Understanding Green Tier Audits

The Wisconsin Department of Natural Resources Green Tier program has requirements for participants to perform different types of audits of their Environmental Management Systems (EMS). Understanding these types of audits and who can perform them will help ensure compliance with Green Tier. The types of Green Tier audits are:

  • EMS Internal audits
  • EMS Outside Audits
  • Regulatory Compliance Audits

Types of Audits and Frequency

EMS Internal Audits

Internal audits can be performed by the participant themselves or by independent auditors. These audits are then used as part of the management review process to help leadership evaluate the performance of the EMS and to decide if any changes are needed to improve it. They must be documented, performed at least annually and conducted by competent objective auditors.

Outside Audits

Outside audits are performed by independent auditors that have been approved by WDNR to perform these audits. Tier 1 participants must perform these audit at least every 3 years. Tier 2 participants need to have an WDNR approved auditor perform these audits at least annually.

Compliance Audits

Compliance audits are different than the Outside Audit described above. These audits check that the organization is meeting the USEPA, WDNR and local legal requirements. These include requirements for emitting pollutants to the atmosphere, water, solid and hazardous waste disposal. Tier 2 participants need to perform compliance audits at least annually and report the results to WDNR. These audits can be internal audits or performed by other independent auditors.

Why Does Green Tier Require Audits?

The Green Tier Law is based on the requirements of ISO 14001 which also requires periodic audits of the EMS. ISO 14001 is itself based on the principals of continual improvement (PDCA). Audits are the checking part of the PDCA cycle.

Who is Qualified to Perfrom External Audits

Only WDNR approved Green Tier auditors are qualified to perform external audits. Green Tier participants should confirm that their auditor is on this approved list. Participants should do this even if they are using an ANAB accredited ISO 14001 certification body to perform their external audits. If you have any questions about Green Tier audits, who is qualified to do audits or want to know how to get the most out of your audit contact us for at kalehner@envcompsys.com or use the form below.

Contact Form

URGENT ALERT – ISO Climate Change Amendments!

ISO recently amended all ISO management system standards (MSS) to include requirements for organizations to consider the effects of climate change. If your organization holds a current certification to ISO 9001, 14001 or 45001 you can expect to be asked “has your organization determined whether climate change is a relevant issue?” during your next certification audit.

This new requirement is the result of a change to the ISO Harmonized Structure (Appendix 2 of the Annex SL in the ISO/IEC Directives Part 1 Consolidated ISO Supplement). Here is more background on the Harmonized Structure also referred to as the High Level Structure and Annex SL.

ISO announced the new requirement in an IAF/ISO Joint Communique indicating the climate change text highlighted below is effective immediately for all MSS.

ISO HLS revised requirements for context determination

Most organizations certified to ISO 14001 should be able to answer auditors questions about climate change relevance. Other organizations with current certification to ISO 9001 and/or 45001 might find it more difficult to avoid a nonconformity to these new requirements if they don’t act soon. Each organizations context is different and will influence how they address climate change in their MSS

Contact us if you have questions about how these new requirements might effect your organization ISO certification status.

Pro Tips for Best EHS Audits (Part 3): EHS Audit Follow-up

The purpose of an EHS audit follow-up is to check that EHS risk, including risk of noncompliance, is managed to a level that the organization considers acceptable. Noncompliance with applicable government laws and other requirements are examples of EHS risk sources that need to be controlled. An EHS audit checks that risk controls are in place and effective.  Risk controls can be engineering controls like air pollution control devices, administrative controls like training and work instructions and others.

EHS Audit Findings

The results of an audit are called findings. These can either be positive findings that the controls are in place and effective, or negative. Negative findings are nonconformance’s. Positive findings are good news but not something the organization needs to act on. Positive findings confirm that “what should be is” and that “what should not be is not.

Negative findings however are actionable and create opportunities to improve EHS performance. In Part 2 of this EHS Compliance Audit series, we discussed how negative findings are written and communicated verbally at the end of the audit. As a follow-up to the active evidence gathering and verbal reporting, a written report should be prepared and distributed to document the results of the audit.

Preparing the EHS Audit Follow-Up Report

The audit report presents the results to the auditee and others and helps an organization gauge EHS performance. The report should be concise and to the point and the tone of the report should be factual and nonjudgmental.   

A key part of the EHS audit follow-up report are the negative findings that were made during the audit. The EHS audit follow-up report formalizes the findings in a way that the auditee can act on them. The reported negative findings need to include enough information so that they can be investigated and ultimately fixed in a way that they do not happen again.

Here is an example outline for an EHS audit follow-up report.

