Thursday, November 23, 2006

Health and safety auditing

According to HSG65, audit is "the structured process of collecting independent information on the efficiency, effectiveness and reliability of the total health and safety management system and drawing up plans for corrective action." As such an the aims of an audit are to establish that:

There are two main types of audit

* Systems audit - checks that necessary systems are in place, comply with legislation, guidance and good practice and are generally appropriate for the level of risk
* Compliance audit - checks that the systems are being used and that this result in appropriate workplace precautions.

An audit cannot look at every element of a system, and so sampling is important. Some elements need to be checked more often than others, and it is bad practice simply to do the same audit every time. A useful concept is the idea of 'vertical' and 'horizontal' audits. A vertical audit takes a subjects and sees how it fits into all elements of the health and safety management system from top to bottom (i.e. how it is covered by policy, organisation, arrangements, measurement, audit and review). Whilst a horizontal audit selects one part of the system and considers how different items are addressed.

Any auditor should be able to act independently, so it is not normal for someone to audit their own system or compliance. However, internal audit can be carried out, typically by people from a different department from that being audited. These audits can be particularly useful at sharing best practice and learning through an organisation, and the auditors usually have the benefit of knowing the systems very well, including known weaknesses.

To ensure an audit system remains relevant it usually necessary to carry out some degree of external auditing. This is a requirement for auditing to standards, and has the advantage of the auditors being fully independent. However, there is the obvious cost of external audits and the possibility that the auditor does not understand the industry and its risks, or the organisations systems.

Auditing is not always as successful as it should be and there have been some high profile examples of where companies have had major incidents shortly after apparently successful audits. Part of the problem is that organisations get to know what they are going to be audited on, and make changes to do well in the audit. This can be at the expense of other items that are more critical but not covered by the audit. For this reason it is essential that all auditors use their schedule as a guide, whilst taking every opportunity to fully explore all aspects of the system that they feel may be critical.

No comments: