A Safety Management System (SMS) is a systematic organization of policies, processes, programs, procedures, and records. Like other management systems, an SMS is built on the Plan, Do, Check, Act/Adjust (PDCA) cycle. Ideally, safety-related activities are planned, done, checked (through auditing, inspections, investigations), and finally reviewed by both local and executive management to facilitate continuous improvement (i.e., adjust).

Keys to a Successful SMS

The primary purpose of an SMS is to effectively manage safety-related risks. But how does an organization ensure that its SMS—new or existing—actually does this? Kestrel has compiled the following best practice tips for implementing an effective SMS:

1. All employees with management or supervisory responsibilities must be visibly and conspicuously committed to safety and the SMS. Management demonstrates leadership and promotes commitment to improving safety performance through active and visible participation. It is up to management to routinely demonstrate that this is not just the “flavor of the month” but the organization’s way of doing business. (Choudhry, Fang & Ahmed, 2008; Hansen, 2006; Lyon & Hollcroft, 2006; OSHA, 2015)
2. Employees are engaged in the SMS—emotionally and cognitively. Employees must understand how the SMS works and believe in the value that it offers them and the organization. (Wachter & Yorio, 2014; Moraru, Babut & Cioca, 2011)
3. The SMS is integrated into other business objectives and aligned with other in-place management systems (e.g., quality, environmental). The SMS should support the company’s goals and objectives. Aligning and integrating with other systems further improves efficiency, consistency, and understanding. This also provides the flexibility needed to function in a dynamic business environment. (Hansen, 2006)
4. There are clearly defined safety policies and principles. Policies should be established, communicated, and updated, as necessary. (Hansen, 2006)
5. The SMS establishes challenging objectives, goals, and plans. High standards of performance that are tracked and measured ultimately lead to performance improvements. (Hansen, 2006; OSHA, 2015)
6. Contractors and other third parties are effectively managed. Contractors, suppliers, and others must be assessed and monitored for their capabilities and performance. Clear performance standards should be established to ensure that these third parties meet needs and uphold safety management expectations. (Hansen, 2006; OSHA, 2015)
7. The SMS ensures compliance with legal and other requirements. The SMS should help the organization to measure and verify compliance with applicable legal and regulatory requirements. (Hansen, 2006)
8. There is effective communication about the SMS, including clearly defined roles and responsibilities. Employees need to understand the purpose of the SMS and their roles in achieving related goals and objectives. (Hansen, 2006; OSHA, 2015)
9. Staff receive continuous safety training and development opportunities. Safe operations rely on well-trained employees and contractors who understand the SMS and how to perform their jobs in the safest ways possible. (Choudhry, Fang & Ahmed, 2008; Moraru, Babut & Cioca, 2011; Lyon & Hollcroft, 2006; OSHA, 2015)
10. The organization is committed to hazard identification, risk assessment, and implementing effective controls. Identifying, assessing, and prioritizing hazards can mitigate risks to employees, customers, contractors, and the general public. Procedures should be put into place to continually identify workplace hazards and evaluate risks. Doing so must be a continuous process with periodic inspections to identify new hazards. (Hansen, 2006; OSHA, 2015)
11. The organization conducts injury and incident investigations, produces reports, and follows through on corrective actions. Effective incident investigations provide the opportunity to learn about and improve safety performance. Investigations should identify the root cause and contributing factors, determine and track corrective actions, and share lessons learned across the organization to prevent recurrence. Perhaps most importantly, the organization should refrain from using the investigation to figure out who to blame for the incident. Fault-finding, rather than fact-finding, leads to mistrust and a negative safety culture. (Singh, 2014; OSHA, 2015)
12. Audits provide the opportunity for ongoing re-evaluation and to demonstrate a strong commitment to continuous improvement. The SMS must be regularly reviewed to ensure that it is delivering consistent, desired performance. Planning and implementing internal audits helps verify whether safety processes and activities are meeting goals and creating the desired outcomes. Audits also help determine the effectiveness of the SMS and uncover new opportunities to systematically guide the PDCA continual improvement process. Sharing best practices and lessons learned further promotes ongoing improvement. (Hansen, 2006; Choudhry, Fang & Ahmed, 2008)
13. Risk-based, data-driven decision-making is informed by both leading and lagging indicators. While lagging indicators provide valuable information for SMS improvement, leading indicators provide that information without waiting until someone gets hurt. Advanced statistical techniques and predictive analytics can help predict where and when an incident will happen based on leading indicators. Organizations can make drastic safety performance improvements by making a strategic, sustainable investment in gathering and analyzing leading indicators.
14. Implementation is guided from the top down; buy-in is obtained in all levels of the organization. Ownership of the SMS resides with the safety department and executive management, while ownership of implementation and performance resides with all departments and operations. Safety should be continually reinforced as a line-organization responsibility. (OSHA, 2015; Choudhry, Fang & Ahmed, 2008; Moraru, Babut & Cioca, 2011)
15. The SMS builds on and improves what already exists. The SMS should fit within the organization’s existing business structure and be tailored to the organization’s needs, operations, risks, processes, culture, and existing strengths.

