ISO14001 Implementation Guide
Having chosen your measurements you need to decide what “good� looks like; what numerical values would mean that performance is in line with expectations? Again, the definition of your objectives may need tweaking over time as you gain experience with taking the measurements and your EMS moves from implementation mode into ongoing operation mode. If you find that your objectives are not being met, then an improvement may be required to bring the situation back into line; such improvements should be recorded and tracked through to completion.
2.10.2 Internal audit The standard requires that there is an internal auditing programme in place which audits all aspects of the EMS within a reasonable period of time. If you embrace the idea of internal auditing as a useful early warning of any issues at external audit, then you won’t go far wrong. Internal audits should ensure that there are no surprises during the annual certification/surveillance audit which should allow everyone a higher degree of confidence in the EMS. In terms of where to start auditing, the standard suggests that you consider the importance of the processes concerned, problem areas identified in previous audits and those parts of the EMS where significant risks have been identified. Beyond that, there is no particular order in which internal audits need to happen. Auditors need to be suitably qualified either through experience or training (or both) and must be impartial i.e. they are not involved in the setting up or running of the EMS. The Toolkit has a number of documents to help with the internal auditing process, including a schedule, plan, procedure and post-audit action plan. In general, all aspects of internal auditing need to be documented and an external auditor will almost always want to see the most recent internal audit report and track through any actions arising from it.
2.10.3 Management review Management review is another key part of the EMS which, if you get it right, will hold together everything else and make audits (internal and external) a relatively straightforward experience. The ISO14001 standard is pretty specific about what these reviews should cover but it is less forthcoming about how often they should take place. This is one of those areas where you will need to try it and see what works for your organization; too often and it becomes an unacceptable administrative overhead; too infrequent and you risk losing control of your EMS. The generally accepted minimum frequency is probably once a year and in this case, it would need to be a full review covering everything required by the standard. A more common approach is to split the management review into two parts: perhaps a quarterly review of the main areas with a more complete review on an annual basis. You may even decide that in the early days of the EMS a monthly review is
v2 Copyright CertiKit
certikit.com
Page 24 of 33
