6 Steps to Prepare for a Certification Audit
ISO14001 Certification audits can send shivers down the spine of even the most experienced EMS representatives. These audits are a deep dive into the EMS as a whole and require adequate planning and preparation to ensure a smooth audit process, but also a productive, value-adding exercise.
Understanding Audits and Certification Audits
An audit is defined by the ISO14001:2015 standard as a “systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.”
Audit evidence refers to “records, statements of fact or other information which are relevant to the audit criteria and are verifiable”
Audit criteria are the “set of policies, procedures or requirements used as a reference against which audit evidence is compared.”
Requirements are “needs or expectations that are stated, generally implied or obligatory.”
For an EMS, this means that the criteria against which the system will be audited are those stipulated within the ISO14001:2015 standard. However, because an EMS also encompasses compliance obligations (legal and other requirements), the evaluation of compliance will also be questioned within this process.
When does audit preparation begin?
In a well-managed EMS, audit preparation is an ongoing outcome of planning and execution throughout the establishment, implementation, maintenance, and improvement of the system.
Through every iteration of the EMS, it’s important to take into consideration what an auditor would potentially request when looking at not only the ISO14001 Standard, but also at the internal processes, procedures, and policies which support the EMS for evidentiary purposes.
The reviewing and updating of processes and procedures is an opportune moment to reflect on what the organization says it is doing in in respect to what is being done. Any discrepancy between these may result in an unwanted audit finding.
Planning to achieve compliance (to the ISO14001 standard and compliance obligations) should cover all steps in the process. For example, surface water monitoring needs to be conducted every month. Evidence or records for this will include the field notes, the results, laboratory certificates, reports, management reviews, etc. All of these evidentiary requirements should be actioned and assigned to a responsible person, with due dates. Preferably in an action tracker.
6 Steps to Prepare for a Certification Audit
1. Set up an ISO14001 Audit Checklist
In preparation for a certification audit, it’s best to assume that all the clauses of the standard will be reviewed for the audit. The easiest way in which to check your system against the standard is to set up a checklist.
This checklist should contain a list of all the clauses within the standard, a question addressing the clause, evidence to support the compliance, and whether the organization is compliant or has a non-conformance.
Don’t forget to add in previous findings. These findings may have already been closed out and action plans accepted by previous auditors but will be checked by the current auditors.
2. Determining Compliance with the Checklist
How far in advance your organization will determine compliance with your internal checklist will determine the amount of time the organization has to address any non-conformances.
With each step of the clause, it is important to note down evidence that supports the claim of compliance. This includes procedure names, records, where to find the records, screenshots and recordings of software used, etc.
If you come across a nonconformance along the way, use your organizations’ nonconformance process to record and correct the nonconformance. This may require the updating of processes, policies, procedures, etc. It would be best practice to have the nonconformance closed out before the certification audit, but this is not always possible. A robust corrective action plan must then be in place and signed off by relevant parties.
3. Collecting and Collating Audit Evidence
Auditors require evidence to show compliance with requirements. While determining compliance with the checklist, and noting down evidence, collect and collate the evidence. This could be adding in links to the internal checklist, coping over or syncing files to a separate hard drive or cloud folder, updating the hardcopy filing system or a combination of the above. How you collate evidence is entirely up to your organization.
However, it is always useful to have an “offline” backup of the documentation needed. You never know when the power will go out, or the internet will be cut off, or a printer decides it is not going to print.
4. Raising Audit Awareness
In my experience, it’s good practice to remind the organization as a whole as to what is expected during a certification audit. This means raising awareness on what the auditors will do, who they will talk to, questions they are likely to ask, evidence they will ask to see, within the various sections, areas, and levels of the organization.
Using similar auditing techniques during the internal audits that have been scheduled according to your organization’s audit program will go a long way in preparing the employees for an audit.
Keep in mind that different sections or areas may be asked different questions. The significant aspects of one section may vary considerably to another section.
5. Booking and Scheduling the Audit
This is an important factor in audit preparation. Your organization will most likely have a contract in place with the auditing company, the rest is a matter of logistics. Specific auditors may not yet ben assigned, but the auditing company should be able to settle on the dates the audit will occur well in advance.
Once you have the dates, book and schedule the audit within all relevant person’s diaries and calendars. If there are personnel changes, don’t forget to update the newcomers to the audits occurring as well.
Don’t forget to book boardrooms, office space, transport, refreshments or equipment for the audit. The length of a certification audit can vary from 1 to 2 weeks in total, having a little corner dedicated to the auditors will make the process more comfortable.
When the auditing company has finalised auditors, dates, and times the schedules and bookings can be refined.
6. The Week Before the Audit
By this time only the last preparations need to be put into place. You and your organization should be feeling confident in what will occur during the audit.
Take this final week to reconfirm bookings and schedules. This includes finalising transport arrangements, inductions and safety briefings, catering, and who will be present during the audit.
This is also the week to make sure the final audit evidence has been gathered, attendance registers are prepared, and that the office or boardroom space is ready for for the auditors
As with every clause in the ISO14001, planning, preparation, and execution are key to having a productive, value-adding auditing experience.