Recent Posts

Risk Management Requires ACTION

Although planning is an important part of an occupational health and safety management system, planning alone will not result in improved safety performance unless what is planned is actually done.

There is often a huge gulf between what an organization says about safety and what it actually does.  It is not unusual for the OH&S Policy statement to commit an organization to best-in-class performance when the day-to-day reality is not even close. This is the gap between intention and results.

Implementing a functioning OHSMS means making hard decisions about how an organization is going to use the resources it has available – time, money and infrastructure (e.g. software).  Even if an organization has unlimited funding, It is not possible to actually do everything immediately.  It still takes time, personnel and, very often, infrastructure improvements and organizational culture changes to accomplish lasting improvement in OH&S performance.

Prioritization of what will be done right now is what is critical. 

Saying you are going to take action “someday” does not manage risk.  Writing procedures that set out tasks that cannot actually be completed because the personnel needed to do them are not available does not manage risk. Implementing inspection programs without having the resources available to track and fix the problems that are identified does not manage risk.  Managing risk requires action.

This is why section 4.3.1 of OHSAS 18001 requires that the organization identify the controls that are needed to reduce OH&S risks to acceptable levels and then implement and maintain these controls within the OHSMS.

Obviously, this means implementing the selected control measures.  It also means having “checking” processes in place to ensure that the controls are both maintained (e.g. continuing to be done over time) and actually effective in reducing OH&S risk to acceptable levels.

Many organizations miss this “checking” component associated with implementing OHSAS 18001; yet, it is critical to managing risk. For example –

  • Safety lockouts may fail – yet no one notices or reports the failure since it is “not their job.”
  • Inspections or preventive maintenance is scheduled and tracked – but not actually completed when scheduled because production equipment cannot be shut down.
  • Facility inspections are no longer done – individuals assume that since no one ever reviews the results why bother continuing to do them.
  • Procedures continue to be followed – but the actions being taken do not address the activities or conditions that actually create the real risks (e.g. having two processes that inspect vehicle tires but none that replace windshield wipers).

Yes – plan.  But don’t stop there.  You then need to act and check that the actions being taken actually work.  If they don’t, revise your plans and try again.  In other words – Plan, Do, Check, Act.

For additional information about the importance of resources in an OHSAS 18001 management system, check out these previous blog posts –

© ENLAR Compliance Services, Inc. (2012)
July 25, 2012 | 0 Comments More

What is Knowledge?

There is a great deal of emphasis on managing “knowledge” these days.

  • Organizations are striving to become “knowledge-based.”
  • Corporate mission statements are focused on “creating knowledge.”
  • Thousands, if not millions, of dollars are being spent on “knowledge management.”

This is ironic because knowledge doesn’t actually exist – at least not in any physical sense.

Knowledge is personal.  As one blog commenter put it – “Information becomes knowledge when it gets to your brain.” 

Can an organization have knowledge?

In the future, the answer may be “yes” –  if computers advance to become the independent artificial intelligence (‘brains”) of organizations.

Today, the answer is “no.”  Organizations can be filled with knowledgeable individuals.  Organizations can promote the development of knowledge.  Organizations can facilitate the sharing of knowledge.  Organizations can’t, however, be knowledgeable since they do not have what is needed for knowledge – a brain.

Can an organization create knowledge?

This is a little like asking if one can create love – or anger or fear or any other state of being or personal attribute – within another individual.  The answer is “no.”  Companies can facilitate the creation of knowledge; however, becoming knowledgeable remains a personal choice. 

One of the common excuses given by senior management to justify why they are not responsible for organizational malfeasance is, “I didn’t know.” (Consider Rupert Murdock of News Corporation and Bob Diamond of Barclays Bank).  This “I didn’t know” excuse would have no validity for avoiding liability if, in fact, organizations can create knowledge.

Why is this important for OH&S management systems?

To have an effective occupational safety & health management system, an organization must put processes in place to promote the development of personal knowledge sufficient for individuals to make the appropriate decisions – and be held accountable.

