Operational Resilience & EHS Audit
An independent, structured audit of an organisation's Environmental, Health & Safety management and operational resilience posture — assessing compliance against applicable regulatory obligations and standards, and the practical effectiveness of systems, procedures, and culture in managing real operational risk.
Compliance is the floor, not the ceiling
EHS compliance audits conducted by internal teams or advisory firms with a commercial interest in future remediation work are structurally incentivised to find findings that justify continued engagement — and equally incentivised to avoid findings that are uncomfortable to report. Neither produces an honest picture of operational risk.
An independent Operational Resilience & EHS Audit provides what internal review and conflicted advisory cannot: an objective assessment of whether the organisation's EHS management systems, emergency response arrangements, business continuity provisions, and supply chain resilience measures are genuinely effective — not merely documented.
The audit addresses both dimensions equally. Regulatory compliance matters — penalties, enforcement actions, and reputational consequences are real. But compliance with a regulation that was written before current operational conditions applied does not constitute operational resilience. We assess both, and we report on both honestly.
An EHS audit that concludes with a clean bill of health should be the product of rigorous independent examination — not the predictable result of a process designed to reassure rather than assess. If the audit does not find anything, that finding itself requires scrutiny.
What sets our audit practice apart
Independence — no platform, no product, no preferred outcome
We hold no commercial relationships with EHS software platforms, remediation contractors, or certification bodies. Our audit findings reflect what the evidence shows — not what a future engagement requires them to show. Where an organisation has a clean EHS posture, we say so. Where it does not, we say that too, with the specificity needed to act on it. Independence is not a positioning claim — it is the structural condition that makes an audit worth commissioning.
Practicality — frameworks applied to real operations, not theoretical compliance
EHS frameworks and standards are written at a level of generality that allows broad application across sectors and organisational types. Applying them to a specific facility, operational model, or regulatory jurisdiction requires judgement — about what the standard actually requires in this context, what it does not require, and where compliance documentation has diverged from operational practice. Our audit methodology is built around operational reality, not a generic checklist applied uniformly regardless of context.
Audit scope
The audit covers six interconnected dimensions of operational resilience and EHS management — assessed as an integrated picture, not a series of disconnected compliance checklists.
EHS Compliance Audit
Structured assessment of the organisation's compliance with applicable environmental, health, and safety regulations — including permits, licences, monitoring obligations, and incident reporting requirements. Findings are mapped to specific regulatory obligations with clear remediation priorities, not generic recommendations.
EHS Management System Review
Assessment of the organisation's EHS management system against ISO 14001 (environmental management) and ISO 45001 (occupational health & safety) — evaluating whether the system is correctly structured, actively maintained, and genuinely embedded in operational practice rather than existing as a documentation exercise.
Emergency Response & Crisis Management
Review of emergency response plans, crisis management protocols, evacuation procedures, and the tested — not assumed — capability of the organisation to respond to foreseeable emergency scenarios. Emergency response arrangements that have never been exercised are plans, not capabilities.
Business Continuity & Operational Resilience
Assessment of business continuity arrangements — including recovery time objectives, critical function identification, redundancy provisions, and the organisation's ability to maintain essential operations through disruption. Assessed against ISO 22301 (business continuity management) and operational requirements specific to the organisation's sector and regulatory context.
Regulatory Compliance Gap Analysis
Structured mapping of the gap between the organisation's current compliance position and the full scope of applicable regulatory obligations — across environmental regulation, occupational health and safety law, and sector-specific requirements. Findings are prioritised by enforcement risk and remediation complexity.
Supply Chain Resilience Assessment
Assessment of the EHS and resilience obligations placed on key suppliers and contractors — and whether those obligations are adequately specified, monitored, and enforced. Supply chain EHS failures create direct regulatory and reputational exposure for the commissioning organisation, regardless of contractual position.
How the audit is conducted
The audit combines document review, site inspection, structured interviews, and regulatory mapping — producing evidence-based findings rather than opinion-based assessments.
Scoping & Regulatory Mapping
Establishing the full scope of applicable regulatory obligations — jurisdiction by jurisdiction, sector by sector — and mapping them against the organisation's current documented compliance position. Scoping determines the audit boundary and the depth of examination required in each area.
