I found something truly amazing – at least to me.  A mainstream business book, a best-seller in fact, that had an entire chapter developed to worker safety!

Why was I amazed? 

Lately, it seems the only mention of worker safety is in the context of reducing OSHA regulations in order to unburden business.  Safety is typically demonized as a business burden not touted as a benefit.

Yet here was a book that made the convincing argument that focusing on worker safety was the “keystone habit” that drove the economic turnaround of a multi-billion dollar company.  Wow.

This book – The Power of Habit by Charles Duhigg – focuses on explaining why habits exist, why they are so powerful and how they can be changed.  It provides advice that can be used for changing personal habits – such as overeating chocolate chip cookies.  But it has more. What elevates it above a typical self-help book is that it also discusses the importance of organizational habits – the routines that underlay most business performance. 

As I read this book, I was struck by the similarities and synergies between organizational habits and management systems.  The routines that are the basic building blocks of habits are equivalent to the procedures (i.e. specified ways of conducting activities) that are the basic building blocks of management systems.  It struck me that the reason some organizations get great benefits from implementing management systems and others do not is the extent to which management systems are used to create and promote habits of success.

Are you interested in developing an OHSMS that creates positive cultural change?  Read this book.

© ENLAR Compliance Services, Inc. (2012)

Clause 4.4.5 of OHSAS 18001 is known as “document control”; clause 4.5.2 is known as “CAPA” (corrective action and preventive action).

Similarly, clause 4.4.1 is often referred to as roles & responsibilities or “R2A2” – roles, responsibilities, authorities, and accountabilities.

What is left out?  The first R – RESOURCES.

OHSAS 18001 requires that the organization [a.k.a. “top management”] “ensure the availability of resources essential to establish, implement, maintain and improve the OH&S management system.”  These resources include human resources and specialized skills, organizational infrastructure, technology and financial resources.

Although there is a great deal of focus these days on reducing cost, the truth is management systems cost money.   An organization can strive to achieve the best value for the money spent; however, spending money is not optional.

One of the mistakes I often see organizations make is attempting to implement an OHSMS “on the cheap” – often by piling additional work onto already overworked staff and by attempting to “repurpose” existing infrastructure, such as data management software.    Although I am all about being cost effective, there is more to an OHSMS then creating documentation using a global search on someone else’s procedures to replace your organization’s name for theirs.  Similarly, the human resources needs of an occupational health and safety management system include individuals with a certain level of competence, specialized skills, and AVAILABLE TIME.  Attempting to save money by using jerry-rigged databases often causes user frustration and results in incomplete and/or meaningless data being collected for analysis.

Nor is an OHSMS a one time purchase. The resource needs of an OHSMS continue and change over time.

As OHSAS 18002 points out (in section 4.4.1) – “Resources and their allocation should be reviewed periodically, via management review, to ensure they are sufficient to carry out OH&S programmes and activities ….the adequacy of resources can be at least partially evaluated by comparing the planned achievement of OH&S objectives with actual results.”

Have you evaluated your OHSMS resource needs?

© ENLAR Compliance Services, Inc. (2012)

What this provision requires is that an organization have processes are in place to “circle back” at some later point in time to verify that the corrective actions taken actually worked.

What does this “effectiveness review” need to include?

At a minimum, two determinations are needed –

1. Was the proposed corrective action done?
2. Was the action taken “effective”?

First, was it done – was some action actually taken, was the action that was completed what was proposed and has it been sustained?

It is not uncommon to find that the proposed action was never done.  Sometimes, people get “busy” and taking the specified corrective action is constantly “put off until tomorrow” as other priorities take precedence.  In other cases, the action actually undertaken is NOT the action that was initially proposed.  Perhaps the proposed action didn’t actually work when it comes to actually implementing it.  Then there are the situations where changes are made initially but the organization quickly reverts to doing things the old way.

Second, was the action taken “effective” in fixing the issue identified as the nonconformity?

It is not uncommon to find that the action actually taken as corrective action bears little, or no, relationship to “the problem” identified as the nonconformity in the first place.  In the process of evaluating what actions should be taken, it is easy to get sidetracked by other interests and priorities and end up “fixing” something else entirely.  (“Gee, this is a great opportunity to justify getting the new training software we have always wanted.”)

The other difficulty with determining the effectiveness of the action taken is that “effective” is not a defined term and is a very subjective standard.

What qualifies as “effective”?

The dictionary defines “effective” as “adequate to accomplish a purpose” – not very much help. 

The key to this effectiveness determination is deciding whether or not the action taken will prevent “the problem” identified from recurring again in the future.  This determination needs to be based on an objective (i.e. unbiased) review of factual evidence.  Click here to access an interesting article on verifying the effectiveness of corrective action – including common questions to ask about the actions taken.  As the author of this article, Craig Cochran, puts it – “Verification isn’t an act of suspicion; it’s a necessary part of problem solving.”

© ENLAR Compliance Services, Inc. (2012)

They have lots of ideas, but no direction.  Plenty of concepts, but few plans.

The same can often be said of many OH&S management system implementation projects.

