The Health and Safety
performance of an Organisation depends on Management
control, Health and Safety must be efficiently managed
if performance is to be satisfactory. Improvements to
Health and Safety performance can be stimulated by various
a) Moving from a reactive
to a proactive approach to Health and Safety issues
[i.e. not waiting for an incident, injury or loss
to occur before acting. b)
Identifying exactly what needs to be controlled and
setting standards and performance measurement criteria.
c) Adopting the same disciplines of Management control
and responsibility as are applied to financial or
In short, successful
Health and Safety Management requires commitment to
a policy and programme of continuous improvement by
those in charge, together with a regular audit of that
Auditing is a means
by which information about the measures taken by the
Management to put into action arrangement appropriate
for the effective planning, organisation, control, monitoring
and review of Safety measures, can be gathered.
It is the culmination
of the series of activities which make up an organisation’s
Health and Safety Policy statement from the occupier,
which is developed into systems and procedures by middle
managers for implementation by those carrying out the
work of the organisation. The definition of auditing
process of collecting independent information on the
efficiency, effectiveness and reliability of the total
Safety Management System and drawing up plans for corrective
Auditing examines each
stage in the Health and Safety Management system by
measuring compliance with the controls, the organisation
has developed, with the ultimate aim of assessing their
effectiveness and their validity for the future.
Implementing the principles
of Health and Safety Management will ensure that areas
requiring control are identified and control measures
are applied. However, the inevitable changes which all
organisations experience will affect the control system.
As a result the health and safety management system
must be examined at regular intervals to ensure that
control measures are being correctly implemented and
that they continue to be the most appropriate system.
A structured audit can appraise performance in the key
management responsibility areas [i.e. planning, organisation,
allocating responsibility and controlling the organisation’s
Health and Safety has
to be managed in the present climate of increasing industrial
democracy. Workers expect to have a greater say in the
organisation of their daily lives.
in Health and Safety is possible through increased employee
participation in planning and implementing health and
safety measures, but this is not an area for voluntary
participation or uncertain responsibilities. Every Health
and Safety responsibility must be ‘owned’
by somebody, requiring a strictly controlled management
approach that ensures standards are being set and met.
and Safety performance is greatly affected by the performance
of individual employees, which in turn depends on how
well motivated they are. Behavioural psychologists have
shown that most people are motivated to action by two
a) Finding the task interesting
and wanting to do it
b) Expecting the task to be checked by others
Those charged with specific
Health and Safety management responsibilities must always
be aware that ‘you get what you inspect and not
necessarily what you expect’. It is vital therefore,
to ‘check up’ on compliance with Health
and Safety control measures regularly through the use
of audits and other measuring techniques.
The behaviour of employees
is best changed by instilling positive attitudes towards
safety and this cannot be achieved without genuine management
commitment backed by a strict enforcement policy. Safety
auditing is a visible technique that demonstrates commitment
THE AIM OF AUDITING
Audits are best carried
out by a person independent of the area being audited
in order to provide a fresh, objective look at the organisation’s
Health and Safety Management systems. They can be used
to chart progress in specific areas of health and safety
management and can help to develop consistency in the
application of health and safety management performance
standards throughout the organisation.
Audits provide feedback
to senior managers on the implementation of the organisation’s
health and safety policies. Many companies have excellent
policies that, when critically examined, are not translated
into reality on the shop floor. Audits help to identify
where there are failings in implementing the safety
programme, for example where personal protective equipment
has been introduced but is not being worn, as well as
assessing the effectiveness and appropriateness of each
element of that safety programme.
HEALTH AND SAFETY
define which activities are to be carried out, by whom,
when, to what level and the method of measurement. Rulesare
issued by persons in authority which merely state what
should or should not be done.
Standards can be set
for any area of business from the post room to the boardroom.
The key features are that they are prescriptive and
measurable. A standard can be as simple as ‘all
internal correspondence will be delivered by ___________
[name person] within four hours of its collection’.
