September 21, 2004 Sarbanes-Oxley Moves EHS Auditing From the Backroom to Boardroom     by Graham Sinclair Part one of this two-part article addresses changes Environmental, Health & Safety auditors are making in response to Sarbanes-Oxley; part two addresses changes prompted by the Global Reporting Initiative (GRI). SocialFunds.com -- The role of Environmental, Health & Safety (EHS) auditors and the information they assess is currently undergoing a sea change. Traditionally, EHS auditors have assessed company-specific information using company-specific metrics for use by an internal audience within the company. Recent developments, such as the passage of Sarbanes-Oxley (SOX) and increased adoption of the Global Reporting Initiative (GRI), are broadening the scope of both information collection and modes of data delivery, as well as the audience. EHS professionals addressed this dynamic earlier this month in Philadelphia at the annual Auditing Roundtable conference, entitled The Role and Practice of EHS Auditing in a New Era of Corporate Governance and Management Systems. EHS auditing is overseen by the Board of Environmental, Health & Safety Auditor Certifications (BEAC), a joint venture between the Auditing Roundtable and the Institute of Internal Auditors (IIA). Historically, EHS auditors have been charged with assessing EHS information for purposes of compliance, due diligence, risk assessment, and voluntary standards such as ISO 14001, an environmental management certification. The underlying purpose of these audits is expanding under Sarbanes-Oxley. SOX places greater emphasis on ensuring that disclosures are accurate and complete in all material aspects. SOX also requires that processes are in place to bring all relevant information to the attention of senior management. In other words, EHS auditors have been moved from the backroom to the boardroom. "EHS auditors are now being asked to generate and submit information directly to the most senior management levels, including the CEO, the CFO, and the Board of Director," said Roberto Jiménez, a director on the board of the Auditing Roundtable. The revised SOX rules require two separate certifications by the CEO and CFO for each 10-K and 10-Q (and any amendments) filed with the Securities and Exchange Commission (SEC) under sections 302 and 906 of Sarbanes-Oxley. Corporate officers face potential civil and criminal penalties for violations, so these officers are likely to have zero tolerance for surprises from EHS audits. A critical issue for auditors is the need for financial information that "fairly presents" the business position. "Be careful--EHS professionals should know that their work may make its way to the SEC based on conclusions about material risks that fairly impact the valuation of companies," warned keynote speaker Brian Carroll, special counsel at the SEC's Philadelphia district office. Information assessed in EHS audits is now being considered with a seriousness rivaling financial information, EHS data collected and verified during internal audits is no longer being held as tightly under the confines of privilege and confidentiality clauses. This increased transparency accentuates the importance of EHS auditor independence. "Without independence, no matter how competently the audit is performed, the resulting report will be potentially compromised," said Jeff Davidson, partner at Wilmer, Cutler, Pickering, Hale and Dorr. While financial audits and reporting in 10-Ks by publicly traded companies largely deal with historical information, the EHS auditors are involved in areas of SEC reporting that require significant estimation of contingent liabilities and future expenditures. EHS auditors are therefore required to do a certain amount of crystal ball gazing – meaning they will have to be very crisp and very articulate about how they audit. The growing importance of EHS auditing is a mixed blessing: increased responsibility brings with it increased accountability. "While EHS auditors are likely to play a more important and visible role, they are also likely to be held more accountable, with an insistence on verification of processes and a drive by executives to come to accurate hard numbers" more quickly, said Paul Michalski, a partner at Cravath, Swaine & Moore. Part two of this two-part article addresses how EHS auditors are taking up the GRI and other voluntary sustainability reporting mechanisms. © SRI World Group, Inc. All Rights Reserved. Order reprints | Send it to a friend | Print it | Save it Related Articles EHS Auditors Slow to Take Up GRI Auditing Sustainability Reporting Top