What Makes A Compliance Audit Compliant
What makes a compliance audit compliant?
The PSM/RMP requirements for compliance audits aren’t that hard to meet but we often find they are missed. Remember that the requirements are the minimum and it’s likely you will want to go above and beyond them to get the most value from your compliance audit. The basic requirements are below with our comments:
The audit must be performed by at least one person knowledgeable in the process.
Recent OSHA/EPA inspections are interpreting this requirement in two ways: First that the person performing the audit understands the covered process (in our case, refrigeration) and secondly that they understand the process and principles of auditing. An example is the inclusion of RAGAGEP such as the CCPS Guidelines for Auditing Process Safety Management Systems, 2nd Edition and the practices it describes.
Generally speaking, the issue of the competence of the auditor is only brought into question when they missed obvious deficiencies. This issue is increasingly common and it’s difficult to beat based on “qualifications” alone. Since PSM is a performance-based standard, the audit is mostly judged on its efficacy – its ability to find issues, rather than WHO did it and HOW they did it.
The audit must verify that the procedures and practices of the PSM/RMP program are adequate and being followed.
OSHA expects that employers would audit both the developed safe work practice and its implementation. Understand the difference between policy and implemented policy – Policy is the plan. You are judged not only on the plan, but how you implement the plan. It’s possible to have a policy that is compliant in theory but not in actual practice. It’s also possible to have a policy that is not compliant with the law but a practice that is!
First ensure that your policy and your practice match. If they don’t, take steps to bring them together. The old ISO maxim “Do what you say; Say what you do” is the goal. Once you get those policies and practices to match, now ask if the result is compliant.
A report of the findings of the audit must be developed and the most recent two audits must be kept on file.
The report should document how the audit was conducted and what the findings are. Who was part of the audit, What was audited, How was the audit conducted, etc. It will also include a list of the findings.
The audit must be certified by the employer.
Someone has to take responsibility for the audit in writing. Personally, I like to see the responsible person (as defined by the RMP Management System) sign off on this but you can also push it up the management chain. It can’t be done by an outside auditor because it is the employer’s responsibility. This isn’t difficult – you could be legally compliant by scrawling “This is my compliance audit” on the report and signing it.
All findings must be responded to and all deficiencies must be corrected and documented.
Just like every other finding / recommendation in the PSM/RMP program, you’re going to have to document a resolution to each of the findings of the compliance audit. You need to establish a resolution quickly! Here’s a quote from an OSHA letter of interpretation explaining their thoughts: “If deficiencies are discovered, it is imperative that corrective actions be initiated immediately, so that corrective measures can be implemented as soon as possible.”
You’re compliance audit serves and important function is assuring that your PSM/RMP program is actually controlling the process and its hazards. While you can do this in-house, there are some benefits to having an external compliance audit:
- Knowledge – Outside consultants are focused on compliance with PSM/RMP – it’s not one of the things they do, it’s usually the only thing they do! This specialized knowledge is extremely important in understanding the program. The outside consultant(s) are likely to have seen hundreds of processes like yours. Whatever you are struggling with, they’ve seen that problem tackled in dozens of different ways and can suggest the approach that may work best for your situation.
- Objectivity – It’s very common to get so used to your way of doing things that it never occurs to you that it could be wrong. This familiarity can cause you to accept situations that are unacceptable when viewed objectively. The consultants should be a neutral auditor that is capable of looking at the system as it actually is rather than as it was meant to be or how you may think it operates.
- Lower Business Impact – Having an outside consultant perform your audit usually results in the audit taking considerably less time than doing it yourself. You can remain focused on your core business longer.
If you are looking for an external auditor, GCAP offers a comprehensive Compliance Audit for Ammonia Refrigeration PSM/RMP programs. No organization is situated to provide you with a more thorough Process Safety Management audit than GCAP. We’ve amassed documentation on thousands of actual OSHA citations including the Inspectors Narrative (description of the inspection) and the 1-B’s – a document where the OSHA inspector provides specific details of the deficiency, their understanding of possible abatement strategies and on-site conditions.
Our audit process combines three audit processes into a single cohesive compliance audit:
- RMPL3 – The EPA’s Level 3 Risk Management Plan/Risk Management Program checklist
- PQV – OSHA’s Program Quality Verification checklist including document inspection, on-site conditions and interviews.
- NEP – Specific questions that have appeared in OSHA’’s National Emphasis Program inspections.
If you have any questions on compliance audits, please don’t hesitate to email us at email@example.com or call us at 620-271-0037.