This, however, will have little impact if there is no
complementary standard regarding the frequency of collection.
Examples of a rule and a performance standard relating
to the safety of on-site contractors are as follows:
Rule : All contractors
will be given safety induction training.
Standard : All contractors
will receive Safety induction training from the contractor’s
supervisor on the first day of attendance. The contractors
Induction Programme document will be used for this purpose.
At the end of training a written test will be given
to ensure that there is full understanding. A register
will be kept by the contractor’s supervisor of
all who attend. Refresher training will be carried out
A rule therefore
states only what should happen, whilst a standard includes
the mechanism for it to happen and assigns responsibilities.
The auditor will have a relatively simple task to measure
performance against a standard because:
a) It is more specific
b) He or she knows who should have carried out the
c) He or she knows exactly what the task required
d) Records should be available to confirm that the
task was carried out and that it was effective.
There are several
areas where performance standards are appropriate. These
include the following:
1. Leadership - demonstration
of Management commitment.
2. Training - Management and workforce Health and
Safety training in addition to core skill requirement.
3. Workforce inspection - a structured approach to
hazard identification and remedy.
4. Incident reporting, Investigation and analysis
- a comprehensive system with the facility to track
5. Communication systems - training in, and the use
of, personnel communication skills.
6. Recruitment arrangements - Health and Safety aspects
of personnel placement.
7. Procurement arrangements - assurance of fitness
for Health and Safety purposes of purchased goods,
services, equipment and substances.
8. Occupational Health - the maintenance of a healthy
9. Plant / Process modification and permit to work
systems - the control of key high risk activities.
10. Response to emergencies - preparing for the handling
of major incidents. Some of the above topics may not
appear to have direct relevance
to Safety and Health in general or to auditing in
particular. For example,
how does procurement
relate to Safety and Health? Procurement of goods and
services has a direct impact on Safety and Health. If
the correct purchasing standards are not in place this
may lead to the purchase of inappropriate goods and
services. An example would be the purchase of new machinery,
which is found to have a noise level exceeding the legal
exposure limit only after it has been installed. The
operator is then at risk from noise-induced hearing
loss until the employer spends additional money to reduce
exposure. A purchasing executive may not appreciate
the implications of a defective standard, so the Health
and Safety manager should be involved in agreeing purchasing
standards, to ensure that Health and Safety issues are
Similarly, well thought
out recruitment procedures will prevent individuals
with unsuitable medical conditions being placed into
potentially hazardous posts, for example those with
pre-existing lumbar problems should not be involved
in work requiring frequent lifting operations and those
with defective colour vision are unsuitable for certain
standards or control systems should be developed in
the areas listed above. These can be prepared in-house
or obtained as an ‘off-the-shelf’ package
from commercial organisations.
THE USE OF PERFORMANCE
STANDARDS IN AUDITING
The role of the auditor
is to check that the standards are being met and that
the desired outcome is achieved. Failure to achieve
the desired outcome indicates either non compliance
with the standard or a defective standard.
If the auditor discovers
that compliance with a standard is failing to produce
the necessary benefits, the standard and its objectives
should be reviewed.
programme principles outlined earlier should result
in deeper analysis of areas of non- compliance to be
described with reference to the performance standard.
resulting in one of the following categories :
o the absence if inadequacy
of a performance standard for that activity
o communication failure or a lack of understanding
o the failure to enforce the standard.
less of an onerous task if Health and Safety awareness
is an integral part of both management’s and employees’
day-to-day activities and not an ‘add on’,
which receives attention only on selected occasions
or at specific times. To be of value, audits should
o Have objectives and result
in a quantifiable outcome and report
o Be carried out by a person with knowledge of and
training in Health and Safety auditing
o Be independent [ i.e. carried out by a person independent
of the area or activity being audited and with no
vested interest in the outcome].
o Be completed within a pre-set period
o Generate a remedial action plan.
The audit procedure
should check that for all aspects of the subject or
programmes being audited [of training, incident investigation,
emergency response] the following requirements are met
- A system is in place
- It is written down
- It is communicated
- It is understood
- It is practised
- It is reviewed and updated.
