ISHN

What kind of audit are you after?

Compliance checks or deeper decision-making evaluations

January 3, 2013
Recently a client inquired about utilizing a consultant to conduct a “third-party” audit of his operations using the client’s second-party auditing protocols. At first, I thought this was an innocent request, but the more I got to thinking about it, I realized the client was simply transferring second-party auditing responsibility from his organization to the consultant’s organization. The client assumed this would reduce internal costs and introduce a “fresh-eyes” perspective of his operations.  Since several sites had experienced fatalities and numerous injuries over the past year, I wondered if the client was contemplating the possibility of transferring some liability, if the need surfaced.  More on this later.  

Introducing a “Third-Party Systemic Safety Audit” protocol into an existing internal second-party safety audit program serves as an excellent means for establishing the overall effectiveness of a corporate safety audit process.  For years, third-party safety audits have been treated as an industry best practice providing an external perspective on the effectiveness of the safety management systems a corporation depends upon to ensure compliance.

Typically, second-party audits focus on the nuances of compliance matters involving adherence to laws, regulations, and corporate policies and procedures. Third-party audits focus on the effectiveness of the systems utilized to deliver compliance.

Drilling down deeper

Subtle as it may be, there are differences in the execution of second- versus third-party audits. For example, a second-party audit of an incident investigation process would concentrate on the Who, What, When, Where, How and Why questions.  A third-party audit concentrates on the outcomes of the investigation, the decision-making processes during and after the investigation, the reporting processes, the systems used to address and correct the investigation’s findings, and the effectiveness of the correction.

In addition to improving the overall effectiveness of a safety audit program, third-party systemic safety audits bring a degree of assurance to those individuals in senior management and at the board level that careful and diligent attention is being paid to safety across the entire corporation.  Plus, third-party systemic safety audits aid management in making financial and personnel decisions during the course of the year and, at budget preparation time, to deploy the necessary resources to ensure safety.

Selection process

Designing a third-party systemic safety audit system must be accomplished through the active participation between those (i.e., safety professionals, operators, mechanics and management) who are going to be audited and those (i.e. consultant) developing, deploying and ultimately conducting the third-party audits. It is essential that the process begin with a review and analysis of the current second-party auditing process with the objective of suggesting enhancements to that process along with aligning it with the to-be-created third-party system.

Establishing a third-party systemic safety auditing system requires management’s commitment to pursue the answers to the following questions and making adjustments, as necessary:

• Is the organization’s structure designed effectively to manage risk?

• How effectively are workplace risks identified and controls implemented?

• How effective is the cross-organization safety communication?

• How effective is the process to identify and correct non-conformities?

• How effective is the organization’s continuous improvement process?

All of these questions are nested within the systemic characteristics of the organization. As noted, a third-party systemic safety audit program focuses on the effectiveness of the systemic elements of the overall safety program and not necessarily the compliance aspects of the program.

Systemic audit targets

Once the review and analysis of the second-party safety audit program is complete, the next step is to set about developing a comprehensive third-party systemic safety auditing protocol. In addition to designing the methodology for actually conducting the audit, incorporating feedback mechanisms that will be used during the audits, and the outline for the findings and recommendations reports, concentration will be placed on the following systemic aspects of the company’s overall safety program from an effectiveness point-of-view.

1. Management Leadership and Organizational Commitment

2. Hazard Identification, Assessment and Corrective Action

3. Hazard Controls

4. Work Site Inspections (Task Inspections, Second-party Auditing, etc.)

5. Employee Safety Competency (Technical and Cognitive) Training (All Levels)

6. Emergency Preparedness and Response

7. Accident and Incident Investigations and Post-Incident Response

8. Performance Measurement and Decision-Making

9. Planning, Budgeting and Implementing

10. Safety Program Administration

11. Safety Professional Career Development

12. Safety Training and Education

Delving into decision-making

Each of these overarching topical areas should be covered in a thoroughly applied fashion. For example, the third-party audit should delve into the actual practices that are conducted, decisions that are made, and actions implemented to address issues that surface during the audit.

As a specific example, virtually all organizations track a portfolio of safety metrics (e.g., leading and lagging); however, most do not draw upon these data to make management decisions.  During a third-party audit, the auditor would evaluate not only the metrics being tracked, but how these metrics are being used to make decisions and if the decisions are being acted upon.

An effective third-party systemic safety audit program provides a fresh eye, external view of the inner workings of an organization’s safety practices and procedures and whether these practices and procedures are operating in a fashion that ensures safety among all employees. Third-party systemic safety audits provide structured insight into the actual application of safety and its effectiveness.

Note of caution

On a final note, as companies become leaner and continue to outsource traditional internal safety, health and environmental work (e.g., Second-Party Auditing) to consultants, many of whom have recently retired from the same company doing the outsourcing, consultants need to be prudent as to conducting audits, whether second- or third-party audits. 

More attorneys involved in industrial fatality and disability cases are exploring the use of third-party audits as evidence in their cases. Consequently, for those of you entering or already in the consulting business, if you plan to include auditing in your portfolio of services, be sure you have liability insurance and a good attorney to prepare your contract language to protect yourself from being drawn into one of these types of cases.