Pro-Tips for Best EHS Audits (Part 2): Conducting an EHS Compliance Audit

Compliance audits confirm an organization’s compliance status with environmental and occupational health and safety regulations. Audits also help manage risk of violations and fines. Customers, boards of directors and others care about EHS regulatory compliance and use audit results to make important business decisions. EHS audits will become even more important in the future as more organizations seek independent verification of their EHS and ESG performance.

Opening Meeting 

An EHS compliance audit can be intimidating for an organization. Conducting an opening meeting helps to: 

  • Explain the purpose, scope, and objective(s) of the audit.
  • Introduce the audit team, the auditee leadership and audit participants. 
  • Present the audit schedule.
  • Discuss who has authorized the performance of the audit and why.
  • Describe how evidence will be collected during the audit.
  • Review how audit results will be reported.

Participation of leadership at the opening meeting helps communicate support for the audit process and expectations for employee participation in the audit.

Collecting EHS Compliance Audit Evidence 

In Part 1 of this series, we discussed how to plan an EHS compliance audit focusing on what matters (materiality).  Auditors use the audit plan to develop audit trails that result in positive or negative evidence of compliance. A questions like “tell me about the processes operated in this department” is often a good starting point for developing audit trails. Here is an example follow-up questions an auditor could ask to further develop the compliance audit trails. 

Auditor: I see the metal parts grit blast process is operating today. What kind of parts are you blasting now.

Auditee: We are cleaning several hundred parts before they are electroplated.

Auditor: What are some of the important environmental aspects and OHS hazards you need to consider when operating the grit blaster and dust collector when cleaning stainless steel parts?

A well-prepared auditee will have identified the environmental and occupational health and safety regulations before the audit. Figure 1 is an example of a risk analysis tool that helps prepare for an audit and helps auditors identify important areas to audit. For more information about risk analysis watch this Risk Overview brief video.  Learn more about CorrectTrack app.

EHS risk analysis tool
Figure 1- EHS risk analysis tool

Tools like CorrectTrack provide a listing of environmental aspects and OHS hazards. The list helps quickly identify important aspects and hazards that are good candidates for improvement or for developing audit trails.  The highlighted row in Figure 1 is an example of an environmental aspect to check during an audit.  Clicking on Risk ID 803 link shows the risk detail page (Figure 2).

Grit Blast Dust Emission Environmental Risk Detail
Figure 2 – Grit Blast Dust Emission Environmental Risk Detail

This page shows important details about a dust emissions risk and provides links to other information like risk controls, applicable compliance obligations and related files. Clicking on the link under “Files” provides more detailed information (Figure 3). The red box in Figure 3 shows the specific requirements (risks) that need to be addressed or that are (audit criteria) an auditor can check.

Air Permit Audit Criteria for Dust Collector
Figure 3 – Air Permit Audit Criteria for Dust Collector

Collecting And Evaluating Evidence 

An audit checklist can help jog an auditor’s memory of the audit trails they want to follow. Checklists can be as needed. A good checklist points the auditor to what they are trying to prove true.  It should be more than a simple check the box yes or no checklist. Check the box checklists discourage looking for and recording evidence of conformity of compliance and should be avoided

The best checklists are prepared by the auditor before or during the onsite portion of the audit. They are specific to the process being audited and the requirement being assessed. The line of questioning can be spontaneous and not always needs to be documented. The questions can be recorded on the spot in the auditors notes along with any evidence observed. Often, audit questions will lead to another question as the auditor follows the audit trail trying to get to the ultimate evidence that a requirement is being met.

Auditor Notes

Auditors need to be able to take good notes during the audit. This helps them recall the details of the audit when preparing the audit report. Notes need to record the evidence the auditor observed during the audit. This can be evidence of conformity or not.  Being able to show what the auditor saw or heard during the audit is an important part of the audit process. Good note taking skills are one of the competencies auditors need to possess and continually develop.   

Preparing EHS Compliance Audit Findings 

Auditor notes are the evidence of conformity, but sometimes the audit shows things are not the way they are supposed to be.  Auditors call these nonconformance’s, or potential noncompliance findings. There are many formats for preparing these negative findings. One approach is to write the negative finding in three parts:

1. the requirement,
2. the finding and
3. the evidence that supports the finding

The requirement part of the finding describes the audit criteria the auditor was trying to prove true.  It can be a regulatory requirement or a requirement the organization has set for itself.  The finding part is a statement of what the problem was, and often refers to the requirements. The evidence part of the audit finding is a summary of what an auditor saw that led them to the conclusion there was a nonconformity.   

