An environmental internal audit is the method used to check business operations of EMS data. Organizations must establish an internal audit programme (including all requirements of the ISO 14001 standard) and conduct internal audits at planned intervals.
Internal environmental audits help to maintain momentum towards achieving objectives. Functional integration of the environmental management system audit requirements is often evident when Top management are involved with internal audits and when they ensure corrective action is implemented.
While reviewing the internal audit programme, auditors should ensure that consideration is given to the importance of the processes concerned, changes within the organization, and the results of previous audits.
- What is an Environmental Internal Audit?
- Why Perform Audits?
- 9.2.2 Internal Audit Programme
- Principles of Auditing
- Audit Methodology
- Preparing for the Audit
- Using an Internal Audit Checklist
- Environmental Internal Audit Process
- Internal Audit Report
- Legislation Audits
- Certification Audit
- Retaining ISO 14001 Certification
- EMS Internal Audit Documentation Package [Template download]
- EMS Control of Internal Audits Procedure [Template download]
- EMS Internal Audit Checklist [Template download]
In the 2004 version of ISO 14001, the purpose of internal audit was to determine whether the EMS is conforming to requirements and is effectively implemented and maintained. In the 2015 version of ISO 14001, the purpose of the internal audit is to provide enough information as to whether this is the case, while the determination of conformance is undertaken during management review.
The internal audit will help ensure you address the necessary requirements. It stands as a reference point before, during and after the audit process and used correctly will provide the following benefits:
Management system audits focus on the system as a whole and compares planning activities and broad system requirements, across several functional groups, with the desired outcomes in order to evaluate the effectiveness of the system and to identify any systematic opportunities for improvement.
A key part of checking compliance with both environmental management system operational procedures and the requirements of ISO 14001:2015 is via an internal audit programme that details the frequency and general focus of each internal audit.
Periodic internal auditing is undertaken to ensure effective operation. The frequency and sequence of internal audits must be documented in the audit programme (ISO 14001:2015 Clause 9.2.2), showing which areas and processes are to be audited, including the date and time, and the auditor(s) involved.
The frequency of the internal audit programme must be based on the significance of environmental aspects, e.g., risk as highlighted in previous audits and be related to the rate of progress with which the aspects are being addressed.
The Environment and Sustainability Manager (Management Representative) should consult the Environmental Aspect Register to identify areas of high risk (e.g., the most significant environmental aspects); and the areas where the organisation has failed to meet legal requirements in the past.
While preparing and reviewing the internal audit programme you should ensure that consideration is given to the importance of the processes concerned, any changes within the organization, and the results of previous internal audits and any corrective action details prepared as a result of previous reviews or audits.
Auditing relies on a number of principles whose intent is to make the audit become an effective and reliable tool that supports your company’s management policies and procedures whilst providing suitable objective information that your company can act upon to continually improve its performance.
The principles of internal auditing are contained in ISO 19011:2018 - Guidelines for auditing management systems. This is an international standard that provides guidance on auditing management systems, including:
It is applicable to all organizations that need to plan and conduct internal or external audits of management systems or manage an audit programme.
Adherence to the following principles are considered to be a prerequisite for ensuring that the conclusions derived from the audit are accurate, objective and sufficient. It also allows auditors working independently from one another to reach similar conclusions when auditing in similar circumstances.
The adoption of the ‘process approach’ is mandated by ISO 14001:2015 and is one of the most important concepts relating to environmental management systems.
Process auditing is about auditing your organization’s processes and their interactions, which together comprise the environmental management system.
The process approach is one of the core management principles, which is defined as a ‘consistent and predictable results are achieved more effectively and efficiently when activities are understood and managed as interrelated processes that function as a coherent system’.
The process audit provides assurance that the processes have been implemented as planned and provides information on the ability of the process to produce a conforming output.
Done properly, a process audit is much more than verification that processes are being followed. Although preparation can take a day or two, actual audit time is about two hours per shift.
Effective process auditing requires the auditor to identify and record audit trails that will make a difference to your organization. The audit should begin with the process owner in order to understand how the process interacts with the other process inputs, outputs, suppliers and/or customers.
The auditor should be able to determine whether the outputs are complete and that process measurements demonstrate whether all of the outputs are consistently fit for purpose and are efficiently managed. Do the customers agree with the outputs and the measures?
Before the audit, prepare thoroughly! Spending an hour or three in preparation will make you a better auditor and you will be much more effective during the audit. Auditors should not skip this step as it provides much needed value to the audit. Taking the time to prepare and organize actually saves time during the audit.
Internal audit checklists are a type of sample questionnaire that you can customize for use in guiding the work of your internal audit team.
A well-designed internal audit with suitable audit checklists should take between 20 and 40 minutes to complete. However, the process may take between two and three hours the first time each audit is carried out
The EMS audit checklist may be used as a guide for audit planning and acts objective evidence; documented information of the effective implementation of the audit programme, as well as the results of internal audits.
The internal audit checklists can comprise tables of the certifiable ‘shall’ requirements, from Section 4.0 to Section 10.0 of ISO 14001:2015, where each requirement is phrased as a question. The audit checklist can be used for implementation audits and compliance audits.
You can also create separate process audit checklists by selecting the clauses from the checklist that are relevant to the process or area being audited and ‘copy and paste’ the audit questions into a new audit checklist.
Gather together all the relevant documented information that relates to the process you will be auditing.
Look at process metrics, work instructions, turtle diagrams, process maps and flowcharts, environmental policies and programmes, previous site environmental reviews or audit reports, corrective actions, analysis of environmental aspects, relevant legislation, overview of permits/licences, consents, records of emission data, and management review reports; etc.
Review this documented thoroughly and highlight the aspects that you plan to audit. Using the documented information in this way ensures they become audit records.
Your organization’s documented information may not cover all of the requirements that may be relevant to the process. If certain information is not available, it may become your first audit finding, not bad for the preaudit review! Certain information and linkages should be audited. Some are required and some are simply good audit practice. Putting these sections into a worksheet format gives auditors a guide to follow, to ensure the relevant links are audited.
As you moved through the audit, you should have noted the issues and opportunities for improvements you saw. These should have been marked clearly so you are now able to quickly review and capture them as you write the report.
These findings and conclusions should be formally documented as part of the summary report.
Too often, the audit report only recites back facts and data the managers already know. The value is in identifying issues and opportunities they do not know!
This summary should be reviewed first with the lead auditor, then the Process Owner and Management Team. Make final revisions and file the audit report and all supporting audit materials and notes.
The Environment and Sustainability Manager (Management Representative) is responsible for communicating the results of the internal audit to senior management.
An internal audit report is essential to ensure that the results of the internal audit are communicated effectively. A good summary report is the output which is the value of the audit. It deserves an appropriate amount of attention and effort.
The Audit Team Leader will normally prepare the internal audit report, which summarizes the audit scope, identifies the audit’s objectives, a description of the areas that have been audited and who was involved with the audit, describes sources of evidence used, and summarizes the audit results.
The summarized internal audit results included in the report normally consist of:
The Environment and Sustainability Manager (Management Representative) is responsible for communicating the audit results to responsible area, or to functional management, ensuring the audit report is signed off by the relevant manager, and is responsible for ensuring the availability of completed and signed audit reports for management review.
All internal audit reports should be retained for at least two years from the date of audit completion.
At least once per year, an audit should be conducted on the scope and applicability of the register of applicable legal and compliance obligations in order to verify continued compliance, by taking a sample and seeking objective evidence that the legislation is current and is being complied with.
Samples of legislation can be noted and the register brought up to date as required. The samples taken should be selected on current risks ensuring that the whole register is audited at least once in each 3-year period.
This is the audit that is done before you are given a certification in ISO 14001. It is the last milestone before achieving the ultimate goal of becoming certified. They are typically completed in two separate parts.
It should be noted that these types of audits are usually only conducted every three years; this is something to keep in mind when planning to schedule routine internal audits and to prepare for your ISO 14001 recertification.
Retaining certification to ISO 14001 involves demonstrating that the EMS is being properly maintained. This involves routine surveillance visits by the certification body.
Internal Auditing of the ISO 14001 clauses are fully-documented and explained in our Environmental Management System Template (EMS).
We have procedures, templates, checklists, process maps, forms and gap analysis tools to help your documentation without missing a single input or output.
Before you invest all the hours reinventing the wheel, before you spend countless dollars outsourcing the task — try our templates.
Updated: 26th February 2022
Author: Richard Keen
Richard is our Compliance Director, responsible for content & product development.
But most importantly he is ISO's biggest fanboy and a true evangelist of the standards.
Learn more about Richard
Don’t Try to Manage It All Alone!
Our ISO Auditors and Quality Manager Trainers have been in this industry for years, and since 2002 we’ve been providing thousands of small businesses and large corporations with the tools they need to get certified.
Instead of trying to create everything you need to follow this process from scratch, use ours. We have procedures, templates, checklists, process maps, forms and gap analysis tools to help your documentation without missing a single input or output.
Before you invest all the hours reinventing the wheel, before you spend countless dollars outsourcing the task — try our templates.
EMS Internal Audit Documentation Package
Everything you need to perform an internal audit for ISO 14001:2015.
Procedures - view sample
Checklist - view sample
Reports & Forms
The documents are used together as a cohesive system or available seperately below.
|add to cart|
EMS Control of Internal Audits Procedure - view sample
The purpose of this procedure is to define your organization’s process for undertaking EMS audits, process audits, and supplier and legislation audits in order to assess the effectiveness of the application of our environmental management system and its compliance to ISO 14001:2015.
This procedure also defines the responsibilities for planning and conducting audits, reporting results and retaining associated records. Includes:
|$19 USD||add to cart|
EMS Internal Audit Checklist - view sample
Use this audit checklist to determine the extent to which your quality management system conforms to ISO 14001 requirements by determining whether those requirements have been effectively implemented and maintained. This template will help you to assess the state of your existing management system and identify process weakness to allow a targeted approach to prioritizing corrective action.
Master Internal Audit Checklist - view sample
This audit checklist comprises tables of the certifiable (‘shall’) requirements, from Section 4.0 to Section 10.0 of ISO 14001:2015, each required is phrased as a question.
The answers will automatically populate and update the Audit Results Summary and charts.
Audit Results Summary
Process Audit Template
Requires the auditor review the inputs, risks, controls, activities, equipment, materials, personnel, and methods of measurement for each process.
|$79 USD||add to cart|
Pay by Credit Card, Debit Card, PayPal or Apple Pay.
Please read our Money Back Guarantee.
Bought by Small Businesses and Large Corporations our templates have been sold online and CD since 2002.
The Templates are used by first-timers following our step-by-step, clause-by-clause guidance documents; and experienced Quality Managers wishing to streamline and improve their existing documentation.
The application of our templates is scalable and generic; regardless of the size and type of organization. The elements that form the environmental management system are the same.
1. Our customizable templates save you time and money by offering a streamlined process to create your quality documentation
2. They’ve got everything you need in one simple template
3. Proven to work our templates have helped thousands of businesses big and small achieve certification
4. Documents use styles to make reformatting and rebranding a breeze
5. Our templates are generalizable for any industry or sector. The application of our templates is scalable and generic; regardless of the size and type of organization.