<- Back

In this interview, Mark Hansen, Vice President, Environmental and Safety, for Range Resources Corporation, provides an update on the Sarbanes-Oxley (SOX) Act of 2002, discusses its impact on environmental liability disclosure and explains how SH&E professionals can best incorporate the SOX Act into their safety practices.

Please provide a brief description of your professional background and of your position as Vice President, Environmental and Safety, for Range Resources Corporation.

Range Resources is an independent oil and gas company operating in the Southwestern, Appalachian and Gulf Coast regions of the U.S. As Vice President, Environmental and Safety, I direct, oversee and manage SH&E strategies, plans, programs and initiatives. My staff includes four direct reports and many indirect reports.


The SOX Act sets new or enhanced standards for all U.S. public company boards, management and public accounting firms. The law establishes records retention requirements for audit papers and creates an oversight board for accounting firms that audit publicly traded companies. It also addresses:

  • Auditor independence
  • Corporate responsibility at publicly traded companies
  • Financial disclosures of publicly traded companies
  • Conflicts of interests of financial analysts

What provisions does the SOX Act include for environmental liability disclosure?

Environmental disclosures include material items, such as:

  1. Remediation projects that can affect air, water and waste regulatory restrictions;
  2. Internal audit discrepancies;
  3. Due diligence discoveries as a result of joint ventures, sales and property acquisitions;
  4. Regulatory action by state and federal agencies;
  5. Regulatory citations, fines, penalties and prohibitions.

Three sections of Regulation S-K (which provides the disclosure requirements for periodic reports filed with the U.S. Securities and Exchange Commission (SEC)) require the disclosure of environmental liabilities: Item 101, relating to the description of a company’s business; Item 103, relating to disclosure of legal proceedings and Item 303, relating to management’s discussion and analysis of financial condition and results of operations.

In addition, SEC and other accounting authorities have published bulletins and statements regarding the assessment and disclosure of environmental liabilities, including:

  • Statement of Financial Accounting Standards No. 5: addresses accounting and reporting of loss contingencies, such as site cleanup or remediation;
  • SEC Staff Accounting Bulletin 92: uses a question-and-answer format and provides guidance regarding accounting and disclosure obligations for contingent environmental liabilities;
  • American Institute of Certified Public Accountants Statement of Position 96-1: provides guidance with respect to the recognition, measurement, display and disclosure of environmental liabilities, including benchmarks for making materiality determinations at various stages of assessment and remediation.


Environmental liability assessments and disclosures are now subject to unprecedented scrutiny. At the same time, the SOX Act increases the personal accountability of corporate officers and directors for inaccurate or misleading disclosures. Among its many provisions, the SOX Act:

  • Establishes new certification, attestation, internal control and disclosure control requirements, as well as increased penalties and statutes of limitations for violations of these and other securities laws;
  • Creates new sanctions for CEOs and CFOs, including the possible disgorgement of bonuses and income from equity-based incentives in connection with certain financial restatements, gives SEC the ability to “freeze” an executive’s compensation under certain circumstances and increases SEC’s powers to bar persons from future service as officers or directors of public companies;
  • Establishes new requirements for codes of ethics, codes of conduct or codes of corporate responsibility;
  • Enhances protections for corporate whistleblowers, including requiring procedures for whistleblowers to report directly to the audit committee, increasing penalties for taking action against whistleblowers and increasing civil and criminal protections for whistleblowers;
  • Imposes significant monetary and criminal penalties for fraudulently influencing, coercing, manipulating or misleading an accountant engaged in an audit to render a company’s financial statements financially misleading.


In the time since the SOX Act took effect, has environmental reporting improved among public companies?

It is difficult to definitively say yes or no, but it appears that environmental disclosures have increased. This is evidenced with banks conducting environmental due diligence prior to loaning companies funds for acquisitions and the like. It is also evidenced in areas, such as corporate social responsibility, sustainability and carbon disclosure and other nongovernmental organization pressures.

How do you suggest companies adjust or revise their environmental management systems under the SOX Act?

