The organization shall conduct internal audits at planned intervals to provide information on whether the environmental management system:
- conforms to:
- the organization’s own requirements for its environmental management system;
- the requirements of this International Standard;
- is effectively implemented and maintained.
9.2.2 Internal audit programme
The organization shall establish, implement and maintain (an) internal audit programme(s), including the frequency, methods, responsibilities, planning requirements and reporting of its internal audits. When establishing the internal audit programme, the organization shall take into consideration the environmental importance of the processes concerned, changes affecting the organization and the results of previous audits.
The organization shall:
a) define the audit criteria and scope for each audit;
b) select auditors and conduct audits to ensure objectivity and the impartiality of the audit process;
c) ensure that the results of the audits are reported to relevant management.
The organization shall retain documented information as evidence of the implementation of the audit programme and the audit results.
As per Annex A (Guidance on the use of ISO 14001:2015 standard) of ISO 14001:2015 standard it further explains:
Auditors should be independent of the activity being audited, wherever practicable, and should in all cases act in a manner that is free from bias and conflict of interest. Nonconformities identified during internal audits are subject to appropriate corrective action. When considering the results of previous audits, the organization should include:
a) previously identified nonconformities and the effectiveness of the actions taken;
b) results of internal and external audits.
For additional information on establishing an internal audit programme, performing environmental management system audits and evaluating the competence of audit personnel, see ISO 19011.
1) The organization shall conduct internal audits at planned intervals to provide information on whether the environmental management system conforms to the organization’s own requirements for its environmental management system and the requirements of ISO 14001:2015
Conducting internal audits at planned intervals is a critical component of an effective Environmental Management System (EMS) to ensure compliance with ISO 14001:2015 requirements and to identify opportunities for improvement. Here’s a step-by-step guide on how the organization should conduct internal audits of its EMS:
- Establish the Internal Audit Program: The organization should establish an internal audit program that outlines the scope, objectives, frequency, and responsibilities for conducting internal audits of the EMS. This program should be documented and reviewed periodically.
- Appoint Competent Auditors: Appoint qualified and competent internal auditors who have the necessary skills and knowledge in EMS and auditing techniques. Ensure that auditors are independent and impartial.
- Define the Audit Scope: Determine the scope of the internal audit, including the areas, processes, and functions of the EMS that will be audited. Ensure that the scope covers all relevant aspects of the EMS.
- Develop an Audit Plan: Create an audit plan that includes the following:
- Audit objectives: Clearly define what the audit aims to achieve.
- Audit criteria: Specify the standards, regulations, and EMS documentation against which the audit will be conducted.
- Audit schedule: Determine the audit dates, duration, and locations.
- Audit team: Identify the members of the audit team and their roles.
- Audit checklist: Prepare a checklist of questions and areas to be assessed during the audit.
- Conduct the Audit: Execute the audit plan by conducting on-site or remote audits of the EMS processes and documentation. The audit team should:
- Review EMS documentation, procedures, policies, and records.
- Conduct interviews with personnel responsible for EMS implementation.
- Verify compliance with ISO 14001 requirements and internal EMS procedures.
- Assess the effectiveness of EMS processes.
- Identify non-conformities, opportunities for improvement, and best practices.
- Document Audit Findings:The audit team should document all audit findings, including non-conformities, observations, and positive findings. Each finding should be well-documented with evidence.
- Non-Conformity Management:Identify and document any non-conformities found during the audit. Non-conformities should be clear, specific, and include details of where the EMS does not comply with ISO 14001 requirements or internal procedures.
- Report and Communicate:Prepare an audit report that summarizes the audit findings, including non-conformities, observations, and positive findings. Ensure that the report is clear, objective, and concise.
- Corrective and Preventive Actions:Once the audit report is finalized, the organization should initiate corrective actions to address identified non-conformities. Corrective actions should be well-documented, and timelines for implementation should be established.
- Management Review: Present the results of the internal audit, including corrective actions taken, to top management during management review meetings. This is an opportunity to discuss audit findings, assess the effectiveness of the EMS, and make decisions for improvement.
