PODCAST TRANSCRIPT:

A Legal compliance audit is one of three required internal audits in the R2 standard. There are some things in this audit that make it different from any other audit required as part of becoming R2 Certified. In this episode, I’ll be talking with Mike Easterbrook, SERI’s R2 Director and a former R2 consultant and auditor.  In addition, Mike is an attorney which gives him a unique perspective on the legal compliance audit process. We hope you’ll stay tuned for this episode of Ask The R2 Guru.  I’m RG from SERI, Champions of Electronics Sustainability.

Mike Easterbrook was a guest on a previous episode of this podcast, so we picked up where we left off last time.

RG: Mike, let’s continue our conversation from the last time you were on the podcast.  Tell me more about your background,  specifically in compliance.

ME: I got my start in this industry doing regulatory compliance and continued down that path, working for facilities doing regulatory compliance.  I’m based in California so I have a lot of experience with California regulations, but also broad knowledge of  US regulations and some international regulations or guidelines as well. After working at facilities, I did some consulting and conducted a lot of compliance audits for companies that I was walking through the certification process.  And I also worked as a lead auditor for awhile as well.

RG: Before I was with SERI, I was a compliance manager for 10 years at two different facilities.  During that time, I actually performed some compliance audits as an internal auditor for other companies, and it was always a matter of being alert for new stuff all the time.  New regulations, new conditions, new laws for both our facilities, and the facilities with which we interacted. So how did you continue your education as you went in various parts of this industry as a consultant, as a compliance person and as an auditor?

ME: I drew from various different areas.  Through e-mail lists, from regulatory agencies directly, from webinars, from conferences, from talking to others in the industry. I even went through some classes on Cal-OSHA and OSHA.  But I believe that if you have a tap on the pulse of the industry, you know what type of changes are coming down the pipeline. Usually, it’s something that is widely discussed, and regulatory agencies usually tend to give a lot of notice about changes that are coming.

RG: When I did internal audits, especially compliance audits, you usually knew by about an hour or so into the audit in the morning if something was going to go well or not at a given facility. So when you were a compliance auditor, what did you see when you walked into a facility that let you know that this facility truly understood compliance audits?

ME: I think it is really a combination of the documentation, the appearance of the operation, or the operation, and the awareness of the personnel.  In the Legal Compliance Plan, the R2 Facility identifies the applicable EHS, Data Security, Import/Export legal requirements.  Depending on jurisdiction, there might be different regulations for how different types of devices need to be handled, packaged, and shipped.  With those different requirements identified, the facility can implement instructions for materials handling, data security, processing, packaging, and shipment.

So, I would see that personnel would be aware of what needs to be done based on work instructions, which were built upon these regulatory requirements. They are all tied back to the various regulatory requirements that are identified in their Legal Compliance Plan, and that affects the way their operation works. So the Legal Compliance requirements are embedded into the operation, and this interaction of regulations and operations is usually obvious to someone who is a trained auditor or able to have that keen eye.

RG: It’s almost impossible for an electronics recycler or refurbisher or ITAD facility to not deal with batteries these days, especially with the explosion of small devices and mobile devices and cell phones and everything else.  How does the overall topic of batteries apply in various areas of a compliance audit?

ME: Batteries are an excellent example.  There are different requirements for different types of battery chemistries.  You could look at shipments of different battery types and make sure any type of declarations or identification was in accordance with the requirements from the Legal Compliance Plan.  You could look at the destination and if it is international, tie it back to any applicable Import/Export requirements.  There might also be local regulations about shipment of batteries.  For that, you could bring the facility’s  Focus Materials Management Plan in and see if it was shipped to a facility that exports material. From there, you ensure the legality of the downstream vendors for any transboundary movement for the import, export, and transit. This process needs to be properly described in the Legal Compliance Plan and confirmed during the compliance audit.

