Board of Environmental, Health & Safety Auditor Certifications

 

BEAC home page
about us
code of ethics
what's new
certification
rcms programs
training & education
services
guidance
standards for the practice of environmental health & safety auditors
competency framework for environmental, health & safety auditors
links
press releases
guest register
contact BEAC

 

 

 

GUIDANCE
Competency Framework for Environmental Health and Safety Auditors

INTRODUCTION
BACKGROUND
 
I. Ethics and Standards of Conduct
II. Audit Program Design and Management
III. Conducting Audit Engagements
IV. Internal Controls
V. Regulatory Aspects
VI. Process Operations, Environmental Impacts and Related Control Technology
VII. Auditor Personal Qualities and Communication
References Cited
Definitions
 
Appendix I
Regulations in U. S. Code of Federal Regulations Applicable to HSE Audits

 

INTRODUCTION

The Board of Environmental Auditor Health and Safety Certifications (BEAC®) Competency Framework for Environmental Health and Safety (EHS) Auditors is intended to serve as a basis for education, training, recruiting and testing the competency of those who perform or desire to perform professionally as EHS Auditors. The document is intended to provide guidance to those who would employ EHS Auditors either as employees or contractors, supervisors responsible for assuring continuing competency of EHS Audit staff and individual auditors in developing and verifying their competency to practice in the EHS Audit field. The document also serves as the basis for BEAC®'s programs to evaluate and certify the competency of individual EHS Auditors.

This document was prepared by a special BEAC® Task Group under the direction of the BEAC Board of Directors. It was subjected to consultation with the entire membership of BEAC® and the Boards of The Auditing Roundtable (AR) and The Institute of Internal Auditors (IIA) before it received adoption by the BEAC® Board of Directors.

BACKGROUND

The Board of Environmental Health and Safety Auditor Certifications Competency Framework for Environmental Health and Safety Auditors sets forth basic competency requirements for EHS Auditors. It is intended to serve as a basis for education, training, recruiting and testing the competence of those who perform or would perform as EHS Auditors.

Throughout the world, EHS Auditing is performed with a variety of objectives, in diverse environments, in organizations which vary in purpose, size and structure and have different customs and laws. Auditor work assignments within audit teams and audit organizations vary. This Competency Framework is applicable to all EHS Auditors responsible for conducting EHS Audits in the full range of settings encountered in the field.

All professional EHS Auditors must have certain core competencies that equip them to perform effectively in most audit situations where they are provided with appropriate site specific information. The BEAC® EHS Competency Framework defines those core competencies in each of seven categories of competency:

I. Ethics and Standards of Conduct
II. Audit Program Design and Management
III. Conducting Audit Engagements
IV. Internal Controls
V. Regulatory Aspects
VI. Process Operations, Environmental Impacts and Related Control Technology
VII Auditor Personal Qualities and Communication
All auditors must be fully familiar with the provisions of Categories I and VII and generally familiar with the provisions of Categories II through VI. The depth of understanding of the provisions of Categories II through VII, required of individual auditors, is dependent upon the auditor's responsibilities.

Central to the use of this document is the BEAC® Code of Ethics and the following Standard: "Members and Provisional Members shall undertake only those services they can reasonably expect to complete with professional competence." The Standard obligates individual auditors to accept assignments only within the bounds of their competence. It also imposes responsibility on employers, supervisors and those who would contract for EHS Audit services to offer audit assignments only to those who have the demonstrated education, training and experience to competently carry out the work envisioned.

Users of this Competency Framework must exercise professional judgment in applying its provisions to specific audit responsibilities and situations. Management of audit organizations and teams are responsible for defining the scope of audit assignments and selecting auditors to ensure that the audit teams and organizations as a whole are fully capable of reaching assigned goals and that auditors are assigned tasks appropriate to their competency.

The literature of the Environmental Health and Safety and Internal Audit fields is extensive and constantly growing. In some cases the literature is conflicting. In preparing this Competency Framework, BEAC has drawn upon a core group of references considered to be both authoritative and mutually consistent. The Competency Framework is consistent with the references cited and BEAC®'s determination of generally accepted norms for competency in the EHS Audit field. The document is intentionally brief. Text included in each category of competency is intended to introduce key requirements. References cited should be consulted for a more complete understanding of each. The Annotated Bibliography of Published Standards and Guidelines for Environmental Health and Safety Auditing Programs and Management Systems by the AR Legislative and Regulatory Interest Group (15) provides an overview of other documents important to practice in the field. Numerous books and other publications providing other insights are available. Auditors should be mindful that not all of the books and other publications available, are consistent with the references from which this document was developed.

