Environmental, health, and safety (EHS) auditing can be a challenging profession. It is fraught with ethical and technical dilemmas, the need to stay technically and functionally competent, and the need to have interpersonal skills and attributes that only Moses possessed. For example, International Organization for Standardization (ISO) auditing guidelines require auditors to be ethical, open-minded, diplomatic, observant, perceptive, versatile, tenacious, decisive, self-reliant, acting with fortitude, open to improvement, culturally sensitive, and collaborative (ISO 19011:2011, Guidelines for Auditing Management Systems, Section 7.2.2). Really, can any one person meet these expectations? Probably not.

As a consequence, auditors often stumble during the process, and based on numerous observations and experiences, this happens to both internal and third-party EHS auditors. This article presents ten classic auditor failures and discusses ways to avoid them. The lessons are aimed principally at relatively new auditors, but the weary veteran should take note as well.

 

1. Overall Approach – Defining Success

Wrong: “We’re there to find problems. It’s almost like we’re getting paid by the finding.”

Right: “We’re there to help the site improve.”

Generally, in conducting an independent audit of an operating facility, both internal and third-party auditors are asked to be objective in their evaluation, are expected to work with the site in a supportive way to achieve improvement, and occasionally are asked to help the site prepare for a regulatory agency inspection. Auditors do not always appreciate the nature of their role and how their role differs from that of an agency inspector. There have been cases in which auditors have stated in the opening conference, “We get paid by the finding.” Although this is said in jest, site staff clearly will not appreciate the humor. Other auditors visibly relish uncovering deficiencies and have informal awards among themselves for the “finding of the audit.” Still other auditors are sensitive about being perceived as not having exerted sufficient effort if a finding threshold is not reached and about hearing “you just did not look hard enough.”

There should be no joy in identifying shortcomings. The role of the auditors is to be professional, independent, objective, and without bias and to let the facts dictate the outcome. An audit with very few findings does not necessarily mean the auditors didn’t do their job. It more likely means that the site is well run.

 

2. Preparation and Planning

Wrong: “We’ll hit the ground running on Monday; real-time planning is the way to go.”

Right: “We must be sensitive to the site’s scheduling needs; we should set an agenda prior to the audit and be on time for all events.”

Audits involve numerous interviews, daily meetings, opening and closing conferences, and other activities where on-time arrival is critical. In some cases, auditors have arrived late to a site because of air travel problems, have been late to interviews because they didn’t know where the interview was to take place, have come late for daily meetings because they underestimated the time an interview would take, and so forth. The auditor’s job is to be on time consistently for these activities, even if site staff is not. In other cases, when agendas are not prepared in advance, key site personnel are not available during the audit because of conferences, vacations, or other scheduled events. Not having access to key personnel can greatly reduce the value of the audit. Finally, if the audit team does not work through the agenda in advance of the audit, they could miss key observation opportunities, such as tanker truck loading or unloading events, or they might not arrive with appropriate personal protective equipment, which could prevent them from visiting key areas of the site.

At all times, auditors should know where they have to be and when. Auditors should understand the schedules of key site staff and work through potential conflicts in advance of the audit. Auditors should make necessary preparations to arrive on-site ready and able to visit key areas and interview key personnel. For opening conferences in particular, auditors should know how long it will take to get to the site from the hotel, what security or safety orientation will be required when they get there, and how long it takes to get to the meeting room from the “front gate.” Being late for the opening conference does not set a good precedent. Auditors should know how to get in touch with the site EHS coordinator, so that if they are running late, the site staff knows about it. Site staff shouldn’t have to come looking for the auditors.

 

3. Distractions

Wrong: “I have a lot of other work to do while I’m on the audit; I hope we have a good cell connection. I also need to be on the Internet with my laptop.”

Right: “This is going to be a very long week. I have some other work that I will have to do in the hotel at night. I hope the hotel has a fast wireless Internet connection.”

These days, auditors are minimally outfitted with a laptop and a smartphone. In a world where every e-mail and communication is “urgent,” auditors often feel a strong urge on an audit to use (or overuse) these devices to “stay in touch.” In some cases, auditors have taken a call during the opening conference; in other cases, auditors have spent more time on the phone or with e-mail during the audit day than on the audit itself. How do we know that this very inappropriate behavior has happened? Because we have observed it firsthand and have received complaints from clients about auditors not being dedicated to the audit while on-site.

