9.2 Internal Audit [ISO 14001 Procedure Template]

What is an Environmental Internal Audit?

An environmental internal audit is the method used to check business operations of EMS data. Organizations must establish an internal audit programme (including all requirements of the ISO 14001 standard) and conduct internal audits at planned intervals.

Internal environmental audits help to maintain momentum towards achieving objectives. Functional integration of the environmental management system audit requirements is often evident when Top management are involved with internal audits and when they ensure corrective action is implemented.

While reviewing the internal audit programme, auditors should ensure that consideration is given to the importance of the processes concerned, changes within the organization, and the results of previous audits.


Why Perform Audits?

In the 2004 version of ISO 14001, the purpose of internal audit was to determine whether the EMS is conforming to requirements and is effectively implemented and maintained. In the 2015 version of ISO 14001, the purpose of the internal audit is to provide enough information as to whether this is the case, while the determination of conformance is undertaken during management review.

The internal audit will help ensure you address the necessary requirements. It stands as a reference point before, during and after the audit process and used correctly will provide the following benefits:

  1. Ensures the audit is conducted systematically
  2. Promotes audit planning
  3. Actively supports your organization’s internal audit process
  4. Provides a repository for notes collected during the audit
  5. Ensures uniformity in the performance of different auditors
  6. Provides reference to objective evidence

Foreman checklist document

Management system audits focus on the system as a whole and compares planning activities and broad system requirements, across several functional groups, with the desired outcomes in order to evaluate the effectiveness of the system and to identify any systematic opportunities for improvement.

9.2.2 Internal Audit Programme

A key part of checking compliance with both environmental management system operational procedures and the requirements of ISO 14001:2015 is via an internal audit programme that details the frequency and general focus of each internal audit.

Periodic internal auditing is undertaken to ensure effective operation. The frequency and sequence of internal audits must be documented in the audit programme (ISO 14001:2015 Clause 9.2.2), showing which areas and processes are to be audited, including the date and time, and the auditor(s) involved.

The frequency of the internal audit programme must be based on the significance of environmental aspects, e.g., risk as highlighted in previous audits and be related to the rate of progress with which the aspects are being addressed.

The Environment and Sustainability Manager (Management Representative) should consult the Environmental Aspect Register to identify areas of high risk (e.g., the most significant environmental aspects); and the areas where the organisation has failed to meet legal requirements in the past.

While preparing and reviewing the internal audit programme you should ensure that consideration is given to the importance of the processes concerned, any changes within the organization, and the results of previous internal audits and any corrective action details prepared as a result of previous reviews or audits.

Principles of Auditing

Auditing relies on a number of principles whose intent is to make the audit become an effective and reliable tool that supports your company’s management policies and procedures whilst providing suitable objective information that your company can act upon to continually improve its performance.

The principles of internal auditing are contained in ISO 19011:2018 - Guidelines for auditing management systems. This is an international standard that provides guidance on auditing management systems, including:

  • The principles of auditing
  • Managing an audit programme
  • Conducting management system audits
  • Guidance on the evaluation of competence of individuals involved in the audit process, including those managing the audit programme, auditors and audit teams

It is applicable to all organizations that need to plan and conduct internal or external audits of management systems or manage an audit programme.

Adherence to the following principles are considered to be a prerequisite for ensuring that the conclusions derived from the audit are accurate, objective and sufficient. It also allows auditors working independently from one another to reach similar conclusions when auditing in similar circumstances.

Principles relating to the Conduct of Internal Auditors

  • Ethical conduct — trust, integrity, confidentiality and discretion are essential to auditing
  • Fair presentation — audit findings, conclusions and reports accurately reflect the audit activities
  • Professional care — auditors exercise care in accordance with the importance of the task they perform
  • Independence — auditors must be independent of the activity being audited and be objective
  • Evidence-based approach — evidence must be verifiable and based on samples of information

Audit Methodology - Process Approach

The adoption of the ‘process approach’ is mandated by ISO 14001:2015 and is one of the most important concepts relating to environmental management systems.

Process auditing is about auditing your organization’s processes and their interactions, which together comprise the environmental management system.

The process approach is one of the core management principles, which is defined as a ‘consistent and predictable results are achieved more effectively and efficiently when activities are understood and managed as interrelated processes that function as a coherent system’.

The Process Audit

The process audit provides assurance that the processes have been implemented as planned and provides information on the ability of the process to produce a conforming output.

Done properly, a process audit is much more than verification that processes are being followed. Although preparation can take a day or two, actual audit time is about two hours per shift.

Identify and Record Inputs & Outputs

Effective process auditing requires the auditor to identify and record audit trails that will make a difference to your organization. The audit should begin with the process owner in order to understand how the process interacts with the other process inputs, outputs, suppliers and/or customers.

The auditor should be able to determine whether the outputs are complete and that process measurements demonstrate whether all of the outputs are consistently fit for purpose and are efficiently managed. Do the customers agree with the outputs and the measures?

