Auditing is a tough subject. The term rarely conjures pleasant thoughts. It’s often a dreaded event for the auditee. For the EHS department, it is a complex endeavor that the EHS professionals often don’t feel they fully have a handle on, as issues of program validity and reliability swirl around. With internal audit programs in large companies, scheduling can be a nightmare with auditors swamped by primary-non-audit duties. While the audit job gets done and reports are generated for the C-Suite, Board of Directors and External Third Parties, the EHS audit programs I’ve observed often miss the mark that the EHS department want to hit.
Some of the recent EHS audit program challenges I’ve observed are 1) integrating EHS management system audits with existing compliance audits, 2) developing procedures to close the gap between EHS program/system upgrades and the audit tools measuring them;, 3) training auditors how to audit the EHS management system, and, 4) identifying leading indicators that can hopefully shorten the audit process or be used in site/plant self-assessment activities.
Integrating compliance and management system audits. This is complex and can be difficult if the management system is not fully implemented and somewhat mature. My recommendation to clients and colleagues is to keep these activities separate until the MS is fully operational and there is a solid understanding how the MS will be audited and performance defined. In companies with a solid audit program and dedicated auditors, integration can happen quicker. When an external 3rd party is used, in like fashion, integration can be seamless because of the 3rd party’s expertise.
Gaps between the program/system and the audit tools. It is common for there to be some gaps, or delays between the EHS programs/systems and the audit tools. When the EHS audit function is embedded within an ISO 14001/OHSAS 18001 management system, these delays are shortened. This is also a function of the robustness of the Management of Change procedures in the department. A key activity is to make sure when there are changes to the program/system, that there is an automatic communication to the EHS audit program manager and that these changes are reflected in the audit tools and auditor training. When there are wholesale upgrades or additions to the audit activities, it is wise to build in a sufficient delay before they will be measured for performance (outcome). This is different than the assessment of implementation (output).
Auditor training for management systems. Seasoned compliance auditors do not necessarily make competent management system auditors without significant training and retooling. Reliability in MS audits is more sensitive because of the qualitative nature of these audits. Many of the measures are ordinal. Compliance audit measures are mostly nominal and interval. These distinctions must be highlighted and understood by MS auditors. A good starting point to train MS auditors is through a 14001 or 18001 lead auditor course. When I train MS auditors, I also include a module on systems thinking to reinforce the foundational nature of this topic to the EHSMS and its auditing.
Leading Indicators. In evolved audit programs that use validated audit tools and well trained auditors, it is possible to identify leading indicators of EHS performance. Often leading indicators are established with little empirical basis. When the C-Suite wants a corporate KPI for the EHS function, the EHS department needs to give thought to how the data represented by the KPI are collected and need to be able to talk about the validity and reliability of these data. As leading indicators of EHS performance are refined, they can play an important role at the site/plant level for use in self-assessments.
Future directions. I’ve seen some evidence in cutting-edge EHS departments that EHS performance metrics are evolving to include EHS team performance and culture. These are metrics beyond traditional compliance and evolving EHSMS metrics. I am also observing the integration of EHS with sustainability and CSR functions in companies. With this comes the challenge of first defining the sustainability and CSR functions and then developing valid audit tools to measure their performance. Another layer is integrating these into one audit tool.
EHS audit programs do have a primary role in an organization’s enterprise risk management scheme. The protection provided by audits is essential. Forward thinking companies have expanded the role of the EHS audit program to provide information use for organizational learning and continual improvement. The purpose of the program goes well beyond compliance. One place to begin looking for a model on how to do this is in the recently published ISO 31000:2009 standard on risk management. In this document a template is provides a novel and innovative organizational learning tool.
© Redinger EHS, Inc. (2010)