Page 1

Handbook

of

Operating Procedures

for the use of IFIA Member Companies

providing Social Auditing Services

Page 2

IFIA Handbook of Operating Procedures: Social Auditing Services

Table of Contents

Page

Introduction....................................................................................................3

1. IFIA Basic CSR Audit Integrity Guidelines..........................................4 – 6 2. IFIA Guidelines – CSR Auditor Training.............................................7 – 12

3. Integrity Presentation..........................................................................13 – 16

4. IFIA Compliance Code........................................................................17 – 21

Copyright © 2011 International Federation of Inspection Agencies Ltd. All rights reserved.

Page 3

February 2011

Introduction

Trust and integrity are critical components of IFIA members’ brand equity. In order to

protect this in the market of social auditing, the IFIA members delivering this service

have agreed to implement common operating procedures designed to underpin the

integrity of the service. This has resulted in development of the following suite of

documents.

These documents outline working procedures that support the provision of Social

Auditing services. They do not detract from, or take precedence over, any legal or

contractual duties undertaken by the IFIA member company, and IFIA accepts no

responsibility for acts or omissions of members or others who may make use of the

Procedures.

1. The Basic CSR Audit Integrity Guidelines set out the basic parameters of

an IFIA Audit and should be communicated to all clients.

2. The CSR Auditor Training Guidelines should be used when establishing a

training programme.

3. The Integrity Presentation is for use with employees, customers and other

stakeholders and sets out the basics of IFIA members’ integrity compliance

programmes.

4. The IFIA Compliance Code is a requirement of IFIA membership and all IFIA

member companies must abide by it (for full Code documentation see

www.ifia-federation.org).

Supporting Operating Procedures (not publicly available)

Annex A: Standard letter to clients

Annex B: the Factory Integrity Acknowledgment for use on arrival at an inspection or audit

Annex C: the Factory Integrity Declaration Form for use on departure from an inspection or audit

Annex D: the Employee Integrity Declaration Form for use if non-compliant behaviour is detected

Annex E: the Company Standard Letter: Factory Integrity Non Compliance for use where non-compliance of the subject company has been detected during an inspection or audit

Annex F: the Integrity Complaint Form for use where a complaint has been made against an IFIA member inspector or auditor

Annex G: the Recommendation Letter is for use with all company leavers of good standing

Page 4

IFIA Basic CSR Audit Integrity Guidelines

The following IFIA Member companies, as listed below

Bureau Veritas

Intertek

UL Inc

SGS

TÜV Rheinland,

commit to have procedures in place to manage and govern Integrity Compliance of CSR Audits process. These procedures cover the following three intents:

Intent 1: Integrity Compliance Measures

Intent 2: Integrity Non Compliance Reporting

Intent 3: Integrity Complaint and Investigation

Intent 1: Integrity Compliance Measures

XYZ Company Factory Integrity Acknowledgment and Declaration Form: The Acknowledgment and Declaration Form are issued to factories every time an XYZ Company employee executes a CSR Audit service. This acknowledgment and declaration stipulate XYZ Company’s policy on integrity. The XYZ Company employee on arrival presents the acknowledgment and declaration. We ask suppliers to read it, understand it, sign it and adhere to it. The intent of this acknowledgment and declaration is to get the factories commitment to abide by the IFIA and XYZ Company policy, be honest in their declaration and not to provide benefits to our employees. Should the need arise; suppliers should contact the XYZ Company Compliance Team for raising concerns over the conduct of our employees. Random Factory Telephone Follow-up Calls: Random telephone calls shall be conducted in selected countries based on our risk assessment. The objective of these activities is to:

Provide surveillance and effective implementation of the XYZ Company Integrity Compliance Program.

Monitor the performance and integrity conduct of XYZ Company employees and the factory

Re-enforce and educate factories on the XYZ Company Integrity Compliance Policy and

Provide an avenue for factories to report and comment on the performance of XYZ Company employees

Unannounced or Surprise Onsite Integrity Audit – These shall be done to verify

Page 5

the Integrity performance of the auditor against the XYZ Company Compliance Procedures.

Mystery Audits – An approved Mystery Auditor will be sent to the factory to conduct a normal Audit which is unknown to the factory. The auditor will observe the integrity practices of the factories. Factories observed colluding to offer or give benefits to the XYZ Company representative shall be reported to the clients.

The purpose of this activity is to understand what is happening in the industry and provide a strong deterrent against non-complying factories that give benefits and do not follow the intent and spirit of the XYZ Company Factory Integrity Declaration policy.

Compliance Education: All XYZ Company employees sign a code of conduct and are trained and inducted on our Integrity and Bribery Policy when they join the organization. In addition to this standard training, all auditors are re-trained and inducted AT LEAST once every year.

