Ecesis EHS Software

ISO 14001
Internal Audit

Internal audits are the EMS self-check mechanism — the systematic process for verifying that the management system conforms to both the ISO 14001:2015 standard and the organization’s own requirements, and that it is effectively implemented and maintained. Clause 9.2 requires a planned, documented audit program that covers the entire EMS at appropriate intervals.

Clause 9.2.1: General Requirements

Organizations must conduct internal audits at planned intervals to provide information on whether the EMS conforms to the organization’s own requirements for its EMS, conforms to the requirements of ISO 14001:2015, and is effectively implemented and maintained.

Clause 9.2.2: Internal Audit Program

The audit program must define audit frequency, methods, responsibilities, planning requirements, and reporting. It must take into account the environmental importance of the processes concerned, changes affecting the organization, and results of previous audits. Organizations must select auditors who ensure objectivity and impartiality, and ensure results are reported to relevant management.

Audit Program Planning Factors

  • Risk-based scheduling: Higher-risk processes and significant environmental aspects audited more frequently
  • Process importance: Areas with direct compliance obligations prioritized
  • Change impact: Recently changed processes targeted for early audit
  • Historical performance: Areas with previous nonconformities given additional attention
  • Full coverage: All EMS elements covered over the audit cycle

Auditor Requirements

Auditors must be competent (see Clause 7.2) and must not audit their own work to ensure objectivity. Training in ISO 19011 (Guidelines for auditing management systems) is widely recommended. Auditor competency includes knowledge of ISO 14001:2015 requirements, auditing techniques, the organization’s processes, and applicable environmental regulations.

The Audit Process

  1. Planning: Define scope, criteria, schedule, and team
  2. Preparation: Review documented information, prepare checklists
  3. Execution: Conduct opening meeting, gather evidence through interviews, observation, and document review
  4. Reporting: Document findings, classify nonconformities, identify observations
  5. Follow-up: Verify corrective actions are implemented and effective

Common Pitfalls

  • Audit program not risk-based, resulting in inadequate coverage of high-risk areas
  • Auditors lacking independence or competence
  • Superficial audits that check documents without verifying implementation
  • Audit findings not driving meaningful corrective action
  • Conducting audits only before external surveillance visits
How Ecesis ISO 14001 Software Helps: Ecesis manages the complete audit lifecycle with program scheduling, checklist templates, finding documentation, corrective action tracking, auditor qualification records, and trend analysis across audit cycles. Learn more about our ISO 14001 software →
Related Resources
ISO 14001 Implementation Guide ISO 14001 Software Benefits of ISO 14001 ISO 14001 Implementation Steps Nonconformity Management Review Documented Information

What Is Ecesis?

Ecesis is a leading EHS Software Solution that has been helping companies around the world reach their EHS goals since 1993.

Get in Touch

1499 West 120th Avenue
Suite 110
Westminster, CO 80234
(720) 547-5102 (866) 733-6912 Click To Email Us

Connect With Us

EHS Software on LinkedIn EHS Software on Facebook EHS Blog

Copyright © 2026 EnviroData Solutions, Inc.

Terms of Use    Privacy Statement    Cookies