PatrickP

What Does EHS and CAPA Have To Do With GRC?

Blog Post created by PatrickP Employee on Sep 6, 2013

GRC (Governance, Risk and Compliance) is a familiar enough term, but what is EHS and CAPA?  Well, providing employees, contractors and customers with a safe working environment is a major priority for any organization.  Numerous industry regulations as well as government agencies such as the Occupational Safety and Health Administration (OSHA) have enacted specific rules, procedures and laws that must be followed in order to ensure compliance with safety measures in the workplace.  As an example, Environmental Health and Safety (EHS) rules, procedures and laws require companies to track all recordable events relating to workplace illness, injury or death.  A good EHS program will:

 

  • Escalate incidents quickly and efficiently; and capture, investigate, assess and prevent future hazards, injuries, illnesses, near-misses, and property-damages
  • Implement corrective and preventive actions, and perform root cause analyses for all events to proactively prevent recurrences
  • Provide visibility and reporting on incidents, events, ownership and statuses
  • Drive quality and safety performance across locations and business areas, and help maintain a safe and secure work environment and reduce risk to people and property


One important aspect of EHS programs is the Corrective Action and Preventive Action (CAPA) process.  CAPA is a methodology that strives to identify errors or nonconformity in a process along with the resulting problems, and then to understand the impacts, implement corrective action, and implement preventive measures. This concept is commonly built into many systems, processes and programs. One example is incident reporting standards for health and safety requirements as mandated by OSHA.


Other examples of CAPA programs include the “Plan Do Check Act” philosophy (by Deming – Shewhart) common to Crisis Management, as well as Quality Management Systems (QMS) focused on continual improvement and customer satisfaction. CAPA also forms the core of quality management disciplines such as Lean Manufacturing and Six Sigma, or ISO 9000. Permanent embedding of CAPA as part of a continuous improvement process in highly structured and regulated environments is critical.

A common criticism of CAPA programs is they often do not deliver the Return on Investment (ROI) expected by management. In order for CAPA programs to drive enterprise-wide benefits, they need to connect and fully integrate with strategies and solutions, and other supporting corporate-wide information systems. Further, CAPA programs need to have clear definitions of risk, severity and impact. These need to be clear and should be utilized to manage prioritization.  Effective CAPA programs should also be developed to enable organizations to integrate related disciplines, such as risk, incident, business continuity and audit management into a broader enterprise governance program.


RSA Archer has recently made available a focused EHS solution that enables organizations to comply with OSHA requirements that require companies to track all recordable events relating to workplace illness, injury or death. Customer benefits include:

  • Capture, investigate, assess and prevent all hazards, injuries, illnesses, near-misses, and property-damages with corrective and
    preventive actions
  • Escalate incidents quickly and efficiently
  • Provide visibility and reporting on incidents, events, ownership and statuses
  • Perform root cause analyses for all events to proactively prevent recurrences
  • Host all witness statements, investigations, and evidential information as it relates to EHS events to prevent or rebut potential penalties, fines, and fees
  • Drive quality and safety EHS performance across multiple locations and business areas
  • Help maintain a safe and secure work environment and reduce risk to people and property
  • Comply with OSHA incident reporting standards 

     

The solution has potential to provide rich information to the other disciplines mentioned above, thus better integrating the broader GRC program.  For companies that are challenged with EHS requirements and looking for a CAPA solution, you should check out our new focused solution.

Outcomes