Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Get updates on Compliance Week offerings, including new features, databases, research, and other resources, along with announcements of upcoming Webcasts, conferences, seminars, CPE/CLE opportunities and more.

Published every Thursday, Compliance Week Europe offers a condensed summary of risk, audit, and compliance news either originating in Europe, or of special interest to European compliance professionals. This newsletter will follow developments by the European Commission, as well as those of national governments across the region, or any U.S.-based news that might have consequence across the Atlantic. Frequency: weekly; Thursday a.m.

A fresh edition of Compliance Week delivered via e-mail and online every Tuesday morning, relentlessly focused on the disclosure, reporting and compliance requirements of our 25,000+ paying subscribers.

Published every Friday, Compliance Weekend was launched at the behest of subscribers, and offers a quick Plain English review of the week's key developments. We hope you enjoy this supplement to Compliance Week's Tuesday edition.

Under the Radar: Threat of Safety Controls

Judd Elizabeth | April 15, 2008

Lapses in safety controls might not seem like the sort of thing that could cause material financial problems for a company … right up until the airline industry strands hundreds of thousands of people across the country while it catches up on safety inspections. Then you start wondering how much all this is going to cost.

Nobody yet knows exactly how much last week’s transportation fiasco will nick the airlines. In addition to the cost of feeding, lodging, and rebooking passengers, the airlines were stuck paying overtime costs to have employees inspect aircraft for faulty wiring. Ensuing bad publicity certainly won’t help lure future customers. Inevitably, somebody somewhere is bound to file a lawsuit.

Then there’s the small matter of the Federal Aviation Administration. On March 7 it proposed a $10.2 million fine against Southwest Airlines for lax safety controls, which touched off last week’s inspection frenzy among American Airlines, Delta, Midwest, and others. Congress is calling for more aggressive oversight from the FAA; fines or not, that will carry a cost for companies too.

Even for companies outside the airline industry, the inspection debacle underscores how lapses in safety controls can carry enormous financial consequences. Ever more often, “EHS” risks—environmental, health, and safety—command the same level of attention as risks of fraud or other financial woes.


“Corporate culture is taught at business schools, but safety culture is not,” says Ron Dearing, CEO of Risksafe Strategies and president of the Safety Center, a chapter of the National Safety Council. “Most CFOs and CEOs don’t understand the safety component and so a lot of them don’t have the proper systems in place to measure return on investment here.”

In fairness, U.S. airlines are among the safest businesses in the world; according to the National Transportation Safety Board, airlines had only .0003 fatalities per million passenger miles in 2006. And that impressive record goes for other industries, too: In 2006, the Occupational Safety & Health Administration reported 3.9 deaths per 100,000 employees for the industries under its jurisdiction, a slight decrease from 4.0 in 2005.

And yet most experts agree that when it comes to safety controls and compliance, there’s still room for improvement. One problem? Safety issues assume so many guises—everything from guarding against slip-and-fall accidents to averting catastrophic fires or air crashes—that it’s tough to be vigilant on all fronts.


In March 2005, when British Petroleum’s Texas City refinery exploded, killing 15 and injuring 180 others, the company had failed to see the big picture, says George Pilko, chairman of Pilko & Associates, an EHS adviser for the chemical and energy industries. “BP had fallen into the trap of trying to minimize cuts and scrapes and bruises at their refineries, and they hadn’t been paying attention to process safety risks, or the risks that something catastrophic could happen,” he says.

The Finances of Safety


When a company pays a hefty safety fine or replaces faulty equipment following an accident, the costs are far greater than they might initially appear. Brian Finder, a professor of risk control at the University of Wisconsin-Stout, stresses that fines should be viewed within a broader financial context. If Southwest had a return on investment of 5 to 10 percent, the airline would have to sell more than $100 million worth of additional tickets to cancel out its $10.2 million regulatory hit.

Factoring in other financial losses stemming from negative publicity, future litigation, disenchanted customers, and employee defections, and the indirect costs of a safety violation can be up to 20 times more than the direct costs, according to the National Safety Council. “Who wants to work on an Airbus when there’s a potential that I'm standing in a cabin that hasn’t been inspected to the FAA standards?” says Dearing.

When companies aren’t fined, but instead suffer fatalities, the financial blow is much larger. Pilko notes that the Texas refinery fire cost BP billions in out-of-pocket expenses: $1 billion to repair and modernize the refinery, $1.6 billion for legal settlements, plus an untold amount in lost revenue and other costs. Since the explosion, BP lost roughly $50 billion in market cap compared against a peer like Royal Dutch Shell.


Some companies have gone out of their way to publish progress reports on their EHS programs. Schering-Plough, for example, the $12.7 billion science-based health care company, publishes an annual “Report on Safety, Health, and Environment,” which updates investors on the company’s structure, approach, programs, activities, and performance. The excerpt below is from the company's 2006 report.

Auditing is a critical element of Schering-Plough’s
commitment to conduct business in a responsible
manner. Since 1991, management has maintained a
separate audit unit that is independent of both the
operating units and the Global Safety and Environmental
Affairs department. The mission of Global Environmental,
Health, Safety, and Transportation (EHST) Audits is to:
(1) advise management of the status of compliance with
company and government environmental, health, safety,
and hazardous material transportation requirements and
the associated management systems at all company
operations worldwide, and (2) ensure that all detected
instances of non-compliance are resolved properly and
in a timely manner.

Global EHST Audits is a part of the Global Compliance
and Business Practices group (GCBP). The unit provides
regular reports to the Corporate Environmental and
Safety Council (CESC) and to the Business Practices
Oversight Committee (BPOC) of the Board of Directors as
to the status of EHST compliance and the effectiveness
of associated management systems and controls.

