Call Us Today: 608-226-0531


17 Oct
audit checklist
Top 5 Critical Factors for Value-Added Auditing

Auditing is a management tool that can be used to evaluate and monitor the internal performance and compliance of your company with regulations and standards. An audit can also be used to determine the overall effectiveness of an existing system within your company.

How do you incorporate compliance auditing best practices to help maximize compliance, efficiency, and value of your audit? Here are five critical factors for value-added audits.

1. Goal Aligned with Business Strategy

There are many reasons why companies conduct audits:

  • Support commitment to compliance
  • Avoid penalties
  • Meet management system requirements
  • Meet corporate or customer mandates
  • Support acquisition or divestiture
  • Assess organizational structure and competency
  • Identify cost saving and pollution prevention opportunities
  • Determine alignment with strategic direction

It is vital to define and understand the goal of your compliance audit program before beginning the audit process. Establishing goals enables recognition of broader issues and can lead to long-term preventive programs. Not establishing a clear, concise goal can lead to a waste of resources.

Audit goals and objectives should be nested within the company business goals, key performance objectives, and values. An example of a goal might be to effectively measure environmental compliance while maintaining a reasonable return on investment.

Once the goal is established, it is important to communicate it across all functions of the organization to get company-wide support. Performance measurements should also be communicated and widely understood.

2. Management Buy-in

The audit program must have upper management support to be successful. Management must exhibit top-down expectations for program excellence, view audits as a tool to drive continuous improvement, and work to imbed audits within other improvement processes. Equally important, management must not use audit results to take punitive action against any person or department.

3. Documented Audit Program Systematically Applied

Describe and document the audit process for consistent, efficient, effective, and reliable application. Audit procedures should be tailored to the specific facility/operation being audited. A documented program will include the following:

  • Scope. The scope discusses what areas/media/timeframe will be audited. The scope of the audit may be limited initially to what is manageable and can be done very well, thereby producing performance improvement and a wider understanding and acceptance of objectives. It may also be limited by identifying certain procedural or regulatory shifts and changes. As the program is developed and matures (e.g., management systems, company policy, operational integration), it can be expanded and, eventually, shift over time toward systems in place, prevention, efficiency, and best practices. It is important at the scoping stage to address your timeline. Audits should be scoped to make sure you get them done but also to make sure you have audited all compliance areas in an identified timeframe.
  • Criteria. Compliance with requirements will clearly be covered in an audit, but what about other opportunities for improvement (e.g., pollution prevention, energy savings, carbon reduction)? All facilities need to be covered at the appropriate level, with emphasis based on potential compliance and business risks. Assess the program strengths, redundancy, integration within the organization, and alignment with the program goal. Develop specific and targeted protocols that are tailored to operational characteristics and based on applicable regulations and requirements for the facility. As protocols are updated, the ability to evaluate continuous improvement trends must be maintained.
  • Auditor training (i.e., competency, bias). A significant portion of the audit program should be conducted by knowledgeable auditors (e.g., independent insiders, third parties, or a combination thereof) with clear independence from the operations being audited and from the direct chain of command. For organizational learning and to leverage compliance standards across facilities, it is good practice to vary at least one audit team member for each audit. Companies often enlist personnel from different facilities and with different expertise to audit other facilities. Periodic third-party audits further bring outside perspective and reduce tendencies toward “home-blindness”.

Training should be done throughout the entire organization, across all levels:
+ Auditors are trained on both technical matters and program procedures.
+ Management is trained on the overall program design, purpose, business impacts of findings, responsibilities, corrections, and improvements.
+ Line operations are trained on compliance procedures and company policy/systems.

Consider having auditor training conducted by an outside source to teach people how to decide what to audit and follow a trail. It can also work well to train internal auditors by having them audit alongside an experienced 3rd party.