Intent 2: Integrity Non Compliance Reporting

Specific guidelines have been developed to handle Integrity Non Compliance cases to ensure a formal and fact based investigation is able to take place.

Intent 3: Integrity Complaint and Investigation

All IFIA Members shall have a formal Integrity Complaint Handling Procedure to ensure that all investigations are conducted in an impartial manner and based on facts and evidence. In order to achieve this IFIA Members have adopted the IFIA Member Integrity Complaint Form in order to collect the necessary information for a fact based investigation.

IFIA Integrity Compliance Program

• Trust & Integrity are critical components of IFIA members’ brand equity

• We will not tolerate breaches of our Integrity Compliance policy which provides the basis for honesty & transparency

• IFIA Members regard a facilitator, a receiver and a giver of a bribe or benefit equally guilty through association of such transaction

• Integrity issues must be managed by all parties in the supply chain

Integrity Basics – Program Pre-requisites

• Human Resources

– Recruitment check & background screening between IFIA members

– Check previous employer and industry network for Integrity

– Integrity Induction Training

• Culture

Page 6

– Code of Conduct signed by all employees

– Zero Tolerance policy

• Independence

– Dedicated Compliance & Risk Management team independent from daily operations

• Effective Implementation & Rules

– Integrity Compliance Handling Procedure

– Job scheduled – Independent & Rotational based on Skills and Competency matrix

– Final findings and reports are NOT issued and concluded by Inspectors or Auditors

– All findings MUST have objective evidence. Factories are able to challenge results.

IFIA Member Integrity - Golden Rules

• Compliance to IFIA Integrity Policy guidelines is the responsibility of everyone in the supply chain

• IFIA members views all parties guilty of non compliance irrespective whether facilitator, giver or receiver of benefits

• Individuals are duty bound by the Codes of Conduct and declarations they sign.

• IFIA members company employees MUST never collude, demand, request or be involved in a facilitation payment, bribe, gift or benefit.

• Factories should NEVER under any circumstances give in to requests for benefits or payments from inspectors or auditors

• IFIA member employees MUST never ask for money, benefits or gifts

• All meals and travel benefits provided for whatever reason must be declared for full transparency purposes.

• Factories must not offer to give benefits

• If clients or suppliers have any doubt or concerns with any suspicious demands and integrity behaviour, please contact XYZ Compliance hotline or the contact details provided in the IFIA member Factory Integrity declaration form WITHOUT DELAY

IFIA Guidelines - Key Integrity Tools

• Letter to client for introducing IFIA Member Integrity Compliance procedure

• Compliance Education

• IFIA Factory Integrity Acknowledgment and Declaration Form

• Telephone Audit

• On-site Integrity Audit

• Mystery Audit

• Employee Integrity Declaration Form

Page 7

• Letter to customer to report factory integrity non compliance issue

• IFIA Member Integrity Complaint Form

• Compliance Investigation process

Page 8

Copyright © 2011 International Federation of Inspection Agencies Ltd. All rights reserved.

IFIA Guidelines for Corporate Social

Responsibility (CSR) Auditor Training

Page 9

TABLE OF CONTENTS

1. About International Federation of Inspection Agencies (IFIA)………...10

2. IFIA Auditor Training Guidelines Overview………………..……………...10 - 12

2.1 Aims………………………………………………………………………………….…..10

2.2 Training Plan and Training / Assessment Objectives………….……………………10 - 11

2.3 Qualification Criteria……………………………………………………………..........11 - 12

Page 10

1. About The International Federation of Inspection Agencies (IFIA)

Founded in 1982, IFIA – the International Federation of Inspection Agencies – is the trade association for inspection agencies and other organisations that provide inspection, testing and certification services, internationally. IFIA currently represents around 40 of the world’s leading international testing, inspection and certification bodies. These have a combined workforce of over 160,000 employees. One of the requirements for IFIA membership is that each member company has to implement a Compliance Programme throughout its organisation that is approved by IFIA as meeting all the requirements of IFIA’s Compliance Code. This Code addresses:

Integrity

Conflicts of interest

Confidentiality

Anti-bribery

Fair marketing

The operation of each member company’s Compliance Programme is subject to annual external

audit, the results of which are submitted to IFIA.

2. IFIA Auditor Training Guidelines Overview

2.1 Aims of the Training Guidelines

The IFIA Guidelines for CSR Auditor Training is designed to ensure participants achieve the required skills and knowledge in order to conduct independent CSR audits against predefined requirements.

The aims of the Training Guidelines are to:

Establish a standard training curriculum that can be executed globally and consistently;

Establish a relevant criteria for CSR auditors from IFIA members to ensure that CSR audits are carried out effectively, uniformly and to a high industry standard;

Ensure that CSR auditors from IFIA members are competent to conduct CSR audits based on predefined requirements;

Assess the ability of a CSR auditor against the criteria defined herein.

