Environmental management auditing demands a fundamentally different skill set than quality or safety auditing. ISO 14001 auditors must understand the relationship between environmental aspects and impacts—a causal link that many auditors struggle with in their first few audits. This distinction matters because an organisation might identify an aspect correctly but fail to understand why it actually matters to the environment, which leads to ineffective control strategies and missed audit findings. Getting this right during an audit separates competent environmental auditors from those who simply tick boxes.
On this page
Understanding Environmental Aspects and Impacts
An environmental aspect is any element of an organisation's activities, products, or services that can interact with the environment. An environmental impact is the change to the environment that results from that aspect. The relationship is cause and effect: the aspect is what your organisation does or produces, and the impact is what happens to the environment as a result.
Consider a manufacturing facility that uses solvent based cleaners. The use of volatile organic compounds is the aspect. The potential impact includes air pollution from emissions, soil contamination if spills occur, and water pollution if waste enters waterways. Many auditors stop at identifying the aspect and assume that naming it constitutes proper environmental management. In reality, you need to audit whether the organisation understands the actual pathway from activity to environmental consequence, and whether controls target the impact, not just the aspect.
Another common example: an office produces waste paper. The aspect is paper consumption and waste generation. But what is the actual impact? If the paper goes to a landfill, the impact includes methane emissions and resource consumption. If it gets recycled, the impact profile changes entirely—the organisation might actually have a positive environmental outcome. During an audit, you need to verify that the organisation has thought through this distinction. Simply having a waste bin does not constitute impact assessment.
Build your ISO auditing skills
Self-paced ISO courses built for practitioners. Foundation, Internal Auditor and Lead Auditor levels.
Browse coursesHow Auditors Identify and Verify Aspects
During an ISO 14001 audit, you will verify how the organisation identified its environmental aspects. The standard requires that organisations determine the aspects associated with their activities, products, and services, considering the lifecycle perspective. This means you cannot audit effectively unless you understand what the organisation actually does.
Start your aspect identification during the planning phase. Walk the facility. Observe operations. Ask questions about raw materials, energy use, waste streams, water consumption, emissions to air, discharges to water, and noise. Look at supply chains and product distribution. For service organisations, understand the energy footprint of operations, fuel consumption for transport, and waste from office activities. The organisation should have already done this work through their environmental aspects and impacts register, but your job is to verify completeness and accuracy.
In practice, many organisations miss obvious aspects during their initial identification. A transport company might identify fuel consumption as an aspect but overlook lubricant disposal, tyre waste, and wastewater from vehicle washing. A printing business might focus on ink and paper but miss the solvents used in cleaning equipment. During your audit, you should test whether the organisation's aspect identification is comprehensive by asking about specific operational areas and challenging any gaps you observe.
Request and review the environmental aspects and impacts register. This document should list each identified aspect, the associated impact, and the lifecycle stage where it occurs. For each entry, you should be able to trace a clear causal link. If the register simply lists "waste" with an impact of "environmental harm," that is too vague. Better entries read: "disposal of used hydraulic fluid" with impacts of "soil contamination, groundwater pollution, and ecosystem damage if not handled properly." The level of detail in this register reflects the organisation's environmental awareness.
One audit technique that works well: select five random aspects from the register and ask operational staff to describe what they understand about that aspect and its environmental consequence. If staff cannot articulate the link, the organisation has identified aspects without building awareness of why they matter. This is a significant finding because Clause 5.1 of ISO 14001 requires that the organisation establish, implement, and maintain environmental policies and objectives that are relevant to the aspects and impacts. Without understanding the impacts, objectives will be poorly targeted.
Assessing Significance of Environmental Impacts
Not all environmental aspects and impacts carry equal weight. ISO 14001 requires organisations to determine which aspects and impacts are significant. This is where auditing becomes genuinely technical. You need to verify that the organisation has applied a rational, defensible methodology to prioritise its environmental work.
Significance assessment typically considers criteria such as severity of the environmental impact, probability of the impact occurring, scale of the impact, regulatory requirements, and stakeholder concerns. Some organisations use a simple scoring matrix where aspects are plotted against these criteria and rated as low, medium, or high significance. Others apply more sophisticated lifecycle assessment approaches, particularly in manufacturing sectors. Your audit should verify that the methodology is documented, applied consistently, and reviewed periodically.
