previous : Part 2.04 - Risk Management
2.05 Auditing
Occasionally, every firm needs to carry-out an audit, a check, of its systems.
In its simplest form, an audit is to ensure that what we say we are doing is, in truth and fairness, what we are actually doing, and – hopefully – this will match what we are supposed to be doing. (The short essay at the end of this document referring to ‘gap analysis’ will discuss this further.)
The first considerations of an audit are:
- Check that a system exists, and then
- Challenge that system.
“A systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which the defined criteria are fulfilled”
To assist the various stakeholders there a range of audits from internal audits to external, third-party audits, each with its own scope of services. These are defined in the book ‘Safety Plus Risk Management Auditing’ (Tony Lawrence, Sydney 2003) as:
Quote:
- Validation Audit: Determines if the occupational health and safety management system (OSHMS) is capable of delivering the required performance of OSH.
- Complianace Audit: Determines the extent to which the organisation complies with its policies, procedures, standards and legislation. This is the common type of audit that is undertaken in Malaysia.
- Technical Audit: Determines compliance with specific procedures, legislation, regulations, high-risk and hazards in the workplace.
- Full Audit: Will encompass the total OSHMS and all its elements.
- Partial Audit: Will be confined to a certain section of the OSHMS, specified activities, processes or work locations.
- Phased Audit: This is a scheduled system of partial audits.
- Follow-up Audit: This is an audit undertaken to verify that the corrective actions suggested by an earlier audit have been effectively implemented.
- Surveillance Audit: This audit is conducted by a customer or a certification body to confirm the continuing compliance of the OSHMS with specified procedures, standard, regulations, and legislation.
- First Party Audit: An internal audit undertaken by people from within the organisation and often conducted as part of a systematic audit schedule. This type of audit can be applied to the whole or part of the OSHMS.
- Second Party Audit: An external audit undertaken by a major customer or interested party. It is usually at no cost to the auditee and may be conducted to establish or renew contracts between parties. They are usually restricted to specified aspects of the OSHMS related to the customer’s request.
- Third Party Audit: Sometimes referred to as a ‘certification audit’, these audits are carried out by an external, independent organisation (usually a certifying body/regulatory agency). The fees and costs are paid by the auditee and may be full, partial or phased, follow-up or surveillance audits. This type of audit assesses the whole OSHMS covered by the certification.
- Desk-top Audit: This is a document review process, and will be included in any of the above. Unquote. If the question is asked: “Does a system exist?” and there is no system presented to the Auditor, legislation will become the ‘safety net’ system to audit against. That is: all measures will be made against the conformance or non-conformance to the appropriate regulations, etc.
0 Comments