The popularity of auditing quality, environmental, and safety management systems is gaining momentum among Russian companies for various reasons. Some want to obtain the coveted ISO 45001/9001/14001 certification, while others consciously understand the value of this process and want to thoroughly identify their company's "weak points" to work on further development.
What is an audit? It is a systematic, independent, and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled. In other words, it is not an attempt to find a mistake at any cost, but rather to find out what processes are already in place and how they can be refined to achieve maximum efficiency.
There are several ways to conduct an audit. A company may have its own resources and expertise to conduct internal audits or invite third-party experts. Both have the same goal: to find "weak points" and develop recommendations for improvement. However, as they say, the devil is in the details, and both external and internal auditors have their downsides. When choosing one or the other, company management must clearly understand what they might (or might not) get as a result.
External consultants (cons):
? unfamiliar with production activities — it will take more time to understand systems and processes.
? much more expensive than conducting an audit in-house.
? there is a risk of being led by consultants when, after conducting an audit, the consultant begins to aggressively promote their own product
Internal auditors (cons):
? Lack of independence
? Diverts resources from regular work
? Lack of broader experience
? Potential for subjective judgment and bias
Therefore, ideally, it is better to use a combination of external auditing with the simultaneous development and involvement of internal resources.
For an audit to be as effective as possible, the auditor must be a top-level specialist.
Professionalism is that ephemeral substance that is difficult to measure, but if a person lacks it, it is immediately obvious.
? Integrity
? Fair presentation
? Due professional care
? Confidentiality
? Independence
? Evidence-based approach
? Risk-based approach
A few real and unfortunate examples from practice:
- "the HSE specialist's safety certificate expires next month, so currently your HSE specialist is not qualified for the position"
- "the company does not request traffic accident data from the traffic police, so we conclude that the company's road safety management system is not working" (despite having all training for both managers and drivers, all policies, medical exams, orders, etc., in place).
- "the company performs hazardous work, but I don't understand any of that, so I'd rather check the electric kettle cord in the office."
- "the manager won't like this finding, so we'll remove it from the report."
- "hooray, I have to audit them, I'm going to tear them apart"
How to fix this? By broadening the auditors' horizons, ensuring their involvement in production, providing coaching from experienced employees, and regular professional development at reputable and reliable training centers.
Important stages of an audit include reviewing company documentation and mandatory on-site visits to industrial facilities, where auditors observe how processes work, how equipment operates, interview employees at various levels, and observe working conditions. Of course, the modern situation dictates its own harsh conditions, but I am still not convinced of the value of conducting safety or environmental management system audits remotely. And can such an event even be recognized as an audit...? For me, this question remains open...
The outcome of an audit is simple — to provide management with an objective assessment of the current state of processes. Why? So that the manager can evaluate available resources and make a decision on further development.
The audit methodology is detailed in ISO 19011:2018 Guidelines for auditing management systems.