Internal Auditor’s blogs reflect the personal views and opinions of the authors. These views may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers’ employers or the editors of Internal Auditor.

EHS Auditing to Minimize Risk

Comments Views

​Environmental, health, and safety (EHS) risks are a critical component of any business' overall risk management portfolio, but are often overlooked.

EHS risks exist for every type of facility, regardless of industry. From chemical plants, to theme parks, to office spaces and warehouses, to all types of manufacturing, EHS risks impact every organization. Common environmental risks include those associated with air emissions, wastewater, storm water, hazardous waste, universal waste, oil storage, and aboveground and underground storage tanks. One example of an environmental regulation that affects nearly all facilities is universal waste, which includes light bulbs, batteries, mercury-containing equipment, and pesticides. There are training, labeling, accumulation, and storage requirements for these items, which are commonly found in any facility.

On the safety side, there are numerous regulatory requirements including those related to forklifts, cranes, handheld tools, confined spaces, lockout/tagout, safety equipment such as fire extinguishers and safety eyewashes, machine guarding, hazard communication, and exit routes to name a few. Most facilities, regardless of industry, are subject to safety regulations that focus on walking/working surfaces, exit routes, fire extinguishers, hazard communication, and electrical requirements. Of course, the more complex a facility's operations and activities are, the more regulations will apply.

The goal of an EHS regulatory compliance audit is to determine whether there are gaps between a facility and its activities/operations and the applicable federal, state, and local EHS regulatory requirements. Through observations of the activities and operations at a facility, interviewing employees, and document and record review, an EHS auditor can determine the compliance status of a facility. There are many benefits to conducting an EHS compliance audit. These include proactively identifying any regulatory compliance gaps between a regulation and what is going on at the facility, determining areas of significant risk or liability, and identifying opportunities to reduce costs. EHS audits can be conducted as the result of a response to stakeholder requests for increased disclosure, proactively per site or corporate requirements, or mandated as part of enforcement proceedings, to name a few audit drivers. Audits can be conducted by a team internal to the organization being audited, by a third-party consultant, or a combination of both.

There are numerous advantages to proactively identifying EHS regulatory noncompliance, including increasing awareness and understanding of applicable requirements, enhancing worker health and safety, and fostering environmental responsibility. In the U.S., any facility can be inspected by the Environmental Protection Agency, Occupational Safety and Health Administration (OSHA), or state or local environmental and safety regulatory agencies. Incidents of EHS noncompliance observed during a federal or state agency's inspection can have serious consequences, including monetary fines, negative publicity, a consent decree or mandated performance plan participation, and negative employee morale. It is important for organizations to consider how they would be prepared for an environmental or safety inspection, which can be triggered randomly by the agency or as a result of an environmental release or employee incident or injury.

Due to the complexity and volume of EHS regulatio​ns that may be applicable to an organization, it is as important to manage the organization's EHS risks as it is to manage any other aspects of risk to which the organization is subject.  

Internal Auditor is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.



Comment on this blog post

comments powered by Disqus
  • Galvanize-March-2021-Blog-1
  • CRMA-March-2021-Blog-2
  • Training-March-2021-Blog-3