  • Executive Summary
  • Background Purpose and Scope
  • Findings
  • Conclusions
  • Recommendations
  • Discussion
  • Appendices

Correction and Corrective Action

Negative EHS audit findings point to EHS risks that need to be better controlled. They are the result of a potential noncompliance with a legal requirement or discovery of some other issue. If left uncorrected they can increase risk and lead to enhanced legal action by a regulatory agency (knowing and willful violation). To avoid exposure to these enhanced penalties, it is important that organizations have a good corrective action process in place.

There are 5 steps in an effective corrective action processes.

  1. Short Term Correction
  2. Investigate the Cause
  3. Identify a Corrective Action
  4. Implement the Corrective Action
  5. Verify the Corrective Action is Effective

The following is a brief description of these steps.

Short Term Correction

Findings that identify a potential serious risk need to be addressed as soon as possible. Continuing to operate equipment that exposes workers to injury after a finding is made is bad business. If a worker were to become injured after the nonconformance was reported the penalties and fines could escalate dramatically.  A correction to quickly reduce the risk from the nonconformance needs to be put in place as soon as practical.

Investigate THE Cause

Once the correction has been put in place a corrective action plan needs to be established. Responsibility to investigate the cause of an audit finding should be assigned to someone with knowledge of and experience with the corrective action process. This knowledge and experience will help identify the root cause of the finding. Once the root cause is established an appropriate corrective action can be proposed that prevents the problem from recurring in the future.

Knowledge and use of root cause analysis tools like “5 Why Cause Analysis” ensure the cause of the unacceptable risk level is identified. Here is an example a “5 Why Cause Analysis”.

This example is for an incident that happened at a roll calendar for polishing extruded plastics sheets. An employee was caught in an in running nip between the rolls and luckily only sustained a recordable injury. This incident could have easily been an amputation or a fatality.

roll calendar for polishing extruded plastics sheets
Why?Answer
Why was the OHS hazard of being caught in the nip on the calendar not addressed?The machine was new, and no one thought to do a Job Safety Analysis (JSA) before it was installed and operated.
Why did no one perform a JSA?Performing a JSA to review potential OHS hazards and risk are not part of the capital investment approval process.
Why was OHS hazard and risk review not part of the capital investment process?The manager of the extrusion department manager did not know that a JSA hazard and risk review should be undertaken for all new equipment as part of the purchase process.
Why was extrusion department manager unaware of the need to review hazards and risks for new equipment?An existing employee had recently been promoted to manager of the extrusion department and they had not been informed of the requirement.
Why had the new extrusion department manager not been informed?Our organization has not established a process to identify training needs and provide training to employees when they transfer to a new position within the company.
Table 1 – Example 5 why analysis

Identify a Corrective Action

Once the cause is established, a suitable corrective action can be identified to reduce the risk to an acceptable level. The effort needed to identify a suitable corrective action is proportional to the finding risk level. The higher the risk, the more effort needed to figure out the best way to address it. A finding that an emergency evacuation map could be hidden behind a door when it is opened, is much easier to correct than the finding of an ineffective control to treat wastewater discharge to a municipal sanitary sewer.  

The cause analysis process should have an approval step to confirm the cause analysis was performed with skill and that the corrective action is aligned with the identified cause of the finding. This review and approval can be done by the auditor who made the finding or others in the organization who can impartially review the cause and proposed corrective action.

If the cause and/or the proposed corrective action are found to be deficient during the review, the assignees should be consulted and asked to rethink the cause analysis and corrective action. The evaluation and approval of potential corrective actions requires striking a balance between risk and opportunity. It is not possible to reduce all risk levels to zero.

Some processes have hazards with risk that are difficult to control and the organization needs to think carefully about what level of risk it is willing to accept. In running nips on plastic extrusion rollers is a good example. It is very difficult to properly guard an in running nip on these machines. The guard would prevent the process from working properly.

As a result, the corrective action cannot be the elimination of the hazard or installation of a physical guard (engineering control).  Instead, there may need to be several independent controls such as installing a rope e-stop, providing training to employees on how to operate the process safely and even evaluating the operators competence to ensure they understand the hazard and the associated risk. 

Once both the cause and the corrective action(s) are approved the assignee should be authorized to implement the corrective action.

Implement the Corrective Action

The implementation of the chosen corrective action may take days, weeks or even months depending on what needs to be done. Moving an emergency evacuation sign to a better location can be done almost immediately while designing and installing an upgraded wastewater treatment process may take many months.

