DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
-
Upload
godfrey-jatho -
Category
Documents
-
view
222 -
download
0
Transcript of DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
1/35
Department of Health
Guidelines for auditing riskmanagement plans for coolingtower systems
2011
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
2/35
If you would like to receive this publication in an accessible format, please phone 100
2! " using the #ational $elay %ervice 1& &' (( if re)uired, or email*legionella+healthvicgovau
- .opyright, %tate of /ictoria, Department of Health, 2011
ublished by the Health rotection ranch, /ictorian Government, Department of Health, elbourne,
/ictoria 3his publication is copyright, no part may be reproduced by any process e4cept in accordance
with the provisions of the Copyright Act 1968.
3his document is also available in D5 format on the internet at*
wwwhealthvicgovau6environment6legionella6auditorshtm
7uthorised by the %tate Government of /ictoria, 80 9onsdale %treet, elbourne
DHD/11/44
age ii
mailto:[email protected]://www.health.vic.gov.au/environment/legionella/auditors.htmmailto:[email protected]://www.health.vic.gov.au/environment/legionella/auditors.htm -
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
3/35
.ontents
Purpose 4
Legislation 4
3he ublic Health and :ellbeing 7ct 200 !
ublic Health and :ellbeing $egulations 200" &
3he Department;s role &
Audit overview 4
.ommissioning an audit !
%cope of the audit !
eriod of audit !
.hanges of ownership during an audit period 8
7ddressing the risks 85orming an opinion 8
7udit notification '
.ompleting an audit certificate '
Section A: Does the risk management plan address the risks?
rescribed risks (
$isk management re)uirements
$isk management plan structure "
Section !: "as the risk management plan implemented? 1#
3he ' steps to assess risk management plan implementation 12
%tep 1 < 9ist all actions 12
%tep 2 < =ptional /ariations 12
%tep & < Documentation 1&
%tep ! < "0> compliance rate 1&
%tep 8 < 3ime tolerances 1!
%tep ' < Implementation 18
Section $: "as the risk management plan reviewed? 1%
Attachment 1: Audit worksheet 1
Attachment &: '(amples o) measures to improve a s*stem and address the speci)ied risks &%
Attachment +: '(ample o) a completed audit certi)icate &,
Attachment 4: Sample o) DH )ormat o) -icroso)t '(cel spreadsheet +#
Attachment .: se)ul documents and resources +&
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
4/35
urpose
3hese Guidelines for auditing risk management plans for cooling tower systems are intended to assist
approved auditors to audit a risk management plan for a cooling tower system 3his guide includestemplates that can be used in the auditing process and a spreadsheet that must be used to provide auditresults to the Department of Health ?the Department@
3hese guidelines e4plain how to put the auditing re)uirements of the Public ealth and !ellbeing Act200 and Public ealth and !ellbeing "egulations #$$9into practice
5ollowing the directions in this guide is a condition of certification as an approved auditor
3his guide replaces the previous Guidelines for auditing risk management plans for cooling towers
systemsdated 1 arch 2008
9egislation
0he Pulic Health and "elleing Act #,
2egistration
3he Public ealth and !ellbeing Act #$$8?the 7ct@ re)uires that all cooling tower systems in /ictoria beregistered with the Department Information about cooling tower system registration is available at on theDepartment;s website at*
wwwhealthvicgovau6environment6legionella6inde4
3he 7ct is available from the /ictorian 9egislation and arliamentary Documents website*
wwwlegislationvicgovau
Pulic register
3he 7ct re)uires that the %ecretary to the Department of Health ?the %ecretary@ keeps a register of allcooling tower systems and that this register is available for inspection by the public
7 webAbased register of cooling tower systems is available on the Departments website at*
wwwhealthvicgovau6environment6legionella6inde4
3he register contains information such as the site address, site and cooling tower system identificationnumbers and registration dates of all cooling tower systems registered in /ictoria
http://www.health.vic.gov.au/environment/legionella/indexhttp://www.legislation.vic.gov.au/http://www.health.vic.gov.au/environment/legionella/indexhttp://www.health.vic.gov.au/environment/legionella/indexhttp://www.legislation.vic.gov.au/http://www.health.vic.gov.au/environment/legionella/index -
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
5/35
Guidelines for auditing risk management plans for cooling tower systems
2isk management plans
3he 7ct re)uires the owner of the land on which there is a cooling tower to ensure that a riskmanagement plan e4ists at all times the cooling tower system is in operation
Bnder section "1?2@ of the 7ct, this risk management plan mustC
?a@ address the risks prescribed in respect of cooling tower systems and set out the steps to betaken to manage the risks
?b@ set out the steps to be taken to ensure compliance with any risk management re)uirementsrelating to the cooling tower system
?c@ include any other matters prescribed for the purposes of this section
?d@ be in the approved form
%ection 7 of this guide describes how an auditor determines if a risk management plan complies with there)uirements of the 7ct
Annual audit
%ection "&?1@ of the 7ct re)uires that the risk management plan for a cooling tower system is auditedannually
7s per section "&?&@ of the 7ct, the obEective of an audit is for the auditor to determine if the riskmanagement plan*
?a@ meets all the re)uirements of the 7ct
?b@ has been implemented throughout the audit period and
?c@ has been reviewed in the 12 months prior to the audit
3hese are later referred to as F1, F2 and F&
5urther assistance in determining whether a risk management plan complies with the re)uirements of the7ct and has been implemented and reviewed is provided in sections 7, and . of this guide
Approved auditors
%ection "8 of the 7ct states that only an approved auditor can conduct the annual risk management planaudit 7pproved 7uditors are certified by the %ecretary
Information about becoming a certified auditor and grounds for revoking certification is outlined in thedocument %nformation about "&P Auditor Certification, which is available on the Department;s websiteat*
wwwhealthvicgovau6environment6legionella6auditors
1
http://www.health.vic.gov.au/environment/legionella/auditorshttp://www.health.vic.gov.au/environment/legionella/auditors -
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
6/35
Guidelines for auditing risk management plans for cooling tower systems
Auditor to inspect documents
In conducting an audit, section "&?!@ of the 7ct re)uires an auditor to inspect all prescribed documentsrelating to the cooling tower system
3he documents to be inspected are prescribed in regulation 82 of the ublic Health and :ellbeing$egulations 200" and include*
the risk management plan
the documents that contain the details of all repair, maintenance and testing work carried during
the audit period
%ection of this guide describes the types of documents that an auditor must inspect to determine if therisk management plan has been implemented
2eviewing risk management plans
%ection "2?1@ of the 7ct re)uires that the risk management plan is reviewed at least once in each 12month period 7dditionally, section "2?2@ re)uires that the risk management plan is reviewed in the eventof the occurrence of certain trigger events
%ection . of this guide describes how an auditor determines when a review of a risk management plan isre)uired and the factors included in the review
Pulic Health and "elleing 2egulations #3
3he ublic Health and :ellbeing $egulations 200" ?the $egulations@ outline the maintenancere)uirements for cooling tower systems
It is important that auditors have a thorough understanding of the re)uirements of the $egulations inorder to successfully complete a cooling tower system risk management plan audit
3he $egulations are available from the /ictorian 9egislation and arliamentary Documents website*
wwwlegislationvicgovau
0he Departments role
3he Department;s 9egionella 3eam plays an important role in investigating cases of 9egionnaires;disease and enforcing the provisions of the 7ct and $egulations regarding cooling tower systems
3he Department responds when notified of all nonAcompliant audits 3he primary concern of the9egionella 3eam in investigating nonAcompliant audits is to ensure that any problems are rectified
3he 7ct also empowers the %ecretary to issue improvement or prohibition notices where there is, or islikely to be, a contravention of the 7ct or regulations
2
http://www.legislation.vic.gov.au/http://www.legislation.vic.gov.au/ -
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
7/35
Guidelines for auditing risk management plans for cooling tower systems
7udit overview
$ommissioning an audit
$esponsibility for ensuring that an audit is undertaken lies with the owner of the land on which thecooling tower system is located However, any person can commission an audit provided they are able toprovide an auditor with a copy of the risk management plan and all relevant records and documentationsupporting its implementation In practice, audits will generally be commissioned by system operators orthe land owner;s agent or property manager
3he ma4imum time between the audit period end date and the completion of the audit ?ie the signing ofthe certificate@ must not be longer than & months
Scope o) the audit
7n auditor is not re)uired to determine if the plan has ade)uately controlled the risks
3he audit process is designed to be a paper audit and therefore can occur offAsite %ection "&?8@?b@ of the7ct makes clear that an auditor is not re)uired to physically inspect the cooling tower system ?.3%@
However, onAsite audits may be useful where*
3he risk management plans are comple4
3here are a large number of implementation items
3here are several cooling tower systems
3here are a number of risk management plans applicable to the audit period
Period o) audit
3he audit period must not be greater than 12 months and should cover the period immediately followingthe previous audit period 3here may be circumstances where an audit period covering less than 12months may be necessary
3here may be issues concerning the audit period when there is change of ownership, or when acompany is put under administration Bnder these circumstances, the 9egionella 3eam should becontacted to discuss the particular issue
%ome audit periods may cover intervals where a cooling tower system was shut down If a cooling towersystem is shut down for any length of time, it is still deemed to be in operation unless it has beendecommissioned and that action notified to the Department
However, there may be no service re)uirements or service documents during these intervals %hut downprocedures, particularly if they are routine to the process served by the cooling tower system should bedefined in the risk management plan
&
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
8/35
Guidelines for auditing risk management plans for cooling tower systems
Decommissioning of a tower re)uires that the following to have occurred*
3he system is completely drained of water and
3he power supply to the system is disconnected and
3he water supply to the system is disconnected
3he term shut down means that the cooling tower system is temporarily not in use 3hey are stillre)uired to be registered and an audit must be conducted
$hanges o) ownership during an audit period
:here there is a change of ownership during the audit period, it is e4pected that the new owner maytake on the risk management plan developed for the former owners %ome new owners may have therisk management plan reviewed and incorporate changes into the old risk management plan
#evertheless, an auditor can only work on the risk management plans and documents supplied :herethere is doubt on this matter, an auditor is advised to contact the 9egionella 3eam
Addressing the risks
7n audit worksheet has been developed to assist in the audit 3he worksheet contained in Attachment 1uses the full wording of the risks, as specified in the $egulations 7uditors may use this tool or amend itto suit their needs
3o determine whether the risks have been addressed, auditors should read the risk management planand look for references to these risks
3he risk management plan should list the risk, together with a brief assessment of the likelihood andimpact of the risk 3emplates in 7ttachment 2 of A Guide to 'e(eloping "isk &anagement Plans forCooling )ower *ystemsprovide an e4ample of this listing
5orming an opinion
3he audit worksheet contained inAttachment &provides auditors with an optional tool to record whetheractions in the plan are being implemented
In order for an auditor to form an opinion that a risk management plan is being implemented, they mustview evidence that all of the actions in relation to the risks are being implemented, within the timelinesspecified in the plan
:here timelines are not indicated, auditors must assume that the action was to be undertaken during theperiod covered by the audit period
!
