Compliance self assessment

Managing your compliance program

Ongoing compliance management requires a streamlined, robust, and implementable compliance program that can be ingrained in your organization. 

With a streamlined program, businesses can spend less time and money to audit and verify the compliance status at their sites. But, even with the support of a risk management strategy and efficient compliance program, it will still be necessary to exercise oversight on your sites to verify performance. 

But how often should you do this, what are the challenges of self assessments, and what are the best practices your business can implement?

Challenges of compliance self assessment

Onsite EHS professionals have a multitude of different tasks and responsibilities to balance, namely managing business compliance with everchanging EHS legislation. 

There are many different types of audits that EHS departments face from various parties — such as stakeholders in the supply chain, consumer groups, corporate groups, and third parties. Each of these involves preparation and onsite time which could otherwise be spent managing other responsibilities. 

Carrying out a full compliance self assessment and following this up with a corporate verification audit can be a lengthy and expensive process requiring valuable resources, time, money, and dedicated staff. Similarly, too many or too stringent expectations can have a negative impact on employee morale and performance. 

Furthermore, not undertaking enough assessments, reviews, and audits can lead to compliance gaps, triggering a host of compliance risks leading to hefty financial and reputational damage. likewise, inconsistent or unstandardized auditing tools and reporting structures can lead to unreliable data. 

The “snapshot” of compliance that an audit provides may not reflect the day-to-day operations and management, generating another challenge for companies wishing to more accurately represent their business’ compliance status and ongoing progress. 

The overall challenge appears to be concerned primarily with cost-effectiveness. Businesses must find strategies to balance reliable and consistent assessment results without wasting time and resources. 

Opportunities of compliance self assessment

If your organization is able to carry out fewer EHS compliance audits while meeting and maintaining compliance, this creates a huge opportunity for business improvement. Reaching this level in a compliance team requires a careful balancing of resources, provision of appropriate tools and services, and engagement of both site and regional EHS personnel to achieve industry standards. 

Enhesa experts share their best practices for compliance verification: 

• Give sites and supervisors a consistent, quality solution that can be used to both site self assessments and verification audits, and make this a corporate requirement to utilize 

• Ensure that the provided solution is tailored to each jurisdiction and available in both English and the local language so that all sites can adopt the tool efficiently and keep learning 

• Encourage corporate financing of the tool to better speed up its update, allowing local sites to free up their budget for other responsibilities, as their own local compliance tool will potentially no longer be needed 

• Once a company-wide tool is in place, ensure that each site has undertaken an applicability assessment of the regulations and compliance requirements that it needs to adhere to. Examples include creating site-type profiles that can be replicated, applicability questionnaires, or third party expert support 

• Conduct initial self assessments at the launch of your program to provide a solid baseline and ensure efficiencies 

• Encourage site personnel to use regulatory change alerts on an ongoing basis to continuously manage compliance as regulations evolve — saving time and resources, and reducing compliance risk and compliance gaps 

• Review any changes in work processes, such as new equipment, using applicability screening to see if these operational developments affect your organization’s approach to regulatory compliance 

• Where necessary, leverage second and third party verification audits to review compliance status. But as compliance status will be more continuously and transparently managed, this should only be required in cases of high-risk or repeated failings. This might be annually in some cases, or every two, three or five years

A global company-wide solution facilitates a risk-based approach that can reduce the quantity and necessity of expensive audits — and focus instead on clear pain points in specific locations. The best practice for a compliance team to be prioritizing continuous improvement is to identify an effective self assessment tool, aligning with regulatory standards and existing compliance issues, and leverage its company-wide implementation.

Frequency of self assessment

How often should businesses self-assess and audit?  

Ecompany (and even different sites within a company) will require different approaches based on their respective risk profile. However, to devise a risk-based approach you need a baseline from which to identify areas of higher compliance risks and compliance gaps. For example, you may require your manufacturing sites to self-assess annually, offering a holistic oversight of where things currently stand.  

Based on these results, you may then decide to carry out a streamlined internal audit on specific sites every one, two, three or even five years, rather than audit each site every year or two. Placing a level of trust in sites for their own compliance performance can also encourage ownership and responsibility – especially , particularly if sites recognize that they can be measured against others.