Independence, objectivity, and subject matter expertise
are critically important to any audit program. At
Schering-Plough, we agree. As noted above, our Global
EHST Audit unit is independent of our business units as
well as the Global Safety and Environmental Affairs
function. The audit staff consists of four full-time EHST
auditors who are able to objectively assess business
units. In addition, we look to an independent third
party to verify the competence of our auditors. Our
auditors are required to hold an auditing certification
from the Board of Environmental, Health, and Safety
Auditor Certifications.

Annually, we develop and then implement our audit
plan. Plan development is a part of our broader
Enterprise Risk Management process. This process
ensures that higher-risk activities are identified and
then audited more frequently than lower ER risk
activities. Until recently, the risk evaluation considered
enterprise risk, financial risk, EHST performance, prior
audit results, regulatory setting, and change. At the
request of the Corporate Environmental and Safety
Council, Global EHST Audits now includes SHE
management system certification as a positive risk factor
in developing the annual audit plan. In general, however,
our overall audit frequency for company operations
ranges between one and three years. The duration of each audit ranges between one and ten days. We also
participate in a broader company initiative to assess
vendors in our supply chain.

Our audit teams are led by managers from Global
EHST Audits. For most audits, each team includes an
independent consultant and a guest auditor from another
business unit within Schering-Plough.

Formal audit reports are distributed to business units
and senior management. In response, the facility must
develop and implement plans to both correct findings
and prevent their recurrence. Global EHST Audits tracks
implementation of the plans until the findings are closed.

Global EHST Audits regularly reports on the status of
our audits to the CESC and BPOC. To assist in our effort
for continuous improvement, an independent consultant
reviews the audit program at least every three years.

In 2005, Global EHST Audits conducted 21 audits of
company operations and 16 assessments of vendors
in our supply chain. Our 2006 audit plan includes 34
company operations and 19 vendors ...

We do not publish information regarding specific audits.
In 2005, however, we reported that 98 percent of the
audit findings noted for the period 2002-2004 had been
closed. At that time, one 2002 finding and 16 findings
from 2004 remained open. Now, 97 percent of the audit
findings from the period 2003-2005 have been closed.


Schering-Plough (2006).


John Henshaw, former assistant secretary of labor for OSHA and now president of Henshaw & Associates, a safety and health consulting firm, urges CEOs and COOs to treat safety issues as they would any other financial risk. “The CEO has got to tell people, ‘I’m holding you accountable for safety and other issues,’” he says.

Although boards bear ultimate responsibility for asking CEOs the right questions about safety compliance and risks, they may be untutored in the right questions to ask. Pilko advises companies to recruit at least one outside director with solid knowledge of the operational issues facing an industry. “This director can probe and basically ensure that the company is paying attention to safety and other risk issues,” he says.

Getting ‘Religion’

Oliver Laurence, of the EHS consulting firm Verrico Associates, says a company’s incentives should support the idea that its managers are business stewards. Too often, as organizations grow, middle managers are rewarded on short-term financial goals. Laurence emphasizes that top-notch management systems take EHS risks into account. “If people are too focused on the financial side of things, they can lose sight of the whole picture,” he warns.

Robert Poole, director of transportation studies at the Reason Foundation, a public policy think tank, agrees. In the case of the Southwest fine, he speculates that “a harried middle manager” might have made a bad gamble. “I can imagine there are ongoing pressures to not cancel flights. Someone may have chosen the short-term gains from taking a low-probability risk—but a risk nonetheless—that something bad would happen.”

For its part, Southwest Airlines has suspended three employees while it investigates how lax its safety inspections may or may not have been. The company has also hired an outside consultant to review its maintenance controls and compliance with FAA safety rules and promised to work with FAA officials while the agency continues its own probe of the airline.

Pilko notes that safety is usually better understood, and therefore managed, in inherently dangerous industries like chemicals and energy. But no company is immune from safety risks, he adds. In 1996, for example, one toddler died and several other individuals became ill after drinking unpasteurized apple juice made by Odwalla. “Nobody would think that a fruit drink company would have that inherent risk, but it can,” he says.

Ironically, focusing too intently on an industry’s safety regulations can also lead to trouble. “OSHA regulations are somewhat generic and they can’t apply to every situation out there,” warns Finder of the University of Wisconsin. “You can follow OSHA regulations to a ‘T,’ and you can still have problems.”

Sarbanes-Oxley has helped raise the profile of safety, because companies consider a wider variety of compliance issues when they review their internal controls, Laurence adds. What’s more, as companies publish their safety records in sustainability reports, they’re better able to see and manage the various safety risks on the horizon.

A raft of EHS software also makes it easier to perform internal audits of safety processes and to communicate the importance of this issue to managers everywhere. That said, Laurence cautions companies that third-party tools can only be part of the solution: “There’s no button you can press and say, ‘I need 15 of these and everything will be all right.’”

What Lies Ahead


In the recent past, the definition of corporate safety has broadened. Companies have always been concerned about safety, Laurence says, but there is a building concern for what he calls “the complete S.” Forward-thinking companies have begun to address safety issues outside the workplace, from the health dangers of smoking to the perils of driving while talking on a cell phone.

Henshaw notes that European companies are examining the root causes of absenteeism. In contrast, he says, American CEOs tend to be relieved when an accident takes place outside work, failing to see that all accidents, regardless of where they occur, are bad news.

“If you break your leg at home or at work, it doesn’t matter. You’re off work and the asset—the employee—is no longer useful to the company,” he says.

“When it comes to safety, companies can’t just be managing government interventions or fines,” Henshaw says. “Safety, health, and environmental issues impact the P&L statement, and they impact a company’s ability to use and optimize its assets, which are human capital.”