KTL recently announced our partnership with Martin Mantz Compliance Solutions (Martin Mantz), developer of the GEORG Compliance Management System® software. KTL is providing regulatory compliance expertise to the German-based company as it expands its offerings to clients with operations in the United States.

In this recent article, our partners at Martin Mantz discuss how Rudolph Logistics Group, an international logistics service provider from Germany, is using GEORG as a compliance solution to provide employees clear information in accordance with ISO standards on:

• Tasks – what they have to do
• Responsibilities for implementation – who needs to do it
• Date/time of completion – when it needs to be done
• Description of the way the task is to be performed – how the task must be fulfilled

The objective is to simplify requirements to the extent possible so employees can focus on tasks to be completed without needing to interpret complicated and extensive guidelines. Read more…

KTL is pleased to announce our partnership with Martin Mantz Compliance Solutions (Martin Mantz), developer of the GEORG Compliance Management System® software. KTL is providing regulatory compliance expertise to the German-based company as it expands its offerings to clients with operations in the United States.

“Martin Mantz has created something unique with the GEORG software in that it simplifies and provides an interpretation of legal and technical requirements in a customer-specific database,” KTL Principal Lisa Langdon states. “KTL’s understanding of industrial operations, as well as U.S. legal and technical requirements (e.g., EPA, OSHA, FDA, ISO), allows us to translate these requirements into simple tasks in the GEORG system that employees can follow to help fulfill regulatory requirements.”

How GEORG Works

GEORG is used to make the requirements of standards and regulations comprehensible and transparent. KTL specializes in the practical mapping of legal requirements and audits. These audits allow KTL to create technical content for the GEORG system based on facility-specific applicability. We then work directly with the company to delegate the identified tasks. If there are revisions in the standards/regulations, KTL works in the system to ensure tasks are updated to meet regulatory requirements.

The benefits of this approach include:

• Effectiveness – All tasks are assigned, easily formulated, and regularly updated.
• Efficiency – The effort and expertise required to understand complicated regulations is reduced.
• Transparency – Responsibilities are clear and easily visible to all employees.
• Conformity – Compliance status within the system reflects the degree of fulfilment of the related requirements.

Faber-Castell Expands GEORG Implementation to U.S. Subsidiary

Faber-Castell Cosmetics, an internationally renowned Martin Mantz customer with worldwide operations, is already benefitting from the Martin Mantz-KTL partnership. After successful implementation of the GEORG software in their German facilities, Martin Mantz has worked with KTL to expand usage to Faber-Castell’s subsidiary in the U.S.

---

About Martin Mantz Compliance Solutions
Martin Mantz Compliance Solutions, based in Grosswallstadt and Leipzig, Germany, offers its contractual partners services in the area of ​​legal organization (GEORG) of companies to avoid organizational negligence and compliance violations. This includes consulting and provision of the compliance software GEORG Compliance Management System®, implementation of the technical and legal modules, as well as construction and maintenance of the customer-specific database. https://www.martin-mantz.de/

About Kestrel Tellevate LLC
KTL is a multidisciplinary consulting firm that specializes in providing environmental, health, and safety (EHS) and food safety management and compliance consulting services to private and government clients. Our primary focus is to build strong, long-term client partnerships and provide tailored solutions to address regulatory requirements. KTL’s services include management system development and implementation, auditing and assessments, regulatory compliance assistance, information management solutions, and training. KTL is a Small Business Administration-registered company with headquarters in Madison, WI and Atlanta, GA and offices across the Midwest and Washington, D.C. www.kestreltellevate.com

To ensure companies uphold standards (internal or external) and continuously improve performance, audits are critical. In short, there are three primary purposes of auditing:

1. Verify conformance with the standard/requirement – Are we doing what the standard/requirement says we must do?
2. Verify implementation of stated procedures – Are we following the steps in our documented procedures?
3. Evaluate effectiveness – Are we accomplishing our goals and objectives?

For an audit to be effective, appropriate mechanics must be in place when it comes to planning, execution, and reporting.

PLANNING

As with most things, your execution will only be as good as your plan. All good audits must begin with planning. This involves everything from planning for your team, to planning out the scope of the audit, to planning all the associated logistics.

Auditors: Who Is on the Team?

