DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems

8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems

1/35

Department of Health

Guidelines for auditing riskmanagement plans for coolingtower systems

2011


2/35

If you would like to receive this publication in an accessible format, please phone 100

2! " using the #ational $elay %ervice 1& &' (( if re)uired, or email*legionella+healthvicgovau

- .opyright, %tate of /ictoria, Department of Health, 2011

ublished by the Health rotection ranch, /ictorian Government, Department of Health, elbourne,

/ictoria 3his publication is copyright, no part may be reproduced by any process e4cept in accordance

with the provisions of the Copyright Act 1968.

3his document is also available in D5 format on the internet at*

wwwhealthvicgovau6environment6legionella6auditorshtm

7uthorised by the %tate Government of /ictoria, 80 9onsdale %treet, elbourne

DHD/11/44

age ii
mailto:[email protected]://www.health.vic.gov.au/environment/legionella/auditors.htmmailto:[email protected]://www.health.vic.gov.au/environment/legionella/auditors.htm


3/35

.ontents

Purpose 4

Legislation 4

3he ublic Health and :ellbeing 7ct 200 !

ublic Health and :ellbeing $egulations 200" &

3he Department;s role &

Audit overview 4

.ommissioning an audit !

%cope of the audit !

eriod of audit !

.hanges of ownership during an audit period 8

7ddressing the risks 85orming an opinion 8

7udit notification '

.ompleting an audit certificate '

Section A: Does the risk management plan address the risks?

rescribed risks (

$isk management re)uirements

$isk management plan structure "

Section !: "as the risk management plan implemented? 1#

3he ' steps to assess risk management plan implementation 12

%tep 1 < 9ist all actions 12

%tep 2 < =ptional /ariations 12

%tep & < Documentation 1&

%tep ! < "0> compliance rate 1&

%tep 8 < 3ime tolerances 1!

%tep ' < Implementation 18

Section $: "as the risk management plan reviewed? 1%

Attachment 1: Audit worksheet 1

Attachment &: '(amples o) measures to improve a s*stem and address the speci)ied risks &%

Attachment +: '(ample o) a completed audit certi)icate &,

Attachment 4: Sample o) DH )ormat o) -icroso)t '(cel spreadsheet +#

Attachment .: se)ul documents and resources +&


4/35

urpose

3hese Guidelines for auditing risk management plans for cooling tower systems are intended to assist

approved auditors to audit a risk management plan for a cooling tower system 3his guide includestemplates that can be used in the auditing process and a spreadsheet that must be used to provide auditresults to the Department of Health ?the Department@

3hese guidelines e4plain how to put the auditing re)uirements of the Public ealth and !ellbeing Act200 and Public ealth and !ellbeing "egulations #$$9into practice

5ollowing the directions in this guide is a condition of certification as an approved auditor

3his guide replaces the previous Guidelines for auditing risk management plans for cooling towers

systemsdated 1 arch 2008

9egislation

0he Pulic Health and "elleing Act #,

2egistration

3he Public ealth and !ellbeing Act #$$8?the 7ct@ re)uires that all cooling tower systems in /ictoria beregistered with the Department Information about cooling tower system registration is available at on theDepartment;s website at*

wwwhealthvicgovau6environment6legionella6inde4

3he 7ct is available from the /ictorian 9egislation and arliamentary Documents website*

wwwlegislationvicgovau

Pulic register

3he 7ct re)uires that the %ecretary to the Department of Health ?the %ecretary@ keeps a register of allcooling tower systems and that this register is available for inspection by the public

7 webAbased register of cooling tower systems is available on the Departments website at*

wwwhealthvicgovau6environment6legionella6inde4

3he register contains information such as the site address, site and cooling tower system identificationnumbers and registration dates of all cooling tower systems registered in /ictoria
http://www.health.vic.gov.au/environment/legionella/indexhttp://www.legislation.vic.gov.au/http://www.health.vic.gov.au/environment/legionella/indexhttp://www.health.vic.gov.au/environment/legionella/indexhttp://www.legislation.vic.gov.au/http://www.health.vic.gov.au/environment/legionella/index


5/35

Guidelines for auditing risk management plans for cooling tower systems

2isk management plans

3he 7ct re)uires the owner of the land on which there is a cooling tower to ensure that a riskmanagement plan e4ists at all times the cooling tower system is in operation

Bnder section "1?2@ of the 7ct, this risk management plan mustC

?a@ address the risks prescribed in respect of cooling tower systems and set out the steps to betaken to manage the risks

?b@ set out the steps to be taken to ensure compliance with any risk management re)uirementsrelating to the cooling tower system

?c@ include any other matters prescribed for the purposes of this section

?d@ be in the approved form

%ection 7 of this guide describes how an auditor determines if a risk management plan complies with there)uirements of the 7ct