  • Audit conduct (i.e., positive approach). A positive approach and rationale for the audit must be embraced. Management establishes this tone and sets the expectation for cooperation among all employees. Communication before, during, and after the audit is vital in keeping things positive. It is important to stress the following:
    • Auditor interviews are evaluating systems, not personal behaviors.
    • The audit is an effective tool to improve performances.
    • Results will not be used punitively.
  • Audit reporting. Information from auditing (e.g., findings, patterns, trends, comparisons) and the status of corrective actions often are reported on compliance dashboards for management review. Audit reports should be issued in a predictable and timely manner. It is desirable to orient the audit program toward organizational learning and continual improvement, rather than a “gotcha” philosophy. “Open book” approaches help learning by letting facility managers know in advance what the audit protocols are and how the audits will be conducted. Documentation is essential, and reporting should always align with program goals and follow legal guidance. There is variability in what gets reported and how based on the company’s objects. For example:
    • Findings only vs. opportunities for improvement and best management practices?
    • Spreadsheet vs. long format report?
    • Scoring vs. prioritization of findings (beware of the unintended consequences of scores!)?
    • Recommendations for corrective actions included or left for separate discussion?
  • Corrective and preventive action. Corrective actions require corporate review, top management-level attention, and management accountability for timely completion. A robust root cause analysis helps ensure not just correction/containment of the existing issue, but also preventive action to assure controls are in place to prevent the event from recurring. For example, if a drum is labeled incorrectly, the corrective action is to relabel that drum. A robust plan should be to also look for other drums that might be labeled incorrectly and to add and communicate an effective preventive action (e.g., training or posting signs showing a correctly labeled drum).
  • Follow-up and frequency. Address repeat findings. Identify patterns and seek root cause analysis and sustainable corrections. Communications with management should be done routinely to discuss status, needs, performance, program improvements, and business impacts. Those accountable for performance need to be provided information as close to “real time” as possible. There are several levels of audit frequency, depending on the type of audit:
    • Frequent: Operational (e.g., inspections, housekeeping, maintenance) – done as part of routine day-to-day operational responsibilities
    • Periodic: Compliance, systems, actions/projects – conducted annually/semi-annually
    • As needed: For issue follow-up
    • Infrequent: Comprehensive, independent – conducted every three to four years

4. Robust Corrective Action Program

As mentioned above, corrective actions are a must. If there is no commitment to correction, there is no reason to audit. A robust root cause analysis is essential. This should be a formal, yet flexible, approach. There should be no band-aids. Mistake-proof corrections and include metrics where possible. In the drum example given above, a more robust corrective action program would look at the root cause: Why was the drum mislabeled? Did the person know to label it? If so, why didn’t they do it?

The correction itself is key to the success of the audit program. Establish the expected timeframe for correction (including addressing preventive action). Establish an escalation process for delayed corrections. Corrective actions should be reviewed regularly by upper management using the existing operations review process. There must also be a process for verification that the correction has been made; the next audit cycle may not be sufficient.

Note also that addressing opportunities for improvement, not just non-compliance findings, may increase the return on investment associated with conducting an audit.

5. Sharing of Findings and Best Practices

Audit results should be communicated to increase awareness and minimize repeat findings. Even if conducted under privilege, best practices and corrections can and should still be shared.  Celebrate the positives and creative solutions. Stress the value of the audit program, always providing metrics and cost avoidance examples when possible. Inventory best practices and share/transfer them as part of audit program results. Use best-in-class facilities as models and “problem sites” for improvement planning and training.

Value-Added Audit

An audit can provide much additional value and return on organization if it is planned and managed effectively. This includes doing the following:

  • Align program goal with business strategy to secure top-down buy-in
  • Expand criteria beyond compliance
  • Gain goodwill through positive approach
  • Document program and results
  • Monitor for timely, effective corrective action
  • Share opportunities for improvement
10 Oct
OSHA HAZWOPER 24-hour Training
24-hr OSHA HAZWOPER Training: November 2019

OSHA1910.120 (HAZWOPER) requires any employees who are in positions that may respond to chemical spills or emergencies onsite be trained in chemical risk recognition, spill control basics, emergency response, and additional requirements depending on the level of response expected.

24-hour OSHA HAZWOPER Initial Technician Training
November 5-7, 2019
8 am – 4:30 pm daily
Fairfield Inn & Suites | 215 NE Delaware Ave. | Ankeny, Iowa

Kestrel’s 24-hour OSHA HAZWOPER Initial Technician Training is offered as a 3-day, hands-on course. Participants will learn how to recognize basic hazard classes, read labels and use SDS to understand risk, use engineering controls or PPE to prevent exposure, address field analytical equipment, and correctly respond to spills and implement emergency response site plans.

Topics covered include:

  • OSHA requirements
  • Basic hazard classes
  • Hazard communication
  • Personal Protective Equipment (PPE)
  • Respiratory protection
  • Spill Control, Containment, and Countermeasures (SPCC)
  • Emergency response
  • EPA regulatory overlap

Cost: $495/participant; includes lunch and snacks. Participants will receive a certificate of training completion, course guide, and resource collection of OSHA support materials.


Training Details

  • Training session will be held at Fairfield Inn & Suites | 215 NE Delaware Ave. | Ankeny, Iowa.
  • Training is scheduled to begin at 8:00 am and end at 4:30 pm daily (or until material is complete).
  • Snack and lunch will be provided.
  • Participants will receive a training manual, pre-/post-competency test, exercises, and a certificate of completion, provided they receive an 80% or above on the test.