All auditors must be discrete in the use of communication devices while on-site during an audit. Checking messages and conducting other work should be done only during lunch breaks (with permission) or back at the hotel. Auditors should be fully focused on the audit during the time spent on-site. They need to turn their phones off or to mute status.

 

4. Auditor Posture Towards the Site

Wrong: “They will hide things from us; we must be suspicious.”

Right: “They will be open and candid; still, we should be thorough.”

“Trust but verify” was a signature phrase adopted and made famous by U.S. President Ronald Reagan. Reagan frequently used it when discussing U.S. relations with the Soviet Union. This phrase translates very well to EHS audits. It is quite rare that a site will purposely hide issues from an audit team. On the other hand, if an auditor does not ask about an issue that the site might be facing, there are certainly cases where the site staff will not volunteer the information. Auditors must be rigorous in the evaluation but not necessarily suspicious of the site staff’s behavior.

 

5. Findings Ownership

Wrong: “The findings are mine; the site doesn’t have to agree.”

Right: “We can negotiate the findings but the final call is mine.”

There is a saying that “all things are negotiable.” It’s not clear that it applies to death and taxes, but it should apply to audit findings. For auditors, it makes perfect sense to listen to the site’s point of view on the technical merit of any particular finding and to do so sincerely. It should also apply when auditors are required to assign risk levels to findings (e.g., severe, moderate, or minor) or to classify a finding as a repeat. In auditing, most issues are far from black and white. Auditors should keep in mind that the word audit comes from the Latin word audire, which means “to listen.”

 

6. Findings Credibility

Wrong: “Findings can be based on my opinion; after all, that’s why they’re paying me.”

Right: “My findings should be defensible; they should be based on specific requirements.”

The U.S. Environmental Protection Agency (EPA) describes compliance auditing as “a systematic, documented, periodic and objective review by a regulated entity of facility operations and practices related to meeting environmental requirements” (“Environmental Auditing Policy Statement—Introduction,” U.S. Environmental Protection Agency, Federal Register, Vol. 51, No. 131, July 9, 1986, p. 25006.) These requirements can be regulatory in nature or self-imposed performance standards. Auditors should be principally evaluating the site’s status against these requirements and should avoid drawing broad conclusions based on personal opinions about what is appropriate. Notwithstanding this comment, auditors are sometimes asked to provide recommendations on how to improve performance generally, regardless of applicable requirements. This request is perfectly acceptable but these recommendations should be clearly distinguished from findings of deficiency with respect to compliance, and the focus of the audit should remain on compliance with requirements.

Auditors should understand precisely, and in advance, the expectations with respect to findings of deficiency and opportunities for improvement. If both are to be addressed, auditors should make sure that the basis for the observation, in either case, is fundamentally sound and defensible. Auditors will be challenged.

 

7. Day-to-Day Communications

Wrong: “We are secretive with the findings until the closing conference. We want to see the expression on their faces when we discuss the deficiencies.”

Right: “We communicate openly and freely throughout the on-site process. We want to get it right.”

The EHS on-site process should be transparent throughout. It benefits all concerned when potential findings are communicated as soon as they are observed. In numerous cases, an auditor believed that he had a “stone-cold” finding only to discover in the closing conference that he had misunderstood a site person’s comments or had not interviewed the right person. This situation can be quite embarrassing to the audit team. Sometimes, the fear of sounding too confrontational keeps auditors from raising issues early on in the process, but there are ways to open up the discussion of a potential finding without sounding too confrontational. One auditor, when initiating such a discussion with site staff, uses the phrase, “Would it be fair to say….”

 

8. Scheduling the Closing Conference

Wrong: “The closing conference will be scheduled based on my travel wishes.”

Right: “The closing conference will be scheduled to ensure that we’re done and the plant manager can attend.”

A closing conference can make or break an EHS audit. It is the culmination of the on-site work and typically involves the site manager and key site staff. Key corporate staff and legal counsel might also be in attendance, either in person, by phone, or by webinar. The logistics of scheduling the conference can be quite a challenge, particularly when remote participants are in different time zones. Auditors should be flexible and accommodating and schedule the conference to ensure maximum participation. If that means the audit team members miss their previously scheduled flights, then so be it; that’s why they invented Saturdays. Auditors who constantly look at their watches during the closing conference could be considered rude by some. Audits are not typically “a walk in the park.”

