Description
The Pharmaceutical Supply Chain Initiative (PSCI) is a group of pharmaceutical companies that share a vision of better social, economic and environmental outcomes for all those involved in the pharmaceutical supply chain
1
Pharmaceutical
Supply Chain
Initiative
Audit Program
Guidance
2
PHARMACEUTICAL SUPPLY CHAIN INITIATIVE (PSCI)
AUDIT PROGRAM GUIDANCE
April 2013
BACKGROUND
This document is designed to be used by PSCI members, audit contractors and suppliers. It
provides a detailed overview of the audit process and corresponding roles and responsibilities at
each stage of the process.
Together with the PSCI Principles this document is designed to ensure that audits undertaken
on behalf of PSCI provide a consistent and reproducible approach, provide assurance that
audits are carried out against the PSCI Principles and provide the foundation for a shared audit
program.
This document provides approved PSCI auditors and suppliers with the methodology on how
PSCI audits will be conducted and managed. Any deviations from the audit program described
in this document must be noted and recorded in the PSCI Audit Report in the appropriate
place.
Contents
BACKGROUND ......................................................................................................................... 2
1.0 INTRODUCTION AND PURPOSE .................................................................................. 3
1.1 PSCI AUDIT PROGRAM BASICS ................................................................................... 3
1.2 REFERENCES ................................................................................................................ 4
2.0 PSCI AUDIT PROGRAM FUNDAMENTALS ................................................................... 6
2.1 PSCI AUDIT SCOPE AND OBJECTIVES ........................................................................ 6
2.2 PSCI SOCIAL (ETHICS AND LABOR) AND HSE AUDIT COMPONENTS ...................... 7
2.3 APPROVAL AND REGISTRATION OF PSCI AUDITORS AND AUDIT COMPANIES ..... 7
3.0 PRE-AUDIT ACTIVITIES ................................................................................................. 9
3.1 PSCI AUDIT INITIATION ................................................................................................. 9
3.2 AUDIT PLANNING – PRE AUDIT ACTIVITIES .............................................................. 11
3.3 AUDIT PLANNING - AUDIT LENGTH............................................................................ 13
3.4 AUDIT LOGISTICS - SITE VISIT AGENDAS ................................................................. 15
4.0 AUDIT EXECUTION AND POST AUDIT ACTIVITIES ................................................... 16
4.1 GENERAL AUDIT GUIDELINES ................................................................................... 16
4.2 NORMAL AUDIT PROCESS ......................................................................................... 18
4.4 FOLLOW-UP AUDIT PROCESS ................................................................................... 22
3
1.0 INTRODUCTION AND PURPOSE
The Pharmaceutical Supply Chain Initiative (PSCI) is a group of pharmaceutical companies
that share a vision of better social, economic and environmental outcomes for all those involved
in the pharmaceutical supply chain. This includes acceptable conditions for workers, safe
processes and facilities, economic development and a cleaner environment for local
communities.
The PSCI group created the Pharmaceutical Industry Principles for Responsible Supply
Chain Management ("PSCI Principles"). The PSCI Principles address five areas of
responsible business practices and related management systems throughout the
pharmaceutical industry's supply chain: ethics, labor, health, safety and environment. The PSCI
Principles are consistent with industry and international expectations and are applicable both in
developed and developing countries for all pharmaceutical suppliers ranging from service
providers to chemical manufacturing companies and to contract manufacturers.
PSCI recognizes that its members have large and diverse supply bases, and there will be
advantages to both, PSCI members and suppliers, in adoption of a shared audit approach.
Supply to patients is expected to improve via more robust supply chain risk management and
compliance with regulatory requirements and the PSCI Principles. Expected benefits for
suppliers include reduced audit visits and a more consistent approach from pharmaceutical
companies.
Overall, the shared audit approach is expected to improve supplier performance in the area of
ethics, labor, health, safety and environment by increasing the number of suppliers assessed
and providing a consistent approach with reference to a common set of principles and values.
This document describes the PSCI shared audit program which is based on:
? A defined PSCI audit scope with defined PSCI audit criteria
? A defined methodology for the audit process from initiation, through execution to
reporting
? A defined methodology for responding to audit findings/observations and corrective
action tracking
? A defined mechanism for sharing of audit reports
? Clear requirements and defined minimum qualifications and experience for auditors
conducting PSCI audits
1.1 PSCI AUDIT PROGRAM BASICS
PSCI audits as described in this document are designed to assess a supplier’s performance
against the PSCI Principles and regulatory requirements in the areas of ethics, labor, health,
safety, and environmental management. The PSCI audit program is based on accepted
industry practices in these fields as defined in internationally recognized standards including
ISO 19011: “Guidelines for quality and/or environmental management system auditing”, OHSAS
4
18001 “Occupational Health and Safety Management Systems – Requirements” and SA8000
Social Accountability “International Standard for Improving Workplace Conditions “.
PSCI audits are conducted in three steps:
? Pre-audit Activities – Audit Planning
? On-Site Activities – Audit Execution
? Post-Audit Activities- Reporting, Corrective Action, Follow-up and Closure
The basic methodology for how to conduct each of these three steps can be found in ISO 19011
and is not repeated in this document.
This guidance is based on accepted industry practice in the field of Health, Safety &
Environmental (HSE) auditing and Social and Ethical auditing across the world. PSCI audits are
conducted by qualified third-party auditors and the program relies heavily on the controls that
already exist within established third-party audit firms that have auditors certified to recognized
standards. The audit firms conducting the audits should be SA8000 certified members of the
International Federation of Inspection Agencies (IFIA) and/ or the Institute of Environmental
Management & Assessment (IEMA) with procedures in place to manage and monitor the
integrity of the audits they conduct on behalf of the PSCI.
There are differences in the methodology and scope of social (ethics and labor) audits
compared to HSE audits. A PSCI audit requires both areas to be assessed and is likely to
require specialist auditors for each. In cases where a small company is audited, a single auditor
trained and experience in both social and HSE may conduct the assessment.
Language and cultural issues can severely impact the quality of an audit. To ensure PSCI audits
are of a high standard, auditors should be fluent in the local language and in English. Auditors
must be knowledgeable of local HSE and labor regulations. The social audit should be
conducted in the local language. If a qualified HSE auditor does not speak the local language, a
technical interpreter needs to be present during the audit. Reporting will be in English. Where
practical and necessary, key parts of the audit report may need to be provided in both, the local
language and English.
1.2 REFERENCES
The PSCI Principles and the PSCI audit program draw heavily on and are closely aligned with
the following internationally recognized standards, guidance documents and declarations:
PSCI RESOURCES:
The PSCI documents listed below can be downloaded for free at:
www.pharmaceuticalsupplychain.org
? PSCI Principles
? PSCI Implementation Guidance
? Data Sharing Agreement
? Self-Assessment Questionnaire (SAQ)
? Pre-Audit Document Request List
5
? PSCI HSE Check List
? Corrective Action Plan Report
? PSCI Audit Report (attached with this document, via email)
Should you have any difficulties obtaining these documents please email the PSCI Secretary at
[email protected]
EXTERNAL RESOURCES:
? Ethical Trading Initiative (ETI)
? International Labor Organization (ILO) Code of Practice in Safety and Health
? ILO International Labor Standards
? ISO 14001 Standard for Environmental Management Systems
? ISO 19011: Guidelines for quality and/or environmental management system auditing.
? OECD Guidelines for Multinational Enterprises
? OHSAS 18001 Standard for Occupational Health and Safety Management Systems
? Responsible Care®
? SA8000: International Standard for Social Accountability
? United Nations Convention Against Corruption
? United Nations Global Compact
? Universal Declaration of Human Rights
? ISO26000, “Guidance on Social Responsibility” a guide to help organizations on Social
and Environmental Responsibility
6
2.0 PSCI AUDIT PROGRAM FUNDAMENTALS
2.1 PSCI AUDIT SCOPE AND OBJECTIVES
PSCI audits as described in this audit program are designed to assess a supplier’s performance
against the PSCI Principles and regulatory requirements in the areas:
? Ethics
? Labor
? Health & Safety
? Environmental Protection, and
? Management Systems.
Our goal is to ensure that any supplier manufacturing products, providing services or supporting
our industry have the opportunity to demonstrate compliance with the PSCI Principles.
The scope of a PSCI audit should be documented. This includes key plants and processes,
laboratories, utilities, and infrastructure areas (e.g. storage areas, waste facilities, waste water
treatment units, workshops, security and fire service arrangements, canteens, kitchens and
dormitories). It shall also cover the office area (especially at service provider sites) and the labor
conditions of staff on site. It is not limited to permanent staff and should extend to temporary
and contract staff, as well as migrant workers. The site assessment should cover all internal and
external areas of the facility. It includes management systems and key program elements
including policies, standards, resource, competencies and capabilities. Confidentiality and
intellectual property protection must be guaranteed. Where a PSCI member representative is
present at an audit, careful controls are required to ensure discussions, disclosures and
observations are restricted to only the individual PSCI member’s interests. This is absolutely
necessary to maintain antitrust considerations.
Any deviation from the intended scope of the audit should be clearly documented in the audit
report. For example, if the audit focuses on HSE only and does not review ethics and social
topics, the scope statement shall document this fact.
The objectives of PSCI audits include:
? Consistent assessment of a supplier’s performance against the PSCI Principles and
relevant laws and regulations to provide assurance to PSCI members. This includes:
o identification of key risks
o an understanding of the supplier’s compliance with the PSCI Principles,
regulations and their effectiveness/ability to identify and manage key risks
o sufficient information to allow PSCI members to determine the acceptability of the
supplier
? Sufficient information to allow the supplier to understand development needs and to
develop a comprehensive improvement program
? Enable a supplier to identify root causes and undertake continuous improvement efforts
? Educate a supplier about PSCI and regulatory expectations
7
2.2 PSCI SOCIAL (ETHICS AND LABOR) AND HEALTH, SAFETY AND
ENVIRONMENTAL AUDIT COMPONENTS
A PSCI audit consists of social (ethical and labor) and HSE (health, safety and environmental)
aspects as outlined in the PSCI Principles. While focus and depth of both social and HSE
audits and the methodology for assessment may be different to some extent, both parts should
ideally be addressed during the same audit visit.
The most recognized international standard for social auditing is SA8000, a voluntary standard
which governs employees' working conditions, developed by Social Accountability International
(SAI). The PSCI Principles for ethics and labor and this audit program draw heavily on the
above referenced documents.
The foundation for HSE audits is compliance with local and national HSE legislation, as well as
international industry norms of acceptable practices. An international standard for HSE
legislative compliance does not exist since the regulations vary significantly from country to
country. HSE auditors must be knowledgeable of country specific legislation in order to be able
to effectively audit a supplier site and country-specific auditing checklists or tools should be
used. International standards on management systems requirements for HSE do exist and
should be used. These include ISO 14001 and OHSAS 18001.
A PSCI supplier audit team will generally consist of two auditors - one for social and one for
HSE unless one person can clearly demonstrate adequate skills and experience in both areas
(see 2.3 below). The two auditors usually undertake different activities while on site.
2.3 APPROVAL AND REGISTRATION OF PSCI AUDITORS AND AUDIT
COMPANIES
PSCI audits must be undertaken by qualified third party audit companies and auditors approved
by PSCI. PSCI audit program may utilize audits by audit firms that are accredited under SA8000
and are listed in IFIA or equivalents like IEMA.