SMS Benefits

For organizations that are able to implement a strong SMS, there can be many benefits. For example, the Health and Safety Executive in the UK (Greenstreet Berman Ltd, 2006) published six case studies in 2006 illustrating the benefits of implementing an SMS. Some of the business benefits identified in these case studies included the following:

• 50% reduction in absenteeism
• Static or decreased insurance premiums
• Access to wider market based on improved safety outcomes

Another case study published in 2010 describes Newell Rubbermaid’s SMS success, as the company realized an 80% reduction in recordables and an 81% reduction in workers compensation costs after implementing a proactive SMS (Zahn, 2010).

In general, most organizations that adhere to the best practices described above may realize:

• Improved health and safety performance and compliance
• Greater operational efficiency
• Reduced injuries and injury-related costs
• Lower insurance premiums by demonstrating to insurers that risk is effectively controlled
• Better morale when employees see employers actively looking after their health and safety
• Improved reputation that comes with the public noticing the organization’s responsible attitude toward employees
• Improved business efficiency and, correspondingly, reduced costs

Spring is here…warmer temperatures, melted snow, anticipated rain, and, unfortunately, elevated flood warnings. Is your facility set with its flood preparations/Storm Water Pollution Prevention Plan (SWPPP)?

Safeguarding Against Spring Thaw

Many areas, primarily across the Midwest, are at a far higher risk of flooding this spring due to heavy winter snowpack, near record levels of soil moisture, and existing stream flows that are already significantly higher than normal. Spring thaw is a critical time to evaluate potential runoff impacts from storm waters and to ensure compliance with regulatory requirements for storm water management, particularly this year.

Permit Requirements

According to the U.S. Environmental Protection Agency (EPA), “The National Pollutant Discharge Elimination System (NPDES) permit program addresses water pollution by regulating point sources that discharge pollutants into the waters of the United States.” NPDES permits are issued by states that have obtained EPA approval to issue permits or by EPA Regions in states without such approval.

Businesses with specific SIC/NAICS codes are required to have NPDES general permits in place to help assure protection of the nation’s surface waters. If a business is required to have an NPDES general permit, they are also required to have a Storm Water Pollution Prevention Plan (SWPPP) for their site.

What Is a SWPPP?

A SWPPP is a site-specific, written document that is required to comply with a storm water general permit. The SWPPP describes:

• Potential sources of storm water pollution at the site
• Activities to control sedimentation and erosion
• Practices to reduce pollutants in storm water discharges from the site
• Procedures to comply with the terms of the general permit and Clean Water Act requirements

SWPPPs are intended to be “living” documents that are updated to reflect changes at the site. With thawing, raining, and flooding in the forecast, it is important to review the SWPPP and any Best Management Practice (BMP) strategies to ensure the site is effectively managing storm water and meeting permit and regulatory requirements.

SWPPPs and BMP Strategies for Low-Level Contamination

Kestrel recently talked with the Iowa Department of Natural Resources (IDNR) about how sites can manage the potential impacts of storm water runoff due to anticipated flooding. Here are a few tips to share based on discussions and consultation with IDNR:

Q: If the sites have had no known spills and have evaluated the contained storm water (visual evaluation for sheen, pH testing, BOD, VOCs, Tier II chemicals, and/or any requirements listed on their NPDES permit), is it an acceptable management practice for them to pump the storm water from their containment areas if they are filled with storm water? If they can pump the storm waters, where is the best option to pump them to? Is it acceptable for the industry to pump the retained, non-impacted storm waters to a ditch/culvert basin off their industrial site property?

A: Under the conditions described, storm water can be pumped out of the containment areas when the facilities are permitted if they are required to have permits. The water can be pumped anywhere to which storm water runoff could otherwise be discharged. The discharge by pumping is no different than a discharge by natural runoff, but if the water is clean, it is best to pump during low flow to not exacerbate any issues caused by high flows.

Q: If a business meets the SIC code requirement and all they store outside is a garbage dumpster with a poly lid that covers the top, do they still have to have an NPDES general permit and a SWPPP?

A: Unless the dumpster is covered by a storm-resistant shelter that also precludes run-on and subsequent runoff from the area of the dumpster, including loading and unloading areas, a permit would still be required despite the presence of the lid on the dumpster.

