On Oct. 6, 1999, federal OSHA published a proposed policy that would explain when OSHA compliance officers conducting an inspection would request an employer to disclose safety and health audits that the employer had conducted voluntarily. According to the proposal, the purpose of the policy statement would be "to provide general guidance regarding the circumstances in which OSHA intends to exercise its authority to obtain voluntary self-audit reports during the course of an inspection and the manner in which the agency will use voluntary self-audits when it classifies" violations and proposes penalties.
The essence of the proposal is that, in an inspection, OSHA would not routinely request an employer to disclose what it defines as "voluntary self-audits." Also, where an employer is attempting in good faith to remedy a condition identified in an audit, OSHA would not use the audit to prove a willful violation.
This article briefly reviews the background of this issue and considers the potential practical impact of the policy on OSHA enforcement practices and on voluntary safety and health auditing practices.
Background of the Audit Issue Controversy
In 1991, then-Secretary of Labor Lynn Martin sent a letter to the chief executive officers of the Fortune 500 companies, urging them to act as "progressive" leaders by conducting periodic safety and health compliance audits with as much management support, precision and care as financial audits. Martin did not reveal, however, that OSHA would adopt the enforcement position that it might compel an employer to produce the very voluntary safety and health audits that had been urged in the name of "progressive" risk management.
For example, in a 1992 wall-to-wall inspection of a large paper mill, OSHA requested that the employer turn over documents related to its safety and health audit program. These documents reflected the employer's extensive program of voluntary self-audits at its facilities throughout the nation. The audits had been conducted as a routine business practice and were not structured so as to be protected from disclosure under the attorney-client privilege or the attorney work-product doctrine.
The employer declined to produce the documents, and OSHA responded with an administrative subpoena. The employer offered to produce the documents on the condition that they not be used to characterize the violations or to assess the amounts of proposed penalties. This offer was rejected, and OSHA filed an action in federal court to enforce the subpoena.
The company asserted that many employers would be disinclined to conduct voluntary audits if they risked misuse of their efforts by OSHA compliance officers seeking support for allegations of violative conduct, particularly willful violations. Even those employers who continued their auditing programs, the company argued, would find candid internal discussion chilled if managers knew that their constructive criticism could become the basis of OSHA violation claims.
In its decision, the court made clear that it sympathized with the company: "[I]n the court's opinion, the Secretary of Labor should not undertake this action ..." Nonetheless, the court concluded that under Section 8(b) of the Occupational Safety and Health Act and under principles governing administrative subpoenas, the secretary had the authority to issue and enforce such a subpoena in Martin v. Hammermill Paper Division of International Paper Co., 796 F. Supp. (S.D. Ala. 1992).
In the years following this decision and other similar ones, there has been a vigorous debate among industry, labor and OSHA as to whether OSHA's approach is misguided policy or prudent enforcement. Industry has urged OSHA to follow EPA's practice of requesting self-audits only in certain situations, rather than reviewing them as a routine practice during inspections. Industry argued that routine requests for audits during inspections would discourage employers from performing audits, particularly because OSHA could use audits as evidence that employers knew about hazardous conditions, thereby providing evidence of willful violations.
Having failed to persuade OSHA to change its policy, industry eventually turned to Congress. Rep. Cass Ballenger, R-N.C., recently introduced a bill aimed at protecting audits from OSHA. At press time, the bill had passed the House Subcommittee on Workforce Protections but was vigorously opposed by the Clinton administration, organized labor and House Democrats.
OSHA's Proposed Policy Statement
Against this background, OSHA published its proposed policy. The proposal states that OSHA "will not routinely request self-audit reports when initiating an inspection, and that the agency will not use self-audit reports as a means of identifying hazards upon which to focus during an inspection." The agency "intends to seek access only to those audit reports, or portions of those reports, that are relevant to the particular matters that it is investigating."
The proposed policy also addresses the use of voluntary self-audit findings to prove that a violation was willful. The proposal states that "if an employer is responding in good faith to a violative condition identified in a voluntary self-audit report, and OSHA discovers the violation during an enforcement inspection, OSHA will not treat that portion of the report as evidence of willfulness." In addition, "an employer's response to a voluntary self-audit may be considered evidence of good faith" and provide the basis for a penalty reduction. The proposal states that OSHA "intends that the policy will recognize the value of voluntary self-audits under which employers or their agents identify and promptly correct hazardous conditions and will acknowledge that, in limited situations, records relating to voluntary self-audits play an important role in" OSHA's "ability to effectively carry out its inspection and enforcement duties."
The policy would apply only to what OSHA defines as "voluntary self-audits." Thus, it does not address issues of attorney-client privilege or attorney work-product doctrine. Rather, the proposal defines a self-audit as a "systematic, documented and objective review by an employer of its operations and practices related to meeting the requirements of the Occupational Safety and Health Act." "Voluntary" means "not required by statute, rule, order or settlement agreement." Audits required by an OSHA standard would not be covered by the policy.
Would the Policy Make a Practical Difference in Inspections?
OSHA has requested public comments on its proposal. Thus, the final policy may be significantly different than the proposal. Taken at face value, however, the proposal appears to reflect a welcome, albeit long overdue, acknowledgment that OSHA's enforcement policy should not discourage, but rather should encourage, voluntary self-assessment by responsible employers.
The question is whether the policy will make a practical difference in how inspections are conducted and in whether employers conduct self-audits. In evaluating this, there are several factors to consider.
