How to Conduct an ISO/OHSAS Audit
- April 13th, 2011
I would like to give you a glimpse of how I normally conduct an ISO/OHSAS audit (without indicating that this method is perfect or totally correct). The reason for this is that when I get to a site and start auditing, the auditee is frequently surprised to see the method that I use. It then becomes very clear that the audits that they have previously received basically meant nothing!
Common problems identified are:
- Questions were asked and non-conformances generated not relevant to the standards
- The audit was done too superficially and common deviations were not identified
- Auditors performing the audit were not registered with a reputable body
- Auditors performing the audit were not sufficiently skilled to perform the audit
- Auditors performed the audit without the presence of a lead auditor
Here are some pointers to consider before you commence with your next audit:
- You are the paying customer, ask for the credentials of the auditors that are coming to your site
- Ensure that there is at least one lead auditor managing the team
- You have the right to select or ask for certain auditors and not merely accept who they are sending on your site!
During an audit I do interviews, review documents and make observations. I would like to stand still on this point to further the discussion. If we start with the policy statement, we can get a fairly good overview of what the organization is doing. Issues we look for in this statement are (examples only):
- Who the company is, what they do and where they have their operations
- Commitment from top management
- Commitment towards legal & other compliance, as well as training and awareness
- Objectives for the next year
Common problems identified in the policy statement are: the heading indicating certain disciplines, but the content reflecting only some of them (eg. A SHEQ heading with only safety in the policy statement); The wording used is of such a high level English that hardly anybody can understand what is being said; Certain statements being made legally incriminating management and the organization, and; Not using the same terminology throughout the statement (eg. Starting with “employees” and then progressing to using “workers” and then finishing off with “interested & affected parties”).
The policy statement leads me to objectives and targets. Issues of concern here are that they are either not available, or they have been put together for safety only and not the other disciplines (especially “health” objectives and targets are left out). Also important, is that they have not been set at each level and function within the organization and, lastly, they are not measureable.
After objectives, I look at roles and responsibilities. Drawing any occupation as an example, I look at the SHEQ functions of a representative person. Most of the time roles and responsibilities are not identified, or only some of them are considered.
I then move on to training, awareness and communication. What is shocking here is that some of the employees in key roles and functions have not received any training, or have not been updating their knowledge and skill in terms of the latest standards and changes to legislation. Also common, is the fact that they use substandard providers to do their training and then realize during the audit that they have wasted their time and money. It is also noted that provider selection does not take place and anything goes!
We have had the SEETA/SAQA processes for so long, yet organizations are still using providers who do not offer outcomes-based training! How are you going to answer the judge in a court of law when s/he asks you how you know that your employees are competent to perform the job? Theoretical assessments only, do not make an employee competent!
After this, I look at hazard/aspect and risk/impact identification. It is interesting to see the following:
- The concepts “hazards” and “risks” are still not understood
- Doing risk assessments using the “worst-case scenario”, as stipulated by the law, was not done
- Doing risk assessments before control measures, and then again after control measures were implemented, are not done – this is also a legal requirement!
- Referring back to training: HIRA’s are done without employees or without the team members having received HIRA training
- HIRA’s do not include the “health” component
- HIRA’s are done by one person sitting in an office
I can carry on with the rest of the clauses, but I am sure you get an idea of what is expected and what is currently happening out there. You owe it to yourself and to your fellow employees and especially to management, that you increase the standard of audits. Audits are legally binding functions and can be used in a court of law against a company.
Make sure that you are serious about conducting audits and that you get the best to come on site and assist you with your continual improvement process. Of course, initially you will have an increase in non-conformances (if the audit is done correctly), but at least you will know that it is a true and fair reflection of the actual status of SHEQ on your site and not merely window-dressing. Executives often indicate that honesty is the most valuable asset in employees, contractors, suppliers and consultants. Are you honest with your audit status?
5 Responses to “How to Conduct an ISO/OHSAS Audit”
Leave a Reply
How to Conduct an ISO/OHSAS Audit
I would like to give you a glimpse of how I normally conduct an ISO/OHSAS audit (without indicating that this method is perfect or totally correct).
April 13th, 2011 & Filed in Management SystemsSix Mistakes Managers Make with Occupational Health & Safety
A manager is not without fault and is not a perfect species, and despite our best intentions we often also make mistakes and slip-ups that can have a big impact …
March 17th, 2011 & Filed in SHEQ LeadershipInside ISO31000 – Risk Management Systems
During the previous article we started to unpack ISO31000: Risk Management – Principles and Guidelines standard. We looked at the framework encompassing the …
February 16th, 2011 & Filed in Management SystemsAmputations Related To The Workplace
Amputations are widespread in the workplace. Most of all workplace amputations occur in the manufacturing sector. The rest occur in construction, agriculture, wholesale, retail and service industries.
November 17th, 2010 & Filed in Health & Safety
If I attend a lead auditor course at ACT, I presume there is practical included?
Yes, on the Thursday of the lead auditor courses at Advantage ACT, a site visit is included where a partial audit is done on an actual site in the presence of a lead auditor.
For more information on the courses, please visit sheqafrica.co.za
Thanks for the quick response Madri.
Please look in the OHS act if there is any appointment under which an owner of a business, workshop etc. Can be appointed by the department of labour.
In other words our managers are appointed under MHSA, under what can we appoint the companies which are excluded from our area of responsibility, e.g. Road span, Lafarge etc.
If you look at your OHSA 16.1 is the appointment for the CEO, the CEO can assigb a 16.2