Storm Water Preparedness

Kestrel has worked with many industrial sites that have engineered detention basins designed to help with storm water management and, in some cases, containment for chemical spills or fire waters. Frequently, management of these sites during high water events and in compliance with regulatory requirements can be confusing. Kestrel understands how to manage onsite detention basins that have filled with spring thaw waters and rain.

Contact Kestrel today for a 30-minute, no-obligation consultation to discuss your storm water management and permitting needs. We can help you identify and implement SWPPP and Best Management Practice (BMP) strategies to effectively deal with storm water and potential runoff impacts—and ensure compliance with your National Pollutant Discharge Elimination System (NPDES) permit requirements.

Join NACD and Kestrel on Thursday, April 4 at 12:00 p.m. (EDT) for a webinar on the U.S. Food and Drug Administration’s (FDA) Food Safety Modernization Act (FSMA). During this webinar, Kestrel’s Roberto Bellavia, Principal in Food Safety Compliance, will provide an overview of FSMA rules applicable to the chemical ingredients industry, focusing on the receiving, storage, production, blending, and transportation of these products. Register here.

This webinar is a precursor to an upcoming in-person NACD regulatory workshop during which Kestrel will cover the FSMA regulations in-depth. This workshop will take place on June 12-13 in Oak Brook, Illinois, immediately following the Central Region Meeting. Registration for the workshop is forthcoming.

Designing and implementing a compliant Food Safety Management System (FSMS) can help organizations improve in many areas beyond the system’s defined tasks. It is critical for management to align the food safety objectives with the business needs for a successful and meaningful program implementation. Here are some of the top reasons why companies that work in the food industry may want to pursue developing and implementing an FSMS:

10. Identify and categorize the organization’s food safety risks.
Once this information is known, management can prioritize and decide how to eliminate or reduce business risks and liabilities to acceptable levels. These risks are often better controlled through strict management accounting. As a bonus, employees will become more attuned to thinking about risks and helping management improve overall operations.

9. Develop work instructions and/or procedures to guide employees’ actions and to ensure that each food safety task is completed in a disciplined manner and approved by management.
This will reduce the risk to an organization of an employee accidentally making a food safety mistake that causes the employee or others to be harmed (or worse). It also reduces the company’s risk of government inspections, fines, poor public perception, and loss of business due to a possible recall.

8. Assure management that they, in fact, know and understand the regulatory food safety requirements that must be met daily.
These requirements can be a driver of continual improvement by ensuring that the company has up-to-date procedures and work instructions for employees to follow every day.

7. Develop meaningful goals and objectives that drive food safety performance improvements and possibly reduce additional costs.
Each business will have different goals and these goals will likely change each year. Goals assure continuous improvement in food safety performance for the business over time.

6. Create a strong training and educational program that stems from well-written procedures and work instructions and that clearly defines the company’s requirements.
A well-trained workforce is a motivated and happy workforce. Turnover is reduced, accidents and incidents decrease, and production efficiencies increase. Employees are very aware when an organization takes time to ensure that each job requested is completed in the safest manner possible.

5. Develop appropriate monitoring and measurement practices.
Once all food safety requirements (e.g., FSMA, USDA, GFSI) are known and understood, the organization will be able to gauge food safety performance based on scientific data and regulations, and then guide the organization’s actions in a direction of continuous improvement and compliance.

4. Verify the FSMS is functioning as designed and implemented.
By continuously auditing each food safety program and function, the organization will discover issues of concern and non-conformances prior to an incident or agency/certifying body finding. Routine, non-biased audits allow the company to choose a timeframe that will help improve the situation without undue influence by outsiders.

3. Monitor and trend issues of concern and/or non-conformance and the actions used to rectify them through a fully functioning corrective/preventive action program.
As employees watch management fix problems, they will learn that management is concerned about continuous improvement. This will prompt employees to start making their own improvement suggestions. These suggestions will further drive improvement in areas outside the original FSMS.

2. Evaluate the business model and the FSMS in a holistic fashion.
By using this self-reflection and identifying improvement opportunities, management can direct responsibilities for improvement actions across many departments of the company. Each of these improvement opportunities has the potential to help the bottom line and reduce the possibility of a food safety liability now or in the future.

1. Know that the company has done everything to maintain the business in a manner that meets all food safety rules and regulations.
The last and most important benefit for an organization that goes through the process of designing and implementing a compliant FSMS is knowing that the organization has done everything possible to maintain its business in a manner that meets all food safety laws, regulations, and statutes every day the doors are open for business. To a business owner, that knowledge is priceless. This is how brands are built and how they maintain the promise of food safety to consumers.