Knowledge does not exist simply because procedures have been uploaded to a corporate database.  Knowledge does not exist because an e-mail has been sent or a training program was uploaded to the intranet.  Knowledge does not exist because a report has been created.  All of these are simply the creation of information.  Knowledge only exists when information reaches an individual. 

One of the focuses of an OH&S management system is taking steps to ensure senior management becomes knowledgeable.  Personal knowledge is needed for making the decisions necessary for Management Review (see Section 4.6 of OHSAS 18001).  Personal knowledge is also needed to ensure the availability of the resources essential for maintaining and improving the management system (see Section 4.4.1 of OHSAS 18001).  One of the benefits associated with implementing an effective OHSMS is that the “I didn’t know” excuse is no longer appropriate – nor should it be necessary.

© ENLAR Compliance Services, Inc. (2012)
July 6, 2012 | 0 Comments More

A Job Is a Dying Concept

Dr. John Howard, Director of NIOSH, gave the keynote presentation last Tuesday (June 19, 2012) at the American Industrial Hygiene Conference (AIHce).  In his talk, he focused on 7 trends that will define the future of occupational health and safety – demography, employment, discrimination, disability, governance, standards and professionalism.  In this blog post, I will focus on one – employment trends.

As Dr. Howard put it, “A job is a dying concept.”

He went on to elaborate – In prior generations, security was what defined employment; today, it is precariousness.  Work is increasingly contingent and less secure.  There is no promise of continuous employment – or, in a great many work situations, of even being considered an “employee.”

According to Dr. Howard, this employment trend has a significant impact on occupational health and safety. Within the current legal structures governing worker protection, non-employee workers are often unrecognized and unprotected.  Both workplace safety regulations and injury compensation schemes are based on one’s status as an employee. Yet, the risk of injury or death in the workplace is not related to a legalistic definition of employment – whether you are an “employee” rather than simply an individual laboring in the workplace.

Later in the week, Mike Wallace, from the Global Reporting Initiative (GRI), gave a presentation on the evolution of sustainability reporting and the need for new metrics for evaluating organizational performance related to occupational health and safety. 

He started his presentation with the following statistic – annually 2.3 million workers die across the world. It is clear that workplaces are not safe and worker protection is often missing.

He sent on to note that, in the past, safety professionals have “stayed on the sidelines” in defining OH&S metrics for measuring organizational performance – unlike their environmental counterparts. Creating comparable metrics is often viewed as “too complex” and “too time consuming.” 

Is creating OH&S metrics really more difficult than
creating metrics to address global climate change?

GRI is currently soliciting public comment on new OH&S metrics for inclusion in the GRI reporting scheme.  Unfortunately, to date, the metrics being used, as well as those being proposed, fail to take into account the employment trends highlighted in Dr. Howard’s presentation.  In particular, they continue to link OH&S performance metrics to “employee” protection NOT “worker” protection.

In my view, what is needed is new metrics.  Metrics that are specifically developed to promote worker protection – not the perpetuation of metrics based on definitions of employment that has little relevance to today’s economic realities.

© ENLAR Compliance Services, Inc. (2012)
June 28, 2012 | 0 Comments More

Paper is NOT obsolete

I have to admit it – I like paper.

This can be a scary admission since today everything digital is considered better.  At times, there seems to be almost a mass hysteria that our paper pads must be replaced by iPads.

There are, of course, advantages to electronic data management.  At the very least, there is the physical space you save when you eliminate the storage of paper records.  Then, there is the immediate availability of even very arcane information with a simple web search.

But there are downsides to electronic data management as well.  These downsides include catastrophic data loss when your computer crashes and the limitations associated with difficult-to-read screens, lack of reliable power supplies and web access failure.

Today, what is needed is a life cycle assessment approach to information management – with both paper and electronic devices playing their part.

In my view, paper is still the hands-down best choice for many of the data collection activities associated with occupational health and safety management system processes in industrial environments.


Reason #1 – Paper doesn’t require training or specialized knowledge to use.

We all know how to write.

The same is not true for using electronic devices.   Although manufacturers have attempted to make their products more intuitive, there is still a learning curve associated with every different device.

Filling in paper forms is something most of us have been doing all of our lives.

