Implementing your EMS to minimise risk in 2024/5

5 min read

Environmental management systems (EMSs) are a vital part of delivering on compliance with environmental laws. Indeed, the Environment Protection Act 2017 (Vic) calls out a need for systems as part of the general environmental duty applicable to all organisations.

Most medium-large Australian entities will have an EMS of some shape or form. Some EMSs follow the layout of ISO standards (ISO14001) and may be accredited. Others may have policies and procedures that meet one or more requirements of environmental law, but not necessarily a comprehensive “system”.

Contextually, many entities in Australia will have EMSs that are maturing. This means that the challenge has moved from the creation of EMSs (or development of particular system components) to ensuring that systems work. That is, that they are actually implemented on the ground, tested and delivering the required risk management results.

Implementation

Let’s assume that an entity has all the basics covered, that is, you have:

• correctly identified all your environmental risks at your sites and understood what legal compliance standards and laws relate to those risks (as well as any additional administrative or reporting obligations that the law requires);

• implemented physical controls to eliminate or minimise risks; and

• developed policies or procedures to respond to residual risks and legal obligations; and

• monitored (or have provision for periodic monitoring) for changes to legal obligations (for example, from changes to regulations) and changes to environmental risk (for example, from new sites or operations coming into your business).

Then, the key implementation tasks for many organisations in 2024/5 are:

1. training of personnel;

2. auditing or testing of your management system;

3. ensuring that environmental incidents can be handled.

Each of these three areas requires attention, budget and diligence to deliver a high-performing EMS.

This article look at each of these areas in turn and provides a high-level and practical overview of some risk management “prompts”. Every organisation is unique and will have its own particular requirements for environmental risk management (depending on sector, jurisdiction/location(s), size and risk profile).

Training - at all levels

Training is arguably the most fundamental component of a successful EMS.

It has sometimes been said that you could deliver on risk management without a written system so long as your employees and contractors were all well trained and understood exactly what they have to do on site. Whilst, I wouldn’t advocate for this, particularly as many operations are sufficiently complex or multi-staged to warrant a written policy, it illustrates an incredibly important point: you could have the most wonderful system in the world but if it is never communicated to teams it is meaningless.

That training should be considered as fundamental to implementation is reflected in the Environment Protection Act 2017 (Vic), and the specific parts of implementation that are called out as being important to meet the standard of the General Environmental Duty:

Section 25(4) provides that a person who is conducting a business or an undertaking contravenes the general environmental duty if the person fails to do any of the following in the course of conducting the business or the undertaking, so far as reasonably practicable:

(e) provide information, instruction, supervision and training to any person engaging in the activity to enable those persons to comply with the general environmental duty.

A lot of organisations have induction training.

But implementing a high-quality EMS requires much more:

• training needs to be specific to the task at hand and not merely general. Whilst initial induction training might speak to the entity’s environmental policy or obligations at a high level, together with some on-site risk information, this is unlikely to be sufficient of itself to deliver a high-performing EMS. Training needs to be specific to the tasks being performed and the specific risks relating to sites or activities.

• Organisations should look at multi-layered and staged and refresher training rather than relying on a single training course. Shorter more regular training that is engaging and caters to a range of learning styles may be helpful to improve engagement, attendance and “buy in”.

• Boards (directors), officers (senior management) and senior leadership teams require their own training to ensure that they understand the legal requirements of their role with respect to due diligence on environmental management. This is extremely important as directors and officers are personally liable for the offences of their organisations under derivative liability provisions in environmental laws in all Australian States and Territories. This cohort needs its own bespoke training to ensure that they understand the issues and can acquit resources and give direction to operational teams about environmental risk management.

Auditing or testing of the system

Is the system working? Is environmental risk actually being managed?

These are the questions that maturing EMS owners need to consider.

But auditing of environmental management systems might be different to audits of hazard or risk. There are considerably different approaches in the current market to “testing” the system.

It is really important to ensure that an EMS has the core components of a management system. But beyond requisite system components, it is important to ensure that they are legally correct, actually implemented, and actually delivering on risk.

For example, your EMS may mandate an incident response policy.

An audit principally evaluating whether you have the necessary parts of an EMS might conclude that you have an acceptable system.

But does the policy comply with current legal requirements? Is it jurisdictionally specific? Would following the policy lead to the desired outcome? It is not uncommon for lawyers to review policies that if followed would either unintentionally or by omission, lead to the entity breaching or contravening a legal requirement.

Moreover, even if the policy is consistent with law, if an audit process is focussed on components (and to some extent implementation), to what extent does an auditor step over the oil stain (where there has been a recent incident) to nonetheless provide assurance on the EMS?

Assessing environmental risk is therefore also critically important.

Scoping “how” you check whether your EMS is actually working is a really important aspect of implementing a high-performance EMS. This might mean evaluating the frequency and criteria against which you are checking. You might encourage site teams to undertake daily or weekly “checks” of the site’s environmental risk rather than relying solely on annual formalised external auditors. This would give you the chance to undertake early stage rectification works and actually capture hazards before a risk occurs.

Incident management and reporting

All States and Territories in Australia have pollution incident response laws mandating notification to the environmental and other regulators of pollution incidents meeting certain thresholds (typically quite low). Each jurisdiction also has mandatory notification of contamination to environmental regulators.

But incident management is about much more than notification. There are a lot of complex requirements under environmental and safety laws with regard to incident response actions.

Encouraging prompt internal reporting of incidents and near misses can give you great information about environmental risk and awareness in the organisation. Apart from the need to make sure that internal reporting is occurring so that you can comply with external reporting requirements, internal reporting can ensure that timely interventions occur to eliminate or minimise future occurrences. It can also give you a really good indication of whether or not your EMS is working. Multiple reports of similar incidents may provide insight into system improvement. Conversely an absence of reports might indicate that personnel don’t fully understand duties.

Conclusion

There is undoubtedly a lot to consider in implementation of EMSs. If you are looking to “refresh” your EMS in 2024/2025 and ensure that you are meeting legal compliance requirements and keeping up to date with contemporary expectations of the regulators, please contact me to discuss a legal gap analysis for your business.

Legal advice is confidential and subject to legal professional privilege and can be an important first step if you are unsure of management and governance actions to improve environmental risk management.

The legal stuff

This article is aimed to be high-level, practical and thought-provoking. It is not a detailed description of environmental law in Australia. You should always seek independent legal or other professional advice on specific cases and before acting or relying on any of the content. All the information in this article and on this website and any downloads are intended only to provide a summary and general overview on matters of interest. It is not intended to be comprehensive nor does it constitute legal advice or establish a lawyer - client relationship. Whilst attempts have been made to ensure that the content is current, Gabrielle Guthrie and Guthrie Legal do not guarantee its currency. Copyright 2024

Liability limited by a scheme approved under Professional Standards Legislation