An environmental audit is a type of evaluation intended to identify environmental compliance and management system implementation gaps, along with related corrective actions. In this way they perform an analogous (similar) function to financial audits. There are generally two different types of environmental audits: compliance audits and management systems audits. Compliance audits tend to be the primary type in the US or within US-based multinationals.
Compliance obligations can be considered as applicable laws and regulations. Environmental compliance audits are intended to review the site's/company's legal compliance status in an operational context. Compliance audits generally begin with determining the applicable legal compliance requirements against which the operations will be assessed. This tends to include federal regulations, state regulations, permits and local ordinances/codes. In some cases, it may also include requirements within legal settlements.
Compliance audits may be multimedia or programmatic. Multimedia audits involve identifying and auditing all environmental media (air, water, waste, etc.) that apply to the operation/company. Programmatic audits (which may also be called thematic or media-specific) are limited in scope to pre-identified regulatory areas, such as air. Audits are focused on environmental aspects and environmental impacts of a company/site, rather than the contamination status of the real property.
See main article: ISO 14000.
ISO 14001[1] is a voluntary international standard for environmental management systems ("EMS"). ISO 14001 provides the requirements for an EMS and ISO 14004[2] gives general EMS guidelines.[3] An EMS meeting the requirements of ISO 14001 is a management tool enabling an organization of any size or type to:
Organizations implementing ISO 14001 usually seek to obtain certification by independent Certification Bodies. Certification indicates that the documentation, implementation and effectiveness of the EMS conform to the specific requirements of ISO 14001. The ISO 14000 family of international standards has been updated to include ISO 14044 Life cycle assessment and top management amongst other changes.
In 2002, the ISO organization also published ISO 19011, the international standard for auditing quality and environmental management systems, which is used for internal audits and certification audits of EMS.[4] The 2011 version on ISO 19011 restricts its use in first and second part audits, while third part audits (certification audits) are now covered in ISO/IEC 17021.[5]
ISO provide many examples where Environmental Management Standards are used in support of other public policies.[6] A common misconception is that ISO 14001 certification automatically implies legal compliance. Certification under ISO 14001 does not directly reflect compliance with any legal requirements or regulations, although ISO 14001 demands the organization to evaluate its compliance with legal requirements. If there is no compliance with some legal requirement, ISO 14001 requires that the organization sets specific targets related to the non-compliance(s) and establishes, implements and maintains programmes to achieve compliance. Therefore, it is possible that, at the time of audit, the organization fulfils the requirements of ISO 14001, yet there are one or more non-compliances with specific requirements, which are identified and which the organization actively works to correct. Specific guidance on this subject is provided by the European co-operation for Accreditation.[7]
See main article: Technical Standard.
There is a proliferation of private standards supporting environmental audits associated with certification and labeling claims. These private standards address various environmental aspects which include net-zero claims, carbon footprint, eco-labeling and sustainablemanagement of forests. It is important to note differences in the standards setting organizations that develop these standards[8] and the concerns raised with harmonisation and the multistakeholder governance of private standards.[9] [10]
The term "protocol" means the checklist used by environmental auditors as the guide for conducting the audit activities. There is no standard protocol, either in form or content. Typically, companies develop their own protocols to meet their specific compliance requirements and management systems. Audit firms frequently develop general protocols that can be applied to a broad range of companies/operations.
Current technology supports many versions of computer-based protocols that attempt to simplify the audit process by converting regulatory requirements into questions with "yes", "no" and "not applicable" check boxes. Many companies and auditors find these useful and there are several such protocol systems commercially available. Other auditors (typically those with many years of environmental auditing experience) use the regulations/permits directly as protocols. There is a long-standing debate among environmental audit professionals on the value of large, highly detailed and prescriptive protocols (i.e., that can, in theory, be completed by an auditor with little or no technical experience) versus more flexible protocols that rely on the expertise and knowledge of experienced auditors and source documents (regulations, permits, etc.) directly. However usage of structured and prescriptive protocols in ISO 14001 audits allows easier review by other parties, either internal to the Certification Body (e.g. technical reviewers and certification managers) or external (accreditation bodies).
In the US, permits for air emissions, wastewater discharges and other operational aspects, many times establish the primary legal compliance standards for companies. In these cases, auditing only to the regulations is inadequate. However, as these permits are site specific, standard protocols are not commercially available that reflect every permit condition for every company/site. Therefore, permit holders and the auditors they hire must identify the permit requirements and determine the most effective way to audit against those requirements. During the past 20 years, advances in Information and communications technology (ICT) have had major impacts on auditing. Laptop computers, portable printers, CD/DVDs, the internet, email and wireless internet access have all been used to improve audits, increase/improve auditor access to regulatory information and create audit reports on-site. At one point in the 1990s, one major company invested significant resources in testing "video audits" where the auditor (located at the corporate headquarters) used real-time video conferencing technology to direct staff at a site to carry live video cameras to specific areas of the plant. While initially promising, this technology/concept did not prove acceptable. An emerging technology in environmental auditing is the use of Satellite imagery and Geographic Information Systems.[11]
Phase I Environmental Site Assessment ("ESA") are generally done in relation to mergers, acquisitions or financing activities. The intent of ESAs is to identify potential sources/existence of property contamination for purposes of clean up costs/liability under US law. ESA's rarely contain a compliance audit component and should not be confused with audits.
The Supreme Audit Institution (SAI) in India is headed by the Comptroller and Auditor General (CAG) of India who is a constitutional authority. The CAG of India derives his mandate from Articles 148 to 151 of the Indian Constitution. The CAG's (Duties, Powers and Conditions of Service) Act, 1971 prescribes functions, duties and powers of the CAG. While fulfilling his constitutional obligations, the CAG examines various aspects of government expenditure and revenues.The audit conducted by CAG is broadly classified into Financial, Compliance and Performance Audit. Environmental audit by SAI India is conducted within the broad framework of compliance and performance audit.