You could also look at the storage or staging area for their batteries. Is the labeling or packaging appropriate and compliant with applicable regulations?  Are there regulations that require a certain type of management if the weight exceeds a certain level or whatever the applicable requirement might be?  You could talk to personnel about handling and packaging requirements and see what is done in an emergency situation like a spill.  Or  the discovery of a damaged battery – how that’s packed or handled differently than a non-damaged battery.  Or what they do in case of a fire – do they have a proper type of extinguisher to put out those types of metal fires?  These are all audit trails, and a good compliance auditor will tie those audit trails back to the Legal Compliance Plan.

RG: That’s an amazing number of different audit trails or areas that an auditor can follow with just one type of material like batteries.  But to a lesser extent, can this same process be applied to the other types of materials passing through R2 facilities?

ME: Yes, that is true.  Let’s take the example of a dismantling line.  Maybe there are two lines: one for flatscreen monitors and TVs and one for desktop computers.  First, the flatscreens.  In an LCD, you have the backlighting, which is the cold cathode fluorescent light bulb which contains phosphor powders with mercury.  Some possible audit trails could examine how these bulbs, which are mercury devices, are handled & packaged.  From there, are there any EH&S regulations that are applicable such as use of Personal Protective Equipment (PPE) or medical monitoring?   Are there labeling requirements once components are separated and placed into boxes?  How do these audit trails tie back to what is identified in the Legal Compliance Plan?

For the other dismantling line, the desktop computers, possible audit trails might examine what facility does with the hard drive.  What kind of privacy regulations are applicable?  Have there been any data and/or security breaches?  If so, what notifications were sent out, if required by law or regulation?  For the rest of the desktop, what is the process for removing the battery from the motherboard?  What do they do with the battery?  Does the person know the proper management of those types of batteries?  Follow that battery to tie it back to the audit trails for the instructions for handling, packaging, and shipping lithium primary batteries that you looked at previously.  It ultimately ties many of those audit trails back to the Legal Compliance Plan.

RG: That’s a great and detailed answer…wow.   I know we’ve mentioned this previously in training videos about compliance auditing, but I’d like to talk to you for just a couple of minutes about the lack of a need for total independence of a compliance auditor from the process being audited which is unlike the other internal audits.  Why is this the case and how can it be practically used by facilities and auditors?

ME: To me, first I think about competency.  The standard says that the auditor shall be knowledgeable in the operations and applicable requirements.  From everything we’ve been talking about, competency of an auditor for a compliance audit is about their ability to observe the operation and audit the applicable requirements.  This will then be tied back to the Legal Compliance Plan.  So, the personnel that might be the most competent to conduct the compliance audit might be the compliance personnel in an organization, since that person or persons are the most knowledgeable of both the operations and the applicable requirements. This is why some internal personnel might be the best fit for the compliance audit.  If you’re using someone externally, you want to make sure they have certain competencies as well, because it’s required by the standard.

RG: That’s an intriguing concept.  I’ve got a question that follows up on that.  How do you think it applies to when a certification body auditor comes in for a final certification audit?  Will they look more closely at a compliance audit because it’s possible the internal people were auditing their own work?

ME: I don’t think so…the thing with external certification body auditor is that they’re not doing a compliance audit.  So, they’re not looking to see whether or not you’re complying with regulations. What they’re doing is they’re assessing your conformance to the requirements of the standard, or standards, to which you’re being certified. One of the requirements of the R2 standard is that you conduct a compliance audit.  A facility needs to show conformity to the requirements—in this case, that a compliance audit was conducted, that non compliances were promptly dealt with and that competent auditors were used.  The external auditor doing the certification audit is looking more at the process.  They’re not looking at compliance —  they’re looking to see whether or not the compliance audit was conducted in conformance to the requirements of Core Requirement 4.

RG:  Thanks, that clears it up.  Thanks for a lot of great insight and background from both sides of the audit table.  You’re one of the few people who’ve been on both halves of the audit process. It is an important part of the internal audit program and we’re really glad to have your expertise with it.

ME: Thanks, Roger.

*********

RG:  That’s it for this episode of Ask the R2 Guru. Thanks for listening, and thanks again to Mike Easterbrook and as always to the SERI team for their assistance in producing this podcast. You can find a complete transcript of my conversation with Mike in the Podcast section of the R2 Knowledge Base on the SERI website. You’ll find that at sustainable electronics.org.