Help Keep the World Green

The ISO 14000 standards present a challenge for companies and a service opportunity for CPA firms.
BY ZABIHOLLAH REZAEE

  

EXECUTIVE SUMMARY
  • IN 1996, THE INTERNATIONAL ORGANIZATION for Standardization developed ISO 14000 as the first globally recognized guidelines for voluntary environmental management. The ISO 14000 standards can help businesses around the world manage their environmental responsibilities. The standards also can provide CPAs with a new practice niche of certifying and auditing environmental management systems (EMS).
  • TO GET AN ISO 14000 CERTIFICATE, A BUSINESS must comply with applicable standards and go through a systematic evaluation and approval process. ISO 14000 may be a way for businesses to prevent mandatory regulations and minimize government sanctions. The standards are divided into six categories: environmental management systems, environmental auditing, environmental labeling, environmental performance evaluation, life-cycle assessment and environmental aspects in product standards.
  • CPAs WHO DO ISO 9000 AUDITS MAY FIND IT EASY to perform ISO 14000 audits since the two have much in common, including a similar registration process. ISO 14000 someday may become part of the ISO 9000 standards, allowing organizations to register for both at once, reducing registration and audit costs.
  •  A KEY ELEMENT IN ISO 14000 IS A COMPANY'S EMS. The objective is to protect the environment, help the company establish goals, policies and procedures related to the environment and allow the company to demonstrate to third parties its commitment to environmental excellence and compliance.
  • CPAs CAN HELP A CLIENT OR EMPLOYER ESTABLISH an EMS by identifying environmental problems, creating a proactive approach to managing those problems and the accompanying risks and integrating the system into the company's internal control structure. Washington, D.C. office effectively cultivated legislators’ support for the profession.
ZABIHOLLAH REZAEE, CPA, PhD, CMA, is professor of accounting at Middle Tennessee State University in Murfreesboro. His e-mail address is zrezaee@mtsu.edu.

s we approach the new millennium, concern about the environment is becoming a worldwide phenomenon. Environmental costs and obligations have grown substantially and will continue to grow as society becomes more conscious of its surroundings, environmental laws and regulations increase and corporations face increased pressure to be good environmental citizens. To address the emergence of an international "green movement," many countries have enacted legislation intended to hold organizations more accountable for their environmental obligations. Companies have responded by taking a proactive stance on voluntary initiatives.

The International Organization for Standardization (ISO) promulgated a series of standards called ISO 14000 that are intended to help businesses around the world voluntarily manage their environmental responsibilities and ensure that policies, procedures and practices conform with company environmental targets and objectives. The worldwide impact of these standards is expected to transcend those of the ISO 9000 quality standards. In fact, ISO 14000 may eventually become a requirement for obtaining ISO 9001 recertification.

Businesses of all sizes across all industries face the demanding high-stakes challenge of attaining ISO 14001 registration and certification. (ISO 14000 consists of several guideline standards and one compliance standard, labeled ISO 14001, which includes the rules companies register under to become certified.) Exhibit 1, describes the six ISO 14000 categories and the related standards. Like ISO 9000, ISO 14000 may someday become a prerequisite for competing in the global market while also helping to safeguard the earth's resources. Practitioners experienced in ISO 9001 registration can add ISO 14000 certification and auditing to their consulting services. CPAs who took an active role certifying and auditing quality management systems (QMS) under ISO 9000 can develop a market niche certifying and auditing environmental management systems (EMS) under ISO 14000. This article includes information that will help both financial managers and CPAs in public practice meet the challenge of implementing ISO 14000.  

ISO 14000 ENVIRONMENTAL STANDARDS

In 1996, the ISO issued its ISO 14000 standards, the first globally recognized guidelines, to help safeguard the environment by promoting adequate and effective control for environmental practices and by monitoring a company's compliance with both internal and external laws, regulations and policies. These include laws governing

  • A company's ongoing environmental conduct (for example, under the Clean Air Act Amendment of 1990).
  • Cleanup of contamination caused by a company's business activities (for example, under the Superfund Act of 1980).
  • Personal injury or property damage caused by exposure to chemicals and other pollutants.

To obtain an ISO 14000 certificate, a company must meet ISO 14001 standards, a series of EMS standards. Like the ISO 9000 standards that were designed to ensure high-quality products and services by certifying the quality of various processes and practices, ISO 14000 standards are likely to be adopted by businesses worldwide.

