PODCAST TRANSCRIPT:

Internal Audits:  A conversation with Sarah Smart
August 26, 2022

Internal audits are such an important aspect of the R2 certification process that we’ve decided to do another podcast to this topic.  Today, I’ll be interviewing SERI’s R2 Specialist, Sarah Smart on this episode of Ask the R2 Guru.  I’m Roger Greive from SERI – Champions of Electronics Sustainability.

Sarah Smart has been training auditors around the world in the environmental, health and safety realm for more than 20 years.  She joins us from her hobby farm in Northern Michigan where she focuses on living out her sustainability dream.

(RG) Sarah, you’ve done more than just about anybody else to train all the auditors for R2, so you’re the perfect person to talk to when we discuss internal audits.  So, first of all, welcome to this podcast.

(SS) Thanks Roger for having me on — I’m super excited to get to talk to you about internal auditing

(RG) So why, in your opinion, is an internal audit important?

(SS) An internal audit is a great preparation tool for all the external audits that will be a constant in the recycler’s certification process — the initial stage 1/stage 2, surveillance, and recertification audits.  But it can also provide value for organizations as a means of identifying continual improvements and areas that are lacking.

(RG) So what are the main differences between an internal audit and say a management system audit for ISO 14001 or RIOS?

(SS) We like to say that an internal audit for R2 is really looking at outcomes.  We’re looking at more than just the procedures and policies that make up a management system.  If you’re looking at ISO 9000, 14000, 45001, or RIOS, those are all infrastructures that provide the management system that the R2 requirements are built on.

When you look at an R2 internal audit, it’s really looking at the details…the outputs…how are the R2 requirements being implemented?   It’s an outcomes-based audit that looks at records, versus a procedure-based audit that looks at the procedures and policies documented in the management system.  The R2 audit is going to be focused on tracing back the shipments to things like the data sanitization records, and test and repair records.

(RG) Is that what you mean by an audit trail?  You mention that a lot in the lead auditor training

(SS) An audit trail is kind of a new thing I’ve started talking about in the lead auditor class.  It is really triangulating information.  You take a shipment and trace it back to the equipment that was on that shipment.  You look at the test and repair records possibly for that shipment, the data sanitization records for that shipment.   By looking at the specifics for a particular shipment, you are triangulating back, connecting a shipping record to a data sanitization record, to a test and repair record.  That is looking at the audit trail — taking a specific piece of information and tracing it back to other pieces of information.

(RG) Can this audit trail apply to an individual piece of equipment instead of an entire shipment?

(SS) Absolutely, Roger.  Take the situation where the auditor is touring the warehouse.  They could pull a piece of equipment off the shelf that was ready for shipment to an end user, then trace the specific unique identifier for that equipment back to a test and repair record, back to a data standardization record.  Or you could look at a piece of equipment that is in an operator’s area and has just been completed.  So definitely, you can use a unique piece of equipment versus a shipment.

(RG) Well, speaking generally about the audit process, Sarah, one of the more important things of facility can do is find a good internal auditor.  In the past, a lot of our communications have said that the auditor competency can be shown by some combination of training, experience, and education.  You have a lot of experience of this in training just about every Lead Auditor we’ve had.  How does that relate to the internal audit competency process?

(SS) When we think about determining the competency of any individual, we look at a combination of training, education, and experience.  And when we think about the R2 internal auditor, we want to consider specifically what are the activities and processes that this internal auditor will be looking at.  Will they going to be looking at test and repair, or at data sanitization?  Will they be looking at compliance-type requirements, legal and regulatory requirements?

So, when we circle back around, we have to ask, as an internal auditor for my organization, what are the specific qualifications needed for my internal auditor?  Not just any internal auditor, but an internal auditor who has the specific requirements and capabilities to audit my organization.  The Consultant Directory on the SERI website is a great place to start because those specific individuals on the list have been through lead auditor R2v3 training.  Although the Consultant Directory can be a good place to start, you don’t have to take an R2v3 lead auditor training to be an R2v3 internal auditor.   What is most important is that the internal auditor has a very good understanding of the R2v3 requirements and understands the type of operation and work taking place.  So, like I said, test and repair, data sanitization, processing specific equipment, components, or materials…what do you manage and what does your internal auditor need to be knowledgeable of?

