Filed under: EHS Management, EHS Policy, EHS Skills, EHS Trends | Tags: Auditing, Compliance, Compliance Assurance, EHS Auditing
Frank Brandauer
After attending The Auditing Roundtable’s Spring Meeting I was struck by just how far EHS Auditing has come for something that effectively did not exist 25 years ago.
While often viewed as just a compliance tool, I believe that its true capabilities are often misunderstood and undervalued. Audits, like nothing else can actually drive change, deliver training, demonstrate organizational commitment, administer internal consequences, provide Board of Director level exposure and finally, improve compliance.
So how are we doing, what is the state of EHS Audit Programs today? To me it is not so clear, here are some of the view points that I heard being discussed;
- Most programs are doing remarkably well given the impacts of recent cost cutting efforts.
- Many programs have been slowing falling behind given acquisition growth over the last decade and recent budget cuts.
- Only a small number of companies still have a robust EHS Audit function and those are limited to organizations that have experienced compliance driven consent orders or Board mandated compliance programs.
- With the rise of EHS Management Systems and related System Audits, the actual need for Compliance Audits has been reduced.
Initially, auditing emerged in reaction to the fear of enforcement actions. Have we lost this driver given changes in enforcement in the U.S. and the lack of enforcement in developing countries? Or will our current financial problems bring enforcement back into popularity?
How robust and effective is your Audit program? Given the maturity of many audit programs and the current economic and regulatory situation, is it a time for a change?
8 Comments so far
Leave a comment
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
It has been my experience that since most companies have been focusing on an EH&S Management Systems approach, the need for auditing has lessen. Audit now tend to be risk-based, or self-assessment based. Audits should focus on reducing operational costs and risks.
Dean M. Calhoun, CIH
Comment by Dean M. Calhoun, CIH May 26, 2009 @ 4:16 pmAffygility Solutions
Interesting topic Frank. Thanks.Two critical success factors in my view are knowledgeable people given the structure and support to deep drill (not a surface prod) and surface strengths and weaknesses..and the executive leadership interest in knowing about these findings and passion to close gaps. Without these you can easily burn budget,frustrate the auditors/auditees and anger executives when the holes in programs get revealed.
Comment by Alex Pollock May 27, 2009 @ 12:32 pmBravo Frank. You make a good point that well-designed audit programs do much more than identify non-compliance.
My comment builds on those of Alex and Dean. My observation has been that, in practice, organizations with mutiple operating units and locations that scale-back their traditional corporate-level compliance auditing activities and, instead, rely more on the facility-level ISO 14001-type EMS for compliance assurance are vulnerable to fundamental non-compliance at the facility level that may go undetected by corporate and, over time, result in bad outcomes for the entire enterprise (i.e., fines, penalties, lawsuits, serious injuries, fatalities). I agree with Dean that an organization with a well-crafted EMS that is executed with high fidelity should be able to reduce traditional auditing, but I think this must be done with delibration and great care. Traditional audit programs aren’t glamorous, cutting edge, or exciting, but they remain a proven and cost effective compliance assurance tool.
Comment by Stephen Evanoff May 28, 2009 @ 12:29 amThanks Frank. We have had our internal audit program for about 20 years and we are wondering how to take it to the next level. We using internal EHS staff for all audits and issue graded audit scores over 5 protocols areas EHS Mgt Systems, Asset Protection, Safety, IH and Environmental. We review our questions annually and offer comprehensive auditor training annually as well. Audit results are reported to company leaders and the Board of Directors. Does anyone have thoughts on what the next level may be?
Comment by Frank Marino June 15, 2009 @ 2:41 pmFrank Marino:
I think the next level in the development of EHS auditing will be for the auditing activity to embrace the concept of the “learning organization.” This would entail a collaborative approach to auditing where the auditor and the entity being audited work in partnership; where best practices are identified and implemented to correct findings; and where lessons learned from the audit are shared across the entire enterprise. There are a number of tactics that can be employed to promote the “learning organization” concept. One example would be for working-level EHS SME’s serving as part of the audit teams so that they are both auditors and auditees at various times.
Comment by Steohen Evanoff June 18, 2009 @ 7:54 amEHS audit programs today? In my experience many organizations are trying various avenues these days to try to “add value” to their audit programs through:
1) A little less worry about a strictly independent audit team as manifested by a desire to have the team provide a measure of mentoring and coaching to facility staff on compliance issues; or
2) A tendency toward management system-type reviews instead of regulatory compliance audits – but increasingly trying to couple these reviews with a more formal root cause analysis approach to corrective and preventive actions.
I do believe if the Obama administration’s USEPA (and the states) ratchet up their compliance enforcement activities again that we’ll see organizations return to a traditional EHS regulatory audit approach – but hopefully still in concert with management system reviews.
Comment by Dennis Sasseville June 23, 2009 @ 4:40 pmAt least in the US, I really don’t think old fashioned EHS compliance audits can or will go away. However, they can certainly evolve to include a broader range of issues. “Risk” is the new buzzword right now and it presents some excellent opportunities for auditing and real EHS improvements. One idea on how to integrate risk management and EHS audits was presented at the Roundtable meeting you attended. The presentation can be viewed at http://www.slideshare.net/lmheim/roia-presentation
For anyone interested, I sponsored a survey on LinkedIn to find out what trend may exist relative to EHS audit performance/risk reduction measures. Results were interesting (202 responses in less than 24 hours) and can be viewed by LinkedIn members at http://polls.linkedin.com/poll-results/44274/mulee. If you are not a LinkedIn Member, you can view a summary of the poll results at http://elmconsultinggroup.wordpress.com/2009/06/26/do-you-measure-the-economic-value-of-ehs-risk-reductionauditing-programs/.
I have another poll on LinkedIn that is currently still open asking opinions on what you consider to be the “perfect” EHS risk reduction measurement. Please feel free to vote.
Comment by lmheim July 1, 2009 @ 12:50 amCyberRegs interviewed The Auditing Roundtable President Robert Bray and Managing Director Kathy Rieth shortly after the San Antonio conference.
http://tinyurl.com/CyberRegs-May-eNews
Comment by Cindy Findley July 16, 2009 @ 1:09 pm