Bundaberg Regional Council

Organisational Services Internal Quality PD-8-004

Issue Date: 12-08-2014
Review Date: 28-01-2018 Auditing Procedure .
Rev. 3

1.0 PURPOSE

The purpose of this procedure is to provide for a system and instructions and to assign
responsibilities for conducting internal audits.
The auditing tool will assist the Management Team evaluate performance across
organisational functions and management systems to enable continual improvement
of the Integrated Management System (IMS). The audits shall identify the strengths
and weaknesses of the IMS by assessing the effectiveness of designated processes
and activities in meeting customer requirements, our corporate objectives and the
requirements of a particular Standard, Regulation, Act or contract.

2.0 SCOPE

This procedure applies to all activities comprising the Integrated Management System
and concerns all General Managers, Managers, Supervisors and employees. It is directly
relevant to all departments.
Internal audit results and summaries form an integral part of the management review
process.

3.0 DEFINITIONS/ABBREVIATIONS
Audit A systematic, independent and documented process performed
to verify by examination or evaluation of objective evidence the
adequacy of and compliance with established policies, procedures or
requirements.
Audit scope The extent and boundaries of an audit.
Audit criteria A set of policies, practices, procedures or requirements against which
the auditor compares observations and collected objective evidence.
Audit findings The result of the evaluation of the collected audit evidence against
audit criteria.
Audit conclusion Outcome of an audit provided by the audit team after consideration
of the audit objectives and all audit findings.
Requirement A need or expectation that is stated, generally implied or obligatory.
Objective evidence Data supporting the existence or verity of something.
Technical expert A person who provides specific knowledge of or expertise on the
subject to be audited (ie WHSO).
Observation An opportunity for improvement to services, activities or the
effectiveness of the Integrated Management System.
Non Conformance A deficiency in characteristic, documentation or process
implementation, which results in failure to meet a requirement.

PD-8-004 Rev. 3 Approved By: Sustainable Finance Manager Page 1 of 7

Document issue is correct at the time of print. For printed copies, use IMS Intranet Page to verify correct issue.
4.0 RESPONSIBILITY AND/OR AUTHORITIES

4.1 Management Team

The Management Team, made up of the Chief Executive Officer and General
Managers is responsible for providing the resources necessary to allow the audit
programme to be conducted effectively and efficiently. The Management Team is
also responsible for ensuring that audits are conducted as planned and that where
deficiencies are identified, corrective action is taken in a timely manner.

4.2 . Team Leader Integrated Management

The Team Leader IMS is responsible for managing the audit programme and shall
act as the Lead Auditor for all internally conducted audits.

4.3 Auditor Supervisor

The Supervisor of the Auditor is responsible for ensuring the audit is conducted
within the designated period.

4.4 Auditor
The Auditor is responsible for conducting planned audits and reporting audit
conclusions.

5.0 REFERENCES/ASSOCIATED DOCUMENTS

CB 029-2003 The Audit Skills Handbook
CK-8-010 Internal Quality Audit Location Checklist
CK-8-011 Internal Quality Audit Forms Checklist
FM-8-026 Internal Quality Audit Plan
FM-8-028 Records To Be Viewed - Internal Quality Audit
FM-8-031 Workplace Internal Quality Audit Record
FM-8-045 Audit Client Questionnaire
ISO 19011 - Guidelines for Auditing Management Systems
MD-8-002 List of Documents - Internal Quality Audit

6.0 DOCUMENT ENQUIRIES

Position Title: Team Leader Integrated Management

7.0 PROCEDURE
The single audit system is based on the systems approach where all auditing decisions
and activities consider the interrelationships that exist among different audit elements
(objectives, processes and resources), as well as the different functions (quality,

PD-8-004 Rev. 3 Approved By: Sustainable Finance Manager Page 2 of 7

Document issue is correct at the time of print. For printed copies, use IMS Intranet Page to verify correct issue.
 environment and safety) with the aim of applying a systems view for the continual
improvement of the IMS.

7.1 Principles of auditing

7.1.1 Auditing is characterised by reliance on a number of principles. These
principles include:
1) Ethical Conduct: Trust, integrity, confidentiality and discretion are
essential to auditing;
2) Fair presentation:. Audit findings, audit conclusions and audit reports
reflect truthfully and accurately the audit activities;
3) Due professional care: Auditors exercise care in accordance of the task
they perform and the confidence placed in them by Bundaberg Regional
Council and other interested parties;
4) Independence: Auditors are independent of the activity being audited
and are free from any bias and conflict of interest;
5) Evidence-based approach: Audit evidence is verifiable.

