Uncovering Dirty Secrets

• By Richard MacLean
• May 01, 2002

Business management does not typically embrace an environmental, heath and safety (EHS) manager "looking for problems." Like a long overdue medical exam, it may be necessary, but turning vague suspicions into concrete issues that now must be faced and financed is very challenging. So, how do you uncover dirty secrets? Carefully. This article features suggestions for good governance and career longevity.

In the March 2002 edition of "Manager's Notebook ("Dirty Secrets," visit www.eponline.com and look under Archives for the full story) we explored the possible fallout from the Enron debacle, not the least of which was the exposure of weaknesses within the entire corporate governance system. Boards and senior officers are already starting to ask questions beyond the narrow confines of how certain liabilities may have been kept off the books -- the core Enron issue -- to how the corporation's governance systems are managed. This is not the same as how the corporation's compliance systems are managed. The distinction is important.

Routine EHS compliance issues rarely bankrupt companies. Legislative and regulatory timeframes span years, often established (with the help of lobbyists) to minimize the impact on the industry during the transition. Compliance systems (i.e., hardware and supporting infrastructure) are a recognized necessity to enter and operate in the marketplace.

While it is very likely that most (all?) companies have ongoing compliance issues at some level, rarely do they trigger the materiality test for significant as defined by the Security and Exchange Commission (SEC), especially for large corporations. EHS compliance support to prevent major surprises has become quite sophisticated: regulatory analysis services, auditing software, state and federal support networks, specialized consultants, and professional associations, such as the Auditing Roundtable¹ and Board of Environmental Health and Safety Auditor Certifications (BEAC).² It would be quite unlikely for a corporation today to say, "Whoops, we forgot to build the $50 million dollar scrubber required back in 1985."

The regulatory ramp-up, starting in the 1970s and extending into the early 1990s, was significant because of the major capital investment required to build the original compliance infrastructure. This ramp-up placed EHS issues on management's radar screen and created large EHS organizations. Today, viewed from the perspective of business executives, compliance issues are generally seen as pesky annoyances that can be managed by a considerably smaller EHS organization.

There are, of course, some companies that cannot get even the most routine of compliance issues in order. For the vast majority of companies, however, a sort of EHS intermission has emerged. Without a doubt, EHS professionals have done a great job of getting compliance issues in order. However, governance is a broader and sometimes overlooked dimension to EHS. It is also where the real issues may be uncovered.

Governance focuses on the assurance that the corporation's policies and systems are being implemented according to the instructions of its directors and officers. Routine compliance auditing is certainly one component of governance; however, management's concern is on core issues, such as the future viability of the corporation. Policies, missions and vision statements are filled with terms, such as leadership, corporate responsibility and reputation, access to new products and markets, due diligence and excellence. If compliance is the baseline for being allowed to operate, how do these forward looking concepts get a reality check? The answer is that sometimes they do not.

Searching around to uncover significant future and past issues is a very delicate matter. It disturbs the natural order of things. If business management views the current EHS scene as calm, they may not feel the need to go looking for problems unless required by some regulation. "Let sleeping EHS issues lie" might be the implied marching orders from management. Therein lies the conflict that exists within some EHS managers.

On the one hand, they recognize that the officers and directors of the corporation have a fiduciary responsibility to address any issue that may impact the corporation. They recognize that emerging EHS issues and even legacy issues can materially impact companies even though they may have absolutely nothing to do with compliance. They also recognize that if things blow up and management has not been warned well in advance, they could receive the brunt of the inevitable criticism.

On the other hand, they recognize that "looking for trouble" is not conducive to career growth. I have found that managers who consciously have these internal debates wind up doing the right thing and seek out possible hidden issues. They are also bright and sophisticated enough to take certain steps to insure that if significant issues are uncovered, the discovery will not create a personal backlash.

Unfortunately, I suspect that there are a number of EHS and business managers who feel that they have everything of significance within their grasp -- "I'm on top of everything!" The magnitude of this disillusionment is often exceeded only by their fragile egos. Fragile is the operative term, since truly secure and competent individuals eagerly seek out information that may challenge current thinking. The parallel to the failures of Enron's executives is not coincidental -- it is an artifact of a character flaw found in some executives.

There are two essential ingredients in a formal governance review: (1) the communication plan and (2) the implementation plan.

Company culture and internal procedures are key considerations in structuring an effective communication plan. That said, some universal guidelines are possible. For example, advance buy-in on the concept of conducting a high-level governance review is always advisable. Should a major issue be exposed by this process, informing management in advance will prevent the killer question, "Why didn't you tell us you were going to do this?"

