Managing and proving compliance of a seemingly endless number of rules and regulations is a complex, intricate, and often underappreciated responsibility. New and changing compliance requirements, particularly within the past decade, are challenging even the most sophisticated organizations.
Compliance demands come from all areas of government and industry, domestic and international, and some are stipulated internally such as corporate performance requirements and service level agreements. Even voluntary standards, such as ISO 55000 for asset management, are being actively adopted.
The contents and behavior of compliance reports are governed by the various authorities and reference standards. Managing a task of this magnitude requires accountability and proper controls, because errors or delays have consequences that extend far beyond regulatory fines and administrative burdens.
To better understand the priorities, challenges, costs and resolutions, four industry professionals were invited to share their perspectives on compliance reporting.
Urgency drives best practices
Compliance reporting concerns can vary by industry and company size, but the highest priority obligations – those with the greatest consequences of noncompliance – tend to garner the greatest attention. Effective reporting practices and systems for the most urgent needs could serve as a model for other compliance requirements.
For example, compliance for some facilities is driven by corporate mandates. Directives of this nature are automatically a priority. “This may include the results of condition monitoring for assurance of reliability, safety, and environmental traceability. It is accomplished by following OSHA, NEC’s NFPA 70B and 70E, and possibly the EPA,” says Roy Huff, principal at The Snell Group (www.thesnellgroup.com).
For many companies, insurance providers are driving compliance of infrared inspections (Figure 1). “Reporting on this varies with the provider,” remarks Huff. “In some cases, simply a hard-bound copy of the results of the required annual infrared inspection is all that is needed. But in most situations, there needs to be some method of verification that repairs were successfully completed. That requirement may be supported by a facility’s CMMS program or an information management solution that integrates the results of the condition-based monitoring program.”
Safety is a universal concern. “Perhaps the most consequential compliance requirements for any industry are those that are safety related. Trumping these would be the requirements that marry safety, reliability, and process; specifically, those identified by OSHA’s 29 CFR 1910.119, Process Safety Management (PSM) of Highly Hazardous Chemicals,” says John Ross, senior consultant at Marshall Institute (www.marshallinstitute.com).
“Within PSM, two of the most critical compliance reports are the Process Safety Information (PSI) and the Process Hazard Analysis (PHA). They both require update on a prescribed basis,” explains Ross. “The PSI package is meant to provide information for processes engaging the 155 identified Highly Hazardous Chemicals (HHCs). For PHAs, the regulation is very clear: ‘The employer shall perform an initial process hazard analysis (hazard evaluation) on processes covered by CFR 29 1910:119. The PHA shall be appropriate to the complexity of the process and shall identify, evaluate, and control the hazards involved in the process.’ ”
Certain industries face unique demands. “In power generation, compliance reporting can be as simple as meeting corporate mandates with an emphasis on environmental requirements in the coal industry, or as complex as meeting Nuclear Regulatory Commission (NRC), National Nuclear Security Administration Production Office (NPO), Nuclear Electrical Insurance Limited (NEIL), Environmental Protection Agency (EPA) and site-specific requirements where results of condition monitoring must be completed and fully documented for compliance in the nuclear industry,” says The Snell Group’s Huff.
“In the operations department at a nuclear plant, probably the most important reporting requirement is for emergency situations,” says Steven Turrin, training superintendent at Perry Nuclear Power Plant (www.firstenergycorp.com). “There are standards that have to be met, a protocol for how the information is relayed, and short timeframes are involved. We fill out a formatted form called the 50.72 and provide it to the NRC when there’s an emergency declaration on the site. It’s a regulated process for the nuclear industry based on the Event Reporting Guidelines in 10 CFR 50.72, so we all pretty much do it the same way.”
For users of hazardous or chemical substances, there are comprehensive regulations like the European RoHS and REACH, which most companies are complying with today, says Reid Paquin, manufacturing research analyst at Aberdeen Group (www.aberdeen.com). “A recent U.S. regulation, which came into effect on May 31, 2014, is a section of the Dodd-Frank Act that requires the reporting of conflict minerals to the Securities and Exchange Commission. Basically, the rule applies to any company that uses minerals including tantalum, tin, tungsten, or gold (3TG). The company must report its products as either ‘Conflict Free’ or ‘Not Conflict Free.’ ”