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
9/35
Guidelines for auditing risk management plans for cooling tower systems
Audit noti)ication
It is a re)uirement of the 7ct that a risk management plan is audited annually by an approved auditor3he 7ct also re)uires that the approved auditor must give the %ecretary a copy of the information in theaudit certificate within ( days after completing the certificate
$ompleting an audit certi)icate
7n auditor must produce a certificate once an opinion has been formed as to whether or not the riskmanagement plan has addressed the specified risks and whether the risk management plan has beenimplemented and whether the risk management plan was reviewed within 12 months prior to the audit
%ection "&?'@ re)uires an auditor to give the certificate to the person who commissioned the audit and acopy of the information on the certificate to the Department
7 blank certificate can be downloaded from the Department;s website at*
wwwhealthvicgovau6environment6legionella6auditors
7 completed e4ample of an audit certificate is provided in Attachment +
3he information contained in the audit must be sent by email to the Department within ( days of the auditcertificate date and must be in the spreadsheet provided
8
http://www.health.vic.gov.au/environment/legionella/auditorshttp://www.health.vic.gov.au/environment/legionella/auditors -
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
10/35
Guidelines for auditing risk management plans for cooling tower systems
%ection 7* F1 Does the risk management planaddress the risks
3his section describes how an auditor determines if a risk management plan complies with there)uirements of the 7ct
%ection "1 of the 7ct re)uires that a risk management plan must be prepared and*
+#, )he risk management plan must-
+a, address the risks prescribed in respect of cooling tower systems and set out the steps tobe taken to manage the risks
+b, set out the steps to be taken to ensure compliance with any risk managementre/uirements relating to the cooling tower system
+c, include any other matters prescribed for the purposes of this section1
+d, be in the appro(ed form.#
Prescried risks
$egulation 81 prescribes the risks that must be addressed in the risk management plan 3able 1provides a summary of the prescribed risks
0ale 1: Prescried risks
1 Stagnant water6including the lack of water recirculation in a cooling tower system and thepresence of deadAend pipework and other fittings in a cooling tower system
2 7utrient growth6 includingC
resence of biofilm, algae and protoJoa in a cooling tower system and
:ater temperature within a range that will support rapid growth of microorganisms
in a cooling tower system and
K4posure of the water of a cooling tower system to direct sunlight
& Poor water 8ualit*6including the presence of solids, 9egionella and high levels ofmicroorganisms in a cooling tower system
! De)iciencies in a cooling tower s*stem6including deficiencies in the physical design,condition and maintenance of the system
8 0he location o)6 and access to6 a cooling tower or cooling tower s*stem6 including thepotential for environmental contamination of the system and the potential for e4posure ofpeople to the aerosols of the system
' An* matters included in a reportdelivered to the owner of the land for the purposes ofsection "2?2@?c@ of the 7ct
17t the time of printing, the Department had not prescribed any other matters under sub section ?c@
2 7t the time of printing, there is no approved form for a risk management plan 7 risk management plan is re)uired to contain the
information specified in the 7ct
'
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
11/35
Guidelines for auditing risk management plans for cooling tower systems
2isk management re8uirements
%ection "1?2@?b@ of the 7ct re)uires that the risk management plan sets out the steps to be taken toensure compliance with any risk management re)uirements relating to the cooling tower system 3able 2provides a summary of the risk management re)uirements
0ale &: 2isk management re8uirements
1 0he preparation6 content6 review and audit o) a risk management plan6 including theconduction of a risk management plan audit
2 0he construction6 installation6 operation6 maintenance6 repair6 service and testing o)a cooling tower s*stem9
& $ontrol measures used in respect o) a cooling tower s*stem6 including the responseto unsatisfactory microbiological results
Attachment 1 contains an audit worksheet that has been developed by the Department to assistauditors undertaking an audit in respect of a risk management plan 3he audit worksheet uses the fullwording of the risks, as specified in the $egulations 7uditors may use this tool or amend it to suit theirneeds
Attachment &provides e4amples of various measures available to owners to improve a cooling towersystem and address the specified risks 3his list may help auditors understand what improvements oractions relate to particular risks it does not mean that all these actions are necessarily needed for eachcooling tower system
3o determine whether the risks have been addressed, auditors should read the risk management plan
and look for references to these risks
3he risk management plan should list the risk, together with a brief assessment of the likelihood andimpact of the risk 3emplates in 7ttachment 1 of the Guide to 'e(eloping "isk &anagement Plans forCooling )ower *ystemsprovides an e4ample of this 7 copy of that Guide is available from theDepartment;s website at*
wwwhealthvicgovau6environment6legionella6riskAplans
An* matters that are contained in a risk management plan that are not re8uired to e in the riskmanagement plan do not have to e considered during the audit9