- Follow-Up Audits: – Conduct follow-up audits to verify the implementation and effectiveness of corrective actions for identified non-conformities. Ensure that the root causes have been addressed, and the EMS is compliant.
- Continuous Improvement: – Use the audit findings, corrective actions, and opportunities for improvement to drive ongoing enhancement of the EMS. Update EMS documentation and processes as needed.
- Document Retention: – Maintain records of internal audit reports, corrective actions, follow-up audits, and management review meeting minutes as part of the EMS documentation.
By following this systematic approach to internal auditing, the organization can effectively assess the performance of its EMS, ensure compliance with ISO 14001, and continually improve its environmental management processes.
2) The organization shall conduct internal audits at planned intervals to provide information on whether the environmental management system conforms to is effectively implemented and maintained.
Indeed, internal audits in an Environmental Management System (EMS) are conducted to confirm whether the EMS is effectively implemented and maintained, as required by ISO 14001:2015. This process helps the organization ensure that its EMS is functioning as intended and that environmental objectives are being met. Here’s how this confirmation is typically carried out in the context of internal audits:
- Start by planning the internal audit. This involves defining the audit scope, objectives, criteria, and the areas of the EMS that will be audited. Consider using ISO 14001:2015 as a reference for the criteria.
- Conduct the internal audit according to the plan. Auditors should assess whether EMS procedures and processes are being effectively implemented throughout the organization. This includes reviewing documentation, interviewing personnel, and examining records.
- During the audit, auditors assess conformance with ISO 14001:2015 requirements, as well as the organization’s own EMS requirements, policies, and procedures. They look for evidence of compliance and effectiveness in various aspects, such as:
- Identifying and controlling environmental aspects and impacts.
- Establishing and maintaining environmental objectives and targets.
- Ensuring legal and regulatory compliance.
- Conducting management reviews.
- Implementing corrective and preventive actions.
- Monitoring and measuring environmental performance.
- Maintaining records.
- Training and awareness programs.
- Auditors document their findings, including any non-conformities, observations, and areas of strength or best practices. Non-conformities indicate instances where the EMS is not effectively implemented or maintained.
- If non-conformities are identified, corrective actions should be initiated to address the root causes of these issues. Corrective actions should be documented, implemented, and monitored for effectiveness.
- Prepare an audit report that summarizes the audit process, findings, and conclusions. The report should include an assessment of the effectiveness of the EMS in meeting its objectives and requirements.
- Review and approve the audit report, corrective actions, and any follow-up actions. Relevant personnel, including the Environmental Manager and department heads, should be involved in this process.
- Conduct follow-up audits as needed to verify the implementation and effectiveness of corrective actions. Ensure that non-conformities have been addressed and that the EMS is now effectively maintained.
- Use the audit findings and corrective action process to drive continuous improvement within the EMS. Identify opportunities to enhance processes and achieve better environmental performance.
- Present the results of the internal audit, including corrective actions and opportunities for improvement, during management review meetings. This allows top management to assess the overall effectiveness of the EMS.
By conducting internal audits to confirm whether the EMS is effectively implemented and maintained, organizations can identify areas for improvement, maintain compliance with ISO 14001:2015, and continuously enhance their environmental performance.
3) The organization shall establish, implement and maintain (an) internal audit programme(s).
An internal audit program is a systematic and structured approach that organizations use to assess and evaluate their internal controls, processes, and operations. The primary goal of an internal audit program is to provide independent and objective assurance and consulting services to help the organization achieve its objectives, improve operations, and manage risks effectively. Here are key components of an internal audit program:
- Audit Charter: An audit charter is a formal document that establishes and authorizes the internal audit function within the organization. It outlines the purpose, scope, authority, and responsibilities of the internal audit department.
- Audit Plan: The audit plan is a detailed document that specifies the audits to be conducted during a specific period (usually annually). It should align with the organization’s strategic objectives and risk assessment findings.
- Risk Assessment: Conduct a risk assessment to identify and prioritize the areas and processes within the organization that require auditing. This assessment helps determine where the most significant risks lie.
