EHS and Internal Auditors: A Natural Coalition in the Battle for Risk Management

Last week, The IIA received some exciting news! The merger of The Institute of Internal Auditors with the leading environmental, health, and safety (EHS) professional organization, The Auditing Roundtable, received formal approval from New York state regulators, finalizing a partnership that holds great promise for EHS professionals.

The IIA’s new Environmental, Health & Safety Audit Center, launched in April as part of the merger agreement, is designed to serve EHS professionals’ training, continuing-education, research, and networking needs.

The IIA also recognizes the importance of having highly qualified EHS practitioners. This is why since 1997, it has partnered with the Auditing Roundtable to offer a suite of certifications from the Board of Environmental, Health & Safety Auditor Certification (BEAC), which will continue to be a vital part of our service to EHS professionals.

Beyond training, networking, and certifications, the merger creates the opportunity to elevate the profession’s voice in corporate, regulatory, and government settings. Through its global reach, The IIA will serve as the chief advocate of the profession and remain attuned to changes in regulations, new and proposed legislation, emerging technology, and evolving stakeholder demands that impact the profession.

The merger milestone reflects how the two professions complement one another and how their roles in the organization are changing with the dynamics of modern business.

Just as technology and the pace of change have redefined how internal audit navigates the demands of 21st century risks, EHS auditing also is acclimating. The similarities in how EHS professionals and internal auditors are adapting reveal how these natural allies have much more in common than is readily obvious.

Organizational risk is at the heart of the missions of both professions. While EHS professionals often serve a more hands-on role in risk mitigation in a second-line-of-defense than internal audit does in the assurance-providing third-line-of-defense, both can offer the organization enterprise-wide perspectives on risk. These perspectives are key to providing risk insight and foresight that offer highest value to the organization.

The audit engagements for each profession follow similar processes that add value and improve an organization’s operations. For example, non-mandated EHS audits can uncover compliance issues, identify areas to improve employee education/training, identify and correct safety concerns, and potentially identify ways to improve the efficiency and effectiveness of compliance programs. The benefits to operations are obvious and abundant.

These closely mirror the benefits offered by internal audits, especially in the highly regulated financial services area. Internal audits that uncover noncompliance in financial reporting or fraud have an equally beneficial impact on the organization. Beyond financial reporting, internal audit’s assurance and advising roles are growing in several areas including cybersecurity, operations, and business strategy.

Additionally, as demands from non-regulatory drivers such as investors and nongovernmental organizations work their way into reporting requirements — think sustainability reporting — EHS and internal audit will have to strengthen their relationship in order to comply with and provide assurance on these new measures.

We must, however, be vigilant in ensuring that organizations have truly independent internal audit functions to provide objective assurance on compliance and other good governance issues.

Wrapping our heads around these complex, interactive dynamics might seem daunting, but the valuable new resource of the EHS Audit Center will give any EHS practitioner a natural advantage. I look forward to working closely with our new members from the EHS audit community as we learn to work and grow together for the benefit of the diverse organizations we serve. As always, I look forward to your comments.