Safety audits are a prerequisite for any organization, much more for those in a high-risk industry. It is an independently planned and documented examination of a company’s Occupational Health and Safety Management system.
The safety audit is intended to evaluate the standard of the control and the effectiveness of the system being evaluated. The audit asks five important questions. They are listed below:
Does a Health and Safety management system even exist in the organization?
If the answer is yes and a health and safety management system do exist, is it being used?
If the health and safety management system are being used, is it effective or not?
Does an adequate risk control systems exist? Are they implemented and are they consistent with the hazard profile of the organization?
These questions form the foundation on which the entire analysis of the audit is based. Why should businesses conduct a safety audit and what types of safety audits exist? We tackle those questions in the following sections.
Benefits of Safety Audits
There are several benefits of conducting a safety audit to measure the health and safety performance of your organisation. For one, it is a very pro-active approach because it helps with developing the criteria for further improvements.
These could be improvements in organizational strengths. It could be an improvement in identifying and controlling organizational weaknesses. In other words, it provides a platform for taking effective organisational planning decisions.
Additionally, a well-structured and properly conducted audit provides an objective view of the actual status of an organisation. It identifies weakness, recognises success, evaluates compliance, and determines the adequacy of policy and procedures against legal requirements and international standards.
Types of Safety Audits
There are two types of health and safety audits and they mostly refer to how they are conducted. These are:
Internal audits: Someone within the same organization conducts internal audits
External audits: External auditors are hired to conduct external audits
Although, both types of audits have almost the same operational processes as far as the purpose, content, sequence and depth of the investigations are concerned. The major difference between both lies in the approach.
An internal audit uses a subjective approach, while an external audit uses a more objective approach. A third party, external audit is more objective because it is conducted by expert agencies comprising of well-trained auditors, technical experts, legal specialists etc.
Meanwhile, internal audits use auditors from within the company itself, although, from neighboring departments. As a result, they cannot disclose any weaknesses. Instead, they devise ways of highlighting the strengths of the organisation. In other words, an internal audit is more like preparing for a third-party external auditing.
Safety audit should be taken as a critical link in the chain of sustenance of a safety and health management system for any workplace.
Developing a culture of organizational health and safety starts with proper audit standards set in place. Using audit software can help you fast track the entire process. Take advantage of a free trial today to get started.
Auditing is an integral part of any company that operates under tight regulations and standards, regardless of its size or the industry it serves. It is a means of evaluating the effectiveness of the company and its business operations to achieve its business objectives while preventing fraud or misappropriation of assets.
However, for corporations or companies with several branches across the country (or overseas), auditing is never an easy task. This is especially true for those who are still using a manual auditing process, which is traditionally done with papers and calculators.
With technology disrupting every sector of today’s modern business activities, it is no surprise that even companies are adopting a better way of conducting their auditing process. Auditing software is a revolutionary way of auditing companies in a faster and more effective way to achieve the same results.
Benefits of Audit Software for Businesses
The introduction of Software-as-a-Service or SaaS has improved the efficiency of companies all around the world. This holds true even for companies looking to increase compliance. Adopting software for your company’s auditing process presents many benefits. We discuss some of the most obvious ones in this section.
Audit Software Enables Businesses to Improve Its Performance
At the core of all auditing processes lie the company’s productivity and performance indicators. The auditing process is designed to help auditors look more deeply into the operations of a business and pinpoint non-performing departments and inefficient procedures. Audit software enables auditors to do this more efficiently, thereby improving the company’s performance quickly and efficiently.
Audit Software Saves Time and Reduces Stress
One of the significant drawbacks of auditing is the time and effort it takes – both for the auditors and for the company’s employees. Auditors are known to be enveloped in several papers trying to make sense of data to draw out any meaningful conclusions. Also, the larger the company they are auditing, the more stressful the whole process becomes – which in turn increases the chance of human error. Audit software reduces the time it takes to conduct an audit from weeks to just hours. Additionally, audit software reduces paperwork and provides a comprehensive data trail thus decreasing the overall stress needed to complete the audit process.
Audit Software Improves the Accuracy of the Data Captured During the Auditing Process
Another major drawback with manual, paper audits is that it restricts auditors to writing notes and completing checklists without any additional evidence. This leaves room for both human error and bias because an audit report could be as detailed or as vague as possible. An audit management software enables an auditor to capture evidence in real-time and include multimedia files such as audio, video, and photo. This reduces the need for interpretation by anybody, thus eliminating human error and the need to take additional notes.
Audit software is the future of auditing, and if your company performs regular audits, then you should deploy one in your organisation. It does not matter whether you are auditing for safety management or financial management, audit software is guaranteed to help your company save time and increase both compliance and productivity.