Documentation & Management System Review
Structured review of EHS policies, procedures, risk assessments, incident logs, training records, audit history, and management system documentation — establishing the stated position before testing it against operational reality.
Site Inspection
Physical inspection of the operational environment — facilities, plant, hazardous materials storage, waste management arrangements, safety signage, PPE provision, and emergency equipment. Site inspection identifies compliance gaps and operational risks that documentation review cannot surface.
Structured Interviews
Confidential interviews with EHS management, operations leadership, frontline staff, and where relevant, supply chain contacts — surfacing the gap between documented procedure and day-to-day operational practice, which is where the majority of material EHS exposure is found.
Findings, Gap Analysis & Reporting
All findings are risk-rated and mapped to specific regulatory obligations or standard requirements. The audit report provides a clear, actionable account of the compliance position, the operational resilience gaps, and a prioritised remediation schedule — designed to be used, not filed.
Audit deliverables
The audit concludes with a structured report package — designed for use at operational, management, and board level.
Audit Report
A comprehensive, evidence-based assessment of the organisation's EHS compliance position and operational resilience posture — structured by audit dimension, with findings referenced to specific regulatory obligations or standard requirements.
Compliance Gap Register
A structured register of identified compliance gaps — mapped to applicable regulations, prioritised by enforcement risk and remediation urgency, and presented in a format suitable for direct use by the EHS management team.
Regulatory Risk Assessment
An assessment of the organisation's regulatory risk exposure — identifying where non-compliance creates enforcement, penalty, or reputational risk, and quantifying the relative severity of each gap for prioritisation purposes.
Prioritised Remediation Plan
A sequenced remediation plan — addressing immediate compliance requirements, medium-term operational improvements, and longer-term management system enhancements — with clear ownership and timeline recommendations for each action.
Business Continuity Gap Analysis
A focused assessment of business continuity and operational resilience gaps — identifying where the organisation's current arrangements fall short of ISO 22301 requirements or operational necessity, with recommendations for strengthening critical function protection.
Executive Summary
A standalone board-level summary — translating audit findings into governance language, presenting the overall compliance and resilience position, and providing the investment rationale for recommended remediation actions.
Environments we audit
The audit methodology is adapted to the specific regulatory context, operational characteristics, and EHS risk profile of each environment.
Manufacturing & Industrial Facilities
High-hazard environments with complex regulatory obligations across environmental permitting, occupational health and safety, chemical handling, waste management, and process safety — requiring a practitioner with direct industrial experience, not a generalist framework.
Energy & Utilities Installations
Energy generation, transmission, and utilities assets operating under sector-specific regulatory frameworks with elevated consequences for EHS non-compliance — environments where the gap between documented compliance and operational reality carries the highest risk.
Commercial Office Campuses
Large-scale commercial occupancies with multi-tenancy EHS obligations, fire safety and emergency evacuation requirements, contractor management responsibilities, and occupational health obligations that are frequently underassessed relative to their regulatory exposure.
Hospitality & Mixed-Use Assets
Hospitality environments with guest and staff safety obligations, food safety intersections, high contractor activity, and the particular challenge of maintaining EHS compliance during operational periods — where the cost of disruption for inspection or remediation must be actively managed.
Any Regulated Environment with EHS Obligations
Where an organisation operates under formal EHS regulatory obligations — regardless of sector — independent audit provides the evidence base that regulatory bodies, insurers, and boards require. The methodology adapts to the specific regulatory framework; the standard of rigour does not.
Multi-Jurisdiction Operations
Organisations operating across multiple regulatory jurisdictions face the particular challenge of maintaining consistent EHS compliance where applicable obligations differ materially. We provide audit coverage that maps findings to jurisdiction-specific requirements rather than a single-standard benchmark.
Commission an independent EHS audit
Whether you are responding to a regulatory requirement, preparing for a certification audit, or seeking an honest independent assessment of your operational resilience posture — our audit practice provides the rigour and independence that internal review cannot.
Initial conversations are obligation-free. We will discuss your organisation's regulatory context, the scope of an audit engagement, and what a realistic timeline looks like.