2.3.1 Auditor Qualifications and Experience
In order to ensure the integrity of the audit process, it is essential that auditors are appropriately
qualified. All third party audit firms that conduct these audits will need to be approved by the
PSCI Secretary.
The audit company must ensure that:
? The lead auditor has extensive experience and qualification relevant to the type of
supplier facility being audited. I.E. pharmaceutical, chemical, etc.
? At least one auditor is certified by a recognized social auditor body, e.g. SA8000 and
may include an audit company’s system if independently certified
8
? There is at least one auditor knowledgeable in local HSE regulations
? Auditors have knowledge of local working conditions
? Auditors should be fluent in the main languages spoken at the site, both management
and workers
? Auditors should be fluent in both spoken and written English
? Auditors need to have the proven ability to write reports in English that are clear and
unambiguous
? Auditors have knowledge of the applicable industry
? Auditors demonstrate the competencies listed in ISO 19011
The guideline for minimum experience for individual HSE and social auditors is shown in the
table below:
Social Auditor HSE Auditor All Auditors
Office/service company ? 2 years social auditing
experience
? SA8000 certified or
equivalent
? 2 years HSE auditing
experience, in country
experience is preferred
? Fluent in local
language (at least
the social auditor)
? Proficient in
English (written
and spoken)
? Knowledgeable of
local regulations
(HSE or labor
regulations
depending on
role)
? Familiar with local
culture
? Audit firms must
be able to
demonstrate the
proficiency of their
auditors to audit
against the
requirements of
SA8000, ISO
14001, OHSAS
18001 and
Health, Safety
and
Environmental
regulations and
standards as
applicable.
Simple
manufacturing/assembly
? 2 years social auditing
experience with at
least 1 years of
experience in the
country of concern
? SA8000 certified or
equivalent
? 2 years HSE auditing
experience with
manufacturing companies
with at least 1 years of
experience in the country
is preferred
? Certified Professional
Auditor (CPA) or Certified
Safety Professional (CSP)
or equivalent
Complex
manufacturing/API/CMO/
Chemical
? 3 years social auditing
experience with at
least 2 years of
experience in the
country of concern
? SA8000 certified or
equivalent
? Technical degree in
chemical engineering,
chemistry or similar
qualification
? 3 years HSE auditing
experience with at least 2
years of experience in the
country is preferred
? Performed more than 10
audits of similar facilities
? Certified Professional
Auditor (CPEA) or Certified
Safety Professional (CSP)
or equivalent
? Knowledge of specific HSE
topics like Industrial
Hygiene, Process Safety
Management and
Hazardous Waste
Management
9
As part of their continuous professional development, all auditors are subject to a review and
appraisal of their performance. This includes:
? Social auditors should attend an SA8000 full refresher course every two years and
demonstrate completion of a minimum of 12 social audits every 2 years.
? HSE auditors must take refresher training every 2 years and should demonstrate
completion of a minimum of 12 HSE audits every 2 years
? All auditors’ performance may be monitored on an ongoing basis by a combination of
audit report review, audited supplier feedback and observed audits.
? Provisions within the third party audit company to ensure continual development of
auditors
PSCI reserves the right to verify the qualification of auditors by checking their CV’s and
credentials, by rating audit reports written by them and by collecting feedback on the auditors’
performance.
3.0 PRE-AUDIT ACTIVITIES
The following section describes, in sequence the steps required to initiate and plan an audit and
the parties responsible for each step. The section describes the pre-audit activities for PSCI
member companies and supplier-initiated audits.
3.1 PSCI AUDIT INITIATION
3.1.1 Audit Request
The audit request may either come from an individual PSCI member or from the PSCI Secretary
representing a shared audit for more than one PSCI member, or from a supplier.
As part of the audit request, the supplier must understand that PSCI is a not for profit
organization whose members are committed to continuous improvement of ethical and
responsible practices in their supply chains. PSCI promotes data sharing to ease the
administrative burden on suppliers when working with one or multiple PSCI member companies
that require PSCI audits. Suppliers that have been formally audited under the PSCI process can
decide to share the PSCI Audit Report and Corrective Action Plan Report updates with all
PSCI members or with selected members only. Suppliers have the right to choose which PSCI
member companies have the right to view their audit reports.
The PSCI Secretary or the PSCI member company must advise the candidate audited party of
the requirement and process of the PSCI audit sharing and management process and
associated fees for these services.
To share a PSCI Audit Report and Corrective Action Plan Report with other PSCI member
companies, the supplier should put an “accept” check mark into the Self-Assessment
Questionnaire (SAQ) which is also used as pre-audit questionnaire. In addition, the supplier
must complete the Data Sharing Agreement and send the signed Agreement to the PSCI
Secretary to allow sharing of the final PSCI Audit Report and Corrective Action Plan Report.
10
3.1.1.1 Audit Request by a PSCI Member or Members
All PSCI member companies are free to approach suppliers to conduct a PSCI audit at a
specific supplier site. Before PSCI member companies approach a supplier, they should check
with the PSCI Secretary to determine whether any Audit Reports, Corrective Action Plan
Reports, SAQ’s or other documents are available, and whether the specific site has recently
been audited. They should also check whether there is an audit planned in the near future.
If this is not the case, the PSCI member should go ahead and work with the supplier and the
audit firm on the further preparation for the audit.
If an audit has been completed recently or an audit is planned, the PSCI Secretary will approach
the supplier to determine if the supplier will share the PSCI audit on file or the planned audit
results with the PSCI member making the request for the audit. Only audits that have been
formally endorsed by the supplier will be shared in the program.
3.1.1.2 Coordinated Audit
PSCI members may wish to have audits coordinated on their behalf through the PSCI
Secretary. The PSCI Secretary will work with individual PSCI members’ confidential supplier
lists to identify suppliers that one or more PSCI member are interested in having audited. The
PSCI Secretary will approach the supplier to determine if the supplier will share the PSCI audit
on file or the planned audit results with the PSCI members making the request for the audit.
Only audits that have been formally endorsed by the supplier will be shared in the program.
3.1.1.3 Audit Request by the Supplier:
Suppliers may request to be audited by PSCI. The supplier can contact a PSCI member
company who the supplier is in business with and ask them to sponsor an audit. Alternatively,
the supplier may nominate themselves to the PSCI Secretary requesting that they be audited.
The PSCI Secretary will then inform the supplier about the list of PSCI approved audit
companies. The supplier can then choose an audit company from this list and contact the audit
firm to work out the details including the cost to have an audit completed.
The audit company will then plan and execute the audit and provide a copy of the final PSCI
Audit Report and Corrective Action Plan Report to the PSCI Secretary for distribution to
PSCI members as specified by the supplier. Only audits that have been formally endorsed by
the supplier will be shared in the program.
3.1.2 Audit Quote Generation
Case 1: An individual PSCI member pays for the audit.
In the case where a PSCI member has a negotiated contract with an accredited audit company
in place, the agreed terms and conditions in the contract should be applied. In the case where
there is no agreement, the PSCI member can negotiate a contract with an accredited audit
company. Alternatively, the process outlined in Case 2 below should be followed.
Case 2: PSCI coordinated audit.
In this case, a group of PSCI members pays for the audit. PSCI member companies will work
under the direction of the PSCI Secretary, who will negotiate the audit contracts with certified
audit firms. Once PSCI has selected and approved an audit firm, the firm will be informed by the
PSCI Secretary of upcoming audits to conduct on behalf of PSCI. The PSCI Secretary will then
11
take the lead on identifying common candidate suppliers to be audited and then confidentially
approach PSCI members to solicit their participation to be involved in the audit of a supplier.
The PSCI Secretary will determine each PSCI member’s costs to fund the audit.
Case 3: Supplier pays for the audit.
In this case, the supplier can choose an audit firm from the list of PSCI-approved audit firms and
contact them to negotiate the terms and conditions for the audit.
Details within the quote for approval should contain but not be limited to the following:
? Fee for the audit (incl. report writing and, if necessary, fee for follow-up audit)
? Expenses (incl. travel, lodging, management fee and other possible expenses and fees)
? Any fees relating to upload of the report to the PSCI database if applicable
? Date of audit or date of when this will be known
? Proposed audit length (the PSCI recommendations in Chapter 3.3 should be followed)
? Audit scope
? Proposed audit team leader
? Audit team members for both the social and HSE audit elements
? Identification of report receivers
? Third-party report release approval
? Report delivery date
3.2 AUDIT PLANNING – PRE-AUDIT ACTIVITIES
3.2.1 Actions for the PSCI Secretary
The PSCI Secretary should have visibility of all audits that are planned in order to allow for
coordination and to avoid a supplier being approached by more than one PSCI member at the
same time. Specifically, the PSCI Secretary shall:
? Inform the supplier about the purpose and benefits of the PSCI audits and the PSCI
Principles.
? Issue the Data Sharing Agreement and Self-Assessment Questionnaire (SAQ) to
supplier(s) that have been agreed upon by the PSCI membership, or to any suppliers
that wish to share audits
? Ensure that the Data Sharing Agreement and SAQ is received two weeks in advance
of any planned audit and before an external auditor has been contracted
? Facilitate sharing of the SAQ with PSCI members, as permitted by the Data Sharing
Agreement
? Review Data Sharing Agreement and inform the supplier of path forward for audit
When audit takes place:
o Initiate contract with PSCI-approved auditor (in case no contract is in place yet)
o Inform the supplier that a PSCI-approved auditor will contact them to schedule
and conduct a PSCI audit at their site
o Share with auditor the completed SAQ at least two weeks prior to the date of the
audit
o Facilitate sharing of the PSCI Audit Report with PSCI members as permitted by
the Data Sharing Agreement
12
? In case of PSCI coordinated audits, the PSCI Secretary ([email protected]) should be the
point of contact to the supplier that has been selected for a PSCI audit.
3.2.2 Actions for the Auditors
Once a PSCI audit has been confirmed with an audit company, and prior to the supplier site
visit, the auditor team shall:
? Contact the supplier and agree with them on audit date and agenda
? Confirm that a confidentiality / data protection agreement between the audit firm and
supplier is signed and in place (if requested by supplier) before any exchange of
information takes place
? Once the confidentiality / data protection agreement is confirmed, request from the PSCI
Secretary ([email protected]) the completed Self-Assessment Questionnaire (SAQ) for the
site to be audited
? Review completed SAQ, as provided by PSCI Secretary at least two weeks in advance
of the audit. The SAQ provides an overview of the supplier’s site to the auditor and
contains information on site’s approach to the management of ethics, labor,
environmental compliance, and health and safety.
? Brief the supplier that the auditors will need to see confidential information and verify pay
and overtime information of individual employees. Inform the supplier that selected
employees, at random, will be interviewed to assess labor and ethics conditions.
? Brief the supplier that data privacy will be respected. In case they do not want to disclose
pay information linked with employees’ private data, it will be acceptable if such
information is either only viewed by auditors, or shown in semi-blinded format so that the
auditors cannot see private data.
? Request and review other relevant documents and records from the supplier, and
determine their adequacy with respect to the audit criteria.