Preparing for the Audit

Before the audit, prepare thoroughly! Spending an hour or three in preparation will make you a better auditor and you will be much more effective during the audit. Auditors should not skip this step as it provides much needed value to the audit. Taking the time to prepare and organize actually saves time during the audit.

Using an Internal Audit Checklist

Internal audit checklists are a type of sample questionnaire that you can customize for use in guiding the work of your internal audit team.

A well-designed internal audit with suitable audit checklists should take between 20 and 40 minutes to complete. However, the process may take between two and three hours the first time each audit is carried out

The EMS audit checklist may be used as a guide for audit planning and acts objective evidence; documented information of the effective implementation of the audit programme, as well as the results of internal audits.

The internal audit checklists can comprise tables of the certifiable ‘shall’ requirements, from Section 4.0 to Section 10.0 of ISO 14001:2015, where each requirement is phrased as a question. The audit checklist can be used for implementation audits and compliance audits.

You can also create separate process audit checklists by selecting the clauses from the checklist that are relevant to the process or area being audited and ‘copy and paste’ the audit questions into a new audit checklist.

audit report

Documented Information

Gather together all the relevant documented information that relates to the process you will be auditing.

Look at process metrics, work instructions, turtle diagrams, process maps and flowcharts, environmental policies and programmes, previous site environmental reviews or audit reports, corrective actions, analysis of environmental aspects, relevant legislation, overview of permits/licences, consents, records of emission data, and management review reports; etc.

Review this documented thoroughly and highlight the aspects that you plan to audit. Using the documented information in this way ensures they become audit records.

Your organization’s documented information may not cover all of the requirements that may be relevant to the process. If certain information is not available, it may become your first audit finding, not bad for the preaudit review! Certain information and linkages should be audited. Some are required and some are simply good audit practice. Putting these sections into a worksheet format gives auditors a guide to follow, to ensure the relevant links are audited.

Environmental Internal Audit Process

  1. Review Documented Information
    1. Previous Audit Findings
    2. Environmental Aspect Register
    3. Complaints and Corrective Actions
    4. Process Inputs and Outputs
    5. Relevant ISO 14001 clauses
  2. Review Process Criteria, Metrics and Objectives
  3. Review Staff Competencies
  4. Review the Process
  5. Review the Findings
  6. Prepare the Audit Report

As you moved through the audit, you should have noted the issues and opportunities for improvements you saw. These should have been marked clearly so you are now able to quickly review and capture them as you write the report.

These findings and conclusions should be formally documented as part of the summary report.

Too often, the audit report only recites back facts and data the managers already know. The value is in identifying issues and opportunities they do not know!

This summary should be reviewed first with the lead auditor, then the Process Owner and Management Team. Make final revisions and file the audit report and all supporting audit materials and notes.

Internal Audit Report

The Environment and Sustainability Manager (Management Representative) is responsible for communicating the results of the internal audit to senior management.

An internal audit report is essential to ensure that the results of the internal audit are communicated effectively. A good summary report is the output which is the value of the audit. It deserves an appropriate amount of attention and effort.

The Audit Team Leader will normally prepare the internal audit report, which summarizes the audit scope, identifies the audit’s objectives, a description of the areas that have been audited and who was involved with the audit, describes sources of evidence used, and summarizes the audit results.

The summarized internal audit results included in the report normally consist of:

  • The quantity and type of nonconformities
  • Any corrective actions agreed
  • Any other areas of observed potential risk
  • An outline of any opportunities for improvement

The Environment and Sustainability Manager (Management Representative) is responsible for communicating the audit results to responsible area, or to functional management, ensuring the audit report is signed off by the relevant manager, and is responsible for ensuring the availability of completed and signed audit reports for management review.

All internal audit reports should be retained for at least two years from the date of audit completion.

Legislation Audits

At least once per year, an audit should be conducted on the scope and applicability of the register of applicable legal and compliance obligations in order to verify continued compliance, by taking a sample and seeking objective evidence that the legislation is current and is being complied with.

Samples of legislation can be noted and the register brought up to date as required. The samples taken should be selected on current risks ensuring that the whole register is audited at least once in each 3-year period.


Certification Audit

This is the audit that is done before you are given a certification in ISO 14001. It is the last milestone before achieving the ultimate goal of becoming certified. They are typically completed in two separate parts.

  1. The desk-top study is a warm-up and feeling out process to ensure that you are ready to move onto the second part of the audit. During this initial assessment, the certification body will advise you of any omissions it has identified. If it is decided that you have succeeded in reaching the requirements to move on, then the second phase will commence.
  2. The second part of the audit is done on location and represents the final stage in the certification process. A site visit will be requested by the certification body, and is performed in via interviews, observation, and document reviews in order to confirm that documented procedures are actually used in practice and that the requirements of the standard are met. Any nonconformities to the requirements that are found will be recorded by the certification body who will set a date by which any necessary corrective action must be carried out.

