OHSAS 18001, like most other ISO standards, contains a clause that outlines how organizations should perform internal audits. Internal audits should meet the planned measures of the OHSAS System and the audit outputs should be made available. You should establish and plan your internal audit schedule, based on the results of previous audits and risk assessments.
Although it is sensible and standard, as are other clauses in OHSAS 18001, the internal audit should be approached with more care than, for instance, the comparable clauses in ISO 9001 (Quality Management) or ISO 14001 (Environmental Management). This is because an ineffective OHSAS 18001 audit could endanger the welfare of your employees.
Internal audit: When and how
When doing a management review, an organization should plan their internal audits at regular intervals. It should however be noted that accidents, incidents, risk assessments or stakeholder input can all be used to initiate internal audits beyond the regular schedule. This would be the case if the organization feels it would be beneficial to the overall health and safety performance. Let’s look at when, who, and how the OHSAS 18001 system internal audit should be performed.
- When: Internal audit should be done at planned intervals, or whenever it is deemed required, or beneficial to your OHSAS 18001 system.
- Who: The standard requires that the internal auditor must be impartial and objective. Auditor selection is critical. The auditor must be experienced and, if possible, formally trained. The auditor must also be aware of the company’s OHSAS Policy, objectives, and performance. As the internal audit process is so critical, many organizations use external advice from an expert for internal audit purposes.
- How: All relevant information in terms of “input” to the process should be available to the internal auditor. The auditor will also need OHSAS performance outputs, risk assessment information and results, desired OHSAS objectives and stakeholder input.
A logical question to ask at this stage would be “Why?” Apart from being a requirement of the OHSAS 18001 standard, internal audits should be seen as key drivers in the continual improvement cycle. It is also critically important as a preventive measure for health and safety in the workplace. Anyone interacting with the auditor should therefore always provide truthful and accurate information during the audit. An accurate assessment creates the opportunity for suggestions for improvement based on past and current data.
Internal audit output utilization
The OHSAS 18001 standard requires that management should have access to the results of any internal audits. This enables the top management team to make decisions on actions that need to be taken based on the results from the internal audit. In terms of continual improvement, it is however also helpful if the auditor makes suggestions based on the audit itself, as they have had direct experience and interactions with the procedures and processes during the audit. This will give the management team a more balanced view of the audit’s effectiveness and the validity of the results. This will create a bigger chance of continual improvement and output that could potentially prevent incidents and accidents. It is obviously necessary that the process be documented, including findings, outcomes and actions, as the internal audit takes its place in the improvement cycle.
Make sure that internal audits are always thorough, honest, and accurate. Use the “plan, do, check, act” methodology to ensure that the proposed actions are implemented, effective, and maintained. Once you have done this, you can be sure that the results of the internal audit are truly effective.
ISO 9001 quality management systems (QMS) are implemented using MyEasyISO software in Hanoi (Vietnam ), while ISO 14001 & OHSAS 18001 Health Safety Management Systems (HSE) are implemented with MyEasyISO in Amsterdam (Netherlands).