Depending on the size and complexity of the audits, audit teams need to be selected. These individuals must be independent of the area being audited and trained in the basic elements of the facility’s management system and/or programs. Team members will be led by a trained auditor. The auditor’s responsibilities include the following:

• Comply with and communicate audit requirements
• Prepare working documents under the direction of the Lead Auditor
• Plan and carry out the assigned responsibilities within the scope of the audit
• Collect and analyze evidence to draw conclusions
• Document audit observations and findings
• Report audit results to Lead Auditor
• Retain and safeguard audit documents
• Cooperate with and support the Lead Auditor
• Assist in writing the report

As indicated above, one person on the team is typically designated the Lead Auditor. This individual will coordinate audit assignments and address any questions/concerns that may arise. Specifically, the Lead Auditor has the following responsibilities:

• Assigns team members specific management system/program elements, functions, or activities to audit
• Provides instructions on the audit procedure to follow
• Makes changes to work assignments, as necessary, to ensure the achievement of audit objectives

Audit Objectives, Scope, and Plans: What Are We Auditing?

The audit is all about:

1. Conformance – auditing sections of the standard/requirements to determine if the system conforms
2. Implementation – auditing work instructions to see if they are being followed

In determining the audit scope, it is importation to define what is to be audited (e.g., policy, planning, implementation, checking/corrective action, management review). If the organization has more than one physical location, the scope may outline what physical locations and/or organizational activities are to be audited (e.g., production lines or departments). These factors will ultimately also help determine the length of the audit.

Logistics: How Are We Going to Do This?

There are many things to factor into the audit from a logistical standpoint for it to go smoothly. Safety should always be of utmost concern. What precautions do auditors need to take? Is there any PPE that might be necessary? Do auditors need any special safety training introduction or training before conducting the audit? Consider the facility. Auditors need to understand the operation/activity being audited. In line with this, the auditor must also have an understanding of whether there is any equipment or special resources needed, ranging from technical support (e.g., tablets, smartphones) to lunch. Finally, it is important to make sure there are no conflicts of interest when it comes to the auditor and the facility that is being audited.

EXECUTION

Once planned appropriately, audits should be conducted according to the program elements. Interviews and objectives evidence will both provide the support needed to conduct a valid audit.

Program Elements

The auditor must know in advance which elements are being covered in an audit so he/she can:

1. Control the pace of the audit.
2. Guide the course of the audit.

That being said, additional audit activities should not be restricted if other issues arise.

Auditing should only be done against current controlled work instructions or procedures related to the program elements. Procedures that are being used in the field must be verified. Historical and/or uncontrolled procedures should not be used.

Auditors must remember that they are creating a record. Notes should include statements, document numbers, identifiers (e.g., department, area), positions. Common pitfalls to be avoided in taking notes include abbreviations, no location identifier for observations, no document references, illegible, pejorative, cryptic. These things all impact the credibility of the audit.

Interviews

The goal of an interview in the audit is to obtain valid information. However, how questions are asked will impact the answer. Auditors must prepare and know what questions need to be asked and how to ask them in advance of the audit. Creating an atmosphere of trust and open communication is key to getting open and honest responses. Remember, the goal is to audit the system, not the interviewee.

The following are good rules of thumb for conducting effective audit interviews:

• Direct questions to the person who does the job, not to the supervisor.
• Never talk down to anyone.
• Speak the person’s language.
• Speak clearly and carefully.
• LISTEN!
• Use who, what, where, when and why in your questioning vs. can or does.

Objective Evidence

Objective evidence provides verifiable information, records, or statements of fact. This is vital in any audit report. Objective evidence can be based on any of the following:

• Interviews
• Examination of documents
• Observation of activities and conditions
• Results of measurements
• Tests
• Other means within the scope of the audit

Evidence should be firsthand evidence based on witnessed fact, not supposition, presumption, hearsay, rumor, or conjecture. It can be qualitative or quantitative, but it should be repeatable.

REPORTING

Findings form the basis of the report. Findings can be classified in one of two ways:

• Nonconformance is the observed absence of or lapse in a required procedure or the total breakdown of a procedure that can cause a negative impact on the organization’s environmental performance. These can fall into a few categories:
  • Does not meet the requirements of the standard. This may include issues identified with records, procedures, work instructions, and use of controlled documents.
  • Is not fully implemented. Most commonly, these implementation nonconformances may relate to training, communication, and documentation.
  • Is improperly implemented. This is often demonstrated by worker lack of understanding, improper implementation of written work instruction, or missing stated required deadlines.
• Opportunity for improvement is just that—an opportunity to improve management to either reduce impacts, minimize legal requirements, prevent future nonconformances, or improve business performance.

