What is the difference between Stage 1 and Stage 2 of an ISO 14001 certification audit?

Stage 1 is a readiness review where the auditor checks that your Environmental Management System is sufficiently documented and developed to proceed to the full certification audit. Stage 2 is the main on-site certification audit where the auditor verifies that your EMS is fully implemented, understood by your staff, and producing results. Both stages must be completed before a certificate can be issued.

Can an ISO 14001 audit be conducted remotely?

Stage 1 is commonly conducted remotely, particularly for smaller businesses, as it focuses primarily on document review. Stage 2 typically requires an on-site visit because the auditor needs to observe your operations, inspect your site, and speak directly with your staff. Some certification bodies may conduct partial remote audits for multi-site organisations, but the core site inspection must be done in person.

What happens if the auditor finds a major nonconformity?

A major nonconformity means a significant requirement of ISO 14001 has not been met or implemented. Certification cannot be granted until the major nonconformity is resolved and the auditor has verified the corrective action. Depending on the severity and nature of the finding, you may need to implement changes and provide evidence before the auditor conducts a follow-up review, which may be on-site or via documentation depending on what is required.

How long does it take to receive the ISO 14001 certificate after the audit?

Once the Stage 2 audit is complete and any minor nonconformities have been resolved, the certification body will conduct an internal review of the audit report before issuing the certificate. This typically takes two to four weeks. If there are minor nonconformities requiring corrective action, the timeline extends by however long it takes to submit and verify the evidence, which is usually 30 to 90 days from the audit date.

What do ISO 14001 auditors look for when speaking with staff?

Auditors are assessing whether staff understand the environmental aspects relevant to their work, what the organisation's environmental objectives are, and what they are personally responsible for doing to support the EMS. They are not looking for staff to recite the standard. They want to see genuine awareness and understanding, which is evidence that your training and communication programme is effective rather than just documented.

Do I need a consultant to prepare for an ISO 14001 certification audit?

You do not legally need a consultant, but many businesses find it significantly reduces the time and stress involved in preparing for audit, particularly if it is their first certification. A good consultant will help you build a system that is genuinely effective, not just one that looks good on paper. If you are considering engaging a consultant, make sure you understand how to evaluate their credentials and experience before committing to anyone.

What Happens During an ISO 14001 Certification Audit?

The ISO 14001 Certification Audit: What to Actually Expect

If you are preparing for an ISO 14001 certification audit for the first time, you are probably wondering what the auditor is actually going to do when they walk through your door. The honest answer is that most businesses are more prepared than they think, but they get caught out because nobody explained the process clearly before the day arrived.

On this page

This article walks you through every stage of the ISO 14001 certification audit process, from the initial document review right through to receiving your certificate. It covers what auditors look for, where businesses commonly fall short, and what you can do to give yourself the best chance of passing without unnecessary stress or delays.

Before diving in, it helps to understand that ISO 14001 certification involves two distinct audit stages. They are not interchangeable and they serve very different purposes. Confusing the two is one of the most common mistakes businesses make when planning their certification timeline.

Stage 1: The Readiness Review

The Stage 1 audit is sometimes called a document review, a desktop audit, or a readiness assessment. Whatever your certification body calls it, the purpose is the same. The auditor is checking whether your Environmental Management System (EMS) is sufficiently developed and documented to proceed to the full certification audit.

This stage typically happens either remotely or on-site, depending on your certification body and the complexity of your operations. For smaller businesses, many certification bodies conduct Stage 1 remotely, reviewing your documentation before scheduling a site visit. For larger or more complex organisations, the auditor may want to visit your site during Stage 1 as well.

What the Auditor Reviews at Stage 1

During Stage 1, the auditor is primarily focused on your documented information. They will want to see that you have addressed the core requirements of the standard, including:

Your environmental policy, which must be appropriate to the nature and scale of your operations
Your identification of environmental aspects and impacts, including significant ones
Your legal and other compliance obligations register
Your environmental objectives and the plans you have in place to achieve them
Evidence that you have defined the scope of your EMS
Your documented procedures for operational controls, emergency preparedness, and monitoring
Records of internal audits and management review

The auditor is not expecting perfection at Stage 1. They are checking that you have a functioning system in place, not just a folder of templates you downloaded from the internet. If your documents exist but have never been used in practice, an experienced auditor will spot this quickly.

If you want to understand what solid preparation looks like before this stage, the article on 8 things to do before an ISO Stage 1 readiness audit covers the practical groundwork in detail.

Stage 1 Outcomes

After Stage 1, the auditor will produce a report identifying any areas where your system is not yet ready for Stage 2. These are typically recorded as observations or areas for improvement rather than formal nonconformities. You will have the opportunity to address these before your Stage 2 audit is scheduled.