(
http://www.health.vic.gov.au/environment/legionella/risk-planshttp://www.health.vic.gov.au/environment/legionella/risk-plans -
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
12/35
Guidelines for auditing risk management plans for cooling tower systems
2isk management plan structure
3he Guide to 'e(eloping "isk &anagement Plans for Cooling )ower *ystems provides a framework andtemplate for undertaking a risk assessment and addressing the specified risks 7lthough riskmanagement plans are not re)uired to follow this format, the maEority of authors follow the template inthat Guide
7 risk management plan would normally also include the following components*
site and contact details
assessment of each specified risk
summary of the overall risk classification
details of the system collected during the risk assessment process
strategies, operational programs or works to address the specified risks
details of the process to follow in response to unsatisfactory sample results&
timelines within which works are intended to occur %ome may have a separate action plan for
system improvement
attachments or references to other documents such as operational plans, shutAdown procedures
and communication plans
the date the risk management plan was endorsed
t is important that timelines e speci)ied )or all actions re)erred to in a risk management plan9 ) arisk management plan does not include a timeline )or a particular action or repair6 auditors mustassume the works should have een completed within the period covered * the risk
management plan
7s discussed earlier, each cooling tower system must have an individual risk management plan preparedfor that system However, where there are multiple systems on the same site, it is acceptable to haveindividual plans contained in a single document
& 3he Department has developed flow charts ?7ttachments 7, L .@ that can be followed in the event of an unsatisfactory result
7 risk management plan can nominate to follow the flowcharts or describe a different response 7 risk management plan may
nominate to follow 5low .hart 7 and 5low .hart in response to a high H.. result In the event of a high H.. following either
flow chart will result in a compliant audit
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
13/35
Guidelines for auditing risk management plans for cooling tower systems
%ection * F2 :as the risk management planimplemented
3his section describes the types of documents that an auditor must inspect to determine whether the riskmanagement plan has been implemented during an audit period
3he first step is to clearly identify the actions the risk management plan says will be completed orundertaken during the period
3he second step is to sight the evidence ?in the form of documents@ that will allow you to determinewhether the actions have been undertaken or completed during the period
5or the purposes of an audit, $egulation 82 re)uires that an auditor must inspect the following
documents*
1 2isk management plan93he primary reference document for an audit is the risk management planitself 7uditors should check that it clearly identifies the cooling tower system to which it applies andthat it is signed off and dated by the system owner or operator
:hen reviewing the risk management plan the auditor should also consider*
2isk management plan review/s 3he risk management plan should have been reviewed at
least once prior to the audit as a result of which changes may have been made to there)uirements of the plan 7uditors will need to identify how many risk management plans applyduring the audit period and whether the risk management re)uirements for those plans differDocuments for service, maintenance, cleaning, inspections, testing and improvements will need
to be sorted to match the risk management plans and audited against the relevant re)uirements
5or e4ample, where a risk management plan review is conducted midway through the auditperiod and as a result the 9egionella sampling fre)uency is changed from )uarterly to monthly,an auditor will need to check that 9egionella samples were taken )uarterly for the portion of theaudit period covered by the original risk management plan and that 9egionella samples weretaken monthly during the remaining part of the audit period as re)uired by the reviewed riskmanagement plan
;ptional variation 3he system owner or operator may have elected to implement an =ptional
/ariation declared under section " of the Public ealth and !ellbeing Act200 %uch variationsare usually sought by industries associated with continuous production, where interruptions tothe cooling tower system ?such as for cleaning@ cannot be easily made and the details of thevariations must be incorporated into the risk management plan ore information about optional
variations is available from the Department;s website at*
wwwhealthvicgovau6environment6legionella
&9 Documents that contain the details o) all repair6 maintenance and testing work carried out onthe cooling tower s*stem within the period to e audited6 including:
!acterial test results?H.. and 9egionella@
$hemical parameters test results
$ooling tower s*stem service reports
$ooling tower s*stem inspection records
2ecords o) maintenance6 repairs and testing :here company staff perform regular
checks6inspections on e)uipment, signedAoff check sheets with dates and times may be relevantIn some cases, the files will contain written reports, invoices or photographs of work completed
"
http://www.health.vic.gov.au/environment/legionellahttp://www.health.vic.gov.au/environment/legionella -
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
14/35