It should be noted that these types of audits are usually only conducted every three years; this is something to keep in mind when planning to schedule routine internal audits and to prepare for your ISO 14001 recertification.

Retaining ISO 14001 Certification

Retaining certification to ISO 14001 involves demonstrating that the EMS is being properly maintained. This involves routine surveillance visits by the certification body.

Related Information You Might Find Useful

Next ISO 14001 Clause

Each ISO 14001 Clause Explained

Updated: 26th February 2022
Author: Richard Keen

Richard Keen

Richard Keen

Richard is our Compliance Director, responsible for content & product development.
But most importantly he is ISO's biggest fanboy and a true evangelist of the standards.
Learn more about Richard

ISO Checklist

Don’t Try to Manage It All Alone!


Our ISO Auditors and Quality Manager Trainers have been in this industry for years, and since 2002 we’ve been providing thousands of small businesses and large corporations with the tools they need to get certified.

Instead of trying to create everything you need to follow this process from scratch, use ours. We have procedures, templates, checklists, process maps, forms and gap analysis tools to help your documentation without missing a single input or output.

Before you invest all the hours reinventing the wheel, before you spend countless dollars outsourcing the task — try our templates.

EMS Internal Audit Documentation Package

Everything you need to perform an internal audit for ISO 14001:2015.

Procedures - view sample

Checklist - view sample


Reports & Forms

  • Audit Results Summary
  • Internal Audit Report - view sample
  • Internal Audit Feedback
  • Non-conformity & Corrective Action Report
  • EMS NC & Corrective Action Tracker

Process Maps

  • Process Audit Template
  • Control of Internal Audits Process Activity Map
  • Internal Audit Process Map - view sample
  • Control of nonconformity & Corrective Action Process Activity Map
  • Nonconformity & Corrective Action Process Map


  • Internal Audit Guidance
  • EMS Management System Guidance - view sample

The documents are used together as a cohesive system or available seperately below.

ISO 14001:2015

$149 USD

add to cart

EMS Control of Internal Audits Procedure - view sample

The purpose of this procedure is to define your organization’s process for undertaking EMS audits, process audits, and supplier and legislation audits in order to assess the effectiveness of the application of our environmental management system and its compliance to ISO 14001:2015.

This procedure also defines the responsibilities for planning and conducting audits, reporting results and retaining associated records. Includes:

  • Control of Internal Audits Process Activity Map
  • Audit Report - view sample
  • Audit Feedback Form
  • Internal Audit Process Map - view sample

ISO 14001:2015

$19 USD add to cart

EMS Internal Audit Checklist - view sample

Use this audit checklist to determine the extent to which your quality management system conforms to ISO 14001 requirements by determining whether those requirements have been effectively implemented and maintained. This template will help you to assess the state of your existing management system and identify process weakness to allow a targeted approach to prioritizing corrective action.

Master Internal Audit Checklist - view sample

This audit checklist comprises tables of the certifiable (‘shall’) requirements, from Section 4.0 to Section 10.0 of ISO 14001:2015, each required is phrased as a question.

  • 186 Audit Questions
  • MS Excel
  • Context of the Organization
  • Leadership
  • Planning
  • Support
  • Operation
  • Performance Evaluation
  • Improvement

The answers will automatically populate and update the Audit Results Summary and charts.

Audit Results Summary

  • Automated Charts - view sample
  • Compliance Summary
  • Top 10 Root-causes
  • Nonconformity Breakdown by Clause
  • Recommendations
  • OFIs by Section

Process Audit Template

Requires the auditor review the inputs, risks, controls, activities, equipment, materials, personnel, and methods of measurement for each process.

ISO 14001:2015

$79 USD add to cart

Pay by Credit Card, Debit Card, PayPal or Apple Pay.
Credit card, PayPal or ApplePay

money back guarantee

We are 100% confident in the quality and contents of our products. Used by thousands of organizations around the world, our templates have been sold online since 2002.

Please read our Money Back Guarantee.


Are The Templates Suitable For You?

Bought by Small Businesses and Large Corporations our templates have been sold online and CD since 2002.

Used by:

The Templates are used by first-timers following our step-by-step, clause-by-clause guidance documents; and experienced Quality Managers wishing to streamline and improve their existing documentation.

The application of our templates is scalable and generic; regardless of the size and type of organization. The elements that form the environmental management system are the same.


Five Reasons To Choose Our Templates

1. Our customizable templates save you time and money by offering a streamlined process to create your quality documentation

2. They’ve got everything you need in one simple template

3. Proven to work our templates have helped thousands of businesses big and small achieve certification

4. Documents use styles to make reformatting and rebranding a breeze

5. Our templates are generalizable for any industry or sector. The application of our templates is scalable and generic; regardless of the size and type of organization.


FAQs About Our Templates

Ask Us a Question

More Information


ISO 9001 Client images