ISO 14000 environmental standards are a voluntary and market-driven approach to improving environmental performance and protection that provides an alternative to mandatory government regulations. Businesses may find implementing ISO 14000 a means of preventing further mandatory regulations and minimizing their exposure to surveillance and sanctions by governmental agencies. Indeed, these voluntary standards do not need congressional or Environmental Protection Agency (EPA) approval. Thus, environmental groups, government agencies and especially companies, their legal counsel and independent accountants should become familiar with ISO 14000 standards. Exhibit 2 provides a list of resources, for CPAs who want to learn more about environmental issues and ISO 14000.

It is important for CPAs to realize that ISO 14000 standards are the product of nongovernment organizations. Compliance is voluntary and there is no requirement for external verification. ISO 14000 services are divided into six categories:

  1. Environmental management systems.
  2. nvironmental auditing.
  3. Environmental labeling.
  4. Environmental performance evaluation.
  5. Life-cycle assessment.
  6. Environmental aspects in product standards.

The ISO 14000 and ISO 9000 standards share much in common:

  • Both are management driven, focusing on conformance to an organization's targets and objectives.
  • They have similar registration processes.
  • Both provide adequate flexibility to permit their integration into all aspects of an organization's operations.

It is likely that ISO 14000 standards eventually will become part of the overall ISO 9000 quality control standards. This will allow organizations to register for both at once, thereby reducing the cost of registration and third-party verification.

The role of CPAs in this emerging service area is twofold. The first is to aid employers and clients in precertification activities, including developing EMS, conducting environmental audits and evaluating environmental performance. The second role for public practitioners is to help clients obtain ISO 14001 registration by evaluating their products for compliance with ISO 14000 standards, including guidelines for life-cycle assessment, environmental labeling and environmental aspects in product standards.

 

A TOOL FOR IMPROVEMENT

An EMS is a system for improving an organization's environmental performance. Its main objectives are to protect the environment and prevent pollution of all kinds. An EMS also helps companies define environmental goals, policies and procedures and demonstrate to third parties the company's commitment to environmental excellence. Companies can achieve these objectives by

  • Defining environmental goals and missions.
  • Developing adequate and effective environmental policies and procedures.
  • Properly documenting these policies and procedures and communicating them to affected personnel.
  • Ensuring compliance with the entity's established environmental policies and procedures.

Adopting an EMS should provide management with information on how the organization performs with respect to both externally mandated environmental requirements and internally established objectives and policies. Exhibit 3, presents the principles of an EMS and describes outside auditors' involvement in helping clients achieve these goals.

Businesses wishing to obtain ISO 14001 certification should comply with all applicable standards and go through the independent evaluation and approval process, which consists of

  • Establishing and implementing an appropriate EMS.
  • Filing an application for ISO 14001 certification.
  • Showing documentation regarding environmental policies, procedures, employee training and auditing.
  • Being assessed by registrars regarding compliance with ISO 14000 standards.
  • Being approved and registered to ISO 14001 standards.

The ISO itself does not issue certificates or conformity with ISO 14000. The certification is conducted independently by bodies worldwide. Accredited registrars are available worldwide. However, organizations can chose not to certify or to self-declare their conformance with the ISO 14001 requirements. The database of registrars is available at www.iso14000.net.

What is ISO?

The International Organization for Standardization (ISO) is a private global federation created in 1946 to promote the development and implementation of uniform standards facilitating the international exchange of goods and services. The most well-known standards published by the organization are the ISO 9000 quality assurance and quality management standards. These were developed between 1979 and 1986, published in 1987 and revised in 1994. More than 343,600 companies worldwide have been certified to one of the ISO 9000 quality control standards. Additional information about the organization is available at www.iso.ch

Upon approval, a company will receive a certification to ISO 14001 and be listed in a register or directory. The company also will receive all the benefits of registration, including enhanced compliance with environmental laws and regulations; a demonstrated commitment to environmental performance, accountability and responsibility and an overall improvement in efficiency in providing products and services.

CPAs can help clients and employers establish an EMS. To establish the system, both internal and external auditors can use Internal Control-Integrated Framework, a report issued in 1992 by the Committee of Sponsoring Organizations of the Treadway Commission—especially the five components of internal controls. An adequate and effective system requires a company to establish environmental management "policies & procedures" across the entire business, including accounting and auditing services. Exhibit 4, provides examples of such policies and the related controls over EMS associated with each of the five control components specified in the COSO framework.