SH&E professionals should review their environmental management systems, specifically to address corporate governance.  For example:

a. Top Management Involvement. Studies of SH&E programs unanimously conclude that effective SH&E performance “starts at the top.” Informed, involved and committed top management is critical to effective SH&E performance.

b. Defined Roles & Responsibilities. SH&E programs are only effective when there is ownership. This only happens when roles and responsibilities for SH&E performance are clearly defined and individual performance reviews include an evaluation of how well SH&E responsibilities have been met.

c. Appropriate & Consistent Metrics. It is impossible to proactively manage processes if you do not know where you are, where you are going or how far along you are toward meeting your goals. The development and ongoing monitoring of clear, concise and relevant performance metrics is critical to effective SH&E performance. For organizations with multiple business units, it is also critical that these metrics provide consistent data reporting to support sound decision-making.

d. Impartial Evaluations by Competent Assessors. Human nature being what it is, it is difficult for those who are involved in implementing and maintaining systems to provide an impartial evaluation of the system’s performance. In addition, system audits require competent auditors.

e. Effective Communication. Management requires timely and effective communication. Responsibilities will be unfulfilled if they are not communicated. Metrics are meaningless unless they are available when decisions must be made. Evaluation serves no purpose unless it drives system improvements.

f. Availability of Required Resources. Good intentions are wonderful, but safety initiatives and environmental protection requires resources—money, manpower and corporate support.

g. Consideration of Sustainability and Social Responsibility. In today’s global marketplace, country-specific laws and regulations can no longer be the exclusive focus of SH&E programs. Laws will never address all aspects of what is fair, ethical and consistent with company values. Rather than ignoring questions of ethics and values, companies must confront these questions directly and proactively.

The above list is excerpted with permission from ENLAR Compliance Services, Inc. (http://iso14000expert.com/sarbanes-oxley.html).

5. How are SH&E hazards and exposures disclosed under the SOX Act? Since the SOX Act places greater scrutiny on CEOs, CFOs and board of director members, how can SH&E professionals best communicate hazards and exposures to senior management?

By providing a regular (monthly, quarterly, etc.) status verbally and in writing. The “no surprises” methodology works well for environmental issues. Keep abreast of emerging regulations, such as greenhouse gas emissions, nonattainment area concerns and evolving state requirements, and keep senior management informed to avoid any surprises. Direct communication with board members may also be appropriate depending on the circumstances.

How can SH&E professionals at public companies best incorporate the SOX Act into their safety practices to protect their employers and employees?

SH&E professionals at public companies may need to implement new procedures and policies to safeguard their employers, employees, colleagues and themselves. From the perspective of ASSE’s Council on Practices and Standards, the following is suggested:

1. Obtain a copy of this law, as well as background materials about it, and discuss it with senior management and legal counsel so that all parties are aware of what is expected. A legal opinion written by corporate counsel would also be a prudent action to take.

2. Write and publish a policy addressing SH&E disclosure in regard to how it fits in with the SOX Act.

3. Write, implement and document communication structures detailing how information is passed up the communication chain to senior management.

4. Conduct thorough assessments to identify significant SH&E exposures and the means used to communicate them to those in a position of authority.

5. Ensure that SH&E audits are independent and that the results are reported and acted upon. Those SH&E practitioners who author/sign those audit reports and who fail to follow up on the recommended actions may be subject to sanctions such as listed under the new law. They now have a duty that goes beyond just informing management.

6. Follow the ASSE Code of Conduct.

7. How can management system standards, such as “Occupational Health and Safety Management Systems” (ANSI/AIHA Z10-2005), help companies comply with the SOX Act?

Management systems provide a standardized approach, which focuses on repeatability, accountabilities and measures. This fits hand-in-glove with SOX requirements for controls and procedures. You can establish environmental financial controls by:

  • Defining environmental responsibilities and internal communication processes;
  • Establishing procedures for identifying legal requirements and evaluating compliance;
  • Establishing processes for identifying and quantifying environmental risks;
  • Monitoring stakeholder interests and establishing public communication mechanisms.


Why is corporate governance with an emphasis on environmental health and safety so critical in the current unstable economy?

