Identifying deficiencies.

Identifying deficiencies is only the first step. Real audit value accrues when pro-active benefits are built into the process.

After the introduction of the ISO 14000 standards for environmental management systems (EMS), much discussion centered around how traditional environmental compliance audits could be modified to better address EMS issues. While organizations generally separate their compliance audits from those evaluating the EMS, experience over the last 20 years has taught me that the traditional compliance audit can be expanded to include a few value-added EMS audit activities. Performing ISO 14000 fitness tests and developing regulatory calendars and compliance self-assessment check lists are three such value-adding activities that can easily be "piggy backed" onto a compliance audit.


Many organizations, even those not considering formal registration, are interested in measuring their level of compliance with ISO 14000 standards. "Fitness tests," the typical method for making this assessment, can be a rather expensive effort if performed independently. As a result, many companies conduct their EMS fitness tests as part of their traditional environmental compliance audits.

An audit questionnaire based on the five elements of ISO 14001, similar to the sample presented at right, can simplify the process. This technique has worked effectively and efficiently on numerous audits I have conducted. Auditors make judgments on the extent of program deficiencies and then justify those judgments in the comments section. To ensure a solid understanding of the EMS, auditors complete the questionnaire at the end of the compliance audit.

The review can take just 45 minutes if the appropriate site staff are involved. The completed questionnaire can be issued separately or attached to the audit report as a set of EMS conclusions that may or may not require a formal corrective action plan. In addition to providing a formal and separate evaluation of the EMS, the technique also generally forces the participation of the site manager in the audit process.


During a recent compliance audit, we discovered that the last two "Community Right-to-Know" toxics release inventory reports were submitted late; the application to renew the site's wastewater permit was not submitted six months prior to the expiration date as required; and the hazardous waste report for the fourth quarter was not submitted at all. Each of these findings suggests a lack of knowledge of due dates for key regulatory reports.

These incidents of non-compliance can easily be prevented with the development of a regulatory calendar. Moreover, the calendar itself demonstrates "a commitment to comply" with applicable regulations, one of the key elements of an ISO 14000-compliant policy and a key requirement for avoiding maximum penalties for non-compliance under the u.s. government's Federal Sentencing Guidelines.

What better way to add value on a compliance audit than to have the auditors actually develop the initial calendar for the site? The development process is straightforward - auditors keep a running account of all time-sensitive requirements as they progress through the audit. based on past experience, development of the calendar takes virtually no additional time on the auditor's part if it is designed a priori into the audit methodology.


Leaving compliance assurance or verification activities to those responsible for compliance presents several difficulties. Site staff will be assessing programs they have developed and implemented. In addition, the self-assessment approach is inconsistent with ISO 14000 guidelines and U.S. Environmental Protection Agency policies that call for auditors to be independent of the site being audited. Finally, the complexity and magnitude of legislation to be addressed in a compliance assessment requires specialized expertise.

Nonetheless, in an effort to comply with ISO 14000, there is an increased emphasis on leaving detailed compliance audits to the operating personnel and puffing environmental auditors to better use conducting EMS audits. By focusing on management systems, the theory goes, environmental auditors will be more likely to identify the root causes of deficiencies. Corrective actions can then be designed to address the true problem instead of just treating the symptom.

One final way the compliance team can add value to the self-assessment process before they shift their focus to the EMS is to develop a self-assessment questionnaire. ISO guidelines require all organizations to "establish and maintain a documented procedure for periodically evaluating compliance with relevant environmental legislation and regulations." In organizations where environmental audits are principally designed to assess the EMS instead of compliance, this compliance evaluation can be accomplished with the site self-assessment checklist on page 27.

The compliance audit checklist is based on the specific regulatory requirements faced by the site. Site personnel periodically complete the checklist, which can then be used as an assurance and verification tool by the EMS auditors.

Much like the EMS fitness test and regulatory calendar, the self-assessment checklist can be developed during and at the end of a traditional compliance audit. Unlike the calendar, however, more effort is required to develop the checklist. Audit teams should allow an extra one-half to one day to complete the checklist. The end result is a valuable tool for site staff - a worthwhile goal of any audit.


Although the demand for strong compliance assurance programs still exists, especially in the United States, environmental audits can add value to the site's environmental management system beyond simply testing for compliance. Conducting ISO 14001 fitness tests and developing self-audit check-lists and regulatory calendars can provide substantial benefits - benefits that could never be achieved in audits that focused solely on identifying deficiencies.

A Commitment to Comply

INCLUDING VALUE-ADDED EMS activities in compliance audits is only one way ISO 14000 is changing and improving environmental compliance audit approaches. By applying the "Plan, Do, Check, and Act" principles of total quality management to environmental management, ISO 14000 compels organizations to add structure and rigor to their environmental programs. It especially emphasizes the importance of documentation, a welcome push to organizations who have learned that stake-holders want more than a statement of compliance. Documentation of compliance - and of the intent to comply - is essential.

The audit report is one of the most obvious methods for documenting compliance efforts. Yet, as essential as it is, no generally-accepted standard exists to define the ideal report structure.

Certain elements must appear in an audit report if it is to meet ISO 14000 expectations. Following these guidelines will result in a more intelligible, informative report that helps management better understand the organization's environmental status and efficiently determine what corrections need to be made.


Standard 14010 requires the lead auditor to state his opinion as to whether or not "there is adequate cooperation from the auditee." To make this determination, the auditor should consider a few key factors. Did the site agree to the audit frequency as established by the company? Did the site complete the pre-audit questionnaire and return it well in advance of the audit? Was the environmental coordinator available to the audit team during the week? Did the plant manager attend the opening and closing conferences? Finally, did the site complete a corrective action plan in a timely manner? If the answer to all these questions is yes, then adequate cooperation was achieved.

Cooperation in this context does not mean that the auditee agrees with all of the findings. As long as the auditees participate actively in the process and the audit team leader achieves appropriate closure on any outstanding issues, the auditees may disagree with the audit team's findings to any degree they wish.


According to guidelines 14010 and 14011, the audit report should include "the identification of the audit team members and the identification of the auditee's representatives participating in the audit." Such a list can be helpful to readers of the report and to future auditors. For example, knowing that the auditors interviewed all the key managers at a facility is essential for determining the adequacy of the EMS review. Also, turnover of key site management staff would affect the strategy and approach of subsequent EMS audits.

This Article was Provided by a Driso Consultant.

Driso provide ISO 9001 2000 consultancy, auditing, software, and training Services.
They also supply Easy ISO 9001 2000® software for initially setting up an ISO 9001 2000 compliant Quality Management System or improving upon an existing one.
Click here to contact Driso Consultancy Services. See what they can do for you and your business.

If you have an interesting ISO 9001 2000 article that you would like to publish on this page to share with other like minded people please click on the [Submit Article].
Full recognition will be given to the author.    [Submit Article]

Copyright © Driso Ltd. (2005)