Environmental and OHS Management System Auditing
OHS Consultants, Environmental, Health and Safety Consultancy
What is an Audit?
According to AS/NZS ISO 9000 Quality Management Systems – Fundamentals and Vocabulary, an audit is the “systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled”. All clear now? Obviously not.
Systematic Audit
Whether the focus of the management system is Quality (QMS), Occupational Health and Safety (OHSMS) or Environmental Management (EMS) it must, by definition, be systematic. In other words it should be designed, implemented and managed in a deliberate, purposeful and pragmatic way. The auditing of these management systems must be handled in the same manner.
An audit program includes a plan, designed to adequately cover all components of the management system (either as a single or multiple audits) within a specific timeframe. It must be adequately resourced with competent auditors and time to ensure it meets its purpose and the deadline. The program should also consider who will be required to participate and the material that must be made available for evaluation.
Independent Audit
There are 3 types of audits – 1st, 2nd and 3rd party. First party are internal audits and the latter two are collectively referred to as external audits.
A second party audit is undertaken by an entity outside of the organisation for the purposes of satisfying itself that the auditee is meeting specified requirements. Second party audits could be undertaken by a customer on its supplier to ensure the latter has a functioning quality system to control manufacturing process. Another example is a construction company auditing its contractors to ensure their safe systems of work are adequate.
Third party audits are undertaking by independent bodies for the purposes of certifying an organisation to a relevant standard. Examples include an OHS audit against the requirements of AS/NZS4801 Occupational Health and Safety Management Systems or an Environmental audit against ISO14001 Environmental Management Systems.
The independence of the 2nd and 3rd party audits are obvious, they are done by external organisations whose sole motivation is to determine compliance. However, how does an organisation achieve independence when it is conducting a quality, environmental or OHS audit on itself? The answer is, only through deliberate action.
One solution is to have internal auditors from within the organisation but not from the auditee site (e.g. sending OHS auditors from another state). Alternatively the auditors could come from another department, such as an internal OHS auditor who normally works in the production department auditing the site laboratory. Where these are not practicable options or further independence is required, external expertise may be called upon. Some of our clients make use of our Environmental Auditors / OHS Auditors to ensure their environmental and/or OHS internal audit program is resourced by professional auditors who are independent, qualified and highly industry experienced.
Documented Process
An audit is a formal and disciplined process which results in a written report. A supervisor doing his / her role of inspecting the work area or observing employees during a task is not an OHS audit. Neither is the process of a Manager reviewing training records or work permits. These are examples of valid and necessary monitoring processes but they are not audits. As will be discussed later, an audit involves known criteria (typically written), as well as documenting the findings, typically in the form of an audit report.
Audit Evidence
Audits focus on the collection of evidence. Any finding included in the final report must be backed by some form of verifiable evidence. Evidence may include records, such as the training records or completed permits sighted by the Manager mentioned earlier. It may include data from measuring equipment such as counters, scales, gauges etc. Evidence often includes sighted documents such as safe work procedures or risk assessments. Most audits also include interviews with key personnel; this too is evidence.
Evaluating Evidence
This specifically relates to using the collected evidence to evaluate whether the organisation, site, department etc is meeting the requirements of the audit criteria (see following). However, it provides an opportunity to also discuss the importance of ensuring that the evidence is actually valid.
As a minimum, before accepting evidence, the auditor should consider its currency and sufficiency. To be considered current, the evidence should be reasonably recent; the fact that the organisation undertook an environmental or safety risk assessment of a particular process 10 or more years ago may not be acceptable. To be sufficient, the evidence sighted / sample collected must be large enough to give the auditor some comfort that the management system is sufficiently implemented; the sighted confined space entry permits may have been from the last two weeks (current) but they would not be sufficient if they are the only ones in the filing cabinet of a site which has entries at least every week.
Most importantly the evidence must actually be evidence. Some auditees will produce a spreadsheet full of names and associated course titles when asked to demonstrate they have delivered training. No doubt training registers are excellent tools and may well demonstrate that training is being managed but they are not actually direct evidence of the training they list. Instead the auditee should be asked to produce a sample of certificates, signed competency assessments or attendance sheets.
Audit Criteria
As important as audit evidence, is the audit criteria or, put simply, the requirements. Some organisations undertake what they call audits without first identifying their audit criteria. How do you know you have passed if you don’t know what the pass mark is? How do you know whether someone is compliant if you don’t know what good looks like?
Clear and well communicated audit criteria is crucial to the success of any audit program. However, a note of caution: Unlike quality auditing, which may only be subject to contractual requirements, Environmental and OHS audit criteria must consider legal requirements of the relevant jurisdiction. No point giving your organisation the “all clear” on compliance to the requirements of a management system, if the system has failed to identify relevant legal obligations. Once again, ensure sufficient environmental and/or OHS expertise is utilised to developing these audit programs.
Conclusion
Once again, an effective environmental or OHS management system audit should be a “systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled”. Hopefully this is much clearer now.
If you require more information or would like an obligation free discussion on how OSHEM Solutions can assist your organisation in managing its environmental and/or OH&S management system audit program, contact us.
Safety Photos……… Health and Safety for Beginners………SafetyRich
