The Three Levels of Environmental Governance

Companies are scrambling to improve their governance systems. Now may be the time to offer suggestions to executive management for upgrading your current environmental, health and safety (EHS) governance practices. What do corporations typically do for EHS? What constitutes the ultimate system?

Research has found that trust in institutions is on the decline; the most precipitous decrease has been with financial institutions. Investors are increasingly reluctant to invest money in a stock market perceived to be manipulated by self-serving CEOs, accounting firms, and stock analysts that are watched over by passive boards of directors and an ineffective U.S. Securities and Exchange Commission (SEC). The decline has finally reached the serious stage: it is impacting the bottom line. The public's perception of corporations has been shaped by the proverbial "few bad apples," but to pile on the clichés, perception is reality. Corporations are beginning to recognize that to change "this reality," more than just incremental improvements may be needed.

Many business executives, and even some EHS managers, define EHS governance as "good regulatory compliance audit systems." Wrong. This narrow view is especially prevalent in companies that consider EHS functions as service-type activities, akin to the payroll department. Prepare a paycheck or prepare a waste manifest: what's the difference, other than the cost of this service? Both are important, but are they strategic?

As a result, the rationale behind EHS governance programs can be reduced to a simplistic, "Are we following the regulations?" and "Is anyone doing anything something they should not, according to company policies" (e.g., falsifying records). Not surprisingly, both the EHS activities and their associated "governance" functions are sometimes outsourced or placed into shared service organizations that back-charge their "services" to the businesses. As a final insult to this form of governance, the sites complain about paying for these audits that "they do not need."

EHS governance, just like business governance, is all about protecting shareholder value. Governance focuses on assurance that the company's policies and systems are being implemented according to the instructions of the directors and business executives. Auditing for compliance is one dimension; the more significant dimensions are related to strategic direction and the protection and growth of the corporation. Governance answers the question "Are we in compliance with the regulations and our internal policies?" but it also explores, "Are our management systems appropriate, and could we be overlooking any issues or opportunities that may have a material impact on the corporation in the future?"

Companies could be in 100 percent compliance but fail miserably on governance, as measured by these other dimensions. Corporations today get evaluated by not only doing what they have to do, but doing what they should have been doing. Recall the ongoing chant by even the most egregious corporate violators of the public trust, "We did everything according to accounting standards and SEC requirements." Yeah, right!

There is a wide spectrum of activities that corporations can be doing to provide EHS governance. Here is my list broken down into three distinct levels as summarized in Table 1. There is also Level Zero, or as Tony Soprano says, "Forgetaboutit." You would be surprised by the number of multi-million dollar corporations that will not spend the money on even a basic EHS compliance audit and reporting system. After all, it is not required. Forgetaboutit.

Level 1: Passive

Audits are focused on compliance and are normally conducted as self-audits at the manufacturing sites with some corporate oversight. Checklists are used with a rudimentary system to identify and track outstanding compliance issues.

Reporting is done at a site and business unit level. Sometimes there may be a consolidated report to executive management with an annual report to the board of directors or one of its subcommittees. This report may or may not be delivered by the senior EHS manager, and the content is carefully reviewed and controlled by executive management. Most reporting consists of lagging indicators (outcomes such as accident and emission rates) and ongoing issues (e.g., spills, remediation progress).

Policy statements refer to the company?s and its employees' obligation to not violate regulations and adhere to its values. There may or may not be a specific EHS policy and if there is, achieving compliance is dominant over other general statements related to protecting the environment, working safely and social responsibility.

Level 2: Active

Audits are formal and in addition to compliance, evaluate the level of EHS management systems implementation. Information systems track the results and have automatic reminders for closing outstanding findings. Trained, certified auditors (e.g., certified professional environmental auditors) conduct the audits, sometimes supplemented by outside auditors participating with internal staff. These audits are in addition to routine site compliance audits.

Reporting includes both leading and lagging indicators, usually the same as those tracked by others in the company?s industry sector. The system is formalized and monthly reports are provided to business management. Targets are established and tracked. An annual or biennial EHS and social responsibility report is released to internal and external stakeholders. The board of directors, or one of its subcommittees, receives an annual or bi-annual report from the senior EHS manager.