? Provide the supplier with a list of documents that should be available on site during the
audit. A generic document request list is provided in Pre-Audit Document Request
List. This may be tailored by the auditor to make it relevant to the supplier’s specific
operations
? Confirm logistics for the audit team, including travel, accommodation, parking, arrival
time. Confirm with the supplier the key site personnel to be available during the audit,
e.g. management personnel, HSE staff, operations managers, union or worker
committee representatives, health and safety representative, payroll and human
resources representative.
? Ensure that the auditor contacts the site to introduce him or herself prior to the audit.
? Confirm safety requirements prior to the site visit. This pre-work will include identifying
necessary personal protective equipment (PPE) and any other special requirements.
The Audit Team Leader is responsible for assigning the above tasks and delegating work to the
other audit team members as appropriate.
3.2.3 Actions for the Site
After receiving the above information from the auditor or the PSCI member, the site should
ensure that they prepare for the audit. This will include, but not be limited to:
13
? Site management should be briefed prior to the audit, to ensure they understand the
scope of the audit and what is required from each department.
? Applicable site management should be instructed on the importance of having the
correct key personnel and documentation available on the day(s) of the audit (see
above) and understand the importance of releasing personnel for interviews on time.
? Two quiet rooms free from interruptions, one of which must be large enough to
accommodate group interviews for the social audit, should be reserved for the auditors
use throughout the audit. The larger room should be a place where workers will feel
comfortable, near a canteen or a workers’ area is preferred.
? Union or other worker representatives should be briefed about the audit, in particular the
labor aspects, to ensure their availability and understanding.
? The workforce should be informed about the audit including the code to which the audit
is conducted (PSCI Principles).
? The employees should be informed that the auditors will pick employees for individual
and group interviews about their labor situation at random, and that they have the right
to say “No” to this without giving any reason, and without any adverse consequences.
? Employees should be informed about their right for data privacy in this context.
? There should be a contact within the site for the workforce if they have any questions or
worries about the audit e.g. HR Manager.
? Any labor providers (agencies) the site uses should be informed about the audit and
make sure they understand the importance of having the correct key personnel and
documentation available on the day.
? Any questions or points the site may have about the audit should be referred to the audit
team leader for clarification.
? The site should provide all documents requested by the auditors for review in advance of
the site visit to the auditor including the Self-Assessment Questionnaire (SAQ).
? The site should prepare all relevant documents requested by the auditor to be made
available during the site visit; please have a look at the Pre-Audit Document Request
List for reference.
Audit
3.3 AUDIT PLANNING - AUDIT LENGTH
Guidance on the auditor man-days required on site is provided below as a benchmark for a
PSCI audit. For the social audit component, this is based on the number of employees on site
and includes the recommended number of individual and group employee interviews. The HSE
audit components are based mainly on site size and the nature of site operations.
The on-site time required for the social auditors and the HSE auditors may vary from site to site.
For example, at a complex chemical manufacturing plant, the HSE component of the audit may
take longer to complete than the labor and ethical audit component so the HSE auditor may be
on the site tour for longer than the social auditor. At a very large office complex with several
thousand employees, the HSE component of the audit may take less time than the social
component.
The suggested man-days are only guidelines. Auditors must use their experience and
knowledge and consider the industry, location, size of the site, workforce size and individual
knowledge of the site when defining the length of time required on site for both the HSE and
social elements of the audit and when deciding the number of employees to interview.
14
If a site has more than 2,000 workers, the number of interviews is determined on a case by case
basis depending on the circumstances of the site..
The ratio of individual and group interviews provided in the table below is for guidance only, and
may be modified depending on circumstances. Where this is not possible, a clear explanation
for a lower number of interviews should be given in the report.
This table does not take into account the physical size of sites. If sites are very large or very
small, different man-days per site than shown in the table may be required.
Guidance for Man-Days on Site for PSCI HSE Audit Component
The Actual days on site must be limited to a maximum of 2 days.
Site Type Site Size Man-Days on Site
Office Small 1
Large 1-2
Light manufacturing /
assembly
Small 1
Medium/Large 1-2
Medium to Heavy
Manufacturing (not
chemical)
Small 1
Medium 1-2
Large 1-2
Complex
manufacturing e.g.
chemical plants
Small 1
Medium 1-2
Large 2-3
Guidance for Man-Days on Site for PSCI Social Audit Component
Man-
days
on
site
Number of
Workers
(excluding
managers)
Individuals
Interviewed
Group
interviews
Total
Employees
interviewed
Effective Time
spent on
Interviewing
1 1-100 ca. 5 (or total
number of
workers if
<5)
1 group of 4 max. 10 1.5-2.5 hours
1-2 101-500 5-7 1-3 groups of 5 10-20 2-3 hours
1-3 501-1000 5-10 2-5 groups of 5
10-30 2-4 hours
2-4 1001-2000 10-20 4-8 groups of 4
20-40 3-6 hours
The time spent on interviews has been based on an estimation of 15 minutes for an individual
interview with no issues, and 30 minutes for an individual interview where issues are raised.
Group interviews are estimated at 45 minutes, taking into account the additional time to get
15
workers to attend and to give everyone an opportunity to speak. This length is only a
guideline/suggested minimum. Auditors will rely on their training and experience to determine
the length of actual interviews with individual employees. If issues are uncovered with a
particular worker, the interview will be extended to fully explore the issue. Alternatively, if
workers are consistently providing the same information, interviews can be shortened to adjust
to the individual situation.
3.4 AUDIT LOGISTICS - SITE VISIT AGENDAS
The audit team will send the site an agenda outlining the planned activities during the onsite
assessment. The typical agenda shall include but not be limited to:
? Opening meeting (management team including H&S and Environmental,
manufacturing/technical operations, union and HR representatives).
? Site tour - manufacturing and office areas including informal on the spot interviews with
operators.
? Site tour – storage areas, external areas, satellite areas, dormitories (if applicable).
? Employee interviews (# of individual and group interviews, including union representative
interviews and interviews of temporary and part-time employees and contractors).
? Interviews with HR, HSE and site representative (e.g., engineering or maintenance
staff).
? HR documentation (handbooks/employee files/payroll/time records) including paperwork
(when authorized) of those individuals interviewed.
? HSE documentation review.
? Labor/Ethics documentation .
? Further review of payroll/ time/ employee files if required.
? Auditors prepare Corrective Action Plan Report for closing meeting.
? Closing meeting with management team: auditors to share findings, get sign-off from site
management that findings were communicated and understood; discussion about
corrective actions and timelines for implementation.
16
4.0 AUDIT EXECUTION AND POST AUDIT ACTIVITIES
The aim of the audit is to evaluate the performance of a supplier site against the PSCI
Principles, local law and additional requirements, conformity of their practices to any published
standards for the industry, as set out through the following:
• Company presentation and management interview with reference to company practice (max.
30 min).
• A detailed and in-depth review of appropriate documentation and records, based on a sample
on the day of the audit.
• A comprehensive tour of the premises.
• Employee interviews of a selected sample of the workforce both individually and in groups; aim
to involve a supervisor and a union representative and/or members of any worker committee in
the selection process, as well as temporary and part-time employees and contractors.
• A constructive, factual report with emphasis on positive reporting.
• In addition, the findings on the day will be compared to the Self-Assessment Questionnaire
(SAQ) supplied by the site and any significant differences noted on the report.
• In case a supplier site handles API, dosage formulation, chemicals, intermediate chemicals or
acts as a contract manufacturer the HSE auditor is asked to ensure that all check points of the
Audit Labor, Ethics HSE Check List and Report are covered as part of the audit.
4.1 GENERAL AUDIT GUIDELINES
The Auditors should be clear about the report owner and the reviewers of the report and ensure
that they conduct the audit in the best interests of all stakeholders in the process. Auditors
should provide sufficient information to allow an informed decision of the performance and
compliance status of a site to be evaluated by the client and reader. The audit will be
documented on the PSCI Audit Report.
Wherever possible, examples of good practice should be given. It is not sufficient to state that a
supplier site complies with a given clause of the PSCI Principles, but examples should be given
to demonstrate compliance. In particular auditors should note additional benefits such as free
meals, free transport, private health schemes, etc. In case a critical finding is noted (see
Chapter 4.1.1), the management must be given an opportunity to initiate immediate corrective
action, rather than waiting until the closing meeting, as there may be further information
available that the auditor should consider. For example, in case of inconsistencies in hours,
wages or age records, management shall be invited to provide accurate records as soon as
inconsistencies are discovered.
Issues of a sensitive nature should not be mentioned to the site management if this may place
employees in danger. Other findings should be recorded.
4.1.1 Definition of Findings/Observations:
Critical Findings:
17
? Are high or very high risk findings that require immediate action to protect human life, the
health of employees or the environment
? May result in loss of license to operate, damage to reputation
? Require immediate corrective action by the supplier
Other Findings:
? Are findings that require corrective actions that are managed against a timeline
commitment by the supplier.
4.1.2 Evidence of Compliance and Current Status
When a clause of the standard is fully compliant then the auditor should document this in the
PSCI Audit Report and describe how the site is complying with that requirement, e.g.
If there is no child labor then the auditor should document what systems/controls the site have
in place to prevent child labor.
The principle here is to give the reviewer of the report a clear picture of how the site is
managing this aspect of the PSCI Principles at the time of the audit. Audit findings may be read
by individuals who have not visited the site, so findings must clearly describe the situation.
4.1.3 Waivers
The acceptance of waivers should be verified. For example, if a waiver is presented to allow
workers to work in excess of the legal maximum, the auditor should verify that the workers have
agreed to such practice and that they are suitably compensated at the correct rates with the
application of overtime premiums as required. Details should be documented in the PSCI Audit
Report and copies attached e.g.an endorsement or certification by local government. Full
details of the waiver and its actual application on site should be recorded, ideally in English or at
a minimum a brief summary in English of key points within the attachment.
It should be clearly indicated whether non-compliances are contrary to local law or/ as well as
the PSCI Principles. The existence and legality of local waivers should be investigated. It
should be noted that even if a valid waiver is in place which overrides local law, there could still
be non-compliance against the PSCI Principles. Audit findings may be read by people who
have not visited the site, so findings should be described as clearly as possible.
18
4.2 NORMAL AUDIT PROCESS
4.2.1 Opening Meeting
The opening meeting is to ensure that the management of the site being audited understands
the purpose of the PSCI audit and the requirements against which their site is being evaluated,
the audit process, the timescales and activities of the audit and to re-confirm requests for
information.
During the opening meeting, the team leader should aim to address the following topics:
• Introduce the audit team to the site management.
• Mention the PSCI Principles and the benefits for the supplier from the PSCI audit approach.
• Confirm purpose and scope of the audit.
• State that this is not a pass or fail audit process, but about continual improvement.
• Explain the audit process including the site and audit team’s responsibility and the significance
of the corrective action plan and follow-up on the actions.
Emphasize that the supplier needs to update the PSCI secretary on progress toward and
closure of CAPAs.
• Confirm the confidentiality of the audit and any other recipients of the audit report.
• Explain PSCI audit process if asked for this.
• Confirm who will be guides for the day.
• If not already sent, obtain a plan of the site and a floor plan of the buildings and – if applicable-
dormitory (ies).
• Explain the selection process for employees for interview and that these are confidential.
• Obtain a list of the most hazardous compounds and their maximum permitted quantities on site
if not previously received.