During the audit, challenge the significance decisions you observe. If an organisation has identified pesticide use for grounds maintenance but rated it as low significance, ask why. The environmental impact of pesticides—toxicity to aquatic life, persistence in soil, bioaccumulation in food chains—is inherently significant in most contexts, regardless of the volume used. If the organisation has applied a weighting that downplays this impact, you should raise a finding. Conversely, if an organisation has identified noise from a carpark as medium or high significance in a rural area away from sensitive receptors, that might not be defensible either.
A subtle but important audit point: the organisation's significance assessment must align with regulatory requirements. If environmental legislation in your jurisdiction restricts emissions of a particular substance, that substance cannot be rated as low significance even if the organisation's internal scoring would suggest that. Regulatory context overrides internal scoring. Verify that the organisation is aware of applicable environmental legislation, and that its significance assessment reflects legal obligations.
Control and Operational Management of Significant Aspects
Once significant aspects and impacts are identified, the organisation must establish controls and operational procedures. This is where the audit shifts from assessment to verification of effectiveness. You need to check whether controls actually prevent or minimise environmental impacts, or whether they exist on paper only.
Controls typically fall into several categories: elimination (stopping the activity altogether), substitution (replacing a harmful substance or process with a less harmful alternative), engineering controls (physical infrastructure that prevents impact), administrative controls (procedures and documentation), and personal protective equipment. Auditors should understand that this hierarchy exists, and that higher order controls (elimination and substitution) are preferable to lower order controls (PPE). If an organisation can only prevent environmental harm through PPE, that is a weaker control strategy than finding a less toxic substance to use instead.
For each significant aspect, trace the control pathway. Start with the documented procedure or work instruction. Verify that it includes environmental safeguards. Then observe the work being performed, or gather evidence that it is performed in accordance with the procedure. Interview the personnel doing the work to confirm they understand why the controls exist. Many auditors make the mistake of reviewing procedures without verifying actual practice. In environmental auditing, this gap can be critical. A procedure for spill response is worthless if the organisation has never stocked the spill kit or trained staff in its use.
Energy consumption is a common significant aspect for most organisations. ISO 14001 internal auditors should verify that the organisation has measured baseline energy consumption, identified energy inefficiencies, and implemented improvements. This might include LED lighting upgrades, HVAC system improvements, or compressed air system audits. The audit evidence should include energy bills, monitoring records, and records of completed improvement projects. If the organisation identifies energy as a significant aspect but has no energy monitoring system and no improvement initiatives, that is a gap.
Operational Planning and Change Management
ISO 14001 requires organisations to plan operations in a way that controls identified aspects and impacts. This includes emergency preparedness and response capabilities. Auditors need to verify that operational planning is comprehensive and that changes to operations do not create unintended environmental consequences.
Review the organisation's operational planning documents. These might include production schedules, maintenance plans, procurement specifications, or facility management procedures. Look for evidence that environmental aspects have been considered during planning. For example, if the organisation is planning to upgrade manufacturing equipment, the audit should verify that the procurement process included environmental criteria. If the organisation has planned preventive maintenance for pollution control equipment (such as air filters, water treatment systems, or waste containment structures), that demonstrates environmental integration into operations.
Change management is a critical area. Ask about recent changes to products, processes, materials sourcing, or suppliers. For each change, verify that the organisation assessed potential new environmental aspects and impacts. A common scenario: an organisation switches to a cheaper material supplier. If environmental criteria were not applied to this supplier selection, there may now be uncontrolled environmental aspects. Perhaps the new supplier uses more packaging waste, or sources materials from environmentally sensitive regions, or manufactures using high waste processes. Your audit should verify that supplier selection includes environmental assessment, and that existing suppliers are periodically re evaluated on environmental performance.
Preparation for certification audits should therefore include a review of all operational changes made since the system was established or last audited. If significant changes have occurred without documented environmental assessment, that is a finding worth raising.
Emergency Preparedness and Response
Every ISO 14001 system must include procedures for potential environmental emergencies. These procedures must be documented, regularly tested, and staff must be trained in their application. Auditing this element requires practical verification, not just documentation review.
Start by identifying what environmental emergencies are reasonably foreseeable for the organisation. For a petrol station, this includes fuel spills. For a chemical distributor, it includes containment of leaking drums and vapour release. For an office, it might be limited to accidental discharge of cleaning chemicals. The emergency procedures should address identified scenarios with appropriate response actions.
Request emergency response procedures and review them for completeness. They should include: clear reporting chains and emergency contact details, immediate containment actions (such as spill kits), notification of relevant authorities where required by law, and recovery and clean up procedures. The procedure should assign clear responsibility, not merely state that "someone will" respond.
