NEBOSH Diploma article: assessed by the best

15 September 2010
Lawrence Bamber
Add a comment

Lawrence Bamber’s series of revision articles for NEBOSH National Diploma students reaches the audit
stage.

Most health and safety practitioners have heard of the acronym POPIMAR in connection with
management systems.

The acronym first saw the light of day about the time of the first edition of the HSE’s
management systems guide HSG 65: Successful Health and Safety Management (free to
download here).

The letters stand for:

 policy
 organisation
 planning
 implementation
 monitoring
 audit
 review.

They set out the stages of a health and safety management system.

The original guidance stated that all stages of the management system should be subject to
audit; even the audit stage!

So auditing, both internal and external, was seen as a key focus for management systems
designed to produce continual improvement in health and safety performance.

First principles
Auditors and those who manage audit programmes are expected to work according to the
following principles:

 integrity: the basis of professionalism

 fair presentation: the obligation to report truthfully and accurately
 due professional care: the application of diligence and judgment in auditing
 confidentiality: security of information
 independence: the basis for the impartiality of the audit and objectivity of its conclusions
 evidence-based approach: the rational method for reaching reliable and reproducible audit
conclusions in a systematic audit process.

This risk-based auditing concept follows the plan-do-check-act cycle, common to almost all
auditable management systems.

The “plan” stage establishes the audit programme and should include:

 developing the audit objectives

 the role and responsibilities of those managing the programme
 competence of those responsible for the programme
 determining the audit’s extent
 evaluating audit programme risks
 establishing audit procedures
  identifying resources.

The “do” stage involves the overall implementation of the full audit process, which should
encompass:

 appointing the people to manage and implement the audit programme

 defining audit objectives, scope and criteria
 deciding the audit methodology
 checking potential auditors’ competencies
 choosing the audit team
 deciding on the audit activities
 assigning responsibilities for individual audit actions
 managing and maintaining the audit programme records.

The “check” phase involves monitoring the full audit process, and finally “acting” means
reviewing and trying to find ways to improve the overall audit process.

Audit activities
The responsibility for an audit is assigned to the audit team leader who is charged with its
conduct through to completion.

Hence, to initiate, prepare, conduct and complete an audit, the following steps should be
considered and taken in order as necessary:

 Initiation: this involves making contact with the organisation being audited and assessing the
feasibility of the audit

 Preparation: this means drawing up the audit plan, assigning tasks to the audit team members
and drafting working documents

 Conducting the audit: This stage starts with a document review, followed by an opening
meeting, assigning the responsibilities of any guides and observers, collecting and verifying
data, agreeing the audit findings and recommendations and holding a closing meeting

 Completion: preparing and distributing the audit report and conducting any follow-up.

Auditors’ competence
Confidence and reliance in the audit process depends on the competence of those involved;
the auditors and the audit team leaders. Some of the knowledge and skills required are
common to auditors of any management system; others are particular to auditors of specific
disciplines, such as occupational safety and health.

The evaluation process comprises four main steps:

1. Determine the competence requirements for the programme.

This will obviously include knowledge of audit principles, procedures and techniques,
management systems and relevant reference documents, legal and other
requirements, discipline and sector-specific knowledge.

Team members will also need training and audit experience, but should also be
chosen for their personal qualities. The ideal auditor is ethical, open-minded,
diplomatic, observant, perceptive, adaptable, tenacious, decisive, self-reliant, well
organised, open to improvement, culturally sensitive, and a team player.

(All these are positive attributes for occupational safety and health practitioners as
well.)
 2. Establish the evaluation criteria for auditors. These will be a mixture of qualitative values:
personal behaviours, proof of knowledge, demonstrating skills in training or in the workplace;
and quantitative measures: years of work experience, proof of education, number of audits
conducted, hours of audit training

3. Select the appropriate evaluation method(s). These include: review of auditor records, feedback
from auditees, personal interviews, observations, psychometric testing, post-audit reviews

4. Carrying out the evaluation. The information collected about the person is compared with the
agreed criteria. Any gaps identified should be plugged, prior to audit participation.

Auditors should maintain their auditing competence through regular participation in

management system audits and continual professional development (CPD).

