Prior to your ISO 14001 audit by an accredited 3rd Party Registrar, you need to successfully introduce your Environmental Management System (EMS) to the company and demonstrate its effectiveness through internal audits.
Within this article, we discuss all aspects of the 3rd party conformity assessment of your environmental management system (EMS) when conducted by an accredited 3rd Party Registrar. Here we provide proper preparation instructions for this event. This article helps you prevent the certification preparation phase from becoming complex and cumbersome.
Firstly, independent 3rd party auditors conduct the ISO 14001 Environmental Management System audit to certify compliance with the relevant standard. The audit includes recommendations for potential improvement opportunities.
This creates the necessary transparency in the company. The EMS conformity assessment gives your customers or any other interested party the confidence that your business works in a systematized and organized structure in accordance with ISO 14001:2015 requirements. This improves the image of your company from the customer's point of view. With the certification, you demonstrate, prove and strive to be an environmentally conscious organization.
In addition, the functioning EMS provides increased legal certainty for your company or organization. This helps avoid losses due to potential environmental liability risks.
Speaking in general terms, certifying to any ISO management system, you essentially follow the same steps - from the pre ISO 14001 audit, through the certification audit, to the monitoring and control and then the re-certification audit.
However, not all certification steps are mandatory requirements for obtaining certification. In this article, you can find out which certification steps are optional and which must be performed. Plus, you will gain an insider “hands-on” knowledge. This helps you avoid nonconformities from 3rd party audit findings. These can prevent your organization from achieving ISO Certification in time and cost-effective ways.
Let’s have a closer look at that.
Carry out a pre ISO 14001 audit before the actual certification audit. Although not mandatory, this pre-audit can be the most important factor for a successful ISO 14001 audit for certification. This voluntary self-examination quickly eliminates any ambiguity to the standard's requirements.
This readiness or “Mock” pre-audit, therefore, does not necessarily have to be carried out by a certification body. You can conduct it with your own internal auditor team or together with an external consultant. The pre-audit offers you the opportunity to check whether your EMS and its documentation meet all requirements of ISO 14001. The results tell you directly how you comply with the requirements of ISO14001:2015 and whether certification is even possible.
How to conduct an audit on environmental management
Conducting internal audits, in general, essentially plays a part of any management system. Audits identify vulnerabilities early as Opportunities For Improvement (OFI) and let you effectively address them by taking corrective and preventive action.
As each management system varies in structure and organizational structure, it must consider...
Try to establish the pre ISO 14001 audit as part of the overall internal ISO 14001 audit process. Plan it in intervals like e.g. annual cycle, and formulate it in an Internal Audit procedure.
The information from the pre-audit results must be made available to the management, usually done via the audit report.
Use the ISO 19011 as a guide to carry-out an ISO 14001 audit
ISO 19011 guidelines provide tips on performing audits. It also provides concrete information on the successful planning, execution, and documentation of any internal audit.
In addition, ISO 19011 contains numerous definitions for the audit. This guide applies to all types of management systems because the internal audit process is similar in every management system.
ISO 19011 applies to all organizations that perform internal, pre-audits or external audits of management systems or are responsible for the management of the audit program. In the text's seven chapters, it gives useful guidelines for conducting audits (internal and external).
Selection of auditors for an environmental audit ISO 14001
Auditors generally mean those with the qualification to carry out an audit. According to ISO 14001, the audit may be performed by employees of the organization or by external persons with solid auditing experience, selected by the organization. In any case, the persons conducting the audit should be competent and able to perform it impartially and objectively.
For smaller organizations, the independence of the auditor can be demonstrated by the fact that they are not responsible for the audited area.
Since a successful Internal Audit, Environmental Management highly depends on the competence and personal qualities of the auditor, auditors should fulfill characteristics like...
In addition, to the above-mentioned characteristics, the internal auditor should be accepted and respected by the employees, who must reflect this with his professional competence. This is not so easy to fulfill, especially with the ISO 14001 audit...
due to the often very complex plant and process technology
as well as necessary expert knowledge coupled with neutrality.
Therefore, the internal environmental management pre ISO 14001 audit team may need support from technical experts.