Organizations conduct safety audits to comply with laws or regulations and to provide a safe workplace for everyone. A safety audit identifies different levels of risk in each work area of an organization. An audit’s findings can also include how an organization can remediate potential threats to employees and visitors. When an organization follows through on the findings of a safety audit, the workplace will be safer, and there will be a reduced likelihood of worker injury, illness, and death.
A systematic approach is a vital ingredient for a safety audit. Including the following components will make a safety audit more effective:
1. Research safety conditions that should exist in each work area. Look up appropriate laws and rules of practice
2. Create an audit checklist. Include minimum safety standards for each work area and possible safety issues. If an organization has a safety management system, it may be possible to print a safety audit form for each program area. Extensive research helps an auditor to refine his audit checklist.
3. Conduct a preliminary inspection of all work areas. Use additional paper, if needed, to note unsafe conditions, including surfaces and equipment that need maintenance, repair, or replacement and areas where employees need better personal protective equipment. An organization can consult with experts to address safety issues that are outside the range of experience of the management team.
4. Inspect safety records of each program area. Read all safety policies and procedures, safety meeting agendas, Material Safety Data Sheets, previous inspection reports, and reports of accidents and injuries. A well-designed audit demonstrates how an organization has performed since the most recent inspection.
5. Conduct a formal inspection by visiting all work areas again. If a work area is not compliant with an item on the checklist, it’s important to record that finding. An auditor must also ask questions of on-duty managers and workers to ensure that enough information is collected to prepare a complete report.
6. Prepare an official version of the formal inspection that summarizes the audit’s findings. A summary includes comments addressing the changes that management has taken to increase safety since the most recent audit.
7. Provide a copy of the audit to management. Program managers need the auditor’s contact information if they have questions about how to correct problems summarized in your report.
There are many reasons for conducting audits, but following are the four most frequent reasons
Regulatory compliance audits
In market sectors such as Financial, Behavioral Health, Medical, and Pharmaceutical, periodic audits are the norm and the guidelines are clear. In any given year, a Behavioral Health clinic in NY State, for instance may be required to undergo 4 separate audits including Medicaid, HIPAA, OMH (Office of Mental Health), and OASAS (Office of Alcohol and Substance Abuse Services). In many of these cases, the auditors show up unannounced or on very short notice.
Compliance audits aren’t technically management audits, but the scores on such audits are certainly a direct reflection of management’s performance. Would your policies, practices, procedures, and documentation measure up to the scrutiny to which a Behavioral Health clinic is subjected?
Performance audits or ‘What’s wrong with our IT operation?’
Often, members of the IT management and staff think they are doing a spectacular job but the customers and executive management disagree vehemently. In the worst cases, end users are preparing their pitchforks and torches in case the audit doesn’t bring about some positive performance outcomes. These audits are tough; the IT staff is defensive and they all assume that the consultants are there to fire them.
During these audits, employees sometimes resign even before the final report is released. This is unfortunate because poor performance is a reflection of management rather than staff. At other times, excellent employees leave because they have had their fill of ineffective management. Frustrations become bitter tears dripping on the conference room table, even from managers.
Sometimes, incoming executives want an X-Ray of organizational performance and requesting an audit is an intelligent professional move. They want a clear distinction between the previous management’s practices and their own and they use the final report to establish a program of organizational change.
IT is too expensive
Occasionally, IT audits are conducted because executive management considers the IT operation too expensive. They want an independent audit and a strategic plan that shows all the viable options.
4 tips for a lower stress audit
If the auditors are coming next week, there probably isn’t much you can do to improve the outcome, but there is plenty you can do to make the process more comfortable for everyone involved.
Answer binary questions with binary answers
When questions requiring a Yes or No answer are met with lengthy explanations, it is a clear indication of a problem. When I ask if you have documentation of your daily security log validation, just say yes or no! If you don’t have the required documentation, no amount of explanation is going the help. Also, I am not really interested that you are going to begin implementing your security program next month. Good for you, but I only care about what your actual practices are at the time I ask.
Don’t lie, embellish, or bury information
I always walk into audits and assessments taking a neutral, objective stance and I appreciate clients who don’t try to pre-program me. I will selectively ask for evidence or documentation for every statement you make and false statements will certainly damage your credibility. When subjects provide evasive or ambiguous answers, my inner Columbo puts on his trench coat. Equivocation and rationalization drive me to keep searching until I get the answer. Just tell the truth.
Instruct your staff to cooperate politely
I recall one compliance audit where a staff member served up every document request with a plate full of anger and hostility. The odd thing about it was that all her ducks were in a row, which is pretty unusual. So, why the anger? Don’t unleash it on the consultants.
I remember several engagements where the IT staff tried to tell me that their IP addressing schemes and Visio diagrams were secret. Huh? As soon as I retrieved my jaw from the floor, I went over their heads and arranged for delivery of the requested information. These events created suspicion and hostility that weren’t required.
In two organizations I contracted with, staff members claimed their Security Policies were secret! How does that work? These sorts of behaviors are indicators of significant departmental and organizational problems.
