Pro-Tips for Best EHS Audits: Conducting an EHS Compliance Audit

Posted on by

An EHS compliance audit helps organizations check to see that the compliance with obligations is being maintained by the organization. This is important to those interested in an organization’s EHS performance including leadership, customers, corporate directors and the board of directors. Audits are the best way for interested parties to confirm the organization is doing what it should to comply with its legal and even contractual obligations.

EHS audits will become even more important in the future as more organizations seek independent verification of their EHS and ESG performance.

Opening Meeting 

An EHS compliance audit can be intimidating. Conducting an opening meeting can help dispel fear and explain the following to the organization and its leadership: 

  • The purpose, scope, and objective(s) 
  • Introduce the audit team, the auditee leadership and audit participants. 
  • The audit schedule
  • Who has authorized the performance of the audit
  • How the auditors will collect evidence during the audit
  • How and when the results of the audit will be reported

An opening meeting sets the tone for the audit, addresses auditee concerns, confirms the audit plan and leadership commitment to the audit.  If there is a problem with the audit plan it can be adjusted during the opening meeting to avoid delays. 

Having representatives of the leadership team attend the opening meeting helps communicate their support for the audit process. This helps auditors obtain the evidence they need, either positive or negative, during the audit.  A record of the opening meeting attendees should be created and can be included in the audit report.

Collecting EHS Compliance Audit Evidence 

In Part 1 of this series, we discussed how to plan an EHS compliance audit where we identified the important areas we wanted to visit.  Now that the onsite part of the audit has begun the audit team needs to identify the specific audit trails they want to follow. Starting with a few questions about what processes are operating that day and what products are being manufactured is the starting point for developing audit trails. Here is an example of a a couple of questions an auditor could ask to begin developing audit trails. 

Auditor: I see the metal parts grit blast process is operating today. What kind of parts are you blasting today.

Auditee: We are running 100 stainless steel motorcycle silencers to get cleaned before they are electroplated.

Auditor: What are some of the important environmental aspects and OHS hazards you need to consider when operating the grit blaster and dust collector when clenaing stainless steel parts?

A well-prepared auditee will have identified the environmental aspects and occupational health and safety hazards, and determined how to control risk for each when needed. Figure 1 is an example of a risk analysis tool that helps auditees prepare for an audit and auditors identify important areas to audit. Watch this Risk Overview video to get more information about this risk analysis and how it is used. Click here if you would like to try this app for your organization.

EHS risk analysis tool
Figure 1- EHS risk analysis tool

The tool provides a summary of environmental aspects and OHS hazards. It provides an easy to use list for auditors and shows risk levels of each aspect and hazard. The tool helps auditors quickly identify important aspects and hazards that have high uncontrolled risks and are good candidates for auditing.  Risk ID 803 is a good example of an environmental aspect that we may want to check during an audit.  Clicking on Risk 803 on the list takes us to a detail page (Figure 2) for this environmental risk of air emissions from the grit blast dust collector.

Grit Blast Dust Emission Environmental Risk Detail
Figure 2 – Grit Blast Dust Emission Environmental Risk Detail

This page shows important auditable information about the dust emissions risk and provides links to other information like risk controls, applicable compliance obligations and related files to help develop the audit trails. Following the Bag House Compliance.pdf link under the files area takes us to the specific information we need to develop this audit trail. Figure 3 shows the specific requirements (audit criteria) that the auditor can check.

Air Permit Audit Criteria for Dust Collector
Figure 3 – Air Permit Audit Criteria for Dust Collector

Collecting And Evaluating Evidence 

An audit checklist can help jog an auditor’s memory of the audit trails they want to follow when they are out on the shop floor. Checklists can be as detailed as the auditor desires. A good checklist points the auditor to what they are trying to prove true.  Avoid audit checklists that have simple yes and no response options as they discourage looking for and recording the evidence of conformity of compliance.   

The best checklists are prepared by the auditor before or during the onsite portion of the audit and are specific to the process being visited and the requirement being assessed.  Some auditors prefer to not use checklists but rely on work instructions or permits to identify the audit criteria as they are performing interviews and collectible objective evidence.  

Auditors need to be able to take good notes during the audit. This helps them recall the details of the audit when it comes time to writing the audit report. The notes need to record the evidence that the auditor observed during the audit. This can either be evidence of conformity or not.  Being able to show what the auditor says or hears during the audit is an important part of the audit process. Good note taking skills are one of the competencies auditors need to possess and continually develop.   

Preparing And Communicating EHS Compliance Audit Findings 

Auditor notes are a good place to find evidence of conformity, but sometimes the audit reveals that things are not the way they are supposed to be.  Auditors call these nonconformance’s, or potential noncompliance findings. There are many formats for preparing these negative findings. One that we use has three parts:

  • the requirement,
  • the finding and
  • the evidence that supports the finding

The requirement part of the finding describes the audit criteria the auditor was trying to prove true.  It can be a regulatory requirement that the organization has set for itself.  The finding is a statement of what the problem was and is often stated in terms that refer to the requirements. The evidence part of the audit finding is a summary of what an auditor saw that led them to the conclusion there was a nonconformity.   

The following is an example of how an auditor might write a negative finding for a potential noncompliance with a title V air emission permit. 

  • Requirement: [s. NR 439.055(2)(a), Wis. Adm. Code, 02-DCF-178] The pressure drop across the baghouse shall be measured and recorded once every 8 hours of operation or once per day, whichever yields more measurements.  
  • Finding:  Auditee not able to produce records of baghouse pressures drop readings
  • Evidence: No records of metal finishing baghouse pressure drop were able to be produced for 2nd & 3rd shift when baghouse was operating in May 2023. 

Auditors should try to get consensus with the auditee that the finding is valid at the time it is discovered. This will help avoid disagreement on the validity of a finding during the closing meeting.

The reason for including this detail in a finding is to provide enough information so the auditee can have a clear understanding of what was wrong and begin to conceptualize a correction to fix the problem and to also think about a corrective action. The difference between a correction and a corrective action is that a correction is a quick fix to “stop the bleeding” and a corrective action is something that is done to prevent the nonconformity from happening again. 

Closing Meeting

Closing meetings should also be held for most audits. This is where the audit team shares the results of the audit with the auditee. In unusual circumstances the audit client may not want the auditee to know the results of the audit and request a closing meeting not be held. The closing meeting should include the following:

  • Audit findings
  • Audit conclusions
  • Audit recommendations (if appropriate)
  • Circumstances that affected confidence in the audit results
  • Audit report timing and distribution
  • Follow-up actions to be taken by the auditors and auditee
  • Process for appealing an audit finding or conclusion

This is Part 2 of a three-part article about environmental and health and safety (EHS) auditing. Part 1 discussed how to plan an EHS audit. In Part 3 of this series we will explore how to follow-up on an audit including preparing an audit report, approving corrective actions and verifying corrective action effectiveness during subsequent audits. 

ECSI provides auditing, consulting and training services to organizations interested in improving their EH&S performance. For more information, contact us.