Preparing for an Internal Environmental Management pre-audit begins with a thorough document review. Here, the auditor or audit team examines all documents of the EMS. They form questions for the on-site audit.
During the review, focus on new or changed environmental processes. Check, whether the company implemented them in accordance with the guidelines and implemented effectively in the organization.
Furthermore, review audit findings from the previous ISO 14001 audits. Include possible problems such as complaints, changes in legislation or other significant environmental aspects. Give these special considerations in the documentary check and include them in the preparation of an audit list of questions.
Upon request, make the prepared audit checklist available to the audited departments and process owners prior to the audit. Then the responsible process owners and related employees can familiarize themselves with the topic in advance. This allows for good answers or solutions during the audit.
The local ISO 14001 audit is very consequential to the auditor. Targeted questions and well-trained interviewing are just as important as the sensitivity of dealing with employees. Keep the following in mind and convey it to the auditees...
"You are not auditing THEM – you are both auditing and looking at a PROCESS to find compliance and any potential opportunity for improvement– the Process gets audited"
This mostly takes out the pressure from the interviewing process.
During the ISO 14001 audit, you listen to find out whether everything in the company works as it was originally planned. Do the planned processes establish meaningful, efficient and economical processes? Do these fulfill the requirements of the ISO14001:2015 standard?
Considering the environmental relevance of the activities concerned and the results of previous audits, structure the pre-audit checklist “top-down” with audit questions. In the checklist, reference the audible clauses from 4 to 10 of the ISO14001:2015 standard.
Find “Documented Evidence”
During the audit find evidence of compliance for clauses 4-10 requirements in the format of DOCUMENTED INFORMATION. 3rd party audits only accept documented information. Therefore, the pre-audit must find and review the same.
Clause 4 – Look for enough documented evidence for a matrix that determines the company's organization issues, in terms of environmental context.
Confirm there is a list of all needs and expectation of the company's “interested parties." The auditor can verify how these needs, positive or negative, impact artifacts and how potential changes over time influence the EMS in its structure. Further, the documentation explains the company records for these needs, like e.g. in the management review minutes.
Furthermore, ensure the company documented the EMS scope and all EMS processes in detail.
Clause 5 - What does it actually mean when we talk about leadership responsibility? Look for documented evidence...
Since the revision of ISO 14001: 2015 does not require a formal Environmental Management Representative (EMR), the tasks still remain. Top management responsibility for the EMS can now be transferred to one or several competent persons. However, technical knowledge is required, which makes it very unlikely that the EMR completely disappears from the company organization chart. Make sure somebody in the organization manages all legal EMS compliance.
Clause 6 - Make sure a solid process exists to identify all environmental risks and opportunities. Review the required documented evidence for a completed EMS environmental aspect's matrix. This includes planned mitigation activities to manage impacts from these environmental aspects.
In addition, during the ISO 14001 audit, review documented evidence for setting some “SMART” EMS objectives.
Times have changed – the new ISO14001 version 2015 requires to be specific – just having a general policy in place does not cut it anymore in these days. The standard requires project planning to achieve objectives.
Clause 7 - Make sure, enough documented evidence proves that all employees of the organization have EMS competency or at least EMS awareness, as this is mandatory. Look for documented competency evaluation and training evidence.
Clause 8 – Look for a detailed description of the organization’s life cycle perspective. A full-blown life cycle assessment is not required. Nevertheless, the controls of EMS planning should be set forth. For example, these could be engineering control plans, or at least some operational procedures (waste management, management, packaging, contractors, etc.).
Check on referenced records keeping requirements, as spelled out in the above procedures, and verify the keeping. Use the good old ISO management requirement “Say what you do – and show that you do as you say."
Especially audit the procedure for Emergency preparedness and response on all artifacts as the standard spells out under clause 8.2.
Clause 9 – Make sure enough documented evidence for these three factors is in place:
Clause 10 – Like in every ISO based management system, you must act on not performing issues, interruptions, internal or external complaints, etc. The company acts in the form of improvement, called corrective actions. Review the corrective action log or register.
