Does a five-year update satisfy the requirement to conduct a compliance audit?

The owner or operator of a stationary source with a Program 2 or Program 3 process must conduct a compliance audit at least every three years to ensure compliance with the prevention program requirements and must revise and update the risk management plan (RMP) at least every five years (§§68.58, 68.79, 68.190(b)). Does the five-year update satisfy the requirement to conduct a compliance audit and reset the “three-year clock” for conducting compliance audits?

Owners or operators should ensure that they are in compliance with all of the risk management program regulations, including the prevention program requirements, when they update their RMPs. Furthermore, in order to comply with the compliance audit requirements, owners or operators must develop a report of the audit findings and document an appropriate response to each of the findings (§§68.58, 68.79). Therefore, owners or operators may be able to satisfy the compliance audit requirements at the time of the five-year update if they conduct an audit to ensure compliance with the prevention program requirements, develop a report of the audit findings, and document appropriate responses to each of the findings in addition to submitting the actual RMP.

Risk Management Program (RMP) Rule

Contact Us about the Risk Management Program Rule
Contact Us to ask a question, provide feedback, or report a problem.
Last updated on May 9, 2025