Verify the Corrective Action is Effective

Verification that the corrective action has been implemented and that it is effective is the last step in the process. It confirms that the problem causing risk, has reduced that risk. The verification can be done upon completion of the corrective action or during the next audit. When the corrective action is verified, it can be closed.

Tracking EHS Audit Corrective Action Progress

Historically, keeping track of progress toward completing corrective action was done with paper forms that went from in-basket to in-basket. Once complete they were placed in a file drawer for storage. Later, electronic methods including excel spreadsheets and other types of electronic documents were used with some success. However, these tracking methods require much effort and often lead to miscommunications or missed deadlines of incomplete corrective actions for findings. The result was the corrective action process was not successful in reducing risk in a timely fashion and increased risk to the organization. 

Within the last few years cloud-based applications have emerged that solved many of the problems with paper or spreadsheet corrective action tracking systems. These applications allow quick access to users and are readily accessible almost anywhere.

Modern corrective action application
Figure 1 – Modern Corrective Action Application

Cloud based database applications help organizations quickly find the status of any CA and drill down to details for each CA.

Figure 2 – Drill Down Corrective Actions Detail

Applications like CorrectTrack establish users permissions to view, change, verify and approve corrective actions. A permissions based peer review process also helps ensure that corrective actions are investigated thoroughly and verified before they are closed.

Other advantages of a cloud based app like CorrectTrack are:

  • Notify persons of status changes of a CA
  • Define a standard process for doing CA
  • At a glance dashboards for users
  • Provide notifications when CAs are coming due, or past due
  • Provide a record of who changed what, when and why
  • User permissions allow visibility of the CA system to leadership

Conclusion

Effective corrective action processes are powerful tools that help organizations improve EHS performance over time. Investing in, and continually improving the corrective action process will provide a significant short term and long term return.

This EHS Audit Follow-up post is part 3 of a three part article on EHS Auditing. Part 1 and 2 discussed how to plan an EHS audit and conduct an EHS audit. This concludes our three-part series on EHS audits.

We welcome and encourage feedback on this series. Contact us directly at kalehner@envcompsys.com and 262-949-2965, or visit us online for more information: ECSI or CorrectTrack.

RDO Equipment Co. Achieves ISO 45001 Certification

RDO Equipment Co. Founded in 1968, RDO Equipment Co. sells and supports agriculture, construction, environmental, irrigation, positioning, and surveying equipment from leading manufacturers, including John Deere, Vermeer, and Topcon. RDO Equipment Co. is a total solutions provider with more than 75 locations across the United States and partnerships in Africa, Australia, Mexico and Ukraine. RDO contacted ECSI for assistance in developing an Occupational Health and Safety Management System to help improve its OHS performance.

RDO also wanted to show its business partners, customers and employees, their commitment to keeping employees safe. RDO chose to align the OHS management system with ISO 45001. They also decided to initially seek certification from an accredited certification body for their corporate headquarters and one of the company stores. Their intention is to certify the remaining 42 stores over the year or so. ECSI conducted an initial gap assessment that helped RDO identify gaps that needed to be filled before getting certified.

Gaps were entered into a database application tool (CorrectTrack) and assigned to the OHSMS implementation team for follow-up. One of the gaps identified was the need for a comprehensive Job Hazard/Job Safety analysis. ECSI helped develop process maps that supported JHA/JSA development at one of the RDO maintenance facilities. Below is an example of how the results of the JHA/JSA risk analysis were recorded.

This tool helped RDO evaluate the effectiveness of existing risk controls and identify priority hazards for additional risk reduction. The tool also helped internal auditors identify what material risks need to be audited during the internal audit process.

ECSI also helped RDO train its internal auditors in performing audits to the ISO 45001 standard. This was done in a three day combined internal audit training and actual audit at the corporate headquarters and one of the RDO maintenance facilities. ECSI assisted RDO in preparing for several management review meetings that were conducted prior to the Stage 1 and Stage 2 audits by an accredited certification body. Congratulations RDO on a successful outcome to the ISO 45001 implementation and certification process.

ISO 45001 Webinar – FREE!

ISO 45001 is an international standard that helps organizations improve Occupational Health and Safety (OHS) performance.  The ISO 45001 standard can be used to ensure workers are safe by protecting them from workplace injury and ill health.  As the Vice Chair of the US Technical Advisory Group to ISO 45001, I have been seeing a significant rise in awareness of ISO 45001 benefits.  Environmental Compliance Systems, Inc has also helped many organizations plan, implement and integrate an ISO 45001 OHSMS with their other business management systems.   A recent webinar produced with ASSP describes the many benefits of an ISO 45001 OHSMS.  Here is a link to free ASSP webinar: https://player.vimeo.com/video/844292169?. Please watch if you are interested in improving your organizations OHS performance.

