OHS Management System and Environmental Auditing
According to AS/NZS ISO 9000 Quality Management Systems – Fundamentals and Vocabulary, an audit is the “systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled”. All clear now? Obviously not.
Whether the focus of the management system is Quality (QMS), Occupational Health and Safety (OHSMS) or Environmental Management (EMS) it must, by definition, be systematic. In other words it should be designed, implemented and managed in a deliberate, purposeful and pragmatic way. The auditing of these management systems must be handled in the same manner.
An audit program includes a plan, designed to adequately cover all components of the management system (either as a single or multiple audits) within a specific timeframe. It must be adequately resourced with competent OHS or environmental auditors to ensure it meets its purpose and the deadline. The program should also consider who will be required to participate and the material that must be made available for evaluation.
There are 3 types of audits – first, second and third party.
First party are internal audits and the latter two are collectively referred to as external audits.
A second party audit is undertaken by another entity for the purposes of satisfying itself that the audited organisation is meeting requirements. An example of a second party audit would be a manufacturing company auditing the health & safety management of its road transport supplier. Another example would be a construction company auditing the processes of its major contractor to ensure their subcontractor processes result in suitably qualified, capable and safe people on site.
Third party audits are undertaking by independent bodies for the purposes of certifying an organisation to a recognised standard. Examples include an OHS audit against the requirements of AS/NZS4801 Occupational Health and Safety Management Systems or an Environmental audit against ISO14001 Environmental Management Systems.
The independence of the second and third party audits are obvious, they are done by external organisations whose sole motivation is to determine compliance to the relevant criteria. However, how does an organisation achieve independence when it is conducting a quality, environmental or OHS audit on itself? The answer is, ‘only through deliberate action’.
One solution is to have internal OHS or environmental auditors from within the organisation but not from the audited site (e.g. sending OHS auditors from another division or sending Sydney auditors to Brisbane and vice versa). Alternatively the auditors could come from another department, such as an internal environmental auditor who normally works in the production department auditing the site laboratory.
Where these are not practicable options or further independence is required, external expertise may be called upon. Some of our clients make use of our Environmental Auditors / OHS Auditors to ensure their environmental and/or OHS internal audit program is resourced by professional auditors who are independent, qualified and highly industry experienced.
It should be noted that an audit is a formal and systematic process which examines a range of evidence and results in a determination of compliance or not. A supervisor doing his / her role of inspecting the work area or observing employees during a task is not an OHS audit. Neither is the process of a manager reviewing training records or work permits. These are examples of valid and necessary monitoring processes, but they are not audits. As will be discussed later, an audit involves known criteria (typically written), as well as documenting the findings, typically in the form of an audit report.
Audits must focus on the collection of evidence. Any finding included in the final report must be backed by some form of verifiable evidence. Evidence should com from a variety of sources and may include records, such as the training records or completed permits sighted by the manager mentioned earlier. It may include data from measuring equipment such as counters, scales, gauges etc. Evidence often includes sighted documents such as safe operating procedures or risk assessments, such as a safe work method statement (SWMS). Most OHS and environmental audits will also include interviews with key personnel.
This specifically relates to using the collected evidence to evaluate whether the organisation, site, department etc is meeting the requirements of the audit criteria (see following). However, it provides an opportunity to also discuss the importance of ensuring that the evidence is actually valid.
As a minimum, before accepting evidence, an OHS or environmental auditor should consider its currency and sufficiency. To be considered current, the evidence should be reasonably recent; the fact that the organisation undertook an environmental or safety risk assessment of a particular process 10 or more years ago may not be acceptable. To be sufficient, the evidence sighted / sample collected must be large enough to give the auditor some comfort that the management system is sufficiently implemented; the sighted confined space entry permits may have been from the last two weeks (current) but they would not be sufficient if they are the only ones in the filing cabinet of a site which has entries at least every week.
Most importantly the evidence must actually be evidence. Some auditees will produce a spreadsheet full of names and associated course titles when asked to demonstrate they have delivered training. No doubt training registers are excellent tools and may well demonstrate that training is being managed but they are not actually direct evidence of the training they list. Instead the auditee should be asked to produce a sample of certificates, signed competency assessments or attendance sheets.
As important as audit evidence, is the audit criteria or, put simply, the requirements. Some organisations undertake what they call audits without first identifying their audit criteria. How do you know you have passed if you don’t know what the pass mark is? How do you know whether someone is compliant if you don’t know what good looks like?
Clear and well communicated audit criteria are crucial to the success of any audit program. However, a note of caution: unlike quality auditing, which may only be subject to contractual requirements, environmental and OHS audit criteria must consider legal requirements of the relevant jurisdiction. No point giving your organisation the “all clear” on compliance to the requirements of a management system, if the system has failed to identify relevant legal obligations. Once again, ensure sufficient environmental and/or OHS expertise is utilised to developing these audit programs.
Once again, an effective environmental or OHS management system audit should be a “systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled”. Hopefully this is much clearer now.
If you require more information or would like an obligation free discussion on how OSHEM Solutions can assist your organisation by providing OHS or environmental auditors for managing its environmental and/or OH&S management system audit program contact us.