The following examples and tips can serve as guidelines for writing useful and more concrete findings that will the company to identify opportunities for improvement:

• Do not overstate conclusions.
  • Poor: The procedure for handling spent light bulbs is being ignored.
  • Better: Three spent fluorescent bulbs were found in the general trash.
• State the problem clearly and exactly.
  • Poor: Instruments are not being calibrated.
  • Better: The sampling and analytical instruments in the wastewater treatment plant are not calibrated.
• Avoid generalities.
  • Poor: The area’s empty drum management process is inadequate.
  • Better: The hi-lo driver in the area handling empty drums was not trained on hazardous material handling.
• Communicate the extent of the problem fully.
  • Poor: All cardboard in the catalytic converter area is being sent to the compactor.
  • Better: None of the cardboard in the catalytic converter area was being stored and/or evaluated for reuse as dunnage.
• Do not focus on criticisms of individuals.
  • Poor: Jim Jones had no understanding of the safety policy.
  • Better: Discussions with several employees indicated that the safety policy was not fully understood.
• Give specific references.
  • Poor: Hazardous waste area inspections have not been conducted.
  • Better: Weekly hazardous waste storage area inspections (VMEWP-008) have not been conducted since June 2002.
• Avoid indirect expressions.
  • Poor: There were occasions when the reports were not filed on time. It appears the air monitoring equipment is not calibrated.
  • Better: Reports were filed late on ten occasions in 2002. There were no records of air monitoring equipment calibrations for 2001 or 2002.

Audits are a skilled activity. They provide the basis for assessment of conformance and, correspondingly, company actions to improve performance. For audits to be valuable, however, the audit process must be consistent and controlled. Clearly and correctly documented nonconformances lead to appropriate corrective actions—the mechanism for translating audits into improvements.

For the ninth consecutive year, Fall Protection – General Requirements (1926.501) has topped OSHA’s Top 10 Most Cited Violations list. The complete list for fiscal year 2019 includes:

1. Fall Protection – 1926.501
2. Hazard Communication – 1910.1200
3. Scaffolding – 1926.451
4. Lockout/Tagout – 1910.147
5. Respiratory Protection – 1910.134
6. Ladders – 1926.1053
7. Powered Industrial Trucks – 1910.178
8. Fall Protection – Training Requirements – 1926.503
9. Machine Guarding – 1910.212
10. Personal Protective and Life-Saving Equipment – Eye & Face Protection – 1926.102

In this article with Safety+Health, Deputy Director of OSHA’s Directorate of Enforcement Programs Patrick Kapust said, “These are common violations that we’re finding – they’ve been in place for a lot of years. The answers are out there, and employers shouldn’t feel like these are very complex issues.”

He further explains in the interview that the top 10 violations remain largely the same (with some variation in order) because employers don’t aggressively target these hazards in the workplace, despite OSHA’s resources. Falls remain the top cited hazard because they result in significant injuries and deaths.

That being said, falls, as well as the other top safety areas on the list, are easily preventable with the right training and commitment. Kapust suggests that the top 10 cited hazards are a good place to start when evaluating your workplace hazards. From OSHA’s perspective, targeted enforcement and outreach are two critical tools in getting employers to identify and correct hazards in the workplace. H&S professionals are encouraged to continue developing and promoting strong safety and health programs, as well as educating and training workers in safety awareness.

Read the entire Safety+Health article and interview with Kapust.

OSHA1910.120 (HAZWOPER) requires any employees that are in positions that may respond to chemical spills or emergencies onsite to be trained in chemical risk recognition, spill control basics, emergency response, and additional requirements depending on the level of response expected. Join Kestrel Tellevate in Council Bluffs, Iowa this winter for the following training sessions – designed to help you meet your OSHA HAZWOPER regulatory training requirements.

---

24-hr OSHA HAZWOPER Training

This course is offered at the Technician level and covers broad issues pertaining to hazard recognition at work sites. Participants will learn strategies and protective measures to reduce or eliminate hazards in the work place. Cost: $495/participant

• DECEMBER 17-19, 2019: REGISTER NOW!