Leadership Commitment and Management Review

Picture of Leaders

Leadership commitment to a management system is critical to its performance. Encouraging support is sometimes challenging. The management review process required by ISO management system standards can help gain leadership commitment.

Do’s and Don’ts

Coordinate management review with management other business review meetings. Conducting “management review” during regular business review meetings gives the sense that the management systems is part of the overall business. Management reviews conducted infrequently and apart from the other important business management meetings leads to a silo-ed perception of the management system.

Make management review value added. Ensure the information being presents is actionable by leadership. Give them a few choices for recommendations with supporting information and ask them to decide. They will appreciate your opinion and recommendations to help make decisions.

Do the Math and Have Backup.

Defend your recommendations for improvement with cost and return on investment information. Showing leadership how the management system helps save and even makes money, contributes to their support and commitment.

Take Good Notes

Recording leadership decisions during the management review helps ensures follow-up. Records of management review are also evidence of their leadership commitment, especially during audits.

Timely Management Review Follow-up

Follow-up on management review recommendations in a timely fashion and report on progress at the next management review opportunity. This will enhance leaderships perception of the management system, their support and commitment.

Management Review Frequency

Most organizations perform periodic reviews of the business performance to make sure things are going along smoothly and to make any course corrections needed. Integrating the ISO system management review with these regular business review meetings will help ensure that:

  • Management system performance issues are addressed in a timely fashion
  • The management system is integrated with all other business processes
  • Timely information is provided to leadership to help make important business decisions

Management Review Inputs

Management review meetings should not necessarily address all management review inputs during each meeting. Management review inputs that should be reviewed at every management review include:

  • Follow-up from previous management reviews
  • Status of actions from previous management reviews;
  • Status of corrective actions and incident investigation
  • Progress toward achieving objectives.

Management review inputs to be reviewed less frequently and as needed such as

  • Customer Complaints and interested party concerns
  • Changes including new compliance obligations
  • Adequacy of resources
  • changes in risks and how they are being addressed
  • Audit results

Management Review Outputs

The purpose of management review is to ensure the management system is able to achieve it intended outcomes. The outputs of management review are an important part of the Act part of the Plan-Do-Check-Act continual improvement cycle. It is where leadership has the opportunity to review the information generated in the “Check part of the PDCA cycle and intervene (Act) and continually improve the management system

Records of management review are the notes of the meeting (output notes). They are required by all ISO management system standards. Outputs are what leaderships asks the organization to do to improve performance. These records are also excellent evidence of leadership commitment during third party audits.

Conclusion

The goal of management review is to provide information to leadership that it can act on. Planning and conducting good management reviews will enhance leaderships opinion and support of the management system.

ISO High Level Structure Revision

The ISO High-Level Structure (HLS) is the basis for all management system standards and is now being revised by ISO.  These changes will affect all management system standards.  Users of ISO management system standards such as ISO 14001, 9001 and 45001 will need to evaluate how these changes will affect the organizations ISO management systems.

Introduced in 2012, the HLS was created to help better integrate quality, environmental and health and safety management systems.  Prior to its introduction ISO 9001 had a different structure that ISO 14001 that complicated integration of the management core processes such as corrective action and management review.  The HLS solved that problem.  The revision introduced a new name for the HLS and it is now called Annex L, Appendix 2.

The revision will also introduce guidance on use of the HLS for standard writers and users.  This guidance is called Annex L, Appendix 3.  Both Annex L, Appendix 2 and 3 will be combined as a table.

Proposed Structure of Annex L Appendix 2&3

Appendix 2 is in the final stages of an initial “limited” revision and not yet available to the public.  Appendix 3 is in mid-stage revision and should be approaching the final stage later this year.

Here are a few of the most important changes to Annex L, Appendix 2 from the “limited” revision:

Definition of Risk

A lengthy debate is ongoing within ISO about if a revision to the definition of “Risk” is needed. “Risk” is currently defined in the HLS as “the effect of uncertainty”. Some within ISO argue that a better definition is “the effect of uncertainty on objectives“.

Others fear that the addition of the words “on objectives” to the definition of risk will cause confusion in standards like ISO 9001, 14001 and 45001. They believe this because these standard have a specific requirement to create measurable “objectives” within the management system.

The debate over the definition of risk has lead to several proposals including eliminating the definition of risk entirely from the HLS. A subgroup has been assigned the task of sorting this difficult issue and the results will be reflected in a future revision of the HLS. For now however the definition of “risk” will remain as it is in the HLS.