Annual audit

%ection "&?1@ of the 7ct re)uires that the risk management plan for a cooling tower system is auditedannually

7s per section "&?&@ of the 7ct, the obEective of an audit is for the auditor to determine if the riskmanagement plan*

?a@ meets all the re)uirements of the 7ct

?b@ has been implemented throughout the audit period and

?c@ has been reviewed in the 12 months prior to the audit

3hese are later referred to as F1, F2 and F&

5urther assistance in determining whether a risk management plan complies with the re)uirements of the7ct and has been implemented and reviewed is provided in sections 7, and . of this guide

Approved auditors

%ection "8 of the 7ct states that only an approved auditor can conduct the annual risk management planaudit 7pproved 7uditors are certified by the %ecretary

Information about becoming a certified auditor and grounds for revoking certification is outlined in thedocument %nformation about "&P Auditor Certification, which is available on the Department;s websiteat*

wwwhealthvicgovau6environment6legionella6auditors

1
http://www.health.vic.gov.au/environment/legionella/auditorshttp://www.health.vic.gov.au/environment/legionella/auditors


6/35


Auditor to inspect documents

In conducting an audit, section "&?!@ of the 7ct re)uires an auditor to inspect all prescribed documentsrelating to the cooling tower system

3he documents to be inspected are prescribed in regulation 82 of the ublic Health and :ellbeing$egulations 200" and include*

the risk management plan

the documents that contain the details of all repair, maintenance and testing work carried during

the audit period

%ection of this guide describes the types of documents that an auditor must inspect to determine if therisk management plan has been implemented

2eviewing risk management plans

%ection "2?1@ of the 7ct re)uires that the risk management plan is reviewed at least once in each 12month period 7dditionally, section "2?2@ re)uires that the risk management plan is reviewed in the eventof the occurrence of certain trigger events

%ection . of this guide describes how an auditor determines when a review of a risk management plan isre)uired and the factors included in the review

Pulic Health and "elleing 2egulations #3

3he ublic Health and :ellbeing $egulations 200" ?the $egulations@ outline the maintenancere)uirements for cooling tower systems

It is important that auditors have a thorough understanding of the re)uirements of the $egulations inorder to successfully complete a cooling tower system risk management plan audit

3he $egulations are available from the /ictorian 9egislation and arliamentary Documents website*


0he Departments role

3he Department;s 9egionella 3eam plays an important role in investigating cases of 9egionnaires;disease and enforcing the provisions of the 7ct and $egulations regarding cooling tower systems

3he Department responds when notified of all nonAcompliant audits 3he primary concern of the9egionella 3eam in investigating nonAcompliant audits is to ensure that any problems are rectified

3he 7ct also empowers the %ecretary to issue improvement or prohibition notices where there is, or islikely to be, a contravention of the 7ct or regulations

2
http://www.legislation.vic.gov.au/http://www.legislation.vic.gov.au/


7/35


7udit overview

$ommissioning an audit

$esponsibility for ensuring that an audit is undertaken lies with the owner of the land on which thecooling tower system is located However, any person can commission an audit provided they are able toprovide an auditor with a copy of the risk management plan and all relevant records and documentationsupporting its implementation In practice, audits will generally be commissioned by system operators orthe land owner;s agent or property manager

3he ma4imum time between the audit period end date and the completion of the audit ?ie the signing ofthe certificate@ must not be longer than & months

Scope o) the audit

7n auditor is not re)uired to determine if the plan has ade)uately controlled the risks

3he audit process is designed to be a paper audit and therefore can occur offAsite %ection "&?8@?b@ of the7ct makes clear that an auditor is not re)uired to physically inspect the cooling tower system ?.3%@

However, onAsite audits may be useful where*

3he risk management plans are comple4

3here are a large number of implementation items

3here are several cooling tower systems

3here are a number of risk management plans applicable to the audit period

Period o) audit

3he audit period must not be greater than 12 months and should cover the period immediately followingthe previous audit period 3here may be circumstances where an audit period covering less than 12months may be necessary

3here may be issues concerning the audit period when there is change of ownership, or when acompany is put under administration Bnder these circumstances, the 9egionella 3eam should becontacted to discuss the particular issue

%ome audit periods may cover intervals where a cooling tower system was shut down If a cooling towersystem is shut down for any length of time, it is still deemed to be in operation unless it has beendecommissioned and that action notified to the Department

However, there may be no service re)uirements or service documents during these intervals %hut downprocedures, particularly if they are routine to the process served by the cooling tower system should bedefined in the risk management plan

&


8/35


Decommissioning of a tower re)uires that the following to have occurred*

3he system is completely drained of water and

3he power supply to the system is disconnected and

3he water supply to the system is disconnected

3he term shut down means that the cooling tower system is temporarily not in use 3hey are stillre)uired to be registered and an audit must be conducted

