What are safety audits and why conduct them?

Anticipating health and safety issues and taking actions to prevent them

By Paul A. Esposito, CIH, CSP, CPEA, Vice President of ESIS Global Risk Control Services, ACE INA Insurance Co.

View more safety content on PlantServices.com

Safety audits (assessments) can rate an organization’s total safety and health program, identify its strengths and weaknesses, show where improvements are needed and create a process and procedure by which problems can be corrected. In addition to assessing safety violations and work conditions, some audits assess senior management’s philosophy and attitude towards safety. The three types of safety audits that evaluate these practices are referred to as compliance, programs and management system audits.

Compliance audit

The most basic audit is a compliance or condition inspection. OSHA does not specifically require that companies conduct safety and health audits, but OSHA regulations are written such that employers must furnish their employees with a place of employment that is free from recognized hazards and complies with certain OSHA standards. Management then develops programs for each employee to comply with certain standards, rules and regulations. In addition, compliance requirements dictate certain record-keeping, programs and training requirements. A true compliance audit will look at all three factors — conformance, record-keeping and training.

A safety audit based on OSHA compliance will determine whether the company can provide a safe and healthful workplace. But this audit on its own tends to focus more on unsafe conditions rather than unsafe acts and behaviors. However, the majority of accidents occur from unsafe acts, i.e., you can have a wet floor (unsafe condition), but an injury may not occur until someone walks on the wet floor and slips (unsafe act). It is impossible to have a workplace free from unsafe conditions all of the time, because conditions and people change and the potential that someone will create unsafe conditions is always present.

Program audit

To achieve a goal of reducing accidents and incidents as well as unsafe acts and conditions which result in accidents, you must have programs in place that dictate how to implement safety rules or requirements. An example of a regulatory requirement is to record accidents on an OSHA 300 log and to do so within six days. A program requirement would describe the method one would use to investigate the accident.  OSHA, while providing suggestions for investigating an accident, does not regulate how to investigate. So it is up to the company to define and write down the procedure for investigating the accident in order to implement the safety rule or requirement and to make it meaningful. Having done so, the company now has a safety program in place for the procedure.

A program audit is an analysis that gauges the implementation and strategy of these safety programs. Is the company following its own procedures and programs?

One drawback to a program audit is determining what to use as a standard. There is plenty of guidance but not much consistency in professional practice when it comes to what should be included in safety programs. There are some fundamentals, however. For one, it is essential to any safety program that all procedures are written down. Writing down the program allows the communication of the hazard as well as the procedures for minimizing exposure to the hazard and allows the procedure to be checked, measured and or audited. If unsafe acts create unsafe conditions, you need a program to communicate how to stop doing those things.

One challenge is that keeping safety programs current requires being able to manage change. New facilities, equipment and personnel (i.e., change in shift hours if it means an increase in workers’ exposure time) require changes in safety programs.

Both the compliance and program audit are useful snapshots to indicate potential exposures and risks. The value of these audits is to find the safety gaps so they can be closed. Another value is to verify if people are really following established safety guidelines. But an audit that is conducted only once a year is limited if there is no ongoing process by which to measure peoples’ performance — how often and how well are employees using and following safety programs.

Management systems audit

The final step in a comprehensive safety audit is to evaluate and validate the effectiveness of, and management’s commitment to, safety compliance and programs, employee involvement, and risk control procedures. The management systems audit examines accountability, effectiveness of this implementation and how well the company’s health and safety program is integrated into the overall culture. A management systems audit integrates all three audit techniques, document review, interviews and workplace observation, to make these determinations.  Finally, to make safety programs sustainable, they must be integrated into the company’s existing business practices.

The basics of a safety audit

First, determine your safety requirements and expectations, be they regulatory, program, organizational or cultural. Some of this information can be obtained from industry publications, OSHA, other business’s benchmarks, industry associations, professional conferences or by hiring a consultant.  

The process by which the audit is conducted is best written down so it can be duplicated each time. Create a check list that is referred to at every audit — if the methodology for conducting the audit is different each time, how will you know if your safety standards and practices are improving?

There are many different ways to measure audit outcomes. Some type of scoring process is typically developed to be able to compare status and evaluate progress. Remember, auditing is not a one time process. Each type of audit should be conducted at least annually but it helps to know what’s going on between the audits.

Given that there are over 100 different OSHA regulations, different items within those regulations and 20 to 30 programs to implement the regulations, it takes time to conduct an audit. An audit will probably take a minimum of two to three days to conduct if a company employs less than 100 people, longer if it’s the first audit. And if it is the first audit and the company is starting from scratch, it will probably take longer to develop the methodology for conducting the audit than to conduct the actual audit.

Why conduct a safety audit

It can take a significant investment to make an assessment of your safety programs and the pay off or return on investment is determined by management’s commitment to address the findings. If you do not establish a method to analyze trend data and track recommendations and follow-through, than a safety audit will not be as good a return on investment. Companies who buy-in to wanting to know where there are gaps and weaknesses will find audits a valuable exercise worth the investment.

The type of audit you choose may depend on your corporate culture and what the company is most worried about. If it is liability, do a compliance audit. If the company is more worried about implementation gaps do a program assessment. If the company wants to know about effectiveness gaps, a management systems audit is in order.

There are pros and cons to all three types of safety audits. A compliance audit alone may uncover a potential liability or OSHA citation but it won’t necessarily help you learn how to avoid the problem in the future. A management systems audit identifies these gaps as symptoms of deeper seated organizational or cultural shortcomings rather than listing the specific findings. It may not inventory all of your risks as a program or compliance audit will, but rather give you a better picture of how to prevent these risks and liabilities.

For this reason, many companies do all three types of audits in various stages and mixes. There are as many different implementation strategies for safety audits as there are companies. Some companies choose to do a hybrid of all three types of safety audits depending on where that company is in terms of its maturity as each type of audit requires an increasing level of business maturity (compliance being the most basic).

Once this maturation strategy has been determined and a company is able to progress successively from one type of audit to the other, the more basic audits, compliance and then program audits, require less effort and eventually a company can wean down the compliance and program audits until they are far less intensive. But, when all is said and done, an organization should never really stop constantly assessing its total safety and health efforts.

For more information on industrial hygiene and methods for promoting health and safety in the workplace, as well as a listing of industrial hygiene consultants, please visit the American Industrial Hygiene Association website at www.aiha.org.