Governance is a new focus for businesses today. In response to a wave of corporate scandals, new laws, such as SOX, and new nongovernmental initiatives, such as ISO 26000, have been or are being developed to encourage companies to do the right thing. This is a complex area with the potential for substantial impacts for environmental, health and safety programs.

Environmental health and safety issues can substantially impact a company’s financial performance. Companies that have failed to manage SH&E issues have incurred multimillion-dollar cleanup liabilities, faced significant erosion of their business reputation or gone bankrupt when they failed to anticipate the importance of an emerging issue, such as the potential carcinogenicity of a key ingredient in their product.

Four drivers have focused increased attention on corporate governance:

Corporate Accountability Laws. Laws, such as SOX, focus new attention on the internal controls companies have in place to ensure sound fiscal management and accurate financial reporting.

Trade Globalization. The development of a global marketplace means companies must be concerned about regulatory requirements wherever they plan to market their products. This makes environmental regulations, such as the European Union’s Waste Electrical and Electronic Equipment and Restriction of Hazardous Substances directives, important throughout the global business chain.

Reputational Risk. A 2004 survey of World Economic Forum members found that more than half of the survey respondents estimated that corporate brand or reputation represents more than 40% of a company’s market capitalization. Given the public interest in environmental issues, negative environmental publicity impacting a company’s reputation is a significant corporate concern.

Expanding Potential Liability. Increasingly, laws and standards are shifting from “buyer beware” to a focus on minimizing a product’s potentially harmful environmental and safety impacts throughout all aspects of its lifecycle. This has lead to an increased focus on those entities along the product distribution chain that have the ability or means to prevent potential harmful impacts. With a global marketplace, this also means that ignoring safety and environmental issues may create significant worldwide liability.

How has the SOX Act impacted the SH&E auditing process?

It has raised the visibility from the business unit to the boardroom. Now questions from directors and board members have more gravity than they had in the past. Further, not responding to them can dramatically impact SH&E and operations management.

SH&E auditors’ role and the information they assess are currently undergoing a sea change. Traditionally, SH&E auditors have assessed company-specific information using company-specific metrics for use by an internal audience within the company. Recent developments, such as the passage of SOX and increased adoption of the Global Reporting Initiative, are broadening the scope of both information collection and modes of data delivery, as well as the audience.

SH&E professionals addressed this dynamic earlier this year in Philadelphia, PA at the annual Auditing Roundtable conference titled “The Role and Practice of SH&E Auditing in a New Era of Corporate Governance and Management Systems.” The Board of Environmental, Health and Safety Auditor Certifications (BEAC) oversees SH&E auditing, which is a joint venture between the Auditing Roundtable and the Institute of Internal Auditors (IIA).

Historically, SH&E auditors have been charged with assessing SH&E information for purposes of compliance, due diligence, risk assessment and voluntary standards, such as ISO 14001, an environmental management certification.

The underlying purpose of these audits is expanding under SOX. SOX places greater emphasis on ensuring that disclosures are accurate and complete in all material aspects. SOX also requires that processes are in place to bring all relevant information to senior management’s attention.

In other words, SH&E auditors have been moved from the backroom to the boardroom.

Roberto Jiménez, a director on the board of the Auditing Roundtable, says, “SH&E auditors are now asked to generate and submit information directly to the most senior management levels, including the CEO, CFO and the board of directors.”

The revised SOX rules require two separate certifications by the CEO and CFO for each 10-K and 10-Q (and any amendments) filed with SEC under Sections 302 and 906 of SOX. Corporate officers face potential civil and criminal penalties for violations, so these officers are likely to have zero tolerance for surprises from SH&E audits.

A critical issue for auditors is the need for financial information that fairly presents the business position. Brian Carroll, special counsel at the SEC’s Philadelphia district office, says, “SH&E professionals should know that their work may make its way to SEC based on conclusions about material risks that fairly impact the valuation of companies.”

Information assessed in SH&E audits is now considered with a seriousness rivaling financial information. SH&E data collected and verified during internal audits is no longer held as tightly under the confines of privilege and confidentiality clauses. This increased transparency accentuates the importance of SH&E auditor independence.