I. Ethics and Standards of Conduct

The reliance placed on EHS Auditors by those who would benefit from their services imposes an obligation that all auditors maintain high standards of technical competence, morality and integrity. Auditors must understand the meaning and purpose of codes of professional ethics applicable to their work. They should be capable of mature judgment required in applying the codes to audit situations. Codes of Ethics directly applicable to the work of EHS Auditors are those promulgated by BEAC®, AR and The IIA. The central theme of all three codes is: The auditor shall exercise honesty, objectivity and diligence in the conduct of all audit activities. Key provisions include:

A. Conflict of Interest

Auditors shall not participate in any activity that may be or may appear to be in conflict with the interests of audit clients or would prejudice their ability to objectively carry out their responsibilities. (1) (2) (3)

B. Independence

Auditors must be independent of the activities that they audit. Auditors are independent when they can carry out their work freely and objectively. Independence permits auditors to render impartial and unbiased judgments. (4) (6) (7) (11) (14)

C. Proficiency

Auditors shall undertake only those services that they can expect to complete with professional competence. They shall continually strive to improve their proficiency and effectiveness and the quality of their work. (1) (2) (3) (6) (7)

D. Material Facts and Disclosure

Auditors shall reveal to the audit client all material facts known to them which if not revealed could either distort reports of operations audited or conceal unlawful practices. (1) (2) (3) (11)

E. Due Professional Care

Auditors must use care, diligence, skill and the judgment expected of a prudent and competent auditor in similar circumstances. They must perform professional services to the best of their ability, with concern for the best interests of the audit client. (5) (6) (7) (11) (14)

F. Confidentiality

Auditors must not use confidential information gained in the course of their work for personal gain or in any other way that would be contrary to the law or reflect adversely on the auditors or the organization they represent. (1) (2) (3)

II. Audit Program Design and Management

Audit program managers and audit clients bear primary responsibility for design and management of audit programs. All auditors must be familiar with key elements in the design and implementation of EHS Audit Programs as summarized in the following Sections A through G as a basis for understanding the programs in which they work.

A. Audit Program Objectives and Scope

Each audit program must be implemented in accordance with a formal

audit plan that has been approved by the audit client. The plan should clearly state the program scope and objectives. The Scope should address at least:

- Organizational and geographic boundaries

- Criteria to be employed

- Time period to be audited

- Risks associated with the audited activity

The Objectives should accurately describe the purpose of the audit program and all goals set by the audit client. (6) (7) (8) (9) (14)

B. Audit Program Organization

The audit program must be supported by formal policies and procedures that provide uniform guidance in all key aspects of the program. The form and content of the policies and procedures should be consistent with the size, structure and objectives of the audit program. (6) (8) (11) (14)

C. Protocols, Checklists and Guides

To ensure consistency and reliability, all audit activity must be performed in accordance with formal audit protocols, checklists or guides that are appropriate to the audit objectives and scope. (6) ( 8) (11)

D. Frequency of Audits and Selection of Sites

A formal site selection and scheduling procedure must be established for the audit program. Audit frequency, focus and site selection should be acceptable to the audit client and take into consideration factors such as: level of EHS risk, compliance history, dates of past audits, the purpose and scope of the audit program and resources available. (6) (8) (11)

E. Quality Assurance Provisions

The design of the audit program must include written quality assurance procedures intended to assure that all work performed meets quality standards acceptable to the audit client and serve as a basis for continuous improvement. Quality assurance procedures should include: appropriate supervision of auditors and oversight of the program as a whole, periodic internal reviews and auditee feedback. Independent validation of the program is normally desirable, but not a mandatory practice. (6) (8) (14)

F. Auditor Staffing and Training

The design of the audit program must include provisions to insure that auditors at all levels are competent to carry out their assigned roles. Audit program management should manage auditor selection, supervision, evaluation and training to promote basic competency and continuous improvement. Auditor assignments should reflect their competency and the supervision to be provided. (6) (7) (8) (11) (12)

G. Document Management

The Audit Program design must provide for retention and confidentiality of documents and information gathered in the course of the program, consistent with the wishes of the client. Provision should be made to insure that reports are suitable for use in legal proceedings and should employ a clear concise writing style that avoids generalities, ambiguities and statements that could be interpreted in a manner not intended by the writer. (1) (2) (3)

III. Conducting Audit Engagements

Lead auditors are responsible for planning and managing individual audit engagements conducted within audit programs. All auditors must have sufficient knowledge of key steps in audit engagements to permit them to independently carry out their assigned role on the team.

