ESM 204

SHE Auditing
Management Systems Auditing
 Importance of SHE Auditing
• Auditing is one of the specialised skills that a OHS
professional should understand
• Auditing requires wide and deep knowledge about
industrial processes, business management, legislation,
standards and auditing principles
• Auditing is not witch hunting but rather aims to give sound,
valuable insights in the management systems of the
business.
• Auditing is an essential tool for managing compliance,
and for initiating and driving continual improvement in
any organization’s systematic SHE performance
 Why are Audits Unwelcome
• Because the current approach is witch hunting
and does not add value
• After an audit a major incident occur after an
organization has just passed an audit
• Audits are retrospective rather than future
oriented in that way its all about what went wrong
and never prepare the organization for the future
• Ever changing world of work with new legislation
and ever demanding clients makes it unwelcome
 What is a management system
• Management system consist of policies,
procedures, guidelines, associated resources
and activities.
• Management system is a system that allows
organizations to establish policies, objectives
and to subsequently implement them.
• The term management refers to all activities
that are used to co-ordinate, direct and
control an organization.
 What is conformity assessment
• The form of attestation for a certain standard
requirements are met following a known audit
principles and procedures done by an
independent auditor/ organization.
 Why management system
• Organizations use management systems to
improve their operations and optimize their
business performance while increasing
customer satisfaction through ;
1. Systematic process
2. Organizational structures
3. Effective risk assessment methodology
4. Associated resources optimization
Components of a management System
• Primary process- processes implemented to
achieve the main outputs
• Key supporting process- elements which
directly support the main processes of a
business
• Support elements - support elements which
ensure the smoothness of the main activities.
 Importance of understanding the context
of the organization
• Currently an SHE practioners cannot just master
language of law, procedures, systems and PPE YOU
NEED TO UNDERSTAND BUSINESS LANGUAGE
• The business environment concerns the current and
future characteristics of the place where the
organization, its supply chain and its competitors
operate. It is important that we understand the
business environment, as it sets the context for
understanding the needs and expectations of
stakeholders and determines the necessary scope of
any management system
 What is a Business
• Define a business?
• Factors of production? –transformation
process of input to outputs.
• Explain the relationship between business
management and auditing ?
• How can auditing add value to the business ?
Implementation of a management system

