An internal OHS audit program is used by an organisation to evaluate the effectiveness of the procedures and processes used to meet OHS legislative and other statutory administrative requirements.
An internal OHS audit schedule is a considered approach by an organisation to identify the extent and methods by which to conduct OHS related audit verification activity. The internal audit is also global best practice in OHS management systems.
It's also a vital internal quality check on OHS systems and operations. The internal OHS audit is a particularly useful management tool for ensuring that the OHS management is being conducted efficiently and properly at all levels.
A senior manager should actively participate in the internal audit to ensure currency of management information and proper critical organisation-wide scrutiny of administrative and operational functions.
Internal audit scope
The organisation will need to identify the types of internal audit activity to be conducted.
These can include one or more of the following audit activity types:
OHS management system (OHSMS) audit - system level
Procedural compliance audit - operational level
OHS legislative compliance audit - analysing compliance capability
Incident management
Reporting systems
Records management and documentation
A determination of audit types will be based on requirements defined within the OHS management system. Factors relevant to the audits may involve the level of maturity of the OHSMS, policy initiatives and implementation, and similar issues. The knowledge and understanding of key stakeholders within the organisation and Further organisational factors (e.g. number of sites, geographical locations, State, national or international application) may also apply.
Schedule considerations
Having identified the types of internal audit activity to be conducted, the organisation will need to consider the most suitable audit delivery options and scheduling. Best practice is a standardised, thorough and transparent methodology which provides clearly defined outcomes to compliment an organisation's business goals and objectives.
These considerations will include one or more of the following points:
Mandatory audit requirements (e.g. Defined by statutory authority) - These very useful audit areas may include self insurers annual requirements for audit activity to be conducted for inclusion in reporting requirements. The internal audit in these cases can also act as "radar" for management, ensuring compliance issues are under proper scrutiny.
Size of organisation and geographical locations - Consideration should be given to the different types of activities (and risk potential) within an organisation, similarity of activities at different locations to evaluate uniformity of application, geographical locations that may impact on audit schedule delivery. This approach additionally allows for targeting of areas related directly to policy implementation.
Identified high risk potential subject areas - These areas naturally have high priority in an OHSMS. Any high risk areas identified as a result of statistical analysis or management review require audit verification to assist in implementing strategic management.
Changes in legislation or organisational structure - Changes in legislation or organisational structure that may impact on the capacity to implement OHS requirements. (Note: Legislative changes usually include a time frame for compliance, and may involve significant modifications to the OHSMS. It's strongly advised that all compliance issues are included in the audit to ensure management has adequate information regarding these matters.)
Resource base from which the organisation can allocate qualified and competent auditors to conduct the audit verification activity type - Requirements of the provision of internal or external resources depending on scope of activity to meet audit needs. The resource base must be able to deliver the necessary standard of auditing to ensure OHSMS efficiency and compliance.
Organisational planning and development cycles - Planning of audits to align provision of audit reports with review cycles. This planning is a particularly useful management tool which can ensure proper control and timeliness of operational data. The forward planning also ensures well integrated OHSMS reporting.
Prioritised activities (e.g. Based on risk evaluation or business need) which will impact on implementation of OHS requirements.
Internal Audit schedule detail
The internal audit schedule should be owned by a person who has authority to manage and review the implementation of the schedule. Senior management should have direct oversight of the process, to allow checks on audit functions and efficiency.
The internal audit schedule will provide, as a minimum the following information:
The type of audit to be conducted
The expected timeframe in which the audit is to be conducted
The lead auditor responsible for the audit activity
Location of the audit
Timeframe for final report
Common Problems
One major issue in relation to developing internal audit schedules is that they either do not meet organisational needs and/or merely aim to achieve a level of conformance with statutory body requirements of regulators.
This is quite inadequate, and may expose organisations to serious liabilities. To ensure a fully functional OHSMS which is capable of dealing with all OHS issues and meets the standards of both statutes and major legal claims, the organisation must ensure that the internal audit is conducted on a holistic, best practice, basis in which all areas of liability, risk management and OHS are properly audited. The OHSMS must achieve full coverage of all potential liabilities.
Conversely, the needs of internal audits may exceed the capacity of the organisation to meet the requirements defined therein. The organisation may lack the expertise required to deal with some areas of risk management. Any internal audit carried out on this basis will inevitably be inadequate, and can create a risk of serious deficiencies in the OHSMS.
Another key problem is to ensure that audit competency (either internal or external) is at a level to achieve a suitable outcome as defined within the internal audit schedule, e.g. There are serious risks in using auditors to conduct compliance audits without the necessary understanding in relation to legislative application of requirements.
It is absolutely essential that any audit of an OHSMS is conducted by auditors having:
The correct level of audit experience
Comprehensive experience in statutory compliance, including both self insurance regulatory requirements and any other relevant statutory issues
A strong knowledge base and resources, including relevant industry knowledge where applicable
Proper accreditation for the audit operations required
The safest approach to these issues is to obtain professional guidance. The best OHSMS consultants can meet all these criteria and can also provide ongoing support and services as required.
Lane Safety Systems offers safety consulting, risk management, compliance management and safety management systems for self-insured businesses across Australia. For more information, visit Self Insurance
沒有留言:
張貼留言