---

8-hr OSHA HAZWOPER Technician Refresher

Learn to recognize basic hazard classes, how to read labels and use SDS to understand risk, how to use engineering controls or PPE to prevent exposure, basic information addressing field analytical equipment, and how to correctly respond to spills and implement emergency response site plans. Cost: $165/participant

• JANUARY 21, 2020: REGISTER NOW!
• JANUARY 22, 2020: REGISTER NOW!

---

Training Details

• Training is scheduled to begin at 8:00 am and end at 4:30 pm (or until material is complete).
• Snack and lunch will be provided.
• Participants will receive a training manual, pre-/post-competency test, exercises, and a certificate of completion, provided they receive an 80% or above on the test.
• Cancellations just be made 72 hours in advance for a refund.
• Registration closes 72 hours prior to the scheduled training. Kestrel has the authority to cancel training with 72-hours notice if class size is not large enough.

 

The audit report communicates the information, findings and opinions derived from the audit.  The report communicates either acceptability of the current status of the management system or reports non-conformances that need corrective action. The following outlines the suggested steps for reporting audit results.

Step 1. Assess the Status of Current Internal Controls

One of the auditor’s main responsibilities is to evaluate whether the current internal controls that govern the management system are adequate. Do the audits:

• Highlight areas of concern or hazards that may be a failure waiting to happen?
• Focus attention of the 20% of the factors that cause 80% of the problems?
• Help to eliminate ineffective controls or make existing controls better?
• Aid in the detection and prevention of deficiencies or non-conformances?
• Look through and investigate possible “homeblindness”?
• Verify the management system links are supportive and feed each other information to assure continual improvement?

The auditors must constantly challenge the status quo and push the management system forward beyond its comfort level.

Step 2. Prepare Audit Report

Most facilities use a formal audit report system. The audit report format is prescribed and followed by the auditor. The auditor typically states:

• Date and time of audit
• Department audited
• Management system clauses audited to
• Personnel interviewed
• Documents reviewed
• Summary of findings
• Conformance or non-conformance determination

Step 3. Discuss Audit Findings

The lead auditor will then take the completed audit report and review the contents with the affected department head. Upon acceptance by the department head, the final audit report should then be signed by the department head verifying acceptance and responsibility for any change(s) required.

Step 4. Determine Plan of Action

The entire reason for conducting internal management system audits is to verify conformance and continually improve on the management system. Therefore, it is extremely important that all identified non-conformances are corrected in a timely manner.

Some companies place all audited non-conformances into their corrective/preventive action process for tracking purposes. Others place only critical non-conformances into the corrective/preventive action process. Regardless of the mechanics of tracking the identified audited non-conformances, it is imperative that corrective action is taken.

Once the corrective action is in place, the auditors should review the actions taken and verify the root cause was identified properly and resolved. An accept or reject decision can then be rendered for the change action.

If acceptable, no further action is required, and the issue is considered resolved. If unacceptable, the department head must complete a new root cause analysis, develop a new action plan, and put the new action plan into place. The auditors will now review the new action plan and make a determination of acceptance or rejection.

Audit Team Members

It is advisable to rotate your internal management system audit team members. This will allow for fresh perspective and a new set of eyes to look at the management system. This serves many purposes:

• Gives a specific timeframe of responsibly for those thinking of enlisting as an auditor
• Allows for gradual increase of responsibility over time; new auditors learn and perform audits, older auditors become mentors for the new auditors, graduates leave program and are viewed by company personnel as “knowledge experts” on the management system
• Allows for fresh perspective on auditing
• Trains numerous employees on the management system
• Reinforces the concept of continuous improvement

Are You Prepared?

Use your answers to the questions below to evaluate your preparation for reporting audit results.

• Has the auditor evaluated the current internal controls for suitability, adequacy, and effectiveness?
• Does the auditor have hard copy evidence of conformance and/or non-conformance?
• Have all questions prepared prior to the audit been satisfactorily answered and explained?
• Is the audit report clear, concise, and informative?
• Does the department head agree or disagree with the findings?
• Are all identified non-conformances tracked and resolved in a timely manner?
• Based on audit non-conformances, are procedures and work instructions being changed and improved?
• Do employees understand the management system is being audited, not the employee?
• Is change readily accepted by company personnel?