Reason #2 – Paper is more robust and unlikely to blow the place up.

Most electronic devices are fragile and, unless specially designed, capable of initiating a fire or explosion.  Dropping an electronic device into a puddle or pond likely means it is destroyed.

Particularly for field use, paper works.

One of the best products for wet environments (such as Florida where I live) is Rite in the Rain all-weather writing paper.   As long as you use a pencil or waterproof pen, your form or log book will not be destroyed even if you drop it in standing water. Neat!

Reason #3 – Paper can be “smart.”

Paper can have “metadata” associated with it. It can have digital watermarking, bar codes and RFID tags. It can “talk to” electronic devices such as bar code readers and cell phones.  The most ubiquitous example of smart paper is the identification badges that can open doors and keep track of your location.

Paper forms can be intelligently designed so that when they are scanned, information is uploaded directly into a database. You can have the benefit of paper for data collection and the benefit of computerization for data management.

Paper is increasing a transient medium used to display and transport information that is developed and maintained electronically.

Reason #4 – Paper can be secure.

When information is collected and maintained on a piece of paper there is only one copy and it can be physically secured.  A piece of paper cannot be hacked and sent offshore to information pirates.

Reason #5 – Paper helps you think.

There is a reason for whiteboards and flipcharts in conference rooms.  Putting ideas “down on paper” helps us collaborate, form ideas and identify connections.

So before you exchange your paper pad for an electronic tablet, think about what you want to accomplish.  Consider whether paper may still be the better choice for at least some part of the data management process – at least where you need a human interface.

© ENLAR Compliance Services, Inc. (2012)
May 31, 2012 | 0 Comments More

ISO 19011 & Audit History

Management system audits are an integral part of every management system.  All of the management system specification standards – including ISO 9001, ISO 14001 and OHSAS 18001 – require that an organization establish and implement an internal audit program.

I have been involved in auditing for over 30 years.

In the 1980’s – I conducted EHS audits world-wide for Bristol-Myers as part of the corporate audit team.

In the 1990’s – I started the decade reviewing a wide range of audit and assessment reports.  As an attorney for U.S. EPA, I evaluated assessments for the purposes of undertaking enforcement actions.  Then, as an attorney in private practice, I helped companies establish internal audit programs.  I also used audit reports prepared by others for advising clients on mergers, acquisitions, commercial loans and property development activities.  In 1997, I shifted my focus to assisting organizations with management system implementation and became a certified EMS Lead Auditor in 1999.

In the 2000’s – I turned my focus to management system audits and the development of audit standards.  I developed and taught numerous auditor training courses – from Lead Auditor Training to customized internal auditor training courses covering multiple disciplines (quality, environmental, OS&G, food safety, security etc.).  I also helped develop international auditing standards and participated as one of the U.S. Experts in the revision of ISO 19011.

I am pleased to announce that I have launched a new website that is based on my extensive experience in auditing:

This website focuses on providing useful information and resources to help auditors and audit program managers develop expertise in management system auditing.  In the blog associated with this site, I will be answering questions about establishing an audit program and providing insight into the intent underlying the language of the ISO standards that set out auditing requirements.

Click here to check out the initial post on this new site – Evidence-Based Auditing.

© ENLAR Compliance Services, Inc. (2012)
May 23, 2012 | 0 Comments More

Worker Health & Safety Principles

I have been spending time reviewing the draft of a new ISO document – Guide 82Guide for addressing sustainability in standards.  (For standards geeks, this document was recently circulated as Committee Draft 2 and is intended to be a guidance document for ISO standard writers.) 

In reviewing this document, I noted that one of the intents of this document is to list general principles of sustainability.  To accomplish this goal, the document lists principles associated with several topics from environmental labeling and sustainable buildings to risk management and social responsibility.  

In reviewing these lists of principles for other areas, I realized that I was not aware of a comparable list of worker health and safety principles.  As I discussed this with other OH&S professionals, they were not aware of any generally-recognized list of worker health and safety principles either.  

I thought about it and came up with the following list of seven principles (modeled after the list of Quality Principles set out in ISO 9000).

