Conducting Internal Audits for ISO 14001 Environmental Management
ISO 14001 Clause 9.2
Independent internal checks that confirm the management system is working as intended.
ISO 14001 Clause 9.2 - Internal Audit
ISO 14001:2026 Clause 9.2 requires the organisation to conduct internal audits at planned intervals to provide information on whether the environmental management system conforms to the organisation's own requirements and the requirements of ISO 14001:2026, and is effectively implemented and maintained. The clause has two parts: 9.2.1 covering the general requirement and 9.2.2 covering the audit programme and individual audits.
Internal audit is the organisation's own check on whether the EMS is working. It feeds the management review at Clause 9.3, drives nonconformity and corrective action at Clause 10.2, and provides confidence that the system is fit for external certification audit. Done well, it is a genuine improvement tool. Done as a tick-box exercise, it adds cost without adding value.
What Has Changed in ISO 14001:2026
The 2026 edition tightens the requirement on audit objectives. Previously the standard required a programme to be defined that took into account environmental importance and the results of previous audits. The 2026 edition adds that audit objectives, criteria and scope must be defined for each individual audit, not just for the audit programme as a whole.
This is a small change in wording but a meaningful one in practice. Before, an audit programme could state generic objectives that applied to every audit. Now each individual audit needs its own clear statement of what the audit is trying to achieve, what it will be evaluated against, and what it will cover. The change is intended to make audits more focused and the results more useful.
The Audit Programme
The audit programme covers the planning, establishment, implementation and maintenance of internal audits across the EMS. The programme takes into account:
- the environmental importance of the processes concerned;
- changes affecting the organisation;
- the results of previous audits.
A typical programme covers the full scope of the EMS over a defined cycle - often one to three years. Higher-risk processes may be audited annually; lower-risk ones less frequently. The programme is reviewed and updated as conditions change - a new site, a new product line, an environmental incident, a new compliance obligation can all trigger additional audits or changes to the schedule.
Auditor Independence and Competence
Auditors need to be objective and impartial. The standard requires the selection of auditors and conduct of audits to maintain objectivity and the impartiality of the audit process - in practice this means auditors do not audit their own work. Internal auditors also need to be competent for the audit work they do, which combines knowledge of the standard, knowledge of audit technique, and sufficient understanding of the area being audited to ask the right questions.
Small organisations often use a small pool of internal auditors who cover each other's areas, or commission external auditors to maintain independence. Both approaches are acceptable.
Reporting and Following Through
Audit results are reported to relevant management. Documented information needs to be retained as evidence of the implementation of the audit programme and the audit results. Where audits identify nonconformities, those are addressed through the corrective action process at Clause 10.2. Where they identify opportunities for improvement, those feed into management review and continual improvement.
An audit programme that consistently finds nothing significant year after year usually signals a problem - either the audits are not searching deeply enough, or genuine issues are being overlooked.
For 2026 I will look at how individual audits have been planned. The new wording in 9.2.2 expects each audit to have defined objectives, criteria and scope. So I want to see audit plans that say specifically what this audit is trying to achieve, against what criteria, and covering what areas. Generic plans copied across multiple audits will not pass this requirement.
I also look at follow-through. If an audit identified an issue six months ago, what happened. Was a corrective action raised. Was it closed effectively. Did anything change in the system as a result. Audits without follow-through are wasted effort.
The other thing the 2026 wording change does is make it harder to run a thin audit programme. If every audit has to have its own objectives, criteria and scope, the organisation has to think about what each audit is for. That tends to drive better quality audits because the auditor is going in with a clear purpose, not just running through a checklist.
For organisations transitioning, the practical step is updating the audit programme template so each scheduled audit has its objectives, criteria and scope filled in. That alone usually addresses the new requirement.
Internal audit gets a bad name when it is treated as a paperwork exercise. Done properly it is genuinely useful. You go in with a question - is this part of the system actually working - you look at the evidence, you talk to the people doing the work, and you come out with an honest answer. The new wording in 2026 just asks you to write down what your question is for each audit. That should not be hard.
Practical Compliance Guidance
The audit programme, audit plans and audit results are the key records for this clause. The IMS1 Manual sets out the internal audit approach in Section 9.2.
The following alphaZ documents support compliance with ISO 14001:2026 Clause 9.2.
| alphaZ document | How to use it |
|---|---|
| ISO 9001/14001/45001 IMS Toolkit | The full set of integrated management system documents covering the requirements of all three standards, including the IMS1 Manual. |
| ER1 Issues Actions Register | Records the corrective and improvement actions arising from internal audit findings, with owners, dates and verification of effectiveness. |
Note - all the above files can be downloaded with an alphaZ subscription.
