Corporate Sustainability Reporting (CSR) began over 25 years ago with the Global Report Initiative (GRI). Since then, use of CSR information by investors and potential customers has increased. Unlike financial reporting, the accuracy and truthfulness of sustainability information has been mostly unregulated leading to abundant misstatements aka, greenwash in CSR and other sustainability reports. Stakeholders, including investors, customers and others are increasingly requesting robust qualitative and quantitative sustainability data and information to base their economic decisions on. These stakeholders are looking for assurance from competent providers to help them confirm the information they are using is true. Assurance service providers now have several protocol they can follow when verifying sustainability information.
The following is a brief description of some of the protocol being developed to perform assurance of sustainability information.
ISO 14019 Series – Validation and Verification of Sustainability Information
ISO is developing standards in the ISO 14019 series titled Validation and Verification of Sustainability Information. This series is designed to cover all types of sustainability information including Environmental, Social and Governance (ESG). Green house gas emission information is one example of the types of information these standards will cover. Other types of information will include information and claims about:
amount of waste sent to a landfill,
water the organizations uses and discharges as waste water.
emission of other toxic pollutant to the atmosphere,
assertions about occupational health and safety performance.
The series will include:
14019-1 General principles and requirements for validation and verification 14019-2 Principles and requirements for verification processes 14019-3 Principles and requirements for validation processes 14019-4 Principles and requirements for bodies validating and verifying sustainability information.
The United States Security and Exchange Commission (SEC)
Recently the SEC took action against organizations using misleading sustainability information to market their financial products. SEC is also enhancing its authority to further regulate misstatements with issuance of the long anticipatedClimate Disclosure Rule. The SEC climate disclosure rule issued now include requiring verification of GHG information by an independent verification service provider.
International Audit and Assurance Standards Board (IAASB)
IAASB is also about to issue standards that will cover assurance of all types of sustainability information. ISSA 5000 is titled General Requirements for Sustainability Assurance Engagements. This protocol will likely be preferred by Certified Public Account firms because this protocell has been developed largely by the financial accounting profession.
What’s Next?
There are many questions about which if any of these new verification standards will be broadly accepted and by whom. ISO 14019 series may be more acceptable to non-CPAs including sustainability consultants. Other questions include who, if anyone will accredit the assurance bodies. This field of practice is developing quickly so stay tuned. We should have answers to these questions soon. If you have any questions contact us here.
Kevin Lehner is the Chair of the US Technical Advisory Group Sub TAG that is developing the ISO 14019 series. He is also the Vice Chair of the US Technical Advisory Group to TC 283 and represents the American National Standards Group international for the development of ISO 45000 series of standards on occupational health and safety. His practice includes performing certification audits, training auditors and help organizations integrate ISO 14001 and 45001 into their other business management systems.
Compliance audits confirm an organization’s compliance status with environmental and occupational health and safety regulations. Audits also help manage risk of violations and fines. Customers, boards of directors and others care about EHS regulatory compliance and use audit results to make important business decisions. EHS audits will become even more important in the future as more organizations seek independent verification of their EHS and ESG performance.
Opening Meeting
An EHS compliance audit can be intimidating for an organization. Conducting an opening meeting helps to:
Explain the purpose, scope, and objective(s) of the audit.
Introduce the audit team, the auditee leadership and audit participants.
Present the audit schedule.
Discuss who has authorized the performance of the audit and why.
Describe how evidence will be collected during the audit.
Review how audit results will be reported.
Participation of leadership at the opening meeting helps communicate support for the audit process and expectations for employee participation in the audit.
Collecting EHS Compliance Audit Evidence
In Part 1 of this series, we discussed how to plan an EHS compliance audit focusing on what matters (materiality). Auditors use the audit plan to develop audit trails that result in positive or negative evidence of compliance. A questions like “tell me about the processes operated in this department” is often a good starting point for developing audit trails. Here is an example follow-up questions an auditor could ask to further develop the compliance audit trails.
Auditor: I see the metal parts grit blast process is operating today. What kind of parts are you blasting now.
Auditee: We are cleaning several hundred parts before they are electroplated.
Auditor: What are some of the important environmental aspects and OHS hazards you need to consider when operating the grit blaster and dust collector when cleaning stainless steel parts?
A well-prepared auditee will have identified the environmental and occupational health and safety regulations before the audit. Figure 1 is an example of a risk analysis tool that helps prepare for an audit and helps auditors identify important areas to audit. For more information about risk analysis watch this Risk Overview brief video. Learn more about CorrectTrack app.
