A fresh approach

The criticism surrounding certification to ISO 14001 was almost predictable since its launch in 1996. Stories do the rounds of undeserving companies being granted certification, audits being performed in a clause-based ‘inspector’ mentality, audit findings being punctilious and having no real value. The comments, if not wholly justified, were at least forgivable.

Many of the certification bodies granting ISO 14001 certification had grown up in an era of traditional quality management system certification, which for most tended to be based on clause compliance, at least in the days before publication of the 2000 version of ISO 9001. This should not have been the case.

What should management system certification be concerned with? Undoubtedly, risk management should serve as the base and this deserves some explanation. There are three basic qualitative requirements of risk management:

The ISO 14001 specification not only accommodates but is based on these requirements. Furthermore there are two other elements associated with risk and these are:

The element (a) is determined by possibilities or potentiality, whereas (b) is determined by experience. For example, when one considers the risk of a major spill of a hazardous liquid, the theoretical likelihood and consequences (potentiality) are given attention as well the actual experience (such as relevant performance data, occurrences, non-conforming situations etc). Here again, this is consistent with the demands within ISO 14001 and its certification.

Risk based certification

DNV Certification recently launched Risk Based Certification. The service applies to certification against all management system standards and specifications for environment, health & safety and quality. A ‘journey’ is embarked upon with the client whereby the main issues they face are decided upon prior to or at the start of the audit. These issues then become focus areas for audits and the plans for the audits have their basis in them.

Reporting will also be framed by the focus areas and will deliver findings on not only non-conforming situations but also points for improvement as well as noteworthy efforts. Maximum benefit is derived when an open relationship exists between the client and the auditor and interest extends to more than the certificate on the wall. The potential for continual improvement is high in these circumstances.

From the perspective of ISO 14001 audits, the auditor will have an appreciation of the inherent environmental risk, based on his knowledge of the environmental issues faced by an organisation working in that particular sector.

He may not have current performance data associated with those significant issues for the client company and this is where dialogue with the client company becomes important. The focus areas will then be decided according to a combination of what is inherently risky and what could be improved. The audit is performed according to the requirements of risk management, where all relevant processes are interrogated that cover identification, management and monitoring of the management for the subject of the focus areas.

The certification process

For example, based on his knowledge of the industry sector and the fact that they have a consent for a discharge into a nearby river, an auditor perceives that discharges to controlled waters is an issue for a client company he has yet to visit. A discussion with the client should reveal the relevant performance information, such as breaches or near-breaches of the consent or any deficiency associated with the issue. That focus area would be decided upon. The audit would then be conducted to ensure:

Early indications are that the large majority of client companies will be enthusiastic for this approach. This is encouraging as it would indicate that at last a balance may have been struck between client-friendliness and
environmental risk management.