Auditing is a difficult subject—the term rarely conjures pleasant thoughts, and it’s often a dreaded event for the auditee. For the EHS department, it is a complex endeavor, one that EHS professionals often don’t feel they fully have a handle on as they’re presented with issues of program validity and reliability. For internal audit programs in large companies, scheduling can be a nightmare, with auditors swamped by primary-non-audit duties. While EHS departments do complete their audits and generate reports for the C-Suite, Board of Directors, and External Third Parties, the EHS audit programs I’ve observed often miss the mark.
Some of the recent EHS audit program challenges I’ve observed include: (1) integrating EHS management system audits with existing compliance audits; (2) developing procedures to close the gap between EHS program/system upgrades and the audit tools measuring them; (3) training auditors how to audit the EHS management system; (4) identifying leading indicators that can shorten the audit process or be used in site/plant self-assessment activities.
Integrating compliance and management system audits. This is complex and can be difficult if the management system is not fully implemented and somewhat mature. My recommendation to clients and colleagues is to keep these activities separate until the MS is fully operational and there is a solid understanding of how the MS will be audited and its performance defined. In companies with a solid audit program and dedicated auditors, integration can happen faster. When an external third party is used, in like fashion, integration can be seamless because of the third party’s expertise.
Gaps between the program/system and the audit tools. It is common for there to be some gaps, or delays, between the EHS programs/systems and the audit tools. When the EHS audit function is embedded within an ISO 14001/OHSAS 18001 management system, these delays are shortened. This is also a function of the robustness of the Management of Change procedures in the department. The department must make sure that when there are changes to the program/system, there is also an automatic communication to the EHS audit program manager—and that these changes are reflected in the audit tools and auditor training. When there are wholesale upgrades or additions to the audit activities, it is wise to build in a sufficient delay before they will be measured for performance (outcome). This is different than the assessment of implementation (output).
Auditor training for management systems. Seasoned compliance auditors do not necessarily make competent management system auditors without significant training and retooling. Reliability in MS audits is more sensitive because of the qualitative nature of these audits. Many of the measures are ordinal. Compliance audit measures are mostly nominal and interval. These distinctions must be highlighted and understood by MS auditors. A good place to begin training MS auditors is through a 14001 or 18001 lead auditor course. When I train MS auditors, I also include a module on systems thinking to reinforce the foundational nature of this topic to the EHSMS and its auditing.
Leading indicators. In evolved audit programs that use validated audit tools and well-trained auditors, it is possible to identify leading indicators of EHS performance. Often, leading indicators are established with little empirical basis. When the C-Suite wants a corporate KPI for the EHS function, the EHS department must consider how the data represented by the KPI are collected and must be able to talk about the validity and reliability of these data. As leading indicators of EHS performance are refined, they can play an important role at the site/plant level for use in self-assessments.
Future directions. I’ve seen some evidence in cutting-edge EHS departments that EHS performance metrics are evolving to include EHS team performance and culture. These are metrics beyond traditional compliance and evolving EHSMS metrics. I am also observing the integration of EHS with sustainability and CSR functions in companies. With this comes the challenge of first defining the sustainability and CSR functions and then developing valid audit tools to measure their performance. Another layer is integrating these into one audit tool.
EHS audit programs do play a primary role in an organization’s enterprise risk management scheme. The protection provided by audits is essential. Forward-thinking companies have expanded the role of the EHS audit program to provide information use for organizational learning and continual improvement. The purpose of the program goes well beyond compliance. Departments can begin their search for a model on how to do this in the recently published ISO 31000:2009 standard on risk management. This document provides a template—a novel and innovative organizational learning tool.
© Redinger EHS, Inc. (2010)