Compliance audits confirm an organization’s compliance status with environmental and occupational health and safety regulations. Audits also help manage risk of violations and fines. Customers, boards of directors and others care about EHS regulatory compliance and use audit results to make important business decisions. EHS audits will become even more important in the future as more organizations seek independent verification of their EHS and ESG performance.
An EHS compliance audit can be intimidating for an organization. Conducting an opening meeting helps to:
- Explain the purpose, scope, and objective(s) of the audit.
- Introduce the audit team, the auditee leadership and audit participants.
- Present the audit schedule.
- Discuss who has authorized the performance of the audit and why.
- Describe how evidence will be collected during the audit.
- Review how audit results will be reported.
Participation of leadership at the opening meeting helps communicate support for the audit process and expectations for employee participation in the audit.
Collecting EHS Compliance Audit Evidence
In Part 1 of this series, we discussed how to plan an EHS compliance audit focusing on what matters (materiality). Auditors use the audit plan to develop audit trails that result in positive or negative evidence of compliance. A questions like “tell me about the processes operated in this department” is often a good starting point for developing audit trails. Here is an example follow-up questions an auditor could ask to further develop the compliance audit trails.
Auditor: I see the metal parts grit blast process is operating today. What kind of parts are you blasting now.
Auditee: We are cleaning several hundred parts before they are electroplated.
Auditor: What are some of the important environmental aspects and OHS hazards you need to consider when operating the grit blaster and dust collector when cleaning stainless steel parts?
A well-prepared auditee will have identified the environmental and occupational health and safety regulations before the audit. Figure 1 is an example of a risk analysis tool that helps prepare for an audit and helps auditors identify important areas to audit. For more information about risk analysis watch this Risk Overview brief video. Learn more about CorrectTrack app.
Tools like CorrectTrack provide a listing of environmental aspects and OHS hazards. The list helps quickly identify important aspects and hazards that are good candidates for improvement or for developing audit trails. The highlighted row in Figure 1 is an example of an environmental aspect to check during an audit. Clicking on Risk ID 803 link shows the risk detail page (Figure 2).
This page shows important details about a dust emissions risk and provides links to other information like risk controls, applicable compliance obligations and related files. Clicking on the link under “Files” provides more detailed information (Figure 3). The red box in Figure 3 shows the specific requirements (risks) that need to be addressed or that are (audit criteria) an auditor can check.
Collecting And Evaluating Evidence
An audit checklist can help jog an auditor’s memory of the audit trails they want to follow. Checklists can be as needed. A good checklist points the auditor to what they are trying to prove true. It should be more than a simple check the box yes or no checklist. Check the box checklists discourage looking for and recording evidence of conformity of compliance and should be avoided
The best checklists are prepared by the auditor before or during the onsite portion of the audit. They are specific to the process being audited and the requirement being assessed. The line of questioning can be spontaneous and not always needs to be documented. The questions can be recorded on the spot in the auditors notes along with any evidence observed. Often, audit questions will lead to another question as the auditor follows the audit trail trying to get to the ultimate evidence that a requirement is being met.
Auditors need to be able to take good notes during the audit. This helps them recall the details of the audit when preparing the audit report. Notes need to record the evidence the auditor observed during the audit. This can be evidence of conformity or not. Being able to show what the auditor saw or heard during the audit is an important part of the audit process. Good note taking skills are one of the competencies auditors need to possess and continually develop.
Preparing EHS Compliance Audit Findings
Auditor notes are the evidence of conformity, but sometimes the audit shows things are not the way they are supposed to be. Auditors call these nonconformance’s, or potential noncompliance findings. There are many formats for preparing these negative findings. One approach is to write the negative finding in three parts:
1. the requirement,
2. the finding and
3. the evidence that supports the finding
The requirement part of the finding describes the audit criteria the auditor was trying to prove true. It can be a regulatory requirement or a requirement the organization has set for itself. The finding part is a statement of what the problem was, and often refers to the requirements. The evidence part of the audit finding is a summary of what an auditor saw that led them to the conclusion there was a nonconformity.
The following is an example of a negative finding for potential noncompliance with a State issued Title V air emission permit.
- Requirement: [s. NR 439.055(2)(a), Wis. Adm. Code, 02-DCF-178] The pressure drop across the dust collector baghouse shall be measured and recorded once every 8 hours of operation or once per day, whichever yields more measurements.
- Finding: Auditee not able to produce records of baghouse pressure drop readings
- Evidence: No records of metal finishing baghouse pressure drop were able to be produced for 2nd & 3rd shift when baghouse was operating in May 2023.
Communicating EHS Compliance Audit Findings
When a negative finding is made auditors should try to get consensus with auditee that the finding is valid. This will help avoid disagreement on the validity of a finding during the closing meeting. This also helps confirm the auditee has a clear understanding of what was wrong so they begin to fix the problem. Well written findings also help auditees identify appropriate corrective actions. A correction is a quick fix to “stop the bleeding”. A corrective action prevents the nonconformity from recurring.
A closing meeting should be held for all EHS audits. During the closing meeting the audit team shares the results of the audit with the auditee. The closing meeting should include the following:
- Audit findings
- Audit conclusions
- Audit recommendations (if appropriate)
- Circumstances that affected confidence in the audit results
- Audit report timing and distribution
- Follow-up actions to be taken by the auditors and auditee
- Process for appealing an audit finding or conclusion
This is Part 2 of a three-part article about environmental and health and safety (EHS) auditing. Part 1 discussed how to plan an EHS audit. In Part 3 of this series we will explore how to follow-up on an audit including preparing an audit report, approving corrective actions and verifying corrective action effectiveness during subsequent audits.
ECSI provides auditing, consulting and training services to organizations interested in improving their EH&S performance. For more information, contact us.