Strong safety performance is a cornerstone of any business. For many companies, it can make the difference in being qualified to work with customers and successfully expand the business.  On the other end of the spectrum, repeated safety accidents can lead to potential serious penalties and higher insurance rates for failing to comply with OSHA safety requirements.

Safe facilities, work practices, and training help to attract and retain employees and enable them to go home at the end of the shift without workplace injury or concerns. In addition, workers’ compensation rates and the ability to maintain adequate insurance both depend on an organization’s safety performance.

OSHA Safety Compliance and Inspection

Safety compliance with federal regulations is getting much more attention by the Occupational Safety and Health Administration (OSHA) due, in part, to a variety of significant accidents occurring over recent years. Many relate to the manufacturing in high risk industries where the impacts have caused injury, evacuation, environmental impacts, and significant business disruption. While not frequent, accidents like this draw attention from the public and communities, news media, regulators, and regulatory agencies. This, in turn, has increased scrutiny on all businesses, especially those in high risk industries or having a history of safety issues. When it comes to safety compliance, an organization should never be overly confident.

Increased inspections for non-compliance with safety regulations have been emphasized. OSHA tracks the types of safety violations found and their classification as “serious” or as “willful”. A serious violation is defined as “one in which there is a substantial probability that death or serious physical harm could result, and the employer knew or should have known of the hazard”. A willful violation is defined as one “committed with an intentional disregard of or plain indifference to the requirements of the Occupational Safety and Health Act and requirements”. Willful violations can also be applied to multiple plants in the same company.

The top 10 “serious” violations reported by OSHA for federal FY 2018 were:

1. Fall Protection
2. Scaffolding
3. Hazard Communication
4. Ladders
5. Lockout/Tagout
6. Respiratory Protection
7. Machine Guarding
8. Powered Industrial Trucks
9. Fall Protection – Training Requirements
10. Personal Protective and Life Saving Equipment – Eye and Face Protection

All of these violations can be associated with the typical equipment and practices associated with manufacturing operations or other physical plant activities for maintaining processes and equipment.

Willful violations can result in significantly greater penalties, with related fines tripled should a violation be classified as in this category, and even greater penalties for multiple plant violations under the same corporate ownership.

The top 10 “willful” violations reported by OSHA for FY 2018 were:

1. Fall Protection
2. Lockout/Tagout
3. Grain Handling Facilities
4. Requirements for Protective Systems
5. Respiratory Protection
6. Machine Guarding
7. Fall Protection – Training Requirements
8. Mechanical Power-Transmission Apparatus
9. Hazard Communication
10. Permit-Required Confined Spaces

A best practice recommendation is that plant management should take the opportunity to review this list and validate their understanding of the related regulations and the level of compliance at their plant(s).

Opportunities for Improvement

Each of these standards represents an opportunity for assessment and improvement for plant managers and owners in the industry. Violations in these standards can take a variety of forms, including a failure to have not only the appropriate procedures, but necessary updates, training, internal inspection and recordkeeping. Be aware that vulnerability in compliance could be associated with evolving changes, including time, process, personnel, and materials. This is also known as “management of chain” necessary for maintaining and keeping programs current with requirements.

The question for plant owners and managers is, “What should we do now to both meet the requirements and establish a plan should we be confronted with an OSHA inspection?” These represent two related activities that need to be addressed to best ensure that the company can and will achieve the best in both situations.

Taking Action

When it comes to determining the level of your existing OSHA programs against compliance issues and potential accidents, there needs to be both short-term and longer-term actions. The goal of the actions will be to provide the results of what will need to change in your OSHA compliance programs. There will be a range of results depending on how well the programs were developed, implemented, and updated. Regardless, the goal is to provide a means to assess and make this determination. We recommend taking the following short-term (if not immediate) actions:

• Schedule a meeting with key management and safety and health staff to develop a plan to review and confirm all OSHA programs for compliance to the standard. It is not uncommon for internal audits and insurance company audits to be based on confirmation of a compliance policy and not the level of detail required in the implementation of the policy. In the meeting, a complete review of programs should be delegated, including a review of the OSHA standards themselves. This should be based on criteria, including the level of detail, training, and updates and supporting logs/records.
• As part of this process, conduct a review of the last three years of internal and loss prevention reports, including local fire. The findings of these should be compared against review findings to verify that necessary changes have been implemented.
• The review should include a review of the OSHA reporting and recordkeeping requirements. Again, this should be reviewed based on three years of historical records.  Not only should these records be verified to be accurate and complete, but each accident should have resulted in a corrective action of either an unsafe situation or the retraining of an employee. This information should be checked, as well, and any additional actions made to fully comply.
• Should you have had any past OSHA inspections at your facility or if you have multiple locations, you need to ensure that proper actions were taken to close these issues. Again, it is very important to verify and assemble all of the related records.
• You will need to require that multiple physical walk-troughs are conducted for all work, personal, and administrative areas for compliance. This should be done by updating or creating a safety inspection checklist for each section, area, and department to confirm that there are no violations in manufacturing and administrative areas alike. Note that one area often missed is the adequate spacing and egress from office cubicles and file rooms.
• Your review should lead to the determination of corrective actions of your programs.  These corrective actions need to result in immediate “short-term” updates and implementation of your safety programs. This needs to be announced and included in the training that will need to be scheduled and documented.
• Concurrently, a qualified person should be assigned to compare the review findings, your accident statistics and the top OSHA violations. If there are common links to programs, statistics, and OSHA violations report, an added level of scrutiny should be placed on this area and the resulting program updates.
• Ensure that all of the basic requirements are met and in compliance, including accident/injury records, training records, inspection logs, and a log for all program updates implemented.

Inspection Readiness

Provided that the items above are done correctly will greatly reduce your risk for compliance issues and create a safer work environment for your employees for the short term. To fully verify the changes, a confirming review or audit should be completed within a 30-45-day strict timeframe, and any additional changes or training should be completed immediately. This will also put you in a much better position for an OSHA inspection should you be identified to require one. Some additional points to readiness for an OSHA inspection include the following:

• Ensure that you have or develop a policy for a regulatory inspection that can be implemented immediately. This would cover OSHA and other possible inspections.
• Assign a designate with responsibility for representing the company for an OSHA inspection. Until the designate is ready for an inspection, the inspector should be kept in a neutral office or conference room and away from all levels of activity.
• The tour should be as that for any other visitor. Ensure that the inspector wears all of the required PPE at all points during the tour and is provided all of the awareness required for all personnel. The inspector should never be left alone and not allowed to disrupt the work activities in any way or at anytime.
• Develop a list of the do’s and don’ts of information to be provided or shared with an inspector. When in doubt, decline to answer until the proper answer can be determined.  This list should include what the inspector is entitled to request and what you do and do not have to provide. Say very little and even less if asked.
• A copy of all information, notes, photos, and videos should be kept for the company records, and the designate should ask the inspector to answer any related questions.
• Note that if the inspection carries for multiple days, it will provide the designate to verify and communicate specific concerns for direction from senior management or counsel.
• At the closing conference, the inspector will take time for a write-up and to determine apparent violations. During this presentation, you need to challenge any such issues and take the position that there are no violations.
• The inspector will take several weeks to formalize the report, during which time you are not required to answer any follow-up calls.

This information presents a briefing on handling a typical OSHA inspection. Certain events could change how you handle an inspection in follow-up to an accident. Additionally, note that if you conduct an OSHA Program review and make the proper changes, you will be in much better readiness condition for an OSHA inspection. Regardless, the planning and demeanor of the designated contact for the inspection should be the same.

Owners and managers of companies need to focus on prevention and on the overall culture of the company in terms of taking the necessary steps to reduce risk and make prevention part of daily operations. Good practice is to examine the workplace broadly, identifying and assessing hazards, and developing and implementing appropriate controls. This helps ensure employees are protected in the workplace and regulatory compliance is achieved.

Cost-effective management of environmental liabilities is a challenge for any organization, but it is particularly challenging for those companies with a large portfolio of liabilities at varying stages of maturity. The complexity of liability management is increased even more for those organizations adhering to generally accepted accounting practices (GAAP), which apply additional requirements to the process. Ultimately, the goal of liability management is to create a reliable system that enables the company to minimize risk and quickly drive projects to closure with as little expenditure of internal and external resources as possible.

The manner in which a liability is accounted (and managed) is based largely on the liability itself and the available information. Environmental liabilities are typically managed as either loss contingencies or asset retirement obligations (AROs). A company may also decide to address certain environmental liabilities as operating expenses or capital expenditures. Regardless, companies should employ a cross-functional team (i.e., finance, law, operations, and EHS departments) to establish and document a repeatable and defensible process—consistent with applicable GAAP standards—for how the liability will be managed. Further, companies should develop standard procedures that define how and when costs associated with the liabilities are estimated.

Environmental Loss Contingencies

An environmental loss contingency represents the cost to remediate an environmental liability where:

1. It is probable that the liability has occurred, and
2. The cost can be reasonably estimated.

The GAAP for loss contingencies is established in Accounting Standards Codification (ASC) 450-20. In very general terms, environmental loss contingencies include environmental investigations and remediation that are not the result of normal operations and that are generally triggered by a regulatory agency action or order.

