Audit time can be stressful.  Like most safety managers you might be anxious about whether you have reviewed every element of a safety protocol, and whether you have  the systems in place or documentation to prove due diligence.  Or you could have the system in place, but may be lacking the "link" between each audit bullet (for some standards there are over 100 bullets) and the processes and records that satisfy the requirements. 

We have recently introduced a new SafetySync component that we call "Audit Preparation and Review".  This tool offers administrators the ability to select any number of standards (such as Enform Certificate of Recognition - COR or CSA Z1000) which they would like to prepare for and achieve.

Unlike other audit review software on the market, this SafetySync component is designed for safety managers and administrators for internal purposes only.  Essentially, it is meant to help organizations perform better on their external audits, and to perform internal audits in the interim.

Each audit protocol allows administrators to drill down to the bullet level (such as Enform COR 2010 D1.b in the example below).

For each bullet, you can:

1. Enter notes (what systems you have in place, progress being made, plans, explanations, etc.)
2. Update the status (as either "Compliant", "Not Applicable" or "Deficient")
3. Link to web pages (such as policies, training videos, certificates, compliance reports) in either SafetySync or other online systems
4. Upload documents (such as spreadsheets, Word or PDF documents) in the event you do not have an online system in place

Once you have all the appropriate links or documents in place to satisfy the bullet, change the status to "Compliant" (it will track the date and user for each entry).  Keep doing this for each subsequent bullet until you have every one covered, meaning you've either completed the internal audit, or you are ready for a 3rd party auditor to come in and check your work.

The hazard identification, risk assessment and control process is the foundation of an effective occupational health and safety management system ("OHSMS").  National and International OHSMS standards require this process to be carried out as the basis of an effectively functioning management system.  The rest of the OHSMS cannot function properly without thoroughly and effectively identifying hazards, assessing their risk and implementing controls to minimize their risk.   

For the past year I have been participating in the development of a CSA Standard (CSA Z1002) on this very process.  This is a much needed standard as Canadian legislation in this area is lacking.  Only a handful of jurisdictions specifically require this process to be carried out while legal requirements in most other jurisdictions only imply that this process be carried out. 

For instance, Ontario's Occupational Health and Safety Act requires supervisors to "advise a worker of the existence of any potential or actual danger to the health or safety of the worker of which the supervisor is aware", which implies that hazards have to be identified.  On the other hand, Part 2 of Alberta's Occupational Health and Safety Code, titled "Hazard Assessment, Elimination and Control" requires employers to "assess a work site and identify existing and potential hazards before work begins..."  It goes on to require that employers implement the hierarchy of controls for any identified hazards.  But even this fairly progressive legislation has its faults.  It doesn't provide much practical advice with respect to carrying out this process and even the OHS Code Explanation Guide falls short of describing what I would consider a reasonable hazard identification, risk assessment and control process.  Employers are left to interpret these legal requirements and in my experience it is rare to find two employers who are carrying out this process in a similar fashion.  The result is a whack of spreadsheets and hard copies being stored in all corners of an organization.
 
The most effective method of carrying out this process is through an effective Job Safety Analysis that results in adequate safe work procedures.  The real key with respect to due diligence is to demonstrate that the risk of EACH identified hazard has been assessed and that the risk was minimized by implementing effective controls.  This is something that the safe work procedures provided by SafetySync do an excellent job of displaying visually.  You can't argue with the value of that due diligence evidence.  Be sure to check it out.

We've got a long way to go as far as standardizing this process but SafetySync is a great place to start.  CSA Z1002 should also provide much needed guidance in this area, help get employers on the same page in relation to this process and go a long way in protecting the health and safety of workers.  

Image at Left: Screen shot of sample risk matrix chooser in SafetySync software.  Administrators simply click on the corresponding box for the appropriate Probability and Severity.

I have had a number of conversations recently with Jeff Morrow, the Publisher of Worksite News, which is a leading health and safety magazine in Canada.  I thought there could be more emphasis on Safety Management Systems in the publication, since many organizations are now struggling to meet CSA Z1000, OHSAS 18001, and the new Certificate of Recognition standards due out soon.  He agreed and suggested that I might regularly contribute some editorial content.  My first submission has been added to the March/April 2009 issue (page 17) - "Managing health and safety policies online: More than merely posting".

The print version is due out in the third week of March, but the online version is available now:

http://www.worksite-news.com/Articles/13-18.pdf (scroll down to page 17)

Please have a read through the article and feel free to comment here on my blog!