Those who work in high hazard industries are familiar with the OSHA Process Safety Management (PSM) and EPA Risk Management Plan (RMP) requirements for routine audits to assess and verify compliance with these regulations. Completion and follow-up on findings from audits are an important element for continuous improvement and regulatory compliance.
Routine audits are an important element of regulatory compliance. A quality audit is based on specific regulatory requirements and related Recognized And Generally Accepted Good Engineering Practices (RAGAGEP), with an adequate review of site processes and evidence for each of the requirements. Evidence reviews don’t mean that every single item of evidence is reviewed, but that a suitable and typically random range of evidence is thoroughly reviewed to determine if there is a pattern of compliance or non-compliance. Then, if justified, findings and recommendations are developed against specific requirements. Depending on company expectations, recommendations may also be developed to help bring site processes in line with industry best practices.
A variety of staffing strategies for completing PSM and RMP required audits are possible, including those handled by site personnel, those handled by company personnel independent of the audit site, and those conducted by personnel with external companies. Based at least partly on who conducts an audit and their relationship with the site, a variety of audit outcomes are possible. Reports and findings or recommendations that are so comprehensive (even overly picky at times) are more common than you might think. This type of audit, if unchallenged by the site, may drive expending excessive resources on PSM and RMP system improvements that may or may not be truly needed. At the other end of the spectrum, “check the box” audits are also more common than you may think. This type of audit and report may be so lacking in-depth review that they might lead a site to believe that their PSM and RMP systems are fine and need few or even no improvements, even when that’s not true.
In one case, you may over-invest in changes that may or may not drive improvements that are really needed; and in the other case, you may under-invest and have a false sense of confidence in your systems to manage risk. Neither case is desirable from a business perspective.
Who should conduct your PSM and RMP audits to have the best probability of an outcome that will drive truly necessary site improvements? This question is best answered by each organization and should be based on site and corporate goals and expectations for their regulatory compliance. Review by external auditors with wide-ranging experience has proven at many sites to provide the best-case outcome of an audit, resulting in findings and best practice recommendations that drive true compliance with right-sized resource needs. In many cases, external auditors can also offer specific methods and techniques for efficient and speedy resolution of concerns identified at sites. Their range of experience enables external auditors to share the general methods proven to drive good PSM and RMP compliance across industry.
Companies that have lean or less-experienced workforces or that are unsure where they stand versus industry norms for PSM and RMP compliance may benefit from engaging a firm with experienced auditors. This independence from the site and company has the best probability of a careful assessment with fresh eyes on the relevant critical systems and leads to efficient compliance with the necessary standards.