EHS audits need to incorporate risk methodology

April 15th, 2013 by Dakota Software Staff Industry News

While corporate sustainability has evolved recently from a base of compliance into a larger movement toward greater assumption of environmental and social responsibility, experts have expressed concern, suggesting auditing is stuck in an operational and administrative check-up phase, preventing it from moving to a risk-based approach.

In a recent article for EHS Journal, Lawrence Cahill and Robert Costello reasoned EHS auditing lacks methodology and specific measures to analyzing risk. As a solution, they developed a risk assessment protocol that auditors can utilize.

Based on a four quadrant square, audit findings would be scored on a 1 to 10 spectrum measuring potential consequences of noncompliance and overall EHS risk. Those scores would then be graphed on a y and x axis. Findings scored in the upper right corner would represent serious risks, those in the lower bottom left would be of the lowest risk.

So how is risk measured?
Examples of findings that fell in Quadrant I (the lowest risk) are marginally high levels of pH in wastewater discharge or a permit without an expiration date; while Quadrant IV (highest risk) qualifiers would be undocumented industrial wastewater discharges.

Quadrant II and III (medium risk) findings include no hazard training for employees and storage of materials that are not compatible with one another.

Application to EHS
Through a few case studies on use of the risk methodology in auditing, Cahill and Costello concluded such processes can lend more value to the company through auditing, enabling it to be more than mere verification of protocol.

For example, in a case study of a U.S. company, the audit using the risk methodology found the business' average scores for EHS risk and consequences of noncompliance were particularly low: 3.0 and 2.2, respectively. As it turned out, the facility was not in operation during the time of the audit, and the comparatively low assessments for risks might have led the company to believe it was sufficiently shielded from such dangers. Through the audit, it was recommended corrective measures take place to sync auditing cycles with activity trends.

The risk methodology can be a beneficial added element to auditing, but compliance tools are also needed; Cahill and Costello make this clear when asking if auditors are equipped with such management capabilities to operate in other countries. As such, EHS software becomes a critical component to an organization's initiative to enhance its auditing agenda.