• Check whether any health and safety issues apply and or if any fire drill is expected.
• Invite the management team to the closing meeting.
• Agree tentative time of closing meeting. Ensure that enough time is allowed to re-investigate
non-compliances if challenged, i.e. find out what time the workers leave as it may be necessary
to re-interview to verify a response.
• Ask the management team if they have any questions.
1. Opening
Meeting
2. Site Tour 3. Interviews
4. Document
Review
5. pre-
Closing
Meeting
6. Closing
Meeting
19
• Explain that the auditors should be allowed to move freely on site and have access to all areas
of interest.
• Ask permission for taking photographic material and explain that the purpose of these pictures
is to improve documentation and explanation of findings during the site tour. If this permission is
not granted, request if the audited company can take and manage requested pictures instead.
4.2.2 Site Tour
The purpose of the visual assessment is for the audit team to review physical conditions and
practices in all areas of the site to establish evidence that activities are conducted in a manner
consistent with the site policies, stated practice, legal and regulatory requirements, PSCI
Principles and other relevant requirements. This element primarily comprises a physical review
of conditions and activities on site. The unstructured interview of personnel responsible for
these areas under review and examination of pertinent records supplements this physical
review process.
In case there is more than one auditor, and especially if there are a social and an HSE auditor
conducting the audit, the auditors may choose to split up. The social auditor may want to spend
more time talking to employees and focus on labor-related topics. The HSE auditor may want to
spend more time and focus on HSE-related topics. The site management is expected to allow
for the split-up.
During the site tour, the auditor seeks to meet site staff/workers including production managers
and support staff, warehousing managers and support staff, engineering staff, site cleaning and
maintenance staff, health and safety managers, dormitory supervisors, clinic/first aid staff,
kitchen and security staff. The auditors should not be purely guided by management on areas to
visit and should freely investigate all areas that they feel applicable.
4.2.3 Worker Interviews, including Group Interviews
4.2.3.1 Selection of Workers
Selection of workers will only be undertaken by the audit team. In selection the auditor will
consider shift patterns, worker type and gender. The auditor should select from different areas
of the site as well as from different job roles, to give a representative sample of the workforce. It
may also be appropriate to interview middle managers e.g. supervisors and department heads.
The interviews must take account of production/ work requirements and must be planned to
minimize disruptions to work flows.
Where possible, the first round of interviews should take place in the earlier part of the audit to
give the maximum time to investigate the points raised prior to the closing meeting. All
comments raised at the interviews must be thoroughly investigated before the closing meeting.
4.2.3.2 Interview Process
All worker interviews will be conducted in a place selected by the auditor, preferably away from
the work stations and in a place where the workers feel comfortable and a relaxed and informal
setting can be created. In addition, where the number of workers permits and in line with sample
size requirements, group interviews (focus groups) should be conducted.
20
Note: Information about general conditions of work and “what it is like to work here “will
frequently emerge from group interviews.
In group situations, questions must be of a general nature and under no circumstances should
workers be asked any personal details such as their wages. This type of information is private to
the individual. Group interviews aim to discover how the workers feel about working on the site,
what they like and do not like and how the site compares with others in the region.
4.2.3.3 Interview Technique
The employee interviews by the social auditor must be managed with discretion and empathy,
be strictly confidential, and with no management or supervisors present. Interview techniques
should respect cultural norms e.g. gender specific issues etc.
In all cases good communication skills are required by the auditor and examples of good
technique include:
• Auditors dress must aim to make the interviewee comfortable i.e. a business suit may not be
appropriate in some circumstances.
• The auditor should not sit behind a desk, but if a desk or table is in the room, the auditors
should minimize barriers by sitting on the same side as the interviewee.
• Where two auditors are conducting interviews together it may help communication if one
auditor takes notes while the other concentrates on establishing a rapport with the
interviewee(s). A comfortable relaxed atmosphere is the target.
• The auditor must emphasize the confidential nature of the interviews and must never mention
an individual worker’s identity to management.
• The auditor must conduct the interview using an informal ‘conversational’ technique and must
not read questions from a tick box/ checklist.
• Open questions should be asked so that workers give full answers rather than answering ‘Yes’
or ‘No’.
4.2.3.4 Use of Interview Information
Only substantiated information (e.g. confirmed by document review) can be shared with the site
owners. Any unsubstantiated worker anecdotes should be reported back to the client, to guard
against possible victimization. Unsubstantiated or sensitive information should not be disclosed
to the site, or uploaded onto the PSCI data platform.
Any issues of a sensitive nature should not be mentioned to the site, if this endangers workers.
However, they may be reported confidentially and separately to the PSCI Secretary and/ or the
respective PSCI member. These must not be uploaded on to the PSCI data platform, to protect
the confidentiality of the worker.
Where a professional interpreter is being used to help conduct the interviews, the interpreter
must be fully briefed on these guidance notes.
Finally the auditor should provide a relevant local office number for use by workers in the event
of a complaint or victimization following worker interviews.
5 Pre-closing Meeting
This is a meeting between the audit team members with the following objectives:
21
? Review and discuss the evidence presented.
? Examine and reach consensus on the findings/observations.
? Examine specific documentation or evidence to verify identified non-compliances.
? Prepare a presentation using pictures (if feasible) to explain the findings. Discuss
possible solutions.
? Enter the findings into the Corrective Action Plan Report.
4.2.6 Closing Meeting
The aim of the closing meeting is to inform and agree with the site management the findings of
the audit. Corrective action plans are the responsibility of the audited site to manage. The
audited site should send to the PSCI Secretary and/ or the PSCI member who requested the
audit, the list of corrective actions plus completion dates for closure of the actions within 30 days
after the audit. The Corrective Action Plan Report should be presented by the Auditors to the
supplier and all critical and other findings need to be listed. Options for mitigation of critical and
other findings should be discussed during the closing meeting (preferably using pictures). It is
intended that all issues be clearly described and understood by the end of the meeting. As
practical, this should be communicated in the native language.
Supplier and auditors can agree on corrective actions and due dates in the closing meeting and
fill these into the Corrective Action Plan Report if there is agreement on these. In this case the
Corrective Action Plan Report can be completed and signed at the end of the Closing Meeting.
The supplier has the right to take additional time to develop the Corrective Action Plan and
define the corrective actions and due dates. The supplier must return the signed Corrective
Action Plan Report within 30 days after the audit. In this case, the supplier will only sign the
Corrective Action Plan Report which has the findings included. ,
There are two signature lines on the Corrective Action Plan Report.
• Line 1 – Once “Critical Findings” and “Other Findings” have been clearly described and
understood the auditor should make every effort to reach agreement with the site and obtain
their representative’s signature.
• Line 2 – When the site management has developed their corrective action plan they should
submit their plan and sign-off on the document.
During the closing the meeting the team leader should:
• Thank the management for their time and patience.
• Remind the supplier that they may challenge findings at this meeting, but any issues they have
agreed to will not be changed later.
• Ensure that any agreements or disagreements are clearly recorded on the Corrective Action
Plan Report.
• Re-confirm the purpose and scope of the audit.
• Mention good working practices that have been observed during the day.
• Explain where instances have been observed that the site is not in compliance with the PSCI
Principles and Guidance document, and with local law (if applicable).
• Explain that the audit was based on a sample examination of their site and there may be some
deficiencies that were not observed.
• Discuss possible corrective actions.
• Explain that corrective actions should reflect long-term sustainable solutions which take
account of the root cause of the problem. The auditor should encourage the supplier to take
time to formulate a corrective action plan within 30 days after the audit that takes account of the
22
root cause of the issue. For example, if multiple fire exits are blocked, a system is required to
ensure that they remain clear, not just a photo at one point in time. For endemic long-term
issues, such as excessive working hours, the site management may need to formulate a
corrective action plan in collaboration with their customers.
• If management does not agree with any finding, state that if they produce evidence that shows
the finding is incorrect, the audit team will review it.
• If such evidence is produced, it should be verified.
• If evidence is produced which resolves a non-compliance finding, the non-compliance finding
can be cancelled, e.g. a fire certificate produced at the closing meeting that previously had not
been seen by the auditors.
• If a non-compliance can be corrected immediately, e.g. a blocked gangway, it should be
recorded as an observation/ other finding. The auditor should investigate and document how
compliance will be maintained.
• Ask the management team if they have any questions.
• Encourage the management of the site to allow for PSCI Audit Report and Corrective Action
Plan Report sharing with other PSCI member companies.
• Thank the management for the demonstrated trust and openness and indicate how this
contributes to fostering the mutual relationship and building trust.
4.3 Communication of Audit Results
Audit firm finalizes the PSCI Audit Report and the Corrective Action Plan Report and sends
report in PDF format to the PSCI Secretary and the supplier. PSCI Secretary will then redact the
reports to ensure compliance with anti-trust laws. The PSCI Secretary will ensure further
distribution of Self-Assessment Questionnaire (SAQ), the PSCI Audit Report and Corrective
Action Plan Report as indicated in the approved Data Sharing Agreement by the audited site.
The supplier can then submit evidence about completed follow-up actions against the
observations.
4.4 FOLLOW-UP AUDIT PROCESS
The supplier will routinely report, at least every 3 months, until they feel CAPAs are closed to
the PSCI Secretary ([email protected]) the progress made against the corrective action plan they
have agreed to. If the corrective action evidence cannot be effectively verified by desktop review
then a follow-up audit maybe required.
4.4.1 Critical Findings
In the event of a critical finding where human live, the health of employees or the environment
are at high risk the auditor must inform the PSCI Secretary ([email protected]) immediately, before
the audit report has been finalized. The PSCI Secretary will notify those PSCI members that
have been approved to receive information on the audit by the supplier. PSCI members who are
interested in the supplier and have been notified of a critical finding should follow up on the
critical finding to ensure that action to mitigate the concern is taken immediately. A follow-up
audit needs to may be conducted if necessary in order to verify that the risk has been mitigated.
23
4.4.2 Other Findings
A follow-up audit may be required in case of other key findings if corrective action cannot be
verified via evidence supplied through “desktop” or photo review only.
General guidance on payment for follow-up audits:
In case a PSCI member paid for the audit, the PSCI member may want to conduct a follow-up
audit, initiate it and pay for it. Further follow-up audits may be needed in case there continue to
be critical findings until the corrective action has been put in place to close the issue. Follow-up
audit should be conducted by an accredited audit firm.
In case a supplier paid for the audit then the supplier may want to have a follow-up audit
conducted to show they have provided evidence of completion of the corrective actions to the
PSCI Secretariat.
4.4.3 Follow-up Process
The follow-up is not a full audit, but a shorter visit to verify if corrective actions have been taken
in response to a full initial audit. For a follow up on social audit findings, employee interviews
and hours of work and payroll review should still be undertaken, however, the sampling
numbers will usually be lower than for a full audit. A follow-up report is issued as an updated
version of the original report with all new elements highlighted so as to be clearly seen. For all
findings previously raised there should be a clear explanation of the evidence reviewed,
comments on applicability and effectiveness of corrective actions and whether the issue is now
considered closed or remains open. Any new findings must be included in the report. A new
corrective action plan must be generated which addresses open and new audit findings. The
follow-up audit should be conducted by an accredited audit firm.
