Environmental audit is a general term that can reflect various types of evaluations intended to identify environmental compliance and management system implementation gaps, along with related corrective actions. In this way they perform an analogous (similar) function to financial audits. There are generally two different types of environmental audits: compliance audits and management systems audits. Compliance audits tend to be the primary type in the US or within US-based multinationals.
Environmental compliance audits
As the name implies, these audits are intended to review the site's/company's legal compliance status in an operational context. Compliance audits generally begin with determining the applicable compliance requirements against which the operations will be assessed. This tends to include federal regulations, state regulations, permits and local ordinances/codes. In some cases, it may also include requirements within legal settlements.
Compliance audits may be multimedia or programmatic. Multimedia audits involve identifying and auditing all environmental media (air, water, waste, etc.) that apply to the operation/company. Programmatic audits (which may also be called thematic or media-specific) are limited in scope to pre-identified regulatory areas, such as air.
Audits are also focused on operational aspects of a company/site, rather than the contamination status of the real property. Assessments, studies.
ISO 14001 is a voluntary international standard for environmental management systems ("EMS"). ISO 14001:2004 provides the requirements for an EMS and ISO 14004 gives general EMS guidelines. An EMS meeting the requirements of ISO 14001:2004 is a management tool enabling an organization of any size or type to:
- Identify and control the environmental impact of its activities, products or services;
- Improve its environmental performance continually, and
- Implement a systematic approach to setting environmental objectives and targets, to achieving these and to demonstrating that they have been achieved.
Organizations implementing ISO 14001 usually seek to obtain certification by independent Certification Bodies. Certification indicates that the documentation, implementation and effectiveness of the EMS conform to the specific requirements of ISO 14001. This standard is currently being updated to include elements of including a lifecycle perspective and including top management anongst other changes. The draft (DIS) standard ISODIS 14001:2014 is currently the draft standard applicable until the ISO 14001:2015 standard is finalised and published.
In 2002, the ISO organization also published ISO 19011, the standard for auditing quality and environmental management systems (ISO 19011:2002), which was used for internal audits and certification audits of EMS until it was updated in 2011. The 2011 version on ISO 19011 restricts its use in first and second part audits, while third part audits (certification audits) are now covered in ISO/IEC 17021.
A common misconception is that ISO 14001 certification automatically implies legal compliance. Certification under ISO 14001 does not directly reflect compliance with any legal requirements, although ISO 14001 demands the organization to evaluate its compliance with legal requirements. If there is no compliance with some legal requirement, ISO 14001 requires that the organization sets specific targets related to the non-compliance(s) and establishes, implements and maintains programmes to achieve compliance. Therefore it is possible that, at the time of audit, the organization fulfils the requirements of ISO 14001, yet there are one or more non-compliances with specific requirements, which are identified and which the organization actively works to correct. Specific guidance on this subject is provided by the European co-operation for Accreditation.
Audit tools and technology
The term "protocol" means the checklist used by environmental auditors as the guide for conducting the audit activities. There is no standard protocol, either in form or content. Typically, companies develop their own protocols to meet their specific compliance requirements and management systems. Audit firms frequently develop general protocols that can be applied to a broad range of companies/operations.
Current technology supports many versions of computer-based protocols that attempt to simplify the audit process by converting regulatory requirements into questions with "yes", "no" and "not applicable" check boxes. Many companies and auditors find these useful and there are several such protocol systems commercially available. Other auditors (typically those with many years of environmental auditing experience) use the regulations/permits directly as protocols. There is a long standing debate among environmental audit professionals on the value of large, highly detailed and prescriptive protocols (i.e., that can, in theory, be completed by an auditor with little or no technical experience) versus more flexible protocols that rely on the expertise and knowledge of experienced auditors and source documents (regulations, permits, etc.) directly. However usage of structured and prescriptive protocols in ISO 14001 audits allows easier review by other parties, either internal to the Certification Body (e.g. technical reviewers and certification managers) or external (accreditation bodies).
In the US, permits for air emissions, wastewater discharges and other operational aspects, many times establish the primary legal compliance standards for companies. In these cases, auditing only to the regulations is inadequate. However, as these permits are site specific, standard protocols are not commercially available that reflect every permit condition for every company/site. Therefore, permit holders and the auditors they hire must identify the permit requirements and determine the most effective way to audit against those requirements.
During the past 20 years, advances in technology have had major impacts on auditing. Laptop computers, portable printers, CD/DVDs, the internet, email and wireless internet access have all been used to improve audits, increase/improve auditor access to regulatory information and create audit reports on-site. At one point in the 1990s, one major company invested significant resources in testing "video audits" where the auditor (located at the corporate headquarters) used real-time video conferencing technology to direct staff at a site to carry live video cameras to specific areas of the plant. While initially promising, this technology/concept did not prove acceptable. An emerging technology in environmental auditing is the use of tablet computers.
Related types of assessments
Phase I Environmental Site Assessment ("ESA") are generally done in relation to mergers, acquisitions or financing activities. The intent of ESAs is to identify potential sources/existence of property contamination for purposes of clean up costs/liability under US law. ESA's rarely contain a compliance audit component and should not be confused with audits.
Environmental auditing in India
The Supreme Audit Institution (SAI) in India is headed by the Comptroller and Auditor General (CAG) of India who is a constitutional authority. The CAG of India derives his mandate from Articles 148 to 151 of the Indian Constitution. The CAG’s (Duties, Powers and Conditions of Service) Act, 1971 prescribes functions, duties and powers of the CAG. While fulfilling his constitutional obligations, the CAG examines various aspects of government expenditure and revenues. The audit conducted by CAG is broadly classified into Financial, Compliance and Performance Audit. Environmental audit by SAI India is conducted within the broad framework of compliance and performance audit.
- BS EN ISO 14001: "Environmental management systems. Requirements with guidance for use" (2004)
- BS EN ISO 14004: "Environmental management systems. General guidelines on principles, systems and support techniques" (2010)
- "Environmental management".
- Environmental management
- BS EN ISO 19011: "Guidelines for auditing management systems" (2011)
- BS EN ISO/IEC 17021: "Conformity assessment. Requirements for bodies providing audit and certification of management systems" (2011)
- EA-7/04: "Legal Compliance as a part of Accredited ISO 14001:2004 certification", European co-operation for Accreditation (2010).
- Working Group on Environmental Auditing (WGEA), under the International Organization of Supreme Audit Institutions (INTOSAI)
- Environmental Auditor
- Environmental Auditors Registration Association, Regional Institute of Environmental Technology
- The Institute of Environmental Management And Assessment (UK) - now maintains the Environmental Auditors Register of the erstwhile EARA