Please Wait...

PT Notes

EPA RFI - Third-Party Compliance Audits

PT Notes is a series of topical technical notes provided periodically by Primatech for your benefit. Please feel free to provide feedback.

On July 24, 2014, the U.S. Environmental Protection Agency (EPA) announced a Request for Information (RFI) seeking comments on potential revisions to its Risk Management Program (RMP) regulations and related programs to modernize its regulations. Multiple issues were addressed in the RFI.

One of the issues addresses requiring third-party compliance audits. Both EPA's RMP rule and the Occupational Safety and Health Administration's (OSHA's) Process Safety Management (PSM) standard have almost identical requirements for compliance audits but neither regulation currently requires employers to use a third-party in conducting compliance audits.

EPA's RFI notes that there may be advantages to third-party audits and that the Bureau of Safety and Environmental Enforcement's (BSEE's) Safety and Environmental Management Systems (SEMS) standard requires that audits be conducted by independent third-parties subject to BSEE approval, or to avoid conflict of interest, personnel who are considered to be qualified by the employer.

EPA is seeking information on whether to revise the RMP rule to require facility owners and operators to use a third-party for compliance audits, on whether requiring a third-party auditing process would increase protection of human health and the environment, and on whether the existing compliance audit requirements are sufficiently clear or if changes should be made to strengthen the audit requirements.

Questions posed by EPA on this issue include:

  1. Does your facility use a third-party for conducting RMP compliance audits for safety or other reasons? What was the basis for that decision? How has it affected the overall safety record of your facility?
  2. Can you provide any data or information on accidents, near misses, or other safety-related incidents that could have been prevented by conducting more effective compliance audits for operations covered under the RMP rule? What were the deficiencies in those audits? Were the audits in question conducted by in-house staff or a third party?
  3. Would revising the RMP rule to require owners and operators of RMP-regulated facilities to use a third-party for compliance audits help to prevent accidental releases? What would be the economic impacts of revising the RMP rule in this way?
  4. Should EPA revise the RMP rule to require owners and operators to use compliance auditors (internal or third-party) with certain minimum credentials or certifications? If so, what minimum credentials or certifications should EPA require?
  5. How should owners/operators of RMP-regulated facilities address the findings of the third-party auditor? Should EPA amend the RMP rule to require owners/operators to document how they addressed each of the findings of the third-party auditor? Should a timeframe for addressing those findings be included in the RMP regulation? Should EPA include a procedure for how an owner/operator may appeal the findings of the third-party auditor?
  6. Should EPA require facilities that have incidents or near misses to conduct a full compliance audit, as appropriate? Would such a requirement create a perverse incentive to under-report incidents or near misses?
  7. During compliance inspections at multiple-process sources, EPA inspectors have noted that some owners or operators have audited only a subset of covered processes at the source. Should EPA clarify the RMP rule to indicate explicitly that all covered processes must receive a full compliance audit at least every three years?
  8. Does the identity of the auditor (e.g., in-house, contractor, professionally-certified, party licensed by EPA) affect the credibility of the audit for potentially impacted communities?

Further details on this issue are provided in EPA's RFI which can be accessed by clicking here.

Back to PT Notes