END
doc_450551197.pdf
The Pharmaceutical Supply Chain Initiative (PSCI) is a group of pharmaceutical companies that share a vision of better social, economic and environmental outcomes for all those involved in the pharmaceutical supply chain
1
Pharmaceutical
Supply Chain
Initiative
Audit Program
Guidance
2
PHARMACEUTICAL SUPPLY CHAIN INITIATIVE (PSCI)
AUDIT PROGRAM GUIDANCE
April 2013
BACKGROUND
This document is designed to be used by PSCI members, audit contractors and suppliers. It
provides a detailed overview of the audit process and corresponding roles and responsibilities at
each stage of the process.
Together with the PSCI Principles this document is designed to ensure that audits undertaken
on behalf of PSCI provide a consistent and reproducible approach, provide assurance that
audits are carried out against the PSCI Principles and provide the foundation for a shared audit
program.
This document provides approved PSCI auditors and suppliers with the methodology on how
PSCI audits will be conducted and managed. Any deviations from the audit program described
in this document must be noted and recorded in the PSCI Audit Report in the appropriate
place.
Contents
BACKGROUND ......................................................................................................................... 2
1.0 INTRODUCTION AND PURPOSE .................................................................................. 3
1.1 PSCI AUDIT PROGRAM BASICS ................................................................................... 3
1.2 REFERENCES ................................................................................................................ 4
2.0 PSCI AUDIT PROGRAM FUNDAMENTALS ................................................................... 6
2.1 PSCI AUDIT SCOPE AND OBJECTIVES ........................................................................ 6
2.2 PSCI SOCIAL (ETHICS AND LABOR) AND HSE AUDIT COMPONENTS ...................... 7
2.3 APPROVAL AND REGISTRATION OF PSCI AUDITORS AND AUDIT COMPANIES ..... 7
3.0 PRE-AUDIT ACTIVITIES ................................................................................................. 9
3.1 PSCI AUDIT INITIATION ................................................................................................. 9
3.2 AUDIT PLANNING – PRE AUDIT ACTIVITIES .............................................................. 11
3.3 AUDIT PLANNING - AUDIT LENGTH............................................................................ 13
3.4 AUDIT LOGISTICS - SITE VISIT AGENDAS ................................................................. 15
4.0 AUDIT EXECUTION AND POST AUDIT ACTIVITIES ................................................... 16
4.1 GENERAL AUDIT GUIDELINES ................................................................................... 16
4.2 NORMAL AUDIT PROCESS ......................................................................................... 18
4.4 FOLLOW-UP AUDIT PROCESS ................................................................................... 22
3
1.0 INTRODUCTION AND PURPOSE
The Pharmaceutical Supply Chain Initiative (PSCI) is a group of pharmaceutical companies
that share a vision of better social, economic and environmental outcomes for all those involved
in the pharmaceutical supply chain. This includes acceptable conditions for workers, safe
processes and facilities, economic development and a cleaner environment for local
communities.
The PSCI group created the Pharmaceutical Industry Principles for Responsible Supply
Chain Management ("PSCI Principles"). The PSCI Principles address five areas of
responsible business practices and related management systems throughout the
pharmaceutical industry's supply chain: ethics, labor, health, safety and environment. The PSCI
Principles are consistent with industry and international expectations and are applicable both in
developed and developing countries for all pharmaceutical suppliers ranging from service
providers to chemical manufacturing companies and to contract manufacturers.
PSCI recognizes that its members have large and diverse supply bases, and there will be
advantages to both, PSCI members and suppliers, in adoption of a shared audit approach.
Supply to patients is expected to improve via more robust supply chain risk management and
compliance with regulatory requirements and the PSCI Principles. Expected benefits for
suppliers include reduced audit visits and a more consistent approach from pharmaceutical
companies.
Overall, the shared audit approach is expected to improve supplier performance in the area of
ethics, labor, health, safety and environment by increasing the number of suppliers assessed
and providing a consistent approach with reference to a common set of principles and values.
This document describes the PSCI shared audit program which is based on:
? A defined PSCI audit scope with defined PSCI audit criteria
? A defined methodology for the audit process from initiation, through execution to
reporting
? A defined methodology for responding to audit findings/observations and corrective
action tracking
? A defined mechanism for sharing of audit reports
? Clear requirements and defined minimum qualifications and experience for auditors
conducting PSCI audits
1.1 PSCI AUDIT PROGRAM BASICS
PSCI audits as described in this document are designed to assess a supplier’s performance
against the PSCI Principles and regulatory requirements in the areas of ethics, labor, health,
safety, and environmental management. The PSCI audit program is based on accepted
industry practices in these fields as defined in internationally recognized standards including
ISO 19011: “Guidelines for quality and/or environmental management system auditing”, OHSAS
4
18001 “Occupational Health and Safety Management Systems – Requirements” and SA8000
Social Accountability “International Standard for Improving Workplace Conditions “.
PSCI audits are conducted in three steps:
? Pre-audit Activities – Audit Planning
? On-Site Activities – Audit Execution
? Post-Audit Activities- Reporting, Corrective Action, Follow-up and Closure
The basic methodology for how to conduct each of these three steps can be found in ISO 19011
and is not repeated in this document.
This guidance is based on accepted industry practice in the field of Health, Safety &
Environmental (HSE) auditing and Social and Ethical auditing across the world. PSCI audits are
conducted by qualified third-party auditors and the program relies heavily on the controls that
already exist within established third-party audit firms that have auditors certified to recognized
standards. The audit firms conducting the audits should be SA8000 certified members of the
International Federation of Inspection Agencies (IFIA) and/ or the Institute of Environmental
Management & Assessment (IEMA) with procedures in place to manage and monitor the
integrity of the audits they conduct on behalf of the PSCI.
There are differences in the methodology and scope of social (ethics and labor) audits
compared to HSE audits. A PSCI audit requires both areas to be assessed and is likely to
require specialist auditors for each. In cases where a small company is audited, a single auditor
trained and experience in both social and HSE may conduct the assessment.
Language and cultural issues can severely impact the quality of an audit. To ensure PSCI audits
are of a high standard, auditors should be fluent in the local language and in English. Auditors
must be knowledgeable of local HSE and labor regulations. The social audit should be
conducted in the local language. If a qualified HSE auditor does not speak the local language, a
technical interpreter needs to be present during the audit. Reporting will be in English. Where
practical and necessary, key parts of the audit report may need to be provided in both, the local
language and English.
1.2 REFERENCES
The PSCI Principles and the PSCI audit program draw heavily on and are closely aligned with
the following internationally recognized standards, guidance documents and declarations:
PSCI RESOURCES:
The PSCI documents listed below can be downloaded for free at:
www.pharmaceuticalsupplychain.org
? PSCI Principles
? PSCI Implementation Guidance
? Data Sharing Agreement
? Self-Assessment Questionnaire (SAQ)
? Pre-Audit Document Request List
5
? PSCI HSE Check List
? Corrective Action Plan Report
? PSCI Audit Report (attached with this document, via email)
Should you have any difficulties obtaining these documents please email the PSCI Secretary at
[email protected]
EXTERNAL RESOURCES:
? Ethical Trading Initiative (ETI)
? International Labor Organization (ILO) Code of Practice in Safety and Health
? ILO International Labor Standards
? ISO 14001 Standard for Environmental Management Systems
? ISO 19011: Guidelines for quality and/or environmental management system auditing.
? OECD Guidelines for Multinational Enterprises
? OHSAS 18001 Standard for Occupational Health and Safety Management Systems
? Responsible Care®
? SA8000: International Standard for Social Accountability
? United Nations Convention Against Corruption
? United Nations Global Compact
? Universal Declaration of Human Rights
? ISO26000, “Guidance on Social Responsibility” a guide to help organizations on Social
and Environmental Responsibility
6
2.0 PSCI AUDIT PROGRAM FUNDAMENTALS
2.1 PSCI AUDIT SCOPE AND OBJECTIVES
PSCI audits as described in this audit program are designed to assess a supplier’s performance
against the PSCI Principles and regulatory requirements in the areas:
? Ethics
? Labor
? Health & Safety
? Environmental Protection, and
? Management Systems.
Our goal is to ensure that any supplier manufacturing products, providing services or supporting
our industry have the opportunity to demonstrate compliance with the PSCI Principles.
The scope of a PSCI audit should be documented. This includes key plants and processes,
laboratories, utilities, and infrastructure areas (e.g. storage areas, waste facilities, waste water
treatment units, workshops, security and fire service arrangements, canteens, kitchens and
dormitories). It shall also cover the office area (especially at service provider sites) and the labor
conditions of staff on site. It is not limited to permanent staff and should extend to temporary
and contract staff, as well as migrant workers. The site assessment should cover all internal and
external areas of the facility. It includes management systems and key program elements
including policies, standards, resource, competencies and capabilities. Confidentiality and
intellectual property protection must be guaranteed. Where a PSCI member representative is
present at an audit, careful controls are required to ensure discussions, disclosures and
observations are restricted to only the individual PSCI member’s interests. This is absolutely
necessary to maintain antitrust considerations.
Any deviation from the intended scope of the audit should be clearly documented in the audit
report. For example, if the audit focuses on HSE only and does not review ethics and social
topics, the scope statement shall document this fact.
The objectives of PSCI audits include:
? Consistent assessment of a supplier’s performance against the PSCI Principles and
relevant laws and regulations to provide assurance to PSCI members. This includes:
o identification of key risks
o an understanding of the supplier’s compliance with the PSCI Principles,
regulations and their effectiveness/ability to identify and manage key risks
o sufficient information to allow PSCI members to determine the acceptability of the
supplier
? Sufficient information to allow the supplier to understand development needs and to
develop a comprehensive improvement program
? Enable a supplier to identify root causes and undertake continuous improvement efforts
? Educate a supplier about PSCI and regulatory expectations
7
2.2 PSCI SOCIAL (ETHICS AND LABOR) AND HEALTH, SAFETY AND
ENVIRONMENTAL AUDIT COMPONENTS
A PSCI audit consists of social (ethical and labor) and HSE (health, safety and environmental)
aspects as outlined in the PSCI Principles. While focus and depth of both social and HSE
audits and the methodology for assessment may be different to some extent, both parts should
ideally be addressed during the same audit visit.
The most recognized international standard for social auditing is SA8000, a voluntary standard
which governs employees' working conditions, developed by Social Accountability International
(SAI). The PSCI Principles for ethics and labor and this audit program draw heavily on the
above referenced documents.
The foundation for HSE audits is compliance with local and national HSE legislation, as well as
international industry norms of acceptable practices. An international standard for HSE
legislative compliance does not exist since the regulations vary significantly from country to
country. HSE auditors must be knowledgeable of country specific legislation in order to be able
to effectively audit a supplier site and country-specific auditing checklists or tools should be
used. International standards on management systems requirements for HSE do exist and
should be used. These include ISO 14001 and OHSAS 18001.
A PSCI supplier audit team will generally consist of two auditors - one for social and one for
HSE unless one person can clearly demonstrate adequate skills and experience in both areas
(see 2.3 below). The two auditors usually undertake different activities while on site.
2.3 APPROVAL AND REGISTRATION OF PSCI AUDITORS AND AUDIT
COMPANIES
PSCI audits must be undertaken by qualified third party audit companies and auditors approved
by PSCI. PSCI audit program may utilize audits by audit firms that are accredited under SA8000
and are listed in IFIA or equivalents like IEMA.
