Whilst Audit Standards don't deliberately try and conceal their requirements (like the fine print in some contracts!) they aren't always written with the general populace in mind and are often full of jargon or specific definitions designed to help Auditors, rather than the Auditees.
To make things even more complicated different Audit Standards often adopt different approaches (prescriptive vs non-prescriptive) and different definitions, both with other standards and local legislation. The introduction of ISO 45001 using a high-level structure (Annex SL) that includes much of the same text, terms and definitions with other ISO Standards (such as ISO 9001 and ISO 14001) may reduce some of the complexities, but only between ISO Standards and not between other management system standards or internal audit tools.
We have seen already that varying terminology between AS/NZS 4801 and OHSAS 18001 highlights how the requirements of these two common health and safety management system standards are different. These differences are only amplified the more prescriptive the audit criteria are, with greater details often requiring greater effort to comply. The National Audit Tool (the NAT), used in Australia for self-insurance purposes, is based on AS/NZS 4801 but with significantly more prescriptive detail. Where AS/NZS 4801 has 25 areas to evaluate during an audit and provides an organisation with the flexibility on how they conform to it, the NAT has 108 criteria, with multiple 'best practice' requirements hardwired into individual criterion.
To demonstrate, consider the examples below from the highly prescriptive National Audit Tool:
National Audit Tool - Criterion 3.3.9
Those representing the employer and the workers on health and safety matters, including representatives on consultative committee(s), receive appropriate training to enable them to undertake their representative roles effectively.
Under Australian Health & Safety Law, those representing workers are required to be provided with 'Health & Safety Representative' (HSR) training on request so that they understand their rights and responsibilities as a HSR. As a result, many organisations present HSR training attendance records for their HSRs as evidence of conformance to this criterion. Organisations are often tripped up by not presenting evidence that 'those representing the employer' have also been provided training. Whilst providing specific training to employer representatives is not required under Australian law, failure in this case could result in a non-conformance.
National Audit Tool - Criterion 3.4.1
There are procedures agreed to by workers outlining their involvement and consultation in:
a) health and safety matters
b) health and safety issues
c) any proposed changes to the work environment, processes, practices or purchasing decisions that impact on their health and safety.
At first glance, this criterion is assessing whether an organisation has consultation procedures, and many organisations attempt to conform to this requirement by presenting a document that broadly covers consultation arrangements they have in the workplace. However, many self-insured organisations regularly miss the finer detail, forgetting that the procedures must be 'agreed to' by workers as well as specifically including items a) – c) in the document. If organisations can't show evidence of worker agreement in the procedures, or if the procedures don't cover each specific area where consultation should occur, non-conformances are inevitable.
National Audit Tool - Criterion 3.10.11
The organisation has a program for the safe use, handling, transfer, inventory management and transport of hazardous chemicals.
This criterion is another example of where organisations are required to do more than what legislation might normally require. Most health and safety law in Australia requires a Register of Hazard Chemicals to be kept, effectively a list of the types of hazardous chemicals used in the workplace.
Organisations attempting to conform with this criterion would often present a procedure, corresponding risk assessments and work instructions that cover the safe use, handling, transfer and transport of hazardous chemicals along with their Hazardous Chemical Register. However, the criterion requires an inventory of hazardous chemicals, going beyond the legislative requirement of a simple list, and requiring quantities of hazardous chemicals to be kept and maintained.
This limited sample demonstrates just how important it is to fully understand the requirements of the specific Audit Standard and criteria that you are auditing against. Take time to read the entirety of the criteria and review definitions contained in the Audit Standard if you are unsure. Many Audit Standards also provide guidance for the auditor and auditee, however remember that this is guidance only, with only the detail in the criterion that is auditable.
If you a still unsure, a qualified Auditor, one with the right industry and auditing experience, should be able to quickly and easily highlight exactly what your system needs to contain and achieve.
If you or your organisation are in need of assistance interpreting or understanding the exact requirements of an Audit Standard or criterion, consider contacting Verus today. Verus has a suite of Lead Safety Auditors with experience across a wide range of industries and Audit Standards and has had a great deal of success in developing and reviewing systems that deliver on the 'small print' without creating or introducing unnecessary red tape or bureaucracy.
If you're interested in more ways to improve your Safety Audits, join our community by subscribing and we will outline common Safety Audit pitfalls and practical ways to avoid them. Next up: Taking a Risk Based Approach.