 Worker Health and Safety Principles

 1.       Health and Safety Focus

Worker health and well-being is an important organizational resource to be protected through the prevention of injury and ill health.

 2.       Leadership Commitment

Top management needs to provide the leadership and resources necessary for effective management of OH&S issues

 3.       Worker Engagement

Workers need to have the information, opportunities and accountability necessary for them to actively participate in ensuring their own safety

 4.       Factual Approach to Decision Making

Decisions and actions related to evaluating and controlling OH&S risks should, to the extent feasible, be based on the analysis of factual information

 5.       Prioritization of Controls

Hazards should be controlled using process, equipment and facility controls before administrative controls and personal protective equipment are utilized

 6.       Prevention Instead of Reaction

Establishing systematic processes to identify and address OH&S risks is more effective than waiting until after an incident has occurred to react

 7.        Supply Chain Accountability

Organizations need to act ethically when transferring OH&S risks to others in their supply chain

 What do you think?  Let me know by posting a comment to this blog post – or sending me an e-mail at

© ENLAR Compliance Services, Inc. (2012)
April 5, 2012 | 2 Comments More

Safety Culture – The Power of Habit

Last week I was browsing in an airport bookstore – looking for something to read on the plane. 

I found something truly amazing – at least to me.  A mainstream business book, a best-seller in fact, that had an entire chapter developed to worker safety!

Why was I amazed? 

Lately, it seems the only mention of worker safety is in the context of reducing OSHA regulations in order to unburden business.  Safety is typically demonized as a business burden not touted as a benefit.

Yet here was a book that made the convincing argument that focusing on worker safety was the “keystone habit” that drove the economic turnaround of a multi-billion dollar company.  Wow.

This book – The Power of Habit by Charles Duhigg – focuses on explaining why habits exist, why they are so powerful and how they can be changed.  It provides advice that can be used for changing personal habits – such as overeating chocolate chip cookies.  But it has more. What elevates it above a typical self-help book is that it also discusses the importance of organizational habits – the routines that underlay most business performance. 

As I read this book, I was struck by the similarities and synergies between organizational habits and management systems.  The routines that are the basic building blocks of habits are equivalent to the procedures (i.e. specified ways of conducting activities) that are the basic building blocks of management systems.  It struck me that the reason some organizations get great benefits from implementing management systems and others do not is the extent to which management systems are used to create and promote habits of success.

Are you interested in developing an OHSMS that creates positive cultural change?  Read this book.

© ENLAR Compliance Services, Inc. (2012)
March 27, 2012 | 0 Comments More

Is Safety a Burden?

This post is in honor of the “Super Tuesday” elections.

Occupational safety and health is taking a hit from the politicians. 

One of the constant refrains from the Republican presidential hopefuls is that safety and health regulations are strangling business.  Or, as UK Prime Minister David Cameron put it in a recent speech – “the excessive culture of safety and health that is dragging down business like a heavy wooden yoke.”  

Are safety regulations burdensome to business?

Of course they are.

They limit what businesses can do.  Fundamentally, they transfer the costs and risks associated with being hurt on the job back to the businesses that benefit from the labor of the individuals who have been – or at risk of – being injured.

The question isn’t whether occupational injuries and illnesses have costs.  They do.

The fundamental issue is who should pay and, more importantly, when and how the costs should be incurred. 

The real question is – “Should there be costs to businesses associated with prevention of injuries and illnesses (i.e. regulatory schemes) or should the costs be incurred by the employees who are injured or killed?”

It seems that many businesses and political leaders believe there should be no prevention and workers should bear the full cost of their injuries – not employers. 

Their view – Forget about prevention; forget about compensation. 

Like the mantra of “buyer beware” for consumers, they seem prefer a culture of “worker beware” when it comes to safety.  In their view, workers should bear the risks of injury; businesses and society should not.  David Cameron put it this way – safety culture is “nothing more than a straitjacket on personal initiative and responsibility.” (For more on his rant against safety regulations click here.)

Never mind the point that many employees have little meaningful way of actually preventing workplace injuries.

To David Cameron’s real point (setting aside the rhetoric) – “Are there safety regulations that are too burdensome?”

