by Cameron Clark
Failing to read and understand the fine print in contracts or conditions has left many people high and dry. The same can happen when the finer detail in audit standards and their criterion aren’t properly understood.
While audit standards don’t deliberately try and conceal their requirements (like the fine print in some contracts) they aren’t always written with the general populace in mind and are often full of jargon or specific definitions designed to help auditors, rather than the auditees.
To make things even more complicated, different audit standards often adopt different approaches (prescriptive vs. non-prescriptive) and different definitions, both with other standards and local legislation. The introduction of ISO 45001 using a high-level structure (Annex SL) that includes much of the same text, terms, and definitions with other ISO Standards (such as ISO 9001 and ISO 14001) may reduce some of the complexities, but only between ISO standards and not between other management system standards or internal audit tools.
We have seen already that varying terminology between AS/NZS 4801 and OHSAS 18001 highlights how the requirements of these two common health and safety management system standards are different. These differences are only amplified the more prescriptive the audit criteria are, with greater details often requiring greater effort to comply. The National Audit Tool (the NAT), used in Australia for self-insurance purposes, is based on AS/NZS 4801 but with significantly more prescriptive detail. Where AS/NZS 4801 has 25 areas to evaluate during an audit and provides an organisation with the flexibility on how they conform to it, the NAT has 108 criteria, with multiple “best practice” requirements hardwired into individual criterion.
To demonstrate, consider the examples below from the highly prescriptive National Audit Tool:
National Audit Tool – Criterion 3.3.9
Those representing the employer and the workers on health and safety matters, including representatives on consultative committee(s), receive appropriate training to enable them to undertake their representative roles effectively.
Under Australian Health and Safety Law, those representing workers are required to be provided with “Health & Safety Representative” (HSR) training on request so that they understand their rights and responsibilities as a HSR. As a result, many organizations present HSR training attendance records for their HSRs as evidence of conformance to this criterion. Organizations are often tripped up by not presenting evidence that “those representing the employer” have also been provided training. While providing specific training to employer representatives is not required under Australian law, failure in this case could result in a nonconformance.
National Audit Tool – Criterion 3.4.1
There are procedures agreed to by workers outlining their involvement and consultation in:
a) Health and safety matters
b) Health and safety issues
c) Any proposed changes to the work environment, processes, practices, or purchasing decisions that impact on their health and safety.
At first glance, this criterion is assessing whether an organization has consultation procedures, and many organizations attempt to conform to this requirement by presenting a document that broadly covers consultation arrangements they have in the workplace. However, many self-insured organizations regularly miss the finer detail, forgetting that the procedures must be “agreed to” by workers as well as specifically including items a) – c) in the document. If organizations can’t show evidence of worker agreement in the procedures, or if the procedures don’t cover each specific area where consultation should occur, nonconformances are inevitable.
National Audit Tool – Criterion 3.10.11
The organization has a program for the safe use, handling, transfer, inventory management, and transport of hazardous chemicals.
This criterion is another example of where organizations are required to do more than what legislation might normally require. Most health and safety law in Australia requires a Register of Hazard Chemicals to be kept, effectively a list of the types of hazardous chemicals used in the workplace.
Organizations attempting to conform with this criterion would often present a procedure, corresponding risk assessments and work instructions that cover the safe use, handling, transfer and transport of hazardous chemicals along with their Hazardous Chemical Register. However, the criterion requires an inventory of hazardous chemicals, going beyond the legislative requirement of a simple list, and requiring quantities of hazardous chemicals to be kept and maintained.
This limited sample demonstrates just how important it is to fully understand the requirements of the specific audit standard and criteria that you are auditing against. Take time to read the entirety of the criteria and review definitions contained in the audit standard if you are unsure. Many audit standards also provide guidance for the auditor and auditee, however remember that this is guidance only, with only the detail in the criterion that is auditable.
If you are still unsure, a qualified auditor with the right industry and auditing experience should be able to quickly and easily highlight exactly what your system needs to contain and achieve.
About the author
Cameron Clark is a health and safety professional with more than 17 years’ experience providing OHS consulting and auditing services to a range of large multinational organizations. He is currently a founder and Managing Director of Verus Australia and an Exemplar Global-certified Lead OHS Management Systems Auditor. Cameron can be contacted via email@example.com or via www.verus.com.au.