introduction to auditing - safety groups · what is auditing the systematic, independent and...

Workplace Safety and Insurance Board | Commission de la sécurité professionnelle et de l’assurance contre les accidents du travail

1

Safety Groups – Advantage Program

Tom Welton

Introduction to Auditing


2

Overview

■ Objective

■ The Basics

– Principles of Auditing

■ Audit Process

– Preparation & Initiation

– Document Review

– Evidence

– Findings

■ Management

– Management Review

– Action Plan

■ Case Study


3

■ To provide you an introduction to the basic process of

conducting an audit of your Health and Safety

Management System.

Objective


4

■ Health and Safety Management System (HSMS)

– The documented process that fully incorporates

effective risk management principles into a health and

safety program.

What is a HSMS? The Basics


5

■ The systematic, independent and documented process

for obtaining audit evidence and evaluating it objectively

to determine the extent to which audit criteria are fulfilled

What is auditing? The Basics


6

■ Workwell Audits

■ Compliance Audits (against legal requirements)

■ Combined Audits (for example, H&S and Environment)

■ Risk Audits/Risk Assessments

■ Workplace Inspections

■ Pre-start-up Inspections

■ Subject Specific – for example:

– RTW Self-Assessment

– Confined Space Audit/Assessment

– Emergency Preparedness & Response Audit

■ Second party audits (for example, customers or suppliers)

Other Audits The Basics


7

■ To provide Owner/Senior Management with objective

information on which they can react to improve their

health and safety activities

Why audit? The Basics


8

■ Conformity

– Conformity is the fulfillment of the audit criteria which

includes requirements of an audit standard, the

workplace’s health and safety policies, practices,

procedures and related documentation.

■ Nonconformity

– Nonconformity is the non-fulfillment of, or deviation

from, the requirements. It is categorized as Major and

Minor.

Definitions The Basics


9

5 Steps to Managing Health & Safety

■ The 5 steps apply to

the Advantage

Program

requirements

■ The 5 steps apply to

each element of the

HSMS Review and

must be

documented/recorded

for each

The Basics


10

■ Audit Scope

– Extent and boundaries of an audit

Note: The audit scope generally includes a description of

the physical locations, organizational units, activities and

processes, as well as the time period covered.

■ Audit Criteria

– Audit criteria are used as a reference against which audit

evidence is measured. In the WSIB Advantage Program

the criteria includes; the requirements documented in the

HSMS Review Form and the firm’s health and safety

program, policies, procedures and related documents.

Principles of Auditing The Basics


11

■ Audit Evidence

– Records, statements of fact or other information,

which are relevant to the audit criteria and verifiable.

(minimum two different sources of evidence).

■ Audit Findings/Conclusions

– Results of the evaluation of the collected audit

evidence against audit criteria.

Note: The audit findings can indicate either conformity

or nonconformity with audit criteria.

Auditing relies on these principles to make it effective and reliable.

Principles of Auditing (cont’d) The Basics


12

Key Concepts

What is Auditing

■ The systematic, independent and documented process

for obtaining audit evidence and evaluating it objectively

against established audit criteria

Why Audit

■ To provide Owner/Senior Management with information

on which they can react to improve their health and

safety activities

The Basics


13

Key Concepts

Auditing Principles

■ Scope – extend and boundaries of an audit

■ Criteria – a set of established requirements the audit

evidence is evaluated against. The criteria for Advantage

firms is - HSMS Review Form and the firm’s H&S

program, policies, procedures and other related

documents.

