Compliance Survival Tactics
How to protect yourself from the Title V data explosion in the absence of a flak jacket
- By Greg Gasperecz
- Jun 01, 2004
The Title V operating program resulting from 1990 amendments to the Clean Air Act requires that facilities demonstrate, in one document, their compliance with all applicable regulations and requirements of the act. The U.S. Environmental Protection Agency (EPA) reports that, as of 2003, 95 percent of Title V permits have been issued nationwide. As such, approximately 19,000 facilities are required to submit annual certifications and semiannual deviation reports.
To receive their Title V permits, many organizations dutifully outline how they monitor their processes and what controls they have in place to manage potential sources of non-compliance. Any sense of relief that ensued when the permit was issued quickly disappeared with the realization that, in fact, the issuance of a Title V permit is but the beginning of a process -- the opening of a door and not its closing. And that door hinges on the ability to demonstrate ongoing compliance with the controls outlined in the application process: the conditions of ongoing compliance.
Title V, Superfund Amendments and Reauthorization Act (SARA), the Right-To-Know Act, the Toxic Release Inventory, the Resource Conservation Recovery Act, Hazardous and Solid Waste Act and the National Pollutant Discharge Elimination System permitting program have all contributed to a compliance data explosion. While this article focuses on the data explosion created by Title V, the practices put in place to manage clean air compliance will support any and all corporate compliance activities, including water, waste, health and safety.
The Title V Data Explosion
Title V did not create new regulatory requirements, but it did create new requirements for recordkeeping and reporting, which has contributed to the compliance data explosion. A typical power plant, for instance, might have 300 or more obligations to meet for compliance with Title V. Some of these obligations might generate one or two data points per year while others produce hundreds per hour. All of this is compliance data. A line-by-line affirmative certification of permit conditions and regulatory obligations for a power plant would require the review of hundreds of thousands of individual associated data points. Nitrogen oxide monitoring alone could result in thousands of hours of data per emission point. This does not take into account the obligation to complete quality assurance checks on the monitoring and other equipment actually producing the data, all of which is reportable in the certification process.
"Water, water everywhere, and nary a drop to drink." Those are the famous words of the ancient mariner adrift and lost at sea. Perhaps this is a fitting metaphor for the compliance officer, awash in a sea of data. How can I confidently certify compliance if I can't be confident that I'm even reviewing the right data?
With such a big volume of data, the trouble spots are those potential deviations that are buried within all the other data. The difference between compliant data points and non-compliant data points is not necessarily obvious. To the naked eye, they don't look different.
The Technology/Judgment Mix
Thankfully, sophisticated technology can help filter out or sift the data to identify potentially noncompliant data. There are many technologies available to support the management of compliance. The options range in complexity and sophistication and level of automation. Whatever path you take, whether it's using desktop systems and spreadsheets or complex relational databases and enterprise systems, the ultimate goal is to eliminate silos of information, promote collaboration and automate, to the extent possible, compliance tasks. The ability to manage external regulatory content and the creation of reports are also key considerations.
Most important to remember though is that technology cannot "do" compliance. Not everything that might be a problem from a database perspective is a problem from a compliance perspective. Technology allows people to meaningfully evaluate data. Technology sifts. People judge. Without technology, however, humans can drown. The bottom line is that data must be accessible and must be actionable. National companies operating in different states are required to report data in different formats. In addition to the need for translating raw data into local formats, data must also be able to be rolled-up for other corporate or business unit reporting purposes.
Risks, Obvious and Otherwise: Compliance Landmines
One of the biggest fears managers face is that they will incorrectly certify compliance. While the most obvious categories of compliance risks are related to managing data, there are other less obvious, but equally large, risks. These compliance landmines are usually rooted in misunderstanding Title V responsibilities or misaligning resources based on false assumptions.
V Steps to Title V
Misinterpretation of reporting requirements causes trouble. The classic example that often took place often in the early years of Title V enforcement was managers failing to file reports because there were "no deviations." Guess what? By not filing a report, they unilaterally and unnecessarily created a deviation. Reporting late is yet another form of noncompliance. And here is where technology can help: Whether you use Microsoft® Outlook, an existing work order management system, or a more robust compliance management solution, like the Enviance System, put reminders in place to ensure that those kinds of mistakes don't undermine corporate compliance.