2.3.1 Auditor Qualifications and Experience
In order to ensure the integrity of the audit process, it is essential that auditors are appropriately
qualified. All third party audit firms that conduct these audits will need to be approved by the
PSCI Secretary.
The audit company must ensure that:
? The lead auditor has extensive experience and qualification relevant to the type of
supplier facility being audited. I.E. pharmaceutical, chemical, etc.
? At least one auditor is certified by a recognized social auditor body, e.g. SA8000 and
may include an audit company’s system if independently certified
8
? There is at least one auditor knowledgeable in local HSE regulations
? Auditors have knowledge of local working conditions
? Auditors should be fluent in the main languages spoken at the site, both management
and workers
? Auditors should be fluent in both spoken and written English
? Auditors need to have the proven ability to write reports in English that are clear and
unambiguous
? Auditors have knowledge of the applicable industry
? Auditors demonstrate the competencies listed in ISO 19011
The guideline for minimum experience for individual HSE and social auditors is shown in the
table below:
Social Auditor HSE Auditor All Auditors
Office/service company ? 2 years social auditing
experience
? SA8000 certified or
equivalent
? 2 years HSE auditing
experience, in country
experience is preferred
? Fluent in local
language (at least
the social auditor)
? Proficient in
English (written
and spoken)
? Knowledgeable of
local regulations
(HSE or labor
regulations
depending on
role)
? Familiar with local
culture
? Audit firms must
be able to
demonstrate the
proficiency of their
auditors to audit
against the
requirements of
SA8000, ISO
14001, OHSAS
18001 and
Health, Safety
and
Environmental
regulations and
standards as
applicable.
Simple
manufacturing/assembly
? 2 years social auditing
experience with at
least 1 years of
experience in the
country of concern
? SA8000 certified or
equivalent
? 2 years HSE auditing
experience with
manufacturing companies
with at least 1 years of
experience in the country
is preferred
? Certified Professional
Auditor (CPA) or Certified
Safety Professional (CSP)
or equivalent
Complex
manufacturing/API/CMO/
Chemical
? 3 years social auditing
experience with at
least 2 years of
experience in the
country of concern
? SA8000 certified or
equivalent
? Technical degree in
chemical engineering,
chemistry or similar
qualification
? 3 years HSE auditing
experience with at least 2
years of experience in the
country is preferred
? Performed more than 10
audits of similar facilities
? Certified Professional
Auditor (CPEA) or Certified
Safety Professional (CSP)
or equivalent
? Knowledge of specific HSE
topics like Industrial
Hygiene, Process Safety
Management and
Hazardous Waste
Management
9
As part of their continuous professional development, all auditors are subject to a review and
appraisal of their performance. This includes:
? Social auditors should attend an SA8000 full refresher course every two years and
demonstrate completion of a minimum of 12 social audits every 2 years.
? HSE auditors must take refresher training every 2 years and should demonstrate
completion of a minimum of 12 HSE audits every 2 years
? All auditors’ performance may be monitored on an ongoing basis by a combination of
audit report review, audited supplier feedback and observed audits.
? Provisions within the third party audit company to ensure continual development of
auditors
PSCI reserves the right to verify the qualification of auditors by checking their CV’s and
credentials, by rating audit reports written by them and by collecting feedback on the auditors’
performance.
3.0 PRE-AUDIT ACTIVITIES
The following section describes, in sequence the steps required to initiate and plan an audit and
the parties responsible for each step. The section describes the pre-audit activities for PSCI
member companies and supplier-initiated audits.
3.1 PSCI AUDIT INITIATION
3.1.1 Audit Request
The audit request may either come from an individual PSCI member or from the PSCI Secretary
representing a shared audit for more than one PSCI member, or from a supplier.
As part of the audit request, the supplier must understand that PSCI is a not for profit
organization whose members are committed to continuous improvement of ethical and
responsible practices in their supply chains. PSCI promotes data sharing to ease the
administrative burden on suppliers when working with one or multiple PSCI member companies
that require PSCI audits. Suppliers that have been formally audited under the PSCI process can
decide to share the PSCI Audit Report and Corrective Action Plan Report updates with all
PSCI members or with selected members only. Suppliers have the right to choose which PSCI
member companies have the right to view their audit reports.
The PSCI Secretary or the PSCI member company must advise the candidate audited party of
the requirement and process of the PSCI audit sharing and management process and
associated fees for these services.
To share a PSCI Audit Report and Corrective Action Plan Report with other PSCI member
companies, the supplier should put an “accept” check mark into the Self-Assessment
Questionnaire (SAQ) which is also used as pre-audit questionnaire. In addition, the supplier
must complete the Data Sharing Agreement and send the signed Agreement to the PSCI
Secretary to allow sharing of the final PSCI Audit Report and Corrective Action Plan Report.
10
3.1.1.1 Audit Request by a PSCI Member or Members
All PSCI member companies are free to approach suppliers to conduct a PSCI audit at a
specific supplier site. Before PSCI member companies approach a supplier, they should check
with the PSCI Secretary to determine whether any Audit Reports, Corrective Action Plan
Reports, SAQ’s or other documents are available, and whether the specific site has recently
been audited. They should also check whether there is an audit planned in the near future.
If this is not the case, the PSCI member should go ahead and work with the supplier and the
audit firm on the further preparation for the audit.
If an audit has been completed recently or an audit is planned, the PSCI Secretary will approach
the supplier to determine if the supplier will share the PSCI audit on file or the planned audit
results with the PSCI member making the request for the audit. Only audits that have been
formally endorsed by the supplier will be shared in the program.
3.1.1.2 Coordinated Audit
PSCI members may wish to have audits coordinated on their behalf through the PSCI
Secretary. The PSCI Secretary will work with individual PSCI members’ confidential supplier
lists to identify suppliers that one or more PSCI member are interested in having audited. The
PSCI Secretary will approach the supplier to determine if the supplier will share the PSCI audit
on file or the planned audit results with the PSCI members making the request for the audit.
Only audits that have been formally endorsed by the supplier will be shared in the program.
3.1.1.3 Audit Request by the Supplier:
Suppliers may request to be audited by PSCI. The supplier can contact a PSCI member
company who the supplier is in business with and ask them to sponsor an audit. Alternatively,
the supplier may nominate themselves to the PSCI Secretary requesting that they be audited.
The PSCI Secretary will then inform the supplier about the list of PSCI approved audit
companies. The supplier can then choose an audit company from this list and contact the audit
firm to work out the details including the cost to have an audit completed.
The audit company will then plan and execute the audit and provide a copy of the final PSCI
Audit Report and Corrective Action Plan Report to the PSCI Secretary for distribution to
PSCI members as specified by the supplier. Only audits that have been formally endorsed by
the supplier will be shared in the program.
3.1.2 Audit Quote Generation
Case 1: An individual PSCI member pays for the audit.
In the case where a PSCI member has a negotiated contract with an accredited audit company
in place, the agreed terms and conditions in the contract should be applied. In the case where
there is no agreement, the PSCI member can negotiate a contract with an accredited audit
company. Alternatively, the process outlined in Case 2 below should be followed.
Case 2: PSCI coordinated audit.
In this case, a group of PSCI members pays for the audit. PSCI member companies will work
under the direction of the PSCI Secretary, who will negotiate the audit contracts with certified
audit firms. Once PSCI has selected and approved an audit firm, the firm will be informed by the
PSCI Secretary of upcoming audits to conduct on behalf of PSCI. The PSCI Secretary will then
11
take the lead on identifying common candidate suppliers to be audited and then confidentially
approach PSCI members to solicit their participation to be involved in the audit of a supplier.
The PSCI Secretary will determine each PSCI member’s costs to fund the audit.
Case 3: Supplier pays for the audit.
In this case, the supplier can choose an audit firm from the list of PSCI-approved audit firms and
contact them to negotiate the terms and conditions for the audit.
Details within the quote for approval should contain but not be limited to the following:
? Fee for the audit (incl. report writing and, if necessary, fee for follow-up audit)
? Expenses (incl. travel, lodging, management fee and other possible expenses and fees)
? Any fees relating to upload of the report to the PSCI database if applicable
? Date of audit or date of when this will be known
? Proposed audit length (the PSCI recommendations in Chapter 3.3 should be followed)
? Audit scope
? Proposed audit team leader
? Audit team members for both the social and HSE audit elements
? Identification of report receivers
? Third-party report release approval
? Report delivery date
3.2 AUDIT PLANNING – PRE-AUDIT ACTIVITIES
3.2.1 Actions for the PSCI Secretary
The PSCI Secretary should have visibility of all audits that are planned in order to allow for
coordination and to avoid a supplier being approached by more than one PSCI member at the
same time. Specifically, the PSCI Secretary shall:
? Inform the supplier about the purpose and benefits of the PSCI audits and the PSCI
Principles.
? Issue the Data Sharing Agreement and Self-Assessment Questionnaire (SAQ) to
supplier(s) that have been agreed upon by the PSCI membership, or to any suppliers
that wish to share audits
? Ensure that the Data Sharing Agreement and SAQ is received two weeks in advance
of any planned audit and before an external auditor has been contracted
? Facilitate sharing of the SAQ with PSCI members, as permitted by the Data Sharing
Agreement
? Review Data Sharing Agreement and inform the supplier of path forward for audit
When audit takes place:
o Initiate contract with PSCI-approved auditor (in case no contract is in place yet)
o Inform the supplier that a PSCI-approved auditor will contact them to schedule
and conduct a PSCI audit at their site
o Share with auditor the completed SAQ at least two weeks prior to the date of the
audit
o Facilitate sharing of the PSCI Audit Report with PSCI members as permitted by
the Data Sharing Agreement
12
? In case of PSCI coordinated audits, the PSCI Secretary ([email protected]) should be the
point of contact to the supplier that has been selected for a PSCI audit.
3.2.2 Actions for the Auditors
Once a PSCI audit has been confirmed with an audit company, and prior to the supplier site
visit, the auditor team shall:
? Contact the supplier and agree with them on audit date and agenda
? Confirm that a confidentiality / data protection agreement between the audit firm and
supplier is signed and in place (if requested by supplier) before any exchange of
information takes place
? Once the confidentiality / data protection agreement is confirmed, request from the PSCI
Secretary ([email protected]) the completed Self-Assessment Questionnaire (SAQ) for the
site to be audited
? Review completed SAQ, as provided by PSCI Secretary at least two weeks in advance
of the audit. The SAQ provides an overview of the supplier’s site to the auditor and
contains information on site’s approach to the management of ethics, labor,
environmental compliance, and health and safety.
? Brief the supplier that the auditors will need to see confidential information and verify pay
and overtime information of individual employees. Inform the supplier that selected
employees, at random, will be interviewed to assess labor and ethics conditions.
? Brief the supplier that data privacy will be respected. In case they do not want to disclose
pay information linked with employees’ private data, it will be acceptable if such
information is either only viewed by auditors, or shown in semi-blinded format so that the
auditors cannot see private data.
? Request and review other relevant documents and records from the supplier, and
determine their adequacy with respect to the audit criteria.
