Description of the process

ISO 19011 is lying down very detailed process of auditing based on P-D-C-A methodology and preserves the same structure as OHSAS 18001. The process of certification should be divided into several steps, which have been graphically processed to the below stated picture.

Figure 7: The process of certification74

Before initiating the certification there is standing an order, which might be accompanied by the statement of auditee’s top management describing in which area is a certification requested, why is demanded and which objectives are to be reached. Initial communication

74

Author’s own processing with inspiration in: Guidelines for auditing management systems. ČSN EN ISO 19011: idt ISO 19011:2011. Praha: Úřad pro technickou normalizaci, metrologii a státní zkušebnictví, Praha, 2012, p. 28.

5. COMPLETING THE CERTIFICATION

certifying recommending improvements

4. DISTRIBUTING THE AUDIT REPORT

generating audit findings and conclusions, processing the report

3. CONDUCTING THE AUDIT

opening and closing meeting, documentation review, verifying information

2. PREPARING AUDIT ACTIVITIES

documentation review, establishing the audit plan, assigning work for the audit team

1. INITIATING THE CERTIFICATION

between auditee and auditors shall be focused on setting contractual requirements, preparing time schedules and organizational issues like accessing relevant documentation and protection of handovered or detected information. If there are any specific conditions on workplaces - for example in relation to local OSH conditions - the auditing team should be aware of that in advance by auditee. At the end of this step is appropriate to clarify all the audit objectives and to define, if those should be reached. Study of feasibility should consider factors of availability the appropriate information base, adequate time and resources and enterntain the level of cooperation with auditee.

When preparing audit activities there is a strong need of preparing the relevant documentation review, where is later recommended to consider if information are complete, correct, consistent and current.75 Importance of this substep is in possibility of preparing work documents for recording audit evidence as checklists, forms for information recording, audit findings or meetings records. The audit plan shall be established in this phase by the team leader, when attention should be paid on non- interferencing to regular activities of the auditee and consequential risks arising from presence of auditors. This plan should be based on applicable methods as stated in following table.

Figure 8: Applicable audit methods76

75

Guidelines for auditing management systems. ČSN EN ISO 19011: idt ISO 19011:2011. Praha: Úřad pro technickou normalizaci, metrologii a státní zkušebnictví, Praha, 2012, p. 59.

In case of participation of an audit team it is needed to assign tasks, responsibilities and generally brief every single audit team member.

When conducting the audit it is recommended to initiate a meeting with auditee’s top management to inform about starting the certification, to introduce auditing team and their roles. By this meeting shall continues the initial communication and at this occassion should be clarified all the ad futurum questions like informing about reporting to auditee, about feedback system or about the closing meeting. Afterthat is performed the document review based on former preparation as auditors should have at disposal all the requested documentation, analyse it, compare it with requirements in order to determine conformity or to gather new information for audit findings. Periodical communication shall be led during the audit to inform about certification progress, because there should happen situation, when audit evidence indicates audit objectives are not reachable, so both parties should take appropriate actions or modification of audit plan or termination of the whole process. Immediatelly threating and significant risks are to be reported without delay. ISO 19011 also allowes assigning roles of guides and observers, which may follow auditors, but must not influence the process. Their roles are to represent for example the authority of regulator, but may act as witnesses on behalf of the auditee. Guide has a role of assisting the auditors, arranging accesses, ensuring that OSH rules are respected by auditors and providing clarifications. Because only verifiable information should be accepted as an audit evidence, there is following the step of collecting and verifying information. The standard literally recommends collecting information by sampling, which is a “process of selecting less than 100 % of the items within the total available data set to obtain and evaluate evidence about some characteristic of that population, in order to form a conclusion concerning the population”.77 This method is applicable on cases, when it is not cost-effective or seems to be very time demanding to examine all the available information. Information are to be collected by means of interviews, observations and reviewing of documents78 and are to be verified as shown in following schema.

77 _{Guidelines for auditing management systems. ČSN EN ISO 19011: idt ISO 19011:2011. Praha: Úřad pro} technickou normalizaci, metrologii a státní zkušebnictví, Praha, 2012, p. 59.

78 _{ČSN ISO EN 19011 also offers verbal guidance on information sourcing, visiting the auditee’s location} and even on conducting interviews.

Figure 9: Process of collecting and verifying information79

Audit findings are to be generated comparing audit criteria and audit evidence, which should result in conformity or nonconformity record with connected recommendation for improvement. Nonconformities may be consulted with an auditee to confirm accuracy of evidence and to understand it. Then should follows interphase of preparing audit conclusions, when only the audit team should meet and proceed audit findings against audit objectives, submit audit conclusions and prepare recommendations. Then could takes place the closing meeting attended as well by auditee’s top management and eventually even by persons responsible for audited area. At this point are to be presented and discussed audit findings in understandable way together with suggestion for improvements. In case of irresolvable disagreement with findings by the auditee, those are to be written down.

According to the standard, part of distributing the audit report involves processing of complete, accurate, concise and clear report including:

the objectives, the scope and the criteria, identification of auditee and auditor, dates and locatins of conducting audit,

79 _{Guidelines for auditing management systems. ČSN EN ISO 19011: idt ISO 19011:2011. Praha: Úřad pro} technickou normalizaci, metrologii a státní zkušebnictví, Praha, 2012, p. 37.

Source of information Collecting by means of appropriate sampling Audit evidence Evaluating against audit criteria Audit findings Reviewing Audit conclusions

audit findings and associated evidence, extent of fulfilling the audit criteria, audit conclusion.

The final report may be dated and distributed to recipients and by its handovering the certification is usually supposed as completed. But there shall possibly occurs situation, when audit conclusions are demanding corrective or improvement actions, when auditee is given to do so in particular timeframe. Therefore at the end of the whole process is included the moment of completing the certification as a somewhat formal step.