John Nolan The internal audit is one of the most vital elements of an ISO 14001-certified EMS (Environmental Management System) in ensuring that processes are effective and being followed, and therefore delivering continual improvement. With so much importance placed on the internal audit process and so many details that need to be captured, it therefore makes sense to approach your audit program with some sort of methodical plan to ensure that your organization derives maximum benefit from your internal audit function. So, what is the best way to go about this?
Internal audit plan – Why?
It is likely that your organization will decide on the frequency of your internal audit cycle at its management review, normally held on an annual basis. It is possible at this time that your organization may decide on the topics for your internal audit, although that may change during the year as a response to any incidents or accidents, or as outputs from risk assessment and risk-based discussions emerge. However, there is always the danger that an internal audit can be less effective than hoped because of lack of planning – whether lack of resources, the correct process owner being unavailable, or badly recorded or insufficient details. Therefore, it makes sense to put some sort of plan in place when looking at the year ahead to ensure your internal audit function is planned, organized, and has the maximum benefit to your organization. To learn more about internal audits in general, you can see the previous article Internal audits in the EMS: 5 main steps, and this can help you understand how to perform the audit itself, but what detail do we need to consider to help us make the most effective audit plan possible?
Internal audit plan – What should it consist of?
To ensure we capture all the vital components of the internal audit, what should your organization think of when creating an audit plan? Let us examine in more detail:
- Strategic purpose of the audit plan – It is wise to think of your organization’s overall purpose in forming an audit plan before you begin, to ensure it is in some way measureable from an internal point of view. For example, is it part of the plan that you hope to set out topics and frequencies for internal audit, or is this done in the management review? Is this plan being created to ensure that the internal audit itself is effective and meets the conditions of the ISO 14001 standard in terms of checking processes and delivering continual improvement? The audit plan should capture all these elements, plus ensure that your audits themselves deliver continual improvement.
- Responsibilities within the audit plan – This can be one of the key uses of your audit plan. Do you have a suitably trained team of personnel to ensure that your internal audits are effective? Can you use the plan to ensure that all chosen employees are available on the given days and not on vacation or involved in other projects? Do the employees that you select understand the goals of the audit plan and the internal audit itself? Are the employees you select aware of the ISO 14001:2015 standard accordingly to ensure that the internal audit can be executed effectively?
- Format of the audit plan – Undoubtedly, your organization will have documentation or forms on how to carry out the internal audit and record supporting information. Is this sufficient? Does the level of information recorded vary depending on the auditor? Given that the quality of any corrective action can vary depending on the information noted – tasks audited, employees interviewed, evidence seen, and so on – it may be wise to use your internal audit plan to clarify and ensure that this supporting information is recorded to an extent and in such a way that it helps improve the quality of output from the audit itself. It is also wise to remember that whatever format you choose, it is recommended that you record the details of your plan electronically, as this is useful as supporting information to the output of your internal audit itself, and record these on your EMS for reference.
- Review and output – Think of the internal audit plan and its details as an extension of your internal audit process itself. It is wise to review and measure the effectiveness of such a process, as with any element related to the “Plan, Do, Check, Act” cycle within the ISO standards. Is the internal audit plan making your audit process more effective, more organized, more detailed than before? Does the detail recorded on your audit plan help to identify root causes more clearly and allow corrective actions to be more effective? If the answer is “no,” then you may need to review, change the details, and then try again.
Internal audits and planning – The common theme
The effectiveness of your internal audits themselves can be greatly improved by the level of planning your organization does around them. Having the correct people auditing the correct processes and employees at the correct time and in the correct place, with a very accurate level of detail resulting, can give your organization an excellent view of how effective that particular process is.
When this level of detail is not present, then gaps can easily appear that may not otherwise be evident. This undoubtedly creates danger for your organization when certification and surveillance audits come around, but just as importantly, can cost your organization money on a daily basis through inefficiency and poor performance. Your internal audit is critical to your organization’s performance and well-being – plan it well, and you will see the benefit.
Why not use our free online ISO 14001:2015 Internal Auditor course to improve your knowledge of the internal audit function?