Key steps in audit engagements are summarized in the following Sections A, B and C:

A. Pre-Audit Activities

The on-site portion of each audit must be preceded by a period of information gathering and planning to insure that the audit proceeds efficiently and effectively. Some typical steps in this activity include:

- Establishment of audit scope and objectives and their communication to interested persons.

- Assembly and review of available information pertinent to the audit.

- Preparation of the audit plan directed at efficient and effective use of resources to achieve audit objectives.

- Contact with the auditee to exchange information and begin to lay the groundwork for a cordial and productive working relationship.

- Team selection and coordination to assure that all members are capable and prepared to carry out their assigned role.

- Determination of final report scope, format and distribution. (6) (8) (11) (14)

B. On-Site Activities

Conduct of the on- site portion of audit engagements should follow the audit plan under the supervision of the lead auditor. Key steps include:

- Opening meeting: In this critical meeting, auditors and auditees exchange information on the conduct of the audit and site information pertinent to the audit, establish clear lines of communication and lay the groundwork for a cordial working relationship.

- Collecting audit evidence: Individual team members, using interviews, examination of documents and observation of activities and conditions, complete assigned audit steps and document work performed.

- Development and review of findings: Team members compare audit evidence to applicable criteria. Instances of non-conformance are documented and reported to the lead auditor. The factual basis is confirmed and a formal finding statement is composed which clearly describes the non-conformance.

- Closing meeting: The audit team presents all findings to the auditee and explains each to insure understanding. Disagreements should be resolved in the meeting if at all possible. Next steps in the preparation of a final audit report are described by the lead auditor. (6) (11) (14)

C. Post-Audit Activities

Orderly conclusion of the audit involves reporting, preservation of audit documentation and participation in procedures maintained by the audit client to correct any deficiencies noted.

- Reporting: A formal audit report in a format approved by the audit client clearly describing all significant findings must be promptly prepared and distributed as directed by the audit client. Audit reports must be objective, clear, concise, constructive and timely.

- Documentation: Audit documentation including auditor working papers, copies of pertinent documents and draft reports shall be assembled, reviewed for completeness by the lead auditor and retained as directed by the audit client.

- Corrective action: Assurance that appropriate corrective action is taken is the responsibility of the audit client and the auditee. The audit team may assist in the process in a manner described in the audit plan. (6) (8) (10) (11) (14)

IV. Internal Controls

Control consists of the means devised by a company to direct, restrain, govern and check upon its various activities for the purpose of seeing that company objectives are met. The management of an organization's activities, products or services that have or could have significant environmental, health and safety impacts should be described in appropriate, formal management control systems. ISO 14001 Standards (9), for example, describe in detail the nature and scope of management systems/controls needed to address environmental aspects of operations. The auditor should have the training and experience required to understand and evaluate the appropriateness of the control systems audited and devise tests to determine their effectiveness.

Some areas of auditor inquiry applicable to the audit of control systems include:

A. Preparing - Has management set objectives and goals for control of significant EHS impacts and provided the resources to carry them out? (9) (14) (16)

B. Coordinating - Has responsibility been assigned to implement controls? Where more than one person share responsibility, are coordination systems in place? (9) (14) (16)

C. Directing - Have necessary instructions been given to explain objectives and the means to accomplish them? (9) (14) (!6)

D. Obtaining Feedback - Is a feedback system in place to provide management with accurate information on actual results? (9) (14) (16)

E. Continuous Improvement - Do procedures in place provide for continuous improvement in control? (9) (14) (16)

V. Regulatory Aspects

Regulations promulgated by federal, state, local and intergovernmental organizations are an important basis for the establishment of EHS management control systems and contain legally enforceable requirements. Auditors must be familiar with the intent, general scope and procedures for implementation of applicable environmental, health and safety laws and regulations and be capable of applying them to their audit assignments.