As stated, the goal of loss contingency management is to create a system to cost-effectively minimize risk and quickly drive projects to closure, while keeping in mind the ultimate outcome of enabling future final use options to return the property to productive and valuable use without rebound liability.

Lifecycle Costs of Remediation

While the most significant cost of a remediation project is typically the expense of the remediation itself, the overall lifecycle cost of a project can be impacted significantly by the following:

• How efficiently a project moves from stage to stage (milestones) and, ultimately, to closure. Many projects get stuck at some point along this path, often significantly increasing the overall project lifecycle cost. Maintaining project velocity through each milestone can keep costs in check.
• The project team’s understanding of critical aspects of the Conceptual Site Model (CSM) before remedies are selected and implemented. Often, projects jump to a remedy—particularly interim remedies—before there is a clear understanding of the CSM (i.e., constituents of concern (COCs), pathway, receptors), resulting in premature or only partial remediation.
• Failure to address all risks associated with a site. This can include physical risks associated with buildings, foundations, and other historical operating structures and equipment.
• The project team’s understanding of the designed project end point. A periodic assessment of the end point of a project is vital to aligning stakeholders and ensuring that all efforts are directed toward the desired outcome. As data and information are collected on a project, it is sometimes necessary to reset the project strategy toward an alternative end point.
• How efficiently and effectively the project team communicates critical project information for decision making. A portfolio-based approach establishes a standard way of communicating project activities, schedule, and budget. This allows for more efficient communication between critical internal stakeholders (e.g., legal, public relations, real estate, and senior management) and with external consultants/advisers.

Portfolio-Based Management Model

There are several key elements to developing an effective portfolio-based management model, including those described in the sections below.

Standard Project Milestones
Controlling a large number of ongoing site remediation projects requires establishing a series of standard project milestones (i.e., project progressions) and associated work subtasks. This standardization establishes a common language and sets the framework for developing common subtasks for project budgeting and scheduling.

A milestone structure for remediation projects would typically include the items listed below. This structure can be adapted to projects where certain impacts to groundwater or soils can move at different velocities through project milestones.

• Project startup: Early project activities that typically include records review, strategy development, regulatory agreement negotiations, etc.
• Preliminary site investigation: Initial data gathering to assess the nature and extent of the impacts; may end with a Remedial Investigation Report (RIR)
• Site characterization and risk assessment: Complete characterization of the site to develop a CSM based on COCs, pathways, and receptors, and to identify physical aspects of the site that must be addressed as part of the project
• Feasibility study: Assessment of alternative remedial options
• Final design: Post-regulatory approved remedy design
• Implementation and OM&M: Remedy implementation and ongoing operation, maintenance, and monitoring
• End point: The targeted point for each project when all work necessary to eliminate the risk has been conducted or the point when no further work will result in additional risk mitigation

Standardized Work Breakdown Structure
For each of the milestones, a common set of subtasks is established to facilitate the development of detailed project workplans and for schedule and cost tracking. These subtasks ensure that workplans consider all the activities required to complete the work and allow for standardization across projects.

Having standardized project milestones and subtasks creates an additional benefit in that they can be used to create a more consistent and documented method for estimating contingent liability under ASC 450-20. By developing lifecycle cost estimating rules for each milestone, a company can ensure that its projects are using a common estimating logic (i.e., known and estimable) for determining the cost of investigation, design, and remedy implementation. A similar process could also be developed to ensure common estimating standards are applied to AROs ASC 410.

Project Control and Change Management
One common flaw in remediation projects is the tendency to enter into interim remedies or to identify a remedy that is not supported by data. This often results in incomplete remedies being implemented or remedies being installed that are not tied to a clear end point.

Developing standard project workplans allows for efficient project control and change management. As work progresses through milestones, data and information emerge to help identify a data-driven set of alternative remedies or a presumptive remedy. The disciplined progression of a project through milestones prevents projects from jumping to a preferred remedy without supporting data.

In addition, periodic review meetings—a key project control—create touch points to:

• Review all aspects of the project’s scope, schedule, and budget
• Test the validity of the end point
• Emphasize the continued forward momentum of the project

Centralized Project Database
Implementing a centralized database, such as Kestrel’s liability and asset management tools, to house all project workplans and other key documents provides another valuable project control. The central project database becomes the real-time repository for project information. Functionality includes the following:

• An internal database for tracking project scope, schedule, and budget for projects in a web-based workplan format
• Exportable workplans for use outside the database
• Password-protected access of the system to allow consultants to see only their projects and company staff to see all projects
• Front-end dashboard to allow senior management to monitor key project activities/status at a glance
• Ability to store key documents for each project
• Customizable project information page that houses project information (e.g., key contacts, project details, COCs, involved media)
• Customized project reports and summaries
• Ad hoc query capability

Periodic Project Reviews
Despite all good intentions, projects (particularly complicated ones) can drift off track or hit dead ends. When these situations occur, Integrated Site Reviews (ISR) can keep projects progressing to the appropriate end point.