7.2 Internal Audit Programme

7.2.1 The Management Team shall plan and schedule audits. Each audit may
have a number of objectives based on consideration of:
1) Management priorities;
2) Corporate intentions;
3) Management system requirements;
4) Statutory, regulatory or contractual requirements;
5) Customer requirements;
6) Need for supplier evaluation;
7) Needs of other interested parties;
8) Risks to the organisation.

7.2.2 The audit schedule lists the processes to be audited at least once a year. In
addition to the annually scheduled audits, Management may select certain
activities for more frequent auditing, depending on their status importance,.
past compliance history and trends identified through monitoring.

7.2.3 Audits shall be planned and scheduled taking into account the availability
of Auditors and Technical Experts having competence appropriate to the
particular audit.

7.2.4 A maximum of 15 audits shall be conducted three times per year. It is at the
discretion of the Management Team whether management system audits
are conducted separately or together. Several activities may be clustered
into one audit.

7.2.5 The audit objectives and scope shall be defined by the Management Team.
The audit scope shall be such that it allows the audit to be completed within
three working days.

PD-8-004 Rev. 3 Approved By: Sustainable Finance Manager Page 3 of 7

Document issue is correct at the time of print. For printed copies, use IMS Intranet Page to verify correct issue.
 7.2.6 Two or more auditing organisations may cooperate as part of the auditing
programme.

7.3 Audit Team

7.3.1 The Lead Auditor shall assign personnel to audit the process or activity
chosen by the Management Team and ensure each planned audit is
assigned a number in the Risk Management Database.

7.3.2 Personnel assigned to carry out internal audits shall be independent of those
having direct responsibility of the audited activity and shall be adequately
trained and qualified on conducting internal audits.

7.3.3 The Auditor shall be selected taking into account the competence needed
to achieve the objectives of the particular audit.

7.3.4 When deemed necessary, an internal audit may be performed by an Audit

Team of two people. In this instance, one person shall be assigned the duties
of Audit Team Leader. Auditors-in-training may be included in the audit team,
but should not audit without direction or guidance.

7.4 Preparing for Audit

7.4.1 The Lead Auditor shall communicate the audit objectives, scope and criteria
to the Auditor in advance of conducting the audit.

7.4.2 The audit criteria shall be defined by the Lead Auditor. If needed, the Lead
Auditor shall consult with Technical Experts to establish appropriate audit
criteria.

7.4.3 Auditors shall prepare for the audit by fully familiarising themselves with
the audit criteria (i.e. policies, procedures, standards, laws & regulations,
management system requirements, contractural requirements or industry/
business sector codes of conduct) and previous audit reports, non
conformances and details of corrective actions that may be relevant to the
particular audit.

7.4.4 The Auditor shall compile an audit checklist that reflects the scope and
objectives of the audit and prepare work documents as necessary for
reference and for recording audit proceedings. The use of prepared
checklists or forms shall not restrict the extent of audit activities, which may
change as a result of information collected during the audit.

7.4.5 The Auditor shall prepare an audit plan as the basis of the audit activities.
The audit plan shall cover:

1) The audit objectives and scope;

2) The audit criteria and any reference documents;
3) Identification of the organisational and functional units and processes to
be audited;

PD-8-004 Rev. 3 Approved By: Sustainable Finance Manager Page 4 of 7

Document issue is correct at the time of print. For printed copies, use IMS Intranet Page to verify correct issue.
 4) The dates and places where the on-site audit activities are to be
conducted;
5) The expected time and duration of on-site audit activities;
6) Matters of significance requiring consultation with Technical Experts;
7) Identification of any matters related to confidentially.

7.4.6 The Manager or Supervisor responsible for the area being audited shall be
contacted by the Auditor in advance to make arrangements for the audit and
if necessary, to request access to relevant documents.

7.5 Conducting the Audit

7.5.1 The Auditor shall meet with the Manager or Supervisor responsible for the
area being audited to confirm the arrangements before commencing the
audit.

7.5.2 The audit is performed using the Audit Checklist as a reference. Auditees
are interviewed regarding the process or observed performing the process.
Auditors shall maintain an objective state of mind throughout the audit
process and seek objective evidence demonstrating whether the audited
activities comply with audit criteria.

7.5.3 As the audit progresses, changes to the audit scope may be needed to
ensure the achievement of the audit objectives. Any change to the audit
shall be agreed to by the Lead Auditor.

7.5.4 Evidence collected during the audit that suggests an immediate and extreme
risk shall be reported without delay to the Manager or Supervisor responsible
for the area being audited.

7.5.5 Any concern about an issue outside the audit scope shall be noted and
reported to the Lead Auditor who shall initiate appropriate follow-up action.

7.5.6 The Auditor shall make the Auditee aware of a non conformance when it is
noted and agreement to the facts must be sought and established.

