Category Archives: audits

Auditing Roundtable in Phoenix Jan 9-10, 2012

I am in Phoenix right now attending the annual meeting of the Auditing Roundtable. I will be giving two talks. On Monday I will be talking about the duty of an auditor to report a violation that poses imminent danger to the public. On Tuesday, I will be discussing the difference between compliance auditing and management auditing.

If you are attending the same conference, look me up.


An auditor’s conundrum – an update

Since I posted my article on auditor’s conundrum a week ago on LinkedIn, I received many comments – from consultants, auditors and attorneys. Here is a summary of their comments:

Many consultants are concerned with breaching the confidentiality agreement with the client – even in the face of a continuing criminal act.  They seem to think that very bad things will happen to them and the criminal client will sue them. Some are concerned that word will get out and no one will hire them again. Here is my take: First of all, the client is not likely to sue the auditor for breach of confidentiality. Why? Because the client will have to show damages in court as a result of the breach. And there is NO damage. Now, if the auditor had disclosed proprietary information about the the client’s manufacturing process to his competitors, there would be damages. But in the case of notifying authorities of an on-going criminal act, where is the damage to the client? A thief cannot sue his friend for turning him in even if he swears him to secrecy.

As to the concern about the auditor’s reputation for breaching the confidentiality agreement, my take is that the auditor will have a better reputation as a result of stopping an on-going criminal act and protecting the general public. If a company is hesitant about hiring such an auditor who would stop a criminal act, you would not want such company as a client anyway.

The downside of NOT reporting an on-going criminal act (dumping of toxic wastes) for the auditor is great. What do you think the injured parties (people who end up drinking the contaminated water) will do to the auditor? Here is an environmental professional under contract with a client who is dumping toxic wastes and he fails to take action to stop the client. They are going to think the criminal act was done with a wink and a nod from the auditor.

Here is what the auditor should do: As soon as he discovers the illegal activity, he must tell the client to stop immediately. And if the client refuses, he should notify the authority to protect the general public regardless of the confidentiality agreement. At the same time, he should sever his relationship with the client immediately in order to protect himself from possible future action by the injured parties. The underlying reason for the auditor’s action is IMMINENT HARM to the general public.

Some have suggested that the confidentiality clause should include language that reads “except as required by law”. I would expand it to read “except as required by law or in the event of imminent harm to the general public.”

For those who are Professional Engineers, the incident as described in my article would require them to report to the authorities immediately. The overriding duty of a PE is to protect the general public. That duty overrides the confidentiality clause in the face of imminent danger to the public.

A classic example: A PE is hired by a building owner to inspect a building for structural integrity. The owner swears the PE to secrecy. PE discovers that the building is structurally unsound and may collapse any time. The owner proceeds to sell the building even with that knowledge. The PE now has the ethical duty to stop the sale by notifying authorities. Failure to do so may cost him his license and subject him to countless lawsuits by people injured by the collapsed building.

Where should your EHS auditors reside in your corporation?

Two of the most critical factors in EHS auditing are competence and independence of the auditors. Most corporate internal audit departments are staffed by accountants who have very little knowledge of environmental issues and regulations. The worst thing a company can do is to hand a checklist to these internal auditors (accountants) and ask them to do an EHS audit while they are doing financial audits. I have seen that happen at a Fortune 500 company and it was a total disaster. Not only did the incompetent auditor fail to understand the basics of environmental issues, he also produced a misleading paper trail. Luckily I was able to alert the corporate law department in time to kill the report and make sure it never saw the light of day.
On independence of the EHS auditor: It is a mistake to base EHS auditors in Operations because of the inherent conflict of interests. EPA's audit policy requires independence of the auditor and I am not sure this arrangement would satisfy that.
In my opinion, the law department is the logical place for EHS auditors. It also offers an added level of attorney/client privilege protection for the report. 
What do you think?

Some Practical Tips on Managing an Agency Inspection

Doing the wrong thing during an agency inspection can have bad consequences. Always be prepared for any agency inspection. That means you need to have all your environmental records in good condition at all times. Make sure they are up to date and easily accessible to the inspector. The last thing you want to have happened is to have the inspector wait around at your facility while you scurry around looking for records that the inspector wants to review.

Another thing to remember is NEVER reprimand your own employees in front of any inspector. Why? It gives the inspector a very negative perception of how you run your business and treat your employees. Furthermore, you have just humiliated your employee in front the inspector and you have just made an enemy out of that employee.

