Does My EMS Meet ISO 14001 Internal Audit Requirements?
The internal audit, used effectively, is an excellent opportunity to discover areas for improvement within the Environmental Management System (EMS). In addition to assessing conformance with the standard, the internal audit is used to assess conformance with other requirements, e.g., the EMS itself, various internal and compliance-required plans, corporate requirements (if they exist) and other standards to which the organization may subscribe.
Internal Audit Program
Under clause 9.2.2., the internal audit program must be documented and must spell out:
- The frequency of internal audits
- The methods used to conduct the internal audits
- Responsibilities under the internal audit program
- Planning for the internal audits, and
- How internal audits will be reported
Processes of environmental importance, changes to the organization and the results of previous audits must also be considered.
In addition, each audit must include:
- Defined audit criteria
- Defined audit scope
- Objectivity and impartiality of the auditors and the audit process
- Reporting of the audit results to management
Auditor Competence & Objectivity
Be sure that the internal auditors are competent to conduct the audit, based on the appropriate education, training or experience (Clause 7.2).
If the organization cannot ensure the objectivity of the auditor or cannot demonstrate that the auditors have the necessary competency, they will have to go outside the immediate organization to conduct the internal audits – through other company entities or consultants, for example.
Results & Trending
If you never have findings during your internal audits but have findings during your registrar surveillance and recertification audits or agency inspections, it is likely your internal audit program is ineffective. Do not confuse the internal audit with the evaluation of compliance (Clause 9.1.2). Internal audits assess conformance to the management system and compliance evaluations assess compliance with regulatory requirements.
Be sure and trend the results of internal audits for management review (Clause 9.3.d.4) and use the information in the audit planning process (Clause 9.2.2).
Conclusion
It’s all in the details. Make sure you have a copy of the standard and are using it to build and check your system. That way, there won’t be any surprises at your next surveillance or re-certification audit.
https://www.kristianssonllc.com
? 2020 Joyce A. Kristiansson