- Audit Policies and Procedures: Develop and maintain documented audit policies and procedures that outline the methodologies, standards, and processes to be followed during audits. These policies and procedures ensure consistency and adherence to best practices.
- Audit Team: Assemble a team of qualified internal auditors with the necessary skills, knowledge, and expertise to perform audits effectively. The team should operate independently and objectively.
- Audit Execution: Conduct audits based on the audit plan and risk assessment. Auditors collect evidence, perform testing, evaluate controls, and assess compliance with policies and regulations.
- Audit Reporting: Prepare comprehensive audit reports that communicate findings, including strengths, weaknesses, and areas for improvement, to relevant stakeholders. These reports should also include recommendations for corrective actions.
- Follow-Up and Monitoring: Monitor the implementation of recommended actions and verify that corrective measures are effective. Conduct follow-up audits as necessary to ensure sustained improvement.
- Documentation and Record-Keeping: Maintain detailed records of audit activities, including workpapers, findings, reports, and corrective actions. Proper documentation ensures accountability and provides an audit trail.
- Continuous Improvement: Regularly review and update the internal audit program to adapt to changing organizational needs, regulations, and risks. Seek feedback from auditors and auditees to improve the audit process.
- Compliance with Standards: Ensure that the internal audit program complies with relevant professional standards and regulations, such as the Institute of Internal Auditors (IIA) Standards.
- Board Oversight: Establish a direct reporting line to the board of directors or an audit committee to maintain independence and transparency. The board should provide oversight of the internal audit function.
- External Review: Periodically engage external auditors or consultants to provide an independent assessment of the internal audit program’s effectiveness. This external review adds an additional layer of assurance.
- Communication and Reporting: Regularly communicate the results of audits to senior management and the board of directors. Highlight areas of concern and their potential impact on the organization.
An effective internal audit program is essential for organizations to manage risks, improve operations, ensure compliance, and enhance overall governance. It should be adaptable and responsive to changes in the organization’s environment and objectives.
4) The audit program shall include the frequency, methods, responsibilities, planning requirements and reporting of its internal audits
when establishing an internal audit program, it’s essential to define key elements such as frequency, methods, responsibilities, planning requirements, and reporting procedures. Here’s a breakdown of each of these components within the audit program:
- Frequency of Audits:
- Determine how often internal audits will be conducted. The frequency may vary based on the organization’s size, complexity, industry, and risk factors.
- Consider conducting regular, ongoing audits (e.g., monthly, quarterly, or annually) and ad-hoc audits in response to emerging risks or significant changes.
- Audit Methods:
- Specify the audit methods and techniques to be used during internal audits. These methods may include sampling, document reviews, interviews, and process walkthroughs.
- Define the approach for testing controls, compliance, and operational effectiveness.
- Clearly define the roles and responsibilities of individuals involved in the internal audit process. Key roles include:
- Audit Team: Roles and responsibilities of internal auditors, including team leader and team members.
- Audit Clients: The departments or functions being audited.
- Audit Management: Oversight and coordination of audit activities.
- Audit Committee or Board: Responsible for governance and oversight of the internal audit program.
- Clearly define the roles and responsibilities of individuals involved in the internal audit process. Key roles include:
- Planning Requirements:
- Outline the steps and requirements for audit planning, including:
- Scoping: Defining the audit’s objectives and boundaries.
- Risk Assessment: Identifying key risks and areas to be audited.
- Resource Allocation: Determining the personnel, budget, and technology required for the audit.
- Audit Plan Development: Creating a detailed audit plan with timelines and objectives.
- Communication: Ensuring effective communication with audit clients and stakeholders.
- Outline the steps and requirements for audit planning, including:
- Reporting Procedures:
- Define how audit findings will be documented and reported, including:
- Audit Reports: Specify the format and content of audit reports, including findings, recommendations, and action plans.
- Distribution: Determine who will receive audit reports and how they will be disseminated.
- Follow-Up: Outline procedures for tracking and verifying the implementation of audit recommendations.
