How to Carry Out Your Own HSE Compliance Audit

In the last blog post, I discussed the process of developing a simple HSE Legal Register. We will continue that discussion to the obvious next step; that is, developing a simple system to assist in complying with the legislative requirements imposed on your business.

To be clear, in this blog post I am not discussing compliance with your internal HSE management systems. An audit of your HSE management system against your internal performance goals is arguably more important than a legal compliance audit with respect to providing protection to the environment and worker health & safety.  The auditing process is pretty much the same, but for this blog post we are limiting our discussion to an audit of compliance with the specific external national or local legal requirements in the location in which you operate.

Why Conduct and HSE Legal Compliance Audit?

Simple. To keep you and your boss out of jail!

Non-compliance can have serious ramifications to you, your management, your workers and your company. Penalties for violations of HSE laws can cost a company millions of dollars (and can send responsible parties to jail), not to mention the adverse public relations and loss of consumer goodwill.

Legal Compliance Audits can assist companies in fulfilling their regulatory obligations, thereby eliminating or greatly reducing violations and penalties for noncompliance. An audit can also reduce risks to workers and to the environment.

Finally, it is your responsibility as an HSE professional to make sure that your operations comply with all HSE legal requirements.  If you identify areas of non-compliance, then you must make sure that senior management (1) is aware of the non-compliance issues, (2) understands the penalties for non-compliance and (3) is presented with an approach to become compliant.  Hopefully they will provide you with the budget, time and authority needed to implement compliance solutions!

How to Comply with Your HSE Obligations?

Meeting your HSE legal obligations is not at all straight-forward given the complex and often confusing array of HSE laws and regulations that are relevant to any particular operating facility. The compliance process can, however, be broken down into four main steps:

Compliance Process

Step 1: HSE Legal Register

This was the topic of last week’s blog post where I discussed how you can develop your own HSE Legal Register and I provided a free template as a starting point to develop an HSE Legal Register.

Step 2. Identify the Implementing Measures Needed for Compliance

If you downloaded the free HSE Legal Register from the previous blog, you will have noticed that there is one column (“N”) included that was not discussed in the blog post – Implementing Measure to Ensure Compliance.  In this column, you can add a description of the internal processes and procedures that are needed to comply with each legislative requirement.

This typically comes down to having effective management systems and processes in place, for example:

  • Worker Health and Safety Plan
  • Employee Training Program
  • Environmental Management Plan
  • Chemical and Hazardous Material Management Plan
  • Waste Management Plan
  • Risk Management Plan
  • Emergency Response Plan
  • Spill Response Plan
  • Electrical and Power Safety Plan
  • Lifting Plan
  • Fire Safety Plan
  • Incident Investigation and Reporting System
  • Equipment Inspection and Maintenance Program
  • Equipment/Site Operating Procedures
  • Operating Permits

The details of each of these will be specific to the regulatory requirements and your operations, and typically will also include internal corporate requirements that may exceed the legal obligations.

Step 3. Implementation of Compliance Measures

Developing the plans and procedures and obtaining the necessary permits required for compliance is a significant challenge. But, that pales in comparison to implementing them effectively. Books could be written about this topic and I am only going to touch on this step here. J. Alden Lincoln summarized this issue well where he recommended the following actions for a company to consider when implementing an effective HSE compliance program:

  1. Make managers responsible for continuous monitoring of HSE compliance
  2. Adopt an HSE compliance policy and communicate that policy to employees
  3. Establish procedures for internal audits, internal reporting of violations and documenting the resolution of problems
  4. Train employees at all levels; maintain regulatory expertise; and evaluate employees' performance of HSE duties
  5. Offer incentives for compliance
  6. Establish disciplinary procedures
  7. Continuously evaluate and improve your company's HSE compliance program.

Step 4. Auditing

A legal audit is an appraisal of a company’s operations to determine whether they are in compliance with relevant laws and regulations. While, it is preferable to have an experienced third-party auditor carry out an audit, this does not mean that the site HSE Manager should sit on his hands and be passive in this process.  Rather, a responsible HSE Manager will have in place an internal audit system that closely mimics that done by a third party. This is both helpful as an internal check on the effectiveness of the audit system and also can significantly reduce costs of an independent  audit if all required materials are readily available for the third-party auditor.