 

From time to time, private businesses are faced with the prospect of partnering with a government agency, office, or department in order to accomplish a goal or undertake a project. Reasons vary: the effort may result from an enforcement action, consent order, or settlement agreement, or it may simply be a strategic priority that requires joining forces with a federal, state, or local government office. In any case, working with government agencies presents opportunities and challenges not regularly encountered in a competitive business’s projects.

Reset Your Clock

Government agencies do not move at the speed of competitive business—they typically move much slower. Government budgeting and spending are intentionally lengthy processes that are subject to the political winds. As a result, it is not unusual for agencies to employ (legacy) infrastructure and systems that have worked in the past, regardless of apparent inefficiencies today.

If the agency will be contributing financially to the effort, it may take years for funding to be proposed, studied, discussed, approved in a budget, and then approved to spend. Similarly, any decision-making can be an arduous and lengthy process involving a multitude of managers and influencers.

Understanding how funding and decisions are made and who needs to be involved is critical to managing the time element of projects. Often, the dominant motive for decision-making is protection of the status quo and personal job security, versus “let’s try something new and exciting”. Stakeholder management requires understanding, patience, and persistence.

Take the Lead

Business should expect to take the lead in project management. Most government agencies will advertise successful projects after they are completed, but will keep unproven or work-in-progress low key, pending successful results. Similarly, they will participate as directed in the work but do not usually want to be viewed as driving a public-private partnership, as even the appearance of an overly close relationship with a particular business can compromise the agency’s perceived objectivity. Finally, many public agencies do not have trained project managers on staff to lead such an effort, while a business may.

Find an Agency Champion

Successful execution of the project plan requires timely coordination and cooperation from the agency, and may involve a number of different departments or functions within it. For example, building a joint facility may involve facilities, IT, security, finance, law, and operations departments. In order to get the cooperation needed from the various departments, those staffs will expect someone in their direct chain of command to prioritize the project.

In competitive business, a Vice President acting as project sponsor may have all the authority he/she needs to expect and get cooperation across the property. But in a government agency, a Director or Section Chief over one of the areas may carry absolutely no authority in another department. Government agencies tend to be very silo-ed in their structures, not matrixed. It is important to find a sponsor far enough up the chain to cover all areas involved and to communicate his support of the project to all areas—even if he/she is not regularly directly involved in the project.

Build a Lasting Relationship

So often, the only time business and agencies interact is when one needs something from the other. This can lead to a strained relationship, characterized by avoidance or begrudging interactions. These are the same agencies, however, where a positive working relationship can result in a business competitive advantage. Working closely with these gatekeepers of the regulations and public trust in a non-confrontational setting can set the foundation for a new relationship built upon mutual understanding and achieving common goals.

Government employees fill a valuable role in society by providing services and protecting society. Besides understanding the current enforcement priorities, they interact with customers, competitors and even employees, and can provide valuable information or ideas for businesses to improve efficiencies or help direct the focus of current business efforts.

Case Study: Utility Environmental Management System (EMS)

Kestrel managed a project with an investor-owned utility to design and implement an Environmental Management System (EMS) at a coal-fired power plant. The result of a consent order from the state Natural Resources Department, both the utility and the agency were involved from design and implementation to final auditing and EMS acceptance by the agency. The project and the associated agency interactions brought the plant higher confidence in its environmental plans and operations, and gave local regulators a deeper understanding of the utility business and ownership of the plant’s path forward.

Takeaways

Working with a government agency to manage a project is different than working with a competitive business. However, doing so can be beneficial to achieving both parties’ objectives if the company knows how to successfully navigate the working relationship:

1. Understand how government funding and decisions are made before project kickoff.
2. Actively manage government stakeholders—expect to take the lead.
3. Find a project sponsor with the authority to ensure cooperation from all agency departments involved.
4. Take advantage of the opportunity to build a positive, long-lasting relationship.

Auditing is a management tool that can be used to evaluate and monitor the internal performance and compliance of your company with regulations and standards. An audit can also be used to determine the overall effectiveness of an existing system within your company.

How do you incorporate compliance auditing best practices to help maximize compliance, efficiency, and value of your audit? Here are five critical factors for value-added audits.

1. Goal Aligned with Business Strategy

There are many reasons why companies conduct audits:

• Support commitment to compliance
• Avoid penalties
• Meet management system requirements
• Meet corporate or customer mandates
• Support acquisition or divestiture
• Assess organizational structure and competency
• Identify cost saving and pollution prevention opportunities
• Determine alignment with strategic direction

It is vital to define and understand the goal of your compliance audit program before beginning the audit process. Establishing goals enables recognition of broader issues and can lead to long-term preventive programs. Not establishing a clear, concise goal can lead to a waste of resources.