Ask when emergency procedures were last tested. If the procedures have never been tested, or were tested years ago, note this as a finding. The standard requires that organisations periodically test their ability to respond. A table top drill (discussing how the organisation would respond) is acceptable, but actual practical exercises are more valuable. Verify that training records show staff have been trained in the emergency procedure relevant to their work area. A manufacturing employee should know where the spill kit is, how to use it, and when to call emergency services. If that employee cannot articulate this during an interview, the training is inadequate.
Monitoring, Measurement, and Environmental Performance
ISO 14001 requires organisations to monitor and measure the characteristics of their operations that relate to environmental aspects and impacts. This is where auditors assess whether the organisation has genuine insight into its environmental performance, or whether controls are implemented blindly without verification that they work.
The organisation should have monitoring and measurement procedures for each significant aspect. Common examples include: energy consumption monitoring (through utility bills or metered data), water usage monitoring, waste volume monitoring, emissions monitoring (either through direct testing or calculation based on activity), and noise level monitoring. The monitoring should be proportionate to the significance of the aspect. A small office might simply monitor monthly energy bills for trends. A manufacturing facility with significant air emissions should conduct regular stack testing and maintain calibrated monitoring equipment.
During the audit, review monitoring records. Plot the data over time to assess trends. Is energy consumption trending downward because of conservation efforts, or is it stable? Is waste generation increasing faster than production volume, suggesting inefficient processes? Are there unexplained variations that might indicate control failures? Ask the organisation whether it analyses monitoring data and what actions result from that analysis. If data is collected but never reviewed, it is meaningless.
One advanced audit question: has the organisation set environmental targets based on monitoring data? ISO 14001 requires environmental objectives and targets. These should be based on the organisation's environmental aspects, impacts, and monitoring data, not just aspirational wishes. An organisation that shows year on year energy reductions might set a target of 10 percent improvement over three years. An organisation that has benchmarked its waste against industry peers might set a target to reach best practice performance. Targets should be specific, measurable, and time bound. Vague aspirations such as "reduce our environmental impact" are not adequate objectives.
Evaluating Management of Legal Compliance
Environmental regulation is complex and jurisdiction specific. Auditors must verify that organisations understand and comply with applicable environmental laws and regulations. This is foundational to an effective ISO 14001 system, because the standard requires that environmental objectives be "relevant to the aspects and impacts and the compliance obligations."
Begin by asking the organisation to provide a list of applicable environmental legislation and regulations. For Australian organisations, this typically includes national environmental legislation such as the Environment Protection and Biodiversity Conservation Act, state based environmental protection acts, local council regulations, and industry specific rules. The organisation's list should be comprehensive and current.
Test the organisation's knowledge by selecting three significant aspects and asking what regulations apply. An organisation handling hazardous waste should be able to articulate that the Environment Protection and Biodiversity Conservation Act and state waste management regulations apply, and should be able to describe key requirements such as waste classification, transport documentation, and disposal at licensed facilities. If the organisation cannot readily answer this question, it suggests incomplete legal compliance management.
Review how the organisation stays informed of regulatory changes. Environmental law changes periodically, and organisations must have a mechanism to identify new or amended requirements. Some organisations subscribe to legal tracking services. Others assign responsibility to a specific person or department to monitor regulatory updates. Verify that this mechanism exists and that new regulatory requirements are actually assessed and incorporated into the management system.
One audit technique that is often overlooked: check the organisation's compliance history. Have there been environmental notices, prosecutions, or regulatory actions? If the organisation has received environmental breaches or warnings, verify that corrective actions have been genuinely implemented. If the same violation occurs repeatedly, the management system is not effective.
Auditing Communications and Environmental Competence
The effectiveness of any environmental management system depends on whether people throughout the organisation understand their environmental responsibilities. Auditors should assess both internal and external environmental communications, and verify that the organisation is building environmental competence across its workforce.
ISO 14001 requires documented information about the environmental policy, environmental aspects and impacts, environmental objectives and targets, and roles and responsibilities. Beyond these formal documents, verify that the organisation communicates environmental matters regularly. Look for toolbox talks, team briefings, newsletters, or intranet content addressing environmental topics. Has the organisation communicated the results of environmental monitoring? Has it celebrated improvements or learned from environmental incidents?
