EHS Auditing In Trying Times
May 26, 2009 at 1:30 pm 9 comments
Frank Brandauer
After attending The Auditing Roundtable’s Spring Meeting I was struck by just how far EHS Auditing has come for something that effectively did not exist 25 years ago.
While often viewed as just a compliance tool, I believe that its true capabilities are often misunderstood and undervalued. Audits, like nothing else can actually drive change, deliver training, demonstrate organizational commitment, administer internal consequences, provide Board of Director level exposure and finally, improve compliance.
So how are we doing, what is the state of EHS Audit Programs today? To me it is not so clear, here are some of the view points that I heard being discussed;
- Most programs are doing remarkably well given the impacts of recent cost cutting efforts.
- Many programs have been slowing falling behind given acquisition growth over the last decade and recent budget cuts.
- Only a small number of companies still have a robust EHS Audit function and those are limited to organizations that have experienced compliance driven consent orders or Board mandated compliance programs.
- With the rise of EHS Management Systems and related System Audits, the actual need for Compliance Audits has been reduced.
Initially, auditing emerged in reaction to the fear of enforcement actions. Have we lost this driver given changes in enforcement in the U.S. and the lack of enforcement in developing countries? Or will our current financial problems bring enforcement back into popularity?
How robust and effective is your Audit program? Given the maturity of many audit programs and the current economic and regulatory situation, is it a time for a change?
Entry filed under: EHS Management, EHS Policy, EHS Skills. Tags: Auditing, Compliance, Compliance Assurance, EHS Auditing.
1.
Dean M. Calhoun, CIH | May 26, 2009 at 4:16 pm
It has been my experience that since most companies have been focusing on an EH&S Management Systems approach, the need for auditing has lessen. Audit now tend to be risk-based, or self-assessment based. Audits should focus on reducing operational costs and risks.
Dean M. Calhoun, CIH
Affygility Solutions
2.
Alex Pollock | May 27, 2009 at 12:32 pm
Interesting topic Frank. Thanks.Two critical success factors in my view are knowledgeable people given the structure and support to deep drill (not a surface prod) and surface strengths and weaknesses..and the executive leadership interest in knowing about these findings and passion to close gaps. Without these you can easily burn budget,frustrate the auditors/auditees and anger executives when the holes in programs get revealed.
3.
Stephen Evanoff | May 28, 2009 at 12:29 am
Bravo Frank. You make a good point that well-designed audit programs do much more than identify non-compliance.
My comment builds on those of Alex and Dean. My observation has been that, in practice, organizations with mutiple operating units and locations that scale-back their traditional corporate-level compliance auditing activities and, instead, rely more on the facility-level ISO 14001-type EMS for compliance assurance are vulnerable to fundamental non-compliance at the facility level that may go undetected by corporate and, over time, result in bad outcomes for the entire enterprise (i.e., fines, penalties, lawsuits, serious injuries, fatalities). I agree with Dean that an organization with a well-crafted EMS that is executed with high fidelity should be able to reduce traditional auditing, but I think this must be done with delibration and great care. Traditional audit programs aren’t glamorous, cutting edge, or exciting, but they remain a proven and cost effective compliance assurance tool.
4.
Frank Marino | June 15, 2009 at 2:41 pm
Thanks Frank. We have had our internal audit program for about 20 years and we are wondering how to take it to the next level. We using internal EHS staff for all audits and issue graded audit scores over 5 protocols areas EHS Mgt Systems, Asset Protection, Safety, IH and Environmental. We review our questions annually and offer comprehensive auditor training annually as well. Audit results are reported to company leaders and the Board of Directors. Does anyone have thoughts on what the next level may be?
5.
Steohen Evanoff | June 18, 2009 at 7:54 am
Frank Marino:
I think the next level in the development of EHS auditing will be for the auditing activity to embrace the concept of the “learning organization.” This would entail a collaborative approach to auditing where the auditor and the entity being audited work in partnership; where best practices are identified and implemented to correct findings; and where lessons learned from the audit are shared across the entire enterprise. There are a number of tactics that can be employed to promote the “learning organization” concept. One example would be for working-level EHS SME’s serving as part of the audit teams so that they are both auditors and auditees at various times.
6.
Dennis Sasseville | June 23, 2009 at 4:40 pm
EHS audit programs today? In my experience many organizations are trying various avenues these days to try to “add value” to their audit programs through:
1) A little less worry about a strictly independent audit team as manifested by a desire to have the team provide a measure of mentoring and coaching to facility staff on compliance issues; or
2) A tendency toward management system-type reviews instead of regulatory compliance audits – but increasingly trying to couple these reviews with a more formal root cause analysis approach to corrective and preventive actions.
I do believe if the Obama administration’s USEPA (and the states) ratchet up their compliance enforcement activities again that we’ll see organizations return to a traditional EHS regulatory audit approach – but hopefully still in concert with management system reviews.
7.
lmheim | July 1, 2009 at 12:50 am
At least in the US, I really don’t think old fashioned EHS compliance audits can or will go away. However, they can certainly evolve to include a broader range of issues. “Risk” is the new buzzword right now and it presents some excellent opportunities for auditing and real EHS improvements. One idea on how to integrate risk management and EHS audits was presented at the Roundtable meeting you attended. The presentation can be viewed at http://www.slideshare.net/lmheim/roia-presentation
For anyone interested, I sponsored a survey on LinkedIn to find out what trend may exist relative to EHS audit performance/risk reduction measures. Results were interesting (202 responses in less than 24 hours) and can be viewed by LinkedIn members at http://polls.linkedin.com/poll-results/44274/mulee. If you are not a LinkedIn Member, you can view a summary of the poll results at http://elmconsultinggroup.wordpress.com/2009/06/26/do-you-measure-the-economic-value-of-ehs-risk-reductionauditing-programs/.
I have another poll on LinkedIn that is currently still open asking opinions on what you consider to be the “perfect” EHS risk reduction measurement. Please feel free to vote.
8.
Cindy Findley | July 16, 2009 at 1:09 pm
CyberRegs interviewed The Auditing Roundtable President Robert Bray and Managing Director Kathy Rieth shortly after the San Antonio conference.
http://tinyurl.com/CyberRegs-May-eNews
9.
Sergio Mateo | May 26, 2010 at 7:29 am
Sir,
My experience on this topic regarding not only EHS audits but also other important risk assessment and compliance initiatives in Europe is the following:
1) Most companies have these policies linked to their Annual Reports with board member level responsibles
2) Most companies have well structured and well thought policies to classify the different risks that the different stakeholders can pose to them (as suppliers, ie)
3) There is a vast majority of these companies that fail in the compliance of these policies, because of the distance between the middle and regional management and the top board level members, that impacts in how and when these policies and audits are put in place
4) In the cases that these audits and policies are followed there is, in most of the cases, a lack in following up how the risk profiles of the different stakeholders change over time, being these audits a “one-off” event in the life of a supplier, for example.
There is a huge breach due to the hardness of implantation and the amount of transactional work that these imply for middle managament across the enterprise and the following steps should be taken in the direction to cope with this problem.
Sergio Mateo