View Complete Course Catalog

10 Sep
Compliance Risk Assessment

Compliance risk assessment helps to identify and assess risks related to applicable regulatory requirements. Internal and external events or conditions affecting the entity’s ability to achieve objectives must be identified, distinguishing between risks and opportunities. These risks are analyzed, considering the following:

  • Size of the risk – where, how big, how often/many?
  • Severity of the outcome – to what extent can it impact safety, environmental, operational, financial, customer relations, regulatory compliance?
  • Likelihood/probability of each risk – how likely is the occurrence of a negative outcome, considering the maturity of existing controls?

Based on this assessment, management can prioritize risks, select appropriate risk responses (avoiding, accepting, reducing, sharing), and develop a set of actions to align with the entity’s risk tolerance/appetite. An acceptable level of residual risk is considered after selected improvements and controls are applied. From there, policies and procedures can be established and implemented to help ensure the risk responses are effectively communicated so operating managers and individuals can carry out their responsibilities.

A deeper dive compliance program assessment may be performed for those risks that are identified as the company’s most significant.

Compliance Program Assessment

A compliance program assessment looks beyond “point-in-time” compliance to critically evaluate how the company manages compliance programs, processes, and activities, with compliance assurance as the ultimate goal. Capability, capacity, programs, and processes to comply are examined as part of this review. Conducting routine process and compliance audits are also key components of a compliance assurance program.

Compliance program assessment should follow a disciplined and consistent process, resulting in an effective program that guides alignment of activities to an integrated management system for sustained compliance and continuous improvement. An essential part of the assessment, audits capture regulatory compliance status, management system conformance, adequacy of internal controls, potential risks, and best practices.

Compliance program assessment enables a company to define and understand:

  • Compliance requirements and where regulated activities occur throughout the organization
  • Current company programs and processes used to manage those activities and the associated level of program/process maturity
  • Deficiencies in compliance program management and opportunities for improvement
  • How to feed review recommendations back into elements of the management system to create a roadmap for sustaining and continually improving compliance

There are six phases associated with a compliance program assessment:

Phase 1 – Regulations, Requirements, and Applicability Analysis: Phase 1 focuses on identifying, organizing, validating, and understanding all of the requirements (legal or other) with which the company must comply. It provides an applicability analysis of the requirements to company operations by functional area and evaluates the associated risks. This stage engages representatives across the company who are responsible for activities subject to the requirements.

Phase 2 – Activities Analysis: This phase involves developing an inventory/profile of all company activities that may trigger the requirements identified in Phase 1. It asks the question, “What activities does the company carry out that are covered by the requirements?”

Phase 3 – Desired Compliance Program Standard: Establishing the company’s expectations for compliance program processes and controls—the desired condition—is essential. This “to-be” standard integrates management system principles into compliance program management. Programs should examine relative risks and ensure that risk-based priorities are being set.

Phase 4 – Actual Compliance Program Condition: In contrast to the desired standard identified in Phase 3, Phase 4 is about describing the company’s current compliance program. It defines how the company performs the activities outlined in Phase 3 (along with who, when, and where)—the “as-is” condition. This is done in the same framework as the desired standard in order to compare them in the next phase.

Phase 5 – Gap Analysis: The gap analysis compares actual compliance program management against the desired standard. It evaluates compliance program management processes, controls, and maturity to determine if they are good as is, need improvement, or are missing. These gaps and opportunities provide the basis for the improvement actions developed in Phase 6.

Phase 6 – Improvement Actions: Phase 6 moves the process along to developing action plans and an approach for ongoing management review that will guide the compliance program development and improvement activities. Compliance program management review is established at the end of this last phase. If there is a management system in place, program review information and action plan tracking can be integrated into that management system.


As a whole, this process will help companies evaluate the degree to which:

  • Compliance goals and objectives are set and communicated by management.
  • Hazards and risks are identified, sized, and assessed, including an inventory of activities subject to the compliance requirements and the relative risks.
  • Existing controls are adequate and effective, recognizing, and addressing changed conditions.
  • Plans are in place to address risks not adequately covered by existing controls.
  • Plans and controls are resourced and implemented.
  • Controls are documented and operationalized across functions and work units.
  • Personnel know and understand the controls and expectations, and are engaged in their design and improvement.
  • Controls are being monitored with appropriate metrics and compliance auditing and assurance.
  • Information system is sufficient to support management system-required functions (e.g., document management and control, action tracking, notifications, training tracking, task calendaring, metrics reporting). Information dashboards can be used for reports to management.
  • Deficiencies are being addressed by corrective/preventive action and are being tracked to completion.
  • Processes, controls, and performance are being reviewed by management for ongoing improvement, including the maintenance and continual improvement of the integrated management system.

08 Sep
OSHA Kicks Off Safe + Sound Week

The Occupational Safety and Health Administration (OSHA) is joining businesses and organizations nationwide to recognize the importance and successes of workplace safety and health programs during Safe + Sound Week: August 12-18, 2019.

