Articles and Presentations Library
Auditing ISO 14001 (4.5.2) Evaluation of Compliance
Several months of first-hand experience of auditing EMS’s to the new version of ISO 14001 has led to some interesting thoughts and conclusions. The first is that many companies with an existing EMS are simply not carrying out an evaluation of their compliance to legal requirements. The second is that where this is being conducted, the activity is currently ineffective in answering the question of compliance in a direct and clear manner.
It is understandable that organizations with an EMS feel uneasy about declaring their level of compliance with legislation but the inclusion of this requirement as a separate element of ISO 14001:2004 provides an excellent opportunity for the EMS auditor to assess the real commitment that is raised within all environmental policies on this very topic.
During one recent audit, the company in question had simply not conducted the assessment and excused themselves by declaring that the register of legislation provided the necessary information. Another company actually did what appeared to be an effective evaluation which included their assessment of compliance with the Water Industry Act 1991 for their discharge to sewer. However, on closer scrutiny the tabular document did not actually state whether or not the consent conditions (BOD, COD, Suspended solids etc) had been met but stated that Environmental Procedure 13 addressed the monitoring activities undertaken. Close scrutiny of their discharge monitoring results revealed that a number of readings for one parameter or another were exceeded at some time or other in the last six months. Putting that into words hurts, but as an auditor I expect clarity and visibility in this area and current EMS’s are simply not delivering the goods!
Some companies confuse the requirement of 4.3.2 – Identifying and accessing legal requirements, and 4.5.2 – Evaluation of compliance. It is important that the EMS auditor does not do likewise, but the two activities could be satisfactorily linked as demonstrated by another recent EMS audit in which the organization in question used a simple 3-column table to identify the law, relate the requirements to company activities, and to state the degree of compliance in each respective column. By re-evaluating this document every 6 months it was clear that the legal requirements were understood and areas of non-compliance could be identified and reported in the corrective action database.
The linkage between policy requirement, identification of legal requirement, operational control activities designed to achieve compliance and finally the assessment of compliance should be well understood by all EMS auditors. At best, failure to do so may hinder the process of continual improvement. At worst, the company may end up in court as a result of a serious legal compliance problem that could have been averted through the correct application of element 4.5.2 of ISO 14001:2004.
John Marsden (FIEMA)
info@marsden-international.com
John is an independent management system auditor who works for a number of international certification bodies.
