Recent Posts
Audit Objectives
In last week’s post, I discussed the two types of sustainability audits required by OHSAS 18001. In this week’s post, I am going to focus on the objectives necessary for an effective OHSMS internal audit program.
Just as there are different types of sustainability audits, there are different types of objectives required for management system audits. Importantly, an organization needs both audit program objectives and specific objectives to guide the conduct of each individual audit. Although the audit program objectives and individual audit objectives are related, they are not necessarily identical.
It is important to remember that an audit and an audit program are not the same thing. An audit is a “systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled”. An audit program is “set of one or more audits planned for a specific time frame and directed toward a specific purpose”. (Definitions from ISO 19011:2002)
OHSAS 18001 requires that an audit program be established.
An audit program involves more than just doing audits every once and a while. It requires audit planning and it requires the creation of audit procedures. As set out in the note to the definition in ISO 19011 – an audit program includes “all activities necessary for planning, organizing and conducting the audits”.
Sustainability Audits
OHSAS 18001 requires both audits of sustainability and audits for sustainability.
What does this mean? What is the difference?
These two types of audits relate to two different definitions of sustainability.
The first definition, derived from the Brundtland Commission Report’s definition of sustainable development, is “meeting the needs of the present without compromising the ability of future generations to meet their own needs.” Although originally environmentally focused, this concept has evolved to include other components as well. Notably, for occupational health and safety, sustainability is seen as including the actions and conditions that affect all members of society including workers (the “social” component).
The second definition, the dictionary definition, is to “endure without giving way.” This concept of sustainability is focused on survival and maintenance in the face of changing conditions. This is often referred to as management of change. As stated in section 4.3.1.5 of OHSAS 18002, “The organization should manage and control any changes that can affect or impact its OH&S hazards and risks”.
The internal audit element of OHSAS 18001 (section 4.5.5) requires that audits be conducted in order to make the following three types of determinations:
- the OHSMS conforms to the OHSAS 18001 requirements and the organization’s planned arrangements;
- the OHSMS is properly implemented and maintained; and
- the OHSMS is effective in meeting the organization’s policy and objectives.
Many organizations focus almost exclusively on conducting internal audits to determine conformance – the first type of determination listed in section 4.5.5. These organizations often ignore the other two purposes of an internal audit listed in OHSAS 18001 – the requirements for sustainability audits.
Who Decides?
Decision-making is an important part of a management system. In particular, making decisions that appropriately take into account the interests of stakeholders is emphasized in all management systems, including OHSAS 18001.
For a quality management system, the ultimate stakeholder is the customer. The primary focus of a QMS is customer satisfaction. After all, without satisfied customers, there is no business.
For an environmental management system, society-at-large is the stakeholder with laws and regulations establishing societal standards for what is considered adequate pollution prevention. Legal compliance is a required commitment within the organization’s environmental policy and a key focus of an EMS.
In both a QMS and EMS, there are independent stakeholders outside the organization that serve to counterbalance the internal interests of the organization.
For an OHSMS the situation is different. The primary stakeholders – workers who may suffer injury or ill health – are internal to the organization.
OHSMS Principles
Standards are based on principles.
ISO 9001 is based on quality principles. ISO 19011 is based on auditing principles. Last week, I participated in a conference call for ISO 14046 in which we discussed what principles are important to the development of a water footprint. For this discussion we started with the sustainability principles set out in a publication entitled, Guide to Corporate Ecosystem Valuation, which was recently developed by the World Business Council for Sustainable Development.
Just as principles are important for many of the ISO standards, OHSAS 18001 is also based on several principles.
Control of Documented Information
In a previous blog, I discussed the new High Level Structure and identical text requirements that has been proposed for all ISO management system standards. One of the proposed changes is to eliminate the document control and record control elements and replace them with a new provision requiring control of “documented information”. Documented information is somewhat vaguely defined in this new scheme as “the information required to be controlled and maintained by an organization”.
Although this may be seen as progressive by those who developed this new management system structure, it is likely to create confusion on the part of users of the standards who are not information management experts.
There are important reasons for distinguishing between the documents that need to be controlled in a management system and record retention requirements. Even though both document control and record control are control of documented information, their purpose and use is very different.
I2P2 & Employee Engagement
Last week I gave a presentation to an industry group on OSHA’s proposed Injury and Illness Prevention Program (I2P2) rule. In my presentation, I focused on the requirements for worker participation within an OHSMS.
One of the questions OSHA raised in its original I2P2 proposal was –
What mechanisms have been found to be effective for enabling employees to participate in safety and health in the workplace?
Worker participation is one of the areas where there are significant differences between OHSAS 18001 and both ANSI Z10 and OSHA VPP.
OSHA VPP and ANSI Z10 focus on employee participation, as defined by the technicality of labor law. OHSAS 18001 focuses instead on worker participation, as defined by the extent of the organization’s control over the work being performed.
High Level Structure for MS Standards
An initiative has been underway within ISO that is likely to have a significant long-term impact on all management systems within an organization – including occupational health and safety management systems.
This is the development of a document that sets out a common High Level Structure and core definitions to be used in all ISO management system standards. This document was developed by an ISO Joint Technical Coordination Group (JTCG) tasked by the ISO Technical Management Board (TMB). It was published as JTCG N44 in December 2010.
Ownership of an OHSMS
I received the following question about the OHSAS 18001 requirements from a reader –
Would you kindly let me know which department should take ownership/responsibility in a manufacturing unit for OHSAS activities implementation, like Lock out –Tag out and etc.
- Health and Safety Dept.
- Maintenance Dept.
- Admin Dept.
- Others?
This is the answer I provided –
Safety Matters?
A blog on the website The Hill caught my eye this morning. It is entitled “More than 70 percent of Congressional offices violate OSHA worker safety standards.” This is an alarming finding.
What was even more disturbing is that the blog went on to say that this result – 70% of office areas in violation of OSHA standards – was seen as an improvement because the number of violations found during previous inspections was even higher.
Wow!
Having piqued my interest, I headed over to the website for the Office of Compliance to take a look at the report myself.
What I found was the Biennial Report on Occupational Safety and Health Inspections dated June 2009.
There are some interesting things in this report –
Olympic Death – Lessons for an OHSMS
The death of Georgian luger Nodar Kumaritashvili at the beginning the 2010 Olympic Games was tragic.
Even though most workplaces are clearly not the same as an Olympic sports facility, there are “lessons to be learned” from this tragedy for occupational health and safety professionals.
- Arguing whether the individual hurt was at fault is not productive. As the Georgian President Mikheil Saakashvili stated – “…no sports mistake is supposed to lead to a death.” When individuals die as a result of workplace incidents, the sentiment is the same. Blaming the worker is just as counterproductive as blaming an athlete.
- Consideration of ”human factors” is both critical to preventing injury and more difficult and complex than it initially seems.
What are those complexities?