The week-long event encourages employers to implement workplace safety initiatives, and highlight workers’ contributions to improving safety. Businesses that incorporate safety and health programs can help prevent injuries and illnesses, reduce workers’ compensation costs, and improve productivity.

Participating in Safe + Sound Week can help get your program started, energize an existing one, or provide a chance to recognize your safety successes. Learn more about how to help plan and promote safety and health plans.

07 Sep
Maintaining a Compliance Assurance Program

A well-designed and well-executed compliance assurance program provides an essential tool for improving and verifying business performance and limiting compliance risks. Ultimately, however, a compliance program’s effectiveness comes down to whether it is merely a “paper program” or whether it is being integrated into the organization and used in practice on a daily basis.

The following can show evidence of a living, breathing program:

  • Comprehensiveness of the program
  • Dedicated staff and resources
  • Employee knowledge and engagement
  • Management commitment and employee perception
  • Internal operational inspections, “walkabouts” by management
  • Independent insider, plus third-party audits
  • Program tailoring to greatest risks
  • Consistency and timeliness of exception (noncompliance/nonconformance) disclosures
  • Tracking of timely and adequate corrective/preventive action completion
  • Progress and performance monitoring

Best Practices

To achieve a compliance assurance program on par with world-class organizations, there are a number of best practices that companies should employ:

Know the requirements. This means maintaining an inventory of regulatory compliance requirements for each compliance program, as well as of state/local/contractual binding agreements applying to operations. It is vital that the organization keep abreast of current/upcoming requirements (federal, state, local).

Plan and develop the processes to comply. Identify and assess compliance risks, and then set objectives and targets for performance improvement based on top priorities. From here, it becomes possible to then define program improvement initiatives, assign and document responsibilities for compliance (who must do what and when), develop procedures and tools, and then allocate resources to get it done.

Assure compliance in operations. The organization needs to establish routine checks and inspections within departments to evaluate conformance with sub-process procedures. Process audits should be designed and implemented to cut across operations and sub-processes in order to evaluate conformance with company policies and procedures. Regulatory compliance audits should further be conducted to address program requirements (e.g., environmental, safety, mine safety, security). Audit performance must be measured and reported, and the expectations set for operating managers to take responsibility for compliance.

Take action on issues and problems. Capture, log and categorize noncompliance issues, process nonconformances, and near misses. Implement a corrective/preventive action process based on the importance of issues. Be disciplined in timely completion, close-out, and documentation of all corrective/preventive actions.

Employ management of change (MOC) process. Robust MOC processes help ensure that changes affecting compliance (to the facility, operations, personnel, infrastructure, materials, etc.) are reviewed for their impacts on compliance. Compliance should be assured before the changes are made. Failure to do so is one of the most common root causes of noncompliance.

Ensure management involvement and leadership. Set the tone at the top. The Board of Directors and senior executives must set policy, culture, values, expectations, and goals. It is just as important that these individuals are the ones to communicate across the organization, to demonstrate their commitment and leadership, to define an appropriate incentive/disincentive system, and to provide ongoing organizational feedback.

Maintaining Ongoing Compliance

The compliance assurance program must be a living, breathing program. As risks change, the program must be refreshed, refined, and redeployed. A management system framework can help ensure operational sustainability. A management system drives the auditing process and helps companies say what they will do, do what they say and, importantly, verify it.

Together, there is a real value at the intersection of a compliance assurance program and management systems. Management systems define the internal controls that are in place to reduce risks, prevent losses, and sustain and improve performance over time through the Plan-Do-Check-Act (PDCA) cycle of continual improvement.

Testing and Monitoring

Testing, monitoring, and measuring are crucial elements of this cycle. Without them, it is difficult to understand what is working and what needs improvement. Robust testing and monitoring programs can serve as early warning systems for identifying potential compliance risks before they become enforcement issues.

Compliance should be tested and monitored throughout each level of the organization. A strong testing program will evaluate the results of the compliance risk assessment and assign compliance risks to the business units and processes where they are most likely to occur, creating clear lines of responsibility and accountability. Key risks and the related controls should be tested periodically using statistically valid sampling methodologies, and monitoring activities should be performed on an ongoing basis. Doing so produces trend data that provides the rationale needed for making changes to underlying business processes, as well as emerging risks.

Ongoing compliance excellence relies on top management, operations managers, EHS personnel, and individual employees throughout the organization working together to build and sustain an organizational culture that places compliance on par with business performanceSenior management must focus on the overall culture of the company in terms of taking the necessary steps to reduce risk and make prevention part of daily operations. While it may be impossible to eliminate all risk exposure, a solid risk framework, assessment methodology, and compliance assurance program can help to prioritize risks for active management, sustained compliance, and positive business impacts.