Policy is very detailed and specific with written procedures and codes of conduct that specify what the company will do and how it will behave relative to EHS and social responsibility issues (e.g., cooperation with regulatory officials, child labor, disclosure of information, investigations of possible wrongdoing, and so on)is tied to specific, written codes of business conduct for EHS and social responsibility.

Management Systems are formalized and, as a minimum, follow ISO 14001 standards. Business transactions and new product/raw materials are reviewed for EHS impacts and issues.

Organizational structures and staff responsibilities are well defined. Specific EHS governance responsibilities are overseen by the board of directors or, more typically, the audit committee of the board. The EHS functions are staffed by qualified EHS specialists and are led by experienced managers. The management system audit function is embedded within the financial audit group and staffed by experienced EHS auditors.

Level 3: Aggressive

Reporting includes indicators of emerging EHS and social responsibility issues. Metrics are "mapped" to all key stakeholder groups, not just the metrics commonly tracked by others in the industry sector. Reports are provided quarterly to the EHS committee of the board of directors and annually or bi-annually to the full board. Results are presented by a director or officer-level experienced EHS professional. Independent, external consultation is sought by the EHS committee of the board of directors. Externally reported results and key audits are verified using independent auditors such as university, community organizations or other non-governmental organizations (NGO) resources following protocols, such as the AccountAbility's AA1000 Assurance Standard or the Fédération des Experts Comptables Européens (FEE) protocol.

Management systems include sign-off authority on all new business ventures, raw materials and products. Systems are not based solely on conformance-based systems, such as ISO, but also performance-based systems, such as the Baldrige National Quality Program (Green Zia). There is an "assurance letter process" that has each business unit officer "sign off" that his/her business has installed the requisite systems and has identified and disclosed significant issues in accordance with set guidelines.

Organizational structures include (in addition to the EHS committee of the board of directors) an officer council meeting at least quarterly. There is also an external council of outside senior level EHS and social responsibility advisors familiar with emerging issues. They meet quarterly to advise the EHS staff and/or officer council. Ongoing activities and issues are reviewed with both of these councils and their input is aggressively sought. The senior, experienced EHS professional (typically an officer level individual) attends key officer meetings and participates in the strategic planning process. This same person is no more than one reporting layer from the CEO and has a dotted line relationship to the EHS committee of the board of directors.

Reward systems tie EHS performance to set targets and directly affect at-risk pay (i.e., bonuses). The company has a chairman's or president's award system for outstanding employee performance. Both support individual accountability.


Most companies operate somewhere between Level 1 and Level 2. For those companies stuck at Level 1, thoughts of performance at Level 3 may seem like pure fantasy. In fact, there are a number of corporations that have nearly the full compliment of governance activities listed. It is particularly important for companies contemplating strengthening their programs to recognize that all of the elements listed at Level 3 have beencan be benchmarked with other companies: the items listed are not theory. These programs work in the real world and, companies have resolved the sticking points of the more contentious items: assurance letter (Ashland); executive councils (Con Edison), at-risk pay (General Mills), external councils (Dow); truly independent verification methods (BHP Billiton?s award winning Cannington Audit).

Every corporation does not have to operate at Level 3, which by definition includes all the underlying structure of Levels 1-2. There is, however, an optimum combination depending on your company's size, legacy issues, brand image, and other factors. Budget constraints and uneasiness on the part of the company's legal counsel are often given as justifications for maintaining the status quo (a.k.a. head-in-the-sand approach to governance). In reality, the companies that have implemented these governance programs have truly reduced risk (this keeps the attorneys at ease), and the cost is trivial in the grand scheme of things at which boards of directors (who ultimately are held accountable) operate.

Levels of Governance

Table 1





Time Horizon

Risk Factor





Are we in compliance?





Risk Reduction


Are we protecting against risk and liability?

1-5 years


Companies with mature EHS management systems


Future Positioning


Are we competitively positioned?

5+ years


Top 5 percent; best-in-class

This article originally appeared in the 03/01/2003 issue of Environmental Protection.

About the Author

Richard MacLean is president of Competitive Environment Inc., a management consulting firm established in 1995 in Scottsdale, Ariz., and the executive director of the Center for Environmental Innovation (CEI), a university-based nonprofit research organization. For Adobe Acrobat® electronic files of this and his other writings, visit his website at http//

Featured Webinar