CPAs can help clients or employers establish an EMS in three ways:

  • Identify environmental problems. The first step in managing environmental requirements is to know the problems. Managers at all levels should pay sufficient attention to the environmental impact of their actions and must make compliance with ISO 14000 standards as well as other laws and regulations on the environment a high business priority.
  • Create a proactive approach to managing environmental problems and risks. The EMS and management's approach to environmental concerns and compliance with ISO 14000 standards should be proactive, rather than passive or reactive. The success of the EMS depends on the "tone at the top"—management's commitment to making sure environmental concerns and controls are everyone's business. The EMS should come from the top down in the form of policy statements and actions. The system's policies, procedures and guidelines must be carefully designed, properly communicated to all affected personnel and complied with. The EMS should not only respond to environmental problems and risks but also prevent them by making employers aware of applicable laws, regulations and standards.
  • Int egrate the EMS into the internal control structure. Companies should integrate the EMS with other critical internal control functions, as the COSO report suggests. Under ISO 14000, environmental considerations should be part of virtually every major corporate decision.  

THE SCOPE OF ENVIRONMENTAL AUDITING

Environmental auditing is a term that encompasses a wide range of environment-related management activities, including compliance audits, liability audits, waste management audits, risk assessments, reviews and management systems audits. Companies use environmental auditing as a means of responding to the increasing number of laws and regulations, pressure from external constituents and the need to properly manage environmental risks and concerns.

With ISO 14000, environmental auditing extends to continuous monitoring of an organization's environmental performance by

  • Reviewing the adequacy of the established EMS in achieving an organization's environmental goals.
  • Assessing proper documentation and communication of environmental policies and procedures to all affected personnel.
  • Investigating effective compliance with these policies and procedures in achieving environmental goals.
  • Conducting periodic reviews of the EMS to ensure it responds as planned.
  • Taking corrective actions to eliminate noncompliance and nonconformance with ISO 14010, 14011, and 14012 standards (see exhibit 1).

ISO 14000 standards provide guidelines for

  • The audit process, including sufficient resources and cooperation from the auditor.
  • Proper conduct of audit procedures from preliminary document review to preparing the final audit report.
  • Selecting internal and external auditors, ensuring adequate training and proficiency, experience and education.

Statement on Standards for Attestation Engagements no. 3, Compliance Attestation, governs the auditing of an entity's compliance with ISO 14000. SSAE no. 3 provides guidance for engagements related to management's assertions regarding compliance with environmental laws and regulations, especially ISO 14000 standards. Public practice CPAs may perform agreed-upon procedures to help users evaluate entities' environmental activities and performance. It is management's responsibility to ensure that the entity's environmental practices are consistent with the goals it has set and comply with applicable laws, regulations and standards; it is the auditor's responsibility to assess the entity's compliance with ISO 14000 standards and other applicable laws and regulations.

Since ISO 14000 standards do not require external verification, there is currently no mandatory requirement for organizations to have an environmental audit. The EPA and the U.S. Department of Justice have, however, publicly encouraged companies to conduct such audits. Market-driven forces may also encourage--or even compel—the use of these audits if entities worldwide are required to objectively verify their environmental performance and the EMS to compete effectively.  

TRAINING RESOURCES

To respond to the growing demand for environmental auditing, the Institute of Internal Auditors and the Environmental Auditing Roundtable established the Board of Environmental Auditor Certification in 1997. The BEAC is an independent, not-for-profit organization that certifies environmental auditors based on ISO 14000 standards and other key criteria.

The International Auditor and Training Certification Association (IATCA) is another voluntary worldwide organization established to sponsor and operate programs for uniform international training and certification. IATCA has provided certifications and auditor training course approvals in the QMS ISO 9000 series. A specific working group has begun preparing certifications and auditor training courses for environmental auditors. (For more information on IATCA EMS programs, check the Registrar Accreditation Board (RAB) Web site at rabnet.com). RAB provides several choices of auditor certification programs and multiple certification grades to match candidates' experience level and need.  

FACING THE CHALLENGE

Environmental issues have been a major challenge for corporations since the 1960s. They will continue to become increasingly important in the years following the issuance of ISO 14000 standards. These standards help businesses worldwide manage their environmental requirements by establishing EMS. An adequate and effective system can improve compliance with relevant laws, regulations and standards; reduce environmental liability exposure; prevent pollution and waste and create a positive public image.

Businesses of all sizes and across all industries are likely to take steps to obtain ISO 14001 certification. Financial managers should be prepared for this challenge by beginning to assess the environmental safeguards their companies already have in place. CPA firms should become aware of this emerging market for their services by obtaining registration status and providing ISO 14000 registration services as third-party registrars. This opportunity for CPAs can be non-seasonal, time-independent, universally applicable to any industry and financially rewarding.

SPONSORED REPORT

Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.

QUIZ

News quiz: IRS warning on cyberattacks and a change in pension rules

Once again, the IRS sounds the alarm about a threat from cyberthieves. See how much you know about this and other recent news with this short quiz.

CHECKLIST

Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.