Internal Audit Checklist
ISO14001 Toolkit Version 1 ©CertiKit
Implementation Guidance (The header page and this section must be removed from final version of the document)
Purpose of this document This is a checklist to be used as a prompter for questions during an internal audit.
Areas of the standard addressed The main areas of the ISO14001 standard addressed by this document are: 9. Performance evaluation 9.2 Internal audit
General Guidance When conducting an internal audit, it can be useful to have a list of standard questions to ask, organized according to the sections of the ISO14001 standard. This makes the audit more interesting than simply reading the requirements from a spreadsheet. It’s possible that any one audit will not cover all parts of the standard, so you may need to edit this checklist to cover the areas you need. You may also like to add further questions to the lists, depending on the type of organization you are auditing. At each stage, it is important that evidence is reviewed and recorded to prove that procedures etc are in place.
Review Frequency We would recommend that this document is reviewed annually.
Toolkit Version Number ISO14001 Toolkit Version 1 ©CertiKit.
Document Fields This document may contain fields which need to be updated with your own information, including a field for Organization Name that is linked to the custom document property “Organization Name”. To update this field (and any others that may exist in this document):
EMS-FORM-09-4
Page 2 of 14
1. Update the custom document property “Organization Name” by clicking File > Info > Properties > Advanced Properties > Custom > Organization Name 2. Replace the text [Organization Name] with the name of your organization and click the Modify button to update it 3. Press Ctrl a on the keyboard (if using a Mac, this is Command a) to select all text in the document (or use Select, Select All on the ribbon) 4. Press F9 on the keyboard to update all fields. If using a Mac, right-click (if enabled) or Control-click and select Update Field 4. 5. When prompted, choose the option to just update TOC page numbers If you wish to permanently convert the fields in this document to text i.e. so that they are no longer updateable, then you will need to click into each occurrence of the field and press Ctrl Shift F9. If you would like to make all fields in the document visible, then go to File > Options > Advanced > Show document content > Field shading and set this to “Always”. This can be useful to check that you have updated all fields correctly. Further detail on the above procedure can be found in the Toolkit Completion Instructions within the Implementation Resources folder.
Copyright notice Except for any third party works included in this document, as identified in this document, this document has been authored by CertiKit, and is © copyright CertiKit except as stated below. CertiKit Limited is a company registered in England and Wales with company number 6432088.
Licence terms This document is licensed on and subject to the standard licence terms of CertiKit, available on request, or by download from our website. All other rights are reserved. Unless you have purchased this product you only have an evaluation licence. If this product was purchased, a full licence is granted to the person identified as the licensee in the relevant purchase order. The standard licence terms include special terms relating to any third-party copyright included in this document.
Disclaimer Please Note: Your use of and reliance on this document template is at your sole risk. Document templates are intended to be used as a starting point only from which you will create your own document and to which you will apply all reasonable quality checks before use. Therefore, please note that it is your responsibility to
EMS-FORM-09-4
Page 3 of 14
ensure that the content of any document you create that is based on our templates is correct and appropriate for your needs and complies with relevant laws in your country. You should take all reasonable and proper legal and other professional advice before using this document. CertiKit makes no claims, promises, or guarantees about the accuracy, completeness, or adequacy of our document templates, assumes no duty of care to any person with respect its document templates or their contents, and expressly excludes and disclaims liability for any cost, expense, loss or damage suffered or incurred in reliance on our document templates, or in expectation of our document templates meeting your needs, including (without limitation) as a result of misstatements, errors and omissions in their contents.
EMS-FORM-09-4
Page 4 of 14
[Replace with your logo]
ISO14001 Internal Audit Checklist
Audit: Auditor(s):
Recommended Questions
Audit Scope: Date of Audit:
Audit Findings
4. Context of the Organization 4.1 Understanding the organization and its context 1. What are the internal and external issues that are relevant to the organization’s purpose and to the EMS? 2. How do they affect its ability to achieve its intended outcomes? 3. What does the organization do and (in broad terms) how might errors and nonconformities affect its activities and the environment? 4. What is the purpose of the EMS? 4.2 Understanding the needs and expectations of interested parties
EMS-FORM-09-4
Page 5 of 14
Evidence Reviewed
Recommended Questions
Audit Findings
1. Who are the interested parties? 2. What are their requirements? 3. How have their requirements been established? 4. What are the main legal and regulatory requirements that the organization must meet (i.e. compliance obligations)? 5. How is the understanding of these requirements kept up to date? 4.3 Determining the scope of the environmental management system 1. 2. 3. 4.
What is the scope of the EMS? How is it defined? Are any exclusions explained? Does it consider the relevant issues and requirements, including compliance obligations? 5. Is the scope documented? 6. How is it made available to interested parties? 4.4 Environmental management system 1. How established is the EMS? 2. How long has it been running for? 3. How much evidence has been collected so far, e.g. records? 4. What are the processes of the EMS?
EMS-FORM-09-4
Page 6 of 14
Evidence Reviewed
Recommended Questions
Audit Findings
5. How are the processes documented? 6. How much detail is given for each process?
5. Leadership 5.1 Leadership and commitment 1. Who is defined as top management within the scope of the EMS? 2. How does top management demonstrate leadership and commitment, in practical terms? 3. How well is the EMS integrated into the business? 4. Are the resources provided for the EMS adequate? 5.2 Environmental policy 1. Can I review the environmental policy? 2. Is it appropriate and does it cover the required areas? 3. How are environmental objectives set? 4. Does it include the required commitments? 5. How has it been communicated and distributed and if so, to whom? 6. When was it last reviewed?