• Stages in MS MS mature- now

focusing on
improvement P
e
MS in place- focusing r
on effectiveness f
o
Basic MS in place- r
focusing on m
compliance and a
Corrective action n
c
e
No MS- Focusing on
implementation
 Stages in MS implementation
• Compliance stage- the focus is given to ensure
compliance to new procedures and documents.
Corrective actions are implemented for detected
non-conformities
• Effectiveness stage- focus is given in achieving
objectives set in an organization and measuring
progress using several metrics
• Continual improvement stage- process are
optimized to improve results / quality of product
 Common structure of ISO Management
Systems
1. Scope
2. Normative References
3. Terms and definition
4. Context of the organization
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance evaluation
10. Continual improvement
 ISO 45001 and ISO 14001
• You cannot audit a system which you are not
familiar with.
• At this point its important to revisit the
standards and lay out what is required by
these standards before we proceed to audit
these systems.
 What is an audit
• Systematic, independent and documented
process for obtaining objective evidence and
evaluating it objectively to determine the
extend to which audit criteria is fulfilled.
 Types of audits
• First party audit
• Second party
• Third party / certification audit
 Purpose of an Audit
• Purpose of audit
V
a
l Best practice
u
e
Effectiveness
a
Opportunities
d
for
d
improvement
i
t
i Conformance
o
n
 Objectives of an audit
• Identifying management systems audit
weakness
• Identifying opportunities for improvement
• Determining how effectively the management
system support organization strategy
• Identifying best practice and implement them
 Audit principles
• Auditing rely on a number of principles which when adhered
to audit conclusion will be relevant and sufficient even when
different auditors go through the same system.
• Audit principles are found in ISO 19011:2018
1. Integrity
2. Fair presentation
3. Due professional care
4. Confidentiality
5. Independence
6. Evidence based approach
7. Risk based approach
 Integrity
• Integrity is the foundation of professionalism
• Auditors or individuals preforming audit should:
1. Perform their work ethically with honest and
responsibility
2. Only undertake audit if competent to do it
3. Perform their work in an impartial manner
4. Be sensitive to any influences which may be
exerted to their judgement while carrying their
duties.
 Fair presentation
• The obligation to present truthfully and
accurately.
• Audit findings, audit conclusions and audit
reports should reflect truthfully and
accurately the audit activities.
• Significant obstacles encountered during the
audit and unresolved diverging opinions
between the audit team and auditee should
be reported
 Due Professional Care
• Application of diligence and judgement in
auditing
• An auditor must make a reasoned judgement
while performing his duties
• There is need to calm and not to rush to
conclusions and be always kind
 Professional judgement
• Applying relevant training, knowledge and experience to
make informed decisions in various situations during the
audit.
• Maintain an attitude of professional skepticism during the
process.
• Professional skepticism – means that auditors perform a
critical evaluation on the validity of evidence obtained and
are on the look out for the evidence that can contradict or
question the reliability and validity of the documented
information received , answers received from interviews
or any other information related to audit.
 Exception of confidentiality
• Information can be disclosed if
a) Required by law
b) Required by the professional body which you
subscribe to
 Independence
• Basis of impartiality of the audit and objectivity of
the audit conclusion.
• Threats to independence are –
1. Self interest
2. Self review
3. Familiarity or trust
4. Intimidation
NB: you can be given items, trips, job offers and
meals
 Consultancy and auditing
• You cannot audit a system which you were
consulted in the development and
implementation process, however training is
required.
• Some certification bodies require that if you
were involved in consultancy services you
need you can audit after 2 years.
 Evidence based approach
• Rational method for reaching reliable and
reproducible audit conclusion in a systematic
manner.
• Sequence = Information, obtained objectively,
evaluated objectively and evidence.
• There are 4 levels of negligence (a) no negligence
(b) ordinary negligence (c)gross negligence (d)
fraud.
• Ethics are used to reinforce good behaviour of
auditors.
 Risk based approach
• An audit approach that considers risks and
opportunities.
• Audit risk is when the auditor gives a wrong
conclusion
 Competencies of auditors
• Confidence in the audit relies on the
competence of auditors who are undertaking
the process.
• Competence of auditors should be evaluated
regularly.
• How can we evaluate competency of auditors.
 Auditors skills
• Auditors should have this minimum
knowledge
1. Auditing principles, processes and methods
2. Management systems, standards and other
references
3. The organization and its context
4. Applicable regulatory requirements and
other requirements
 Auditing evidence
• Audit evidence- records, statements of fact or other
information which are relevant to the audit criteria and
verifiable.
• Types of audit evidence is
1. Verbal
2. Documentary
3. Analytical
4. Technical
5. Confirmative
6. Mathematical
7. Physical
 Physical evidence
• Evidence obtained through observation or
inspection of tangible things. This evidence
can be counted, examined, inspected or
observed.
• For example you can see workers wearing PPE,
see signage, presence of fire equipment
 Mathematical evidence
• Evidence obtained by evaluating mathematical
exactness of certain documents or records.
• Calculation of LTIs
• Hours of training
 Mathematical evidence
• Evidence obtained by evaluating mathematical
exactness of certain documents or records.
• Calculation of LTIs
• Hours of training
 Confirmative evidence
• Evidence obtained from a third party
confirming an issue under scrutiny in a audit.
• Examples are air emission report from a
consultant
• Legal compliance report
 Technical evidence
• Analysis of information obtained during a
technical test
• This is not much used in SHE audits
• However examples are verification of
calibration process of OHS equipment.
• Auditors should not test equipment they only
observe
 Analytic evidence
• Analysing data to check their statistical
tendencies or variations which is obtained
using statistical methods
• Analysis of accident reports
 Documentary evidence
• Evidence obtained from records or document
(documented information)
• Example- policies, procedures and work
methods.
 Verbal evidence
• Obtained during interviews with persons that
have necessary knowledge and responsibilities
to perform operations that are being audited.