A compliance audit can be done at varying levels, from a screening-level, limited compliance audit through to a very detailed and comprehensive audit.

A limited compliance audit typically focuses on the primary legal requirements, and is roughly based on the Pareto Principle (or 80/20 rule) so that say 80% if the outcomes will be achieved with 20% of the effort. For instance a limited compliance audit could be done as a desktop exercise only (Step 1 below) and will give in a short period of time a reasonable understanding of the efficacy of the compliance measures at a particular operation.

On the other hand, a comprehensive compliance audit will include site visits and inspection and review of all of the management plans and processes to ensure that they are being done correctly in accordance with the legal requirements, as per the following process:

Step 1: Document Review

  • HSE Legal Register – review for completeness
  • Suitability and Presence of Implementing Measures – review that all of the written documents, permits, records, etc. (from Step 2 above) are completed as applicable to the facility and the legal requirements

Step 2: Site Visit

  • Identify areas of legally relevant discharges or risks to the environment
  • Identify areas or functions with unsafe work methods and risk to employee’s health and safety
  • Observe HSE monitoring to ensure it is done properly
  • Interview employees regarding site activities and their awareness of procedures
  • Carry out a site walkover and photograph all relevant activity, noting examples of effective and ineffective procedures or activities

Step 3: Reporting

  • Detailed report on the findings and suggestions for corrective and preventive actions for each non-compliance issue and improvements as might be suggested for other items
  • Ideally this will include specifics such as needed plans/procedures, equipment, responsibility, schedule and capital costs for implementation
  • Photo record appended
  • Copies of all relevant supporting documents (title page is sufficient) appended

If you work for a company that takes compliance seriously, then you will probably already have in place both an HSE Legal Register and some sort of auditing protocol, or if not you may be able to obtain a budget to hire a consultant to develop a customized system for you.   There are also many examples of compliance tools to assist with the audit, and these can be readily bought and downloaded on the web. Unfortunately, these can be expensive and may not be compatible with your specific needs, particularly if you are managing a facility in a smaller developing country.

But, if you are like the vast majority of HSE Professionals working in a small or medium sized company, you may need to develop your own template. Don’t worry - you definitely do not need a fancy compliance auditing tool that is expensive and frankly rarely used. Click on this link and download our simple template and customize it for your needs – it is free and will only take your time and diligence. And, of course please contact us if you need bespoke compliance tools for your facility.

Finally, remember that auditing is simply a tool to gauge performance. But if the input is garbage, then the output will be garbage and you will be putting you and your company at risk. Make the effort to understand and comply with your legal requirements and you will be far ahead of many of your peers.

And, your boss’ wife will be grateful for keeping him out of jail!

Thanks for reading.  Keep safe.  Be healthy.  Respect your environment.

I hope that you will bookmark the blog, share it with your colleagues and visit the blog frequently because you find it informative and helpful.  I value your feedback and suggestions for future topics.

Please enter your email in the box at the top of the post and subscribe to our blog HSE Asia - our weekly blog will be emailed directly to you.

Next Week’s Blog Topic: The HSE “Professional's ” Dirty Secret – An Epidemic of Fake Credentials

Photo Credits: Compliance image photo courtesy of Stuart Miles at

Randall D. Shaw, Ph.D.
Posted in Asia, Environment, HSE, Industrial Hygiene, Laws and Regulations, Middle East, Occupational Health, Worker Safety and tagged , , , .


  1. Hi Randall,

    Again the blog reflected the perfect compliance audit process that any company’s can leverage. I would like to add couple of points more, to perform compliance audits effectively as below…

    > Evaluate all licensed activities ( that may specify in licenses / permits from regulatory authorities to run the business) against all applicable OSHE regulation (should refelect in legal register) to asses compliance.
    > Interview with employees on their basic knowledge in applicable regulations.

    Alex Cherian

    • Alex,

      Thanks for reading and sharing your valuable thoughts. I definitely agree. Each and every license/permit must be identified in the HSE Legal Register and checked during the auditing process to ensure they are in place and current. Interviews with employees are valuable as a check to make sure that they are aware of the specific requirements and procedures related to their job.


Leave a Reply

Your email address will not be published. Required fields are marked *