Implementation of the
audit procedure should be transparent [ i.e. capable
of being verified in the workplace.
Audits can take the
form of very detailed reviews of a complex Safety and
Health programme. They may look in depth at a particular
work area or perhaps at compliance with a single Safety
and Health issue of statutory requirement. The two main
types of audit are Comprehensive Audits and Specific
Audits should be tailored
to the needs of the Organisation, e.g. a small organisation
with few employees and carrying out low risk operations
does not necessarily require a comprehensive audit regime.
Where there are employee
safety representatives they should be encouraged to
participate in the audit exercise. Involvement of an
organisation’s managers, supervisors and workforce
in specific audits, and on monitoring surveys and assessment
activities with trained auditors, helps to develop their
cover the whole site or whole health and safety programme
and may involve participation by large numbers of employees.
Information on the awareness, knowledge and degree of
compliance with Health and Safety practices and procedures
is collected by interviewing the management and workforce.
Trained auditors independent
of the area under audit are required for Comprehensive
audits, which should occur at a frequency that allows
sufficient time for corrective action and the development
of new initiatives.
A specific audit
can take the following forms:
1. It may involve
auditing a selected activity across the whole site,
for example an audit of a facility which handles highly
flammable or hazardous substances would examine control
arrangements for handling, storage, labelling and
disposal, in addition to operator training, personal
protective clothing, material data sheets and emergency
2. A full programme
audit across only one area of the site would look
at the overall safety management programme for all
of the risks associated with a particular section
or department, considering such areas as local rules,
training of personnel, workplace inspection regimes,
incident reporting and recruitment needs, medical
screening, local protective emergency plan, compliance
with personal protective equipment standards and Safety
3. An audit compliance
with one particular statutory requirement across the
whole organisation is a focused activity, which would
examine compliance with the requirements of, for example,
the Factories Act, the Environmental Protection Act
Specific audits may
be carried out by personnel assigned to the Safety advisor,
who do not necessarily require specialist health and
safety knowledge. For example, an audit of the effectiveness
of personal protective equipment standards simply requires
a person with knowledge of the rules and systems relating
to this subject. However, to audit the effectiveness
of local exhaust ventilation used to control exposure
to a toxic fume will require a competent person with
detailed technical knowledge of certain engineering
Specific audits may
be planned in advance or at random [i.e. those affected
may or may not be warned in advance] depending upon
local circumstances and the audit objective. If the
purpose of the audit is to ascertain the percentage
of the workers using hearing protection in a noisy area,
advance notice of the visit could result in artificially
high compliance. However, if the purpose to discover
whether people are using the correct type of personal
protective equipment, it would be beneficial for those
workers to have advance warning to ensure that their
personal protective equipment is available for assessment
by the auditor.
Audits should be carried
out at a frequency that prevents decay of the Health
and Safety management arrangements. Much will depend
on the level of risk associated with the Organisation’s
activities. Small Organisations with low risk activities
may need to audit once a year. For larger Organisations
with higher risk activities audits may be required every
three to six months.
The initial audit may
be the most difficult particularly if control of risks
is ineffective. If controls are then enforced following
the initial audit, subsequent audits will become simpler,
for example once the relevant standards have been set
and enforced, a monthly spot audit of the personal protective
equipment compliance is easy to carry out and very effective.
standards address the WHY, WHAT, HOW, WHO and WHEN of
Health and Safety management. Auditing addresses the
effectiveness of application of those standards. Effective
audit systems assess the following aspects of Health
and Safety management :
- Health and Safety Policy
- Organisational structure with
respect to Health and Safety management
- Planning and Policy implementation
- Measuring systems
- Reviewing systems and remedial
As with any investigation
process, it is essential that the recommendations which
are the outcome of the audits are fully addressed and
acted upon. All actions should be formally addressed
by the senior manager and either accepted or rejected
in writing. In the latter case the reasons should be
Failure to track remedial
action can result in wasted efforts and resources. Delays
can occur during this phase because some of the actions
require further study, an implementation oppor-tunity
in the future or perhaps the allocation of additional
funds, which are not immediately available. Such delays
can lead in some instances to the action or activity
Tracking systems should
be devised to allow specific action arising from audits
or investigations to be allocated to individuals with
a set time-scale; this follow up action can then be
regularly and automatically monitored.