? Provide the supplier with a list of documents that should be available on site during the
audit. A generic document request list is provided in Pre-Audit Document Request
List. This may be tailored by the auditor to make it relevant to the supplier’s specific
operations
? Confirm logistics for the audit team, including travel, accommodation, parking, arrival
time. Confirm with the supplier the key site personnel to be available during the audit,
e.g. management personnel, HSE staff, operations managers, union or worker
committee representatives, health and safety representative, payroll and human
resources representative.
? Ensure that the auditor contacts the site to introduce him or herself prior to the audit.
? Confirm safety requirements prior to the site visit. This pre-work will include identifying
necessary personal protective equipment (PPE) and any other special requirements.
The Audit Team Leader is responsible for assigning the above tasks and delegating work to the
other audit team members as appropriate.
3.2.3 Actions for the Site
After receiving the above information from the auditor or the PSCI member, the site should
ensure that they prepare for the audit. This will include, but not be limited to:
13
? Site management should be briefed prior to the audit, to ensure they understand the
scope of the audit and what is required from each department.
? Applicable site management should be instructed on the importance of having the
correct key personnel and documentation available on the day(s) of the audit (see
above) and understand the importance of releasing personnel for interviews on time.
? Two quiet rooms free from interruptions, one of which must be large enough to
accommodate group interviews for the social audit, should be reserved for the auditors
use throughout the audit. The larger room should be a place where workers will feel
comfortable, near a canteen or a workers’ area is preferred.
? Union or other worker representatives should be briefed about the audit, in particular the
labor aspects, to ensure their availability and understanding.
? The workforce should be informed about the audit including the code to which the audit
is conducted (PSCI Principles).
? The employees should be informed that the auditors will pick employees for individual
and group interviews about their labor situation at random, and that they have the right
to say “No” to this without giving any reason, and without any adverse consequences.
? Employees should be informed about their right for data privacy in this context.
? There should be a contact within the site for the workforce if they have any questions or
worries about the audit e.g. HR Manager.
? Any labor providers (agencies) the site uses should be informed about the audit and
make sure they understand the importance of having the correct key personnel and
documentation available on the day.
? Any questions or points the site may have about the audit should be referred to the audit
team leader for clarification.
? The site should provide all documents requested by the auditors for review in advance of
the site visit to the auditor including the Self-Assessment Questionnaire (SAQ).
? The site should prepare all relevant documents requested by the auditor to be made
available during the site visit; please have a look at the Pre-Audit Document Request
List for reference.
Audit
3.3 AUDIT PLANNING - AUDIT LENGTH
Guidance on the auditor man-days required on site is provided below as a benchmark for a
PSCI audit. For the social audit component, this is based on the number of employees on site
and includes the recommended number of individual and group employee interviews. The HSE
audit components are based mainly on site size and the nature of site operations.
The on-site time required for the social auditors and the HSE auditors may vary from site to site.
For example, at a complex chemical manufacturing plant, the HSE component of the audit may
take longer to complete than the labor and ethical audit component so the HSE auditor may be
on the site tour for longer than the social auditor. At a very large office complex with several
thousand employees, the HSE component of the audit may take less time than the social
component.
The suggested man-days are only guidelines. Auditors must use their experience and
knowledge and consider the industry, location, size of the site, workforce size and individual
knowledge of the site when defining the length of time required on site for both the HSE and
social elements of the audit and when deciding the number of employees to interview.
14
If a site has more than 2,000 workers, the number of interviews is determined on a case by case
basis depending on the circumstances of the site..
The ratio of individual and group interviews provided in the table below is for guidance only, and
may be modified depending on circumstances. Where this is not possible, a clear explanation
for a lower number of interviews should be given in the report.
This table does not take into account the physical size of sites. If sites are very large or very
small, different man-days per site than shown in the table may be required.
Guidance for Man-Days on Site for PSCI HSE Audit Component
The Actual days on site must be limited to a maximum of 2 days.
Site Type Site Size Man-Days on Site
Office Small 1
Large 1-2
Light manufacturing /
assembly
Small 1
Medium/Large 1-2
Medium to Heavy
Manufacturing (not
chemical)
Small 1
Medium 1-2
Large 1-2
Complex
manufacturing e.g.
chemical plants
Small 1
Medium 1-2
Large 2-3
Guidance for Man-Days on Site for PSCI Social Audit Component
Man-
days
on
site
Number of
Workers
(excluding
managers)
Individuals
Interviewed
Group
interviews
Total
Employees
interviewed
Effective Time
spent on
Interviewing
1 1-100 ca. 5 (or total
number of
workers if
<5)
1 group of 4 max. 10 1.5-2.5 hours
1-2 101-500 5-7 1-3 groups of 5 10-20 2-3 hours
1-3 501-1000 5-10 2-5 groups of 5
10-30 2-4 hours
2-4 1001-2000 10-20 4-8 groups of 4
20-40 3-6 hours
The time spent on interviews has been based on an estimation of 15 minutes for an individual
interview with no issues, and 30 minutes for an individual interview where issues are raised.
Group interviews are estimated at 45 minutes, taking into account the additional time to get
15
workers to attend and to give everyone an opportunity to speak. This length is only a
guideline/suggested minimum. Auditors will rely on their training and experience to determine
the length of actual interviews with individual employees. If issues are uncovered with a
particular worker, the interview will be extended to fully explore the issue. Alternatively, if
workers are consistently providing the same information, interviews can be shortened to adjust
to the individual situation.
3.4 AUDIT LOGISTICS - SITE VISIT AGENDAS
The audit team will send the site an agenda outlining the planned activities during the onsite
assessment. The typical agenda shall include but not be limited to:
? Opening meeting (management team including H&S and Environmental,
manufacturing/technical operations, union and HR representatives).
? Site tour - manufacturing and office areas including informal on the spot interviews with
operators.
? Site tour – storage areas, external areas, satellite areas, dormitories (if applicable).
? Employee interviews (# of individual and group interviews, including union representative
interviews and interviews of temporary and part-time employees and contractors).
? Interviews with HR, HSE and site representative (e.g., engineering or maintenance
staff).
? HR documentation (handbooks/employee files/payroll/time records) including paperwork
(when authorized) of those individuals interviewed.
? HSE documentation review.
? Labor/Ethics documentation .
? Further review of payroll/ time/ employee files if required.
? Auditors prepare Corrective Action Plan Report for closing meeting.
? Closing meeting with management team: auditors to share findings, get sign-off from site
management that findings were communicated and understood; discussion about
corrective actions and timelines for implementation.
16
4.0 AUDIT EXECUTION AND POST AUDIT ACTIVITIES
The aim of the audit is to evaluate the performance of a supplier site against the PSCI
Principles, local law and additional requirements, conformity of their practices to any published
standards for the industry, as set out through the following:
• Company presentation and management interview with reference to company practice (max.
30 min).
• A detailed and in-depth review of appropriate documentation and records, based on a sample
on the day of the audit.
• A comprehensive tour of the premises.
• Employee interviews of a selected sample of the workforce both individually and in groups; aim
to involve a supervisor and a union representative and/or members of any worker committee in
the selection process, as well as temporary and part-time employees and contractors.
• A constructive, factual report with emphasis on positive reporting.
• In addition, the findings on the day will be compared to the Self-Assessment Questionnaire
(SAQ) supplied by the site and any significant differences noted on the report.
• In case a supplier site handles API, dosage formulation, chemicals, intermediate chemicals or
acts as a contract manufacturer the HSE auditor is asked to ensure that all check points of the
Audit Labor, Ethics HSE Check List and Report are covered as part of the audit.
4.1 GENERAL AUDIT GUIDELINES
The Auditors should be clear about the report owner and the reviewers of the report and ensure
that they conduct the audit in the best interests of all stakeholders in the process. Auditors
should provide sufficient information to allow an informed decision of the performance and
compliance status of a site to be evaluated by the client and reader. The audit will be
documented on the PSCI Audit Report.
Wherever possible, examples of good practice should be given. It is not sufficient to state that a
supplier site complies with a given clause of the PSCI Principles, but examples should be given
to demonstrate compliance. In particular auditors should note additional benefits such as free
meals, free transport, private health schemes, etc. In case a critical finding is noted (see
Chapter 4.1.1), the management must be given an opportunity to initiate immediate corrective
action, rather than waiting until the closing meeting, as there may be further information
available that the auditor should consider. For example, in case of inconsistencies in hours,
wages or age records, management shall be invited to provide accurate records as soon as
inconsistencies are discovered.
Issues of a sensitive nature should not be mentioned to the site management if this may place
employees in danger. Other findings should be recorded.
4.1.1 Definition of Findings/Observations:
Critical Findings:
17
? Are high or very high risk findings that require immediate action to protect human life, the
health of employees or the environment
? May result in loss of license to operate, damage to reputation
? Require immediate corrective action by the supplier
Other Findings:
? Are findings that require corrective actions that are managed against a timeline
commitment by the supplier.
4.1.2 Evidence of Compliance and Current Status
When a clause of the standard is fully compliant then the auditor should document this in the
PSCI Audit Report and describe how the site is complying with that requirement, e.g.
If there is no child labor then the auditor should document what systems/controls the site have
in place to prevent child labor.
The principle here is to give the reviewer of the report a clear picture of how the site is
managing this aspect of the PSCI Principles at the time of the audit. Audit findings may be read
by individuals who have not visited the site, so findings must clearly describe the situation.
4.1.3 Waivers
The acceptance of waivers should be verified. For example, if a waiver is presented to allow
workers to work in excess of the legal maximum, the auditor should verify that the workers have
agreed to such practice and that they are suitably compensated at the correct rates with the
application of overtime premiums as required. Details should be documented in the PSCI Audit
Report and copies attached e.g.an endorsement or certification by local government. Full
details of the waiver and its actual application on site should be recorded, ideally in English or at
a minimum a brief summary in English of key points within the attachment.
It should be clearly indicated whether non-compliances are contrary to local law or/ as well as
the PSCI Principles. The existence and legality of local waivers should be investigated. It
should be noted that even if a valid waiver is in place which overrides local law, there could still
be non-compliance against the PSCI Principles. Audit findings may be read by people who
have not visited the site, so findings should be described as clearly as possible.
18
4.2 NORMAL AUDIT PROCESS
4.2.1 Opening Meeting
The opening meeting is to ensure that the management of the site being audited understands
the purpose of the PSCI audit and the requirements against which their site is being evaluated,
the audit process, the timescales and activities of the audit and to re-confirm requests for
information.
During the opening meeting, the team leader should aim to address the following topics:
• Introduce the audit team to the site management.
• Mention the PSCI Principles and the benefits for the supplier from the PSCI audit approach.
• Confirm purpose and scope of the audit.
• State that this is not a pass or fail audit process, but about continual improvement.
• Explain the audit process including the site and audit team’s responsibility and the significance
of the corrective action plan and follow-up on the actions.
Emphasize that the supplier needs to update the PSCI secretary on progress toward and
closure of CAPAs.
• Confirm the confidentiality of the audit and any other recipients of the audit report.
• Explain PSCI audit process if asked for this.
• Confirm who will be guides for the day.
• If not already sent, obtain a plan of the site and a floor plan of the buildings and – if applicable-
dormitory (ies).
• Explain the selection process for employees for interview and that these are confidential.
• Obtain a list of the most hazardous compounds and their maximum permitted quantities on site
if not previously received.