Another common example relates to air emission limitations, particularly where companies do not have a continuous emissions monitor (CEM) and choose to monitor process parameters instead. Monitoring process parameters is an entirely acceptable practice, but it can be a cause for a less obvious compliance landmine: the risk of over compliance. An example of this is the company that gathered emissions data every minute and if they went over the proscribed value for even one minute, they flagged it as noncompliant. In reality, their responsibility was to gauge performance based on average pounds per hour. They were unnecessarily reporting deviations because they had not evaluated the relationship between the periodicity of their obligation with respect to the periodicity of their parameter data. After an analysis and reconfiguration of their compliance process, they reduced 1,440 potential violations per day to 24. Had they had a system in place that prompted them to collect data and report only once per hour (rather than once per minute), they would have saved themselves the risks associated with over-interpretation: a higher number of non-compliances and a misuse of valuable internal resources.
Creating a Culture of Compliance
Technology cannot solve organizational gaps. Managing Title V compliance reiterates the fact that the compliance process is dynamic and cyclical and that accountability structures must be clear. Title V is a high-profile program and it provides for aggressive EPA or state agency enforcement. A chance violation on a routine, unannounced inspection can lead to much greater attention from regulatory agencies. Because of this, it is vitally important that relevant data and records hold together like a masterpiece. This must be clearly and regularly communicated and demonstrated through ongoing testing and internal auditing and assessment procedures. Ultimately, the buck should stop at the facility management level as they have the authority to enforce consequences and instill best practices.
There also must be a commitment to the development and maintenance of institutional knowledge. With an increasingly multitasked and mobile workforce, and with the growing prospect of retiring Baby Boomers, companies must retain critical information. If compliance-related information and processes are allowed to move with people, companies can be left to certify compliance in the dark. And you don't want EPA or its agents flipping the switch.
I have a colleague who says that having a Title V permit is like calling the police after your commute home to confess that you were doing 60 mph in a 55 mph zone. And, while today you only need to report deviations on Title V, this may be a harbinger of what is to come in other areas of environmental health and safety (EH&S) compliance. Add to this the fact that Title V data, and all EH&S data for that matter, also may be required to demonstrate compliance with new and stringent financial reporting controls resulting from the Sarbanes-Oxley Act. As companies are required to identify all potential financial risk -- including the risk of non-compliance -- the pressure associated with managing compliance will only mount.
With the proper people, technology and processes in place, organizations can realize real value from self-policing. It is estimated that problems fixed proactively cost about 20 percent of those discovered by an outside agency. The ultimate goal -- let's call it "compliance nirvana" -- is that organizations develop the capability to produce reports of any type at any time. Eliminating reporting fire drills provides great power to organizations with implications far beyond EH&S compliance activities.
Protecting Against the Data Explosion
If you're responsible for managing Title V, review your processes to verify that you are properly aligning technical, technological and human resources so that your best asset -- your judgment and the judgment of all employees -- is put to work. The benefits of streamlining data and process management are manifold, peace of mind and mitigated financial risk among them.
If you are in the process of securing your Title V permit, anticipate the requirements and permit conditions, how you would report on them and assign resources behind those tasks before you rush to certify. Assuring compliance is hard enough work -- don't become another casualty of the data explosion.
And, remember, there is no flak jacket.
V Steps to Title V
I. Tackle the data problem: Anticipate your compliance commitments and build a data management plan that supports them
II. Leverage existing systems (work order systems, maintenance systems, existing ERP or desktop systems) and find a technology solution that fits the size/scale of your operation: Data must be able to move freely within your organization and be acted upon.
III. Employ a method to sift though the data explosion.
IV. Stay current with potential deviations and don't wait until the reporting process to address them. Remember, your jurisdiction may have a short-term deviation reporting requirement.
V. Be Timely: Late reports constitute non-compliance.
This article originally appeared in the 06/01/2004 issue of Environmental Protection.