EMS-FORM-09-4
Page 7 of 14
Evidence Reviewed
Recommended Questions
Audit Findings
5.3 Organizational roles, responsibilities and authorities 1. What are the roles within the EMS? 2. Does everyone understand what their responsibilities and authorities are? 3. Who has the responsibility and authority for conformance and reporting?
6. Planning 6.1 Actions to address risks and opportunities 1. What are the main risks to the EMS? 2. What actions are or have been taken to address them? 3. How effective have these actions been? 4. What potential emergency situations have been identified? 5. What opportunities are there? 6. Have the environmental aspects of the organization’s activities, products and services been adequately identified? 7. Which aspects are judged to have a significant real or potential environmental impact? 8. What criteria is used to decide whether an aspect is significant? 9. What are the main compliance obligations that apply to the organization? 10. How are these determined and
EMS-FORM-09-4
Page 8 of 14
Evidence Reviewed
Recommended Questions
Audit Findings
documented? 11. Is there a plan to address the areas required? 6.2 Environmental objectives and planning to achieve them 1. Are there documented environmental objectives? 2. Do the objectives comply with section 6.2.1 a) to e)? 3. Is there a plan to achieve the objectives? 4. Does the plan include the who, what, when and how?
7. Support 7.1 Resources 1. How are the resources needed for the EMS determined? 2. Are the required resources provided? 3. What external resources are used? 7.2 Competence 1. Have the necessary competences been determined? 2. How has the competence of the people involved in the EMS been established? 3. What actions have been identified to EMS-FORM-09-4
Page 9 of 14
Evidence Reviewed
Recommended Questions
Audit Findings
acquire the necessary competence? 4. Have they been completed and is there evidence of this? 7.3 Awareness 1. What approach has been taken to providing awareness of the environmental policy, contribution to the EMS and implications of not conforming? 2. Has everyone been covered? 7.4 Communication 1. How has the need for communication been established? 2. What regular methods are used for internal communication? 3. What external communication takes place, and how? 7.5 Documented information 1. Is all of the documented information required by the standard in place? 2. Is the level of other documentation reasonable for the size of EMS? 3. Are appropriate documentation standards in place, e.g. identification, format?
EMS-FORM-09-4
Page 10 of 14
Evidence Reviewed
Recommended Questions
Audit Findings
4. Are the standards applied in a uniform way? 5. Are appropriate controls in place to address the activities listed in 7.5.3? 6. How are documents of external origin handled? 7. How is the documentation protected?
8. Operation 8.1 Operational planning and control 1. What processes are used to meet EMS requirements? 2. Can you give me an example of the operating criteria and controls for a process? 3. What planned changes have taken place recently and how were they controlled from an environmental viewpoint? 4. What processes are outsourced? 5. How are they controlled? 6. How are environmental requirements addressed in product or service design and development? 7. During procurement and use of external providers, how are environmental requirements communicated? 8.2 Emergency preparedness and response
EMS-FORM-09-4
Page 11 of 14
Evidence Reviewed
Recommended Questions
Audit Findings
1. Which potential emergency situations are there plans for? 2. Describe one plan as an example. 3. How often are plans tested? 4. When was the most recent real incident, and what happened?
9. Performance Evaluation 9.1 Monitoring, measurement, analysis and evaluation 1. How is it determined what should be monitored and measured? 2. May I review evidence of monitoring and measurement? 3. How are results reported? 4. What have been the recent conclusions from analysis of monitoring and measurement information? 5. What information is required to be communicated as part of compliance obligations? 6. When was compliance last evaluated and what were the results? 9.2 Internal audit 1. How often are internal audits carried out? 2. Who carries them out? EMS-FORM-09-4
Page 12 of 14
Evidence Reviewed
Recommended Questions
Audit Findings
3. Are the auditors objective and impartial? 4. May I review the most recent internal audit report? 5. Have any nonconformities resulting from previous audits been addressed? 6. Does the audit programme cover the complete scope of the EMS? 9.3 Management review 1. How often are management reviews carried out? 2. Who attends them? 3. Are they minuted? 4. Are all areas in 9.3 a) to g) covered at management reviews? 5. May I review the results of the most recent one? 6. What outputs resulted from it? 7. Does the management review represent a reasonable assessment of the health of the EMS?
10. Improvement 10.1 General 1. How are opportunities for improvement identified? 2. What improvement actions have been EMS-FORM-09-4
Page 13 of 14
Evidence Reviewed
Recommended Questions
Audit Findings
completed recently? 3. What effect have these improvements had on the EMS? 10.2 Nonconformity and corrective action 1. How are nonconformities identified? 2. How are they recorded? 3. May I review the records of a recent nonconformity? 4. Was appropriate action taken to correct it and address the underlying causes? 5. Was the effectiveness of the corrective action reviewed? 10.3 Continual improvement 1. What evidence of continual improvement can be demonstrated? 2. What are the main sources of improvements?
EMS-FORM-09-4
Page 14 of 14
Evidence Reviewed