Expected Outcomes Vs Results

The previous version of the HLS used the term “expected outcomes” to describe the results organizations should expect from its ISO management system.  Some users found the term “expected outcomes” confusing so it has been changed to “expected results”.  The change was also made to simplify translation to other languages.

Outsourced Processes

The old HLS used the term “outsourced processes”.  Manufacturers sometimes send their products to other organizations who perform specialized processes like heat treating or electroplating. This relationship between organizations was called “outsourcing” in the previous version of the HLS. The concept of “outsourced processes”  however does not apply as well to other disciplines such as environmental management or health and safety management systems.

The term “external provider” is now being used in place of outsourced process.   This change has been made in response to several comments that found the term “outsource” unclear.  The use of external provider clarifies that outsourced, contracted, and purchased products, services and processes all need to be controlled by the management system.

Documented Information

The use of the terms “maintain” and “retain” to describe what needs to be done with certain types of documents in the management system has been replaced with the term “shall be available”.  This change has been made to avoid confusion between maintaining and retaining documented information. This change is not expected to impact organizations with mature document control process and management systems.

Internal Audits

This part of the HLS has been substantially reorganized. The title of 9.2.1 was changed to General and 9.2.2 Internal Audit Program has been added.  This change has been made for ease in understanding. Now the two distinct concepts covered in the paragraph (what an audit program entails and what should be considered when establishing an audit program) are listed separately.

Effects of the Annex L, Appendix 2 and 3 Revisions (Whats Next?)

The revision of Annex L is not expected to have a significant immediate effect on ISO standards or ISO management system audits. The revisions will not requires revision of any of the ISO management system standards until these standard are revised and updated as required by ISO. However, organizations in the process of implementing an ISO management system or integrating a new discipline specific standard such as ISO 45001 into an existing management system structure, should anticipate that these changes will appear in future revisions of ISO management system standards.

Results of ISO 45001 US TAG Meets in Dallas, TX  – February 22-26, 2016

We recently participated on the leadership team for the United States Technical Advisory Group (US TAG) for the Development of the  new ISO 45001 standard for Occupational Health and Safety management systems.  Group Photo at ISN

The purpose of the week long meeting held at the ISN headquarters in Dallas, TX was to disposition over 800 comments on ISO/DIS 45001.  The US TAG successfully dispositioned all of the major issues and many of the individual comments.  Our role at this meeting was as co-chair of a subcommittee with Vic Toy for Clause 6 – Planning.  Our section had 157 comments to review and decide how they would be addressed.

The meeting was attended by about 70 participants representing business, organized labor and government.  Major issues addressed during the meeting included questions and comments like:

  • Should organizations be required to use the hierarchy of controls when reducing risk?
  • Does redundancy add clarity or confusion (frequent references to workers and worker representatives)?
  • Should organizations be required to assess risk to the management system (other risks) or is this already addressed by the clauses of the standard?
  • When must workers be asked for an opinion (consultation) and when must workers have authority to influence decisions made by management about risk control and other management system issues (participation)?

We have posted some articles about the following on our website blog if you are interested in learning more about these important issues.

  • ISO 45001 – Hierarchy of Controls
  • ISO 45001 – Other Risks and Other Opportunities

The public comment period in the USA is now open until April 1, 2016 so if you are in the USA and your organization would like to submit comments for consideration send me an email to tagosh@envcompsys.com and I can help you get the comments to the right place. Also please feel free to call or email with any questions about ISO/DIS 45001.

ISO High Level Structure and EH&S Management Systems

ISO 14001 and OHSAS 18001 are undergoing significant change intended to improve these standards.  The new ISO High Level Structure will align all ISO standards along a common management systems structure and promote integration.   The recent US Technical Advisory Group meeting in Orlando, Florida was a particularly enlightening conference for us where US TAG members were able to share their ideas of the way the HLS applies to EHS management Systems.

ISO HLS & EHSMS

ISO HLS & EHSMS

An important part of the revision processes is being able to communicate to current and new users how the standards are changing and how these changes will affect an existing EHSMS.  This diagram represents how we at ECSI see the developing changes to ISO 14001 and ISO 45001 and the relationships between some of the important clauses of the revised standards.

We are interested in understanding how users of the EHSMS standards feel about the changes and what information they need to begin to plan for the changes to their EHSMS.  ECSI will be conducting a short, one hour webinar Tuesday, April 22, 2014 from 10am-11am Central Standard Time.  The purpose of the seminar is to provide the current state of the revision process and to discuss how we see the EHSMS standard revisions progressing.  If you are interested in participating in one of these webinars send us an email to webinar@envcompsys.com and we will reply with the logon instructions.