- Escalation: Describe how significant findings or issues will be escalated to senior management or the board.
- Define how audit findings will be documented and reported, including:
- Documentation and Record-Keeping:
- Establish requirements for maintaining records of audit planning, execution, and reporting. Ensure that all documentation is organized and easily accessible for reference and audit trail purposes.
- Continuous Improvement:
- Include a provision for regularly reviewing and updating the audit program’s frequency, methods, responsibilities, planning requirements, and reporting procedures to adapt to changing circumstances and emerging risks.
- Compliance with Standards:
- Ensure that the internal audit program aligns with relevant professional standards, such as the Institute of Internal Auditors (IIA) Standards, to maintain the quality and integrity of the audit process.
- Board Oversight:
- Clearly state the board’s or audit committee’s oversight responsibilities, including their role in approving the audit program’s key elements and receiving regular updates on audit activities and findings.
By including these elements in your internal audit program, you can establish a structured and effective approach to conducting internal audits, ensuring that the organization’s objectives are met, risks are managed, and operations are improved.
5) When establishing the internal audit programme, the organization shall take into consideration the environmental importance of the processes concerned, changes affecting the organization and the results of previous audits.
Considering the environmental importance of processes, changes affecting the organization, and the results of previous audits is critical when establishing an internal audit program. This approach ensures that the program aligns with the organization’s goals, adapts to evolving circumstances, and leverages past insights. Here’s how these factors should be incorporated into the internal audit program:
- Environmental Importance of Processes:
- Identify and prioritize processes within the organization that have a significant environmental impact. These may include manufacturing, energy consumption, waste management, and resource usage.
- Allocate resources and audit frequency based on the environmental importance of these processes. High-impact processes may require more frequent and in-depth audits.
- Changes Affecting the Organization:
- Stay attuned to changes in the organization’s internal and external environments. These changes could include expansions, acquisitions, regulatory updates, technology advancements, or shifts in market conditions.
- Adjust the audit program to accommodate these changes. This may involve updating the risk assessment, revising the audit plan, and incorporating new audit objectives related to emerging environmental considerations.
- Results of Previous Audits:
- Review the findings and recommendations from previous internal audits, especially those related to environmental performance and sustainability.
- Use insights gained from past audits to inform the planning and execution of future audits. Ensure that previous recommendations have been addressed and resolved appropriately.
- Environmental Compliance and Reporting:
- Ensure that the audit program includes assessments of the organization’s compliance with environmental laws, regulations, and standards.
- Evaluate the accuracy and completeness of environmental reporting, including sustainability reports and disclosures.
- Sustainability Goals and Targets:
- Align the audit program with the organization’s sustainability goals and targets. These objectives may encompass reductions in greenhouse gas emissions, waste minimization, and resource conservation.
- Audit processes and practices related to achieving sustainability goals to ensure they are on track and effective.
- Stakeholder Expectations:
- Consider the expectations and demands of stakeholders, including customers, investors, regulators, and advocacy groups, regarding environmental performance and responsibility.
- Incorporate stakeholder concerns into the audit program to enhance transparency and address reputational risks.
- Continuous Improvement:
- Implement a feedback loop for the audit program, allowing for regular assessments and adjustments based on changing environmental factors and audit outcomes.
- Encourage continuous improvement in environmental performance through the audit process by identifying areas for enhancement and innovation.
- Integration with Other Functions:
- Collaborate with other departments, such as sustainability, environmental health and safety, and operations, to ensure that audit objectives align with broader environmental initiatives.
- Share audit findings and recommendations with relevant teams to facilitate cross-functional improvements.
- Training and Expertise:
- Ensure that auditors responsible for environmental audits possess the necessary knowledge and expertise in environmental management systems, regulations, and sustainability practices.
By considering the environmental importance of processes, adapting to organizational changes, and leveraging the results of previous audits, the internal audit program can play a vital role in promoting environmental sustainability and compliance within the organization. This approach helps organizations minimize environmental risks, reduce their environmental footprint, and contribute to a more sustainable future.