Guidelines for auditing risk management plans for cooling tower systems
Supplementar* plansthat support implementation
2ecords o) an* remedial actions conducted in response to an unsatis)actor*
microiological sample test
3he Department has distributed a site kit to cooling tower system owners to assist them in collating andstoring all relevant records and documents re)uired for auditing purposes 7lternately, some companieshave their own systems in place to collate and store these records and documents
3he audit worksheet contained in Attachment &provides auditors with an optional tool to record whetheractions in the plan are being implemented
In order for an auditor to form an opinion that a risk management plan is being implemented, they mustview evidence that all of the actions in relation to the risks are being implemented within the timelinesspecified in the plan
:here timelines are not indicated, auditors must assume that the action was to be undertaken during theperiod covered by the risk management plan
%ome risk management plans may cover multiple years and auditors must ensure that they only auditthose actions that were completed during the audit period However, note that the 7ct re)uires riskmanagement plans to be reviewed at least annually, and therefore if the review has necessitatedchanges to the risk management plan, the review becomes the new risk management plan =ther riskmanagement plans may have supplementary implementation plans, setting out actions and timelines
If an action has not been completed within the timeline specified but does not have a bearing uponaddressing a specified risk, this should not lead an auditor to form the opinion that the plan is not being
implemented
Difficulties may be presented in auditing parts of a risk management plan that have no bearing on any ofthe specified risks Generally, an auditor should only be auditing a risk management plan against thespecified risks 7n e4ample of this is where cosmetic changes to the cooling tower system were intendedto be undertaken during the audit period to make the cooling tower appear more acceptable tosurrounding tenants
2ecommendations contained in a risk management plan that have not een accepted are outsidethe scope o) the audit9
10
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
15/35
Guidelines for auditing risk management plans for cooling tower systems
0he % steps to assess risk management plan implementation
3he following ' steps must be undertaken by auditors so that consistent results are achieved whenassessing risk management plan implementation*
1 9ist all actions re)uired by risk management plan
2 K4amine any e4tra re)uirements6actions where an optional variation under section " hasbeen implemented
& .heck all the documentation provided for the audit to determine the number of timeseach action has occurred within the audit period
! 7pply a "0 per cent compliance rate to each action
8 7pply prescribed time tolerances to all actions listed in risk management plan
' Determine if the risk management plan has been implemented and is compliant over the
audit period
Step 1 < List all actions
5or e4ample, a risk management plan may stipulate*
four tower cleans per annum ?! actions@
monthly servicing ?12 actions@
monthly inspections ?in between services@ ?12 actions@
monthly H.. testing ?12 actions@
9egionella testing every three months ?! actions@
removal of two deadlegs ?2 actions@
installation of auto dosing e)uipment ?1 action@
installation of a new drift eliminator on one tower ?1 action@
use of alternate biocides each month ?12 actions@
7n auditor must e4amine the audit period to determine the number of times each type of action wasre)uired in that period by the risk management plan
Step & < ;ptional =ariations
7n auditor is then re)uired to e4amine the additional re)uirements6actions that may be re)uired becausean =ptional /ariation has been implemented
It is a re)uirement that the details of the optional variation must be incorporated in the risk
management plan 5ailure to include all the details will result in a nonAcompliant audit ?ie theanswer to )uestion 1 is no@
#onAconformance to any of these e4tra conditions or actions will result in a nonAcompliant audit
?ie the answer to )uestion 2 is no@
rescribed time tolerances ?refer to step 8 in this section@ are to be e4ercised here to include anye4tra actions for maintenance re)uired, as a condition of the variation being granted
11
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
16/35
Guidelines for auditing risk management plans for cooling tower systems
Step + < Documentation
7n auditor is re)uired to view the documentation that is evidence that the action has been conducted3he Guide to 'e(eloping "isk &anagement Plans for Cooling )ower *ystems provides e4amples of theinformation that would be e4pected in some of the common reports relating to maintenance and testingof cooling tower systems
Step 4 < 3#> compliance rate
7 minimum "0> compliance rate for each type of action must be demonstrated 3he auditor should makea note of the nonAcompliant issues on the audit certificate ?see attachment &@
0ale +: 3#> $ompliance rate
7umer o) times speci)ied )or an action in 2-P
during audit period@
7umer o) times needed )or 3#> compliance o) an
action
1 1
2 2
& &
! !
8 8
' 8
( '
(
"
10 "
11 10
12 11
# n 4 "0> and rounded off to nearest number
12
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
17/35
Guidelines for auditing risk management plans for cooling tower systems
0ale 4: 3#> $ompliance rate calculated )or the e(ample used in Step 1
Action 7umer o) times speci)ied in 2-P
per annum@
7umer o) actions needed to
demonstrate 3#> compliance )or an
action
3ower cleans ! !