If significant gaps are found, the auditor may recommend delaying Stage 2 until those gaps are resolved. This is not a failure. It is the system working as intended, and it is far better to address issues at this point than to face a major nonconformity during Stage 2.

Get 3 ISO Quotes. 24 Hours Response

Tell us what you need and compare vetted ISO consultants or certification bodies within 24 hours. Free, no obligation.

Trusted by 400+ businesses like yours

Stage 2: The Certification Audit

Stage 2 is the main event. This is where the auditor conducts a thorough, on-site assessment of your EMS to determine whether it conforms to the requirements of ISO 14001 and whether it is actually working in practice.

The key word there is “in practice.” ISO 14001 certification is not awarded for having good documents. It is awarded when your system is genuinely implemented, understood by your people, and producing results. An auditor who has been doing this for any length of time can tell the difference between a system that is lived and breathed and one that was assembled for the audit.

The Opening Meeting

Every Stage 2 audit begins with an opening meeting. This is a formal but straightforward session where the auditor introduces themselves, confirms the audit scope and objectives, explains how the day or days will run, and asks if you have any questions before they begin.

Bring your senior leadership to this meeting if you can. ISO 14001 places significant emphasis on top management commitment, and having your leadership team present at the opening meeting demonstrates that environmental management is taken seriously at the top of your organisation. The auditor will note who is in the room.

Document and Records Review

Even though documents were reviewed at Stage 1, the Stage 2 auditor will revisit your documented information to check that everything is current, controlled, and being used. They will cross-reference your documents against what they observe during the site inspection.

Common things auditors check at this stage include:

Whether your aspects and impacts register reflects your actual operations, not just what you planned when you first set up the system
Whether your legal register is up to date and includes all applicable environmental legislation for your sector and location
Whether your monitoring and measurement records are complete and being reviewed
Whether corrective actions from previous internal audits have been closed out with evidence
Whether your management review minutes reflect genuine discussion of EMS performance rather than a tick-box exercise

One thing that catches businesses out is the gap between their documented procedures and what is actually happening on the floor. If your procedure says you check waste disposal records monthly but the last entry in your logbook is from four months ago, that is a problem the auditor will raise.

Site Inspection and Process Walkthrough

This is the part of the audit that most people find most confronting, but it is also where a well-run EMS really gets to shine. The auditor will walk through your site, observing your operations and speaking with your staff.

They are looking at things like:

How waste is segregated, labelled, and stored before disposal
Whether staff who work with hazardous materials understand the environmental risks and the controls in place
Whether spill kits and emergency response equipment are present, accessible, and understood
Whether environmental controls are actually in use, not just described in a procedure document
Whether signage, labelling, and awareness materials are visible and relevant

The auditor will also speak with your employees, not just your environmental manager. They may ask a production worker how they handle chemical waste, or ask a maintenance technician what they do if there is a fuel spill. If your staff cannot answer these questions, it signals that your awareness and training programme is not effective, which is a requirement of the standard.

This is why training records alone are not enough. The auditor wants evidence that training has actually landed, and the best evidence is a staff member who can explain what they do and why.

Interviews with Key Personnel

Alongside the site walkthrough, the auditor will conduct structured interviews with key people in your organisation. This typically includes your environmental manager or management representative, members of senior leadership, and operational staff from different areas of the business.

Questions at this stage tend to focus on awareness and accountability. Auditors commonly ask things like:

What are your most significant environmental aspects?
What environmental objectives is the business currently working toward?
What would you do if you identified a new environmental risk?
How does the business handle environmental complaints from neighbours or regulators?

You do not need scripted answers. You need people who genuinely understand the system and their role within it. Rehearsed, identical answers from multiple staff members can actually raise suspicion rather than build confidence.

Nonconformities: What They Are and What Happens Next

At some point during or after the audit, the auditor may identify nonconformities. These are findings where your EMS does not meet the requirements of ISO 14001 or where a requirement is not being implemented as described in your own documented system.

There are two types of nonconformities you need to understand.

Major Nonconformities

A major nonconformity is a significant failure to meet a requirement of the standard. Examples include having no legal compliance register at all, failing to identify significant environmental aspects for a core part of your operations, or having no evidence of management review. A major nonconformity will prevent certification until it is resolved and verified by the auditor.

Minor Nonconformities

A minor nonconformity is a partial failure or an isolated lapse in an otherwise functioning system. For example, a monitoring record that has not been completed for one month, or a procedure that has not been updated to reflect a minor process change. Minor nonconformities do not prevent certification, but you will need to submit a corrective action plan and evidence of resolution within a specified timeframe, usually 30 to 90 days.

