Is the Management System Implemented As Designed and How Do We Verify?
Once established, the EHS/ESG management system must be routinely evaluated to ensure it remains effective to identify and control risks, as well as accommodate and adjust for changes that occur to/within the organization. Remember, we have created the EHS/ESG management system to protect the organization against risks that could be significant to its growth and prosperity. As a result, high and moderate EHS/ESG risks must be well-understood and appropriately controlled to protect the organization and the communities where they are located. In addition, the information management system (IMS) supporting the EHS/ESG management system must be properly aligned, receiving and communicating the applicable information and data necessary to control EHS/ESG risks.
Having independent review of the EHS/ESG management system using competent and objective expertise will challenge it with no preconceived opinions or perspectives. An organization needs an unvarnished review that honestly reflects upon the current management system and its risks. Utilizing competent expertise to perform these reviews will test the mettle of the system. It may raise issues and present challenges to the system that will allow it to elevate to a stronger system that is more resilient to unplanned changes and continues to mature for the protection of the organization into the future.
There are specific activities that need the appropriate timing and sequencing to effectively evaluate an established EHS/ESG management system and confirm it will likely protect the organization from existing and future moderate to high risks. TRC has established a 6-part series that examines and evaluates the health of the EHS/ESG management system for appropriateness, effectiveness and adaptability into the future. Without an initial and periodic assessment of the health and effectiveness of the EHS/ESG management system and IMS performance, it may not provide the protection expected to control significant EHS/ESG risks for the organization.
The Management System’s Intended Scope, Functionality and Design
The development, implementation and maintenance of an effective EHS/ESG management system and aligned IMS (to manage an organization’s risks) are a significant and critically important investment for its future. To properly protect and nurture this investment, the EHS/ESG management system must be carefully evaluated initially. Is it being developed and implemented as designed? We then need to routinely assess the management system to ensure it is working to effectively manage the organization’s EHS/ESG risks over time and through applicable changes across the organization.
When evaluating the health and effectiveness of the integrated systems to manage EHS/ESG risks, we need to gain a clear understanding of the management system, including its intended scope, functionality and design. The scope will include the physical, organizational and functional boundaries of the management system. The functionality will describe how the organization intends to use the management system to achieve intended outcomes and key performance indicators (KPIs). The design will detail the key components and their interaction, such as policies, standards, documents and standard operating procedures. The design is typically aligned with a standard, such as a specific ISO standard or another industry-aligned standard to suit the organization’s needs and interests. Organizations will typically define their management system scope, functionality and design within a controlled document.
Compare the Design of the EHS/ESG Management System to the Implemented System
An initial and independent evaluation of the management system should be completed to verify the implemented system conforms to the organization’s intended scope, functionality and design. It is important to catch any gaps early in the implementation process versus their discovery after a serious incident. The evaluation should cover each element of the defined management system. If elements of the management system have not been developed and implemented, actions should be taken to track and close these gaps immediately. Upon closure of these initial conformance gaps, routine evaluations should continue to assess the health and effectiveness of the management system. Are we achieving our intended outcomes from the development and implementation? Are we effectively managing the EHS/ESG risks to the organization? It is recommended that the frequency of the independent evaluation is performed at least on an annual basis (perhaps more frequently at the initiation of the management system until it is established). Independence in the persons performing the review is important to eliminate bias in the system operations and maintenance activities.
Checking Critical EHS/ESG Risks to Verify Operational Controls Are Effective
The evaluation of the management system should transition from an initial check (e.g., do we have all the elements, as we defined and committed to developing, implementing and maintaining?) to a reoccurring routine evaluation focused on checking critical points for EHS/ESG risk management within the organization, specifically those moderate to high risks identified within the organization. Are our operational controls appropriate, in place and effective? EHS/ESG management systems provide a structure to manage EHS/ESG obligations, goals and conformance standards, but also to most importantly identify and control EHS/ESG risks. An independent evaluation of the management system can provide a fresh set of eyes to observe an organization’s activities, products and services and the effectiveness in their associated operational controls to manage EHS/ESG risks.
A routine evaluation can provide confirmation on the effectiveness of controls with moderate to high organizational EHS/ESG risks, or it can shine a light on missing or inadequately implemented controls. Is the organization experiencing incidents (including “near misses”) that involve moderate to high EHS/ESG risks? If yes, what have we learned when performing a root cause analysis on these incidents? Do we need to elevate the certainty of the controls to lessen the probability the risk could be realized? An organization can use this information to best focus its resources, including staff and capital, to further minimize organizational EHS/ESG risks.
Learn More About Our Integrated Approach
This insights post is a follow up to our recent white paper Managing EHS & ESG Risks Through Integrated Systems. TRC offers integrated EHS services that help organizations better manage EHS and ESG associated risks and improve performance at the corporate and plant levels.