CHAPTER 16: INTERNAL AUDIT (CLAUSE 4.5.5)

Summary of requirements

  • Establish an audit procedure that defines the responsibilities for planning, conducting, reporting and follow-up of internal OH&S management system audits.
  • Conduct audits at intervals planned on the basis of significance of risks, as well as the results of previous audits.
  • Determine if the OH&S management system conforms to the requirements of OHSAS 18001, and is effective in meeting its own objectives and planned arrangements.
  • Select auditors who are objective and impartial.

How can these requirements be met by an organisation?

It is best to begin by seeking clarity on the meaning of terms used in the audit process. These are:

Audit: An audit is essentially a process of independently obtaining evidence, and evaluating it objectively, to determine the extent to which it meets a defined audit ‘criteria’.

Audit criteria: Criteria represents a set of requirements against which an audit is carried out. The criteria for a complete OH&S internal audit would include requirements defined by OHSAS 18001, as well as applicable laws, policies, procedures and plans defined by an organisation’s own OH&S management system.

Audit findings: Audit evidence when evaluated against audit criteria would result in either a conforming or a non-conforming situation. In both cases it would be termed as an ‘audit finding’.

Implementing an internal OH&S audit process in an organisation requires the following steps:

  • Begin by establishing an internal OH&S audit procedure.
  • Nominate a competent person to assume overall responsibility for ensuring the tasks involved in audit planning, conducting, reporting and follow-up audits are implemented effectively.
  • Prepare an audit plan which reflects the frequency, and the scope, of each audit. The audit plan must give due consideration to the significant hazards and risks of the organisation, and the results of the previous audits.
  • Select and train a team of auditors for conducting OH&S management system audits. The competence of auditors plays an important role in the quality of audits, and therefore, it would be worthwhile to invest in auditor training and competence. A good OH&S auditor training programme could be spread over three to five days and include topics, such as principles of OH&S, hazard identification, risk assessment, hierarchy of controls, OH&S regulatory requirements, corrective and preventive actions, requirements of OHSAS 18001, audit guidelines mentioned in ISO19011, communication and knowledge of planning, conducting and reporting an audit.
  • Share the audit plan with the auditors and the auditees. Auditors must prepare themselves by gaining awareness about specific hazards, risks, controls, processes, laws and documentation of the organisation, before the start of the audit. Preparation of audit checklists can be of great help in maintaining focus, managing audit time and ensuring that all requirements have been covered.

An auditor should collect evidence to determine the following:

  • The extent to which an organisation complies with the requirements defined in OHSAS 18001.
  • The extent to which the OH&S management system enables an organisation to meet its occupational health and safety objectives and planned arrangements. Planned arrangements include company policies, procedures and controls.
  • The extent to which the OH&S management system enables an organisation to prevent, or minimise, occupational health and safety risks.
  • The extent to which the OH&S management system enables an organisation to comply with regulatory, and other requirements, to which it subscribes.
  • Is the OH&S management system implemented effectively and continually improved?

The independence of auditors is a mandatory requirement and can be ensured by not nominating an auditor for an activity that falls under his/her own area of responsibility. As an example, a manager responsible for implementation of ‘permit to work’ should not be asked to audit activities which are primarily controlled by a PTW system.

While raising non-conformities, auditors must always describe the evidence collected, and the specific clause of the standard, or the procedure, that was violated.

A critical skill of an auditor is his/her ability to verify the effectiveness of corrective actions. This must include considerations, such as:

  • Was the identified non-conformity adequately mitigated and corrected?
  • Was the root cause(s) identified correctly?
  • Will the actions taken ensure that the root causes are eliminated and the non-conformity will not re-occur?
  • Have other similar situations, activities, materials, locations and equipment, also been reviewed for removal of the same, or similar, non-conformance? A non-conformity is like a bad fish in a pond. Removing some and not others, will surely spoil the remaining fish in due course of time.
  • Have the issues of shortcomings in training, organisational structure, adequacy of resources and management commitment been considered and addressed?

Records to be kept

  • Audit plans
  • Auditors’ training and competence records
  • Audit findings
  • Audit reports, containing results of the audit
  • Audit-related corrective actions and verification of their effectiveness.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.54.7