Health and Safety Audit: 4 ways to get the most from your audit program
Organisations often have to audit. Contractually, for certifications, for assurance or for verification for management. My team and I spend a chunk of our work time auditing. But something’s been troubling me of late, as I’ve seen the quality and effectiveness of audits preceding ours plummet.
If, as the audit standard (ISO19011:2019) indicates, audits should “serve not only to confirm conformity but also, and more importantly, to further develop the organisation and its processes," then I think many (perhaps even most?) are falling well short.
I’ve come across previous certification, compliance, and even self-insurance audits where systems are deemed 100% conforming with very little practical observation for improvement. It’s evident that company cultural dynamics, auditor skill and independence, and the qualitative nature of information can impact how effective the ‘assurance’ outcome of an audit is.
I still see so many certified (hello, ASNZS 45001!) organisations with impractical and overcomplicated systems remote from the day-to-day management of risks, and I just wonder what on earth we’re trying to do with these audits. And don’t just believe me; studies are showing this too. In a study (read the paper here) of the safety practices between three certified (18001) and three uncertified companies, the non-certified proportionally spent more time addressing physical hazards compared to certified companies. By far, the certified companies directed the most effort towards document management rather than hazard management, with this happening at higher, more ‘corporate areas’ of the business than on the ground.
In another study, Ben Hutchinson and his counterparts analysed the capability of audits to find and fix problems (read the full paper here). They found that audits generally ‘prioritised superficial fixes over addressing significant operational risks’ with a need for organisations to “clarify their audit expectations and implement mechanisms to test and monitor whether auditing achieves those expectations”.
So, what are four ways you can go beyond a tick in a box and get the most out of your audit program, whether they are internal or external?
Set scope and expectations: get clear on what need or benefit is fulfilling. Are you seeking comfort, or do you really want to identify your gaps and effectively correct them?
Where, when and who develop rigorous audit methodology to allow true visibility of how work is done in the real world versus how it is imagined (aka the paperwork)
Implementation and engagement: workers’ views about the systems with which they engage (or not) is critical to identifying the effectiveness of implementation
Auditor training, experience, and organisational understanding: select your auditor wisely. Qualifications are one thing, but experience and active listening are another! Check example reports and spend time ensuring they understand your organisation’s structure, key risks, and audit scope!
I take audit seriously and really focus on all the audits we do, adding value beyond a conformance percentage. All consultants at Shared Safety and Risk are lead auditor qualified and have considerable audit experience across a range of industries.
We aim to help clients ‘set the scene’ and identify those critical outcomes or needs they have from audit and aim to truly understand the organisation, its operations, and key risks. As an auditor or organisation, how do you audit? Are there any (or all) of the four ways you could use to improve?
Reach out for a chat or more information at here.
