Requirements for Site Inspections for Legal Compliance

[mjr511]

Hi,

We maintain a management system certified to 9001 and 14001.

The scope of our system is the “Management and design of Projects and Tasks including highways, bridges, drainage, coastal protection works and Road Safety Initiatives to meet the requirements of Customers and Stakeholders, whilst maintaining regard to this organisation's recognised environmental responsibilities.”


Basically our department (the system is for a department within a local government authority) handles the project management of civil engineering schemes, so it's the design and project management. With respect to the site we project manage (eg keep control of cost, time, and quality) but we employ external contractors from different organisations to do the work.


What is the view of the community on where our legal responsibilities end? Currently our system requires project managers to carry out regular site inspections (which cover quality, environmental and health & safety elements) on all schemes, and our audit team do the same (on the specific projects they audit).


Should the PM and the auditor (as we do now) be checking that the contractor is complying with legal requirements? Or should the auditor simply be checking that the PM is following the instruction to do site inspections? Does the PM need to do site inspections at all? (not that we would stop doing them but I'm interested in the views of the community)


Two of our audit team have different views on where they need to stop auditing. One suggests that carrying out a quick check that the contractor is complying with legal requirements is sufficient, whilst the other is of the opinion that they need to go into more depth than this.


We've also had differing views from our certifying body - some of their auditors seem to expect us to go quite indepth with the contractors compliance with the law, whilst the latest one we had just checked that we had carried out site inspections in line with our instruction under our management system and moved on.


Opinions on where our responsibilities under 9001/14001 start and end are welcomed.


Regards, Mike

[Jennifer Kirley]

Welcome to the Cove Mike!

From "across the pond" it is difficult to give specifics, but I can vouch for my own audit experience with 9001, TS 16949 and 14001.

In this experience the decision for extent of monitoring it comes down to liability. A specific example is handling of hazardous waste. While the transporter of hazardous waste is responsible to maintain the vehicle, licensing and logs according to Department of Transportation, legally m employer still "owned" the waste and as such we were responsible for its safe transport to its destination. So, based on that liability our people performed methodical inspection of the vehicle, logs, licenses and then the loading and securing of the material.

So, based on that I think the best advice I can give you is to investigate where your contractors' liability ends and yours begins. Maybe there is some overlap which add to the confusion, still liability is in place as in the example I described. If you need a legal expert's help, your local government may be able to direct you to an agency to help. I do support reasonable audit activities to verify the contractor's activities are performed legally, based on Note 3 of 4.1 in ISO 9001:2008:

Quote:

Ensuring control over outsourced processes does not absolve the organization of the responsibility of conformity to all customer, statutory and regulatory requirements. The type and extent of control to be applied to the outsourced process can be influenced by factors such as

a) the potential impact of the outsourced process on the organization's capability to provide product that conforms to requirements,
b) the degree to which the control for the process is shared,
c) the capability of achieving the necessary control through the application of 7.4.

[somashekar]

Quote:

What is the view of the community on where our legal responsibilities end?

It does not end as you stand accountable, while the contractor executes tasks for you and will perhaps have some responsibilities.

Quote:

whilst the other is of the opinion that they need to go into more depth than this.

This opinion is logical as you remain accountable.

Quote:

Ensuring control over outsourced processes does not absolve the organization of the responsibility of conformity to all customer, statutory and regulatory requirements.

When you read this quote, the above opinion makes more sense also.
In fact a lot goes into evaluation and selection of the contractors with considerations about his capabilities to meet your legal requirements. On going evaluation and compliance to legal stuff must be handled as closely and thoroughly AS IF you are managing them.

Quote:

We've also had differing views from our certifying body - some of their auditors seem to expect us to go quite indepth with the contractors compliance with the law, whilst the latest one we had just checked that we had carried out site inspections in line with our instruction under our management system and moved on.

Please do not do anything from the view point of CB. Know that accountability is on you and ISO14K is also about commitment to identify and meet applicable legal requirements.

[mjr511]

Thanks for your responses, you've both been very helpful, thank you.

Just to clarify on one point, our Project Managers currently undertake site inspections of our contractors to ensure the contractors are adhering with legal requirements. When I audit a project that is being managed by one of our Project Managers, do you think I should be carrying out a site inspection of the contractors site in the same detail as the Project Manager, or am I auditing to ensure that the Project Manager has undertaken their site inspections in line with our management system instruction (which details how and when they should do site inspections) - quite happy to go either way, but it affects the approach all of our auditors need to take and what training they need.

The reason this stands out is because for the rest of the management system our audit essentially is to check that the PM has followed the management system, but the site inspection seems to go beyond this level, with the auditor essentially repeating one of the activities that the PM is instructed to do by the management system.

As an example, as auditors we check that the PM has produced their Project Initiation Document, and followed the various approval checks in the management system. But we don't check the design of the project, except to ensure that drawings are numbered in line with the management system, we rely on the PM to be responsible for the design. So shouldn't we (as auditors) rely on the PM to be responsible for carrying out site inspections?

Regards, Mike

[Jennifer Kirley]

There are a number of ways to verify processes are being completed - and performing site audits for contractors' legal compliance, as you and I both described, is a process.

Evidence is probably available in the form of records; for your legal protection such records might be required, so their review might be very important to you.

There is also examination of conditions in place when you visit the site. It stands to reason that if enforcement of compliance is being performed by your project manager, requirements are being met on a routine basis. You would need to know enough about these requirements to perform this review, or else bring a subject matter expert and/or documentation that can serve as a resource.

Lastly it can make sense to time your visit for one of these audits, which I was able to do for the inspection of hazardous waste transportation services. The project manager can walk you through the process used for the audits he performs. This might provide the added benefit of an opportunity to evaluate this person's competence in auditing. So I find this kind of visit ideal, but I reiterate that a review of records should be included in your audit of the process.

[somashekar]

Quote:

In Reply to Parent Post by mjr511

Thanks for your responses, you've both been very helpful, thank you.

Just to clarify on one point, our Project Managers currently undertake site inspections of our contractors to ensure the contractors are adhering with legal requirements. When I audit a project that is being managed by one of our Project Managers, do you think I should be carrying out a site inspection of the contractors site in the same detail as the Project Manager, or am I auditing to ensure that the Project Manager has undertaken their site inspections in line with our management system instruction (which details how and when they should do site inspections) - quite happy to go either way, but it affects the approach all of our auditors need to take and what training they need.

The reason this stands out is because for the rest of the management system our audit essentially is to check that the PM has followed the management system, but the site inspection seems to go beyond this level, with the auditor essentially repeating one of the activities that the PM is instructed to do by the management system.

As an example, as auditors we check that the PM has produced their Project Initiation Document, and followed the various approval checks in the management system. But we don't check the design of the project, except to ensure that drawings are numbered in line with the management system, we rely on the PM to be responsible for the design. So shouldn't we (as auditors) rely on the PM to be responsible for carrying out site inspections?

Regards, Mike

The auditor must have a good grip about the legal requirements.
The review of the previous legal compliance audit and open items if any, and how they have been addressed will form a part.
Please also look at new legal requirements and changes in legal requirements that stands applicable and how they have been identified and brought into the legal compliance.
Keep in mind that like all other processes the legal also falls into the PDCA cycle. Some legal compliance returns / submissions are date based and missing on them is a violation. Audit if these have been brought into the plan and likewise done.