Interview staff at various levels. Ask a warehouse operative what environmental aspects exist in their work area, what controls they must follow, and why those controls matter. Ask a manager how environmental performance is measured in their business unit and what targets exist. The quality of these conversations reflects the depth of environmental integration. If staff seem surprised by the questions or cannot articulate basic environmental information, the communication system is ineffective.
Competence is equally important. The standard requires that the organisation ensure that anyone performing work relevant to environmental aspects has appropriate competence. This includes training and experience. Verify that the organisation has identified roles that have environmental competence requirements, and that people in those roles have received appropriate training. A laboratory technician running environmental testing must be trained and perhaps certified. A driver transporting hazardous materials must be trained in hazardous goods transport. An operator of pollution control equipment must understand its function and maintenance. Check training records and verify that refresher training occurs at appropriate intervals.
Internal Audit and Management Review of Environmental Performance
As an auditor, you should verify that the organisation conducts its own internal audits of the environmental management system and that management review occurs to assess system effectiveness. Internal audit programme planning for ISO 14001 should be risk based and cover all significant environmental aspects and key system elements.
Request the organisation's internal audit schedule and audit reports. Verify that the schedule covers all significant aspects and that audits occur at intervals reflecting risk. An aspect with potential for major environmental impact should be audited more frequently than an aspect with lower consequence. Review internal audit reports to assess whether auditors are asking penetrating questions or merely checking compliance with procedures. The best internal audits identify improvement opportunities and test the effectiveness of controls, not just verify documentation exists.
Management review records should show that senior management receives environmental performance data, considers the adequacy of the environmental management system, and decides on actions for improvement. Common outputs of management review include decisions to increase environmental monitoring, modify objectives based on performance data, approve capital investment in environmental improvements, or address systemic compliance gaps. If management review meets but produces no meaningful decisions, it is not effective.
Special Considerations for Supply Chain and Contractor Management
Organisations cannot manage their environmental impacts in isolation. Suppliers, contractors, and outsourced service providers contribute to the organisation's overall environmental footprint. Auditors should assess how well the organisation manages environmental aspects in its supply chain.
Review procurement procedures and supplier management policies. Do supplier selection criteria include environmental performance? Are suppliers assessed against environmental criteria such as certifications, compliance history, or demonstrated management practices? For significant outsourced operations (such as waste management, transportation, or manufacturing services), verify that contracts include environmental performance requirements and that supplier compliance is monitored.
A practical example: if an organisation outsources waste management to a contractor, the audit should verify that the contract specifies waste disposal routes (licensed landfill, recycling facility, hazardous waste facility), that performance is monitored (such as through waste data), and that the contractor is held accountable if waste is disposed of inappropriately. If the organisation simply drops off waste and assumes the contractor handles it correctly, this represents a control gap.
Similarly, assess contractor management for organisations that engage contractors for services on site. Construction contractors, maintenance contractors, and cleaning contractors should understand and comply with the host organisation's environmental controls. Verify that induction and toolbox talks ensure contractors understand environmental requirements, that supervision occurs to verify compliance, and that audit data is gathered on contractor environmental performance.
Supplier audits can provide deeper assurance of environmental management in the supply chain, particularly for critical suppliers or outsourced processes with significant environmental risk.
Corrective Action and Continuous Improvement
Environmental auditing is not merely about identifying whether an organisation complies with its own system. Effective auditors assess whether the organisation identifies and addresses shortcomings, and whether this drives genuine improvement in environmental performance.
When an audit (whether internal or external) identifies a nonconformity related to environmental management, the corrective action should address the root cause and prevent recurrence. Review recent audit findings and corrective actions taken. Was a corrective action simply replacing a damaged spill kit, or did it address the systemic reason the kit was damaged? If the root cause was that the kit was stored in an accessible location where it could be moved, was the solution to relocate it to a secure storage area? More fundamentally, are there patterns in audit findings that suggest systemic issues needing broader corrective action?
Beyond corrective action, assess whether the organisation proactively improves environmental performance. This might include: capital investment in cleaner equipment or processes, voluntary adoption of environmental standards beyond legal requirements, participation in industry environmental programmes, or engagement with environmental not for profit organisations. These initiatives demonstrate that the organisation views environmental management as a driver of business improvement, not merely a compliance obligation.
Audit Workshop offers accredited ISO training across ISO 9001, ISO 14001, and ISO 45001 at Foundation, Internal Auditor, and Lead Auditor levels. Our courses are Exemplar Global recognised and designed for professionals who want both standard knowledge and practical audit skills.