• Check whether any health and safety issues apply and or if any fire drill is expected.
• Invite the management team to the closing meeting.
• Agree tentative time of closing meeting. Ensure that enough time is allowed to re-investigate
non-compliances if challenged, i.e. find out what time the workers leave as it may be necessary
to re-interview to verify a response.
• Ask the management team if they have any questions.
1. Opening
Meeting
2. Site Tour 3. Interviews
4. Document
Review
5. pre-
Closing
Meeting
6. Closing
Meeting
19
• Explain that the auditors should be allowed to move freely on site and have access to all areas
of interest.
• Ask permission for taking photographic material and explain that the purpose of these pictures
is to improve documentation and explanation of findings during the site tour. If this permission is
not granted, request if the audited company can take and manage requested pictures instead.
4.2.2 Site Tour
The purpose of the visual assessment is for the audit team to review physical conditions and
practices in all areas of the site to establish evidence that activities are conducted in a manner
consistent with the site policies, stated practice, legal and regulatory requirements, PSCI
Principles and other relevant requirements. This element primarily comprises a physical review
of conditions and activities on site. The unstructured interview of personnel responsible for
these areas under review and examination of pertinent records supplements this physical
review process.
In case there is more than one auditor, and especially if there are a social and an HSE auditor
conducting the audit, the auditors may choose to split up. The social auditor may want to spend
more time talking to employees and focus on labor-related topics. The HSE auditor may want to
spend more time and focus on HSE-related topics. The site management is expected to allow
for the split-up.
During the site tour, the auditor seeks to meet site staff/workers including production managers
and support staff, warehousing managers and support staff, engineering staff, site cleaning and
maintenance staff, health and safety managers, dormitory supervisors, clinic/first aid staff,
kitchen and security staff. The auditors should not be purely guided by management on areas to
visit and should freely investigate all areas that they feel applicable.
4.2.3 Worker Interviews, including Group Interviews
4.2.3.1 Selection of Workers
Selection of workers will only be undertaken by the audit team. In selection the auditor will
consider shift patterns, worker type and gender. The auditor should select from different areas
of the site as well as from different job roles, to give a representative sample of the workforce. It
may also be appropriate to interview middle managers e.g. supervisors and department heads.
The interviews must take account of production/ work requirements and must be planned to
minimize disruptions to work flows.
Where possible, the first round of interviews should take place in the earlier part of the audit to
give the maximum time to investigate the points raised prior to the closing meeting. All
comments raised at the interviews must be thoroughly investigated before the closing meeting.
4.2.3.2 Interview Process
All worker interviews will be conducted in a place selected by the auditor, preferably away from
the work stations and in a place where the workers feel comfortable and a relaxed and informal
setting can be created. In addition, where the number of workers permits and in line with sample
size requirements, group interviews (focus groups) should be conducted.
20
Note: Information about general conditions of work and “what it is like to work here “will
frequently emerge from group interviews.
In group situations, questions must be of a general nature and under no circumstances should
workers be asked any personal details such as their wages. This type of information is private to
the individual. Group interviews aim to discover how the workers feel about working on the site,
what they like and do not like and how the site compares with others in the region.
4.2.3.3 Interview Technique
The employee interviews by the social auditor must be managed with discretion and empathy,
be strictly confidential, and with no management or supervisors present. Interview techniques
should respect cultural norms e.g. gender specific issues etc.
In all cases good communication skills are required by the auditor and examples of good
technique include:
• Auditors dress must aim to make the interviewee comfortable i.e. a business suit may not be
appropriate in some circumstances.
• The auditor should not sit behind a desk, but if a desk or table is in the room, the auditors
should minimize barriers by sitting on the same side as the interviewee.
• Where two auditors are conducting interviews together it may help communication if one
auditor takes notes while the other concentrates on establishing a rapport with the
interviewee(s). A comfortable relaxed atmosphere is the target.
• The auditor must emphasize the confidential nature of the interviews and must never mention
an individual worker’s identity to management.
• The auditor must conduct the interview using an informal ‘conversational’ technique and must
not read questions from a tick box/ checklist.
• Open questions should be asked so that workers give full answers rather than answering ‘Yes’
or ‘No’.
4.2.3.4 Use of Interview Information
Only substantiated information (e.g. confirmed by document review) can be shared with the site
owners. Any unsubstantiated worker anecdotes should be reported back to the client, to guard
against possible victimization. Unsubstantiated or sensitive information should not be disclosed
to the site, or uploaded onto the PSCI data platform.
Any issues of a sensitive nature should not be mentioned to the site, if this endangers workers.
However, they may be reported confidentially and separately to the PSCI Secretary and/ or the
respective PSCI member. These must not be uploaded on to the PSCI data platform, to protect
the confidentiality of the worker.
Where a professional interpreter is being used to help conduct the interviews, the interpreter
must be fully briefed on these guidance notes.
Finally the auditor should provide a relevant local office number for use by workers in the event
of a complaint or victimization following worker interviews.
5 Pre-closing Meeting
This is a meeting between the audit team members with the following objectives:
21
? Review and discuss the evidence presented.
? Examine and reach consensus on the findings/observations.
? Examine specific documentation or evidence to verify identified non-compliances.
? Prepare a presentation using pictures (if feasible) to explain the findings. Discuss
possible solutions.
? Enter the findings into the Corrective Action Plan Report.
4.2.6 Closing Meeting
The aim of the closing meeting is to inform and agree with the site management the findings of
the audit. Corrective action plans are the responsibility of the audited site to manage. The
audited site should send to the PSCI Secretary and/ or the PSCI member who requested the
audit, the list of corrective actions plus completion dates for closure of the actions within 30 days
after the audit. The Corrective Action Plan Report should be presented by the Auditors to the
supplier and all critical and other findings need to be listed. Options for mitigation of critical and
other findings should be discussed during the closing meeting (preferably using pictures). It is
intended that all issues be clearly described and understood by the end of the meeting. As
practical, this should be communicated in the native language.
Supplier and auditors can agree on corrective actions and due dates in the closing meeting and
fill these into the Corrective Action Plan Report if there is agreement on these. In this case the
Corrective Action Plan Report can be completed and signed at the end of the Closing Meeting.
The supplier has the right to take additional time to develop the Corrective Action Plan and
define the corrective actions and due dates. The supplier must return the signed Corrective
Action Plan Report within 30 days after the audit. In this case, the supplier will only sign the
Corrective Action Plan Report which has the findings included. ,
There are two signature lines on the Corrective Action Plan Report.
• Line 1 – Once “Critical Findings” and “Other Findings” have been clearly described and
understood the auditor should make every effort to reach agreement with the site and obtain
their representative’s signature.
• Line 2 – When the site management has developed their corrective action plan they should
submit their plan and sign-off on the document.
During the closing the meeting the team leader should:
• Thank the management for their time and patience.
• Remind the supplier that they may challenge findings at this meeting, but any issues they have
agreed to will not be changed later.
• Ensure that any agreements or disagreements are clearly recorded on the Corrective Action
Plan Report.
• Re-confirm the purpose and scope of the audit.
• Mention good working practices that have been observed during the day.
• Explain where instances have been observed that the site is not in compliance with the PSCI
Principles and Guidance document, and with local law (if applicable).
• Explain that the audit was based on a sample examination of their site and there may be some
deficiencies that were not observed.
• Discuss possible corrective actions.
• Explain that corrective actions should reflect long-term sustainable solutions which take
account of the root cause of the problem. The auditor should encourage the supplier to take
time to formulate a corrective action plan within 30 days after the audit that takes account of the
22
root cause of the issue. For example, if multiple fire exits are blocked, a system is required to
ensure that they remain clear, not just a photo at one point in time. For endemic long-term
issues, such as excessive working hours, the site management may need to formulate a
corrective action plan in collaboration with their customers.
• If management does not agree with any finding, state that if they produce evidence that shows
the finding is incorrect, the audit team will review it.
• If such evidence is produced, it should be verified.
• If evidence is produced which resolves a non-compliance finding, the non-compliance finding
can be cancelled, e.g. a fire certificate produced at the closing meeting that previously had not
been seen by the auditors.
• If a non-compliance can be corrected immediately, e.g. a blocked gangway, it should be
recorded as an observation/ other finding. The auditor should investigate and document how
compliance will be maintained.
• Ask the management team if they have any questions.
• Encourage the management of the site to allow for PSCI Audit Report and Corrective Action
Plan Report sharing with other PSCI member companies.
• Thank the management for the demonstrated trust and openness and indicate how this
contributes to fostering the mutual relationship and building trust.
4.3 Communication of Audit Results
Audit firm finalizes the PSCI Audit Report and the Corrective Action Plan Report and sends
report in PDF format to the PSCI Secretary and the supplier. PSCI Secretary will then redact the
reports to ensure compliance with anti-trust laws. The PSCI Secretary will ensure further
distribution of Self-Assessment Questionnaire (SAQ), the PSCI Audit Report and Corrective
Action Plan Report as indicated in the approved Data Sharing Agreement by the audited site.
The supplier can then submit evidence about completed follow-up actions against the
observations.
4.4 FOLLOW-UP AUDIT PROCESS
The supplier will routinely report, at least every 3 months, until they feel CAPAs are closed to
the PSCI Secretary ([email protected]) the progress made against the corrective action plan they
have agreed to. If the corrective action evidence cannot be effectively verified by desktop review
then a follow-up audit maybe required.
4.4.1 Critical Findings
In the event of a critical finding where human live, the health of employees or the environment
are at high risk the auditor must inform the PSCI Secretary ([email protected]) immediately, before
the audit report has been finalized. The PSCI Secretary will notify those PSCI members that
have been approved to receive information on the audit by the supplier. PSCI members who are
interested in the supplier and have been notified of a critical finding should follow up on the
critical finding to ensure that action to mitigate the concern is taken immediately. A follow-up
audit needs to may be conducted if necessary in order to verify that the risk has been mitigated.
23
4.4.2 Other Findings
A follow-up audit may be required in case of other key findings if corrective action cannot be
verified via evidence supplied through “desktop” or photo review only.
General guidance on payment for follow-up audits:
In case a PSCI member paid for the audit, the PSCI member may want to conduct a follow-up
audit, initiate it and pay for it. Further follow-up audits may be needed in case there continue to
be critical findings until the corrective action has been put in place to close the issue. Follow-up
audit should be conducted by an accredited audit firm.
In case a supplier paid for the audit then the supplier may want to have a follow-up audit
conducted to show they have provided evidence of completion of the corrective actions to the
PSCI Secretariat.
4.4.3 Follow-up Process
The follow-up is not a full audit, but a shorter visit to verify if corrective actions have been taken
in response to a full initial audit. For a follow up on social audit findings, employee interviews
and hours of work and payroll review should still be undertaken, however, the sampling
numbers will usually be lower than for a full audit. A follow-up report is issued as an updated
version of the original report with all new elements highlighted so as to be clearly seen. For all
findings previously raised there should be a clear explanation of the evidence reviewed,
comments on applicability and effectiveness of corrective actions and whether the issue is now
considered closed or remains open. Any new findings must be included in the report. A new
corrective action plan must be generated which addresses open and new audit findings. The
follow-up audit should be conducted by an accredited audit firm.
END
doc_450551197.pdf