Are environmental auditors taking due care around materiality? Richard Gotheridge and Nigel Leehane discuss
Environmental management is becoming more complex for organisations as drivers of environmental sustainability expand and become more demanding. Many organisations are driven to improve environmental performance by external stakeholders such as government agencies, customers and shareholders. These stakeholders are increasingly alive to issues such as environment, social and governance (ESG) reporting and net-zero carbon, as well as legal or reputational drivers.
So why do auditors often discount these stakeholder drivers, focusing instead on ‘traditional’ environmental matters such as waste disposal or spill response?
ISO 14001:2015 requires organisations to determine their context (clause 4.1) – in other words, to gain a strategic understanding of the environmental circumstances in which they operate. It also requires them to understand stakeholders’ needs and expectations, and decide which of these to commit to as compliance obligations (clause 4.2).
The output from these processes is critical for establishing the scope of an organisation’s environmental management system (EMS) and focusing on the most important environmental issues.
This should influence the organisation’s policy commitments (clause 5.2), the areas on which it focuses improvement (clause 6.2), and the priorities it gives to environmental aspects and impacts (clause 6.1.2). These, in turn, shape the organisation’s priorities and approaches when managing environmental performance through other EMS elements.
Some organisations are applying their EMS effectively in recognising and addressing broader sustainability drivers, but many are still focusing on traditional risk areas. Similarly, it seems that EMS auditors have not kept pace with the change and scale of environmental sustainability ambition, such as carbon reduction targets – particularly net-zero carbon goals. These failings may be found in both internal and external auditing, but if certification auditors fail to recognise the importance of broader environmental sustainability goals, it calls into question whether stakeholders can rely on certification to ensure their expectations about ISO 14001 EMSs are being fulfilled.
While pollution prevention and waste management are important matters that need suitable controls, they may be orders of magnitude different to the drivers that businesses now experience. For example, many customers now require suppliers to show that they are working towards net zero (an ‘interested party’ expectation that becomes a compliance obligation in accordance with ISO 14001). It is not helpful if auditors remark that ‘net zero is a fallacy’ or dismiss it as a ‘customer goal’, rather than that of the organisation.
This demonstrates a failure to appreciate ISO 14001’s intent for stakeholder drivers to be recognised and acted on through the EMS.
Auditors should seek evidence that the organisation has identified relevant strategic issues as part of its context and stakeholder concerns, and taken them into account in making commitments, establishing objectives and focusing the EMS. There is no requirement to document the output from clauses 4.1 and 4.2, although many organisations do. Good auditors, however, will make their own judgments on whether the EMS’s scope and commitments reflect the key strategic issues.
It is also concerning that auditfocus tends to be on site-specific operational issues, ignoring the lifecycle perspective. The health and safety standard ISO 45001 excludes ‘end user, supplier, or material selections’ from its remit on the basis that the standard is an occupational health and safety standard, not a product safety standard. ISO 14001, on the other hand, requires organisations to consider their supply and value chains in relation to environmental aspects and operational controls – and, by implication, to consider context. This means that an organisation may decide that it needs to extend its EMS processes to procurement or product and service design, to ensure that these meet the environmental sustainability goals of it and its stakeholders.
For some organisations, especially small-to-medium enterprises, there may be few opportunities to address lifecycle issues, but they should still be considered. For larger organisations, it may be critical that their products meet customer sustainability expectations, as this could provide opportunities to expand market share. Similarly, addressing raw material selection or service procurement may be important to overall environmental performance.
The standard requires all relevant aspects and impacts to be identified, so it can control or influence ‘considering a lifecycle perspective’ and then assess the significance. It does not just expect controls to be implemented – it requires influence to be administered appropriately. Influence that is not administered is a potential future risk, an opportunity not taken – arguably, the organisation is not demonstrating continual improvement. Only where there is no control and no realistic opportunity to influence should it be discounted. This should be clearly assessed by auditors.
Unfortunately, too many auditors discount influence over bigger, more material issues, such as carbon reductions by product end users or supplier services – instead focusing on influence over on-site or manufacturing controls.
A risk-based approach
ISO 19011:2018, which provides guidance for auditing management systems, emphasises the importance of taking a risk-based approach to audit planning and conduct. In clause 4, which deals with auditing principles,
it explains that this involves considering risks and opportunities, focusing on ‘matters that are significant for the audit client’. Key strategic environmental issues and stakeholder concerns fall into this category, as do the organisation’s commitments and priorities for environmental management and improvement. In addition, ISO 14001’s internal auditing clause states that the internal audit programme should be established, taking into consideration the ‘environmental importance of the processes concerned’.
This risk-based approach aims to ensure that material issues are at the forefront of EMS auditing. Just as organisations producing annual sustainability reports are expected to report on material issues that are relevant to stakeholders and that influence decision-makers, EMS auditing should give confidence that organisations are focusing their systems on the key issues.
Is your auditor working?
Organisations should ensure that their internal auditors appreciate the key elements of their environmental strategies, are able to audit against clause 4, and understand the importance of the lifecycle perspective in planning and operational control. External certification auditors are required by ISO 17021 Part 1, which deals with the requirements for certification bodies, to be competent not only in the requirements of the management systems standards they are auditing against, but also in their knowledge of business management practices. They should be able to recognise the external drivers that are shaping an organisation’s strategy and determining intended EMS outcomes – which, ultimately, is the goal of ISO 14001. Addressing the material issues is key to providing an effective EMS auditing service; if this is not happening, it may be time to change auditor.
Richard Gotheridge, MIEMA is a safety, health, environment and quality manager in defence and construction.
Nigel Leehane, FIEMA is an environmental management consultant and chair of the BSI environmental auditing subcommittee.