OFF THE SHELF SYSTEMS
There are three options
in selecting an audit system. The system can be developed
entirely ‘Inhouse’, or an ‘off the
shelf’ system from a specialist company can be
used or a commercially available package can be adapted
to suit the local needs.
which to select, the following questions should be considered:
1. If the organisation has
no experience of developing Safety Management Systems,
is it capable of developing an effective audit system
2. Is there a competent
person[s] within the organisation with the essential
knowledge and skills required? Expertise is particularly
important in the following areas:
- Principles of Loss Control
- Causes and Effects of Loss
- Motivational Skills
- Methods to improve Performance.
3. If there is no
Competent Person, what would be the consequences in
terms of wasted time, effort and money arising from
failure to identify and control a critical activity?
Where expertise is available
the development of an In house system may be the best
option as the resulting system will be tailored totally
to local needs.
However, although off-the-shelf
systems may appear to be expensive initially, the time
and effort required to develop the In house option must
be offset against this. When provided by valuable companies
of-the-shelf systems generally have some credibility
in the health and safety area. This is an important
consideration if auditing is used as supporting evidence
to prove statutory compliance.
Off the shelf packages
can be subdivided into those which solely provide an
auditing facility and others which are a combined Health
and Safety Management System and Auditing Package.
Some organisations provide
Health and Safety Management programmes in addition
to auditing programmes, for example the ‘International
Safety Rating Systems [ISRS] from Det Norske Veritas
[DNV] is used both for developing a Health and Safety
Management System, and for auditing the effectiveness
of the system. This system measures management performance
in 20 ‘Elements’ of a Loss Control Programme
[e.g. Management Training, Inspections and Accident
Whatever system is selected,
the approach used must be focused and objective. An
effective audit system consists of a detailed questionnaire
on every aspect of the Health and Safety Management
System, checking that for each aspect a system is in
place and is written down, communicated, understood,
practised and reviewed and updated.
Many audit systems
feature questionnaires which avoid open questions but
instead elicit YES / NO answers. For example, the section
of the audit system dealing with fire procedures might
start with the following questions :
1. Is there a fire
certificate covering the area?
2. Have fire marshals been appointed?
3. Have fire marshals been trained?
It is essential that
the collection of information during the audit involves
very little subjectivity, the use of straight forward
YES / NO questions should ensure objectivity. Failure
to apply this rigid auditing protocol will lead to vague,
subjective responses to the auditor’s questions
which can then lead to open interpretation and ambiguity
and hence results that may be of very little value.
measuring the performance of personnel as well as compliance
with systems of control. The following three groups
should be audited:
1. Senior management
should be audited on awareness and leadership in the
local Health and Safety programme principles.
2. Middle management
should be audited on the details of the local procedures
and systems relating to Health and Safety management.
3. The workforce understands
of Health and Safety and behaviour should be audited,
findings serve as useful indicators on the level of
compliance with procedures and practices and as evidence
of management leadership and commitment to Health
Most audit procedures
have a scoring system. The ISRS system, for example,
provides a numerical rating for each of the 20 Elements
examined, and 10 level awards can be earned according
to the scores achieved. Others, such as CHASE have a
master score chart with which the organisation can arrive
at an overall rating. This involves calculating a percentage
score for each section by dividing the organisation’s
score by the maximum score possible. This will identify
the areas of weakness in Health and Safety Management
control, guidance is given for each area to enable improvement
in performance where scores are low. This auditing system
is also available on computer disk, thereby simplifying
circulation of the results.