onthly servicing 12 11
onthly inspections 12 11
onthly H.. testing 12 11
iAmonthly 9egionellatesting
' 8
$emoval of two deadlegs 2 2
Installation of auto dosinge)uipment
1 1
Installation of new drift
eliminator on one tower
1 1
Bse of alternate biocideseach month
12 11
7ote that the e(ample provided aove would have to e adusted to correspond with thelength/period o) the audit6 which ma* not e )or the )ull 1& months9
Step . < 0ime tolerances
7n owner or operator may have difficulty undertaking regular cooling tower system services on time for a
number of different reasons, including short months, long weekends, holiday periods, key personnelbeing on leave or service vehicle6e)uipment breakdowns 3his has resulted in a number of nonAcompliant audits in the past
7 system of time tolerances has been put into place to overcome such difficulties 3he delay of serviceswithin the provided tolerances is seen to have minimal effect on outcomes of actions committed to by therisk management plan
Auditors must take into account these time tolerances when assessing compliance9
5or auditing purposes only, the prescribed time tolerances for actions are provided in 3able 8
0ale .: Prescried time tolerances
nterval 0olerance
' monthly 6 biAannually M 1 month
& monthly 6 )uarterly M 2 weeks
2 monthly M 10 days
onthly M ( days
fortnightly6 2 weekly M & days ?or the first working day following a longweekend@
weekly 6 ( days M & days ?or the first working day following a long
weekend@
2! hours M 1 day
1&
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
18/35
Guidelines for auditing risk management plans for cooling tower systems
5or e4ample, a )uarterly action must occur within three calendar months, plus two weeks into thefollowing month
9ikewise, a monthly!action must occur at least within the following calendar month, plus ( daysHowever, this would not result in a compliant audit ?if taken to the e4treme@ where only ' services wereprovided over a year, when there should have been 12 services %tep 8 of these Guidelines provides for
a minimum "0> compliance rate for any action listed in the risk management plan, and therefore 12services would need at least 11 services for compliance of this action
) an action occurs outside o) the prescried time tolerances6 it should e considered that theaction is unacceptale and nonBcompliant with regard to the risk management plan9
Step % < mplementation
It is re)uired that an auditor establishes whether*
all specified risks are addressed by the risk management plan and
all risk management re)uirements are addressed by the risk management plan and
each of the different type of actions has been implemented at least to a level of "0 per cent ?with
specified time tolerances e4ercised@ over the audit period and
a review of the risk management plan was conducted within 12 months prior to the audit
5or an audit, failure of the risk management plan to comply with any of these four points must result in afinding of nonAcompliance
! 3here has been a re)uest for clarification on the interpretation of Nmonthly; 3he Department;s position is that Nmonthly; means
that an action, such as a cooling tower system service, must be undertaken at leastonce each calendar month, with a total of
12 actions re)uired per year 5or e4ample, 1stservice performed on 10 thOanuary so ne4t service is due on any day in 5ebruary
?or by (tharch to have occurred within prescribed time tolerance@
5re)uencies prescribed by risk management plans do vary from site to site and there will be some cases where Nmonthly; is
defined by a risk management plan as a &06&1 day period In this case, it is appropriate for an auditor to check that the action
occurred within each &06&1 day period, for e4ample, 1 stservice performed on 10 thOanuary so ne4t service is due by 10th
5ebruary ?and by 1(th5ebruary to have occurred within prescribed time tolerance@
1!
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
19/35
Guidelines for auditing risk management plans for cooling tower systems
%ection .* F& :as the risk management planreviewed
3his section describes how an auditor determines when a review of a risk management plan is re)uiredand describes what a review should include
%ection "2?1@ of the 7ct re)uires the owner of any land on which there is a cooling tower to ensure therisk management plan has been reviewed at least once within each 12 month period
%ection "2?2@ of the 7ct also re)uires that a risk management plan be reviewed if*
?a@ 9egionella is detected in the cooling tower system on 2 or more occasions in any period of 12months or
?b@ the owner of the land is given written advice by the %ecretary that a case of legionnairesP disease
is associated with the cooling tower system or?c@ the owner of the land receives a report from the %ecretary or from any person engaged by the
owner of the land or the owner of the cooling tower system that control measures used in respectof the cooling tower system are inade)uate or re)uire improvement or
?d@ there is a significant change inC
?i@ any of the environmental conditions under which the cooling tower system operates or
?ii@ the operation of the cooling tower system or
?e@ the owner of the land receives an audit certificate that states that the risk management plan doesnot address the prescribed risks
$egulation 81?f@ of the $egulations re)uires any matters included in a report delivered to the owner ofthe land for the purposes of section "2?2@?c@ of the 7ct to be addressed by the risk management plan
7 risk management plan review should be in writing and set out the scope of the review It should includethe date and name of the person 6 company that conducted the review 7 review needs to*
.onsider each aspect of the plan
.onsider any changes to the environment operational program and any physical changes to the
system
Determine if there have been any changes that would re)uire further investigation
$ecommend any changes re)uired to ensure the risks are managed
It is important to understand that the review may result in changes to*
the operation6maintenance of a system
the system itself and6or
the risk management plan
It is acceptable to have multiple risk management plans in place during the audit period 7n auditorneeds to determine the period to which each risk management plan applies and determine if the plan has
been implemented for that period
It is also acceptable for a risk management plan review to amend timelines set in previousplans.
