Alice Harman May 27, 2020
Don't Fear the Audit
This is the first article of a two-part series on audits. In this post, we discuss creating value for your organization through a robust third-party audit program and an effective management system. In the second post of the series, we’ll look more closely at delivering nimble compliance support and expertise through virtual audits.
What is your ﬁrst reaction when you hear: “Your facility is going to be audited”? I used to work for a midstream and terminals company, and many of my colleagues expressed dread when they learned that one of our facilities was facing an internal audit.
- Are we prepared for someone to come take a look around our facility?
- The audit will distract from daily operations. Between the time needed to prep, pull information during the audit and inspect the site, this is going to hold up our other work.
- Our dirty laundry will be aired out and mistakes will be identified — is that inspection form completed fully and accurately? Does it have all the required information?
- Fixing any issues identified in the audit will require additional work, training, or capital expenditures.
At Huco, we have a more positive and proactive perspective on audits. When robust third-party audits are combined with an effective management system, they create opportunities for the EHS department to generate value for the organization. Bear in mind, though, that the audit alone does not create value — it’s what you do with the ﬁndings and how you track the resulting improvements that make the difference. I believe audits should empower you to continuously improve compliance and effectively manage risk for a stronger company. Here’s why:
Why shouldn’t I fear an audit?
- I am a glass–half–full kind of person, so I appreciate a fresh set of eyes looking at my compliance documentation. After seeing the same site every day, I may begin to unintentionally overlook things — it is human nature to become comfortable and even a bit complacent. Audits provide a new perspective for assessing on-site compliance activities.
- Working with an auditor can help me prepare for inspections and provide an opportunity to identify and resolve any gaps before the agency ﬁnds them. This enables me to improve performance and maintain the trust of both the agency and the general public.
- An audit is a chance to minimizes risk by identifying preventable issues.
- Audits enable me to leverage lessons learned from other sites and share best management practices across industry.
- It is an opportunity to cross train site-level teams on what to look for during audits. They can then use their experience at other sites.
Audits are an investment, but they can save long–term costs; there is significant ROI when it comes to preventing ﬁnes, penalties, injuries and workers comp claims, and through advanced scheduling, operations can plan ahead and avoid losing time for daily tasks to the audit process.
What constitutes a robust third-party auditing program?
We use the 7-element program outlined below when we conduct audits for our clients to ensure they get the most benefit possible from the experience:
Internally Driven Process
Management buy-in is critical to any project. If you need to get funding, we suggest tapping into the cost-benefit mindset.
Once your project is approved, we will work with EHS and Operations to create a schedule.
Preparation in Advance
The Audit Team Leader coordinates with the site to develop the agenda, scope and responsibilities for the SMEs. We will need permits, plans, and policies ahead of time. This is where time spent setting up your management system will come in handy!
Once all the prep work and scheduling are completed, we have the big day on site. While inspecting your site, the Audit Team will want to verify compliance on the ground. They will look at signage, labels, the condition of equipment and whether permit language lines up with actual operations.
You will typically receive the Lead Auditor’s draft report with input from the SMEs within two weeks. There will then be an opportunity to make comments and adjustments. Sometimes corrections are also made during the draft period and resolved before the final report.
The final report includes photos, the basis of findings (regulatory, permit or policy), details of each finding, a corrective action plan for each finding, a person assigned to ensure the finding is corrected and a timeline to resolve the findings.
Attorney Client Privilege
After the audit, the attorney reviews the compliance findings, and a determination can be made of whether self-reporting to the agency is needed and, if so, how to protect confidential information.
The power of your management system
A successful audit is not completed with receipt of the final report. After the findings are identified, you need to track them for correction and completion. Using an information management system with action plan or compliance calendar features is the best way to ensure that any assigned corrective actions are completed.
Information is only useful when it’s available to the people who need it. Every software tool has different features and best practices for sharing information. Whichever system you use, be sure to leverage it to share audit findings across your facility and even with other sites within your organization. Some tools offer weekly email reminders, others have push notifications or safety bulletins that go out to pre-configured lists or certain roles. If you are unsure how you can spread information and learnings from your audit, ask your system admin, or contact us for help with system sustainment planning.
Conclusion: A small investment can reduce operational risk
The mission of EHS is to ensure your workers go home safe each night, the public is protected from environmental incidents and your organization is not exposed to risk.
Some say audits burn time that could be used on daily operations. However, audits are a small investment in time and money that can save costs in the long run, particularly when it comes to fines, penalties or injuries – and the lessons learned are invaluable when it comes to protecting your stakeholders.