Section 9.2 of ISO 14001 defines the requirements for your internal audit process AND section 9.1.2 requires the periodic evaluation of compliance obligations. Both activities MUST be performed by competent personnel, and the competency requirements are DIFFERENT for both activities.
Competency for conducting internal audits can be based on many things – 1) work experience, 2) external training, 3) internal training, etc. Competency for evaluating compliance with regulatory requirements requires a working knowledge of regulations and how they apply to the industry being audited. So yes, an auditor can be competent in both performance management system audits (conformance) and regulatory audits (compliance).
Both conformance audits and compliance audits are both trying to verify that requirements are being met. A single audit can be performed that is designed to evaluate both management system requirements and regulatory requirements. There is some efficiency in doing these assessments together and this can save time and costs.
It is very important that your audit documentation clearly demonstrates that you have evaluated both the conformance and regulatory requirements. This starts with good notes and a comprehensive reporting format. You also need to provide documentation of the competency of the selected auditor.
So, the answer is YES you can do an internal audit and evaluation of compliance at the same time. You can reduce the costs by up to 30% by performing these activities at the same time. If you have any questions how this could be applied at your location, please contact us James.Charles@iso14001-training.com.
