Audits – To Do or Not to Do
The New Year brings all sorts of new issues. There will have a new administration and, more than likely, a new enforcement focus. That does not mean that good practices should be abandoned, however. One of the things a company can and should do is to make a determination and take the necessary steps to reduce its exposure to environmental enforcement issues. The most effective way to do that is through the audit process as it can alert the company to any issues lurking in the weeds.
How do you protect yourself when doing this self-critical analysis? There are a number of state privilege laws as well as federal disclosure “safe” havens. There are a number of common law privileges available as well. Also, does the company have a corporate policy covering audits? All good topics and all for another day’s discussion.
First, the company needs to decide whether or not to undertake an audit. If there are multiple facilities, should it be just one of the many, a select number of the facilities or all of them. Once the decision is made as to the scope of the audit, the company, through the appropriate official, should specifically authorize the actions necessary to undertake the audit.
Perhaps the most import stage will be the engagement of outside counsel. While a company can use in-house counsel for this function, it is a better practice to use outside counsel and avoid the “business versus legal” argument. The use of outside counsel will allow the attorney-client communication privilege, as well as the attorney work-product exemption, to attach to the audit and the resulting advice. Once counsel is engaged, counsel will engage the qualified consultant to undertake the actual audit. After counsel engages the consultant, the scope of the audit will be defined with the added input of the consultant.
A couple of nuts and bolts items: Determine the date of the audit and notify the appropriate governmental agency if the company wants the potential safe haven of a state’s audit privilege (some states do not have an audit privilege statute and most that do have an audit privilege statute require some sort of notification).
Now to the audit itself. The audit will have an “opening conference” where the scope of the audit is explained by counsel (from a fifty-thousand foot level), counsel explains that the privilege belongs to the company (not the individuals) and that the company expects the employees to cooperate with the consultant during the audit. The consultant should then go over the audit in a bit more detail, explaining what documents they will want to review, what they want to see in the facility and what employees will need to be interviewed. All told, the audit typically takes a day or two at most. Once completed, there is a closing conference at the facility with the responsible facility management. The purpose of the closing conference is only to highlight positives, discuss negatives and explain areas where action is needed. Counsel can then discuss with the company whether any immediate disclosure would be necessary or recommended to be made to the appropriate agency or agencies.
The consultant will then draft the report for review by counsel. The responsible management person may also be involved in the review of the draft, especially if the consultant is not well versed with the facility or the operations. Once the report is finalized, counsel will deliver the report to the responsible management for the company.
The company will then have the information necessary to make informed decisions regarding the results of the audit. And informed decisions should reduce the likelihood of governmental enforcement actions.
The cost of prevention is always less expensive than the cost of enforcement.
As always, feel free to contact me at email@example.com