There are many more tips on how to manage an inspection that are discussed at our 2-day environmental seminars. We also have a live webinar on “How to manage an agency inspection.”

A new beginning for BP?

BP has a new CEO today.

A few days ago, BP signed a Consent Decree with the Department of Justice and agreed to pay $13 million for various Risk Management Plan violations under the Clean Air Act at its Texas City refinery. If you recall, there was a major incident at that refinery back in March of 2005 where 15 people were killed.

Thus far, BP has paid $137 million in fines which includes $50.61 million to OSHA for Failure to Abate violations under OSHA’s Process Safety Management standards. It has also spent $1.4 billion in corrective action. The OSHA fine is the largest fine in OSHA’s history.

BP conducted many internal environmental and safety audits before the March 2005 incident. Many safety and environmental issues were raised but little or no action was taken – according to the Chemical Safety Board investigators.

An expensive lesson learned?

Tips on writing audit reports

There are rules on how to write an audit report that is readable and can convey the message to the readers. Here are just a few of them:

  1. Use simple language. Do not use fancy words to impress the readers. Most readers are generally not impressed by big words. Always use familiar words. That does not mean you should not use long words. The word “instantaneously” is long but it is also familiar to most people. The word “alb” is short but it is not too familiar to many people.
  2. Get rid of deadwood. Here are some examples. Instead of saying “in the month of August”, just say “in August”. Instead of “a fine in the amount of $2000”, say “a $2000 fine”. Use “daily” instead of “on a daily basis”. Write as if you are being charged for every word – and not as if you are being paid for every word.
  3. Avoid accusatory words. Do not use these words: alarming, dishonest, perjured, intentional, negligent, willful misconduct, reckless, incompetent, fraudulent, dangerous, deplorable, criminal, etc.
  4. Write short sentences. Break up those long sentences into shorter ones. This makes it a lot easier for the readers.
  5. Stick to the facts. If you could not find a weekly inspection checklist, say so in your report. Don’t ay that the weekly inspection was never done. Just because you could not locate the checklist does not mean that the inspection was never done. The unavailability of the checklist may well be a separate finding.
  6. Be concise and precise. If you inspected 24 drums of hazardous wastes and 17 of them did not have “hazardous waste” labels on them, say so. Don’t say “many drum have no labels on them”. Say “17 out of 24 have no labels.”
  7. Avoid excessive use of acronyms. Don’t try to bedazzle your readers with your knowledge of technical terms and jargons. Keep in mind that many readers of your audit report are not engineers or scientists. Many senior managers are attorneys, accountants and MBAs. Acronyms such as PSD, RCRA, TRI, CERCLA, TSCA, RMP, PSM, etc will put them in a coma.
  8. Be specific in your conclusions. If you are doing a compliance audit and everything appears to be in order, the only thing you could possibly say is that “based on your review and visit on the day of the audit, the facility appears to be in compliance (on that day).”

Root Cause Analysis in an Audit – a simple example

When you perform an environmental audit and uncover anomalies, you should also do a simple root cause analysis. How do you do it? Here is a simple example:

Let’s say you are inspecting a hazardous waste storage area and you discover that one of the drums has no “hazardous waste” label on it. You do a root cause analysis. There are basically three possible reasons why the label is missing. One reason is that no one cares about the containers in the storage area. Another reason is that the label has simply fallen off. The third reason may well be that the plant personnel is not aware of the requirement to have a label on every container. You talk to the employees at the plant and you determined that the people there are pretty conscientious about the requirement and that they have received the necessary annual refresher training is required under RCRA. So the only plausible explanation is that the label had fallen off the container.

Then you ask the next question: Why did the label fall off the container? Once again there are several possible reasons. One — the container has been sitting around for so long that the adhesive power of the label has worn off. That does not seem to be a possible explanation since the plant personnel are quite conscientious about moving the drums off the premise before the 90-day time limit is up.

The other reason may well be that the label is of such low quality that it has very limited adhesive power thereby causing it to fall off the container after a short period of time. That seems to be the more plausible explanation.

Then you asked the next question: How did the plant end up with such low quality adhesive labels. In talking to the purchasing department, you discover that in an effort to save money, the purchasing agent decided to purchase the least expensive labels with the least amount of adhesive power.

Now you have the root cause of the problem-the lack of a hazardous waste label on a container. The remedy to this situation is for the purchasing agent to purchase a higher quality label.

By asking mostly open-ended questions, you should be able to find the root cause of most environmental problems.