To be franked, it is important for the first time comprehensive audit needs detail and stringent precedent as this will ensure the company or organization follow the procedures strictly. If this is not done, the follow up audit or surveillance audit will not be prudent and most probably there could be many non-conformances. Worst the company may be re-audited as to ensure the quality of the systems, documentations and trained staff are up to the standard required. Mind you, ISO 14001 or 18001 is not only involved with documented procedures as in ISO 9001 but it involves with Aspects and Risk Identifications and Evaluations. The activities conducted are mainly regulatories and strict adherence to the environmental and safety & health laws. If such audit is not conducted according to the required standard, which are also reflected to the laws applied, it may as well the company does not proceed to obtain the ISO 14001 certification. As for auditors who are conducting such audit, it is your responsibilities that to what ever the outcome, the standard requirements must be up held to the highest level and the required regulatory are strictly practice and adhered to. There should not be any such double standard practice as 'leniency' during any stages of audits because of business purposes. Remember the ethics and etiquettes as an ISO auditor? If you 'misbehave' during the audits, it may as well that you terminate yourself as an ISO auditor. Cheers. 

Dear Adam,

Thank you so much for making the point about "Mind you, ISO 14001 or 18001 is not only involved with documented procedures as in ISO 9001 but it involves with Aspects and Risk Identifications and Evaluations"...exactly the point I was trying to make with respect to my previous post about a blogger who feels that, according to his review, companies that are ISO 14001 certified, can pollute as much as they want, as long as they are certified.  That flies in the face of EMSs that are built upon programs and procedures that clearly reflect the significant aspects of the facility upon which the EMS was designed.  EMSs designed in such fashion are not "cookie-cutter" designs, but rather, tailored to the specific facility and its unique significant aspects.  Please refer to my previous thread about the blogger and weigh in.

All the best, Adam.

Regulators must pay more attention in implementing it. Regulators must also obtain compliance report in this respect. Currently it is not take very seriously.

If an organization is not certified to ISO 14001 or OHSAS 18001, the Risk Assessment portion would be something extra to take a look into. Or perhaps to the very least, try looking into aspect-impact tool, which include "Risk-based Scoring", to classify the risks and address individual risk and turn them into continuous improvement program.