04 Sep
Technology & the 8 Functions of Compliance

Virtually every regulatory program—environmental, health & safety, security, food safety—has compliance requirements that call for companies to fulfill a number of common compliance activities. While they do not necessarily need to be addressed all at once or from the start, considering the eight functions of compliance (as outlined below) when designing a compliance Information Management System (IMS) helps define the starting point and build a vision for the “end point” when planning IMS improvements. These compliance functions translate into modules—facility profiles, employee counts, training tracking, corrective action tracking, auditing tasks, compliance calendars, documents and records management, permit tracking, etc.—that are instrumental in establishing or improving a company’s capability to comply. 

8 Functions of Compliance

  1. Inventory means taking stock of what exists. The outcome of a compliance inventory is an operational and EHS profile of the company’s operations and sites. In essence, the inventory is the top filter that determines the applicability of regulatory requirements and guides compliance plans, programs, and activities. For compliance purposes, the inventory is quite extensive, including (but not limited to) the following:
    • Activities and operations (i.e., what is done – raw material handling, storage, production processes, fueling, transportation, maintenance, facilities and equipment, etc.)
    • Functional/operational roles and responsibilities (i.e., who does what, where, when)
    • Emissions
    • Wastes
    • Hazardous materials
    • Discharges (operational and stormwater-related)
    • Safety practices
    • Food safety practices
  2. Authorizations, permits & certifications provide a “license to construct, install, or operate.” Most companies are subject to authorizations/permits at the federal, state, and local levels. Common examples include air permits, operating permits, Title V permits, safe work permits, tank certifications, discharge permits, construction authorization. In addition, there may be required fire and building codes and operator certifications. Once the required authorizations, permits, and/or certifications are in place, some regulatory requirements lead companies to the preparation and updating of plans as associated steps.
  3. Plans are required by a number of regulations. These plans typically outline compliance tasks, responsibilities, reporting requirements, schedule, and best management practices to comply with the related permits. Common compliance-related plans may include SPCC, SWPPP, SWMP, contingency, food safety management, and security plans.
  4. Training supports the permits and plans that are in place. It is crucial to train employees to follow the requirements so they can effectively execute their responsibilities and protect themselves, company assets and communities. Training should cover operations, safety, security, environment, and food safety aimed at compliance with regulatory requirements and company standards and procedures.
  5. Practices in place involve doing what is
    required to follow the terms of the permits, related plans and regulations.
    These are the day-to-day actions (regulatory, best management practices,
    planned procedures, SOPs, and work instructions) that are essential for
    following the required processes.
  6. Monitoring & inspections provide
    compliance checks to ensure locations and operations are functioning within the
    required limits/parameters and the company is achieving operational
    effectiveness and performance expectations. This step may include some physical
    monitoring, sampling, and testing (e.g., emissions, wastewater). There are also
    certain regulatory compliance requirements for the frequency and types of
    inspections that must be conducted (e.g., forklift, tanks, secondary
    containment, outfalls). Beyond regulatory requirements, many companies have
    internal monitoring/inspection requirements for things like housekeeping,
    sanitation, and process efficiency.
  7. Records provide documentation of what has
    been done related to compliance—current inventories, plans, training,
    inspections, and monitoring required for a given compliance program. Each
    program typically has recordkeeping, records maintenance, and retention
    requirements specified by type. Having a good records management system is
    essential for maintaining the vast number of documents required by regulations,
    particularly since some, like OSHA, have retention cycles for as long as 30
  8. Reports are a product of the above
    compliance functions. Reports from ongoing implementation of compliance
    activities often are required to be filed with regulatory agencies on a regular
    basis (e.g., monthly, quarterly, semi-annually, annually), depending on the
    regulation. Reports also may be required when there is an incident, emergency, recall,
    or spill.

Reliable Compliance Performance

Documenting procedures on how to execute these eight
functions, along with management oversight and continual review and
improvement, are what eventually get integrated into an overarching management
system (e.g., environmental, health & safety, food safety, security,
quality). The compliance IMS helps create process standardization and,
subsequently, consistent and reliable compliance performance.

In addition, completing and organizing/documenting these
eight functions of compliance provides the following benefits:

  • Helps improve the company’s capability to comply
    on an ongoing basis
  • Establishes compliance practices for when an
    incident occurs
  • Creates a strong foundation for internal and 3rd-party
    compliance audits and for answering outside auditors’ questions (agencies,
    customers, certifying bodies)
  • Helps companies know where to look for
    continuous improvement
  • Reduces surprises and unnecessary spending on
    reactive compliance-related activities
  • Informs management’s need to know
  • Enhances confidence of others (e.g. regulators,
    shareholders/investors, insurers, customers), providing evidence  of commitment, capability, reliability and
    consistency in the company’s compliance program

01 Sep
Why Pursue an EHS Management System?

The discipline required to design and implement a compliant environmental, health & safety (EHS) management system can help organizations improve in many areas over and above the tasks, as defined.