2.2 Training Plan and Training / Assessment Objectives

2.2.1 Training MUST have a mechanism which defines

1) Training Plan

2) Training Objectives

3) Test and Evaluation mechanism for qualification

4) Periodic evaluation and continuous education process to ensure qualifications remain relevant

5) Maintenance of training records files for auditors

2.2.2 The IFIA CSR Auditor Training Guideline is composed of two parts

Part I – Classroom Training

Part II – On-site Practical Job Training

Page 11

2.2.3 Part I – Classroom Training

CSR Audit Introduction

i. Definition State the definition of CSR audit

ii. Obtaining object evidence Describe the main methods of obtaining objective evidence in a CSR audit:

Management Interview Employee Interview Document & Record Review Factory Tour

iii. Audit criteria / standards List common CSR audit criteria / standards:

Local Regulation and Laws Typical CSR audit schemes (BSCI, ICTI, etc)

iv. COC elements List the typical CSR COC elements and define each:

Child labour Involuntary labour Coercion and Harassment Non-discrimination Association Health and Safety Working Hours Wages and Benefits Protection of the Environment Subcontracting Monitoring and Compliance

v. Auditor professionalism List the main characteristics of auditor professionalism and explain each:

No Bribery Independence Objectivity

vi. Overall audit workflow Describe overall CSR audit workflow process:

Audit Request Confirmation & Preparation On-Site Audit Complete Report Report Review Report Submission

vii. On-site audit process Describe the on-site CSR audit process:

Opening Meeting Document Review Factory Tour Employee Interview

Page 12

Pre-closing Meeting Closing Meeting Report Preparation

viii. Audit tools List commonly used audit tools in a CSR audit and describe the function of each:

Document check list Interview questionnaire / guidelines Corrective Action Plan (CAP) Audit report Factory Integrity Declaration Form

Opening Meeting

Employee Interview

Document Review including but not limited to working hours, wage and social insurance, Management systems, production records, HR related documents, Health & Safety & Environment.

Factory Tour (Health & Safety, Environment)

Closing Meeting, CAPAR & Audit Report Writing

Content Focus of Classroom Training

Integrity Management Understanding of how to carry out the “Bribery Policy” in an actual audit.

Client Specific Audit Requirement Understanding of a Client Specific Audit Requirement. This will include standard process elements and also additional specific special requirements as stipulated by the client.

2.2.4 Part II – On-site Training

On-site training will provide participants the chance of real live practice. Participants will have the

opportunity to observe and perform audits on site with the delegated trainers. The trainers will

demonstrate and teach the participants the necessary skills to conduct a CSR audit. The trainers

will also comment on participants’ performance and provide appropriate advice for their

improvement. Through this field training, participants will consolidate their learning and improve

their audit skills on the way to becoming qualified CSR auditors.

2.3 Qualification Criteria

2.3.1. Purpose and Scope

Establishes and defines the minimum knowledge and competence objectives for being an XYZ Auditor in order to ensure that trainings and assessments are carried out effectively and with consistency and reliability.

2.3.2. Requirements

Page 13

Auditors should be properly trained and assessed to ensure they have the competence and knowledge required for carrying out a CSR audit. Training shall include code of conduct elements, audit processes, local laws and regulations, client specific work instructions, integrity management, interview techniques, report writing and other necessary skills.

2.3.3. Language

Auditors are not allowed, in any form, to conduct audits in a language they are not fluent in without translation support. In such situations a translator who is independent of the party to be audited must be with the auditor at all times. The translator must work as a neutral party and not have any conflict of interest that could affect the performance of the audit.

2.3.4. On-going Training

Ongoing training to ensure skills remain relevant shall be documented and communicated to the specific auditor.

2.3.5. Records

Attendance records and participant’s assessment records (examination papers and auditor witness reports) shall be maintained in the auditor personnel file as records of the training program.

2.3.6. Qualified auditors must go through a formal and documented programme covering:

Achievement of all competence objectives through a documented examination process. Auditor Criteria – Pass examination and participate in at least 60 hours onsite auditing under

the guidance of a qualified lead auditor. Lead Auditor Criteria - Successfully conduct at least 8 CSR audits (totalling 60 hours at the

minimum) and lead in at least 3 of these audits.

Ends

Page 14

Integrity Presentation

Slide One

Slide Two

Page 15

Slide Three

Slide Four

Page 16

Slide Five

Slide Six

Page 17

IFIA Compliance Code Third Edition

April 2007

IFIA Compliance Code

Page 18

IFIA Compliance Code

Third Edition

April 2007

This Third Edition of the IFIA Compliance Code and its supporting Guidelines enter

into force on 1 April 2007 and supersede the Second Edition published in July 2005.

