PSA Impartiality Philosophy
(Conduct of the Mechanism to Safeguard Impartiality Code: QSP5.2)
February 2019
ISO 31010
ISO 19476
ISO 31000
ISO guide 73
Managing impartiality effectively is critical to delivering high quality certification services that our clients, regulators and the community can rely on. Impartiality is the “presence of objectivity”.
If we do not act impartially, we cannot provide confidence in the certification process to our clients. We must understand and manage threats to impartiality to support our success as a business.
At PSA we will ensure that:
Impartiality is integral to all aspects of the certification process
Commercial, financial or other pressures do not influence certification decisions
Threats to impartiality are identified and managed
We consult with appropriate interested parties regarding matters affecting impartiality.
Impartiality Principles
Impartiality threats can arise from a number of sources:
Certification is a fee for service product therefore undue influence could be exerted by a client
Providing consultancy services to clients that then require certification services
Trust and familiarity in person(s) within the certification process
Intimidation, bribery or other behavior by clients (real or perceived) designed to influence a certification decision.
To this end PSA is committed to ensuring that:
Risks to impartiality are identified and managed
Audit reports are subjected to an independent review
Employees sign a confidentially and code of ethics agreement
There is a minimum of a two year gap between the provision of any consulting work and certification work with a client
There is a minimum of a two year gap between an auditor providing consulting work to a client and performing certification audits for that client
Personnel report all threats, offers of bribery or potential conflicts of interest to management
Internal audits of a certified client’s management systems are not undertaken, unless 2 years gap is between performing internal audits and certification audits
Audits will not be outsourced to a management system consultancy organization
Auditors are rotated to ensure they do not audit the same client for 4 consecutive years, if specific scheme require this rotation
Services will be accessible to all applicants whose activities fall within the scope of our operations. Access will not be conditional upon the size of the client or membership of any association or group, nor will it be conditional upon the number of certifications already issued.
No commercial or financial pressures will be allowed Roles and Responsibilities (in terms of impartiality)
PSA applies the Three Lines of Defense accountability framework for management of impartiality (Figure 1).
PSA Management and Staff
1st Line of Defence
ASI of Risk & Compliance
2nd Line of Defence
Internal Audit
3rd Line of Defence
Responsible for identifying and managing threats to impartiality, including the design and operation of controls and application of controls as identified in the impartiality risk assessment
Responsible for developing and maintaining an effective risk management strategy for eliminating and or minimizing threats to impartiality including consulting with relevant stakeholders
Responsible for independently assessing the effectiveness of the control strategies for eliminating and or minimising threats to impartiality
Impartiality Committee Oversee
effectiveness impartiality risk management and reports to the Board Risk Committee
Figure 1– Three Lines of Defense Model
4.1. Board
The Board is responsible for deciding on the nature and extent of risks that PSA is prepared to take to meet its objectives, and this is articulated in the Risk Appetite Statement.
The Board is also responsible for overseeing the effectiveness of risk management in PSA. The Board has established a Risk Committee to assist it in discharging these responsibilities.
4.2. Risk Committee
The role of the Risk Committee is set out in its Charter. Key responsibilities in relation to
Impartiality threats include:
Reviewing the effectiveness of the controls to eliminate or minimize threats to impartiality
Approving material changes to the framework for risk management, including policies, processes and controls
Reviewing the Risk Appetite Statement at least annually and recommending changes to the Board for approval, and
Reviewing reports from Management in order to understand the key risks faced by PSA and how they are being managed.
4.3. Accreditation Committee
The role of the Accreditation Committee is set out in its Charter. Key responsibilities in relation Impartiality threats include:
Review the outputs from the impartiality committee meetings
Review and determine the effectiveness of existing controls in managing impartiality threats Determine the suitability of the management system to effectively manage impartiality risks Approving changes to the impartiality policy and framework
4.4. Impartiality Committee
The role of the Impartiality Committee is set out in its Terms of Reference. Key responsibilities include: Reviewing the effectiveness of the controls to manage threats to impartiality
Recommending improvements in how to manage threats to impartiality 4.5. Chief Audit Executive (Internal Audit)
M D is responsible for independently assessing the effectiveness of the overall risk management framework as part of the risk based audit plan. This includes assessing the design and operation of controls to manage risks in business areas and functions.
Internal audits are also performed to review compliance to accreditation rules; these are overseen by the ASI Policy, Risk and Compliance.
4.6. ASI Policy Risk and Compliance
The Global Head Policy Risk and Compliance is responsible for:
Reporting incidents of threats to impartiality
Developing and maintaining a framework for managing threats to impartiality, including policies, processes and tools
Supporting business areas undertake effective management of impartiality threats through advice, education, training and technical support
Co coordinating and presenting reports on threats to impartiality to the impartiality committee.
Assessing the effectiveness of controls to manage threats to impartiality and developing plans to continuously improve.
4.7. M D Management The M D are responsible for:
Implementing the framework for risk management in their business area and considering risk in every business decision and every business process
Operating within the Risk Appetite Statement set by the Board and taking actions where this is not the case Monitoring the leading PSA Risks and the leading risks in their business area
Establishing appropriate policies, procedures and controls to manage specific risks for which they have accountability and monitoring their effectiveness.
4.8. Management
Management are responsible for:
Applying the identified controls for managing threats to impartiality in their business areas Monitoring the correct functioning and applicability of controls
Participating in the threats to impartiality reporting process.
4.9. Employees
Every PSA employee is responsible for:
Complying with policies and procedures established by PSA to manage threats to impartiality risks
Identifying and reporting impartiality risks
Reporting incidents involving risks to impartiality.
Administration of this Policy
This policy will be reviewed annually. The Global Head of Policy Risk and Compliance is responsible for coordinating the policy review with Executive Management and the Risk Committee.
The Risk Committee is responsible for approving this policy.
6. Related Documents
PSA Risk Management Procedure
PSA Risk Appetite Statement
PSA Code of Business Conduct
PSA Group Whistleblowing Policy PSA Privacy Policies
The certification body and any part of the same legal entity and entities under its organizational control (see 7.6.4) shall not:
- a) be the designer, manufacturer, installer, distributer or maintainer of the certified product;
- b) be the designer, implementer, operator or maintainer of the certified process;
- c) be the designer, implementer, provider or maintainer of the certified service;
- d) offer or provide consultancy (see 3.2) to its clients;
- e) offer or provide management system consultancy or internal auditing to its clients where the certification scheme requires the evaluation of the client’s management system. NOTE 1 This does not preclude the following: the possibility of exchange of information (e.g. explanations of findings or clarifying requirements) between the certification body and its clients; the use, installing and maintaining of certified products which are necessary for the operations of the certification body. NOTE 2 “Management system consultancy” is defined in ISO/IEC definition