Subject specific
To be considered competent health and safety auditors, people should be able to
demonstrate they have a set of discipline-specific skills. They must understand health and
safety management system requirements and principles and their application. This will
include knowledge of health and safety terminology, and of the relevant standard (such as
BS OHSAS 18001) they are judging the system against.

They must have enough knowledge of legal and other requirements to let them evaluate the
safety management system. This includes knowledge of industry best practice, international
conventions and treaties, regulatory frameworks and guidance from regulatory bodies.

They must also understand health and safety techniques such as hazard identification, risk
assessment, determining controls and risk communication, evaluating health and human
factors, developing and using proactive and reactive performance measures and metrics,
evaluating the different types and levels of health and safety competence required across an
organisation and assessing of that competence, investigating and evaluating work-related
accidents, and encouraging employee involvement.

A competent auditor will have a sound grasp of the science and technology underlying the
health and safety discipline, the hazards and other factors affecting human performance in
the workplace, including physical, chemical, biological, gender, age, disability, psychological,
physiological and health factors, the interaction of humans with machines, processes and the
work environment, including workplace, ergonomic and safe design, information and
communication technology; and human behaviour.

They will know the principles and practices for emergency planning, prevention, response and
recovery; exposure monitoring and assessment methods, accident and work-related ill-health
investigation techniques, health information, including work-related exposure and illness
data; confidentiality, and occupational exposure limits.

Understanding of discipline-specific knowledge related to the resources, assets, sector,

operation or workplace being audited is essential, to enable the auditors to fully evaluate the
auditee’s activities, services, products and processes.

This will include: consideration of the processes, equipment, raw materials, hazardous
substances, process cycles, maintenance operations, logistics/distribution, workflow
organisation, working practices, shift patterns/scheduling, organisational culture, leadership,
behaviours and other sector-specific issues; typical sector-specific hazards and risks,
including health and human factors; legal and other requirements; risk assessment, risk
control, and management techniques; and indicators for proactive and reactive performance
measures and metrics for the sector.

The above requirements for health and safety knowledge and skills for auditors add up to an
excellent role profile for competent practitioners, for whom the audit process is a vital part of
their armoury to enable the achievement of the goal of continual performance
improvement.

Shifting standard
 The current international standard for auditing: BS EN ISO 19011: 2002 entitled Guidelines
for Auditing Management Systems” is under review at present. The revised standard is likely
to be published towards the end of 2010 and is designed to provide guidance on how to audit
all management systems, including those for quality management, environment and health
and safety.

It is intended for all management system users, including small and medium-sized
organisations, and concentrates on internal and external audit programmes and how to
manage and conduct audits, including the competence and evaluation of auditors and audit
teams.

The various sections of the (revised) Standard are as follows:

 Clause 4 describes the principles on which creditable auditing is based and so helps the user to
understand the essential nature of auditing

 Clause 5 provides guidance on the establishment and management of audit programmes,

including establishing audit objectives and co-ordinating auditing activities

 Clause 6 provides guidance on conducting management system audits

 Clause 7 provides guidance relating to the competence and evaluation of management system
auditors and audit teams

 Annex A illustrates the application of the guidance in Clause 7 to different disciplines, such as
quality, environmental, occupational health and safety, resilience, security, preparedness and
continuity management, and transport safety management

 Annex B gives examples of the evaluation of audit team competencies in various hypothetical
organisations (aviation and event management, for example)

 Annex C provides extra guidance for auditors on planning and conducting audits.

This article was prepared on behalf of the National Examinations Board in Occupational Safety
and Health (NEBOSH) by Lawrence Bamber, BSc, DIS, CFIOSH, FIRM, MASS

Categories:
Qualifications, Features

Related articles:
NEBOSH Diploma article: all systems go
NEBOSH diploma article: lifting regs
NEBOSH Diploma article: immoral fibre

Bookmark this article with:

 Facebook
 LinkedIn
 Twitter

 Printer-friendly version

Post new comment

Anonymous
Your name: *
E-mail: *
The content of this field is kept private and will not be shown publicly.

Homepage:

Comment: *

3 form-0bd61547e4 comment_form Save Preview