A. Process of Development of Environmental Health and Safety Regulations

Auditors must be generally familiar with the distribution of responsibility for the development and enforcement of EHS laws and regulations and the purpose, scope and implementation practices applicable to regulations included in the audit scope so that appropriate significance can be placed on interpretations of compliance or non compliance.(6) (13)

B. Federal, State and Local Roles in Environmental Health and Safety Regulations

Auditors must be familiar with which federal, state and local bodies have primary enforcement authority for regulatory criteria included in the audit scope. The auditor must also be aware of the requirements of inter-governmental boards and commissions which may be more stringent or extensive than those of federal, state or local bodies. (6) (13)

C. Regulatory Requirements

Auditors must be familiar with the applicability of specific federal, state, local and inter-governmental regulatory requirements to EHS aspects of activities, products and services within the scope of audit assignments, be generally familiar with their provisions and be capable of applying them to their audit assignment. (6) (8) (13)

The broad scope of environmental, health and safety aspects of operations subject to audit, create a broad range of regulatory criteria potentially applicable to EHS Audits. Federal Regulations applicable to EHS Audits are listed in Appendix I to illustrate some of the individual regulatory criteria which may be accessed by auditors. Auditors must also be aware of and generally familiar with provisions of state, local and inter-governmental requirements that may apply to specific audit engagements. (6) (13)

D. Enforcement Policy and Procedures

Auditors must be familiar with regulatory agency policy and procedures for enforcement of applicable regulations. Some key provisions address: regulatory agency inspections, self monitoring and reporting, corrective action and potential penalties. (6) (13)

VI. Process Operations, Environmental Impacts and Related Control Technology

Auditors must be familiar with the aspects of an audited organization's activities, products or services that could have a significant environmental, health or safety impact and the regulatory criteria associated with adequate control. They must be familiar with common control procedures, equipment and technology and the effectiveness of each in controlling potential impacts. Specific knowledge is required as follows:

A. Typical Environmental Health or Safety Impacts

The environmental, health and safety risks or impacts typically associated with specific activities, products or services included within the audit scope. This includes: typical waste streams, pollutants generated and safety and health risks. (7) (9)

B. Monitoring of Environmental Health and Safety Impacts

Approaches commonly used to monitor environmental, health and safety impacts of activities, products and services. Familiarity shall include operation, maintenance and quality assurance procedures used in on-site monitoring as well as procedures for sampling and laboratory analysis of samples collected on site. (9) (11)

C. Control Techniques and Devices

Controls typically used to limit risks and exposures included in the audit scope to within acceptable levels. These include: treatment facilities, process modifications, protective devices, training and awareness programs. (7) (9)

D. Operation and Maintenance of Control Devices and Techniques

Key aspects of the operation and maintenance of control devices and techniques and the potential impacts of failure of all or portions there of. Auditors shall also be familiar with the actions required to maintain common administrative control. (7) (9)

VII. Auditor Personal Qualities and Communication

A. Attitude - A polite, respectful and professional attitude must be displayed in all audit contacts. (16) (17)

B. Teamwork - The auditor must be capable of working effectively with team members

in all situations. (16) (17)

C. Adaptability - The auditor must be capable of adapting quickly to varied assignments and rapidly changing audit conditions. (16) (17)

D. Determination - The auditor must have the determination to work aggressively to achieve the audit objective, to resist pressures to divert from audit goals and to deal with difficult issues and situations that emerge in the course of audits. (16) (17)

E. Communications - The auditor must be skilled in both oral and written communication. The auditor must be a good listener exhibiting interest in and respect for persons being interviewed. She/he must be conscientiously candid in communicating all impressions both positive and negative. (16) (17)

F. Leadership - Lead auditors must display leadership qualities and management skills in addition to the qualities expected of audit team members. (16) (17)

References Cited

  1. Code of Ethics, Board of Environmental, Health and Safety Auditor Certifications

  2. Code of Ethics, The Institute of Internal Auditors

  3. Code of Ethics, Auditing Roundtable

  4. Statement of Responsibilities of The Internal Auditing, Institute of Internal Auditors

  5. General Principles and Practice, Guidelines for Environmental Auditing, Canadian Environmental Auditing Association

  6. Performance and Program Standards for the Professional Practice of Environmental Health and Safety Auditing, Board of Environmental, Health and Safety Auditor Certifications