(RG) So, a facility has found one or more internal auditors, they’ve got their program together, they’ve got their materials gathered. Let’s talk as we finish up here, how to actually do an internal audit.  What should a facility do, what should an auditor do, and how do they work together to make this thing happen?

(SS) Great question, Roger.  I don’t think there’s one specific methodology to be used to carry out an internal audit.  Again, if you’re going to choose an internal auditor, that auditor is hopefully going to have experience auditing.   When we talk about conducting an internal audit, though, I always joke in my lead auditor class that the lead auditor’s job is to look for conformance, and the job of the internal auditor is to look for nonconformance.  The reason why I say that is because an internal auditor is really doing a deep dive into the R2v3 requirements and how that recycler can show objective evidence to a customer…objective evidence to an external auditor, on how the R2v3 requirements are actually being implemented.

It is not just having the great Data Sanitization Plan or R2 Reuse Plan, but actually showing evidence that the Data Sanitization Plan and the R2 Reuse Plan are actually being implemented.   When we look at an internal audit, the process is to take the R2 requirements in the recycler’s procedures and policies, and really demonstrate in an audit report and audit evidence that the recycler is meeting those R2 requirements.  That can be done through touring the facility and looking at the actual activities being conducted along with looking at the documentation, and like I said before, triangulate it to those data sanitization records and those tests and repair records.

(RG) As we close out here, can you describe how the process of nonconformances and opportunities for improvement and observations all interact in an internal audit?

(SS) I love that question, Roger.  I’ve always said that an internal audit really needs to provide value.  It is not a pencil-whipping exercise where someone comes in, quickly goes through the requirements, and provides a report that will be shown to the external auditor, but nothing really comes out of the internal audit.  The purpose of an internal audit is to provide value for an organization.  Some of that value comes in the nonconformances, the observations and the opportunities for improvement.

If your audit result is not providing nonconformances, opportunities for improvement and observations, then I would say that it’s not serving its intended purpose.  A nonconformance, of course is going to identify a gap.  Perhaps the internal audit identifies that the Data Sanitization plan hasn’t identified Apple watches—it only identifies laptops and monitors.  That’s a gap.  That’s a nonconformance.  Correcting that nonconformance is going to provide the guidance that is needed to sanitize an Apple Watch.

When we think about an opportunity for improvement, it’s the internal auditor’s job to take their knowledge, their work experience, their ability to look at a process and say, I think you can do that process better.  An external auditor can’t really consult or tell you specific ways to improve, but for an internal auditor, that should be one of their goals.  An internal auditor can help an organization, help a recycler, to improve their processes so they’re more effective, more efficient.  That should be one of the outcomes from an internal audit.  It’s not just identifying nonconformances, it’s providing guidance on where to improve and how to improve.  That’s definitely one of the outcomes that I would expect to see in an internal audit.

(RG) Which is another reason why the facility should take so much time in choosing a competent auditor that can provide that level of assistance.

(SS)Absolutely.

(RG) Sarah, thank you so much for your time with us.  For the facilities listening — your auditor, whoever they are, has probably been trained by the person you’ve been listening to for the last few minutes.  Sarah is the chief trainer for all of the R2 lead auditors and we thank her very much for her work in this area and for your time today.  Thanks again.

(SS) You’re welcome, Roger.  Thanks for having me on.  As I mentioned in the last podcast in this series, at SERI we know how important an internal audit program can be, so we’re continuing to develop new training tools to help you, including new videos, information sheets and sample forms.  Anything new is announced on the SERI website.  Search the Recently Added column on our Knowledge Base page.

That’s it for this episode of Ask the R2 Guru.  Thanks for listening, and thanks as always to the SERI team for their assistance in producing this podcast.  You can find a complete transcript of my conversation with Sarah Smart in the Podcast section of the R2 Knowledge Base on the SERI website. You’ll find that at sustainable electronics.org.