The ISO 14001:2015 standard does NOT define specific internal auditor competency requirements (See 9.2 Internal Audit) and ISO 14001 7.2 simply says that an internal auditor shall be competent based on their training, education, and experience.
ISO 19011:2018 Guideline for Auditing Management Systems – does include information on auditor competency. However, this is not specific to Internal Auditors, and these are guidelines not requirements under ISO 14001.
ISO 19011 Guideline for Auditing Management Systems is NOT specific to Internal Audits but auditing in general. ISO 19011 guidelines as it would apply to internal auditing would include competency in the following areas:
- Audit principles, procedures and methods – this would include training in audit planning, collecting audit evidence, collecting evidence, appropriate ways to sample evidence, how to determine and document conformance and nonconformance, and documentation of audit results.
- Management system and reference documents – this would basically require training and a working knowledge of the ISO 14001 standard and environmental concepts included. So understanding environmental aspects/impacts, how to identify risks & opportunities, ways to measure environmental impacts and establish EMS metrics, and how operational controls are established and audited.
- Organizational context – an internal audit will gain this competency though experience working with the organization being audited and the industry in general. Many organizations would on select an auditor with a minimum of 1 year working for the company. This would also include some on-the-job training and overview the all company EMS documents.
- Applicable legal and contractual requirements and other requirements that apply to the auditee – an Internal auditor needs only a very limited competency in this area. Most legal and other requirements with be defined within the EMS processes and procedures and an internal auditor only needs to audit to these requirements.
When auditing an ISO 14001 Environmental Management System (EMS) there are two basic types of audits:
- EMS System Audits
- EMS Operational Control Audits
EMS System Audits
These are audits where an organization is auditing their processes and procedures required by the ISO 14001 standard. When auditing these processes and procedures the auditor needs to have an understanding of the ISO 14001 standard and environmental concepts. Examples would be:
- Process for the identification of aspects and determining significant aspects
- Process for identification of risks and opportunities
- Process for corrective action
- Process for monitoring & measure EMS performance & effectiveness
Basically, some competency in all the areas defined by ISO 19011. Most internal EMS system auditors will go through some type of auditing course:
- 2- or 3-day Internal Auditor Training
- 5-day Lead Auditor Class
However, the competency in these areas may be gained at different times and using different standards.
Example: An auditor may learn the auditing process and auditing skills by taking a 2-day ISO 9001 Internal auditor class and ISO 14001 standard through a 1-day ISO 14001 course. Collectively this auditor would be qualified to conduct internal ISO 14001 audits.
EMS Operations Control Audits
These are basic audits where only a specific and select set of requirements are audited. This may include Recycling, Hazardous Waste, Universal Waste, Waste Water Operations, Air Emission Controls, etc.. Auditor may be trained in these specific processed and procedures and then task with auditing these controls. Many times, these types of audits are completed in Layered Process Audits and they do require the auditors to have a detailed understanding of the ISO requirements.
Experience (OJT)
Once an auditor is trained, they need to work with an experienced auditor to see how their training applies to actual auditing of their organization. The auditor needs to understand the organizations auditing process and tools to document the audit. It is recommended that an auditor go through a minimum of 3 audits with an experienced auditor. Many organizations choose to have audits performance by teams of 2 auditors. This can be very helpful since most auditors may only complete 1 to 3 audits per years and each auditor can being a different perspective to each audit.
Documenting Auditor Competency
When documenting auditor competency, the following should be considered:
- How long has auditor worked for the organization and in the same industry.
- What training was received in auditing process and auditing skills.
- What training was received in the ISO 14001 standard and environmental concepts
- How was the auditor trained in the organizations specific EMS processes and procedures
Most sites that we audit do not documented all of these areas very well. Most will hand you an Internal Auditor Training Certificate and think they are done.
EHS-MS has developed a form to help organizations better document auditor competency. To get a free copy of our ISO 14001 Auditor Competency Form – simply CLICK HERE to request a copy.