18
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
20/35
Guidelines for auditing risk management plans for cooling tower systems
7ttachment 1* 7udit worksheet
Applicant Position
Land owner CTS SID
Site address
Audit period
Does the $ address the risks specified in the ublic
Health and :ellbeing $egulations 200"
Does the $ identify action associated with
the specified risks
Is the identified action ?and therefore, the $@ being implemented
%pecified risks $esponse $eference $esponse Details $esponse %ource of
information
.omment
1 Stagnant water, including
11 the lack of water
circulation in a system
12 the presence of deadA
end pipework and other
fittings in a system
1'
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
21/35
Guidelines for auditing risk management plans for cooling tower systems
Attachment 1 continued: Audit worksheet
Does the $ address the risks specified in the ublic
Health and :ellbeing $egulations 200"?continued@
Does the $ identify action associated with
the specified risks
Is the identified action ?and therefore, the $@ being
implemented
%pecified risks $esponse $eference $esponse Details $esponse %ource of
information
.omment
2 7utrient growth,
includingA
21 the presence of biofilm,
algae and protoJoa in a
system
iodispersant used
.leaning fre)uency
22 water temperature within
a range that will support
rapid growth of
microorganisms in a system
2& the e4posure of the
water in a system to direct
sunlight
1(
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
22/35
Guidelines for auditing risk management plans for cooling tower systems
Attachment 1 continued: Audit worksheets
Does the $ address the risks specified in the ublic
Health and :ellbeing $egulations 200"?continued@
Does the $ identify action associated with
the specified risks
Is the identified action ?and therefore, the $@ being
implemented
%pecified risks $esponse $eference $esponse Details $esponse %ource of
information
.omment
& oor water )uality,
including the presence in a
system of A
%ervice fre)uency
&1 solids
&2 0egionella 0egionellatesting fre)uency
&& high levels of
microorganisms
H.. testing fre)uency
1
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
23/35
Guidelines for auditing risk management plans for cooling tower systems
Attachment 1 continued: Audit worksheet
Does the $ address the risks specified in the ublic
Health and :ellbeing $egulations 200" ?continued@
Does the $ identify action associated with
the specified risks
Is the identified action ?and therefore, the $@ being
implemented
%pecified risks $esponse $eference $esponse Details $esponse %ource of
information
.omment
! Deficiencies in a system,
including deficiencies in the A
!1 physical design
!2 condition Inspection fre)uency
!& maintenance ?of thesystem@
1"
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
24/35
Guidelines for auditing risk management plans for cooling tower systems
Attachment 1 continued: Audit worksheet
Does the $ address the risks specified in the ublic
Health and :ellbeing $egulations 200" ?continued@
Does the $ identify action associated with
the specified risks
Is the identified action ?and therefore, the $@ being
implemented
%pecified risks $esponse $eference $esponse Details $esponse %ource of
information
.omment
8 9ocation of and access to
the tower or system, including
the potential for*
81 environmental
contamination of the system
%ide stream filter
82 e4posure of people to the
aerosols of the system
:arning signs
$eview of working environment
20
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
25/35
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
26/35
Guidelines for auditing risk management plans for cooling tower systems
Attachment 1 continued: 2esult o) audit
Determination of auditor $esponse If no, the reasons why the auditor holds that opinion
10 Does the plan address the specified risks
11 Is the plan being implemented
12 Has the $ been reviewed within the last 12
months prior to the audit period end date
?record date6s of review6s within the last 12 months@
#ame of auditor .ontact person and details
Date certificate issued 3o whom issued
:hether premises visited 3ime taken* reAaudit 3ravelling 7udit ostAaudit
22
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
27/35
Guidelines for auditing risk management plans for cooling tower systems
Attachment 1 continued: Summar* o) test6 service and cleaning reports
Audit period: CTS:
onth 3est reports %ervice reports .leaning reports
Date H.. results 9egionella results $emedial action Date .omments Date .omments
2&
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
28/35
Guidelines for auditing risk management plans for cooling tower systems
Attachment 1 continued: Audit ;servations
Audit period: CTS:
Fuestion %ource of
information
$esponse .omments6Details
1 Does the plan incorporate the DH risk management
plan template
2 Is the plan intended to address the risks of system,
as distinct from the risks of the cooling tower6s
& Is the plan intended to address the risks of other
systems
! 7ccording to the plan, what is the overall risk
classification category of the system
8 Does the plan include an operational program
' Is the operational program being implemented
( Does the plan include a communication strategy
Does the plan include a positive 9egionella testnotification list
" Has the plan been endorsed by the owner of the
land and6or of the system
10 7re arrangements in place to review the plan
annually ?according the re)uirements of the ublic
Health and :ellbeing 7ct@
2!
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
29/35
Guidelines for auditing risk management plans for cooling tower systems
7ttachment 2* K4amples of measures to improve a system and addressthe specified risks
2isk Assessment Action
%tagnant water resence of deadlegs
%ystem is idle for greater than one month
$ecirculating pump fitted
Deadlegs mapped
Deadlegs activated
Deadlegs removed
Increased cleaning fre)uency
#utrient growth K4posure of wetted surfaces to sunlight
3emperature above 20Q.
