Reacting to changes in government enforcement priorities, complying with new regulations and dealing with new and readily available technologies that help identify enforcement targets add to the already long list of environmental, health and safety (EHS) compliance challenges at regulated facilities. Coupled with this is the fact that evolving business climates have prompted regulated entities to view EHS as stand-alone profit-and-loss centers, similar to other corporate functions.

These factors impact the way EHS compliance is delivered, measured and achieved. To address the changing landscape, auditing practices must broaden in scope and shift focus in order to effectively measure compliance while delivering reasonable returns on the investment (ROI).

What Is Prompting Change?

Regulated entities perform audits when they need to determine compliance status, address an environmental health and safety management system (EHSMS) requirement or facilitate the purchase or sale of a business. In these instances, the compliance audit is effective at identifying regulatory program development needs and implementation gaps, and recommending how to gain immediate compliance and minimize liability.

Additional benefits often include penalty avoidance, meeting a customer's mandate or demonstrating that a facility is in substantial compliance and thus more valuable to a buyer or seller.

Compliance audits typically have not been used to assess the organizational structure of an EHS department, determine whether staff have the skills to address foreseeable future challenges or identify process changes to increase efficiencies and revenue. EHSMS conformance assessments, business operations reviews, energy conservation audits and pollution prevention engineering studies historically have been the assessment tools used for these purposes.

However, as EHS departments are asked to do more with less and contribute to the bottom line, the ability to deliver depends largely on receiving complete, actionable information with specific recommendations that show positive ROIs. Because all audits are time-consuming and resource-intensive, many regulated entities are starting to expand the traditional audit scopes to deliver EHSMS compliance data, as well as guidance on organizational structure, cost savings opportunities and corporate strategic direction. The success of this shift depends on developing and implementing strong, adaptive audit and assessment programs.

Changing Regulatory Focus

For at least 20 years, complying with air and hazardous waste (RCRA) rules has monopolized the time and resources of EHS departments, and has accounted for the lion's share of environmental audit report findings. Compliance challenges with these extremely complex rules continue. Under air, facilities now struggle with adapting practices and processes to comply with the volumes of proposed and final rules published in the Federal Register, ongoing uncertainty with the status of EPA's Clean Power Plan (entire DC Circuit panel scheduled to hear oral arguments on Sept. 27) and developing practices and operations to meet effective climate change-related rules.  

As regulators expand their enforcement and regulatory focus to include other programs, regulated facilities must react. For example, EPA recently announced it will emphasize enforcement on illicit wastewater discharges, reduce risk from accidental releases at industrial and chemical facilities and ensure safe municipal drinking water. Congress recently overhauled TSCA and charged EPA with conducting a systematic, scientific, risk-based review of every chemical bought and sold in the country.

These changes will require highly regulated facilities to devote increased resources to complying with these programs, while continuing to devote necessary resources to air, RCRA and numerous safety rules.

New Technology Impacts Inspection Decisions

The use of readily available and fairly inexpensive new technologies enable regulators, community members, environmental watchdogs and competitors to obtain quantitative emission and discharge data at the fence line. EPA now uses fence-line ambient air and surface water monitoring, in part, as an enforcement targeting tool, and EPA's “next-gen” policies stress the importance of technological advancements and fence-line monitoring in civil enforcement.

Communities also are using fence-line monitoring to better understand risks posed by local facilities and to encourage regulators to pursue inspections and enforcement (the Tonawanda Coke Corp. litigation was motivated by data generated by local residents). To better understand potential vulnerabilities, large industrial and manufacturing facilities that perform audits based in part on fear of inspection and non-compliance should consider including fence-line monitoring in the audit process.

Realizing ROI

Audits are a major investment. They take time, distract facility personnel and cost money. Ensuring a positive ROI requires facilities to identify goals and objectives as well as set expectations before deciding to audit.

Once stakeholders agree on these expectations, the audit should be designed and staffed to meet the established goals. Pre-planning is crucial, because audit goals and expectations vary widely based on facility or corporate needs and desires. For example, an audit that primarily is focused on compliance is staffed and approached differently than an audit designed to assess EHS department structure or improve cost effectiveness through process changes or energy efficiencies.

Each of the different goals a facility may have is evaluated using different processes, practices and auditors, and require different pre-evaluation planning and preparations. Obtaining the necessary information to increase ROI is possible if time and thought go in at the audit planning stage and all stakeholders have the same expectations.

Designing the Scope for Success

As more entities evaluate EHS as a stand-alone profit-and-loss center, EHS auditors should be asked to help answer business and strategic direction questions, as well as provide quantifiable recommendations with attractive ROIs that improve compliance.     

Ask questions like: What are the most significant risks this facility faces? Is the EHS department structured to ensure that the facility is and will remain compliant given current and future challenges? Do employees who impact compliance have the right tools and information to succeed? Can we streamline our operations and processes, and if so, how do we do it, how much will it cost and what are the potential gains associated with each recommendation? Can we be greener or leaner? How do we compare to our peers?  

More regulated entities are moving away from an audit that focuses on documenting every minor violation, and towards an evaluation process designed to provide big picture guidance on EHS. Specifically, in addition to evaluating and documenting specific areas of non-compliance, audits should provide recommendations that measure whether systems and departments are designed to achieve substantial compliance in the most cost effective and sustainable manner.

To ensure a complete understanding of a facility's compliance status, many facilities conduct comprehensive EHS compliance audits rather than perform components of an environmental audit (e.g. air only), or health and safety audit (e.g., physical or chemical hazards only).

Given the integrated nature of many EHS programs and the need to minimize risk and potential liability, this makes sense for several reasons. First, if a facility is auditing a research laboratory and reviewing compliance with RCRA and the Clean Water Act, including OSHA's lab safety, job hazard analyses and personal protective equipment requirements does not add significant extra time or cost and provides a much richer compliance understanding. Second, cooperation and communication between EPA and OSHA dramatically has increased. For example, the agencies now participate in joint enforcement training, share facility enforcement inspection reports and notices of violation (NOVs) and regularly engage in pre-enforcement inspection discussions. It's also become common for EPA NOVs to include factual allegations regarding employee exposures and safety hazards, and for facilities inspected by EPA to be inspected by OSHA soon after.

Depending on the nature of a facility's operations and risk tolerance, it often makes sense to add other regulatory programs to a compliance audit including: select agents, particularly hazardous substances; radiation safety; biosafety; federal Department of Transportation (DOT); or International Air Transport Association (IATA).  Using a traditional compliance status approach, a facility should expect a detailed summary of what compliance gaps/issues exist where, and how to address those issues to gain compliance today. Depending on the facility's goals and expectations, this may be enough.