Jeff Davidson, partner at Wilmer, Cutler, Pickering, Hale and Dorr, “Without independence, no matter how competently the audit is performed, the resulting report will be potentially compromised.”

While financial audits and reporting in 10-Ks by publicly traded companies largely deal with historical information, SH&E auditors are involved in areas of SEC reporting that require significant estimation of contingent liabilities and future expenditures. Therefore, SH&E auditors are required to do a certain amount of crystal ball gazing, meaning they will need to be very crisp and articulate about how they audit.

The growing importance of SH&E auditing is a mixed blessing: increased responsibility brings with it increased accountability.

Paul Michalski, a partner at Cravath, Swaine and Moore, says, “While SH&E auditors are likely to play a more important and visible role, they are also likely to be held more accountable, with an insistence on verification of processes and a drive by executives to come to accurate hard numbers more quickly.”

In what ways does the proposed ISO 26000 standard for social responsibility tie in with the SOX Act?

Social responsibility’s mantra is, “Do no harm.” A Boy Scouts of America goal is leave a campsite better than you found it; the same can be said for social responsibility. Also, in today’s global marketplace, country-specific laws and regulations can no longer be SH&E programs’ exclusive focus. Laws will never address all aspects of what is fair, ethical and consistent with company values. Rather than ignore questions of ethics and values, companies must confront these questions directly and proactively.

The International Organization for Standardization’s (ISO) proposed international standard, ISO 26000, will provide guidelines for such concerns as social responsibility.

ISO’s goal is to involve a variety of stakeholder groups—industry, government, labor, consumers and nongovernmental organizations—in the development of a guidance document to assist organizations in acting in a socially responsible way.

Why is it important for SH&E professionals to provide an annual SH&E report to their company officers? What elements should this report include?

Annual reports allow you to document the successes and challenges of the previous year and to plan for the upcoming challenges for the year ahead. In addition to informing all company business units of your overall impact and benefit to the company’s bottom line, it is also a great marketing tool both internally and externally. Most importantly, it will be a document third-party auditors will evaluate to ensure accountability of company officers overseeing SH&E.

My own personal belief is that those who lack SH&E experience and knowledge will likely look for those who oversee SH&E at the corporate level. I believe this will come to fruition due to the attendant risks of incorrect reporting and severe accountability when found not in compliance in this area. If you oversee SH&E and do not thoroughly understand it, with the attendant risks, you will be compelled to make sure you have someone on the corporate staff who does. If you do not, you may risk paying the price for incorrect reporting.

Your annual report should include:

  • Goals for the year, accomplishments, initiatives, budgets, success stories, performance awards, performance milestones, staffing, trends, etc.;
  • A summary of serious incidents, corrective actions taken and status;
  • A summary of all SH&E audits conducted throughout the year with corrective actions and status;
  • An environmental characterization of all properties owned or leased and bought or sold by the company and their status;
  • A benchmarking of your management system (or equivalent) across business units.


While some say the SOX Act has helped make U.S. financial markets and corporate accounting procedures more transparent, others claim it has created a confusing regulatory environment. What are your thoughts on this debate?

Just like SH&E, if you embrace it, you can improve organizational efficiencies, and the culture will drive beneficial results. If you do not embrace it but view it as just another regulatory initiative that pains production, you will muddle and slow production. It can be used to enhance and improve the organization or it can become an albatross that weighs on profits. It all depends on how it is integrated into the overall organization. Is it seamless or just another government requirement?

Mark Hansen
Mark Hansen, P.E., is Vice President, Environmental and Safety, for Range Resources Corporation in Fort Worth, TX. He has more than 26 years’ experience in the field and holds certifications in safety and ergonomics.

He has authored more than 100 technical publications, including the book, Out of the Box: Skills for Developing Your Own Career Path. Two other books, Getting to the Corner Office and Software Safety: The Last Frontier, are in development.

Hansen is a past recipient of ASSE’s Edgar Queeny Monsanto Safety Professional of the Year Award (1992-1993) and the Charles V. Culbertson Outstanding Volunteer Service Award (1991-1992). He is also an ASSE Fellow and past president.

He holds a B.S. in psychology and an M.S. in industrial engineering, specializing in safety, both from Texas A&M University.