Achieving Top Environmental Health & Safety Program

Achieving a Top-Performing Environmental Health and Safety Program
Achieving Top Environmental Health & Safety Program

Elevating EHS capabilities begins with a comprehensive risk diagnostic


Environmental health and safety (EHS) initiatives centered on achieving zero accidents reveal almost nothing about the quality of an organization’s management and implementation of EHS standards. Although zero-accident initiatives are useful components of most EHS programs, tracking historical measures, such as past accidents, is rarely as useful at preventing environmental and safety mishaps as monitoring leading indicators. Leading indicators should be actionable by helping organizations mitigate risks associated with the current regulatory environment. Leading indicators also should proactively gauge the effectiveness of the process while highlighting areas for improvement. This forward-looking stance is crucial because failing to prevent safety mishaps or noncompliance with environmental regulations can result in steep fines, mandated remediation efforts and painful hits to shareholder value.

Leading indicators and metrics figure prominently among other attributes of high-performing EHS programs. To develop such a program, business leaders should start by gaining a clear understanding of their current EHS capabilities and the maturity of their EHS program — which can be difficult.

As business leaders with EHS responsibilities seek to improve their capabilities in the most cost-efficient and effective ways possible, they should keep the following in mind:

Getting a precise read on the current state of a company’s EHS program requires a systematic and objective assessment. Third-party EHS experts are well positioned to diagnose, test and validate existing EHS processes.

At companies with leading EHS practices, EHS is not the responsibility of a single manager, team or department. Instead, EHS responsibility is shared throughout the organization and supported by a broad range of enablers, including training, performance measures, process integration, budget consideration and the right tone at the top.

It is far more cost-effective (and risk-savvy) to be proactive and invest the time, energy and resources necessary to develop leading EHS practices than it is to pay fines and perform mandated corrective actions in the wake of a significant EHS incident.

Achieving EHS compliance is not a one-time push. OSHA requirements and environmental regulations change constantly and require vigilant monitoring as well as continual adjustments to internal approaches and processes to stay current.

The Ever-Evolving Case for Improvement

EHS requirements continually change but rarely decline in number — even with shifts in regulatory philosophies. While the executive and legislative branches of government influence the leadership ranks of federal agencies, and to a lesser extent, set the tone for some enforcement approaches, the vast majority of essential EHS standards with which companies must comply remain relatively stringent and unlikely to be significantly altered. Insurance companies also use these standards to set rates for worker’s compensation and general liability policies, which is why leading EHS programs often deploy internal standards that are more stringent versions of baseline regulatory requirements as a way to avoid incidents that cause premiums to spike.

Regulatory bodies also continually refine existing standards, publish new rules, and shift the focus of their enforcement activities. Between 2015 and 2017, for example, the Environmental Protection Agency (EPA) published 5,043 items in the federal register. Since 2010, the EPA has published more than 14,000 notices, rules and proposed rules in the federal register — a number significantly higher than other major government agencies. These rules apply to environmental protections, reporting and recordkeeping requirements, air pollution control, administrative practices and procedures, chemicals, confidential business information and more. Other agencies also have made thousands of changes over the same period of time.

* Items published from Jan 1, 2010 through April 27, 2018. Federal Register 

“Based on our experience with a number of experts in the occupational health and safety field, two themes emerge in successfully enhancing the EHS perspectives of an organization: The need for leadership-driven EHS effort and the need to assess EHS programs on leading indicators.”

— Jon Critelli, Managing Director, Protiviti

Organizations should remain poised to respond to further additions, subtractions and alterations to the regulatory code. A quick glance at the total inspections conducted by the U.S. Occupational Health and Safety Administration (OSHA) shows that unprogrammed inspections have increased in recent years even as programmed inspections have declined:

Additionally, the penalties for OSHA violations remain significant, ranging from $12,934 per violation to $129,336 for willful or repeated incidents.1 OSHA levied a total of more than $30 million in fines in 2016 for the 152 significant violations that topped the $100,000-penalty threshold.

These penalties represent only a portion of the problems companies incur due to ineffective EHS processes and capabilities. Other potential problems include hits to shareholder value, brand and reputational damage, lawsuits, and scrambling to make expensive mandated remediations while dealing with the fallout.

