Guide · Environmental

ISO 14001 audit checklist for the UK.

A practical guide to running an ISO 14001:2015 environmental management system internal audit, from aspects and impacts to the legal register, objectives and corrective actions, with a WhatsApp workflow your auditors already know.

Try the demo See pricing

14-day free trial. No card required.

The point

The internal audit is itself a requirement.

ISO 14001:2015 does not just want you to run an environmental management system. It requires you to audit your own system at planned intervals and act on what you find. Software does not make you certified. Meeting the standard and closing your nonconformities does. The tool captures the audit and keeps the evidence for the surveillance visit.

What an ISO 14001 internal audit covers

The clauses you check against.

Aspects and impacts

The register is live

Environmental aspects and their impacts identified, significance assessed, and the register current for how the site actually operates now, not two years ago.

Legal and other

Compliance obligations

The legal and other requirements register maintained, compliance evaluated, and permits, consents and duty of care obligations tracked and met.

Improvement

Objectives and actions

Objectives and targets set and progressing, corrective actions from the last audit closed, and management review feeding the next cycle.

How the audit runs

Findings, nonconformities, corrective actions.

An internal audit produces findings: conformities, observations, and nonconformities graded by severity. Each nonconformity needs a corrective action with an owner and a due date, and the next audit checks it was closed. An audit trail that loses the corrective action is the one that bites at the surveillance visit.

Run ISO 14001 audits on WhatsApp

No app install. No training.

Auditors use the phone they already have. Text, voice note or photo. The audit report generates itself. Setup to first live workflow usually takes under a week.

Try the demo See pricing

An ISO 14001 certificate is not a document you earn once. It is a claim you have to keep proving, at surveillance audits, that your environmental management system is real and running. The internal audit is how you prove it to yourself first. Done well, the certification body's visit confirms what you already knew. Done as a box-tick the night before, it becomes the moment the auditor finds the aspects register nobody has touched in two years. So the real question is whether your internal audit evidence would survive external scrutiny.

The short version

  • ISO 14001:2015 requires an internal audit programme at planned intervals; the internal audit is itself an audited clause of the standard.
  • The core areas are environmental aspects and impacts, the legal and other requirements register, objectives and targets, and corrective actions.
  • Every nonconformity needs a corrective action with an owner and a due date, and the next audit verifies it was closed.
  • The certification body runs surveillance audits between three-yearly recertifications; your internal audit evidence is what they sample.
  • Software does not make you certified. Meeting the standard and closing your nonconformities does. The tool captures the audit and holds the evidence.

Aspects and impacts

Keeping the register live

The heart of ISO 14001 is knowing how your activities interact with the environment: the aspects (what you do, such as storing fuel or generating waste) and the impacts (what that does, such as contamination or resource use). The standard requires you to identify these, assess which are significant, and manage them. The internal audit checks the aspects and impacts register is current for how the site operates today, not for a process you stopped running last year.

Quickler captures the auditor's findings against each area as structured records, with photos where a physical check backs up a document review. It is not a certification body and does not maintain your register for you; it records whether the register was found current and complete, and flags where it was not.

Legal register

Compliance obligations and duty of care

ISO 14001 requires a register of legal and other requirements and a periodic evaluation of compliance against them. For a UK site that means the environmental permit conditions, the waste duty of care in the Environmental Protection Act 1990, oil storage rules, discharge consents, and any sector obligations, all tracked and evidenced. A management system that lists the law but never evaluates compliance against it has a gap the auditor will find.

Quickler lets the auditor record, obligation by obligation, whether compliance was evaluated and evidenced, alongside the physical checks. See the environmental permit compliance audit guide for the permit side, which often forms the biggest part of the legal register.

Findings and actions

Nonconformities that actually get closed

An internal audit is only worth running if the findings drive action. Each nonconformity should be graded, given a root cause, assigned an owner and a due date, and closed with evidence. The next audit verifies closure. The failure mode is a corrective action raised, filed, and forgotten, which then reappears as a repeat finding at the surveillance visit and dents the auditor's confidence in the whole system.

Quickler records each finding and its corrective action, and surfaces open actions on a dashboard so nothing is quietly lost between audit cycles. It does not close the action for you; it makes the overdue one visible to the person who can.

Pricing

Per report, not per seat

Most audit apps charge per seat. For a firm running internal audits across sites and functions that is the wrong shape: the environmental manager who reads one audit a month pays the same as the auditor who files four a week, and every subcontractor auditor you add costs more.

Quickler charges per report, with unlimited users on every bundle. Bundles run from Quickler 50 at 50 pounds a month for 50 reports, up to Quickler 500 at 500 pounds a month for 500 reports. Add as many auditors, subcontractors, managers and admins as you like; you pay for the reports you file, not the people who could file them. Pricing is approximate and shifts, so check the current pricing page before you commit.

Questions, answered

What does an ISO 14001 internal audit cover?

It checks the environmental management system against ISO 14001:2015: the aspects and impacts register, the legal and other requirements register and compliance evaluation, objectives and targets, operational controls, and whether corrective actions from the last audit were closed. It produces findings graded as conformities, observations and nonconformities.

Is an internal audit required by ISO 14001?

Yes. ISO 14001:2015 requires the organisation to conduct internal audits at planned intervals to check the management system conforms to the standard and to its own requirements, and is effectively implemented. The internal audit programme is itself an audited requirement, so the certification body will sample your internal audit records.

What happens to a nonconformity found in an audit?

Each nonconformity should be graded, given a root cause, assigned an owner and a due date, and closed with evidence. The next audit verifies closure. A corrective action that is raised and then forgotten tends to reappear as a repeat finding at the surveillance audit, which undermines confidence in the whole system.

Can I run an ISO 14001 audit over WhatsApp?

Yes. Quickler's workflow runs over the WhatsApp Business API. The auditor receives each check in their existing WhatsApp chat, replies with text, a voice note or a photo, and the completed audit report generates automatically. No separate app or login is required, and Quickler manages the WhatsApp Business API account on the firm's behalf.

Related guides

Keep reading

Related guides