■ Evidence – records, statements of fact or other

information, which are relevant to the audit criteria and

verifiable (minimum two sources of information)

■ Findings – evidence compared to criteria

The Basics


14

Key Concepts

■ An audit is conducted in a systematic manner and

requires preparation

■ Document Review collects information to help determine

if the audit criteria are being met by the firm

Audit Process


15

Key Concepts

■ There are multiple sources of evidence: documents,

records, interviews and observations

– Auditor(s) need sufficient information before it is considered

evidence

– Recorded evidence is evaluated against established audit

criteria to determine objective audit findings

– Finding of conformity or nonconformity (major or minor)

■ Nonconformities are situations where a requirement

clearly has not been fulfilled with evidence based on

objective facts

Audit Process


16

Key Concepts

■ The audit report can be recorded on the HSMS Review Form

■ Other styles of audit reports can be used, as long as they

include all nonconformities found and relate it to the criteria

requirements

■ Report any commendable HSMS findings

■ Management Review can be formal or informal

■ Owner/Senior Management must understand and agree to the

audit findings/conclusions. Any diverging opinions are

recorded if not resolved.

Management


17

Key Concepts

■ All nonconformities are included and initiated in the

action plan

■ Conformities can be included in the action plan for

continual improvement

■ Resolving nonconformities and verifying they are

resolved are done after audit activities

Management


18

The Audit Process

INITIATING

CONDUCT THE AUDIT

AUDIT REPORT MANAGEMENT

REVIEW

ACTION PLAN

Document

Review

Evidence

Findings

The Basics


19

■ Management assigns the qualified auditor(s)

■ Develop an audit plan which includes:

– Objectives, Scope, Criteria, Schedule

■ Resources:

– Time

– Audit support (team)

– Health and Safety Equipment (PPE)

– Floor Plan, Equipment List, Work room

– Audit working documents (audit notes/sketches/interview

notes etc.)

■ Communicate the audit activity to appropriate workplace

parties

Initiate and Prepare Audit Process: Initiate


20

Documents and Records

■ A document may be a policy, a procedure, a work

instruction, a form, or other written information, that

generally gives direction.

■ A document is current, active and changeable.

■ A record is dated, historical, and unchangeable.

(An obsolete document may become a record).

Document Review Audit Process: Conduct the Audit


21

■ First step in Conducting the Audit

■ Establishes initial conformity to the audit criteria

■ Determines other types of evidence the auditor(s) will

sample

Document Review Audit Process: Conduct the Audit


22

Policy

System

Procedures

Operating

Procedures

Work Instructions

Forms, checklists, templates, & other

“data collection” documents

RECORDS

Level 2 Docs

5W’s & H of system Typically addresses each

WSIB HSMS Requirement

“Big Picture” (may be

organized by “processes”)

Document Review

Level 1 Docs

What? (some why?)

H&S Policy Statement

H&S Policy Manual (optional)

Level 3 Docs - more

details of 5W’s & H

Level 4 Docs

detailed How

Typically organized by

department

Task Specific

Instructions

Audit Process: Conduct the Audit


23

■ Auditor(s) look for evidence that demonstrates requirements

have been met.

The sources of information gathered are grouped into these

categories:

– Documents verify relevant, clear and complete procedures, work

instructions, guidelines, etc., are readily accessible

– Records: verify appropriate records have been kept to

demonstrate that requirements of procedures and the standard

have been met

– Observations: verify activities, workplace conditions, controls are

in place

– Interviews: verify health and safety system/program

understanding.

Audit Evidence Audit Process: Conduct the Audit


24

■ If all available sources of information (minimum 2) are

consistent then the information may be considered evidence

of conformity. Inconsistent information is evidence of

nonconformity.

■ Evidence is measured against the audit criteria to determine

conformity or nonconformity



25

Collecting and Verifying Information:

■ Review Documents and Records

– Note details of documents and records reviewed

■ Observations while at the facility and throughout the audit

– Note relevant observations that demonstrate conformity

and nonconformity

■ Interviews during the facility tour and throughout the audit

– Conduct interviews appropriate to the situation and the

person

– Interview people from appropriate levels and functions

– Make notes of evidence of conformity and nonconformity

– Summarize the results of the interview with the person



26

Collecting and Verifying Information:

■ How much is enough?