6) The organization shall define the audit criteria and scope for each audit
Defining the audit criteria and scope for each audit is a critical step in the internal audit process. It ensures that auditors have a clear understanding of what they are assessing and what standards or benchmarks they will use to evaluate the subject of the audit. Here’s a systematic approach to defining the audit criteria and scope for each audit:
- Begin by clarifying the specific objectives of the audit. What is the primary purpose of this audit? What does the organization want to achieve by conducting this audit? For example, it could be to assess compliance with a specific regulation, evaluate the effectiveness of a process, or identify areas for improvement.
- Gain a thorough understanding of the context and background of the subject being audited. This includes the relevant industry standards, laws, regulations, policies, and internal procedures that apply to the audit subject.
- Consult with key stakeholders to gather their input on the audit scope and criteria. Stakeholders may include department heads, process owners, compliance officers, and other relevant personnel.
- Establish the specific criteria against which the subject of the audit will be evaluated. These criteria should be measurable, objective, and aligned with the audit objectives. Criteria can include:
- Industry standards and best practices
- Regulatory requirements
- Organizational policies and procedures
- Performance metrics and targets
- Benchmarks or historical data
- Internal control frameworks (e.g., COSO)
- Clearly define the boundaries of the audit scope to specify what is included and excluded from the audit. Be precise in outlining the processes, functions, locations, or timeframes that the audit will cover.
- Address any limitations or constraints that may affect the scope, such as resource availability, time constraints, or data availability.
- Create a formal scope statement that summarizes the audit’s purpose, objectives, criteria, and boundaries. The scope statement should be concise and clear, making it easy for all stakeholders to understand.
- Conduct a risk assessment to identify and prioritize potential risks associated with the audit. Consider the impact of risks on the organization and factor this into the scope and criteria.
- Ensure that the defined audit scope and criteria are reviewed and approved by relevant parties, such as the audit committee, senior management, or the board of directors.Obtain formal sign-off to confirm agreement with the scope and criteria.
- Communicate the audit scope to all relevant stakeholders, including the audit team, auditees, and management. Ensure that everyone involved in the audit understands what will be assessed.
- Once the scope and criteria are defined, use them as the foundation for developing the detailed audit plan. The plan should outline the audit objectives, audit steps, resources required, and a timeline for the audit.
- Recognize that the audit scope may need to be adjusted during the course of the audit if new information or unexpected issues arise. Ensure there is a mechanism for obtaining approval for any scope changes.
- Execute the audit according to the defined scope and criteria. Ensure that auditors focus their efforts on the areas and processes specified in the scope statement.
- Maintain open communication with auditees and stakeholders throughout the audit to address any questions or concerns related to the scope and criteria.
By following these steps, organizations can define clear and well-defined audit criteria and scope for each audit, which is essential for ensuring that audits are focused, effective, and aligned with organizational goals and expectations.
7) The organization shall select auditors and conduct audits to ensure objectivity and the impartiality of the audit process;
Selecting auditors and conducting audits in a manner that ensures objectivity and impartiality is crucial to maintain the integrity of the audit process. Here are steps and considerations to achieve this:
- Ensure that auditors are independent of the areas or processes they will audit. Independence reduces the risk of bias or conflicts of interest that could compromise the audit’s objectivity.
- Select auditors with the appropriate qualifications, training, and expertise in the relevant subject matter. Auditors should possess the knowledge and skills necessary to assess the area being audited effectively.
- Implement a rotation policy for auditors to prevent familiarity or undue influence with auditees. Regularly rotating audit staff helps maintain objectivity.
- Conduct conflict of interest checks to ensure that auditors do not have personal or financial interests that could influence their judgment or findings.
- Invest in ongoing training and professional development for auditors to keep them up-to-date with industry standards and best practices. This ensures that they have the knowledge needed to perform impartial audits.
- Develop a comprehensive audit plan that clearly defines the scope, objectives, criteria, and methodology of the audit. A well-structured plan helps auditors remain focused and impartial.
