After the audit: now what?

Audit scores seldom reflect the underlying cause of gaps or strength in an organization, just as safety audits seldom reflect how safe an organization is. (Kings Access/Adobe Stock)

Just had a safety audit? Whether you passed it or not, there is still important work to be done.

Audits happen all the time. Usually they occur on a regular basis every three years or even every year depending on where you work.

In western Canada, Certificate of Recognition (COR) audits are done by an external auditor every three years. The COR program offers discounts on worker’s compensation rates in most provinces and many contractor evaluation processes expect supplies to have a COR.

When the report is completed and provided, it is typically filed following decisions on a few action items. Failing to analyze audit results is a missed opportunity for improvement and demonstrating the value you bring as an OH&S professional.

A safety audit looks at specific areas of your safety system or program. It is a great way of highlighting weaknesses, validating what you are doing, or finding strengths that can be leveraged for the organization’s benefit.

Most audits will organize the results for you into specific areas or elements. Audit findings are focused on gaps or weaknesses in your program or system.

Because the audit structure may not always match your company’s system or program, one of the first things you need to do is make sure these results are aligned with the elements of your system or program as your company understands it.

Gaps commonly occur in areas such as incident investigation, training/competency, or written procedures.

Analyzing the findings

Most audits will not actually tell you what the results mean. They will reveal that you lost points for a gap, but seldom analyze what that means.

A recommendation will address the specific gap but never reveal what caused it. An analysis is important to understanding the results.

For instance, a non-compliant procedure may mean that the company lacks an effective change management process, lacks a reliable method to track legislative change, or lacks a good method to produce and approve procedures.

Failing to find root causes on incident reports may mean that the process itself is flawed, there is no standard cause methodology applied, or that the process flow from report to investigation and review in the organization is not well defined or understood. Gaps should be investigated because you do have a failure — just not an incident.

The analysis also allows for the organization of findings, identification of strengths and prioritization for action.

That brings us to some very common errors that are often made in analyzing audits:

1. Trying to fix every gap. It is often impossible to fix every gap by the next audit unless considerable additional resources are assigned. This is a very common error that leads to an unachievable action plan.
2. Assuming fixing things is quick. Usually, fixes require thought, design, planning, training, execution and follow-up. They also may require the involvement of many people or groups. Fixing things sustainably takes longer than you may think.
3. Failing to recognize strengths. Perspective is important. Is your organization strong in areas where it matters? Are the gaps really significant or just some areas requiring improvement? Audit scores seldom reflect the underlying cause of gaps or strength in an organization, just as safety audits seldom reflect how safe an organization is. That is because audits primarily look at the documentation. Organizations, especially small ones, may have a strong operational focus and lack written procedures, but still have strong processes and internal communication. The importance of written procedures normally grows as a company gets larger.
4. Believing a very high audit score means things are almost perfect. Audits focus primarily on documentation. Determinations made can be subjective. Determinations are often based on a combination of the audit standard and the auditor’s education and experience. A high score means the basic standard has been met, not that excellence has been achieved. It may be time to raise the bar.
5. Failing to communicate the results. Employees want to know the results, and failing to be open about them will invite others to fill in the gaps with rumours.

Immediately after an audit result is received, you should communicate the audit results to employees within the company. Few would miss that there was an audit, and they may wonder at the results.

The communication should be simple. Mention whether the audit was successful, a few strengths (things the company does well), and a few weaknesses that are being reviewed for action.

The message should be balanced, addressing strengths and weaknesses:

“The recent audit was a success, with the company achieving the required audit standard. The audit validated our strong employee commitment to safety and training. It also identified some opportunities for improvement in the area of inspections and incident reporting. We will be working on an action plan to improve our systems over the next year.”

Planning ahead

Passing an audit with a great score validates previous efforts and makes you feel your work is done. That can lead to a missed opportunity.

Reporting the score to senior management will get some brief praise. Planning for improvement and sustainability, on the other hand, can demonstrate your value over the upcoming year.

Audits are an excellent way to engage the workforce and to show the company does take safety seriously. If you had an independent audit, it also lets you take advantage of having an objective finding on a gap that you may have already identified that is now validated by someone outside the organization.

After organizing the results by process or element (for example, inspections, competency verification or training), you can begin to identify options for which areas you might want to address.

When planning, be mindful of resources available, such as budget and personnel. If you will rely on people to execute improvements in their spare time — as is usually the case — then the plan needs to be simple and respect the resources you have. Everyone has a job that already demands their full attention.

Look for interrelated high-risk items or those that will provide the most improvement for resources needed. For example, recurrent incidents may be related to poor communication of incident results. Poor incident reporting may be related to an unwieldy reporting process or a process that is not well understood. Perhaps it is not well communicated in orientation, or communications regarding incidents do not review the importance of reporting.

Select three to five items or processes that you feel can be improved with your resources. You should set clear and achievable targets for the plan, such as: “Design and implement a training program for supervisors.”

Your action plan should be structured for completion by the next audit. For example, if your organization has an annual audit that leaves three quarters (nine months) of the year to act on your audit findings, the other three months are spent reviewing and analyzing the audit and wrapping up your plan in preparation for the next audit.

