Tag: ISO 19011
In last week’s post, I discussed the two types of sustainability audits required by OHSAS 18001. In this week’s post, I am going to focus on the objectives necessary for an effective OHSMS internal audit program.
Just as there are different types of sustainability audits, there are different types of objectives required for management system audits. Importantly, an organization needs both audit program objectives and specific objectives to guide the conduct of each individual audit. Although the audit program objectives and individual audit objectives are related, they are not necessarily identical.
It is important to remember that an audit and an audit program are not the same thing. An audit is a “systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled”. An audit program is “set of one or more audits planned for a specific time frame and directed toward a specific purpose”. (Definitions from ISO 19011:2002)
OHSAS 18001 requires that an audit program be established.
An audit program involves more than just doing audits every once and a while. It requires audit planning and it requires the creation of audit procedures. As set out in the note to the definition in ISO 19011 – an audit program includes “all activities necessary for planning, organizing and conducting the audits”.
OHSAS 18001 requires both audits of sustainability and audits for sustainability.
What does this mean? What is the difference?
These two types of audits relate to two different definitions of sustainability.
The first definition, derived from the Brundtland Commission Report’s definition of sustainable development, is “meeting the needs of the present without compromising the ability of future generations to meet their own needs.” Although originally environmentally focused, this concept has evolved to include other components as well. Notably, for occupational health and safety, sustainability is seen as including the actions and conditions that affect all members of society including workers (the “social” component).
The second definition, the dictionary definition, is to “endure without giving way.” This concept of sustainability is focused on survival and maintenance in the face of changing conditions. This is often referred to as management of change. As stated in section 18.104.22.168 of OHSAS 18002, “The organization should manage and control any changes that can affect or impact its OH&S hazards and risks”.
The internal audit element of OHSAS 18001 (section 4.5.5) requires that audits be conducted in order to make the following three types of determinations:
- the OHSMS conforms to the OHSAS 18001 requirements and the organization’s planned arrangements;
- the OHSMS is properly implemented and maintained; and
- the OHSMS is effective in meeting the organization’s policy and objectives.
Many organizations focus almost exclusively on conducting internal audits to determine conformance – the first type of determination listed in section 4.5.5. These organizations often ignore the other two purposes of an internal audit listed in OHSAS 18001 – the requirements for sustainability audits.
In a previous blog, I discussed the difference between competency and awareness in an occupational health and safety management system (OHSMS). In that blog, I used the ISO 9000:2000 definition of competence as “demonstrated ability to apply knowledge and skills” since OHSAS 18001:2007 does not include a definition.
It seems that the appropriate definition of competence is now subject of some debate within ISO and may be subject to being “re-defined.”
Competency is a significant component of at least four standards currently under development within ISO –
- ISO 10018 – Quality management: Guidelines on people involvement and competencies
- ISO 14066 – Greenhouse Gases – Competency requirements for greenhouse gas validators and verifiers
- ISO 17021 Part B – Conformity assessment – Requirements for third-party certification auditing of management systems
- ISO 19011 (revision) – Guidelines for management system auditing
Interestingly, each of these standards has apparently rejected the dictionary definition, as well as the ISO 9000 definition, and each ISO Technical Committee appears to be in the process of developing its own concept of competence.
ISO 10018 is apparently focusing on how “human factors” impact the effective functioning of management systems with the definition of competency being passed to a subcommittee. ISO 14066 is structured to set out detailed lists of the skills and knowledge that must be possessed by GHG verification and validation teams – with the focus on team rather than individual competency. The initial committee draft of ISO 17021 defined competence as “personal attributes and ability to apply knowledge and skills” with a heavy focus on personal attributes and generic audit skills but essentially no guidance as to the needed discipline-specific knowledge (e.g. quality, environmental, OH&S). The revision of ISO 19011 has just begun; however, the issue of auditor competency has already been identified as one of the “hot-button issues” associated with revision of this standard.
A review of the various standards and other reference materials appear to set out three different, and distinct, attributes that underlie competency:
- Attitude and personality traits –who you are
- Knowledge – what you know
- Skills – what you can do
Where the ISO standards seem to diverge is in the relative importance to be given to each attribute (personality vs. knowledge vs. skill) as well as in the specifics of what is actually required and how it should be demonstrated.
What do you think? What is competency?
© ENLAR® Compliance Services, Inc. (2008)