Auditing: A Safety Management Imperative

The proof of the pudding is in the eating. By a small sample

we may judge of the whole piece." - Miguel de Cervantes

What is a Safety Audit?

A safety audit is a proactive process that can be used by any organization to continually
evaluate and monitor the progress and effectiveness of their occupational health and safety
programs. The terms safety auditing and safety inspection are often misunderstood and
sometimes misused. An inspection is an examination of actual conditions and is typically
deemed to be a departmental and line management responsibility.

By strict definition, audits can be defined as follows:

1. The systematic and documented process for obtaining audit evidence and evaluating it
objectively to determine the extent to which the audit criteria are fulfilled. (Source: CSA
Z1000-06 standard on occupational health and safety management systems)

2. An evaluation of an organization, system, process, project or product. It is performed by a

competent, independent, objective, and unbiased person or persons, known as auditors.
The purpose is to verify that the subject of the audit was completed or operates according to
approved and accepted standards, statutes, regulations, or practices. It also evaluates controls
to determine if conformance will continue, and recommends necessary changes in policies,
procedures or controls. Auditing is a part of some quality control certifications such as ISO
9001:2000. (Source: http://en.wikipedia.org/wiki/Audit)

The primary objectives of a safety audit are to:

Confirm that health and safety program activities and controls are in place to address
the identified risks associated with the work performed in the business.
Verify that the business is in compliance with internal benchmarks, approved
business practices and/or government regulation.
Assess past and current practices to identify and correct safety issues which, if left
unresolved, could result in loss through personal injury, property and/or equipment
damage or business interruption.

It's been stated that 95 percent of Fortune 2000 companies now perform safety audits, so
there's no doubt safety audits are growing in terms of scope and importance. But safety
audits are just as critical for medium to small businesses as well, due to the fact that risk does
not discriminate, and is not necessarily proportionate to the size or your operation.

"If you don't know where you're going - any road will take you there"

In order to manage safety in an objective way management of any organization needs to

have some system in place to enable them to monitor the implementation and
performance of their management systems against some defined standards, or
expectations.

Very often, management assumes that just because there are written policies or procedures
are in place, and staff have been trained to use them, that compliance is simply automatic.
But time and time again, this has been proven by many safety practitioners to not be the
case. To manage any aspect of an organization's activity the manager must have targets and
regular feedback of information on performance. Safety management is no exception, and
the performance feedback comes from a variety of pro-active monitoring activities, with the
safety audit being paramount in terms of objectivity and accuracy..

Why Safety Audit?

The safety audit is the part of a safety management system that subjects each area of an
organizations safety system to systematic, critical examination. Each component of the total
system is included: management policy, features of the process and design, operating
procedures, emergency procedures, training, etc. The aim is to disclose the strengths and
weaknesses and the main areas of vulnerability and risk, with the objective of minimizing
loss through accident and/or plant damage. The outcome of the audit will be a report,
followed by an action plan agreed with local management. The implementation of the action
plan must be monitored. A Safety Audit will be carried out by a team of people who are
competent and with a satisfactory degree of independence from the plant or unit under
audit.

The frequency of the audit will be dependent on management policy. For example, some
companies may audit on an annual basis and use a scoring system to monitor improvements.
Others may consider that a full safety audit is only necessary at five yearly intervals. The
frequency of future audits is decided by weighing the benefits gained against the more
frequent checks of compliance offered by an inspection program following the initial audit.
Some companies prefer to carry out integrated audits, which include not only safety but also
environment, quality and other business improvement processes. These audits can only be
conducted using the integrated approach when the management systems have already been
integrated.

All audits should be pre-planned and a documented checklist of the audit content prepared.

By way of example, the new Canadian standard CSA Z1000-06 makes specific references to
auditing the OH&S systems. Section 4.5.4 on internal audits states:

4.5.4.1

The organization shall

(a) establish and maintain an internal audit program that includes the criteria for auditor
competency, the audit scope, the frequency of audits, the audit methodology, and reporting;
and
(b) conduct audits at planned intervals to determine whether the OHSMS

(i) conforms to the requirements of this Standard and to the health and safety management
system requirements established by the organization; and

(ii) is effectively implemented and maintained.

4.5.4.2

The audit results, audit conclusions, and any corrective action plans shall be documented and
communicated to affected workplace parties, including workers and worker representatives,
and those responsible for corrective action. The organization should consult with workers
and their representatives on auditor selection, the audit process, and the analysis of results.
The management responsible for the activity being audited shall ensure that corrective
actions are taken to eliminate any nonconformance with the organizations OHSMS or this
Standard identified during the audit.

Audits required by any mandated internal or external standard are designed to determine
conformance with the requirements of a the standard in question, and measure the
effectiveness of the OHSMS. This includes assessments of the organizations
implementation of a policy, set objectives, and targets, and its promotion of the OHSMS.
While the audit may not determine compliance with specific legal requirements, it should
note whether compliance audits are conducted, and there is a process in place to check on
the level of compliance by the organization. Audits should be planned and scheduled to
cover all the elements of the OHSMS that are covered by this Standard.

By way of example, the following are audit elements required of the CSA Z1000 Standards
(see how many of these requirements match or come close to matching your current safety
management system)

management commitment and leadership

worker participation (

OHS policy

review

legal and other requirements

hazard and risk identification and assessment

OHS objectives and targets

implementation
 preventive and protective measures

emergency prevention, preparedness, and response

competence and training

communication and awareness

procurement and contracting

management of change

documentation

monitoring and measurement

incident investigation and analysis

internal audit

preventive and corrective action

management review

continual improvement

review input

review output

In general, all elements of the organizations OHSMS should be audited annually. A

complete audit may be conducted, or parts of the system may be audited individually. In
addition to the regularly scheduled audits, an audit can be triggered for any of the following
reasons:

(a) significant changes, either in the organization or in the processes;

(b) an analysis of nonconformities pointing to a potential problem area in the organization;

(c) high employee turnover in a department where health and safety can be jeopardized due
to

nonconformities; and

(d) verification that corrective or preventive action has been taken and is effective.

Critical Success Factors for Safety Auditing

So you've accepted the idea that safety auditing can be a valuable metric for your
organization. Now you need to ensure that the audit will be 'effective'. It's essential that you
strive for a direct 'cause and effect' relationship between your audit, and the performance of
your OH&S management system. For the audit to be an effective metric, there has to be
some relationship between the audit, priorities and findings, and improvements in your
safety results

4 Critical steps to a successful safety audit process

Step One: Plan the audit determine what you want to audit based on a risk
analysis or gap analysis; define objectives; develop audit scope; and prepare an audit
plan or protocol.
Step Two: Conduct the audit communicate with management; test systems and
processes; interview personnel; review documentation; and observe practices.
Step Three: Reporting and documentation communicate results and conclusions
in a final report.
Step Four: Findings and corrective action includes management response;
commitment to corrective action; and follow-up verification by the auditee to ensure
the corrective action has taken place.