Link your plan to measurable milestones or activities for each of the next three quarters. For example, if you need a new inspection form, designing the form would be in the first quarter (Q1) of the year following the audit, approving and reviewing the form would be completed in Q2, and fielding the form would be completed in Q3. The company would be prepared for the next audit in Q4. The phased quarterly plan allows you to touch back on the audit results every quarter, demonstrate action, and update the employees and company on progress.

You may have a plan for action, but do not get carried away. You need to have a good understanding on how to approach resolving what you believe are the top priorities or priority areas.

Another error that is often made is just moving forward with the plan you have come up with alone, or within the safety department. Your activities, and proposed plan, should align with the company’s strategic goals and have the support of the senior management team. It is up to the senior safety person to present options on courses of action and provide recommendations for the way ahead.

Planning must identify what can realistically be done with current resources. If you think you want to do more, you must be clear on what additional resources are required for specific items. You must identify any internal stakeholders to ensure that any final plan is supported and there are no foreseeable obstacles.

Along with senior management, you may consider the union (if the workplace is unionized), safety committees and any other departments — if there are functions involving them or affect their work.

Finally, representatives from the workforce are essential for most activities that will directly impact front-line workers. Recommendations around options would be based on the assessed risk and your experience regarding what can be achievable.

Remember, it is the safety department’s recommendations, but it really should be senior management’s plan. It is up to them to select targets or goals based on recommendations and options you have researched.

Executing the plan

Armed with senior management’s approved priorities or targets, you are ready to begin plan execution.

First, the plan must be communicated to the employees. This allows you to link back to the audit and the earlier communication on general results to demonstrate action. The communication must be straightforward and easy to understand.

You may opt to do this via a safety meeting, company newsletter, bulletin, or a safety alert. You may also use a combination of these and even social media (with company approval), if you wish to advertise your safety initiatives. Communicate what your focus is to be and the top three priorities or targets.

It is also important to involve stakeholders in the execution of the plan where possible. You may organize a team to work on each specific objective over the plan’s course in some cases. You may have to tweak or adapt the plan as you progress, but keep the adaptations small to stay on course.

Each quarter, you will communicate to the workforce and senior management positive news on the plan and which milestones have been accomplished. Celebrating accomplishments and delivering good news is more powerful than focussing on gaps and failure.

8 reasons to consider safety perception surveys

This positive communication demonstrates the employer’s commitment to maintaining and improving the safety program or system. With this quarterly communication, the company will be well poised for the next audit, with employees realizing efforts have been made to improve safety. Auditors often ask employees for examples of improvements during interviews.

As you move towards completing your plan, you will need to see if the plan successfully addressed the gaps and successfully met the goals set out at the start. You may accomplish this by having a meeting, doing a perception survey, or even doing an internal mini-audit.

Of course, the next independent audit will gauge some of your success as it presents another opportunity to get feedback directly from employees or other stakeholders.

Setting the pathway forward

Many of us expect our plan to be 100 per cent successful. This is often not the case.

Recognizing even partial success is important. Any success is an improvement, and any gains mean a safer workplace.

The outcome of your plan may not be entirely satisfactory. It can be that unforeseen obstacles existed to change, or that the problem was more complicated than first thought.

Usually, plans are successful in delivering improvements, but may not entirely address the gaps found. These unresolved issues may be added to the analysis from the upcoming audit cycle.

The final step in the plan must be to communicate the plan’s successes and the benefits derived from it, to reinforce the company made the right decisions and acted on the highest priorities, which coincided with the highest risks. It is also where you can demonstrate adding value to the organization with existing resources.

This is the continuous improvement cycle that is at the heart of any true management system.

Use your audit wisely

A safety audit is often seen as a list of faults or gaps, but it is an important opportunity to demonstrate value as an OH&S professional. Just passing along a score and checking off the “pass” may be tempting, but that would be missing an opportunity.

You can analyze results to understand why gaps formed in the first place. This will allow you to organize the results and identify things related to the same underlying cause. It will also make sure that any action is addressing the actual causes of the problem instead of the gap.

The audit action plan is like any project plan. There can be many stakeholders in the plan, and identifying them will help identify areas of co-operation or barriers that must be overcome.

Stakeholders are much more likely to support a course of action they have had some involvement in crafting. Identified recommended options for action assist senior management in decision making and supporting a course of action.

Communications around the audit and safety can be positive. A positive plan that engages the workforce in solutions, demonstrates real improvements, and shows commitments at all levels is a powerful way to demonstrate your value. Regular updates validate the plan and celebrate success.

Audits find gaps or problems — that is their purpose, and no company is ever perfect.

Audits are an opportunity to ensure the company has a resilient and sustainable safety system that continuously improves safety and engages employees. Professionals must seize the opportunity to demonstrate value through the year in a way that employees and management can see.

Don’t file your next audit report. Use it to demonstrate the value that the safety function can bring to the company.

Dave Rebbitt is the president of Rarebit Consulting in Calgary and author of Effective Safety Committees and Harassment and Workplace Violence Investigations.