Don't Fear the Audit Blog

Don’t Fear the Audits

February 15, 2024

By: Alice Harman

What is your first reaction when you hear: “Your facility is going to be audited”? I used to work for a midstream and terminals company, and many of my colleagues expressed dread when they learned that one of our facilities was facing an internal audit.  

At Montrose, we have a more positive and proactive perspective on audits. When robust third-party audits are combined with an effective management system, they create opportunities for the EHS department to generate value for the organization. Bear in mind, though, that the audit alone does not create value — it’s what you do with the findings and how you track the resulting improvements that make the difference. I believe audits should empower you to continuously improve compliance and effectively manage risk for a stronger company. 

Why shouldn’t I fear an audit? 

  • I am a glass–half–full kind of person, so I appreciate a fresh set of eyes looking at my compliance documentation. After seeing the same site every day, I may begin to unintentionally overlook things — it is human nature to become comfortable and even a bit complacent. Audits provide a new perspective for assessing on-site compliance activities.   
  • Working with an auditor can help me prepare for inspections and provide an opportunity to identify and resolve any gaps before the agency finds them. This enables me to improve performance and maintain the trust of both the agency and the general public.  
  • An audit is a chance to minimize risk by identifying preventable issues.  
  • Audits enable me to leverage lessons learned from other sites and share best management practices across the industry.  
  • It is an opportunity to cross-train site-level teams on what to look for during audits. They can then use their experience at other sites. 

Audits are an investment, but they can save long–term costs; there is significant ROI when it comes to preventing fines, penalties, injuries, and workers comp claims, and through advanced scheduling, operations can plan ahead and avoid losing time for daily tasks to the audit process. 

What constitutes a robust third-party auditing program? 

We use the 7-element program outlined below when we conduct audits for our clients to ensure they get the most benefit possible from the experience:  

Internally Driven Process

Management buy-in is critical to any project. If you need to get funding, we suggest tapping into the cost-benefit mindset.


Once your project is approved, we will work with EHS and Operations to create a schedule.

Preparation in Advance

The Audit Team Leader coordinates with the site to develop the agenda, scope and responsibilities for the SMEs. We will need permits, plans, and policies ahead of time. This is where time spent setting up your management system will come in handy!

Site Visit

Once all the prep work and scheduling are completed, we have the big day on site. While inspecting your site, the Audit Team will want to verify compliance on the ground. They will look at signage, labels, the condition of equipment and whether permit language lines up with actual operations.


You will typically receive the Lead Auditor’s draft report with input from the SMEs within two weeks. There will then be an opportunity to make comments and adjustments. Sometimes corrections are also made during the draft period and resolved before the final report.

Tracked Findings

The final report includes photos, the basis of findings (regulatory, permit or policy), details of each finding, a corrective action plan for each finding, a person assigned to ensure the finding is corrected, and a timeline to resolve the findings.

Attorney-Client Privilege

After the audit, the attorney reviews the compliance findings, and a determination can be made of whether self-reporting to the agency is needed and, if so, how to protect confidential information.

The power of your management system

A successful audit is not completed with receipt of the final report. After the findings are identified, you need to track them for correction and completion. Using an information management system with an action plan or compliance calendar features is the best way to ensure that any assigned corrective actions are completed. 

Information is only useful when it’s available to the people who need it. Every software tool has different features and best practices for sharing information.  Whichever system you use,  be sure to leverage it to share audit findings across your facility and even with other sites within your organization. Some tools offer weekly email reminders, others have push notifications or safety bulletins that go out to pre-configured lists or certain roles. If you are unsure how you can spread information and learnings from your audit, ask your system admin, or contact us for help with system sustainment planning.

Conclusion: A small investment can reduce operational risk

The mission of EHS is to ensure your workers go home safe each night, the public is protected from environmental incidents and your organization is not exposed to risk. Some say audits burn time that could be used on daily operations. However, audits are a small investment in time and money that can save costs in the long run.

Contact Us Today

By clicking “Accept” or continuing to use this site, you agree to the use of cookies, as described in our Privacy Notice and Cookie Notice, where and as permitted by law.