Again, of course.

Every safety professional has his or her own list of silly regulations – requirements that do not meaningfully contribute to improving safety (i.e. reducing the risk of injury). 

HOWEVER – hyperbole is not helpful – except perhaps for politicians who want to get elected or solidify their power base.

What would be helpful is a collaborative effort to eliminate “stupid rules” AND to put in place meaningful ones.

 What’s needed are rules that save lives, prevent diseases, and, just as importantly, provide the transparency needed to actually evaluate whether companies are preventing injuries and ill health or simply transferring the costs and risks to workers, their families and society at large.

© ENLAR Compliance Services, Inc. (2012)
March 6, 2012 | 0 Comments More

But Is It True?

There is a renewed interest in management systems on metrics.

This interest seems to be driven by two organizational concerns – transparency and risk.  In particular, it appears to be driven by the risks associated with transparency.

I attended the ISO 9000 Conference earlier this week. 

One of the keynote speakers – Bennie Fowler from Ford Motor Company – discussed how Ford has refocused on its core principles in order to achieve a financial turn-around.  This includes a re-emphasis on the principle – “Quality is Job #1.”  At Ford, quality is now an integral part of executive strategy discussions.

One of the main drivers for this renewed emphasis on quality is transparency. 

Due to the “open communication” nature of the intranet, companies can no longer hide their quality problems. 

Today, delivering a quality product every time is key to survival.  If a company does not, its quality issues are likely to be reported on the intranet for all to see.

Other speakers discussed the on-going shift in focus from product quality to organizational quality.  According to surveys, consumers often buy products because of their perception of the company rather than because of any objective evaluation of the quality of a particular product. 

This means that organizational risks become marketing risks. 

This customer focus on organizational quality is one of the drivers in the increase in corporate sustainability reporting.  Customers are interested in whether a company is a good corporate citizen.  They want to make sure their brand loyalty is justified.

These sustainability reports often include an occupational safety and health component.  This usually consists of “some numbers” associated with injury rates. 

But are these numbers true?

If the studies that have been conducted on the accuracy of injury reporting are to be believed, maybe not. (Click here to go to a previous blog post about injury and illness reporting issues.)


There is no global standardization, no accountability (as in a third-party review of the data or processes used to develop the data) and definitely no transparency for injury and illness metrics.   There is no easy way to check the numbers being reported, nor is the information available to do so.  Right now, we simply have to take the company’s word for it that these “metrics” are accurate.

Quality is being driven by the risks of transparency; safety is not.

© ENLAR Compliance Services, Inc. (2012)
March 1, 2012 | 0 Comments More

Integrated Management Systems – R2 Practices


It is clear that integrated management systems represent the future.

This is evident from directives coming from the ISO Technical Management Board (TMB) that require the ISO technical committees to use a standardized structure and definitions for all ISO management system standards.  (Click here to read more about this MSS initiative.)

It is also evident in non-ISO management system standards – such as the Responsible Recycling (R2) Practices standard. 

The R2 Practices is a certification standard developed to help address the improper handling of electronics waste (E-waste).  This “E-Waste Problem” being the health and environmental impacts that result from the improper handling of E-waste – particularly in developing countries.  The R2 Practices standard is made up of 13 Practices that include quality, environmental and OH&S management system requirements – as well as mandatory supply chain management and a demonstration of financial responsibility.

Next Monday, February 27, 2012, I am giving a presentation about this standard at the ISO 9000 Conference in Orlando Florida.  My presentation is entitled Responsible Recycling:  Using Integrated Management Systems for Handling Electronics Waste.  This presentation is part of a conference track entitled Making Integrated Management Systems Work.

In order to provide additional information to conference attendees (there being only so much one can include in a 35 minute presentation), I have launched a new website.  This website focuses specifically on understanding the R2 Practices and implementing the management system processes necessary in order to become certified. 

Interested in how to use a management system to improve management of electronics waste?

Go to to learn more.

p.s. – My presentation isn’t just for “recyclers.”  It outlines five steps that any organization can take to better manage its used electronics.

February 23, 2012 | 0 Comments More