A formal ISR can include an external facilitator for larger, more complex projects or be adapted by the project team for smaller projects. An ISR typically follows these steps to validate the project’s direction or to reset a new direction:

• An ISR team is formed consisting of a cross-functional group of stakeholders that could include the consultant, legal, internal environmental manager, real estate, operational staff, and other outside experts. Pulling together all stakeholders ensures that there is alignment and agreement on the selected end point.
• The ISR team meets (typically for no longer than a day) and goes through a structured review of technical, regulatory, legal, and third-party project drivers.
• Depending on the stage of the project, a blue sky set of alternative end points is identified.
• The alternative end points are developed, discussed, and evaluated.
• In the end, the current end point is either validated or a new end point is developed.
• All necessary changes to the project workplan are made.

Companies can respond to the challenge of managing contaminated properties by either internally staffing up to provide day-to-day oversight of the projects or by outsourcing the projects to a consultant, who can efficiently execute the project and serve as the public face. Whichever route a company decides to take, following the key elements described above will allow for effective portfolio-based management that will reach the desired end points.

On January 24, 2019, OSHA published the final rule revising the Improve Tracking of Workplace Injuries and Illnesses regulation. This rule rescinds the requirements for establishments with 250 or more employees to electronically file information from OSHA Forms 300 and 301. These establishments will continue to submit information from their Form 300A.  In short, all covered employers must electronically submit, as follows:

• Establishments with 250 or more employees that are subject to OSHA’s recordkeeping regulation must electronically submit to OSHA some of the information from the Log of Work-Related Injuries and Illnesses (OSHA Form 300), the Summary of Work-Related Injuries and Illnesses (OSHA Form 300A), and the Injury and Illness Incident Report (OSHA Form 301).
• Establishments with 20-249 employees in certain high-risk industries must electronically submit to OSHA some of the information from the Summary of Work-Related Injuries and Illnesses (OSHA Form 300A).
• Establishments with fewer than 20 employees at all times during the year do not have to routinely submit information electronically to OSHA.

In the final rule, OSHA emphasized the new rule does not change any employer’s obligation to complete and retain injury and illness records under OSHA’s regulations for recording and reporting occupational injuries and illnesses.

Additionally, OSHA is amending the regulation to require employers to submit their Employer Identification Number (EIN) electronically as part of their submission to enhance data and further improve worker safety and health.

Post Your OSHA 300A by February 1

Do not forget! The OSHA Form 300A log must be posted every year by February 1, summarizing all injuries from the previous year. The log must be visible from February 1 until April 30, and must be signed by a company executive or authorized representative, indicating that the information is true and accurate.

Regulatory enforcement, customer and supply chain audits, and internal risk management initiatives are all driving requirements for managing regulatory compliance obligations. Many companies—especially those that are not large enough for a dedicated team of full-time staff—struggle with how to effectively resource their regulatory compliance needs.

Striking a Balance

Using a combination of in-house and outsourced resources can provide the appropriate balance to manage regulatory obligations and maintain compliance.

Outsourcing provides an entire team of resources with a breadth of knowledge/experience and the capacity to complete specific projects, as needed. At the same time, engaging in-house resources allows the organization to optimize staff duties and ensure that critical know-how is being developed internally to sustain compliance into the future.

Programmatic Approach to Compliance Management

Taking a balanced and programmatic approach that relies on internal and external resources and follows the three phases outlined below allows small to mid-size companies to create standardized compliance management solutions and more efficiently:

• Identify issues and gaps in regulatory compliance
• Achieve compliance with current obligations
• Realize improvements to compliance management
• Gain the ability to review and continually improve compliance performance

Phase 1: Compliance Assessment

A compliance assessment provides the baseline to improve compliance management and performance in accordance with current business operations and future plans. The assessment should answer the following questions:

• How complete and robust is the existing compliance management program in comparison with standard industry practice?
• Does it have the capability to yield consistent and reliable regulatory compliance assurance?
• What improvements are needed to consistently and reliably achieve compliance and company objectives?

It is important to understand how complete, well-documented, understood, and implemented the current processes and procedures are. Culture, model, processes, and capacity should all be assessed to determine the company’s overall compliance process maturity.

Phase 2: Compliance and Program Improvements

The initial analysis of the assessment forms the basis for developing recommendations and priorities for an action plan to strengthen programs, building on what already exists. The goal of Phase 2 is to begin closing the compliance gaps identified in Phase 1 by implementing corrective actions, including programs, permits, reports, training, etc.