Establishing an effective and continuously improving EHS capability is a great way to avoid these issues. Mature EHS programs help companies keep tabs on new and developing regulations, integrate an EHS mindset into the company culture and help support and manage corporate sustainability initiatives.

Warning Signs

A recent EHS Today article described the many compliance challenges posed by OSHA’s new record-keeping regulation, which requires employers to publish work-related injury and illness records on a new OSHA website. Writer Hannah Stewart notes that OSHA believes this transparency requirement will “nudge” companies to mitigate brand risks associated with injuries and the unsafe workplace perceptions among investors, customers and employees. Stewart pointed to BP’s 52 percent swoon in market value and 40 percent decline in U.S. gas station revenue following the 2010 Deepwater Horizon disaster.2 All of these points neatly summarize the risks associated with operating under-resourced, underfunded and/or subpar EHS programs.

The costs of major EHS violations can include remediation (in the case of an environmental incident); changes to equipment and facilities (e.g., construction, retrofitting a facility) that must be performed quickly following an incident; regulatory fines; lawsuit-related costs; increases to insurance premiums, which are based on experience modification rates (EMRs); and potential declines in revenue and shareholder value. If, for example, a water bottling company’s mishap introduces unsafe materials to the manufacturing process, consumers may shun that product long after the problem has been remedied.

These worst-case scenarios are more likely to occur in companies with ineffective EHS programs, which are recognizable by the following:

  • Underfunded programs and insufficient staff size
  • Treating EHS as an afterthought to other priorities
  • EHS complacency resulting from following well-known standards while neglecting to monitor and plan for new and emerging standards
  • A lack of benchmarking against leading industry practices
  • Focus on lagging indicators of EHS performance (injuries, environmental incidents, etc.) as opposed to leading indicators, such as gauging the effectiveness of EHS programs, encouraging a culture of safety, enhancing the visibility of EHS performance to the entire organization, tracking the number of management visits to that area, monitoring training completion percentages and more.

Leading Practices

One of the most vivid differences between companies with lagging and leading EHS capabilities relates to how organizations treat specific EHS rules and standards. The former camp treats these requirements as finite by seeking to adhere only to the minimum standard and seeing the compliance effort as a one-time exercise to reach an end goal. Companies with mature EHS capabilities regularly treat minimum requirements as baselines and then establish stricter in-house standards. They also view their EHS capabilities dynamically and have the mechanisms in place to adjust them as required.

A well-established EHS program not only helps prevent incidents and fines, but also promotes compliance and even pride throughout the organization. Leading EHS programs typically possess and/or enable the following characteristics:

  • The right tone at the top — As is the case with any regulatory compliance effort, the tone coming from the top makes the difference between a leader and a laggard. Organizational leadership should set the right tone and inspire the right attitudes and behaviors regarding how EHS requirements are viewed and managed throughout the company. This tone is evident in tangible EHS processes and mechanisms, such as the use of safety committees, as well as most of the other items that follow on this list.
  • EHS considerations are integrated into routine processes — Rather than addressing EHS standards and rules after the fact, leading companies have compliance requirements and other EHS practices integrated into processes.
  • Comprehensive training — Compliance with all relevant regulations, rules and internal standards is supported with training that extends to safety procedures, equipment use, compliance reporting requirements and more. Additionally, training is managed by tracking the number of employees trained (via training hours), dollars invested per training hour, and savings generated by a well-executed training program.
  • The use of leading indicators — Mature programs identify, monitor and respond to leading indicators that highlight potential trouble spots so that incidents can be prevented. Examples of leading indicators include the percentage of employees that have received adequate training; the number of compliance-related visits to a site, and the number of management visits to a site, among others.
  • Performance tracking — Leading EHS teams develop and implement performance plans with metrics related to key EHS requirements and standards. Key performance indicators (KPIs) typically cover incidents and accidents, near misses, lost time, permitting and the like. These types of KPIs are applied at a program level as well as across multiple departments and sites.
  • Benchmarking — In addition to tracking internal EHS KPIs, leading EHS programs also conduct regular benchmarking activities to assess their performance against industry yardsticks. Benchmarking identifies where the organization is today with respect to health and safety performance and the level of health and safety performance the organization strives to achieve in the future.
  • Integration with functional and business processes — EHS teams collaborate closely with business partners throughout the organization on any and all processes related to EHS matters. For example, EHS teams work closely with their operations counter-parts to ensure that waste management processes address regulations and internal standards related to hazardous waste disposal; EHS teams and their human resources colleagues integrate EHS-related training and awareness into onboarding processes; and EHS teams work with procurement to ensure, for example, that regulated chemicals used in refining processes are procured and handled in a compliant manner.
  • Budgetary considerations — Another relationship the EHS team needs to manage is with corporate finance and accounting. This ensures that compliance requirements are understood as important, and are considered and supported during annual budgeting and planning processes.

