Tag Archives: risk auditing

A Question from Your Company’s President/CEO: How Come the Audit Didn’t Find That?

Those of us who have been in EHS auditing for awhile have faced this question, either as internal corporate staff or as an outside auditor.

You know the situation – an EHS event occurs at a site, it gets reported up the management chain and the questions (and possible finger pointing) begin.

How could we have let this happen?

How come we didn’t know about this sooner?

What did the last audit find?

And finally…..  Why wasn’t it found or addressed in the audit?

Most EHSS audit programs were built to address compliance or management systems conformance.  Today, companies are beginning to approach these questions in a constructive manner, looking to develop risk-based EHSS audit frameworks.  We at Elm are frequently asked how to incorporate the concept of “risk” into audit programs.  For those wondering where to start, here are a few tips:

  • Use existing risk benchmarks within the company.  There is no need for EHSS risks to use separate definitions.
  • Actively and aggressively coordinate with all aspects of the company.  The business impacts of EHSS exposures are relevant to a surprising number of functions and actitivities.
  • Conduct a thorough EHSS risk assessment.  During this process, encourage and embrace discussions of “Black Swan” events.
  • Generally a two-dimensional framework is effective to communicate risk likelihood and impact separately.
  • Create a risk profile assuming controls will fail.  Remember that at this point, you are identifying a “gross risk profile”.  Effectiveness of controls should be evaluated in a separate step.
  • Evaluate the risk profile for auditable topics and elements.  Once the appropriate topics are identified, audit protocols can be developed.  However, these protocols are typically beyond the scope with which traditional EHSS auditors are comfortable.
  • Develop guidelines for appropriate corrective actions.  For example, a risk that is high impact/low likelihood may be best treated with a financial solution to reduce the economic impact of a rare event.  A management system approach to such a risk may not prove relevant or effective.

These ideas may help provide some guidance on how to move ahead, reduce real business risk and generate demonstrable economic value.

Upcoming EHS Risk Auditing Conference

The Auditing Roundtable
 Winter 2010 Meeting, Exposition, and Training  
“Incorporating Risk Management into EHSS Auditing” will be held in Phoenix January 11-13, 2010.

Laws, regulations, and standards keep changing, as to business goals, capabilities of IT, communications methods, and stakeholder expectations.  EHSS auditors fulfill a critical role in maintaining compliance with EHSS laws, regulations, and standards.  This meeting will focus on how EHSS auditors can help identify, evaluate, and help organizations manage risk in uncertain times.    Presentations will also focus on risk transfer and management, moving beyond compliance into risk management, auditing risk, and using risk-based approaches to managing audits and conducting auditing programs.  Regulations designed to reduce risk (including Homeland Security and Process Safety) and Business Continuity Planning will also be discussed.

Mr. Lawrence Heim of Elm is currently scheduled to speak on Merging Risk Management, EHS and Auditing Concepts.

The meeting will also continue with standard features, including industry sector break-outs, topical interest groups, and ample time to mix and mingle with EHSS auditing and management professionals.

The AR is also offering training courses on Basic Auditing Skills, Environmental Auditing, and Health & Safety Auditing.  Developed by request of membership, these courses offer the opportunity to brush up on basics, or to achieve greater proficiency.  These courses qualify for Continuing Professional Development credit for CPEAs, and applicants will find them to be a good resource in preparation for the Certified Professional Environmental Auditor (CPEA) exams offered by the Board of Environmental, Health & Safety Auditor Certifications.

For more information, click here.