Phase 2 answers the following questions:

• What needs to be done to address gaps and attain compliance?
• What improvements are required to existing programs?
• What resources are required to sustain compliance?

Phase 3: Ongoing Program Management

The goal of Phase 3 is to improve program processes to eliminate compliance gaps and transition the company from outsourced compliance into compliance process improvement/program development and implementation. This is done by managing the eight functions of compliance—identifying what’s needed, who does it, and when it is due. Ongoing maintenance support may include periodic audits, training, management review assistance, Information Systems (IS) support, and other ongoing compliance activities.

Case Study

For one Kestrel client, business growth has increased at a rate prompting proactive management of the company’s regulatory and compliance obligations. Following a Right-Sized Compliance approach, Kestrel assessed the company’s current compliance status and programs/processes/procedures against regulatory requirements. This initial assessment provided the critical information needed for the Kestrel team to help guide the company’s ongoing compliance improvements.

Coming out of the onsite assessment, Kestrel identified opportunities for improvement. Using industry standard program templates, in combination with operation-specific customization, Kestrel created programs to meet the identified improvement from the assessment. Kestrel then provided onsite training sessions and is working with the company to develop a prioritized action plan for ongoing compliance management.

Using the appropriate methods, processes, and technology tools, Kestrel’s programmatic approach is allowing this company to implement EHS programs that are designed to sustain ongoing compliance, achieve continual improvements, and manage compliance with efficiency through this time of accelerated growth.

Making the Connection

Kestrel’s experience suggests that the connection between management and compliance needs to be well synchronized, with reliable and effective regulatory compliance commonly being an outcome of consistent and reliable program implementation. This connection is especially important to avoid recurring compliance issues.

Following a programmatic approach allows companies to realize improvements to their compliance management and:

• Organize requirements into documented programs that outline procedures, roles/responsibilities, training requirements, etc.
• Support management efforts with technology tools that create efficiencies and improved data management
• Conduct the ongoing monitoring and management that are vital to remain in compliance
• Gain the inherent capacity, capability, and maturity to comply, review, and continually improve compliance performance

An audit provides a snapshot in time of a company’s compliance status. An essential component of any compliance program—health and safety, environmental, food safety—an audit captures compliance status and provides the opportunity to identify and correct potential business losses. But what about sustaining ongoing compliance beyond that one point in time? How does a company know if it has the processes in place to ensure ongoing compliance?

Creating a Path to Compliance Assurance

A compliance assurance review looks beyond the “point-in-time” compliance to critically evaluate how the company manages compliance programs, processes, and activities, with compliance assurance as the ultimate goal. It can also be used as a process improvement tool, while ensuring compliance with all requirements applicable to the company.

This type of review is ideal for companies that already have a management system in place or strive to approach compliance with health and safety, environmental, or food safety requirements under a management system framework.

Setting the Scope

The scope of the review is tailored to a company’s needs. It can be approached by:

• Compliance program/topic where the company has had routine compliance failures
• Compliance program/topic that presents a high risk to the company
• Compliance program/topic that spans across multiple facilities that report to a central function
• Location/product line/project where the company is looking to streamline a process while still ensuring compliance with multiple legal and other requirements

While each program, project, or location may differ in breadth of regulatory requirements, enforcement priorities, size, complexity, operational control responsibilities, etc., all compliance assurance reviews progress through a standard process that ties back to the management system.

Continual Compliance Improvements

Through a compliance assurance review, the company will define and understand:

• Compliance requirements and where regulated activities occur throughout the organization
• Current company programs and processes used to manage those activities and the associated level of program/process maturity
• Deficiencies in compliance program management and opportunities for improvement
• How to feed review recommendations back into elements of the management system to create a roadmap for sustaining and continually improving compliance

What was once a very niche market, drones are emerging into an important new phase: everyday use of drone technology in the workplace. It’s no longer just tech-savvy companies that are using drones. Enterprise-level drone operations are becoming a big deal—and not just in industry. During 2018, the Occupational Safety and Health Administration (OSHA) reportedly used drones to conduct at least nine inspections of employer facilities.

OSHA’s drones were most frequently used following accidents at worksites that were considered too dangerous for OSHA inspectors to enter—a common and important benefit of the drone technology. However, is likely that OSHA’s use of drones will quickly expand to include more routine facility reviews, as drones have the ability to provide OSHA inspectors a detailed view of a facility, expanding the areas that can be easily viewed and reducing the time required to conduct an inspection on the ground.

Employers must currently grant OSHA permission to conduct facility inspections with drones, and there are many implications industry must consider in giving this permission. Read the full article in EHS Today to learn more.