Getting these and other components of a robust EHS capability in place normally begins with a comprehensive diagnostic of the program’s current state — typically one conducted by a third party, which can provide optimal objectivity and a fresh look at old problems.

Advancing Along the Maturity Continuum

“Our EHS team is extremely understaffed.” Business leaders often utter that realization after examining the results of a comprehensive third-party diagnosis of their EHS capability. An effective and objective EHS diagnosis would identify all of the EHS risks facing an organization, the resources and structures needed to address those risks, and the gaps that current EHS capabilities fail to address. A quick glimpse at this information in a single document tends to open the leadership team’s eyes to the sometimes daunting scope of their company’s EHS needs and the relatively small number of resources many companies devote to this area.

A two-pronged approach — consisting of a diagnostic and a remediation plan — is a highly effective way of improving EHS capabilities. This work begins with a comprehensive EHS risk diagnostic, which includes risk identification and profiling of the current EHS processes. The results of this diagnostic highlight all shortcomings within EHS procedures and training programs. The diagnostic results also include benchmarking information to help clarify both the current state of EHS performance and the EHS performance level the organization wants to achieve.

The second part of the improvement effort consists of the remediation plan. The plan details how EHS performance will be improved so that the company can achieve and sustain compliance with all applicable EHS rules and standards, as required by law. Again, companies with leading EHS programs routinely exceed compliance with those rules and standards, which they treat as minimums.

In many instances, the remediation plan identifies preventive and/or corrective actions along with the development of standard operating procedures related to each EHS risk area. The operating procedures are tested and validated, and training plans tied to these procedures are developed. All of this information is subsequently used to track the progress of all preventive and corrective actions being taken in response to the assessment.

Although EHS evaluation and improvement efforts are almost always modified to address the unique characteristics of a company (e.g., industry, size, compliance requirements, etc.), most efforts address, at a minimum, the following four categories:

By understanding how an EHS diagnostic works and the key EHS components it targets, business leaders are positioned to close troubling EHS-management gaps while elevating their program’s performance. Closing those gaps requires a collection of skills and expertise, ranging from knowledge of current and emerging regulatory requirements, to familiarity of leading indicators of EHS performance, to knowing how to knit EHS considerations into a wide range of business processes throughout the organization, change management savvy, and much more.


Well-planned, systematic improvements to EHS capabilities tend to yield a set of mutually reinforcing benefits.

EHS programs that integrate OSHA training into the new-employee onboarding process, for example, send a clear message to new hires about how seriously the organization treats external EHS requirements and more stringent internal standards. This type of process integration also makes EHS considerations part of the daily workflow of a larger portion of the workforce and helps extend compliance responsibilities beyond the exclusive domain of the EHS group. This widespread sharing of EHS processes, responsibilities and awareness increases the likelihood that individual EHS initiatives, such as zero-tolerance programs, will be embraced by employees, and recognized and rewarded by leadership. An EHS diagnostic is the first step in the improvement work that yields those benefits.

How Protiviti Can Help

Protiviti works with companies across industries to devise and implement effective EHS programs. These programs are actionable, attainable, meaningful, transparent, and easy to implement. Protiviti evaluates organizations’ current EHS capabilities in four categories: processes, structures and systems, organizational initiatives and governance. Following a comprehensive diagnostic of an organization’s current EHS capability, Protiviti benchmarks the current and target state maturity (using a proprietary EHS Maturity Model) across all elements of EHS, and then implements improvements that close current-target state gaps. Our efforts have successfully identified and eliminated, or controlled, risks related to both injuries and incidents, while equipping companies with a framework to sustain high levels of EHS performance.


Ready to work with us?

Jon Critelli
Jon Critelli
Managing Director