FM Issue: Prepared For An Audit?

By Jack Fearing, CPEA
Published in the October 2005 issue of Today’s Facility Manager

Planning and conducting environmental health and safety (EHS) audits for a company’s full range of operations can be daunting. These operations may include manufacturing plants, research and development labs, distribution centers, and office complexes.

Planning must incorporate a variety of considerations, including whether to formulate the process on compliance or system based issues. Other factors include emerging legislation, costs and availability of appropriate resources, identification of customers, frequency of audits, and confidentiality.

Simply stated, a compliance based audit is driven by a specific government agency (OSHA or EPA, for example), company policies, or facility written requirements (standard operating procedures, or SOPs)—in that order. Typically, the most stringent of the three takes precedence.

A system based audit is more non-regulatory but necessary for success. This type of audit should include senior management’s support and active participation (policy statement, staff meeting agenda item, etc.), employee participation (safety committees, “off-the-job” safety efforts, and so on) inspections and audits, training, contractor management, and emergency response programs. Some of these topical areas have regulatory implications, but collectively they are considered system based programs.

Determining whether the audit program should be compliance based or system based is typically a result of a company’s philosophy and the maturity of the program. Costs and frequency of an audit are usually driven by a company’s concern for being viewed as a good corporate citizen.

Getting Started

Identifying who should be involved in the EHS audit process and receipt of the report is a good first step. (Candidates include all domestic and international facility managers, EHS professionals, business unit managers, and senior managers.) All of these levels of management have a stake in the audit, and as such, the audit should fulfill each of their needs.

For confidentiality, most EHS audits are done under attorney/client privilege, and anyone on the distribution list must have a need to see the report. This can complicate the customer list and the exchange of information. Consequently, the distribution list for the final report should be large enough to include all the stakeholders but small enough to protect the privilege.

Audits are emotional exercises in most businesses. Those who have been on the receiving end know this. To be successful, the audit should address positive programs and activities (i.e., best practices), as well as program gaps, recommendations, action items (or findings), and local attention items. Another cornerstone for success is for the final report to be a clear and accurate evaluation of the overall EHS program.

The EHS Audit Program Process

The EHS added value audit program was designed to support increased performance to the traditional audit. The added value process has three primary components: recognition of all customers; knowledge transfer before, during, and after the audit; and consistency and quality.

Knowledge transfer includes an understanding of the responsibility to facilitate the action as part of audit duties, including sharing and harvesting best practices and using the guest auditor program. The program must be committed to delivering a high quality product consistently to those involved in the process.

The EHS added value audit program is a three-phase process that takes place over several weeks. Phases include the pre-audit, the on-site, and the post-audit phases. Each phase is distinct in its activities, and each subsequent phase can be viewed as a progression. Collectively, they make up the entire audit process and depend on each other in order for the audit to be successful.

Pre-Audit Phase Activities

There are several essential pre-audit activities. Some of these are typically completed in the preceding year in order to allow both the facility and the team members to schedule the time necessary to conduct the audit.

On-Site Phase Activities

On-site activities during the audit include: conference opening, orientation tour, program reviews (a two-step methodology), action item development (or findings), daily debriefings, pre-closing conference, and closing conference.

The Opening Conference. The opening conference is scheduled in advance and is held as early as possible on the first day of the audit. This is to advise the facility of the function of the corporate EHS department, in general, and the EHS audit program, in particular.

The team leader is responsible for conducting the team portion of the opening. The site managing director or a designated representative usually presents an overview of the site, processes, or services provided; EHS goals and objectives; changes since the last audit; significant environmental impacts; risk management programs; loss experience; any pending or outstanding regulatory issues; safety performance data; and status of any remaining open action items from prior audits. The purpose and contents of the opening conference should be clearly communicated to the facility by the team leader during these proceedings.

Facility Orientation Tour. Next, the audit team participates in an orientation tour with facility representatives. The primary purpose is to observe facility infrastructure, briefly observe personnel performing their jobs, and identify areas that may require more in-depth review. Then the team leader coordinates with the team and the appropriate facility staff to review the proposed audit agenda and finalize the interview and documentation review schedules.

Program Review. Facilities are required to comply with: all applicable national, state, and local laws and regulations; company EHS policy and EHS guidelines; divisional policies; and locally developed SOPs.

In order to verify that the facility has evaluated the EHS risks associated with its operations, and is in compliance, the EHS audit program uses a two-step approach. This is designed to review program content and implementation. The audit team will determine whether the facility has developed the appropriate written programs, policies, and/or procedures to address EHS risks and impacts.

The team will also decide whether or not the programs are effectively implemented.

Team members use specially designed protocols (or checklists) to evaluate each applicable program. Protocols are available off the shelf, in hard copy or electronic versions for all states and most countries, but can be costly. Unfortunately, they are often outdated before they get to the end user. Larger companies often develop their own protocols to be more specific not only to regulations, but also to company policies and procedures.

