Friday, 27 April 2012

Fundamentals of ISO 14001 and Compliance Audits


A lot of confusion exists on the differences between an Environmental Management System Audit and a Compliance Audit. An Environmental Management System, ( an EMS) ensures that environmental issues are systematically identified, controlled, and monitored. It provides a mechanism for responding to changing environmental conditions and requirements reporting on environmental performance, and reinforcing continual improvement. An EMS is often designed to meet the requirements of the International Organization for Standardization (ISO) 14001 Environmental Management Standard.
ISO 14001 is a globally recognized standard that defines the structure of an organization’s EMS for purposes of improving the organization’s environmental performance. The process-based structure of ISO 14001 is based on the “Plan-Do-Check-Act” improvement cycle. The standard requires an organization to develop an environmental policy, create plans to implement the policy, implement the plans, check progress and take corrective actions, and review the system regularly to ensure its continuing suitability, adequacy, and effectiveness. To gain registration under the standard, an organization must comply with a set of 17 specific requirements that includes such things as objectives and targets; structure and responsibility; training, awareness, and competence; records; communication and community involvement; and monitoring and measurement. An EMS Audit is designed to verify conformance to the standard.
So what is an EMS Audit and how does it differ from a Compliance Audit?
An audit—any audit—is the comparison of actual conditions to expected conditions, and (a) a determination as to whether one is in conformance or requirements of this international standard; and has been properly implemented and maintained; and (b) provides information on the results of the audits to management. This means if an organization is ISO 14001 certified, they must schedule regular internal audits of its EMS. This audit must assess whether their ISO program meets all the specifications of ISO 14001 and is kept up-to-date. Furthermore, top management must be made fully aware of the audit findings. The EMS Audit consists of reviewing critical documents such as standard operating procedures, management plans and permits, management meetings, internal audit procedures and results, list of legal and other requirements, and the training program. The purpose of the EMS Audit is to determine conformance to the standard, not necessarily compliance with a regulation. The purposes of the EMS audit are to assess whether the EMS has been implemented and maintained effectively, as well as identification of opportunities for improvement.
Does ISO 14001 Audit Address Compliance?
You might ask, doesn’t my ISO 14001 Audit address regulatory compliance? The answer is yes, but from a system standpoint rather than from a performance perspective and no, it is typically not a compliance audit. Some experienced auditors can find compliance issues, though most do not have the time to delve in deep. The standard requires that certain procedures exist regarding identification of legal and other requirements, that periodic compliance assessments be performed, that legal requirements be considered in setting objectives and targets, and that there be a commitment to compliance. However, actually being in compliance is a performance issue and is considered to be outside the scope of an ISO 14001 EMS Audit. The important point is that during an EMS audit, identified regulatory noncompliances are relevant only to the extent that they reflect a potential system problem. The finding is not that the site is out of compliance with a given regulation, but that the noncompliance means some EMS element is not conformed to. For example, a regulatory noncompliance issue is viewed as a training, record-keeping, or monitoring and measurement problem rather than strictly a regulatory compliance concern.
The scope of a typical EMS auditor is not to do a compliance audit as part of the EMS audit. Compliance auditing is typically done separately as part of the EMS requirements itself. There may be legal and other requirements regarding noncompliances encountered during the EMS audit, but this should be decided and addressed in the audit plan. In addition to responding to requirements of ISO 14001, the EMS must also respond to what the organization said it was going to do. An audit verifies the system conforms not only to ISO 14001, but also to what the site’s EMS program commits to in its documentation.
The compliance piece is certainly key to the effective implementation of a ISO 14001 system and is often the least considered portion. Many sites perform the determination of the legal and other requirements internally and then based the compliance program on those requirements. In recent audit experience it has been identified that there were missing compliance requirements due to a faulty legal and other requirements assessment in the beginning of the system development that went unchecked for years until regulators found the non-compliance areas during routine inspections. We typically recommend that a legal requirements and compliance audit be performed by object outside staff on a regular interval to ensure meeting the current requirements.
Consistency within the procedures is one of the three C’s of ISO 14001 EMS Auditing. Consistency relates to how well the procedure or process of the EMS relates to the others. In other words, do objectives and targets reflect the policy commitments? Are personnel trained on the legal and other requirements? The other two C’s of EMS Auditing are Conformance and Continual Improvement. Conformance relates to addressing each of the requirements of the standard. Finally, Continual Improvement requires that the system lead to improvements in the system itself as well as with environmental performance. A system that has all the prerequisite procedures, but remains static, is not in conformance. With EMS auditing, the auditor is not expected to draw conclusions or make recommendations regarding corrective action on non-conformances, unless the EMS’s corrective action process includes the auditor drawing conclusions and making recommendations. The ISO standard effectively separates the auditing function from interpretation and corrective action, which in turn are separated from continual improvements that is under management review. An organization’s EMS, however, may mix these roles and functions at their discretion.
In conclusion, an EMS formalizes procedures within an organization, provides accountability for continual improvement, and requires regular audits, the results of which must be communicated to management. The differences between an EMS Audit and a Regulatory Compliance Audit lies in the criteria used for evaluation. The criteria for an EMS audit is conformance to the standard itself, whereas the criteria for a Regulatory Compliance Audit are environmental regulations and other legal requirements.

No comments:

Post a Comment