ASTM E2107-20

This document is not an ASTM standard and is intended only to provide the user of an ASTM standard an indication of what changes have been made to the previous version. Because
it may not be technically possible to adequately depict all changes accurately, ASTM recommends that users consult prior editions as appropriate. In all cases only the current version
of the standard as published by ASTM is to be considered the official document.
Designation: E2107 − 06 (Reapproved 2014) E2107 − 20
Standard Practice for
Environmental Regulatory Compliance Audits
This standard is issued under the fixed designation E2107; the number immediately following the designation indicates the year of
original adoption or, in the case of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. A
superscript epsilon (´) indicates an editorial change since the last revision or reapproval.
1. Scope
1.1 Purpose—This practice identifies minimum requirements for environmental regulatory compliance audits (audits). It also
provides information on the terms and procedures associated with audits as practiced in the United States of America (USA) and
other jurisdictions subject to the laws thereof. It provides a reference to which interested parties may refer for definition and
description of accepted audit terms and procedures.
1.2 Background:
1.2.1 Awareness of Benefits Associated with Audits—Various benefits have been attributed to audits. These benefits may include
a better understanding of the compliance status of a facility or organization, identification of opportunities for environmental
management systems improvements, reduction or elimination of potential legal and financial liabilities when implemented as part
of a comprehensive compliance management program, better communications and improved relationships with governmental
agencies, communities, and other stakeholders, providing information for development of both short-term and long-term
environmental expenditures, and education of employees.
1.2.2 Awareness of Risks Associated with Audits—It is also important to recognize that certain risks have been associated with
audits. These risks may be managed and controlled by giving thoughtful consideration to the audit process before beginning an
audit. These risks may include increased potential legal and financial liabilities for the audited entity if audit findings are not
corrected in a timely manner, disclosure of confidential business information or trade secrets, inadvertent admissions against
interest because of the wording of audit findings, disclosure of audit findings intended to be kept confidential under audit privilege
laws or attorney-client privilege or work product doctrine, and inaccurate audit findings.
1.2.3 Awareness of Legal Issues—A number of important legal issues are associated with audits. Example legal issues include the
qualification for one or more evidentiary privileges, the qualification for limited immunity, the protection of trade secrets and
confidential information, the application of a number of government policies associated with environmental audits (including
federal and state programs that provide incentives for detecting, disclosing, and correcting potential violations through auditing),
the form and language of audit reports, the necessity of reporting certain information to the government (either federal, state, or
local agencies), the potential liability of auditors, and the importance of promptly addressing issues identified during audits. Prior
to initiating and during an audit, interested parties should consider potential legal issues and consult legal counsel or other experts
as appropriate.
This practice is under the jurisdiction of ASTM Committee E50 on Environmental Assessment, Risk Management and Corrective Action and is the direct responsibility
of Subcommittee E50.05 on Environmental Risk Management.
Current edition approved May 1, 2014Nov. 1, 2020. Published July 2014January 2021. Originally approved in 2000. Last previous edition approved in 20062014 as
E2107 – 06.E2107 – 06(2014). DOI: 10.1520/E2107-06R14.10.1520/E2107-20.
As used herein, a “Standard” is a document that has been developed and established within the consensus principles of the Society and that meets the approval
requirements of ASTM procedures and regulations. A “Guide” is a compendium of information or a series of options that does not recommend a specific course of action.
A guide increases the awareness of information and approaches in a given subject area. A “Practice” in contrast, is a definitive set of instructions for performing one or more
specific operations that does not produce a test result. See Form and Style for ASTM Standards.
Copyright © ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959. United States
E2107 − 20
1.3 Organization—This practice is organized in the following manner:
Section
Scope 1
Referenced Documents 2
Terminology 3
Significance and Use 4
Responsibilities 5
Auditor Qualifications and Staffing 6
The Audit Process 7
Evaluation and Report Preparation 8
Keywords 9
1.4 This international standard was developed in accordance with internationally recognized principles on standardization
established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued
by the World Trade Organization Technical Barriers to Trade (TBT) Committee.
2. Referenced Documents
2.1 ASTM Standards:
E1527 Practice for Environmental Site Assessments: Phase I Environmental Site Assessment Process
E1528 Practice for Limited Environmental Due Diligence: Transaction Screen Process
E2365 Guide for Environmental Compliance Performance Assessment
E3123 Guide for Recognition and Derecognition of Environmental Liabilities
E3228 Guide for Environmental Knowledge Management
2.2 ISO Standards:
ISO 1401014001-2015 Guidelines for Environmental Auditing—General PrinciplesEnvironmental Management Systems-
Requirements with Guidance for Use
ISO 14011 Guidelines for Environmental Auditing—Audit Procedures—Auditing of Environmental Management Systems
ISO 1401219011-2018 Guidelines for Environmental Auditing—Qualification Criteria for Environmental AuditorsAuditing
Management Systems
3. Terminology
3.1 Definitions of Terms Specific to This Standard:
3.1.1 action plan—a plan to address audit findings that describes planned response actions, parties responsible for their execution,
and expected completion dates.
3.1.2 audit authority—the entity or body that authorizes, or initiates, the audit process. The audit authority may be internal or
external to the audited entity.
3.1.3 audit criteria—enforceable environmental requirements that are applicable to an audited entity. Examples include laws,
regulations, orders, and permits.
3.1.4 audit data—information obtained during an audit to support audit findings.