  1. Identify and categorize the organization’s EHS risks. Once this information is known, management will be able to prioritize and then pick and choose how to reduce risks and liabilities to acceptable levels. These risks will be better controlled through strict management accounting. Employees will become more attuned to thinking outside the box to help management improve the overall operation.
  2. Develop work instructions and/or procedure to guide an employee’s actions and ensure that each EHS task is completed in a disciplined manner approved by management. This will reduce the risk to an organization of an employee accidentally making an environmental, health and/or safety mistake that causes the employee or others to be injured or worse; creates public awareness of the problem; or causes governmental inspections, fines, and loss of business.
  3. Provide management assurance that the company does, in fact, know and understand the legal and EHS requirements that the business must meet on a daily basis. These legal requirements will drive improvement in having up-to-date procedures and work instructions for employees to follow every day.
  4. Develop meaningful EHS goals and objectives. These objectives drive improvement in environmental and personal health & safety performance. They may also reduce internal costs by reducing trips to the hospital, payments for workers compensation, and employees on disability. Each business will have different goals that should change each year to ensure continuous improvement over time.
  5. Develop a strong training program. Well-written procedures and work instructions help define the actions required of employees to meet EPA and OSHA requirements and company directives. A well-trained workforce is a motivated and happy work force. Turnover is reduced, accidents and incidents are reduced, and production efficiencies increase. Employees are very aware when an organization takes time to assure each job requested is completed in the safest and most environmentally sound manner possible.
  6. Develop appropriate monitoring and measurement of key characteristics and requirements. These key performance indicators are based on regulations and laws intended to guide the organization’s actions in a direction of continuous improvement and compliance.
  7. Allow employees to audit and verify that the EHS management systems are functioning as designed and implemented. By continuously auditing each OSHA program and environmental function, the organization will discover issues of concern and non-conformances prior to an employee being injured or worse, having an environmental spill or incident, or incurring a governmental agency finding. This allows the company to choose a timeframe that will best help improve the situation without undue influence by outsiders.
  8. Design a fully functioning corrective/preventive action program to monitor issues of concern and/or non-conformance and the actions used to rectify each situation identified. As employees watch management fix problems, they will learn that management is concerned about continuous improvement and the employees will go back to making improvement suggestions. These suggestions will further drive improvement in areas outside the original EHS management systems.
  9. Look at the business model and the EHS management systems in a holistic fashion. By using this self-reflection and identifying improvement opportunities, management can direct responsibilities for improvement actions across many departments within the company. Each of these improvement opportunities will again help the bottom line and reduce the possibility of an EHS liability now or in the future.
  10. Know that you have done everything possible to maintain the business in a manner to meet all OSHA and EPA rules and regulations, as well as association requirements. The organization will have done everything possible to assure that the environment and the health & safety of employees are protected every day the doors are open for business. To a business owner, that knowledge is priceless.
28 Aug
OSHA, EPA & DOT Training in Iowa this Summer

OSHA, EPA, and DOT each have requirements for personnel that are working with chemicals, hazardous waste, or onsite emergency management activities.  Join Kestrel Management in Ankeny, Iowa this summer for the following training sessions – designed to help you meet your regulatory training requirements.

8-hr OSHA HAZWOPER Technician Refresher

Learn to recognize basic hazard classes, how to read labels and use SDS to understand risk, how to use engineering controls or PPE to prevent exposure, basic information addressing field analytical equipment, and how to correctly respond to spills and implement emergency response site plans.Cost: $165/participant

8-hr EPA RCRA Advanced Training

This course will address a variety of complex EPA hazardous waste topics, including completion of Hazardous Waste Determinations, hazardous waste documentation, generator status, evaluation of waste reduction strategies, RCRA hazardous waste coding, and preparation strategies for EPA inspections. Cost: $495/participant

8-hr DOT Hazardous Materials Training

This course is applicable for all companies that ship or prepare shipments of hazardous materials/waste for transport. It covers all topics required for DOT general awareness and security training and will meet the requirements for triennial training certification. Cost: $195/participant

24-hr OSHA HAZWOPER Training

This course is offered at the Technician level and covers broad issues pertaining to hazard recognition at work sites. Participants will learn strategies and protective measures to reduce or eliminate hazards in the work place. Cost: $495/participant

Training Details

  • All training sessions will be held at Fairfield Inn & Suites, 215 NE Delaware Avenue, Ankeny, Iowa.
  • Training is scheduled to begin at 8:00 am and end at 4:30 pm (or until material is complete).
  • Snack and lunch will be provided.
  • Participants will receive a training manual, pre-/post-competency test, exercises, and a certificate of completion, provided they receive an 80% or above on the test.
  • Registration closes 72 hours prior to the scheduled training. Kestrel has the authority to cancel training with 72-hours notice if class size is not large enough.