resence of biofilm
Installation of devices to protect wetted surfaces ?eg
louvres or screens@
Bse of biodispersants and corrosion control agents
onitoring temperature
Increased cleaning fre)uency
oor water )uality resence of solids6state of cleanliness
resence of 9egionella
High levels of micro organisms ?H..@
Increased cleaning fre)uency
Increased microbial monitoring for H.. and 9egionella
.hanges to biocide, biodispersant, corrosion inhibitor
dosing regime
Installation of auto dosing devices
Installation of auto bleed devices
Installation of side stream filters
Identification of set sampling points
28
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
30/35
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
31/35
Guidelines for auditing risk management plans for cooling tower systems
7ttachment &* K4ample of a completed auditcertificate
Pulic Health and "elleing Act #,
ublic Health and :ellbeing $egulations 200"
2SC -A7A'-'70 PLA7 AD0 $'205$A0'
$egistration number of cooling tower
system ?ie .3% number@
.3% """"
$egistration site identification number ?ie
%ite ID number@
%ID (02&
7ddress of cooling tower system 12& %ystem $d, .==93=:# &"""
#ame of owner of the land Bsers .3% ty 9td
#ame of person who commissioned this
audit
5red %impson, aintenance %upervisor,
7.K 69
7udit period applicable to this certificate 286&6200" < 2!6&62010
F1 Does the risk management plancomply with section "1?2@ of the ublic
Health and :ellbeing 7ct 200
If no, state the reasons why you hold that
opinion
Ues
F2 Is the risk management plan being
implemented
If no, state the reasons why you hold that
opinion
#o
3he reason that the 7uditor is of that
opinion is set out on page 2
F& :as the risk management plan
reviewed within the 12 months prior to the
audit date
#o
#o documents were sighted showing a
review of $ had taken place
#ame of auditor Given name %urname
7lbert $oss
7pproved auditor number 00(
%ignature of auditor
Date of audit 2! arch 2010
2(
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
32/35
Guidelines for auditing risk management plans for cooling tower systems
Attachment + continued@
'(ample o) an attachment to a risk management plan audit certi)icate
$isk management plan for .3% """" at 12& %ystem $d, .ooltown &"""
Date of audit* 2! arch 2010
3he 7uditor had regard both to the original risk management plan dated 1 Oune 2002 and to an amendedversion dated arch 200
3he 7uditor is of the opinion that the risk management plan is not being implemented because*
.leaning fre)uency < Documentation was not provided to show that cleaning occurred between
the commencement of the audit period on 286&6200" and 106&62010
%ervice fre)uency < Documentation was not provided to show that servicing occurred during the
periods* 126!6200" to 1160"6200", and "6126200" to 26262010
0egionellatesting < Documentation was not provided to show that 0egionellatesting occurred
between 116"6200" and 26262010
H.. testing < Documentation was not provided to show that H.. testing occurred between
126!6200" and 116"6200"
Drift eliminators < Documentation was not provided to show that the drift eliminators are high
efficiency, and that they were inspected and maintained every ' months
Inspection fre)uency < Documentation was not provided to show that inspections were carried
out weekly
"eferral of certificate under *ection 9+6,
3o meet the re)uirements of %ection "&?'@ of the Public ealth and !ellbeing Act200, the information
contained in this certificate has been sent to the 9egionella 3eam, Department of Health
2
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
33/35
Guidelines for auditing risk management plans for cooling tower systems
7ttachment !* %ample of DH format oficrosoft K4cel spreadsheet
#otification of all audits ?compliant and nonAcompliant audits@ must be notified to the department usingthe specified e4cel spreadsheet which is available from the Department;s website at*
wwwhealthvicgovau6environment6legionella6auditors
7ote: Do not send duplicate audits create a new spreadsheet )or new noti)ications@ to e sentin@9
#ame the file with your auditor number and the date you are sending it ?using this date formatAyyyymmdd eg auditor 133 sent ##1&3@ then email it tolegionella+healthvicgovauon a weeklybasis
2"
http://www.health.vic.gov.au/environment/legionella/auditorsmailto:[email protected]:[email protected]://www.health.vic.gov.au/environment/legionella/auditorsmailto:[email protected] -
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
34/35
Guidelines for auditing risk management plans for cooling tower systems
Attachment 4: Sample o) DH )ormat o) -icroso)t '(cel spreadsheet continued@
$0S D SD D
7ame o) person
who
commissioned
this audit
AuditorEs
numer
AuditorEs
surname
Audit
period
start
date
Audit
period
end
date
Date o)
certi)icate
Answer
to
8uestion
1
Answer
to
8uestion
&
Answer
to
8uestion
+
2easons
wh* the
audit )ailed
;servations
&0
-
8/10/2019 DHD 11 44 Guidelines for Auditing Risk Management Plans for Cooling Tower Systems
35/35
7ttachment 8* Bseful documents andresources
19 Department o) Health "esite
wwwhealthvicgovau6environment6legionella
&9 Legislation "esite
wwwlegislationvicgovau
+9 Department o) Health $ontacts
Legionella 0eam:
Kmail address* legionella+healthvicgovau
hone* 100 2! "
49 se)ul documents
A Guide to 'e(eloping "isk &anagement Plans for Cooling )ower *ystemsDepartment of Health
.ooling 3ower %ystem < 9egionella $isk anagement %ite VitDepartment of Health
http://www.health.vic.gov.au/environment/legionellahttp://www.legislation.vic.gov.au/http://www.legislation.vic.gov.au/mailto:[email protected]://www.health.vic.gov.au/environment/legionellahttp://www.legislation.vic.gov.au/mailto:[email protected]