Audit goals and objectives should be nested within the company business goals, key performance objectives, and values. An example of a goal might be to effectively measure environmental compliance while maintaining a reasonable return on investment.

Once the goal is established, it is important to communicate it across all functions of the organization to get company-wide support. Performance measurements should also be communicated and widely understood.

2. Management Buy-in

The audit program must have upper management support to be successful. Management must exhibit top-down expectations for program excellence, view audits as a tool to drive continuous improvement, and work to imbed audits within other improvement processes. Equally important, management must not use audit results to take punitive action against any person or department.

3. Documented Audit Program Systematically Applied

Describe and document the audit process for consistent, efficient, effective, and reliable application. Audit procedures should be tailored to the specific facility/operation being audited. A documented program will include the following:

• Scope. The scope discusses what areas/media/timeframe will be audited. The scope of the audit may be limited initially to what is manageable and can be done very well, thereby producing performance improvement and a wider understanding and acceptance of objectives. It may also be limited by identifying certain procedural or regulatory shifts and changes. As the program is developed and matures (e.g., management systems, company policy, operational integration), it can be expanded and, eventually, shift over time toward systems in place, prevention, efficiency, and best practices. It is important at the scoping stage to address your timeline. Audits should be scoped to make sure you get them done but also to make sure you have audited all compliance areas in an identified timeframe.
• Criteria. Compliance with requirements will clearly be covered in an audit, but what about other opportunities for improvement (e.g., pollution prevention, energy savings, carbon reduction)? All facilities need to be covered at the appropriate level, with emphasis based on potential compliance and business risks. Assess the program strengths, redundancy, integration within the organization, and alignment with the program goal. Develop specific and targeted protocols that are tailored to operational characteristics and based on applicable regulations and requirements for the facility. As protocols are updated, the ability to evaluate continuous improvement trends must be maintained.
• Auditor training (i.e., competency, bias). A significant portion of the audit program should be conducted by knowledgeable auditors (e.g., independent insiders, third parties, or a combination thereof) with clear independence from the operations being audited and from the direct chain of command. For organizational learning and to leverage compliance standards across facilities, it is good practice to vary at least one audit team member for each audit. Companies often enlist personnel from different facilities and with different expertise to audit other facilities. Periodic third-party audits further bring outside perspective and reduce tendencies toward “home-blindness”.

Training should be done throughout the entire organization, across all levels:
+ Auditors are trained on both technical matters and program procedures.
+ Management is trained on the overall program design, purpose, business impacts of findings, responsibilities, corrections, and improvements.
+ Line operations are trained on compliance procedures and company policy/systems.

Consider having auditor training conducted by an outside source to teach people how to decide what to audit and follow a trail. It can also work well to train internal auditors by having them audit alongside an experienced 3rd party.

• Audit conduct (i.e., positive approach). A positive approach and rationale for the audit must be embraced. Management establishes this tone and sets the expectation for cooperation among all employees. Communication before, during, and after the audit is vital in keeping things positive. It is important to stress the following:
  • Auditor interviews are evaluating systems, not personal behaviors.
  • The audit is an effective tool to improve performances.
  • Results will not be used punitively.
• Audit reporting. Information from auditing (e.g., findings, patterns, trends, comparisons) and the status of corrective actions often are reported on compliance dashboards for management review. Audit reports should be issued in a predictable and timely manner. It is desirable to orient the audit program toward organizational learning and continual improvement, rather than a “gotcha” philosophy. “Open book” approaches help learning by letting facility managers know in advance what the audit protocols are and how the audits will be conducted. Documentation is essential, and reporting should always align with program goals and follow legal guidance. There is variability in what gets reported and how based on the company’s objects. For example:
  • Findings only vs. opportunities for improvement and best management practices?
  • Spreadsheet vs. long format report?
  • Scoring vs. prioritization of findings (beware of the unintended consequences of scores!)?
  • Recommendations for corrective actions included or left for separate discussion?