An existing manager, one who has been in the job for a year or more, is in a particularly sensitive position. Management may view any problem as his or her failure, even if only in terms of their inability to uncover the issue sooner. If significant issues are likely, the communication plan should also include assurances regarding how the information will be managed. An early discussion with the law department is a must, and provisions, such as contractor confidentiality agreements and attorney-client privilege options, should be explored.

The communication plan for a newly appointed EHS manager is relatively easy in comparison, since business management would expect that the "new person in charge" would want to get an in-depth understanding of the issues. Any issues uncovered can more than likely be presented as a positive accomplishment. Nonetheless, the same basic steps should be taken to inform management.

Depending on the extent of the issues uncovered, it may be necessary to prioritize the problems and gradually educate management. A data dump is likely to be counter-productive; it could overwhelm and agitate management. It could take months to raise management awareness of the scope of a complex series of issues. The underlying message is that there are issues; you are aware of them and have action plans to address them, and things are under control.

Implementation plans are also very company-specific, but again, some universal rules prevail. Implementation plans generally include a strategic risk review of all operations. The focus should be on issues that have the potential to create major financial, legal, political and/or public relations liabilities for the shareholders.

Examples may include: emerging EHS issues; emerging social responsibility issues; catastrophic toxic releases; key processes without proper operating permits; sensitive political, community or regulatory issues not being adequately addressed; and major long term liabilities (e.g., remediation, community or employee exposure) not identified or adequately addressed.

Scientifically groundless issues should not be overlooked, since they may have a very high public-outrage component. I am particularly wary of statements such as, "We have always done it this way" and "The regulators are aware of this and have not objected." Another concern would be previous issues that have been quiet, but could turn negative overnight because of sudden political or community pressure.

The review team needs a business focus and an understanding of the issues that draw media, community, litigant and regulatory attention. The team members must recognize the interrelationships among legal, environmental, safety, health, political, societal, emerging toxicology, current trends and community sensitivities. This is not a normal check-the-box compliance or management systems audit commonly done by auditors. It is a strategic issue review.

Indeed, a corporation could be 100 percent in compliance and ISO 14001 certified and still be facing massive governance issues. For example, the really serious (i.e., material) compliance issues can be over interpretations of regulations. The current issue with power plants charged with illegally overhauling control equipment is a classic example. Billions of dollars are at stake.³

Such brewing issues do not show up on compliance or ISO checklists, but can be surfaced by very experienced professionals. Unfortunately, the focus over the past decade has been on confirming that each element of a management system is in place and not on rigorously evaluating the sufficiency of each component. ISO 14001 is a conformance standard, not a performance standard. Again, there are parallels to the accounting world and Enron.

The ideal team is made up of a combination of internal and external professionals who have the depth of knowledge and the courage to probe deeply into the areas that really matter. Internal experts know weaknesses of the existing system and where the issues typically lie. Exclusively using internal resourced can be problematic since issues can sometime hide in plain view to those inside the company.

External experts should be selected based on experience and familiarity with the possible issues. In spite of all the marketing hype, even the largest consulting companies rarely have in-house resources with all the expertise required for a comprehensive strategic review of a major corporation. They just cannot afford to keep such senior talent on the payroll. A hand-picked virtual team may be the best choice. Again, this is one of the key distinctions between a typical management system or compliance audit and a governance review.

For example, a team that I would assemble for a company in the mining sector might consist of Bruce Marsh of Nueva Vista Network, for his experience working within this industry; Frank Friedman of Frank B. Friedman Associates, for his broad knowledge of the interrelationship of the management/legal issues within the resource industry; Kyle Dotson of Dotson Associates, for his safety and industrial hygiene experience in this sector, and Neil Smith of Smith-O'Brien, for his experience in corporate responsibility auditing.

Another industry or even a specific corporation may require a different team mix. The size of the team is dependent on the depth desired, the anticipated issue areas, and of course, budgetary constraints.

The creation of an opportunity for EHS managers to educate officers and directors about EHS governance may be the silver lining in the dark Enron cloud. Raising new issues is always risky but, in today's setting, doing nothing may be even riskier. With the precautions outlined in this article, you can turn these issues into a positive statement of strong leadership and concern for the fiduciary responsibilities of the officers and directors.

Success (i.e., a review in which you can be fully confident) depends on assembling a senior team of experts who can examine the interrelationships among past, current and emerging issues. If you think that your previous management systems and compliance audits have served this function, now may be a good time to re-examine where you really stand.