 

9. Communicating Post–On-site Findings

Wrong: “It’s okay if there are new findings in the report that were not discussed while the team was on-site.”

Right: “New findings will be very unlikely; if this situation occurs, we will alert the site before we issue the draft report.”

It is the goal of every audit team to be done with the audit proper before leaving the site. However, this does not always occur; further interpretation of a regulation might be needed, data or records might not have been readily available at the site, and so forth. Should post–on-site evaluations result in one or more new findings, it is only courteous to let the site know about these developments before the draft report is issued. Auditors should follow a “no surprises” philosophy.

 

10. Follow-on Work (third-party auditors)

Wrong: “This audit is going to be great! I’ll bet there’s $100,000 in follow-on work for us.”

Right: “We need to be clear about how we handle any potential follow-on work. Let’s wait until the audit is over and see what the client’s expectations are.”

Audits can be a source of follow-up work for third parties. After all, the objective on an audit is to identify all the EHS deficiencies at the site. However, if auditors appear too eager, which they sometimes do, to help the site fix all the identified deficiencies, it can come across as “ambulance chasing.” To be sure, clients have complained about this situation to third-party consultants, particularly when auditors are already proposing scopes of work on the first day of the audit.

Third-party auditors need to understand the rules with regard to follow-on work on each audit assignment. Some clients are more than happy to have the third party help the site correct the deficiencies. Other clients actually prohibit third parties from being involved in the fixes because they believe that this involvement compromises the independence and objectivity of the audit. For each client, the third party should know the rules before the on-site visit. In situations in which the auditor is allowed to help the site with the fixes, the auditor should show restraint while on-site and should wait until after the closing conference before discussing follow-on opportunities.

 

Conclusion

Wrong: OVERALL…“We were relentless in identifying, justifying, and reporting all of the site’s deficiencies.”

Right: OVERALL…“We made a substantial difference in improving the safety and environmental performance at the site.”

The overall value of an audit should not be judged by how many findings appear in the audit report. Rather, the focus should be on the value added to the site and the reduction in risk realized as a result of the audit. The value of the audit is maximized when auditors collaboratively work with sites to reduce risks.

 

Related Articles by Lawrence Cahill and Robert Costello

• Repeat Versus Recurring Findings in EHS Audits (Cahill and Costello)
• Environmental Audits Versus Health and Safety Audits (Cahill and Costello)
• Using Risk Factors to Determine EHS Audit Frequency (Cahill)
• Measuring the Success of an EHS Audit Program (Cahill)
• EHS Audits – Have We Lost Our Way? (Cahill)
• Statistically Representative Sampling on EH&S Audits: Expectations Established by Third Parties (Cahill)
• Outsourcing EHS Audits: Does it Make Sense? (Cahill)
• EHS Audits – Have We Lost Our Way? A Sequel (Cahill and Costello)

 

About the Authors

Lawrence B. Cahill, CPEA (Master Certification), is a Technical Director at Environmental Resources Management in Exton, Pennsylvania, U.S.A. He has more than 30 years of professional EHS experience with industry and consulting. He is the editor and principal author of the widely used text Environmental, Health and Safety Audits, which is published by Government Institutes, Inc. and is now in its ninth edition. He has published more than 60 articles and has been quoted in numerous publications, including The New York Times and The Wall Street Journal. Mr. Cahill has worked in more than 25 countries during his career. He holds a B.S. in Mechanical Engineering from Northeastern University, an M.S. in Environmental Health Engineering from Northwestern University, and an M.B.A. from the Wharton School of the University of Pennsylvania.

Robert J. Costello, PE, Esq., CPEA, is a Principal Consultant at Environmental Resources Management in Exton, Pennsylvania, U.S.A. He has more than 17 years of professional environmental resource management and consulting experience. Mr. Costello manages global regulatory compliance, management systems, and sustainability assurance programs and typically participates on-site in 30 or more audits and assessments per year. He holds a B.S. in Environmental Engineering from Wilkes University, an M.S. in Environmental Engineering from Syracuse University, and a J.D. from Syracuse University. Mr. Costello is admitted to the bar in Pennsylvania, is a licensed professional engineer in Pennsylvania and Delaware, and is a Certified Professional Environmental Auditor.

Photgraph: Greek Columns by Michaela Kobyakov, Linz, Upper Austria, Austria.

Return to the EHS Journal Home Page