If you want to understand how to formally challenge a finding you believe is incorrect, the article on the formal process for disputing an ISO audit finding explains your rights and options.

The Closing Meeting

At the end of the Stage 2 audit, the auditor will hold a closing meeting to present their findings. This is where they will summarise what they observed, confirm any nonconformities, and indicate whether they will be recommending certification.

It is important to understand that the auditor recommends certification. The final decision is made by the certification body after the audit report is reviewed internally. In practice, the auditor's recommendation is almost always followed, but the formal decision comes from the certification body.

Ask questions at the closing meeting if anything is unclear. This is your opportunity to understand exactly what is required from you before the certificate is issued.

After the Audit: Corrective Actions and Certification Decision

If you have minor nonconformities to resolve, you will need to submit your corrective action evidence within the agreed timeframe. Your auditor or the certification body will review this evidence and confirm that the issues have been addressed before the certificate is issued.

Once the certification body has reviewed the audit report and is satisfied that all requirements have been met, they will issue your ISO 14001 certificate. The certificate will specify your organisation's name, the scope of certification, the standard version, the issue date, and the expiry date. Check all of these details carefully when you receive it. The article on what to check when you receive your ISO certificate walks through exactly what to look for.

Your certificate is valid for three years, subject to annual surveillance audits. These are shorter audits conducted each year to verify that your EMS is being maintained. Surveillance audits are not as intensive as the initial certification audit, but they are not a formality either. Auditors will focus on areas of concern from previous audits and check that your system continues to improve.

For a full picture of what comes after certification, including surveillance audits and recertification, the article on what happens after you get ISO 14001 certified covers the ongoing obligations in detail.

Common Reasons Businesses Struggle During the Audit

Having been through this process many times, there are a handful of issues that come up again and again. Most of them are avoidable with the right preparation.

Legal register not maintained: This is one of the most common findings in environmental audits. Legislation changes, and your register needs to reflect current obligations. A register that was accurate two years ago may now be out of date.
Aspects and impacts not reviewed after operational changes: If you have added a new process, moved to a new site, or changed your waste contractor, your aspects register needs to be updated. Auditors will ask about recent operational changes and check whether the system has kept up.
Objectives with no measurable targets or progress evidence: Having an objective to “reduce energy consumption” is not enough. You need a target, a timeframe, and evidence that you are tracking progress against it.
Internal audits that do not find anything: An internal audit programme that consistently produces zero findings is a red flag. Either the audits are not being conducted properly, or the auditor is not looking hard enough. External auditors will scrutinise internal audit records carefully.
Staff who cannot explain their environmental responsibilities: This comes back to training and awareness. Your people need to know what the significant aspects are, what the objectives are, and what their role is in achieving them.

Understanding the full scope of what ISO 14001 requires is the foundation for avoiding these issues. If you are new to the standard, the beginner's guide to ISO 14001 environmental management systems provides a solid grounding in the requirements before you start preparing for audit.

How Long Does the Audit Take?

Audit duration depends on the size of your organisation, the number of employees, the complexity of your operations, and the number of sites included in your scope. ISO 14001 is one of the most widely adopted management system standards globally, and certification bodies have developed robust methods for determining audit time based on these factors.

As a rough guide, a small business with fewer than 20 employees might expect a Stage 1 of half a day and a Stage 2 of one to two days. A medium-sized business with 50 to 100 employees might expect two to three days for Stage 2. Larger or more complex operations will require more time.

Your certification body should provide you with a detailed audit plan well in advance of the audit date. If the audit duration seems unusually short for your organisation, it is worth asking how the time has been calculated. Audit days are a key factor in certification cost, and it is also a quality indicator. An audit that is too short cannot be thorough.

Choosing the Right Certification Body Matters

The quality of your audit experience depends significantly on which certification body you choose. A good auditor will be technically competent in environmental management, have relevant industry experience, and conduct the audit in a way that is rigorous but fair. A poor auditor can make the process unnecessarily stressful, miss genuine issues, or raise findings that are not well-founded.

Make sure the certification body you choose is accredited by a recognised accreditation body. In Australia, that means accreditation through JAS-ANZ, the Joint Accreditation System of Australia and New Zealand. Accreditation is what gives your certificate credibility in the market and ensures the audit was conducted to an internationally recognised standard.

If you are still in the process of selecting a certification body, or if you want to compare options before committing, CertBetter can help. Submit one form and receive up to three competing quotes from accredited certification bodies and verified ISO consultants. The service is completely free for businesses seeking certification, and it takes the guesswork out of finding a provider who is the right fit for your industry and your budget.