The following is an example of a negative finding for potential noncompliance with a State issued Title V air emission permit. 

  • Requirement: [s. NR 439.055(2)(a), Wis. Adm. Code, 02-DCF-178] The pressure drop across the dust collector baghouse shall be measured and recorded once every 8 hours of operation or once per day, whichever yields more measurements.  
  • Finding:  Auditee not able to produce records of baghouse pressure drop readings
  • Evidence: No records of metal finishing baghouse pressure drop were able to be produced for 2nd & 3rd shift when baghouse was operating in May 2023. 

Communicating EHS Compliance Audit Findings

When a negative finding is made auditors should try to get consensus with auditee that the finding is valid. This will help avoid disagreement on the validity of a finding during the closing meeting. This also helps confirm the auditee has a clear understanding of what was wrong so they begin to fix the problem. Well written findings also help auditees identify appropriate corrective actions. A correction is a quick fix to “stop the bleeding”. A corrective action prevents the nonconformity from recurring.  

Closing Meeting

A closing meeting should be held for all EHS audits. During the closing meeting the audit team shares the results of the audit with the auditee. The closing meeting should include the following:

  • Audit findings
  • Audit conclusions
  • Audit recommendations (if appropriate)
  • Circumstances that affected confidence in the audit results
  • Audit report timing and distribution
  • Follow-up actions to be taken by the auditors and auditee
  • Process for appealing an audit finding or conclusion

Conclusion

This is Part 2 of a three-part article about environmental and health and safety (EHS) auditing. Part 1 discussed how to plan an EHS audit. In Part 3 of this series we will explore how to follow-up on an audit including preparing an audit report, approving corrective actions and verifying corrective action effectiveness during subsequent audits. 

ECSI provides auditing, consulting and training services to organizations interested in improving their EH&S performance. For more information, contact us.

A True Story – Why ISO 14001 Works

Background

It has been over seven years since we first began helping a medium sized automotive equipment manufacturer in the midwest implement a company wide ISO 14001 EMS. They were getting pressure from their customers to prove they were good environmental performers and an ISO 14001 certificate was the best solution. We helped them with environmental aspects, setting up the EMS and identifying regulatory compliance requirements. As we were completing the project we performed a round of internal audits to check that each facility was complying with the applicable  legal requirements.

The Audit Finding

One of the findings of our compliance audit was that at one location, the company was operating unpermitted production painting equipment. The audit team could find no records of correspondence with the State permitting authority about this new equipment. It had been commissioned sometime after an initial Title V permit application had been prepared for the facility. The paint operation was an important part of the manufacturing process and it was not possible to simply shut the process down. Doing so would have resulted in delayed shipment of product and dissatisfied customers.

The Response

Although the discovery of this potential noncompliance was uncomfortable news for the organization, at least they now had a better picture of the potential risks they were facing. They examined the process closely and decided that it was time to upgrade. They worked it out with the state permitting authority to replace the old system with a new more efficient paint system.

Fast Forward

Over the last several years we have continued to perform periodic EH&S compliance, ISO 14001, and OHSAS 18001 internal audits to support their continued certification to these standards.. During a recent compliance audit at one of the facilities we were delighted to see a new process being installed. It means the company continues to grow but, from an auditors perspective, the stack ducting through the roof becomes a great opportunity to check the EMS effectiveness to control noncompliance risk. As we walked by the new process I could see the auditee cracking a half smile as I asked a few questions about the new equipment and construction underway. He knew where this audit was going.

The audit was actually a combined one-day environmental and OSHA compliance audit so we had a lot of ground to cover in 8 hours. When the audit schedule called for review of compliance with state air emission permits, I asked what they knew about the potential emission from the new process. The audtee said “the process had the potential to emit a hazardous air pollutant at levels requiring permitting before installation of the equipment”.  The auditee then produced the construction permit they had been issued by the state?  The EMS had worked to help the organization identify the need to obtain a permit, well in advance of beginning construction on the new process.

Results Matter

Discovery of unpermitted emission sources during internal and compliance audits is not uncommon for us even today. Helping organizations identify and manage risks of noncompliance in the short term provides some satisfaction in our work. But having the opportunity to see the results of an effective EMS that we helped implement and, how that EMS has helped manage risks long term, is particularly gratifying.

Skepticism of the benefits of ISO 14001 will continue to linger especially with the uniformed. However, organizations interested in managing environmental risk and becoming more sustainable need to understand how the audit processes, embedded in ISO 14001, can be used to support an organizations sustainability efforts, promote successful outcomes and provide confidence by other stakeholder that environmentally, things are as they should be.