Inspections have been conductedq Interview a variety of employees to assure the EMS is understood and thatcommitment to the EMS is in place4.6 Management Reviewq Verify that management reviews have been scheduled and conducted according toplanq Look for management review actions and assure they have been completedq Verify Management Review Agenda should includes status of objectives andtargets, corrective and preventive actions, audit reports, interested party issues,regulatory compliance, suitability of the EMS and need for any changesEnd of Checklist6