$hanges o) ownership during an audit period

:here there is a change of ownership during the audit period, it is e4pected that the new owner maytake on the risk management plan developed for the former owners %ome new owners may have therisk management plan reviewed and incorporate changes into the old risk management plan

#evertheless, an auditor can only work on the risk management plans and documents supplied :herethere is doubt on this matter, an auditor is advised to contact the 9egionella 3eam

Addressing the risks

7n audit worksheet has been developed to assist in the audit 3he worksheet contained in Attachment 1uses the full wording of the risks, as specified in the $egulations 7uditors may use this tool or amend itto suit their needs

3o determine whether the risks have been addressed, auditors should read the risk management planand look for references to these risks

3he risk management plan should list the risk, together with a brief assessment of the likelihood andimpact of the risk 3emplates in 7ttachment 2 of A Guide to 'e(eloping "isk &anagement Plans forCooling )ower *ystemsprovide an e4ample of this listing

5orming an opinion

3he audit worksheet contained inAttachment &provides auditors with an optional tool to record whetheractions in the plan are being implemented

In order for an auditor to form an opinion that a risk management plan is being implemented, they mustview evidence that all of the actions in relation to the risks are being implemented, within the timelinesspecified in the plan

:here timelines are not indicated, auditors must assume that the action was to be undertaken during theperiod covered by the audit period

!


9/35


Audit noti)ication

It is a re)uirement of the 7ct that a risk management plan is audited annually by an approved auditor3he 7ct also re)uires that the approved auditor must give the %ecretary a copy of the information in theaudit certificate within ( days after completing the certificate

$ompleting an audit certi)icate

7n auditor must produce a certificate once an opinion has been formed as to whether or not the riskmanagement plan has addressed the specified risks and whether the risk management plan has beenimplemented and whether the risk management plan was reviewed within 12 months prior to the audit

%ection "&?'@ re)uires an auditor to give the certificate to the person who commissioned the audit and acopy of the information on the certificate to the Department

7 blank certificate can be downloaded from the Department;s website at*


7 completed e4ample of an audit certificate is provided in Attachment +

3he information contained in the audit must be sent by email to the Department within ( days of the auditcertificate date and must be in the spreadsheet provided

8
http://www.health.vic.gov.au/environment/legionella/auditorshttp://www.health.vic.gov.au/environment/legionella/auditors


10/35


%ection 7* F1 Does the risk management planaddress the risks

3his section describes how an auditor determines if a risk management plan complies with there)uirements of the 7ct

%ection "1 of the 7ct re)uires that a risk management plan must be prepared and*

+#, )he risk management plan must-

+a, address the risks prescribed in respect of cooling tower systems and set out the steps tobe taken to manage the risks

+b, set out the steps to be taken to ensure compliance with any risk managementre/uirements relating to the cooling tower system

+c, include any other matters prescribed for the purposes of this section1

+d, be in the appro(ed form.#

Prescried risks

$egulation 81 prescribes the risks that must be addressed in the risk management plan 3able 1provides a summary of the prescribed risks

0ale 1: Prescried risks

1 Stagnant water6including the lack of water recirculation in a cooling tower system and thepresence of deadAend pipework and other fittings in a cooling tower system

2 7utrient growth6 includingC

resence of biofilm, algae and protoJoa in a cooling tower system and

:ater temperature within a range that will support rapid growth of microorganisms

in a cooling tower system and

K4posure of the water of a cooling tower system to direct sunlight

& Poor water 8ualit*6including the presence of solids, 9egionella and high levels ofmicroorganisms in a cooling tower system

! De)iciencies in a cooling tower s*stem6including deficiencies in the physical design,condition and maintenance of the system

8 0he location o)6 and access to6 a cooling tower or cooling tower s*stem6 including thepotential for environmental contamination of the system and the potential for e4posure ofpeople to the aerosols of the system

' An* matters included in a reportdelivered to the owner of the land for the purposes ofsection "2?2@?c@ of the 7ct

17t the time of printing, the Department had not prescribed any other matters under sub section ?c@

2 7t the time of printing, there is no approved form for a risk management plan 7 risk management plan is re)uired to contain the

information specified in the 7ct

'


11/35


2isk management re8uirements

%ection "1?2@?b@ of the 7ct re)uires that the risk management plan sets out the steps to be taken toensure compliance with any risk management re)uirements relating to the cooling tower system 3able 2provides a summary of the risk management re)uirements

0ale &: 2isk management re8uirements

1 0he preparation6 content6 review and audit o) a risk management plan6 including theconduction of a risk management plan audit

2 0he construction6 installation6 operation6 maintenance6 repair6 service and testing o)a cooling tower s*stem9

& $ontrol measures used in respect o) a cooling tower s*stem6 including the responseto unsatisfactory microbiological results