- Establish an audit oversight committee or function, such as an audit committee or board, that has the authority to review and approve audit plans, scope, and findings. This committee should ensure that audits are conducted objectively.
- Maintain open and transparent communication with auditees throughout the audit process. Clearly explain the audit’s purpose, scope, and expectations to mitigate misunderstandings.
- Ensure that auditors collect sufficient and relevant evidence to support their findings and conclusions. Evidence should be objective and verifiable.
- Conduct a risk assessment as part of the audit planning process to identify potential sources of bias or conflicts of interest. Mitigate these risks through careful planning and monitoring.
- Implement a review and quality assurance process within the audit function. This involves having a second set of eyes review audit workpapers and findings to ensure objectivity and accuracy.
- Maintain comprehensive documentation of audit activities, findings, and recommendations. Clear documentation helps provide an audit trail and supports the objectivity of the audit process.
- Ensure that the internal audit function reports directly to the board of directors or an audit committee. This reporting structure enhances independence and reduces the influence of management over audit activities.
- Monitor the implementation of audit recommendations to ensure that corrective actions are effective and that any potential conflicts of interest are addressed promptly.
- Periodically engage external auditors or consultants to provide an independent assessment of the internal audit function’s effectiveness and objectivity.
- Encourage continuous improvement in the audit process by seeking feedback from auditors and stakeholders and making necessary adjustments to enhance objectivity and impartiality.
By following these steps and maintaining a strong commitment to independence, transparency, and objectivity, organizations can conduct audits that provide reliable and unbiased assessments of their operations, controls, and compliance.
8) The organization shall ensure that the results of the audits are reported to relevant management.
Reporting the results of audits to relevant management is a critical component of the internal audit process. This reporting helps management make informed decisions, take corrective actions, and improve processes. Here’s a structured approach to ensure that audit results are effectively communicated to relevant management:
- Prepare Comprehensive Audit Reports:Internal auditors should prepare detailed audit reports that include findings, observations, and recommendations. These reports should be structured, clear, and well-organized.
- Highlight Key Findings:Within the audit report, emphasize the most critical findings and issues that require immediate attention or remediation. Prioritize findings based on their potential impact and risk.
- Provide Context and Background:Offer context and background information within the report to help management understand the audit’s purpose, scope, and methodology. Explain why specific areas were audited and what criteria were used for evaluation.
- Include Supporting Evidence:Back findings and conclusions with supporting evidence and documentation. This adds credibility to the audit report and helps management understand the basis for each finding.
- Offer Practical Recommendations: Alongside findings, provide practical and actionable recommendations for addressing identified issues. Recommendations should be specific, measurable, achievable, relevant, and time-bound (SMART).
- Discuss Root Causes:Analyze and present the root causes of issues when possible. Understanding the underlying causes helps management implement more effective corrective actions.
- Report on Positive Observations:In addition to identifying weaknesses or deficiencies, report positive observations and best practices that were observed during the audit. These can serve as examples for improvement in other areas.
- Timely Reporting:Ensure that audit reports are provided to relevant management in a timely manner. Delays in reporting can hinder the organization’s ability to address issues promptly.
- Customize the Communication: Tailor the communication of audit results to the needs and preferences of the audience. Use a language and format that management can easily understand.
- Review with Auditees: Prior to finalizing the audit report, review the findings and recommendations with the auditees. This provides them with an opportunity to clarify or provide additional information and ensures that they understand the audit results.
- Management Response and Action Plans: Request management to provide a formal response to the audit findings and recommendations. This response should outline their action plans for addressing the issues identified.
- Follow-Up Procedures: Establish follow-up procedures to track and verify the implementation of management’s action plans. Ensure that progress is regularly reported back to relevant management.
- Board or Audit Committee Reporting: If required by governance standards, present the audit findings and management responses to the board of directors or an audit committee. This adds an additional layer of oversight and accountability.
- Escalation of Significant Issues: If the audit identifies issues of significant concern, ensure that these issues are promptly escalated to senior management or the board of directors for immediate attention.
