Get 4 FREE months of Conformio to implement ISO 27001

Internal Audits in the EMS: Five Main Steps

Just like the internal audit process required by ISO 9001 and other management standards, many people do not understand the value of the internal audit process in ISO 14001. In Five main steps in ISO 9001 Internal Audit, I explained the five main steps required to plan, perform, and follow up on internal audits for the processes in the quality management system (QMS). This process of ISO 14001 internal audit according to clause 9.2 works equally well when applied to the ISO 14001 environmental management system (EMS), but the focus is slightly different. Here is how the process applies in a different way for the environmental management system internal audits.

1) The Audit Schedule

Just as with any good internal audit process for any management system, the first important thing is to have an overall schedule of when you are planning to audit each process that will be audited for system conformance. The cycle for this is often a year, but can be whatever you like, and the frequency of audits on any given process is linked to criteria like the environmental importance of the process and past audit conformance. If you have a process that has critical environmental aspects associated with it, you may want to look at this process more often than one that can have only minor impact on the environment. The audit schedule should be available to employees and managers, because you don’t want to have surprise audits.


2) Process Audit Planning

After confirming the audit with the process owner, the auditor can start to make preparations for the audit itself. Review of the process is critical for this – in particular, understanding the environmental aspects associated with the process. This is the key difference between an internal audit for a QMS and an internal audit for an EMS. While a QMS audit will look at a process and how well it is performing against the plans for the product or service of the company, an EMS audit will look at how well the process is performing against the plans for the environmental aspects associated with the process. A good audit plan will make sure you look for all the right data to support these process plans.

3) Performing the Audit

Probably the first thing to remember about performing the audit is that you are not using the internal audit to judge the legal compliance of the process. While a compliance audit is a good idea, and sometimes a legal requirement, this is not the goal of the internal audit program. This process is identified elsewhere in section 4.5.2 of the ISO 14001 standard. The internal audit is looking at the process against the environmental plans that the company outlined for the process. Are the environmental aspects monitored when applicable? Are any required environmental operational controls in place and maintained? Are nonconformities, corrective actions, and preventive actions against the process being addressed? In short, you are evaluating if the process meets the planned conditions with respect to how it can interact with the environment.

4) Audit Reporting

Like all audits, an EMS process audit is almost valueless if it is not properly reported. If the employees engaged in the process are doing well, they need to know this. Conversely, if there are problems, employees need to understand what these are so that they can be addressed and corrected. Opportunities to improve that are identified in the audit need to be presented to the process employees to consider their value in making their process better. These are the main ways that a company can gain value from the internal audit process, and if they are not well reported you can lose this value.

5) Follow Up on the Audit Issues and Improvements

Just as with corrective and preventive action, follow up is one of the least well done parts of the internal audit process. If there is no closed loop to follow up on the actions and opportunities presented by the audit, then the value of identifying them in the first place is lost. Making sure that a problem that was previously identified is actually fixed can prevent the futile reporting of the same problem again and again. Use follow up to make your internal audits better.

Do you need to have separate audits for the EMS?

Of course not! There is no reason that you cannot use one process for internal audit if your company wishes to be compliant with more than one management system. By utilizing common processes for such things as internal audit and corrective and preventive action, you can save time and money when maintaining e.g. both the QMS and the EMS. The important thing is to make sure that you satisfy the needs of all systems when you do your one internal audit. If you can satisfy all the needs in one audit visit, then this will be a benefit to you, and to your company’s pocketbook.

To get familiar with internal audit visit  ISO 14001:2015 Internal Auditor online course.

Advisera Mark Hammar
Author
Mark Hammar
Mark Hammar is a Certified Manager of Quality / Organizational Excellence through the American Society for Quality and has been a Quality Professional since 1994. Mark has experience in auditing, improving processes, and writing procedures for Quality, Environmental, and Occupational Health & Safety Management Systems, and is certified as a Lead Auditor for ISO 9001, AS9100, and ISO 14001.