Recently the U.S. Occupational Safety and Health Administration (OSHA) conducted a Process Safety Management (PSM) inspection at BP’s Husky Refinery near Toledo, Ohio. The inspection resulted in 42 willful violations and approximately 3 million US dollars in proposed penalties. One of the actions proposed by OSHA was that BP “audit a statistically significant number of pressure vessels, piping and instrument controls during the company’s PSM compliance audits.” To my knowledge, this was the first time that statistically representative sampling has been proposed formally as part of any EH&S audit program. To say nothing of what is truly meant by the “statistically significant” phrase.

This expectation by OSHA caused me to evaluate the following third-party auditing standards for statements related to sampling on audits:

• The Board of Environmental, Health and Safety Auditing Certifications (BEAC) Standards, 2008
• ISO 19011 Auditing Guidelines, 2002
• Auditing Roundtable Standards, 1993
• U.S. Environmental Protection Agency (USEPA) Auditing Policy, 1986, 2000
• Institute of Internal Auditors Standards, 1997

A review of the above standards strongly suggests that only “appropriate sampling” or something comparable is the recommended practice. The language in each standard that applies to the use of sampling techniques on EH&S audits is provided below.

This audit initiative by OSHA, a small part of a very significant enforcement action, could mean the beginnings of more rigorous sampling expectations on EH&S audits. Or not. My belief is that presently very few, if any, companies use formal statistically representative sampling on EH&S compliance audits. Times could be changing; stay tuned.

BEAC Standards

“When conducting an audit, EH&S auditors shall use due care in examining and evaluating information they gather. This information shall be sufficient, complete, relevant and useful to provide a sound basis for audit findings and recommendations.” (Section III.8)

“Performance and Program Standards for the Professional Practice of Environmental, Health and Safety Auditing,” Board of Environmental, Health and Safety Auditor Certifications (BEAC), 2008

ISO 19011 Auditing Guidelines

“Audit evidence is verifiable. It is based on samples of the information available, since an audit is conducted during a finite period of time and with finite resources. The appropriate use of sampling is closely related to the confidence that can be placed in the audit conclusions.” (Section 4(e))

“During the audit, information relevant to the audit objectives, scope and criteria, including information relating to interfaces between functions, activities and processes, should be collected by appropriate sampling and should be verified. Only information that is verifiable may be audit evidence. Audit evidence should be recorded. The audit evidence is based on samples of the available information. Therefore there is an element of uncertainty in auditing, and those acting upon the audit conclusions should be aware of this uncertainty.” (Section 6.5.4)

“Guidelines for quality and/or environmental management systems auditing,” International Organization for Standardization, ISO 19011:2002(E)

Auditing Roundtable Standards

“While on site, auditors must gather information necessary to fulfill the audit objectives. The information collected must be relevant, accurate, and sufficient to support findings, conclusions, and recommendations. Appropriate sampling schemes should be utilized in selecting samples.” (Section II (C) (3))

“Minimum Criteria for the Conduct of EH&S Audits,” The Auditing Roundtable, 1993

U.S. EPA Auditing Policy

“A process which collects, analyzes, interprets and documents information sufficient to achieve audit objectives.” (Appendix, Section V)

“Environmental Auditing Policy Statement,” US Environmental Protection Agency, July 9, 1986

Institute of Internal Auditors Standards

“Information should be sufficient, competent, relevant, and useful to provide a sound basis for audit findings and recommendations.

1. Sufficient information is factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions as the auditor.
2. Competent information is reliable and the best attainable through the use of appropriate audit techniques.
3. Relevant information supports audit findings and recommendations and is consistent with the objectives of the audit.
4. Useful information helps the organization meet its goals.

Audit procedures, including the testing and sampling techniques employed, should be selected in advance, where practicable, and expanded or altered if circumstances warrant.” (Sections 420.2 and 420.3)

Standards for the Professional Practice of Internal Auditing, The Institute of Internal Auditors, 1997

About the Author

Lawrence B. Cahill, CPEA, is a Technical Director at Environmental Resources Management in Exton, Pennsylvania, U.S.A.

Mr. Cahill has over 30 years of professional EH&S experience with industry and consulting. He is the principal author of the widely used text, Environmental, Health and Safety Audits, published by Government Institutes, Inc. and now in its 8th Edition. He contributed four chapters in the 1995 book Auditing for Environmental Quality Leadership, published by John Wiley & Sons, Inc. Mr. Cahill has published over 50 articles and has been quoted in numerous publications including the New York Times and the Wall Street Journal.

Photograph: Blue Butterfly by Pigi Vigi, Tartu, Eesti, Estonia.

Return to the EHS Journal Home Page.