Attachment 1 contains an audit worksheet that has been developed by the Department to assistauditors undertaking an audit in respect of a risk management plan 3he audit worksheet uses the fullwording of the risks, as specified in the $egulations 7uditors may use this tool or amend it to suit theirneeds

Attachment &provides e4amples of various measures available to owners to improve a cooling towersystem and address the specified risks 3his list may help auditors understand what improvements oractions relate to particular risks it does not mean that all these actions are necessarily needed for eachcooling tower system

3o determine whether the risks have been addressed, auditors should read the risk management plan

and look for references to these risks

3he risk management plan should list the risk, together with a brief assessment of the likelihood andimpact of the risk 3emplates in 7ttachment 1 of the Guide to 'e(eloping "isk &anagement Plans forCooling )ower *ystemsprovides an e4ample of this 7 copy of that Guide is available from theDepartment;s website at*

wwwhealthvicgovau6environment6legionella6riskAplans

An* matters that are contained in a risk management plan that are not re8uired to e in the riskmanagement plan do not have to e considered during the audit9

(
http://www.health.vic.gov.au/environment/legionella/risk-planshttp://www.health.vic.gov.au/environment/legionella/risk-plans


12/35


2isk management plan structure

3he Guide to 'e(eloping "isk &anagement Plans for Cooling )ower *ystems provides a framework andtemplate for undertaking a risk assessment and addressing the specified risks 7lthough riskmanagement plans are not re)uired to follow this format, the maEority of authors follow the template inthat Guide

7 risk management plan would normally also include the following components*

site and contact details

assessment of each specified risk

summary of the overall risk classification

details of the system collected during the risk assessment process

strategies, operational programs or works to address the specified risks

details of the process to follow in response to unsatisfactory sample results&

timelines within which works are intended to occur %ome may have a separate action plan for

system improvement

attachments or references to other documents such as operational plans, shutAdown procedures

and communication plans

the date the risk management plan was endorsed

t is important that timelines e speci)ied )or all actions re)erred to in a risk management plan9 ) arisk management plan does not include a timeline )or a particular action or repair6 auditors mustassume the works should have een completed within the period covered * the risk

management plan

7s discussed earlier, each cooling tower system must have an individual risk management plan preparedfor that system However, where there are multiple systems on the same site, it is acceptable to haveindividual plans contained in a single document

& 3he Department has developed flow charts ?7ttachments 7, L .@ that can be followed in the event of an unsatisfactory result

7 risk management plan can nominate to follow the flowcharts or describe a different response 7 risk management plan may

nominate to follow 5low .hart 7 and 5low .hart in response to a high H.. result In the event of a high H.. following either

flow chart will result in a compliant audit


13/35


%ection * F2 :as the risk management planimplemented

3his section describes the types of documents that an auditor must inspect to determine whether the riskmanagement plan has been implemented during an audit period

3he first step is to clearly identify the actions the risk management plan says will be completed orundertaken during the period

3he second step is to sight the evidence ?in the form of documents@ that will allow you to determinewhether the actions have been undertaken or completed during the period

5or the purposes of an audit, $egulation 82 re)uires that an auditor must inspect the following

documents*

1 2isk management plan93he primary reference document for an audit is the risk management planitself 7uditors should check that it clearly identifies the cooling tower system to which it applies andthat it is signed off and dated by the system owner or operator

:hen reviewing the risk management plan the auditor should also consider*

2isk management plan review/s 3he risk management plan should have been reviewed at

least once prior to the audit as a result of which changes may have been made to there)uirements of the plan 7uditors will need to identify how many risk management plans applyduring the audit period and whether the risk management re)uirements for those plans differDocuments for service, maintenance, cleaning, inspections, testing and improvements will need

to be sorted to match the risk management plans and audited against the relevant re)uirements

5or e4ample, where a risk management plan review is conducted midway through the auditperiod and as a result the 9egionella sampling fre)uency is changed from )uarterly to monthly,an auditor will need to check that 9egionella samples were taken )uarterly for the portion of theaudit period covered by the original risk management plan and that 9egionella samples weretaken monthly during the remaining part of the audit period as re)uired by the reviewed riskmanagement plan

;ptional variation 3he system owner or operator may have elected to implement an =ptional

/ariation declared under section " of the Public ealth and !ellbeing Act200 %uch variationsare usually sought by industries associated with continuous production, where interruptions tothe cooling tower system ?such as for cleaning@ cannot be easily made and the details of thevariations must be incorporated into the risk management plan ore information about optional

variations is available from the Department;s website at*

wwwhealthvicgovau6environment6legionella

&9 Documents that contain the details o) all repair6 maintenance and testing work carried out onthe cooling tower s*stem within the period to e audited6 including:

!acterial test results?H.. and 9egionella@

$hemical parameters test results

$ooling tower s*stem service reports

$ooling tower s*stem inspection records

2ecords o) maintenance6 repairs and testing :here company staff perform regular

checks6inspections on e)uipment, signedAoff check sheets with dates and times may be relevantIn some cases, the files will contain written reports, invoices or photographs of work completed

"
http://www.health.vic.gov.au/environment/legionellahttp://www.health.vic.gov.au/environment/legionella


14/35


Supplementar* plansthat support implementation

2ecords o) an* remedial actions conducted in response to an unsatis)actor*

microiological sample test

3he Department has distributed a site kit to cooling tower system owners to assist them in collating andstoring all relevant records and documents re)uired for auditing purposes 7lternately, some companieshave their own systems in place to collate and store these records and documents

3he audit worksheet contained in Attachment &provides auditors with an optional tool to record whetheractions in the plan are being implemented

In order for an auditor to form an opinion that a risk management plan is being implemented, they mustview evidence that all of the actions in relation to the risks are being implemented within the timelinesspecified in the plan

:here timelines are not indicated, auditors must assume that the action was to be undertaken during theperiod covered by the risk management plan

%ome risk management plans may cover multiple years and auditors must ensure that they only auditthose actions that were completed during the audit period However, note that the 7ct re)uires riskmanagement plans to be reviewed at least annually, and therefore if the review has necessitatedchanges to the risk management plan, the review becomes the new risk management plan =ther riskmanagement plans may have supplementary implementation plans, setting out actions and timelines

If an action has not been completed within the timeline specified but does not have a bearing uponaddressing a specified risk, this should not lead an auditor to form the opinion that the plan is not being

implemented

Difficulties may be presented in auditing parts of a risk management plan that have no bearing on any ofthe specified risks Generally, an auditor should only be auditing a risk management plan against thespecified risks 7n e4ample of this is where cosmetic changes to the cooling tower system were intendedto be undertaken during the audit period to make the cooling tower appear more acceptable tosurrounding tenants

2ecommendations contained in a risk management plan that have not een accepted are outsidethe scope o) the audit9

10


15/35


0he % steps to assess risk management plan implementation

3he following ' steps must be undertaken by auditors so that consistent results are achieved whenassessing risk management plan implementation*

1 9ist all actions re)uired by risk management plan

2 K4amine any e4tra re)uirements6actions where an optional variation under section " hasbeen implemented

& .heck all the documentation provided for the audit to determine the number of timeseach action has occurred within the audit period

! 7pply a "0 per cent compliance rate to each action

8 7pply prescribed time tolerances to all actions listed in risk management plan

' Determine if the risk management plan has been implemented and is compliant over the

audit period

Step 1 < List all actions

5or e4ample, a risk management plan may stipulate*

four tower cleans per annum ?! actions@

monthly servicing ?12 actions@

monthly inspections ?in between services@ ?12 actions@

monthly H.. testing ?12 actions@

9egionella testing every three months ?! actions@

removal of two deadlegs ?2 actions@

installation of auto dosing e)uipment ?1 action@

installation of a new drift eliminator on one tower ?1 action@

use of alternate biocides each month ?12 actions@

7n auditor must e4amine the audit period to determine the number of times each type of action wasre)uired in that period by the risk management plan

Step & < ;ptional =ariations

7n auditor is then re)uired to e4amine the additional re)uirements6actions that may be re)uired becausean =ptional /ariation has been implemented

It is a re)uirement that the details of the optional variation must be incorporated in the risk

management plan 5ailure to include all the details will result in a nonAcompliant audit ?ie theanswer to )uestion 1 is no@

#onAconformance to any of these e4tra conditions or actions will result in a nonAcompliant audit

?ie the answer to )uestion 2 is no@

rescribed time tolerances ?refer to step 8 in this section@ are to be e4ercised here to include anye4tra actions for maintenance re)uired, as a condition of the variation being granted

11


16/35


Step + < Documentation

7n auditor is re)uired to view the documentation that is evidence that the action has been conducted3he Guide to 'e(eloping "isk &anagement Plans for Cooling )ower *ystems provides e4amples of theinformation that would be e4pected in some of the common reports relating to maintenance and testingof cooling tower systems

Step 4 < 3#> compliance rate

7 minimum "0> compliance rate for each type of action must be demonstrated 3he auditor should makea note of the nonAcompliant issues on the audit certificate ?see attachment &@

0ale +: 3#> $ompliance rate

7umer o) times speci)ied )or an action in 2-P

during audit period@

7umer o) times needed )or 3#> compliance o) an

action

1 1

2 2

& &

! !