Prepare documentation in advance
All documentation including policies, procedures, infrastructure documentation, logs, hardware and software inventories, PSA system reports, etc. should be readily available for the consultants. They will ask to see it. I generally ask for all this information before I go on site for the first time and I am always appalled by the number of organizations that have none of the documents that are generally accepted to be components of a solid Information Technology Governance program. Sometimes these data dumps include reams of irrelevant information in the hope that I won’t find the smoking gun.
Auditing for organizational culture
I include a frank assessment of departmental and organizational culture in my reports and it is sometimes less than flattering. Delivering this information to executives and managers generally creates a tense silence while they try to chew and swallow that particularly tough piece of meat. They rarely argue because they know it’s true, but few have dared to state the obvious out loud. A realistic and objective assessment of company culture is required to address the root causes of problems. Bad management, inefficiency, malfeasance and incompetence have often been enabled for years before an audit is finally initiated. Interdepartmental politics, turf wars, jealousy, meddling and backstabbing all contribute to the problems at hand and managers throughout the organization are responsible.
In many cases, executives and managers have worked in large, bureaucratic organizations for their entire careers and they can’t see the signs of broken company culture. They think bad behavior and dysfunction are the norm.
The final report
If the final report is not a testimonial of glowing praise for your IT operation, I urge you to sit back and reflect carefully before lashing out. The report is a mixture of data, facts, and input from your coworkers and end users. I always base part of my conclusions on both formal and informal interviews with end users and managers from every department in an organization. What ends up in the report is a reflection of what your colleagues really think about your operation. My career started with a four-year stint in army intelligence and I actually do cross examine and interrogate. The natural inclination of some IT Directors is to argue and pick apart every statement and conclusion in the report, but this is definitely the wrong approach.
A nearby local government entity with which I am familiar recently received a failing audit from a state regulatory agency. It wasn’t a first-time fail and the endemic problems have been simmering for decades. Several executives from this entity made statements to the press that the audit “was a gotcha audit. It’s all about paperwork and there is nothing real here. We’re providing excellent services.” Talk about denial! I believe they will come to regret those statements since the infractions were extremely serious and they will likely have to return millions of dollars to Medicaid. They may call a missing signature “a gotcha,” but Medicaid calls it fraud. Their culture is so broken that they really need a turnaround expert and complete replacement of the management, but they haven’t reached rock bottom yet, apparently.
The correct response to a failing audit is to contemplate the report carefully and develop a proactive remediation plan immediately. Humility may save your job, but you can’t step off onto the recovery road until you admit you have a problem.
Ask for help. Operations that have been dysfunctional for years can’t be turned around overnight. Organizational culture may inhibit a turnaround and objective, external assistance may be required.
Listen to what your colleagues and objective auditors had to say and take it seriously. Don’t go swimmin’ in denial.
With the growing complexity of businesses and the number and types of audits that need to be conducted, Audit management has become challenging. Companies have quickly realized that paper based solutions are no longer the best way for managing internal audit programs.
On the other hand, effective risk management and compliance with government regulations are driving the need for ongoing auditing. Regular audits are essential for companies that are regulated or are following quality standard to reduce the risk of non-compliance.
Beakon’s Audit Management Software can be the answer to all these matters, such as, managing plans, equipment compliance, business processes and generating audit reports to improve efficiency and collaboration in your business.
Our audit management software provides the complete control of the entire audit cycle. The system improves the governance and management of all activities, information and processes related reviews without the limitations established by a manual process.
Beakon enables a full view of its audit program including: plans, schedules, evaluations and prioritization of risk management, audit processes and monitoring tasks remediation. Through this solution you can transform your manual audit processes to a dynamic program that will increase efficiency and decrease time within the full cycle.
Documentation and Actions to Perform
Beakon audit software provide full support for documentation performance actions for managing risk assessments within the entire audit universe to determine the approach that the department should take; these configurable assessments show the risk associated with each entity audit.
Beakon software summarizes the results of testing environments. The configurable audit work also allows you to include attachments and notes as a backup for each revision. Thus generating the audit results becomes easier and more efficient.
Beakon manages the deficiencies resulting from any failure in the audit process, allowing companies to respond quickly during monitoring the remediation process.
Use Reports and Dashboards
Using reports and dashboards allows executives to export all audit information so that they can deliver professional reports to senior management.
Centralization of all information, documentation and audit processes, correlation with the evidence, observations and notes of audit staff, all in one single repository.
It also allows the business to share information between departments, update audit processes, automate workflows and use historical information to other review processes.
Safety Audits and The Benefits of Conducting Safety Audits
For all types of businesses, implementing safety audits and measures ensures workplace safety and reduces injuries and the associated costs. This is especially important for large businesses with a large number of employees and contractors. Safety Audits give businesses a way to ensure the ongoing and monitored implementation of safety measures.