The purpose of an EHS audit follow-up is to check that EHS risk, including risk of noncompliance, is managed to a level that the organization considers acceptable. Noncompliance with applicable government laws and other requirements are examples of EHS risk sources that need to be controlled. An EHS audit checks that risk controls are in place and effective. Risk controls can be engineering controls like air pollution control devices, administrative controls like training and work instructions and others.
EHS Audit Findings
The results of an audit are called findings. These can either be positive findings that the controls are in place and effective, or negative. Negative findings are nonconformance’s. Positive findings are good news but not something the organization needs to act on. Positive findings confirm that “what should be is” and that “what should not be is not.
Negative findings however are actionable and create opportunities to improve EHS performance. In Part 2 of this EHS Compliance Audit series, we discussed how negative findings are written and communicated verbally at the end of the audit. As a follow-up to the active evidence gathering and verbal reporting, a written report should be prepared and distributed to document the results of the audit.
Preparing the EHS Audit Follow-Up Report
The audit report presents the results to the auditee and others and helps an organization gauge EHS performance. The report should be concise and to the point and the tone of the report should be factual and nonjudgmental.
A key part of the EHS audit follow-up report are the negative findings that were made during the audit. The EHS audit follow-up report formalizes the findings in a way that the auditee can act on them. The reported negative findings need to include enough information so that they can be investigated and ultimately fixed in a way that they do not happen again.
Here is an example outline for an EHS audit follow-up report.
- Executive Summary
- Background Purpose and Scope
Correction and Corrective Action
Negative EHS audit findings point to EHS risks that need to be better controlled. They are the result of a potential noncompliance with a legal requirement or discovery of some other issue. If left uncorrected they can increase risk and lead to enhanced legal action by a regulatory agency (knowing and willful violation). To avoid exposure to these enhanced penalties, it is important that organizations have a good corrective action process in place.
There are 5 steps in an effective corrective action processes.
- Short Term Correction
- Investigate the Cause
- Identify a Corrective Action
- Implement the Corrective Action
- Verify the Corrective Action is Effective
The following is a brief description of these steps.
Short Term Correction
Findings that identify a potential serious risk need to be addressed as soon as possible. Continuing to operate equipment that exposes workers to injury after a finding is made is bad business. If a worker were to become injured after the nonconformance was reported the penalties and fines could escalate dramatically. A correction to quickly reduce the risk from the nonconformance needs to be put in place as soon as practical.
Investigate THE Cause
Once the correction has been put in place a corrective action plan needs to be established. Responsibility to investigate the cause of an audit finding should be assigned to someone with knowledge of and experience with the corrective action process. This knowledge and experience will help identify the root cause of the finding. Once the root cause is established an appropriate corrective action can be proposed that prevents the problem from recurring in the future.
Knowledge and use of root cause analysis tools like “5 Why Cause Analysis” ensure the cause of the unacceptable risk level is identified. Here is an example a “5 Why Cause Analysis”.
This example is for an incident that happened at a roll calendar for polishing extruded plastics sheets. An employee was caught in an in running nip between the rolls and luckily only sustained a recordable injury. This incident could have easily been an amputation or a fatality.
|Why was the OHS hazard of being caught in the nip on the calendar not addressed?||The machine was new, and no one thought to do a Job Safety Analysis (JSA) before it was installed and operated.|
|Why did no one perform a JSA?||Performing a JSA to review potential OHS hazards and risk are not part of the capital investment approval process.|
|Why was OHS hazard and risk review not part of the capital investment process?||The manager of the extrusion department manager did not know that a JSA hazard and risk review should be undertaken for all new equipment as part of the purchase process.|
|Why was extrusion department manager unaware of the need to review hazards and risks for new equipment?||An existing employee had recently been promoted to manager of the extrusion department and they had not been informed of the requirement.|
|Why had the new extrusion department manager not been informed?||Our organization has not established a process to identify training needs and provide training to employees when they transfer to a new position within the company.|
Identify a Corrective Action
Once the cause is established, a suitable corrective action can be identified to reduce the risk to an acceptable level. The effort needed to identify a suitable corrective action is proportional to the finding risk level. The higher the risk, the more effort needed to figure out the best way to address it. A finding that an emergency evacuation map could be hidden behind a door when it is opened, is much easier to correct than the finding of an ineffective control to treat wastewater discharge to a municipal sanitary sewer.
The cause analysis process should have an approval step to confirm the cause analysis was performed with skill and that the corrective action is aligned with the identified cause of the finding. This review and approval can be done by the auditor who made the finding or others in the organization who can impartially review the cause and proposed corrective action.
If the cause and/or the proposed corrective action are found to be deficient during the review, the assignees should be consulted and asked to rethink the cause analysis and corrective action. The evaluation and approval of potential corrective actions requires striking a balance between risk and opportunity. It is not possible to reduce all risk levels to zero.
Some processes have hazards with risk that are difficult to control and the organization needs to think carefully about what level of risk it is willing to accept. In running nips on plastic extrusion rollers is a good example. It is very difficult to properly guard an in running nip on these machines. The guard would prevent the process from working properly.
As a result, the corrective action cannot be the elimination of the hazard or installation of a physical guard (engineering control). Instead, there may need to be several independent controls such as installing a rope e-stop, providing training to employees on how to operate the process safely and even evaluating the operators competence to ensure they understand the hazard and the associated risk.
Once both the cause and the corrective action(s) are approved the assignee should be authorized to implement the corrective action.
Implement the Corrective Action
The implementation of the chosen corrective action may take days, weeks or even months depending on what needs to be done. Moving an emergency evacuation sign to a better location can be done almost immediately while designing and installing an upgraded wastewater treatment process may take many months.
Verify the Corrective Action is Effective
Verification that the corrective action has been implemented and that it is effective is the last step in the process. It confirms that the problem causing risk, has reduced that risk. The verification can be done upon completion of the corrective action or during the next audit. When the corrective action is verified, it can be closed.
Tracking EHS Audit Corrective Action Progress
Historically, keeping track of progress toward completing corrective action was done with paper forms that went from in-basket to in-basket. Once complete they were placed in a file drawer for storage. Later, electronic methods including excel spreadsheets and other types of electronic documents were used with some success. However, these tracking methods require much effort and often lead to miscommunications or missed deadlines of incomplete corrective actions for findings. The result was the corrective action process was not successful in reducing risk in a timely fashion and increased risk to the organization.
Within the last few years cloud-based applications have emerged that solved many of the problems with paper or spreadsheet corrective action tracking systems. These applications allow quick access to users and are readily accessible almost anywhere.
Cloud based database applications help organizations quickly find the status of any CA and drill down to details for each CA.
Applications like CorrectTrack establish users permissions to view, change, verify and approve corrective actions. A permissions based peer review process also helps ensure that corrective actions are investigated thoroughly and verified before they are closed.
Other advantages of a cloud based app like CorrectTrack are:
- Notify persons of status changes of a CA
- Define a standard process for doing CA
- At a glance dashboards for users
- Provide notifications when CAs are coming due, or past due
- Provide a record of who changed what, when and why
- User permissions allow visibility of the CA system to leadership
Effective corrective action processes are powerful tools that help organizations improve EHS performance over time. Investing in, and continually improving the corrective action process will provide a significant short term and long term return.
This EHS Audit Follow-up post is part 3 of a three part article on EHS Auditing. Part 1 and 2 discussed how to plan an EHS audit and conduct an EHS audit. This concludes our three-part series on EHS audits.