8 8

' 8

( '

(

"

10 "

11 10

12 11

# n 4 "0> and rounded off to nearest number

12


17/35


0ale 4: 3#> $ompliance rate calculated )or the e(ample used in Step 1

Action 7umer o) times speci)ied in 2-P

per annum@

7umer o) actions needed to

demonstrate 3#> compliance )or an

action

3ower cleans ! !

onthly servicing 12 11

onthly inspections 12 11

onthly H.. testing 12 11

iAmonthly 9egionellatesting

' 8

$emoval of two deadlegs 2 2

Installation of auto dosinge)uipment

1 1

Installation of new drift

eliminator on one tower

1 1

Bse of alternate biocideseach month

12 11

7ote that the e(ample provided aove would have to e adusted to correspond with thelength/period o) the audit6 which ma* not e )or the )ull 1& months9

Step . < 0ime tolerances

7n owner or operator may have difficulty undertaking regular cooling tower system services on time for a

number of different reasons, including short months, long weekends, holiday periods, key personnelbeing on leave or service vehicle6e)uipment breakdowns 3his has resulted in a number of nonAcompliant audits in the past

7 system of time tolerances has been put into place to overcome such difficulties 3he delay of serviceswithin the provided tolerances is seen to have minimal effect on outcomes of actions committed to by therisk management plan

Auditors must take into account these time tolerances when assessing compliance9

5or auditing purposes only, the prescribed time tolerances for actions are provided in 3able 8

0ale .: Prescried time tolerances

nterval 0olerance

' monthly 6 biAannually M 1 month

& monthly 6 )uarterly M 2 weeks

2 monthly M 10 days

onthly M ( days

fortnightly6 2 weekly M & days ?or the first working day following a longweekend@

weekly 6 ( days M & days ?or the first working day following a long

weekend@

2! hours M 1 day

1&


18/35


5or e4ample, a )uarterly action must occur within three calendar months, plus two weeks into thefollowing month

9ikewise, a monthly!action must occur at least within the following calendar month, plus ( daysHowever, this would not result in a compliant audit ?if taken to the e4treme@ where only ' services wereprovided over a year, when there should have been 12 services %tep 8 of these Guidelines provides for

a minimum "0> compliance rate for any action listed in the risk management plan, and therefore 12services would need at least 11 services for compliance of this action

) an action occurs outside o) the prescried time tolerances6 it should e considered that theaction is unacceptale and nonBcompliant with regard to the risk management plan9

Step % < mplementation

It is re)uired that an auditor establishes whether*

all specified risks are addressed by the risk management plan and

all risk management re)uirements are addressed by the risk management plan and

each of the different type of actions has been implemented at least to a level of "0 per cent ?with

specified time tolerances e4ercised@ over the audit period and

a review of the risk management plan was conducted within 12 months prior to the audit

5or an audit, failure of the risk management plan to comply with any of these four points must result in afinding of nonAcompliance

! 3here has been a re)uest for clarification on the interpretation of Nmonthly; 3he Department;s position is that Nmonthly; means

that an action, such as a cooling tower system service, must be undertaken at leastonce each calendar month, with a total of

12 actions re)uired per year 5or e4ample, 1stservice performed on 10 thOanuary so ne4t service is due on any day in 5ebruary

?or by (tharch to have occurred within prescribed time tolerance@

5re)uencies prescribed by risk management plans do vary from site to site and there will be some cases where Nmonthly; is

defined by a risk management plan as a &06&1 day period In this case, it is appropriate for an auditor to check that the action

occurred within each &06&1 day period, for e4ample, 1 stservice performed on 10 thOanuary so ne4t service is due by 10th

5ebruary ?and by 1(th5ebruary to have occurred within prescribed time tolerance@

1!


19/35


%ection .* F& :as the risk management planreviewed

3his section describes how an auditor determines when a review of a risk management plan is re)uiredand describes what a review should include

%ection "2?1@ of the 7ct re)uires the owner of any land on which there is a cooling tower to ensure therisk management plan has been reviewed at least once within each 12 month period

%ection "2?2@ of the 7ct also re)uires that a risk management plan be reviewed if*

?a@ 9egionella is detected in the cooling tower system on 2 or more occasions in any period of 12months or

?b@ the owner of the land is given written advice by the %ecretary that a case of legionnairesP disease

is associated with the cooling tower system or?c@ the owner of the land receives a report from the %ecretary or from any person engaged by the

owner of the land or the owner of the cooling tower system that control measures used in respectof the cooling tower system are inade)uate or re)uire improvement or

?d@ there is a significant change inC

?i@ any of the environmental conditions under which the cooling tower system operates or

?ii@ the operation of the cooling tower system or

?e@ the owner of the land receives an audit certificate that states that the risk management plan doesnot address the prescribed risks

$egulation 81?f@ of the $egulations re)uires any matters included in a report delivered to the owner ofthe land for the purposes of section "2?2@?c@ of the 7ct to be addressed by the risk management plan

7 risk management plan review should be in writing and set out the scope of the review It should includethe date and name of the person 6 company that conducted the review 7 review needs to*

.onsider each aspect of the plan

.onsider any changes to the environment operational program and any physical changes to the

system

Determine if there have been any changes that would re)uire further investigation

$ecommend any changes re)uired to ensure the risks are managed

It is important to understand that the review may result in changes to*

the operation6maintenance of a system

the system itself and6or

the risk management plan

It is acceptable to have multiple risk management plans in place during the audit period 7n auditorneeds to determine the period to which each risk management plan applies and determine if the plan has

been implemented for that period

It is also acceptable for a risk management plan review to amend timelines set in previousplans.