Caution should be used
when trying to draw conclusions by comparing audit ratings,
particularly if different auditing systems and/or auditors
have been used. Even when the same auditing system has
been used, numerical comparison alone between two organisations
can be misleading. For example, If company ‘A’
has a score of 65% and company ‘B’ has a
score of only 50%, it may appear at first glance that
company ‘A’ has the better safety performance.
However, if in the previous year company ‘A’
had scored 85% and company ‘B’ only 15%,
the reverse is likely to be the case.
Therefore, the only
comparison with any true value is that obtained from
the present audit, when viewed against the score from
the previous one. In this way the audit can highlight
trends and can indicate whether real improvements are
RESULTING FROM THE AUDIT
In any organisation
there is a hierarchy of responsibility. Where auditing
is carried out the audit process should take account
of this hierarchy. For example, a middle manager may
have the task of providing safe systems of work and
procedures. To establish that these are working at the
point of risk, and to be certain that the manager has
discharged his or her Health and Safety responsibilities,
he or she may require a fairly comprehensive written
report that measures performance in the critical [i.e.
high risk] areas.
Senior managers will
not require this degree of detail, but will require
at the very least confirmation that the audit process
has been carried out by the middle managers, that it
is credible and that it has found an acceptable level
The Board of Directors
will not normally concern itself with the minutes of
the audit content, but will generally require only an
assurance that the necessary audits have been successfully
carried out. A brief executive summary will suffice,
with supplementary information available if required.
In order to
carry out meaningful, comprehensive Safety Audits those
undertaking the work must be competent in the techniques
of Auditing, Health and Safety and Loss Control management
and the principles of the Causes and Prevention of Loss.
Unless a simple proforma question and answer audit system
is used, this will generally restrict auditors to:
1. Health and Safety
2. Line managers
and supervisors with additional training in Health
and Safety auditing techniques
3. External consultants
or audit specialists.
There is also a requirement
for auditors to possess good interpersonal skills, because
it is easy for the auditing process to result in ‘confrontation’
between the auditor and those being audited. An objective,
not critical , approach is needed. The identification
of the deficiencies is necessary to help improve performance
and should not be seen as a means to attribute blame.
Even with these qualifications,
human fallibility will make it difficult for an individual
auditor to maintain a constant high standard of responsibility
within audit regimes, particularly in the case of comprehensive
audits or audits of very large organisations, which
may last for several days. To overcome this, it may
be beneficial to have an audit team, consisting of two
or more auditors.
Additionally, to ensure
a uniform approach at all times, some degree of ‘auditing
the auditor’ should take place. This is only possible
where the audit protocol is such that the auditor’s
report is itself auditable. To meet this requirement
the audit itself must be very focused and objective,
leaving little to the discretion of the auditor. Despite
this precaution, even the best audit document may contain
some elements which are open to interpretation and so
strict guidelines on interpretation should be provided.
Only then can an independent authority assess the auditor’s
performance via the document against the stated guidelines.
the criteria against which audits and auditors can be
1. Checking the thoroughness
of support and verification documentation ([i.e. ‘backup’
documentation supplied to confirm the audit findings).
2. Assessing the value of the auditor’s notes
and the relevance of the recommendations to the audit
3. Establishing whether the audit was submitted within
the time scale specified.
Safety Auditing is part
of the process of continuous improvement, beginning
with the development of a health and safety policy and
identification of the organisational structure, followed
by assessment and planning of performance standards,
systems and activities, and continuing with measurement
of performance. This leads to a performance review,
which may indicate that certain areas require improvement.
For the review part
of the process to operate efficiently, any audit findings
must have credibility and the report document must have
standing with those who are subject to its requirements.
The recommendations must be meaningful, with a realistic
time scale and allocation of action.
The report must be formally accepted and the recommendations
endorsed by the senior Manager to provide the necessary
impetus to the implementation process. Once the audit
report recommendations have been accepted by the senior
manager, arrangements should be made through the Health
and Safety manager to develop an implementation action
plan. At this time a review should be carried out of
the existing revisions made.