- Continuous Improvement:Encourage continuous improvement in the audit reporting process by seeking feedback from management and auditors. Make adjustments to enhance the effectiveness of reporting.
Effective communication of audit results ensures that management is well-informed about the organization’s strengths and weaknesses, enabling them to make informed decisions and drive improvements. It also promotes transparency and accountability within the organization.
9) The organization shall retain documented information as evidence of the implementation of the audit programme and the audit results.
Documents for ISO 14001:2015 Clause 9.2:
- Internal Audit Procedure: Develop a documented procedure that outlines the step-by-step process for planning, conducting, and reporting on internal audits. This procedure should include roles and responsibilities, audit frequency, and the criteria for selecting auditors.
- Audit Program: Create an annual audit program that schedules internal audits for various parts of the organization. The program should be based on a risk assessment and consider the environmental significance of different processes and activities.
- Audit Plan: Prepare an audit plan for each specific audit. The plan should detail the audit objectives, scope, criteria, methods, resources required, and the audit schedule.
- Audit Checklist: Develop checklists or audit questionnaires specific to the areas or processes being audited. These checklists help auditors systematically assess compliance and effectiveness.
- Audit Criteria: Define the audit criteria that auditors will use to evaluate conformance with the organization’s environmental policies, objectives, legal requirements, and other relevant criteria.
- Audit Report Template: Create a standardized audit report template that includes sections for documenting audit findings, non-conformities, observations, opportunities for improvement, and recommendations.
- Corrective Action Procedure: Document procedures for addressing non-conformities and opportunities for improvement identified during audits. This should include the process for determining root causes, corrective actions, and verification of effectiveness.
Records for ISO 14001:2015 Clause 9.2:
- Audit Records: Maintain records of each internal audit conducted, including the audit plan, checklists used, audit reports, and any additional documentation related to the audit process.
- Audit Reports: Keep copies of all audit reports, including findings, non-conformities, observations, opportunities for improvement, and recommendations.
- Corrective Action Records: Document all corrective actions taken in response to non-conformities identified during audits. This includes records of root cause analysis, action plans, and evidence of the corrective actions’ effectiveness.
- Audit Program Records: Maintain records of the audit program, including schedules, results, and any changes made to the program based on audit outcomes.
- Audit Team Qualifications: Keep records of auditors’ qualifications, including training, experience, and certifications. This demonstrates that auditors are competent to perform their roles.
- Evidence of Communication: Document how audit results are communicated to relevant management and personnel and how management responses and actions are tracked.
- Records of Follow-Up Audits: If applicable, maintain records of follow-up audits conducted to verify the effectiveness of corrective actions.
- Management Review Records: Include relevant audit information in the management review records, as internal audits play a significant role in the EMS performance evaluation.
Examples of Internal Audit Procedure of EMS
1. Purpose and Scope: Define the purpose of the procedure, which is to outline the process for planning, conducting, and reporting internal audits of the EMS. Specify the scope, which should cover the entire EMS and all relevant environmental aspects and legal compliance obligations.
2. References: List all relevant documents, standards, regulations, and procedures that auditors should refer to during the audit process. This may include ISO 14001:2015, legal requirements, and your organization’s EMS documentation.
3. Definitions: Include definitions of key terms and concepts used in the audit procedure to ensure clarity and consistency.
4. Responsibilities: Clearly define the roles and responsibilities of individuals involved in the internal audit process. This should include:
- The Audit Program Manager or Coordinator responsible for planning and scheduling audits.
- Internal Auditors responsible for conducting audits.
- Auditees who are responsible for cooperating with auditors and providing necessary information.
- Management, responsible for reviewing audit results and taking corrective actions.
5. Audit Planning: Describe the process for planning internal audits, including:
- How audits are scheduled and prioritized based on risk assessments.
- How audit objectives, scope, and criteria are determined.
- How audit checklists or questionnaires are developed.
- How the audit plan is communicated to auditors and auditees.
6. Audit Conduct: Outline the steps for conducting internal audits, such as:
- Preparing and briefing audit teams.