23 Aug
Management Systems – Back to Basics

A management system is the organizing framework that enables companies to achieve and sustain their operational and business objectives through a process of continuous improvement. A management system is designed to identify and manage risks—safety, environmental, quality, business continuity, food safety (and many others)—through an organized set of policies, procedures, practices, and resources that guide the enterprise and its activities to maximize business value.

The management system addresses:

  • What is done and why
  • How it is done and by whom
  • How well it is being done
  • How it is maintained and reviewed
  • How it can be improved

Creating an Effective and Valuable Management System

Each company’s management system reflects its unique culture, vision, and values. To be effective and valuable, the management system must be tailored and focused on how it can enhance the business performance of the organization. It must also be:

  • Useful to people in the operations
  • Intuitive—organized the way operations people think
  • Flexible—making use of methods and tools as they are developed and documented
  • Valuable from the outset—addressing the most critical risks and processes
  • Linked to the business of the business (not “pasted on”), with ownership at the operational level
  • A means to better align operational quality, safety, and environment with the business

Attributes of an effective management system are senior management expectations and guidance coupled with employee engagement. Importantly, a management system involves a continual cycle of planning, implementing, reviewing, and improving the way in which safety, quality, and environmental obligations and objectives are met. In its simplest form, this involves implementing the Plan, Do, Check, Act/Adjust (P-D-C-A) cycle for continuous improvement.


Auditing for Ongoing Compliance

The connection between management systems and compliance is vital in avoiding recurring compliance issues and in reducing variation in compliance performance. In fact, reliable and effective regulatory compliance is commonly an outcome of consistent and reliable implementation of a management system.

Conducting periodic audits is a practical way to test a management system’s implementation maturity and effectiveness. One of the many advantages of audits is that they help identify gaps so that corrective/preventive actions can be put into place and then sustained and improved through the management system.

Audits also help companies with continuous improvement initiatives; properly developed audit programs help measure results over time. To achieve best value, audits should emphasize finding patterns that can yield opportunities for learning and continual improvement, rather than “gotchas” for exceptions that are discovered.

Management System Standards

Several options are available for structuring management systems, whether they are certified by third-party registrars and auditors, self-certified, or used as internal guidance and for potential certification readiness.

The International Organization for Standardization (ISO) standards are some of the most commonly applied. The ISO standards for quality (ISO 9001), environment (ISO 14001), health & safety (OHSAS 18001), business continuity (ISO 22301), and food safety (FSSC 22000) have consistent elements, allowing organizations to more easily align their various management systems. Aligned management systems help companies to achieve improved and more reliable quality, environmental, and health & safety performance, while adding measurable business value.


Companies can become certified to each of the standards discussed above. Certification has a number of benefits, including the following:

  • Meet customer or supply chain requirements
  • Use outside drivers to maintain management system process discipline (e.g., periodic risk assessment, document management, compliance evaluation, internal audits, management review)
  • Take advantage of third-party assessment and recommendations
  • Improve standing with regulatory agencies (e.g., USEPA, OSHA, FDA, and state programs)
  • Demonstrate the application of industry best practice in the event of incidents/accidents requiring defense of practices

However, if there is no market or other business driver, certification can lead to unnecessary additional cost and effort regarding management system development. Certification in itself does not mean improved performance—management system structure, operation, and management commitment determine that.

Business Value

There are a number of reasons to implement a management system. A properly designed and implemented management system brings value to organizations in a number of ways:

  • Risk management
    • Identify risks
    • Set priorities for improvement, measurement, and reporting
    • Provide great opportunity to identify, share, and learn best practices, while recognizing operational differences
  • Protection of people
    • Send people home the way they arrived at work
    • Protect the public and the environment
  • Compliance assurance
    • Improve and sustain regulatory compliance
  • Business value
    • Continually improve quality, environmental, and safety performance across the organization (employee, public, equipment, infrastructure)
    • Reduce incident costs and accrued liabilities
    • Protect assets
  • Reliability
    • Assure processes, methods, and practices are in place, documented, and consistently applied
    • Reduce variability in processes and performance
  • Employee engagement
    • Help employees to find and use current versions of all procedures and documents
    • Provide a ready reference for field management to structure location-specific procedures
    • Enable the effective transfer of standards, methods, and know-how in employee training, new job assignments, and promotions
22 Aug
Safety Culture
Why Safety Culture Matters

A recent episode of The Daily, a podcast from The New York Times, discussed the safety culture of the Boeing manufacturing plant in Charleston, South Carolina—the plant that builds the 737 MAX 8, the aircraft involved in two fatal crashes worldwide in the last six months.