Generally, there is a protocol for each program reviewed (i.e., ground water, lockout/tagout, fire extinguishers). This is a valuable tool during the program review. All observations are noted in specially designed working papers and are maintained until the final report is distributed.

Content. Evaluating program content is the first step in the two-step program review. The audit team evaluates all written programs for content and consistency with applicable requirements. The written program must, at a minimum, include all applicable elements of the corresponding requirements.

The appropriate company and/or regulatory EHS protocol for each topic is used to assist in the evaluation. Each written program should be reviewed prior to conducting implementation to ensure the team member understands the programs before observing the facility.

Implementation. Evaluating program implementation is the second step in the review. Various techniques include interviews, observations, and document reviews.

Again, the program content review should take place prior to making any conclusions about implementation. Follow-up tours should be scheduled only after the program content has been thoroughly reviewed and the auditor understands the contents.

Interviews with facility personnel are essential to understanding what is being done to implement and maintain facility programs. Interviews can be informal and can take place during tours or meetings. There may also be times when bargaining unit considerations must be adhered to, if applicable.

A representative sample of records from all areas reviewed must also be evaluated. Records should be checked for accuracy, completeness, and timeliness. Sample size methodology must be applied. Reviewing medical records must be conducted by qualified personnel and under health care professional review, with confidentiality requirements observed.

Best Practices. As a key part of the audit, team members attempt to identify and share best practices. This helps focus on positive areas as well as those with room for improvement. Once identified and approved, best practices should be communicated internally to all EHS professionals.

Guest Auditors. Guest auditors are periodically invited to participate in the EHS audit program. They are selected based upon a combination of technical and interpersonal skills and recommendations from the business and corporate EHS, as well as mutual interest from potential guest auditors.

Daily Debriefings. The audit team should maintain ongoing and frequent communication with facility staff. Team members can frequently discuss the audit status and note any observations, concerns, possible program gaps, and potential best practices. Debriefings are generally held at the end of each day and generally last for 30 to 45 minutes.

Developing Action Items (Or Findings). During the audit, team members will begin to identify gaps or deficiencies leading to action items. It’s important to develop draft action items when these gaps are first identified. Final action items are written for identified program content and implementation gaps, including potential non-compliance with laws, regulations, corporate EHS policies, division policies, and facility SOPs.

The team leader and members are responsible for justifying all action items. To do so systematically, each member must document program content and implementation gaps noted during assessment. Also, when identifying a gap, the auditor must cite the appropriate regulatory, company, or facility requirement for which the gap is noted.

The Closing Conference. This conference is designed to review the audit process and draft report with site management and EHS personnel. The team leader will review the written draft audit report in detail. The auditor responsible for each action item will discuss that item and answer questions. The team leader ensures the action items are clear and accurate and that the facility understands the requirements necessary to close each one.

The head of the program should also highlight potential best practices and positive improvements since the last audit. Possible solutions to action items may be explored during the closing conference; however, detailed engineering and problem solving should be avoided. Offers of future consultative services, contacts within and outside the company, and corporate/division support systems will be provided to whatever extent possible.

At the conclusion of the conference, the team leader outlines the process for establishing completion dates for actions identified and considerations that the site should include in the planning process.

Post-Audit Activities

The head of the team generally completes post-audit activities. These include a variety of tasks that take the audit report from a draft developed at the site during the audit through to a final document.

Facility Action Plans and Completion Dates. The facility is responsible for the development of an action plan with closure dates that reflect reasonable timelines to address action items. The final report, along with a letter summarizing audit activities, is issued to various corporate EHS professionals, both site management and EHS personnel, and appropriate senior management partners in the organization in which the audit was conducted.

Issuing The Final Report. The final audit report often includes a cover letter and final listing of action items. This report is issued to the managing facility director from the corporate EHS with copies to the site EHS representative, various corporate and division operations, and legal personnel.

The cover letter includes: policy statement; purpose of audit; facility overview; summary and table of action items from previous and current audits; brief overview of facility management systems, environmental programs, occupational health, safety, and loss prevention programs; potential capital expenditures related to action items; and potential best practices. Final closure of the report is established when all actions are completed within the timeline specified.

The audit process can be an arduous one for facility management, but with proper planning and attention, the benefits can go a very long way.

With more than 25 years of experience in environmental, health, and safety affairs, Fearing is a professional member of the American Society of Safety Engineers and the International Practice Specialty. Formerly a corporate EHS assessment team leader at Wyeth, he is currently the director of S&H Compliance Audits and Management Systems at American Standard Companies in Piscataway, NJ. Fearing can be reached at (908) 303-8359 or jjfearing@gmail.com.