This improvement process should include root cause analysis, with the goal to 100% eliminate problems or issues over time. That’s where the ISO based EMS management system really pays off for the owners of the organization! Make sure the company documents all Corrected actions and improvement actions in great detail. New and improved solutions and “lesson learned” results can influence the company's overall risk strategy in the next planning cycle.
During the audit, the auditor collects audit evidence for each clause requirement of ISO14001:2015 to prove their assessments later. These usually include numbers, dates, facts, with handwritten records during the audit, which become part of the audit records.
Auditing on every clause and subclause requirement of the standard triggers the auditor to verify evidence for documented information on compliance to the clause or subclause requirement. This can be a control plan, matrix, process description, procedure, work instruction or any other record suitable to show evidence for the related audited clause or subclause.
After the ISO 14001 audit, the audit findings are evaluated. Positives should be listed first, as the positive elements further contribute to employee motivation.
Audit findings use the keywords "shall ()", (must)," "should" or "may." Thus, compliance with legal requirements is always a "shall ()", (must)," which you defined as a deviation.
During the final discussion of all audit findings, an allocation or scheduling of the measures takes place. The audit findings' report includes the list of non-conformities and any Opportunities For Improvement (OFI’s). The pre-audit finds any possible compliance “gaps” towards 100% compliance with all requirements of the auditable standard clauses 4 – 10 of ISO 14001:2015. Your company resolves them in phase 3 of the process.
According to the motto: "After the audit is before the audit," all nonconformities identified during the pre-audit must be systematically processed and closed out. The earliest the organization completes any additional work to close the compliance gaps, the earliest your organization approaches the 3rd party certification audit.
Establishing an EMS should be everybody’s job in the organization. In practice, creating an “Improvement Action List” proves useful in managing the nonconformities. Such a list should contain elements like...
The final completion and effectiveness checks tell whether the corrective and preventive actions really led to the resolution of the nonconformity issues. They show whether the organization 100% complies to all the standard requirements. They support readiness for 3rd party audits.
Only after successful checking on all the initially found requirement gaps for clauses 4-10, completes the pre ISO 14001 audit process. This gives great confidence that you have your ISO “ducks in a row."
After completion of the pre ISO 14001 audit, management should conduct a Management Review on the present environmental management system (EMS). Here, the team decides on the EMS appropriateness related to current EMS performance and whether the company adequately implemented the EMS.
Regular management review forms an integral part of any effective management system. During the review, questions or even deficits include...
When properly used and implemented, Management Review becomes the most important, effective, and powerful tool. It significantly helps your company coordinate the continuous improvement of your management system.
Who carries out the management evaluation?
ISO 14001 clearly assigns the responsibilities for the regular evaluation of the management system to the top management of the organization. In doing so, it retrospectively considers the valued period (for example, monthly, quarterly or at least annually). This ensures the continued suitability, adequacy, and effectiveness of the environmental management system.
In relation to how the EMS fits in with the organization, its operations, culture, and business systems; section 9.3 of the standard describes the defined discussion points. Every discussion point should end with a documented recommendation and implementation action until the next management review.
The status of measures from prior management reviews forms an integral part of any effective management system. The regular assessment of the previous EMS reviews serves to measure the effectiveness of each EMS element or component. It helps to continuously improve the operational management system. Thus, your management team will discuss the environmental objectives of the organization and other environmental performance requirements. In addition, the team must consider...
During the review, account for changes in external and internal issues concerning the EMS. This includes identifying that affect the EMS planned outcomes. Any changes in EMS binding commitments should be officially approved during EMS management reviews. For complicated changes, this can take many hours or several days.
The EMS review needs to examine documented evidence for the environmental performance of the organization. This includes...
Quality Assurance Solutions
Software, Videos, Manuals, On-Line Certifications
An Organizational Task Management System. Projects, Meetings, Audits & more
Corrective Action Software
Plan and Track Training
AQL Inspection Software
450+ Editable Slides with support links
Learn and Train TRIZ
Templates, Guides, QA Manual, Audit Checklists
EMS Manual, Procedures, Forms, Examples, Audits, Videos
Six Sigma, Risk Management, SCRUM
Software, Videos, Manuals, On-Line Certifications