hygiene zone
quality tools
quality techniques
human issues
quality awards
quality extra
visitor tools


Stay Informed
Sign up below to receive our Occasional Newsletter.

We Respect Your Privacy!

Web SaferPak
SaferPak: Food Packaging Safety, Food Safety, Business Improvement and Quality Management
       Home     About     Contact

A fresh approach to ISO 14001 certification
The advent of risk-based environmental management system auditing
By David Powley - DNV Certification

What does it take to narrow the perceived credibility gap associated with ISO 14001 certification? David Powley of DNV Certification explains a new regime that is not only scrupulously driven by environmental risk management principles but is also client-friendly.

The criticism surrounding certification to ISO 14001, the environmental management system specification, was almost predictable since its publication in 1996. The comments go along the lines of undeserving companies being granted certification, audits being performed in a clause-based ‘inspector’ mentality, audit findings being punctilious and having no real value. The comments, if not wholly justified, were at least forgivable. Many of the certification bodies granting ISO 14001 certification had grown up in an era of the traditional quality management system certification which for most tended to be based on clause compliance, at least in the days before publication of the 2000 version of ISO 9001, the quality management system specification. This should not have been the case. What should management system certification be concerned with? Undoubtedly, risk management should serve as the essence and this deserves some explanation.

There are three basic qualitative requirements of risk management:

1. identify the significant risks
2. manage the significant risks
3. monitor the effectiveness of the management of the significant risks

The ISO 14001 specification not only accommodates but is based on these requirements. Furthermore there are two other elements associated with risk and these are:

a) The inherent risk or potentiality of an event or condition arising.
b) The actual performance associated with that event or condition.

The element (a) is determined by possibilities or potentiality whereas (b) is determined by actual experience. For example, when one considers the risk of a major spill of a hazardous liquid the theoretical likelihood and consequences (i.e. potentiality) are given attention as well the actual experience (i.e. relevant performance data, occurrences, non-conforming situations etc). Here again, this is consistent with the demands within ISO 14001 and its certification.

DNV Certification recently launched its risk-based certification service. The service applies to certification against all management system standards and specifications for environment, health & safety and quality. A ‘journey’ (as DNV terms it) is embarked upon with the client company whereby the main issues facing it are decided upon. prior to or at the start of audits. These issues then become ‘focus areas’ for the audits and the plans for the audits have their basis in them. Reporting will also be framed by the focus areas and will deliver findings on not only non-conforming situations but also points for improvement as well as noteworthy efforts. Maximum benefit is derived when an open relationship exists between the client company and the Auditor and where interest extends to more than ‘the certificate on the wall’. The potential for real continual improvement is high in these circumstances.

From the perspective of ISO 14001 audits, the Auditor will have an appreciation of the inherent environmental risk (see element (a) above) based on his capability and knowledge of the significant environmental issues faced by an organisation working in that particular sector. He may not have current performance data (see element (b) above) associated with those significant issues for the client company and this is where the dialogue with client company becomes important. The focus areas will then be decided according to a combination of what is inherently risky and what could be improved. The audit is then performed according to the requirements of risk management (see requirements 1, 2 and 3 above) where all relevant processes are interrogated that cover identification, management and monitoring of the management, for the subject of the focus areas. An example may assist here.

Based on his knowledge of the industry sector and the fact that they have a consent for a discharge into a nearby river an Auditor perceives that discharges to controlled waters is an issue for a client company he has yet to visit. He would discuss the issue with the client, prior to or at the start of the audit. This discussion should reveal the relevant performance information, such as breaches or near-breaches of the consent or any deficiency associated with the issue. That focus area (i.e. ‘discharges to controlled waters’) would be decided upon. The audit would then be conducted along the requirements 1, 2 and 3 above to ensure:

1. Full identification of the issue – this means a true evaluation of the issue.
2. Management of the issue – procedures are suitable and being complied with, hardware and instrumentation are reliable and within integrity, capability of personnel is sufficient, relevant objectives are being progressed, emergency regimes are effective etc.
3. Monitoring of the issue is effective – conducting relevant inspections, observance of and reaction to effluent monitoring data, thorough audits of the procedures, people, hardware etc.
This approach is still consistent with the requirements of ISO 14001, an Auditor is required to consider all clauses of the specification.

The above is a mere simplification of the DNV approach to risk-based certification auditing - a fuller, more deserving account would require more space. However it is hoped that this serves to give an appreciation. Early indications are that the large majority of client companies will be enthusiastic for this approach. This is encouraging as it would indicate that at last a balance may have been struck between client-friendliness and environmental risk management.



David Powley is a well recognised and highly experienced integrated management systems Auditor and Trainer with DNV Certification. He is the author of numerous articles on management systems for quality, environment and health and safety. DNV Certification is one of the world’s leading certification bodies/registrars offering the latest in management systems certification services. With more than 49,000 certificates issued worldwide, our name evokes a strong commitment to safety, quality, and concern for the environment. DNV recently launched Risk Based Certification™, a fresh approach to auditing. For further information on Risk Based Certification or any other service DNV offer please visit www.dnv.co.uk/certification or call 020 7716 6543.










Back to previous page












top of page

home :: about :: contact :: terms

© 2006 SaferPak Ltd.