Concerns About Culture

The Boeing 737 MAX 8 was grounded by the FAA on March 11,
2019 amid concerns that recently introduced flight control software contributed
to both crashes. The subsequent scrutiny on the company brought attention to
the safety culture of the Charleston plant.

Interviews in the podcast suggest common characteristics of
a negative safety culture were present at Boeing. For example, there was
reportedly significant pressure to meet production deadlines, including financial
incentives for meeting hourly production goals. Some managers allegedly took
defective parts and installed them on aircraft to meet these deadlines. One
such incident described on the podcast episode included an attempt to rub off
the red paint that is applied to defective parts to prevent installation.
Related to defective parts, managers were reportedly pressured to reduce the
number of parts damaged by employees during manufacturing. A former quality
manager interviewed in the episode alleges that this pressure led to damaged
parts being installed rather than reported to management or quality control.

Safety culture is often defined informally as “the way we do
things around here” when it comes to safety practices. Essentially, safety
culture is the product of the shared values, beliefs, norms, and organizational
practices in a company about working safely. An organization’s safety culture
is ultimately reflected in the way safety is managed in the workplace. The
culture breaks down when the disregard for safety becomes “management

Characteristics of a Strong Safety Culture

A strong safety culture has several characteristics in
common. Kestrel’s research into the topic of safety culture has identified two
traits that are particularly important to an effective safety culture:
leadership and employee engagement. Best-in-class safety cultures have robust
systems in place to ensure that each of these traits, among others, is mature,
well-functioning, and fully ingrained into the standard practices of the

Organizations with strong safety cultures typically exhibit
many of the following attributes:

  • Communication. Communication
    is most effective when it comprises a combination of top-down and bottom-up
    interaction. Senior management sets the strategic goals and vision for the
    company’s safety program. It is vital that all levels of management (senior,
    middle, supervisory) communicate the strategy clearly to the workers who carry
    out the company’s mission. It is equally important that workers provide
    feedback on a practical level about what’s working and what’s not.
  • Commitment. When
    it comes to safety, actions truly speak louder than words. A lack of
    commitment, as demonstrated by action (or lack thereof), comes across loud and
    clear to staff. For example, requiring staff to work excessive hours or use
    defective parts to meet productivity goals sends a clear message that
    productivity is more important than safety.
  • Caring. Caring
    is about doing whatever is necessary to ensure employees return home safely
    every night. It involves showing concern for the personal safety of
    individuals, not just making a commitment to the overall idea of safety.
  • Cooperation. Safety
    works best if management and workers are on the same team. Cooperation means
    working together to develop a strong safety program (e.g., management involving
    line workers in creating safety policies and procedures). It means management
    seeks feedback from workers about safety issues—and uses that feedback to make
    improvements. And it means there is no blame when incidents occur.
  • Coaching.
    Coaching each other—peer to peer, supervisor to employee, even employee to
    management—is an important way to keep everyone on track. Coaching involves
    non-judgmentally providing feedback for improvements and, correspondingly,
    accepting and incorporating that feedback as constructive criticism.
  • Procedures. There
    should be documented, clear procedures for every task. This not only prevents
    disagreement about what is required, it also shows commitment when things are
    put in writing. Procedures should be designed jointly by management and workers
    for practicality and to encourage improved cooperation, communication, and
  • Training. Training
    is a more formal, documented process for ensuring that employees follow safety
    processes and procedures. Formal training should happen frequently enough for
    employees to feel prepared to safely do their jobs.
  • Tools. All
    equipment and tools should be in good repair, free of debris, and functioning
    as designed. Inadequate tools directly impact safety/protection and indirectly
    impact perception of management commitment. Boeing’s alleged practices send a clear
    message that safety is not as important as productivity.
  • Personnel. There
    must be enough workers to do each task safely. The company should not sacrifice
    individual safety because of being understaffed (i.e., requiring
    shortcuts/overtime to meet production goals).
  • Trust. Trust
    in the safety program, in senior management, and in each other is built when
    each of these characteristics is present and treated as a company-wide

Benefits of a Best-in-Class Safety Culture

Strong safety performance is a cornerstone of any business.
When these characteristics come together to create a best-in-class safety
culture, everyone wins:

  • Fewer accidents, losses, and disruptions
  • Improved employee morale
  • Increased productivity
  • Lower workers compensation and insurance claims
  • Improved compliance with OSHA regulations
  • Improved reputation to attract new customers and
    employees and retain existing ones
  • Better brand and shareholder value