3.1.5 audit finding—a statement of audited entity conditions at the time of the audit compared to audit criteria. Audit findings shall
be based upon verifiable audit data and may be either positive or negative with respect to audit criteria.
3.1.6 audit objective(s)—broad statement(s) of what the audit intends to accomplish.
3.1.7 audit plan—documentation that describes the audit. Elements that should be included or referenced in the audit plan are: the
audit objective; audit scope; identities of the auditing entity, audit team, and audit authority; audit schedule; auditor health and
safety issues; audit report preparation; record retention and management requirements; logistics; working papers management; a
For referenced ASTM standards, visit the ASTM website, www.astm.org, or contact ASTM Customer Service at service@astm.org. For Annual Book of ASTM Standards
volume information, refer to the standard’s Document Summary page on the ASTM website.
Available from American National Standards Institute (ANSI), 25 W. 43rd St., 4th Floor, New York, NY 10036, http://www.ansi.org.
E2107 − 20
process for promptly communicating auditor concerns for potential environmental or regulatory impact including concerns
requiring further evaluation; special conditions or requirements; and whatever measures, if any, desired to maximize audit
confidentiality.
3.1.8 audit purpose—reason for the audit.
3.1.9 audit protocol—a list of issues or questions designed to address the audit objective(s) based upon audit criteria.
3.1.10 audit report—a written summary of audit findings that is objective, clear, concise, constructive, and timely.
3.1.11 audit scope—a description of what is to be audited. The audit scope shall include a description of the period under review,
the audited entity, and the audit criteria.
3.1.12 audit team—one or more auditors responsible for conducting an audit. The audit team may be supported by technical
experts and auditors-in-training.
3.1.13 audited entity—a facility, organization, or part thereof, that is the subject of an audit.
3.1.14 auditing entity—the organization that provides auditors.
3.1.15 auditor—a person qualified to conduct an audit.
3.1.16 environmental regulatory compliance audit (audit)—a systematic, documented, and objective review of an audited entity
to evaluate its compliance status relative to audit criteria.
3.1.17 independence—a condition characterized by organizational standing where an auditor is free to conduct an audit without
being controlled or influenced by others.
3.1.18 lead auditor—an auditor designated to lead and manage the audit.
3.1.19 objectivity—a condition characterized by the absence of bias, influences, and conflicts of interest that affect or have the
potential to compromise audit findings.
3.1.20 open issues—potential audit findings that cannot be verified or resolved without additional information.
3.1.21 period under review—the time interval over which conditions at the audited entity are evaluated against audit criteria.
3.1.22 physical inspection—first hand observation and assessment of audited entity conditions.
3.1.23 records—documentation and other forms of recorded information.
3.1.24 regulatory entities—organizations that have the legal authority to develop, implement, administer, or enforce audit criteria.
For example, federal, state, tribal, or local government.
3.1.25 working papers—paper and electronic documentation developed by an auditor from observations, record reviews, and
interviews during an audit.
4. Significance and Use
4.1 Intended Use—This practice is intended for use by parties who wish to perform or direct an audit, or rely upon audit findings
or an audit report. Such use includes audits by internal and external auditors.
E2107 − 20
4.2 Other Audit Criteria—Other audit criteria may be included in the audit scope if specified in the audit plan. Examples include
safety and health requirements, and technical, operational, and management requirements.
4.3 Related ASTM Standards—This practice is related to Practice E1527, which addresses CERCLA liability, and Practice E1528,
which addresses due diligence for commercial real estate. A number of terms and procedures from these practices are similar to
terms and procedures associated with this practice but they may not be the same. Guide E2365 addresses environmental
compliance assessment and may be an appropriate tool for some environmental regulatory compliance audits. The user is advised
that Guide E2365 is not an all-encompassing compliance assessment tool. Guide E3123 addresses the five types of environmental
liabilities named in generally-accepted accounting principles (asset retirement obligations, environmental obligations,
commitments, contingencies and guarantees).
4.3.1 Not Interchangeable—Although distantly related to Practices E1527 and E1528, this practice is designed to achieve different
results. Therefore, these practices shall not be used interchangeably with, or in place of, this practice.
4.4 Related ISO Guidelines—The International Organization for Standardization (ISO) has developed guidelines addressing
environmental auditing. These are ISO 14010, ISO 14011, and ISO 14012. 14001-2015 and 19011-2018. A number of terms and
procedures from these guidelines may be similar to terms and procedures associated with this practice but they may not be the
same. ISO 14001-2015 added several compliance evaluation criteria, including Section 9.1.2 (Evaluation of Compliance) and
Section 9.2 (Internal Audits).
4.4.1 Not Interchangeable—Although related to ISO guidelines, this practice is designed for a different purpose. Therefore, these
ISO guidelines shall not be used interchangeably with, or in place of, this practice.
4.5 Additional Services—A number of issues may arise as a result of an audit, but are outside the scope of this practice. Such issues
include, but are not limited to, development of action plans and cost estimates to address audit findings.
4.6 Conditions—The following conditions shall govern the application of this practice.
4.6.1 Not Exhaustive—A audit shall not constitute an exhaustive review of audited entity compliance with all potentially
applicable audit criteria unless explicitly intended and stated as an audit objective in the audit plan.
4.6.2 Level of Review is Variable—The audit scope may vary to meet different audit objectives. For example, the audit scope may
include only selected audit criteria, selected period under review, or selected portions of a facility or organizat
...