Auditing

In a sense the audit is a test of whether an organisation is operating ‘by the book’. If the auditor is relying on their expertise and experience to judge the environmental performance of an organisation, then the exercise is more accurately described as an assessment.

For an audit to be effective, the criteria that are being audited must be chosen carefully. Many large companies, particularly in the United States have developed their own environmental audit criteria. An organisation operating an externally recognised environmental management system such as EMAS or ISO14001 will undergo a structured audit process. The results of a satisfactory audit should be readily recognised outside the company as an indicator of sound environmental management

Environmental audits can be classified into four main types:

Regulatory compliance audits

The purpose of the compliance audit is to establish whether an organisation is operating within the limits laid down by the relevant laws. It mirrors the kind of inspection that an officer of the Environment Agency or local Environmental Health Department might undertake.

The compliance audit will demonstrate whether the organisation is operating within the law at the time of the audit. It is a ‘snapshot’ in time providing neither evidence of past transgressions, nor assurance for future compliance.

Environmental performance audits

Environmental performance audits assess the organisation's current position on:

• legislative and regulatory compliance;
• environmental aspects of activities, products and services; and
• environmental management practices and procedures.

The audit may be carried out on an organisation prior to establishing an environmental management system to help prioritise areas of action or may be carried out on third parties to establish the probity of contractors or suppliers.

Environmental management system audits

Audits of environmental management systems are a more sophisticated tool for assessing the performance of an organisation. The existence of some kind of documented management system is a pre-requisite of the audit. The areas covered by such an audit include:

• suitability and implementation of environmental policy;
• identification of legislative requirements;
• identification of environmental aspects and impacts;
• determination of significant aspects;
• setting and achievement of relevant objectives and targets ;
• responsibilities, training needs and communications;
• control of documentation;
• effectiveness of control procedures and emergency preparedness;
• monitoring, auditing and corrective action; and
• environmental reviews.

Total environmental risk

The ‘total environmental risk’ or ‘green’ audit combines elements of all three of the above types to give an overview of past, present and future environmental performance. Such an audit could be carried out by external consultants.

This covers all the activities and liabilities directly associated with the organisation, and includes an examination of the organisation’s broader impact on the environment. This might encompass the assessment of the total environmental impact of the organisation’s products from ‘cradle to grave’. Life cycle assessment would, therefore, be a major component of a total environmental risk audit.

1st party audit

A 1st party audit is an audit using internal teams. It is a key element of a management system as it provides the mechanism to confirm compliance with legislation and standards.

2nd party audit

2nd party or external audits take place where a company audits a supplier or is audited by a customer.

3rd party or independent audit

Independent audits, or third party audits, take place when an auditor who is independent from the organisation being audited carries out the audit. Independence is a crucial element as this should ensure that an objective, unbiased audit will be carried out.

Third party audits are an important feature of auditing for certification to ISO 14001 and verification for EMAS. In this case, the auditor or audit team will have considerable experience of the type of activity being audited and in environmental auditing.

An audit programme and procedures should cover:

• the responsibilities associated with managing and conducting audits;
• how audits will be conducted;
• the activities and areas to be covered in audits;
• the communication of audit findings;
• auditor competence; and
• the frequency of audits.

When planning for an environmental audit, a company should consider:

• determining the need for and the objective of the audit;
• selecting the lead auditor or auditing organisation and if appropriate, approve the composition of the audit team;
• providing appropriate authority and resources to conduct the audit;
• determining the scope of the audit;
• receiving the audit report; and
• determining, if applicable, what follow‑up action is to be taken.

How often a company or organisation needs to be audited will depend on the potential environmental impacts of its activities. For new and higher risk operations, a shorter audit frequency should be applied. For example:

Audit frequency in relation to complexity, risk and experience of control

It is possible to audit the whole of an organisation (especially a small organisation) in one go. Larger and more complex organisations may make the process of auditing more manageable by using a rolling programme. This is permitted under ISO14001 and EMAS.

The following table shows just some of the issues which might be included in an internal (first party) audit programme:

Sample environmental (first party) audit programme

In the cycle of environmental management audit is followed by review.