7.5.7 The Auditor shall give a verbal report to the responsible Supervisor or
Manager advising of any non conformances before departing. Where there
are insoluble differences, the matter shall be reported to the Lead Auditor
who shall discuss the matter with the relevant Supervisor or Manager.
Should a resolution not be achieved, the Team Leader IMS shall raise the
issue for discussion at the next Executive Management meeting and a
determination be made.

7.5.8 At the end of the audit, the Auditor shall present their audit findings to the
Lead Auditor and agreement shall be reached on the audit conclusions.

7.5.9 Following discussion with the Lead Auditor, the Auditor shall compile the
Audit Report and prepare Corrective Action Requests (CAR) for each

PD-8-004 Rev. 3 Approved By: Sustainable Finance Manager Page 5 of 7

Document issue is correct at the time of print. For printed copies, use IMS Intranet Page to verify correct issue.
 instance of nonconformity. Each non conformance shall be classified as
either Critical (extreme risk), Major (high risk), Significant (Moderate risk) or
Minor (low risk). In the event that there are no non conformances identified,
the Auditor shall tick the 'Conforms' box on the Audit Report.
7.5.9.1 A Critical nonconformance is a nonconformance with impact on
critical corporate objectives and if safety related will result in the
audit being stopped temporarily until the issue is addressed.

7.5.9.2 A Major nonconformance is a serious departure from the audit

criteria, a high risk to the organisation and generally will take time
to correct.

7.5.9.3 A Significant nonconformance is where a number of incidents of

Minor nonconformity in one specific aspect are identified.

7.5.9.4 A Minor nonconformance is an isolated incident of nonconformance,

a low risk to the organisation and can be fixed in a short time.

7.5.10 The Audit Report shall be issued to the Manager and Supervisor having
responsibility for the area audited as soon as practical after the completion
of the audit.

7.5.11 The audit is considered completed when all activities described in the Audit
Plan have been carried out and the Audit Report has been distributed. The
Auditor shall forward a copy of all audit notes to the Team Leader IMS who
shall retain these records for future reference.

7.6 Corrective Action and Follow-up

7.6.1 Once a nonconformance is identified and documented it shall be corrected.

7.6.2 Upon receiving notification of the nonconformance, the Manager or his

delegate (responsible person) shall investigate the cause of the issue noted
as a nonconformance, decide on what corrective action is going to be taken
and seek auditor approval. The responsible person shall record the agreed
corrective actions and proposed completion date in the database.

7.6.3 The responsible person shall take timely action to prevent a recurrence
of the issue and complete the relevant section of the Corrective Action
Request. Where no action is taken, the IMS Team Leader will bring it to the
attention of the relevant General Manager.

7.6.4 On receiving notice that the permanent corrective action is complete, the
Lead Auditor will arrange for the Auditor to conduct a follow-up audit to
ensure that the corrective action has been effectively implemented. This
verification may be part of a subsequent audit. Once verification is complete,
the Auditor shall initiate closure of the CAR. However, if more work is needed
to fully implement permanent corrective action, a new follow-up date shall
be agreed and entered into the database.

PD-8-004 Rev. 3 Approved By: Sustainable Finance Manager Page 6 of 7

Document issue is correct at the time of print. For printed copies, use IMS Intranet Page to verify correct issue.
 7.6.5 Each quarter a status report of all outstanding corrective actions will be
tabled at the Internal Audit and Risk Committee.

7.6.6 The results of all internal audits form an integral part of the input for the
management review process. At the end of the auditing cycle, all reports
established during the cycle are compiled and analysed and are presented
at the next management review meeting.

7.7 Opportunities for improvement

7.7.1 Audit Reports may include any general observations which the auditor
considers to be constructive or an opportunity to improve the organisations
processes.

7.8 Auditor Evaluation

7.8.1 Auditor performance shall be continually evaluated to provide feedback and
to identify needs for maintenance and improvement of knowledge and skills.

8.0 RECORDS

Records relating to individual audits can be accessed via the electronic copy of the
Audit Report retained in the Risk Management Database. Records maintained within the
database include:
1) Audit reports;
2) Nonconformity reports;
3) Corrective action requests;
4) Audit follow-up reports;
5) Recommendations for improvement.
Other Records maintained include:
1) Audit plans (archived in RecFind Record Management System);
2) Auditor training and evaluation (retained in employee records);
3) Management review of the audit programme (retained in Governance s-drive IMS).

PD-8-004 Rev. 3 Approved By: Sustainable Finance Manager Page 7 of 7

Document issue is correct at the time of print. For printed copies, use IMS Intranet Page to verify correct issue.