PODCAST  TRANSCRIPT:   

Helpful hints when scheduling your Internal Audit

In the R2v3 standard there are some changes in the interactions between internal audits and third-party R2 audits and it’s important for recyclers and refurbishers to be aware of these changes as they prepare to transition to the R2V3 standard.  That’s the topic of this episode of Ask The R2 Guru. I’m Roger Greive, from SERI — sustainable electronics recycling international.

If you’re pressed for time, here is the heart of this podcast in two sentences: you need to schedule your internal audit, data security audit and legal compliance audit well in advance of your annual R2 audit. The reason for this is that any non-conformances found in these three audits need to be closed before your annual R2 audit.

So let’s go back a few steps… The R2V3 standard is based on the idea of continuous improvement. Facilities are stronger when they’re committed to improving and maintaining their conformance to best practices. Non-conformances, whenever they are found, or not meant to be a punishment but instead an opportunity to closely examine your operation and to make continuous improvements.

I’m going to be using the phrase “close your non-conformance” throughout this podcast so I want to be clear about what we mean by that.  In every management system, as well as in the R2 standard, it’s expected that R2 facilities will conduct a documented process for closing any non-conformance. As you probably know, this process has four steps.

1. The first step is correction which stops whatever caused the nonconformance in the first place.
2. The second step is root cause analysis which allows you to figure out why the nonconformance happened. There are many methods of finding the root cause, the most well-known being the five whys method.
3. The third step is corrective action which puts controls in place to address the root cause and not the original nonconformance.
4. Finally there’s verification which monitors the changes put in place to make sure they’re effective in preventing the nonconformance from happening again.

When these four steps have concluded, and the actions have been documented, the nonconformance is considered closed.

So this is why it’s so important that any non-conformances found in an internal, legal compliance or a Data security audit need to be closed before your annual R2 audit. If they are not closed, your R2 auditor will add these non-conformances to any other nonconformance that they may find in your annual R2 audit. If there are a lot of these previous non-conformances hanging out there unresolved, there’s a possibility your auditor could have a new nonconformance relating to your corrective action process, and you don’t want that.

You need to balance the need for adequate time to close any NCs found in your internal, legal compliance or data security audits against the possibility that new conditions, materials or procedures could be introduced in the time between those audits and the annual R2 audit. It’s not good practice to conduct an Internal audit a month after your annual R2 audit, but you should not wait until one month before your annual audit either.

Here is the ideal order of an audit sequence: your facility prepares all documentation in advance of the Internal, data security audit and legal compliance audits. Any nconformances found in these three audits are closed after the four-step process of correction, root cause analysis, corrective actions and verification. Documentation of the closure of these non-conformances is available to your R2 auditor as part of their determination of Stage 1 audit readiness, or as part of pre-audit documentation for Surveillance or Recertification audits.  This Nonconformance process is covered in detail in the R2v3 Code of Practices. It’s located in section 8.9 on page 30 of the latest PDF version of the COP, revision 2.2.

A couple of additional items as we close this episode. For your internal audit, data security audit, and legal compliance audit it’s important to ensure the competency of the auditor for each one. This usually requires more than one auditor because of the background and training required for each of these three areas. If you’re a small to medium sized facility, you might consider an external person to do these audits to avoid conflict of interest. An auditor cannot have the responsibility of correcting the non-conformances that they have found.

Finally, another change in the R2v3 standard is that any non-conformances, major or minor found in your annual R2 audit need to be closed before your new R2 certificate can be issued. More details on this process can also be found in the same section of the code of practices.

As always, I hope you’ve enjoyed this episode of Ask The R2 Guru and found it helpful. Thanks to Sean DeVries, Sarah Kim and Jeff Seibert for their assistance in producing this podcast series. If you have any questions or comments or want to suggest a topic for a future podcast please use the Contact Us form on the SERI website. You’ll find us at Sustainable electronics.org.