This editorial goes on to discuss a New Year’s Eve gathering at the Occupy Tampa location -

They discussed how to greet the new year.  They discussed if a toast was appropriate and what the toast should be.  And who should offer it.

Eventually someone began a countdown.

They had eight seconds to spare.

This reminded me of how some organizations approach OHSAS 18001 certification.

Lots of meetings and conference calls.  Lots of discussion of what should be done – particularly by someone else.

Little “rolling up the sleeves” for taking concrete action. More importantly, little completion – until the countdown for registration starts and there are “eight seconds to spare.”

As with the Occupy movement, too many ideas by too many players and too much accommodation of every perspective leads to a scattered and disjointed approach to an OHSMS. 

At some point, decisions and focus and action are needed. 

In the end, it is better to be done than it is to be perfect. 

After all, there is always next year.

PS – Want help in figuring out your plan for implementing an OHSAS 18001 management system?   Click here to request your copy of ENLAR’s EHSMS Implementation Checklist.

© ENLAR Compliance Services, Inc. (2012)

At the end of the year, our attention often focuses on planning – the setting of goals and objectives for the coming year.  This can be exciting - plans for launching new projects or products – or it can be depressing - setting aside time to organize old files.

Planning is a key component of an OH&S management system.  The planning section of OHSAS 18001 consists of 3 elements –

• Identifying hazards and risks (4.3.1)
• Identifying legal and other requirements (4.3.2)
• Establishing objectives and programs (4.3.3)

Many organizations put a great deal of time and attention into identifying both their hazards and risks and their legal and other requirements. Often, less attention is paid to establishing objectives and programs.

This lack of attention to objectives and programs may be due, in part, to a lack of clarity about how “objectives” actually fit into a management system.  This lack of clarity about objectives, and their interrelationship with risk management, has been an issue of much heated discussion.  It has lead to a lack of consensus in ISO’s attempt to develop consistent definitions across all of its management system standards (see discussion of ISO’s MSS initiative).

One of the areas of confusion relates to the ownership of OH&S objectives.  Although individuals need to be assigned responsibility and authority for achieving OH&S objectives, OH&S objectives are organizational – not personal.  This is clear from the definition of OH&S objective in section 3.14 of OHSAS 18001.  An objective is a goal that an organization sets itself to achieve.   Therefore, OH&S objectives need to be set from an organizational perspective – not as individual performance targets.  This is a critical distinction.  It is the organization itself that is ultimately responsible for setting and achieving its objectives.  This responsibility cannot be shifted onto the backs of individual employees – such as the facility Safety Manager.

A second area of confusion relates to the use of the words “objective” and “risk” in two different contexts within the ISO management system standards and OHSAS 18001. 

The “top-level” meaning – used in defining both what a “management system” is and the meaning of the word “risk.” 

A management system is defined as a “set of interrelated or interacting elements to establish policy and objectives and to achieve those objectives” (ISO 9000, Section 3.2.1 & 3.2.2).  Risk is defined as “the effect of uncertainty on objectives” (ISO 31000, Section 2.1). Both of these definitions are focused on the strategic, organization-wide level of objectives.

This means that the overall “strategic level” objective of an OHSAS 18001 management system must be controlling (managing) OH&S risks in order to prevent injury and ill health to persons working under the control of the organization.  All other OH&S objectives flow from, and must be consistent with, this strategic-level objective.

The “functional level” meaning – used at a project, process or departmental level of an organization. 

This is the level at which most organizational objectives are set and managed.  Financial profitability and sales targets.  Product quality metrics.  Safety performance targets.  Waste reduction goals. 

The functional-level definition of an “OH&S objective”, as set out in section 3.14 of OHSAS 18001, is an “OH&S goal, in terms of OH&S performance, that an organization sets itself to achieve” (OHSAS 18001, Section 3.14).

Functional-level objectives are important.  They are where “the rubber hits the road” so to speak.  However, when evaluating OH&S performance and assessing overall risk management, the objective that must be kept foremost in mind is the strategic, top-level one.

At the end of the day, the question that must be answered is “Are we, as an organization, controlling our OH&S risks in a manner that prevents injury and ill health to those working for our organization?”

© ENLAR Compliance Services, Inc.(2011)

1. Establishing a management system
2. Implementing a management system
3. Maintaining a management system

The activities associated with each of these phases are distinct.

The activities associated with establishing a management system include – identifying organizational goals and objectives, evaluating existing practices and processes, assigning roles and responsibilities, and writing documentation (e.g. procedures and work instructions).

The activities associated with implementing a management system include – communicating responsibilities, developing competencies and implementing new or revised business practices.

The activities associated with maintaining a management system include – developing performance metrics, evaluating and auditing performance and undertaking corrective and preventive action.

These phases need to be sequential.

Some organizations make the process much more difficult than it needs to be because they attempt to accomplish all three phases at the same time.  This rarely works.

© ENLAR® Compliance Services, Inc. (2011)

Similarly, correction and corrective action are NOT the same.