• Corrective and preventive action. Corrective actions require corporate review, top management-level attention, and management accountability for timely completion. A robust root cause analysis helps ensure not just correction/containment of the existing issue, but also preventive action to assure controls are in place to prevent the event from recurring. For example, if a drum is labeled incorrectly, the corrective action is to relabel that drum. A robust plan should be to also look for other drums that might be labeled incorrectly and to add and communicate an effective preventive action (e.g., training or posting signs showing a correctly labeled drum).
• Follow-up and frequency. Address repeat findings. Identify patterns and seek root cause analysis and sustainable corrections. Communications with management should be done routinely to discuss status, needs, performance, program improvements, and business impacts. Those accountable for performance need to be provided information as close to “real time” as possible. There are several levels of audit frequency, depending on the type of audit:
  • Frequent: Operational (e.g., inspections, housekeeping, maintenance) – done as part of routine day-to-day operational responsibilities
  • Periodic: Compliance, systems, actions/projects – conducted annually/semi-annually
  • As needed: For issue follow-up
  • Infrequent: Comprehensive, independent – conducted every three to four years

4. Robust Corrective Action Program

As mentioned above, corrective actions are a must. If there is no commitment to correction, there is no reason to audit. A robust root cause analysis is essential. This should be a formal, yet flexible, approach. There should be no band-aids. Mistake-proof corrections and include metrics where possible. In the drum example given above, a more robust corrective action program would look at the root cause: Why was the drum mislabeled? Did the person know to label it? If so, why didn’t they do it?

The correction itself is key to the success of the audit program. Establish the expected timeframe for correction (including addressing preventive action). Establish an escalation process for delayed corrections. Corrective actions should be reviewed regularly by upper management using the existing operations review process. There must also be a process for verification that the correction has been made; the next audit cycle may not be sufficient.

Note also that addressing opportunities for improvement, not just non-compliance findings, may increase the return on investment associated with conducting an audit.

5. Sharing of Findings and Best Practices

Audit results should be communicated to increase awareness and minimize repeat findings. Even if conducted under privilege, best practices and corrections can and should still be shared.  Celebrate the positives and creative solutions. Stress the value of the audit program, always providing metrics and cost avoidance examples when possible. Inventory best practices and share/transfer them as part of audit program results. Use best-in-class facilities as models and “problem sites” for improvement planning and training.

Value-Added Audit

An audit can provide much additional value and return on organization if it is planned and managed effectively. This includes doing the following:

• Align program goal with business strategy to secure top-down buy-in
• Expand criteria beyond compliance
• Gain goodwill through positive approach
• Document program and results
• Monitor for timely, effective corrective action
• Share opportunities for improvement

OSHA1910.120 (HAZWOPER) requires any employees who are in positions that may respond to chemical spills or emergencies onsite be trained in chemical risk recognition, spill control basics, emergency response, and additional requirements depending on the level of response expected.

24-hour OSHA HAZWOPER Initial Technician Training
November 5-7, 2019
8 am – 4:30 pm daily
Fairfield Inn & Suites | 215 NE Delaware Ave. | Ankeny, Iowa
REGISTER NOW!

---

Kestrel’s 24-hour OSHA HAZWOPER Initial Technician Training is offered as a 3-day, hands-on course. Participants will learn how to recognize basic hazard classes, read labels and use SDS to understand risk, use engineering controls or PPE to prevent exposure, address field analytical equipment, and correctly respond to spills and implement emergency response site plans.

Topics covered include:

• OSHA requirements
• Basic hazard classes
• Hazard communication
• Personal Protective Equipment (PPE)
• Respiratory protection
• Spill Control, Containment, and Countermeasures (SPCC)
• Emergency response
• EPA regulatory overlap

Cost: $495/participant; includes lunch and snacks. Participants will receive a certificate of training completion, course guide, and resource collection of OSHA support materials.

REGISTER NOW!

---

Training Details

• Training session will be held at Fairfield Inn & Suites | 215 NE Delaware Ave. | Ankeny, Iowa.
• Training is scheduled to begin at 8:00 am and end at 4:30 pm daily (or until material is complete).
• Snack and lunch will be provided.
• Participants will receive a training manual, pre-/post-competency test, exercises, and a certificate of completion, provided they receive an 80% or above on the test.

View Our Training Services & Complete Course Catalog

Compliance risk assessment helps to identify and assess risks related to applicable regulatory requirements. Internal and external events or conditions affecting the entity’s ability to achieve objectives must be identified, distinguishing between risks and opportunities. These risks are analyzed, considering the following:

• Size of the risk – where, how big, how often/many?
• Severity of the outcome – to what extent can it impact safety, environmental, operational, financial, customer relations, regulatory compliance?
• Likelihood/probability of each risk – how likely is the occurrence of a negative outcome, considering the maturity of existing controls?