18


20/35


7ttachment 1* 7udit worksheet

Applicant Position

Land owner CTS SID

Site address

Audit period

Does the $ address the risks specified in the ublic

Health and :ellbeing $egulations 200"

Does the $ identify action associated with

the specified risks

Is the identified action ?and therefore, the $@ being implemented

%pecified risks $esponse $eference $esponse Details $esponse %ource of

information

.omment

1 Stagnant water, including

11 the lack of water

circulation in a system

12 the presence of deadA

end pipework and other

fittings in a system

1'


21/35


Attachment 1 continued: Audit worksheet


Health and :ellbeing $egulations 200"?continued@


the specified risks

Is the identified action ?and therefore, the $@ being

implemented


information

.omment

2 7utrient growth,

includingA

21 the presence of biofilm,

algae and protoJoa in a

system

iodispersant used

.leaning fre)uency

22 water temperature within

a range that will support

rapid growth of

microorganisms in a system

2& the e4posure of the

water in a system to direct

sunlight

1(


22/35


Attachment 1 continued: Audit worksheets


Health and :ellbeing $egulations 200"?continued@


the specified risks


implemented


information

.omment

& oor water )uality,

including the presence in a

system of A

%ervice fre)uency

&1 solids

&2 0egionella 0egionellatesting fre)uency

&& high levels of

microorganisms

H.. testing fre)uency

1


23/35




Health and :ellbeing $egulations 200" ?continued@


the specified risks


implemented


information

.omment

! Deficiencies in a system,

including deficiencies in the A

!1 physical design

!2 condition Inspection fre)uency

!& maintenance ?of thesystem@

1"


24/35




Health and :ellbeing $egulations 200" ?continued@


the specified risks


implemented


information

.omment

8 9ocation of and access to

the tower or system, including

the potential for*

81 environmental

contamination of the system

%ide stream filter

82 e4posure of people to the

aerosols of the system

:arning signs

$eview of working environment

20


25/35


26/35


Attachment 1 continued: 2esult o) audit

Determination of auditor $esponse If no, the reasons why the auditor holds that opinion

10 Does the plan address the specified risks

11 Is the plan being implemented

12 Has the $ been reviewed within the last 12

months prior to the audit period end date

?record date6s of review6s within the last 12 months@

#ame of auditor .ontact person and details

Date certificate issued 3o whom issued

:hether premises visited 3ime taken* reAaudit 3ravelling 7udit ostAaudit

22


27/35


Attachment 1 continued: Summar* o) test6 service and cleaning reports

Audit period: CTS:

onth 3est reports %ervice reports .leaning reports

Date H.. results 9egionella results $emedial action Date .omments Date .omments

2&


28/35


Attachment 1 continued: Audit ;servations

Audit period: CTS:

Fuestion %ource of

information

$esponse .omments6Details

1 Does the plan incorporate the DH risk management

plan template

2 Is the plan intended to address the risks of system,

as distinct from the risks of the cooling tower6s

& Is the plan intended to address the risks of other

systems

! 7ccording to the plan, what is the overall risk

classification category of the system

8 Does the plan include an operational program

' Is the operational program being implemented

( Does the plan include a communication strategy

Does the plan include a positive 9egionella testnotification list

" Has the plan been endorsed by the owner of the

land and6or of the system

10 7re arrangements in place to review the plan

annually ?according the re)uirements of the ublic

Health and :ellbeing 7ct@

2!


29/35


7ttachment 2* K4amples of measures to improve a system and addressthe specified risks

2isk Assessment Action

%tagnant water resence of deadlegs

%ystem is idle for greater than one month

$ecirculating pump fitted

Deadlegs mapped

Deadlegs activated

Deadlegs removed

Increased cleaning fre)uency

#utrient growth K4posure of wetted surfaces to sunlight

3emperature above 20Q.

resence of biofilm

Installation of devices to protect wetted surfaces ?eg

louvres or screens@

Bse of biodispersants and corrosion control agents

onitoring temperature


oor water )uality resence of solids6state of cleanliness

resence of 9egionella

High levels of micro organisms ?H..@


Increased microbial monitoring for H.. and 9egionella

.hanges to biocide, biodispersant, corrosion inhibitor

dosing regime

Installation of auto dosing devices

Installation of auto bleed devices

Installation of side stream filters

Identification of set sampling points

28


30/35


31/35


7ttachment &* K4ample of a completed auditcertificate

Pulic Health and "elleing Act #,

ublic Health and :ellbeing $egulations 200"