These are defined terms that have been taken from the quality world and applied to EHS management systems.  They are also an entrenched part of registration audits so it is important to understand how registrars define them (i.e. their ISO 9000 definitions).  When registrars issue corrective action requests (CARs), they often request information on any corrections done as well as a description of the corrective action planned.

A correction is defined as “action to eliminate a detected nonconformity”.  In the quality world, correction is often referred to as containment (as in preventing nonconforming product from reaching the customer).  Correction in a QMS can consist of repair, rework, scrapping the product, etc.  The first action taken is often segregation and control of non-conforming product.

This quality concept was incorporated into ISO 14001 as correction and mitigation – as in taking action to mitigate environmental impacts (see Section 4.5.3 a).  The same concept was also incorporated into OHSAS 18001 as correction and mitigation – as in taking action to mitigate OH&S consequences (see Section 4.5.3.2 a).

In all the standards, the focus of correction is on the immediate fix.

A corrective action is defined as “action to eliminate the cause of a detected nonconformity or other undesirable situation.” A note to this definition in ISO 9000 states that “there is a distinction between correction and corrective action.”  The distinction is the focus.  In corrective action, the focus is on what CAUSED the nonconformity.

Since the focus of corrective action is on causation, some type of root cause analysis is a prerequisite to defining the appropriate corrective action.

© ENLAR® Compliance Services, Inc. (2011)

This page provides access to a FREE mini-course that provides clear and concise answers to the following questions -

•   What is a Management System?
•   What is PDCA and what does it mean?
•   Why is PDCA important?
•   How can I determine if an OHSMS standard is  based on PDCA or not?

This course is about 15  minutes long.  Since it is a flash presentation located on a separate web page, you may need modify your browser settings to allow pop-ups in order to access the course. Also, in order to hear the audio, you will need speakers on your computer. When you are ready to begin, just click on the link below. 

Click here to open – Plan-Do-Check-Act – An Introduction to PDCA

Have comments or questions about this course? 

You can type your questions or comments into the comment box below (you may need to click on the more button if you are on the home page) or send me an e-mail at ecsi2008@ENLAR.c0m.

Did you enjoy this course? 

Check out my Introduction to OHSAS 18001 Course.

This course provides insight into interpreting the OHSAS 18001:2007 requirements as well as expert guidance in implementing an OHSMS for purposes of third-party certification.

© ENLAR® Compliance Services, Inc. (2011)

I am saddened by the end of shuttle program and the associated loss of jobs.  Some of those impacted are fellow safety and health professionals. They are friends of mine who have participated in my training programs and helped me by providing references when I have asked.

As I watched the launch, I was struck by the discipline imposed by the formalized processes NASA uses to ensure safety.  The launch was momentarily paused – with only 31 seconds to go – to double check that the GOX Vent Arm had properly retracted and latched.  This was confirmed visually using a closed circuit camera while those watching the launch waited in suspense. 

This is what an occupational health and safety management system is all about.  It is putting processes in place, and using them, to ensure safety.  Many organizations write procedures and checklists.  World-class organizations use them – even when the whole world is watching.

Want help in launching your own management system?  Click here to go the webpage where you can request your copy of ENLAR’s EHSMS Implementation Checklist. 

As a special tribute to the NASA Shuttle Program, I am making it available for FREE for the next month. 

© ENLAR® Compliance Services, Inc. (2011)

The problem is that individuals do NOT make rational decisions – particularly when it comes to safety and health.

• They refuse to wash their hands and come to work sick – even though these are the best strategies to prevent a potential epidemic.
• They talk and text on their cell phones while driving – even though it is as dangerous as drinking and driving.
• They wear their safety glasses on the top of their head rather than as protection for their eyes – as seen over and over again on HGTV shows.  (I keep meaning to write a letter to HGTV pointing out the poor example they are setting for all of the DIYers in the audience.)

Why do people act irrationally?

My favorite book on this topic is Predictably Irrational (click on the link below to order from Amazon).  In this book, Dan Ariely explores the reasons why individuals appear to act irrationally – this includes overvaluing our possessions, letting options distract us from our real objectives, and following established social norms in the workplace.  As he puts it – “we consistently overpay, underestimate and procrastinate.”

Ariely contends that rather than ignoring the factors that make our decisions appear irrational, businesses and policy-makers need to design their policies to affirmatively address these behavioral influences.  This would include how an organization structures its OH&S management system processes and procedures.   To build a successful management system, we need to accept that there are many reasons why individuals act the way they do and design the right type of “interventions” to overcome our inherent “human” shortcomings.

What to know more?

I recommend reading Dan Ariely’s book – or checking out his blog. 

I particularly liked his blog post – The Meaning of Labor: What Legos Can Teach Us about the Joy of Work.  I think it has a important lesson for anyone who is seeking to solicit the assistance of others in developing a management system within their organization.

To purchase this book from Amazon, click here. Predictably Irrational, Revised and Expanded Edition: The Hidden Forces That Shape Our Decisions (See all Social Psychology & Interactions Books)

 © ENLAR® Compliance Services, Inc. (2011)