- Collecting and reviewing relevant documentation and records.
- Conducting interviews and observations.
- Using audit checklists and criteria to assess conformance and effectiveness.
- Documenting findings, including non-conformities, observations, and opportunities for improvement.
- Engaging auditees and addressing their concerns and questions during the audit.
7. Audit Reporting: Describe the process for preparing audit reports, including:
- The format and content of audit reports.
- How findings are categorized and prioritized.
- How recommendations and corrective actions are formulated.
- The timeline for submitting audit reports to management and auditees.
8. Corrective Actions: Explain how non-conformities and opportunities for improvement identified during audits are addressed and tracked. Describe the process for determining root causes and developing corrective action plans. Specify how corrective actions are verified for effectiveness and reported back to auditors.
9. Records and Documentation: Specify the requirements for maintaining audit records, including audit plans, reports, checklists, and evidence of corrective actions taken.
10. Monitoring and Review: Outline how the internal audit process is periodically reviewed and improved, including feedback mechanisms, lessons learned, and opportunities for enhancement.
11. Training and Competence: – Address the training and competence requirements for auditors, ensuring they have the necessary knowledge and skills to perform their roles effectively.
12. Audit Schedule: – Provide a schedule for planned internal audits, including the frequency of audits and areas to be audited.
13. Management Review: – Explain how audit results are presented to management during EMS management review meetings and how they inform decision-making.
14. Document Control: – Detail how this procedure will be controlled and maintained to ensure it remains up to date and aligned with organizational and EMS requirements.
Examples of EMS Audit Program
Program Period: [Specify the timeframe, e.g., Annual Audit Program for Fiscal Year 20XX]
Audit Team: [List the names and roles of audit team members]
I. Audit Objectives:
- To evaluate the effectiveness of the EMS in achieving environmental objectives and targets.
- To assess compliance with applicable legal and regulatory requirements.
- To identify opportunities for improvement in environmental performance and sustainability.
II. Audit Schedule:
|Audit Title||Audit Scope and Focus Areas||Audit Dates||Lead Auditor||Status|
|Audit 1: [Title]||[Scope description]||[Start – End]||[Lead Auditor]||[Open/Completed]|
|Audit 2: [Title]||[Scope description]||[Start – End]||[Lead Auditor]||[Open/Completed]|
III. Audit Scope: Each audit will cover specific aspects of the EMS, focusing on relevant environmental aspects, processes, and areas of significant environmental impact.
IV. Audit Criteria: Audit criteria will include ISO 14001:2015 requirements, organizational policies and procedures, and applicable legal and regulatory requirements.
V. Audit Methodology: Audits will be conducted using a combination of document reviews, interviews, site inspections, and assessments of environmental records and performance data.
VI. Audit Preparation: Prior to each audit, the audit team will develop an audit plan specifying objectives, scope, criteria, and audit checklists or questionnaires.
VII. Audit Conduct: During the audit, auditors will interact with relevant personnel, assess processes, review documentation, and collect evidence to evaluate conformance and effectiveness.
VIII. Audit Reporting: Audit findings will be documented in an audit report, including non-conformities, observations, opportunities for improvement, and recommendations.
IX. Corrective Actions: Non-conformities and opportunities for improvement will be addressed through corrective actions, with verification of effectiveness.
X. Management Review: Audit results and recommendations will be presented to the EMS management team during management review meetings.
XI. Follow-up Audits: Follow-up audits will be scheduled to verify the effectiveness of corrective actions taken in response to non-conformities identified during initial audits.
XII. Continuous Improvement: The audit program will be periodically reviewed and updated to enhance its effectiveness and relevance.
XIII. Records and Documentation: All audit-related documents, including audit plans, reports, checklists, and corrective action records, will be maintained as part of the audit program’s documented information.
XIV. Compliance with Legal and Regulatory Requirements: The audit program will ensure that audits address compliance with all applicable environmental laws and regulations.
XV. Document Control: This audit program will be controlled and maintained to ensure it remains up to date and aligned with organizational and EMS requirements.