Internal Audit vs. Evaluation of Compliance

I am, often, asked by experienced Environmental Managers and Auditors; What is the difference between Internal audit and the Evaluation of Compliance requirements under ISO 14001:2004.

This article is designed to outline the similarities and differences between Internal audit and the Evaluation of Compliance.

Internal Audit
An internal audit (Clause 4.5.5 of ISO 14001:2004) is designed to determine whether the environmental management system conforms to planned arrangements for environmental management including the requirements of ISO 14001:2004 and that it has been properly implemented and is maintained.

The three inputs to this process are the requirements of ISO 14001:2004, the planned arrangements and the actual situation. These inputs into the internal audit provide for an outcome of a Finding with two variations: conformity and non-conformity. Whilst we all recognise that some organisations prefer to use other categories or designations for non-conformities, such as major non-conformity, minor non-conformity and observations, none-the-less there are only two outcomes.

Often conformity does not get its due recognition as non-conformity is a highly emotive word that gets everyone’s attention from the Chief Executive downwards.

A simple model for this process is:

Internal Audit Process

Evaluation of Compliance:
An evaluation of compliance (Clause 4.5.2 of ISO 14001:2004) follows a similar process to internal audit but is distinct as one of the inputs is not the management system requirements but the legal or other requirements. The other input, being, the evidence of its actual performance with respect to these legal or other requirements, whether these are facts and figures derived from monitoring and measurement or other formal or evidence, such as the results of internal audit or photographs of the waste skips.

The outcome from the evaluation process will be the Compliance Status, which can either compliance or non-compliance with the legal or other requirements.

A simple model for this process looks similar to that for internal audit:

A typical example of the evaluation of compliance, the inputs might be the analytical data from the monitoring of air emission (Actual Situation) evaluated with respect to the permitted levels within the environmental permit (Legal Requirements).

I trust that this article has provided a good grounding in the similarities and differences between Internal Audit and the Evaluation of Compliance & welcome any feedback or comments.

Later in 2015, I will run a series of articles on the evaluation of compliance using the model discussed in this post with the illustration of the principles using a practical and easy to understand example.

Share this article on Social Media:

Leave a Reply