Figure 1- EHS risk analysis tool
Tools like CorrectTrack provide a listing of environmental aspects and OHS hazards. The list helps quickly identify important aspects and hazards that are good candidates for improvement or for developing audit trails. The highlighted row in Figure 1 is an example of an environmental aspect to check during an audit. Clicking on Risk ID 803 link shows the risk detail page (Figure 2).
This page shows important details about a dust emissions risk and provides links to other information like risk controls, applicable compliance obligations and related files. Clicking on the link under “Files” provides more detailed information (Figure 3). The red box in Figure 3 shows the specific requirements (risks) that need to be addressed or that are (audit criteria) an auditor can check.
Figure 3 – Air Permit Audit Criteria for Dust Collector
Collecting And Evaluating Evidence
An audit checklist can help jog an auditor’s memory of the audit trails they want to follow. Checklists can be as needed. A good checklist points the auditor to what they are trying to prove true. It should be more than a simple check the box yes or no checklist. Check the box checklists discourage looking for and recording evidence of conformity of compliance and should be avoided
The best checklists are prepared by the auditor before or during the onsite portion of the audit. They are specific to the process being audited and the requirement being assessed. The line of questioning can be spontaneous and not always needs to be documented. The questions can be recorded on the spot in the auditors notes along with any evidence observed. Often, audit questions will lead to another question as the auditor follows the audit trail trying to get to the ultimate evidence that a requirement is being met.
Auditor Notes
Auditors need to be able to take good notes during the audit. This helps them recall the details of the audit when preparing the audit report. Notes need to record the evidence the auditor observed during the audit. This can be evidence of conformity or not. Being able to show what the auditor saw or heard during the audit is an important part of the audit process. Good note taking skills are one of the competencies auditors need to possess and continually develop.
Preparing EHS Compliance Audit Findings
Auditor notes are the evidence of conformity, but sometimes the audit shows things are not the way they are supposed to be. Auditors call these nonconformance’s, or potential noncompliance findings. There are many formats for preparing these negative findings. One approach is to write the negative finding in three parts:
1. the requirement, 2. the finding and 3. the evidence that supports the finding
The requirement part of the finding describes the audit criteria the auditor was trying to prove true. It can be a regulatory requirement or a requirement the organization has set for itself. The finding part is a statement of what the problem was, and often refers to the requirements. The evidence part of the audit finding is a summary of what an auditor saw that led them to the conclusion there was a nonconformity.
The following is an example of a negative finding for potential noncompliance with a State issued Title V air emission permit.
Requirement: [s. NR 439.055(2)(a), Wis. Adm. Code, 02-DCF-178] The pressure drop across the dust collector baghouse shall be measured and recorded once every 8 hours of operation or once per day, whichever yields more measurements.
Finding: Auditee not able to produce records of baghouse pressure drop readings
Evidence: No records of metal finishing baghouse pressure drop were able to be produced for 2nd & 3rd shift when baghouse was operating in May 2023.
Communicating EHS Compliance Audit Findings
When a negative finding is made auditors should try to get consensus with auditee that the finding is valid. This will help avoid disagreement on the validity of a finding during the closing meeting. This also helps confirm the auditee has a clear understanding of what was wrong so they begin to fix the problem. Well written findings also help auditees identify appropriate corrective actions. A correction is a quick fix to “stop the bleeding”. A corrective action prevents the nonconformity from recurring.
Closing Meeting
A closing meeting should be held for all EHS audits. During the closing meeting the audit team shares the results of the audit with the auditee. The closing meeting should include the following:
Audit findings
Audit conclusions
Audit recommendations (if appropriate)
Circumstances that affected confidence in the audit results
Audit report timing and distribution
Follow-up actions to be taken by the auditors and auditee
Process for appealing an audit finding or conclusion
Conclusion
This is Part 2 of a three-part article about environmental and health and safety (EHS) auditing. Part 1 discussed how to plan an EHS audit. In Part 3 of this series we will explore how to follow-up on an audit including preparing an audit report, approving corrective actions and verifying corrective action effectiveness during subsequent audits.
ECSI provides auditing, consulting and training services to organizations interested in improving their EH&S performance. For more information, contact us.
ISO 45001 is an international standard that helps organizations improve Occupational Health and Safety (OHS) performance. The ISO 45001 standard can be used to ensure workers are safe by protecting them from workplace injury and ill health. As the Vice Chair of the US Technical Advisory Group to ISO 45001, I have been seeing a significant rise in awareness of ISO 45001 benefits. Environmental Compliance Systems, Inc has also helped many organizations plan, implement and integrate an ISO 45001 OHSMS with their other business management systems. A recent webinar produced with ASSP describes the many benefits of an ISO 45001 OHSMS. Here is a link to free ASSP webinar: https://player.vimeo.com/video/844292169?. Please watch if you are interested in improving your organizations OHS performance.
