This page has been updated. If you are not redirected please click here.

PSM/RMP/CalARP Compliance Audits

The basis of a successful management program lies in the periodic revaluation and improvement of the program. The life cycle of any management program may be represented by the flowchart given below:

The primary goal of any risk & safety management program is to develop a set of guidelines and procedures that ensure safe transport, storage, handling and disposal of hazardous materials and to protect the personnel working with these materials as well as the neighboring communities.

For EPA's Risk Management Program (RMP), OSHA's Process Safety Management (PSM) Program and the California Accidental Release Prevention (CalARP) Program, a triennial Compliance Audit is the inherent mechanism that allows these programs to achieve their primary goal.

A triennial Compliance Audit provides a comprehensive and objective method to evaluate the impact of a risk & safety management program. It allows the facility to

• identify gaps in program implementation,
• identify deficiencies in record keeping, training and action tracking,
• evaluate information and procedures contained in the program and update either to better suit facility requirements, and
• ensure compliance with regulatory requirements.

EPA, OSHA and CalARP Regulations require that an Audit be completed at least every three years after the initial development and adoption of the program. For the facilities that adopted their RMP, PSM or CalARP Program on June 21, 1999 the second triennial Compliance Audit is due on June 21, 2005. If a Compliance Audit has never been conducted to date, it should be done immediately.

A Compliance Audit must be completed by a person(s) knowledgeable in the process. Risk Management Professionals specializes in the development of EPA's Risk Management Programs (RMP), OSHA's Process Safety Management (PSM) Programs and the California Accidental Release Prevention (CalARP) Programs. Risk Management Professionals team can help you in your Compliance Audit needs. In addition to an in-depth evaluation of your program and detailed reports, we will provide simple solutions which will allow you to fix any deficiencies and ensure compliance. However, we encourage and assist our clients to be self-directed in the implementation and fulfillment of all regulatory requirements for these programs.

We have compiled a list of commonly asked questions regarding triennial Compliance Audits. If you don't find your question in this list please contact us; we will be happy to answer any queries. We are also offering 4-hr training workshops on Compliance Audits (April and May 2005) where you can learn how to conduct a self-audit for your process safety management programs. (For more information on these workshops please see our training schedule).

Frequently Asked Questions (FAQ)

What is a Compliance Audit?

• A Compliance Audit is a self-audit of your RMP/PSM/CalARP Program documentation and implementation. It is not an audit or inspection of your facility or process equipment

Why do I have to conduct a Compliance Audit?

• A Compliance Audit is required to be completed for each program listed above (EPA RMP, OSHA PSM, and CalARP RMP)
  • EPA Risk Management Plan: 40 CFR Part 68.58 and 68.79
  • OSHA Process Safety Management: 29 CFR 1910.119 (o)
  • California Accidental Release Prevention (CalARP) Program: 19 CCR § 2755.6 and § 2760.8

When do I have to conduct a Compliance Audit?

• At least 3 years after the RMP/PSM/CalARP Program was initially developed and adopted
• If your program was adopted more than 3 years ago and no Compliance Audit has been conducted to date, you must conduct one immediately
• At least every 3 years after your last Compliance Audit

What are the key elements of a Compliance Audit?

• It is a systematic evaluation of your RMP/PSM/CalARP Program to identify any compliance deficiencies
• Addressing and correcting recognized deficiencies

How do you conduct a Compliance Audit?

• Most often a checklist is used to conduct and document the results of a Compliance Audit
• The checklist provides an objective and systematic approach to conducting the audit

Who should conduct a Compliance Audit?

• As per the regulatory requirements a Compliance Audits should be conducted by someone knowledgeable in the facilities operations and process as well as regulatory requirements. You may consider conducting an audit yourself or hire a consultant to conduct one for you
• An inspection or program audit conducted by a regulating agency does not constitute a Compliance Audit or meet the regulatory requirements

What are some common deficiencies found in Compliance Audits?

• Recommendations from previous Process Hazard Analysis/Hazard Review and Compliance Audits not addressed or actions taken not documented properly
• Records of preventive maintenance performed and training conducted are not maintained
• Management of Change Procedures are not adhered to or followed
• Operating Procedures and Mechanical Integrity/Maintenance Program do not adequately reflect what procedures are actually followed at the facility
• Training is not conducted on a regular schedule
• The Piping and Instrumentation Diagrams (P&IDs) have not been updated to reflect changes to the system or have been lost

What do you do once the Compliance Audit is completed?

• Develop a report of the audit findings
• Owner/Operator must determine and document an appropriate response to each of the findings within the audit. Develop a plan or strategy for correcting deficiencies
• Retain the two most recent Compliance Audits