Any words and expressions which are defined in the IFIA Articles of Association

dated 12 October 2001 shall have the same meaning in this Code unless otherwise

stated.

Published by:

The International Federation of Inspection Agencies Ltd.,

Fleet Place House

2 Fleet Place

Holborn Viaduct

London EC4M 7RF

United Kingdom.

Tel: +44.20.7283.1001

Fax: +44.20.7626.4416

Email: secretariat@ifia-federation.org

www.ifia-federation.org

Copyright © 2007 International Federation of Inspection Agencies Ltd. All rights reserved.

Page 19

Introduction

The International Federation of Inspection Agencies (IFIA) is an association of

companies whose business is to verify their clients’, or third

parties', products, services or systems.

The value that IFIA Members provide to their clients is trust. For this reason IFIA

has chosen to adopt and implement a Compliance Code that enshrines the

substance of the integrity that IFIA membership stands for.

The Compliance Principles address technical and business professional conduct and

ethics in relation to the following areas:

Integrity

Conflicts of interest

Confidentiality

Anti-bribery

Fair marketing.

It is a condition of IFIA membership that Members implement and abide by the

Compliance Code. This entails:

approval of the Member’s implementation by IFIA

a Compliance Programme throughout the Member’s organisation

policies and procedures in accordance with the Code

training of staff globally, and

regular monitoring of compliance with the Code.

To ensure the effectiveness of their implementation, Members are required to submit

their Compliance Programme to an annual independent examination whose results

are reported to IFIA.

The result is a sound and verified basis for trust.

Page 20

IFIA Compliance Principles

1. Integrity

The Member shall operate in a professional, independent and impartial manner in all

its activities.

The Member shall carry out its work honestly and shall not tolerate any deviation

from its approved methods and procedures. Where approved test methods make

provision for tolerances in results, the Member shall ensure that such tolerances are

not abused to alter the actual test findings.

The Member shall report data, test results and other material facts in good faith and

shall not improperly change them, and shall only issue reports and certificates that

correctly present the actual findings, professional opinions or results obtained.

2. Conflicts of interest

The Member shall avoid conflicts of interest with any related entity in which it has a

financial or commercial interest and to which it is required to provide services.

The Member shall avoid conflicts of interest between the Member's companies and/or divisions engaged in different activities but which may be providing services to either the same client or each other.

The Member shall ensure that its employees avoid conflicts of interest with the

activities of the Member.

3. Confidentiality

The Member shall treat all information received in the course of the provision of its

services as business confidential to the extent that such information is not already

published, generally available to third parties or otherwise in the public domain.

Page 21

4. Anti-bribery

The Member shall prohibit the offer or acceptance of a bribe in any form, including

kickbacks on any portion of a contract payment.

The Member shall prohibit the use of any routes or channels for provision of

improper benefits to, or receipt of improper benefits from, customers, agents,

contractors, suppliers, or employees of any such party, or government officials.

5. Fair marketing

The Member shall only present itself and conduct marketing, including any

comparisons with or references to competitors or their services, in a manner that is

truthful and not deceptive or misleading or likely to mislead.

Page 22

Requirements for Implementation

Each Member of IFIA shall:

1. Commit itself at board level to implement the Compliance Principles throughout its organisation through operation of a Compliance Programme which has been approved by IFIA

2. Appoint a Compliance committee and Compliance officer to oversee and manage the Programme

3. Train staff, ensure their continuing understanding of the Compliance Programme and consult them on its development

4. Provide help lines for staff and encourage the reporting of violations on a confidential basis and free from reprisal except in malicious cases

5. Publicly disclose its Compliance Principles and facilitate enquiries, complaints and feedback

6. Investigate and record all reported violations and apply corrective and disciplinary measures.

7. Protect the security of confidential business information 8. Maintain accurate books and records which properly and fairly document all

financial transactions 9. Ensure that its Compliance Programme is applied to the extent appropriate to its

business partners 10. Monitor the effectiveness of its Programme through the use of annual

management declarations and internal auditing 11. Arrange for the effectiveness of the implementation of the Programme to be

examined at least annually by a competent independent external audit firm 12. Submit copies of the independent assurance report, including any reportable

conditions, annually to IFIA within six months of the end of its financial year.

These requirements are supported by Guidelines which are published separately and which provide IFIA Members with an approved means of meeting the requirements. Members whose Compliance Programmes do not follow the Guidelines in a particular respect may still have their Programme approved by IFIA so long as they can demonstrate to the Director General that their Programme meets the relevant requirements of the Code in an equivalent way to that set out in the Guidelines.

April 2007