And Safety Audits are far from simple. They can involve many different personnel, from a range of functional areas or work locations, across multiple days or weeks. Simply asking for a 'Safety Audit' doesn't provide a great deal of explanation and is likely going to result in a lot of questions or a lot of blank expressions.
Before beginning, its best to first understand what the objective of the "Safety Audit" is. Too often "Audit" is used (incorrectly) as a synonym for "inspection" or "assessment". A Safety Audit isn't a way to understand what hazards are present in an area (inspection) or a way to understand the amount of risk an organisation might be exposed to (assessment). A Safety Audit is a systematic examination of an organisation and whether its activities and results conform to planned arrangements, or more simply, it is a check of whether: you did what you planned to do and achieved the results your planned for.
Having confirmed that you need a Safety Audit and not an inspection or assessment, we need to next understand what the Scope of the Safety Audit is. The Scope defines the geographic location and operational units to be audited and the standards and criteria that the location and operational units will be evaluated against.
The Scope of the Audit can include the whole organisation or just a specific part or operation. For example, the Scope might be limited to a particular geography (eg. Victoria but not Queensland), or it might be limited to a particular function or operation, (eg. building design but not construction).
The Scope will also dictate the duration of the audit, assessing the particular risk profile of your organisation (or part of), taking into consideration the types of activities, the number of sites and the number of employees before deciding upon a minimum audit duration and minimum number of sites to visit. As a result, you will need to prepare evidence and arrange for interviews with people that are relevant to the selected sites and their activities.
Without being aware of these boundaries it's possible to prepare incorrectly. Using the example above, collecting evidence of construction safety management plans for sites in Queensland, rather than evidence related to building design in Victoria, isn't going to give you the best chance of success.
Having established the boundaries, the Scope will also define the type of Audit and can dictate how you need to prepare. To many, all Safety Audits might seem one and the same, but they can be undertaken for a variety of different reasons, including:
- Certification or Licence Audit (including renewal)
- Surveillance Audit
- Internal Assurance Audit
- Enforceable Undertaking Audit
Certification / Licence Audits including Renewal Audit
Certification / Licence Audits assess whether a particular organisation (or part of) has systems, procedures and outcomes that conform to specific Standard that describes how safety management should be performed. Common Safety Standards include AS/NZS 4801, OHSAS 18001, the recently released ISO 45001 as well as bespoke auditing criteria such as the National Audit Tool used in Australia for self-insurance. These Safety Audits will use a standardised audit criteria, and will not only assess whether functional areas are managing safety in accordance with company procedures, but also assess whether or not those company procedures conform to the Standard.
While there are exceptions, Certification and Licence Audits will typically assess your organisation against the entire Standard and will require you to be 100% conformant before being recommended for certification or being granted a licence. Your preparation will need to include documentation and records that covers the entirety of your health and safety management system.
Surveillance Audits assess whether a particular organisation (or part of) continues to manage health and safety consistent with the Standard you are certified to or licenced for. Unlike a certification or licence audit, a Surveillance Audit typically includes a reduced number of sites and shorter audit duration, as well as a reduction in the criteria audited. Instead of assessing all criteria, many surveillance audit programs will aim to audit a proportion of the criteria each year (eg. One half each year for 2 years) until the full Certification Renewal Audit is due. Consequently, don't waste your time preparing documentation and records for criteria that aren't yet being audited.
Internal Assurance Audits generally assess conformance to an organisation's internal requirements. Audits are typically undertaken using an internal Audit Tool that is bespoke to that organisation. Auditors completing internal assurance audits can be from external organisations, or internally where there are no conflicts of interest. The objective of these audits is to evaluate whether functional/operational groups are managing safety in accordance with internal company safety procedures. Because these audits are undertaken for internal purposes, you won't often find auditors referring to recognised standards such as AS/NZS 4801 or ISO 45001.
Preparing for these audits will require knowledge of which sites are included in the audit as well as evidence that you have been managing health and safety in accordance with your organisations internal processes.
Enforceable Undertaking Audit
It's not uncommon for an organisation to enter into an enforceable undertaking with the regulator as an alternative to prosecution. Enforceable undertakings can take many forms, with a common one including committing to third party audits of your health and safety management system. Under such an arrangement it's important to understand the scope of the enforceable undertaking, which will define the audit standard (eg AS/NZS 4801) as well as the number of sites and audit duration.
So before starting your safety audit, consider the objective you are trying to achieve and understand that scope of audit that you need to deliver on that objective. Once you are sure of the Scope, you can start preparing properly.
If you need assistance in understanding the scope or type of Safety Audit or just want to know more about Audits in general, contact the team at Verus or join our community by subscribing and over the coming weeks, we will outline additional common Safety Audit pitfalls and practical ways to avoid them. Next up: Don't Conceal or Suppress Evidence.