The policy will not have the force of law. It is important to understand that, as the proposal makes plain, the final policy will not have the force of law and will not be binding upon OSHA. Even though OSHA is utilizing the notice-and-comment process to solicit input, the final policy will not be a legally enforceable regulation or standard. Much like OSHA's Field Information Reference Manual, the policy states that it will be "only ... general, internal OSHA guidance and is to be applied flexibly, in light of all appropriate circumstances."
To illustrate the practical significance of this, if OSHA were to seek judicial enforcement of an administrative subpoena for audit documents in circumstances that the policy does not appear to contemplate, the employer would not have grounds to assert, as a matter of law, that the policy bars the request. In evaluating whether OSHA's subpoena is reasonable, a court might consider whether the request is consistent with OSHA's internal guidelines, but inconsistency with the policy would not be dispositive of whether the subpoena will be enforced. Ultimately, the main question would likely be whether OSHA's request for the audit is within its broad statutory inspection authority and whether it is reasonable considering all of the circumstances. The prevailing case law establishes a flexible test for the enforcement of administrative subpoenas, so unless a subpoena for audit materials is genuinely unreasonable, it is likely to be enforced.#4
The proposed policy contains broad exceptions. As noted, the policy would only be an internal guide for field enforcement personnel. The important question, therefore, is whether during an inspection, OSHA area directors, compliance officers and their counsel in the Office of the Solicitor of Labor will consider themselves obligated to be bound or at least influenced by the policy.
As proposed, the policy is laced with broad exceptions that would make it relatively easy for compliance personnel to conclude that a request for audit documents is permissible. For example, to qualify as protected by the policy, an audit must satisfy OSHA's test that it be "objective" (i.e., "conducted by or under the direction of a safety and health professional who is competent to identify workplace safe and health hazards given the scope and complexity of the processes under review"). Consider the issues raised by this definition alone. There is no express requirement that the "safety professional" be certified as such. What, then, will be the criteria used to determine whether a safety officer is suitably "professional" and "competent"? Does this mean that an audit conducted by an expert with technical, but not safety, expertise (for example, a chemical engineer) would not qualify?5 If the final rule provides the missing criteria, will they be applied consistently by compliance officers nationwide? This is a dubious proposition, at best.
Additionally, only "voluntary" audits would be covered by the policy. Thus, audits and surveys compelled by OSHA standards would not be covered. Examples of surveys not covered would likely include audits required by the Process Safety Management standard [29 CFR 1910.119(o)], the mandatory periodic inspection of lockout/tagout procedures [29 CFR 1910.147(c)(6] and the mandatory personal protective equipment hazard assessment [29 CFR 1910.132(d)(1)].
Further, in an exception that could virtually swallow the rule, under the proposal, "if the agency has an independent basis to believe that a specific safety or health hazard warranting investigation exists, OSHA may exercise its authority to obtain the relevant portions of the voluntary self-audit reports relating to a hazard." Considering that, in most cases, OSHA considers the submission of a properly completed employee complaint as grounds for an inspection, and many investigations are triggered by a complaint, it seems evident that a compliance officer would nearly always have the option to ignore the policy.
In addition, the draft provides that OSHA may request self-audits if a "fatal or catastrophic accident has occurred, and OSHA is investigating the circumstances of the accident to assess compliance and to assure that hazardous conditions are abated."
Finally, in perhaps the broadest exception of all, the policy would not apply "when the agency has reason to believe a hazardous, noncomplying condition exists and the agency is seeking to evaluate the extent of the hazard." This would appear to describe nearly every OSHA inspection. The proposal does not define what would constitute adequate "reason to believe" that a hazard exists. It also does not specify that a hazard must be a "serious" one as defined by Section 17(k) of the OSH Act (i.e., one likely to cause death or serious physical harm). By implication, therefore, a less severe hazard could qualify. Thus, under the proposed policy, a compliance officer would have broad latitude to determine in virtually every inspection that there is no constraint upon a request for an audit.
How Will the Final Policy Affect Auditing Practices?
The prospect of a final OSHA policy should not affect whether safety and health audits are conducted. In practical terms, even if OSHA ultimately does not limit the circumstances in which audits are requested, the relatively small number of inspections that OSHA conducts means that most employers will face the threat of disclosure only occasionally, if at all. Accordingly, an employer who believes that self-evaluation is a worthwhile element of a risk management and safety and health program should not be dissuaded from conducting audits by the relatively unlikely prospect of an OSHA request. It is a truism, after all, that the best way to avoid inspections is to discover and correct serious hazards before they result in accidents.
On the other hand, the possibility of compulsory disclosure means that employers should continue to observe the well understood basic principles about conducting audits and preparing audit documents -- for example, assuring that written observations are objective and that recommendations are brought to closure with appropriate documentation. An ill-drafted audit report, or one whose recommendations have not been evaluated and resolved, remains a potential road map to liability.
From a safety and health viewpoint, an optimal outcome would be a final policy that genuinely encourages and protects voluntary self-evaluation. It must be anticipated that however OSHA states its final policy, there will be exceptions that afford broad latitude to compliance personnel. The real key will be whether senior OSHA management makes clear to its field personnel and to the regulated community that the agency is seriously committed to promoting voluntary self-audits or whether the policy ultimately will be revealed as a sop to industry and an effort to fend off legislation on this point.
One hopes that, in the final analysis, OSHA will strike a proper balance between encouraging and protecting voluntary self-evaluation efforts by employers, while preserving its option as a law enforcement agency to obtain relevant evidence where an employer has behaved in bad faith.
Stephen C. Yohay is a partner in the Washington, D.C. office of McDermott, Will & Emery and is a member of the firm's OSHA Practice Group.