– Sufficient to demonstrate a consistent pattern of

conformance

– One piece might be enough, for example:

• maybe only one incident occurred so there will be only

one investigation report

• observed one failure to use confined space procedure;

• only one work instruction

– Perhaps 10 to 50 pieces may be appropriate, for example:

• monthly workplace inspections

• pre-shift forklift inspections



27

Generating Audit Findings/Conclusions:

■ Evaluate all audit evidence against audit criteria

■ During the audit, evidence must be presented that the

criteria are in place for conformity. If any requirement is

not met, a nonconformity is noted.

■ Audit findings/conclusions indicate conformity or

nonconformity to criteria

Note: Any corrective actions to a nonconformity does not

change the audit finding/conclusion.

Audit Findings Audit Process: Findings


28

Conformity

■ Conformity is the fulfillment of the audit criteria which

includes requirements of an audit standard, the

workplace’s health and safety policies, practices,

procedures and related documentation.

Nonconformity

■ Nonconformity is the non-fulfillment of, or deviation from,

the requirements. It is categorized as Major and Minor.

Audit Conclusion Audit Process: Findings


29

MAJOR nonconformities:

■ the issue will continue to occur because of how the HSMS and

health and safety program are structured

■ there is unacceptable risk to a worker’s health or safety

■ there are serious legal implications, or

■ there is an accumulation of related minor nonconformities.

MINOR nonconformities:

■ the HSMS and the health and safety program structures are valid,

but there was minor deviation (e.g. human error)

■ there is no unacceptable risk to the worker

■ there are no significant legal implications, and

■ there is not an accumulation of related minor nonconformities.

Audit Conclusions Audit Process: Findings


30

■ The report must reference the requirement (i.e. A.2), and the

evidence that supports the findings/conclusions of conformity

and nonconformity

■ Indicate any situations encountered that may decrease the

reliability of the audit conclusion

■ Diverging opinions about findings and conclusions should be

discussed, resolved if possible, and recorded if not resolved

■ The report must include the date(s) of the audit, report date,

auditor(s) name

■ Auditor(s) prepare to present or discuss the audit with the

Owner/Senior Management

Note – For Advantage the completed HSMS Review Form can

be the report submitted for Management Review.

Audit Report Management: Audit Report


31

■ Owner/Senior Management reviews the audit report

■ Ensure the Owner/Senior Management agrees with and

understands the audit conclusions

■ A record of the Owner/Senior Management review

■ Establish a timeframe for the employer’s continual

improvement plan

Management Review Management: Review


32

As a result of the audit findings/conclusions:

■ An action plan is developed for all nonconformities

■ The action plan outlines how nonconformities will be

corrected, responsibilities assigned and timelines

established.

■ The action plan is developed or reviewed, approved,

resourced and initiated by the Owner/Senior

Management.

■ The employer’s auditor(s) may conduct follow-ups to

ensure the element is progressing to conformity

Note – for the Advantage Program the continual improvement

plan is the action plan.

Action Plan Management: Action Plan


33

■ An action plan can also be used for continual

improvement

■ When a criteria requirement is met, but may deteriorate

into a nonconformity, the audit may indicate an

opportunity to improve.

Continual Improvement

■ The process of enhancing the HSMS to achieve ongoing

improvement in overall health and safety performance.

■ Improved performance on its own IS NOT continual

improvement, it is an outcome – you must improve the

way you manage.

Action Plan Management: Action Plan


34

Year-End Submission

Year-end Report Checklist:

*All Advantage firms submit the following documentation attached to the Checklist; 1 Written Standard 20%

2 Internal Auditor training record 20%

3 Completed an approved HSMS Review (internal audit) w/Senior Management sign-off acknowledging their involvement

20%

4 Written Continual Improvement plan addressing HSMS Review w/Senior Management sign-off acknowledging their involvement

20%

5 Return to Work 20%


35

Case Study