Based on this assessment, management can prioritize risks, select appropriate risk responses (avoiding, accepting, reducing, sharing), and develop a set of actions to align with the entity’s risk tolerance/appetite. An acceptable level of residual risk is considered after selected improvements and controls are applied. From there, policies and procedures can be established and implemented to help ensure the risk responses are effectively communicated so operating managers and individuals can carry out their responsibilities.

A deeper dive compliance program assessment may be performed for those risks that are identified as the company’s most significant.

Compliance Program Assessment

A compliance program assessment looks beyond “point-in-time” compliance to critically evaluate how the company manages compliance programs, processes, and activities, with compliance assurance as the ultimate goal. Capability, capacity, programs, and processes to comply are examined as part of this review. Conducting routine process and compliance audits are also key components of a compliance assurance program.

Compliance program assessment should follow a disciplined and consistent process, resulting in an effective program that guides alignment of activities to an integrated management system for sustained compliance and continuous improvement. An essential part of the assessment, audits capture regulatory compliance status, management system conformance, adequacy of internal controls, potential risks, and best practices.

Compliance program assessment enables a company to define and understand:

• Compliance requirements and where regulated activities occur throughout the organization
• Current company programs and processes used to manage those activities and the associated level of program/process maturity
• Deficiencies in compliance program management and opportunities for improvement
• How to feed review recommendations back into elements of the management system to create a roadmap for sustaining and continually improving compliance

There are six phases associated with a compliance program assessment:

Phase 1 – Regulations, Requirements, and Applicability Analysis: Phase 1 focuses on identifying, organizing, validating, and understanding all of the requirements (legal or other) with which the company must comply. It provides an applicability analysis of the requirements to company operations by functional area and evaluates the associated risks. This stage engages representatives across the company who are responsible for activities subject to the requirements.

Phase 2 – Activities Analysis: This phase involves developing an inventory/profile of all company activities that may trigger the requirements identified in Phase 1. It asks the question, “What activities does the company carry out that are covered by the requirements?”

Phase 3 – Desired Compliance Program Standard: Establishing the company’s expectations for compliance program processes and controls—the desired condition—is essential. This “to-be” standard integrates management system principles into compliance program management. Programs should examine relative risks and ensure that risk-based priorities are being set.

Phase 4 – Actual Compliance Program Condition: In contrast to the desired standard identified in Phase 3, Phase 4 is about describing the company’s current compliance program. It defines how the company performs the activities outlined in Phase 3 (along with who, when, and where)—the “as-is” condition. This is done in the same framework as the desired standard in order to compare them in the next phase.

Phase 5 – Gap Analysis: The gap analysis compares actual compliance program management against the desired standard. It evaluates compliance program management processes, controls, and maturity to determine if they are good as is, need improvement, or are missing. These gaps and opportunities provide the basis for the improvement actions developed in Phase 6.

Phase 6 – Improvement Actions: Phase 6 moves the process along to developing action plans and an approach for ongoing management review that will guide the compliance program development and improvement activities. Compliance program management review is established at the end of this last phase. If there is a management system in place, program review information and action plan tracking can be integrated into that management system.

Outcomes

As a whole, this process will help companies evaluate the degree to which:

• Compliance goals and objectives are set and communicated by management.
• Hazards and risks are identified, sized, and assessed, including an inventory of activities subject to the compliance requirements and the relative risks.
• Existing controls are adequate and effective, recognizing, and addressing changed conditions.
• Plans are in place to address risks not adequately covered by existing controls.
• Plans and controls are resourced and implemented.
• Controls are documented and operationalized across functions and work units.
• Personnel know and understand the controls and expectations, and are engaged in their design and improvement.
• Controls are being monitored with appropriate metrics and compliance auditing and assurance.
• Information system is sufficient to support management system-required functions (e.g., document management and control, action tracking, notifications, training tracking, task calendaring, metrics reporting). Information dashboards can be used for reports to management.
• Deficiencies are being addressed by corrective/preventive action and are being tracked to completion.
• Processes, controls, and performance are being reviewed by management for ongoing improvement, including the maintenance and continual improvement of the integrated management system.