2SC -A7A'-'70 PLA7 AD0 $'205$A0'

$egistration number of cooling tower

system ?ie .3% number@

.3% """"

$egistration site identification number ?ie

%ite ID number@

%ID (02&

7ddress of cooling tower system 12& %ystem $d, .==93=:# &"""

#ame of owner of the land Bsers .3% ty 9td

#ame of person who commissioned this

audit

5red %impson, aintenance %upervisor,

7.K 69

7udit period applicable to this certificate 286&6200" < 2!6&62010

F1 Does the risk management plancomply with section "1?2@ of the ublic

Health and :ellbeing 7ct 200

If no, state the reasons why you hold that

opinion

Ues

F2 Is the risk management plan being

implemented

If no, state the reasons why you hold that

opinion

#o

3he reason that the 7uditor is of that

opinion is set out on page 2

F& :as the risk management plan

reviewed within the 12 months prior to the

audit date

#o

#o documents were sighted showing a

review of $ had taken place

#ame of auditor Given name %urname

7lbert $oss

7pproved auditor number 00(

%ignature of auditor

Date of audit 2! arch 2010

2(


32/35


Attachment + continued@

'(ample o) an attachment to a risk management plan audit certi)icate

$isk management plan for .3% """" at 12& %ystem $d, .ooltown &"""

Date of audit* 2! arch 2010

3he 7uditor had regard both to the original risk management plan dated 1 Oune 2002 and to an amendedversion dated arch 200

3he 7uditor is of the opinion that the risk management plan is not being implemented because*

.leaning fre)uency < Documentation was not provided to show that cleaning occurred between

the commencement of the audit period on 286&6200" and 106&62010

%ervice fre)uency < Documentation was not provided to show that servicing occurred during the

periods* 126!6200" to 1160"6200", and "6126200" to 26262010

0egionellatesting < Documentation was not provided to show that 0egionellatesting occurred

between 116"6200" and 26262010

H.. testing < Documentation was not provided to show that H.. testing occurred between

126!6200" and 116"6200"

Drift eliminators < Documentation was not provided to show that the drift eliminators are high

efficiency, and that they were inspected and maintained every ' months

Inspection fre)uency < Documentation was not provided to show that inspections were carried

out weekly

"eferral of certificate under *ection 9+6,

3o meet the re)uirements of %ection "&?'@ of the Public ealth and !ellbeing Act200, the information

contained in this certificate has been sent to the 9egionella 3eam, Department of Health

2


33/35


7ttachment !* %ample of DH format oficrosoft K4cel spreadsheet

#otification of all audits ?compliant and nonAcompliant audits@ must be notified to the department usingthe specified e4cel spreadsheet which is available from the Department;s website at*


7ote: Do not send duplicate audits create a new spreadsheet )or new noti)ications@ to e sentin@9

#ame the file with your auditor number and the date you are sending it ?using this date formatAyyyymmdd eg auditor 133 sent ##1&3@ then email it tolegionella+healthvicgovauon a weeklybasis

2"
http://www.health.vic.gov.au/environment/legionella/auditorsmailto:[email protected]:[email protected]://www.health.vic.gov.au/environment/legionella/auditorsmailto:[email protected]


34/35


Attachment 4: Sample o) DH )ormat o) -icroso)t '(cel spreadsheet continued@

$0S D SD D

7ame o) person

who

commissioned

this audit

AuditorEs

numer

AuditorEs

surname

Audit

period

start

date

Audit

period

end

date

Date o)

certi)icate

Answer

to

8uestion

1

Answer

to

8uestion

&

Answer

to

8uestion

+

2easons

wh* the

audit )ailed

;servations

&0


35/35

7ttachment 8* Bseful documents andresources

19 Department o) Health "esite

wwwhealthvicgovau6environment6legionella

&9 Legislation "esite


+9 Department o) Health $ontacts

Legionella 0eam:

Kmail address* legionella+healthvicgovau

hone* 100 2! "

49 se)ul documents

A Guide to 'e(eloping "isk &anagement Plans for Cooling )ower *ystemsDepartment of Health

.ooling 3ower %ystem < 9egionella $isk anagement %ite VitDepartment of Health
http://www.health.vic.gov.au/environment/legionellahttp://www.legislation.vic.gov.au/http://www.legislation.vic.gov.au/mailto:[email protected]://www.health.vic.gov.au/environment/legionellahttp://www.legislation.vic.gov.au/mailto:[email protected]

DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems

Documents

Transcript of DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems