What is the ISO 14001 internal audit report, and how to create it?
If your organization has an EMS (Environmental Management System) certified against ISO 14001:2015, you will be aware of the importance of the internal audit function in ensuring that your EMS functions correctly. As we saw in the previous article: Internal audits in the EMS: 5 main steps, the structure of the audit planning and execution is vital, as it influences the output from the audit itself, which will then form the basis of actions taken to correct non-conformance and drive improvement. Many organizations choose to formalize this element of the process by creating an internal audit report, so why is this sensible, and what should the content of this report be?
Why have an internal audit report?
The ISO 14001:2015 standard requires an organization to record the results of planned internal audits, and it is easy to see why. To avoid non-conformance at the certification audit, it is critical that you perform thorough internal audits to try and identify any gaps in process, documentation, or standard requirements, and then take formal action to fix them. Creating an audit report not only satisfies the terms of the standard, but it also provides the basis for a formal list of action points to address that will not only close the defined gaps, but will satisfy the certification auditor’s examination of your internal audit process if done correctly.
What should the content be?
The content of the internal audit report isn’t stated in the ISO 14001:2015 standard itself, but if you look at the standard’s requirements for the audit, it is safe to assume that your audit report will need to address the following elements:
- whether the EMS complies with the terms of the standard
- whether all applicable legislation is met
- whether the EMS fulfills the terms of service and meets objectives
- any non-conformances identified
It is also obvious that the internal audit report should record the following data:
- General audit data – who undertook the audit, the date, and date of the report itself.
- The scope of the audit – the departments, documents, and processes audited in the EMS, and the applicable clauses of the standard audited against, if required.
- Any non-conformances found – you will find that the more detail you can capture here, the more effective your actions to correct them will be, so ensure that you take the time to capture all relevant facts and details. You can learn more about this element in Environmental Nonconformity Management: How is ISO 14001 different from ISO 9001.
So, while the 14001:2015 standard doesn’t prescribe what format your internal audit report should take, and it isn’t as prescriptive as the ISO 19011 standard on internal auditing, for example, make sure you capture the detail above and any other you think relevant.
What other aim does the internal audit report satisfy?
The internal audit report gives the organization a unique view of the EMS workings, and how the processes connect and work together. As well as being critical preparation for the certification or surveillance audit, it can also provide evidence back to the top management team if the desired continual improvement has taken place. Because of the new ISO 14001:2015 requirements, it also provides an opportunity for the organization to compile a useful report on whether the organization and the EMS meet the revised terms of the standard, such as defining the context of the organization, lifecycle requirements, and the other elements you can learn more about in this free webinar: ISO 14001:2015 vs. ISO 14001:2004 – The Main Changes.
At this stage, it may be a benefit to your organization to consider the topics of your internal audits. Many organizations divide the clauses of the ISO 14001:2015 standard equally between the number of internal audits planned during the three-year certification cycle, and thereby ensure that all of the company is audited against all clauses during this time period. If this method is used, you will have audit reports that cover the full content of the standard itself, and will prepare you for your external audit. This does not guarantee passing your certification audit, but should provide an excellent guide for your organization as to your level of compliance and readiness for the external audit.
Getting the full benefit of the report
While recording the details of the internal audit is mandatory, you must remember that it is also a useful business tool for your organization. In the previous article: Ensuring that environmental objectives are aligned with the company’s strategic direction, we considered how the EMS objectives should be consistent with the strategic organizational goals, and the internal audit report is another piece of evidence that can be presented to the board to ensure that these two vital elements are running in parallel in the organization. If done correctly, the internal audit report can fulfill many functions – both mandatory and business-related, and improve your chances of ensuring your EMS becomes or remains certified.
Why not consider our free online training ISO 14001:2015 Internal Auditor Course to improve your knowledge of the internal audit function and requirements?