  7. Standards for the Performance of Environmental Health and Safety Audits, Auditing Roundtable

  8. Standards for the Design and Implementation of Environmental Health and Safety Audit Programs, Auditing Roundtable

  9. Environmental Management Systems - Specification With Guidance for Use, International Organization for Standardization (ISO14001)

  10. Guidelines for Environmental Auditing - General Principles, International Organization For Standardization (ISO 14010)

  11. Guidelines for Environmental Auditing - Audit procedures - Auditing Environmental Management Systems, International Organization for Standardization (ISO 14011)

  12. Guidelines for Environmental Auditing - Qualification Criteria for Environmental Auditors, International Organization for Standardization ( ISO 14012)

  13. EPA Environmental Auditing Policy Statement (51 FR 2 5004) July 9, 1986

  14. Standards for the Professional Practice if Internal Auditing, The Institute of Internal Auditors

  15. Annotated Bibliography of Published Standards and Guidelines for Environmental Health and Safety Auditing Programs and Management Systems, Environmental, Health and Safety Roundtable

  16. ICC Guide to Effective Environmental Auditing, International Chamber of Commerce

  17. Assessing Competency in Internal Auditing, The Institute of Internal Auditors Research Foundation

Definitions

Audit
A systematic, documented, verification process of objectively collecting and evaluating factual information in order to determine an organization's environmental, health or safety status with respect to specific predetermined criteria. Audits encompass both compliance audits which are directed at verifying an organization's compliance with requirements and management systems audits which evaluate the effectiveness of management systems. (6)

Auditee
Any individual, unit or activity of an organization that is audited. (6)

Auditor
A person who is qualified to perform audits. (10)

Audit Client
The person or organization commissioning the audit. (10)

Audit Criteria
Specific measures or requirements against which the auditor tests and evaluates the information collected as a part of the audit process. Audit criteria may include but are not limited to : organizational objectives; policies, practices and procedures; industrial and other standards; and legislative and regulatory requirements. (6)

Audit Team
A group of auditors, or a single auditor, designated to perform a given audit; the team may also include technical experts and auditors-in-training. (10)

Audit Findings
Results of the evaluation of collected audit evidence compared with agreed audit criteria.

Audit Program Manager
A person responsible for design and management of audit programs. (10)

EHS Aspect
An element of an organization's activities, products or services that can have an impact on the environment, employee health or safety. (9)

EHS Impact
Any change to the environment, employee health or safety whether adverse or beneficial, wholly or partially, resulting from an organization's activities, products or services.

Lead Auditor
A person qualified to manage and perform audits. (10)

Organization
Company, corporation, firm, enterprise or institution or part or combination thereof, whether incorporated or not, public or private, that has its own functions and administration. (10)

Appendix I

Regulations in U. S. Code of Federal Regulations Applicable to HSE Audits

Title 10 - Energy (Nuclear Regulatory Commission)

Title 14 - Aeronautics and Space (Federal Aviation Administration)

Title 21 - Foods and Drugs (Food and Drug Administration)

Title 29 - Labor (Occupational Safety and Health Administration)

Title 30 - Mineral Resources (Mine Safety and Health Administration and Surface Mining Reclamation and Enforcement Administration)

Title 33 - Navigation and Navigable Waters (Coast Guard)

Title 36 - Parks Forests and Public Property ( National Park Service and Forest Service)

Title 40 - Environment (Environmental Protection Agency)

- Air Programs

- Water Programs

- Pesticide Programs

- Solid Waste

- Hazardous Waste

- CERCLA/Superfund/SARA Title III

- Toxic Substances Control Act

Title 42 - Public Health (Health and Human Services)

Title 42 - Transportation (Department of Transportation)

Title 50 - Wildlife and Fisheries (Fish and Wildlife Service and National Marine Fisheries Service)

247 Maitland Avenue • Altamonte Springs, Florida 32701-4201 USA • (407) 831-7727
Copyright © 2001-2004 BEAC® - Website by DesignWeb

Home Up