How good are your audits, really?

How good are your audits, really?

As an Inspector with the British Health & Safety Executive (HSE), I visited many major hazard facilities both on- and offshore. It was sometimes necessary to issue enforcement notices that required the company to make certain improvements. These were not issued lightly, as I was acutely aware of the impact that such notices might have on the company.

What often surprised me was that each company had an internal audit program that aimed to identify and correct any deficiencies for the topics that we were inspecting. And yet, the company’s own audits often failed to identify key issues prior to our visit. Senior leaders were embarrassed that a relatively brief independent check could identify serious safety issues, requiring enforcement notices.  

The Cullen Inquiry into the Piper Alpha disaster noted that the Permit to Work system was routinely being operated in a casual and unsafe manner. The company could offer no explanation as to why none of the audits that they had undertaken revealed what had emerged at the Inquiry. How did the many internal audits (looking at hundreds of permits) not identify the deficiencies that quickly became apparent?

It seems that leadership assumed all was well because no-one was raising any concerns. And the lack of issues reported in audits may have simply reinforced this assumption.

Unfortunately, my experience is that audits may be giving leaders a false sense of security.

A key issue identified in my inspections was that audits tended to check that the system was working as intended. Let’s take the example of Permit to Work, central to Piper Alpha. An audit of this system might check that people are trained in the process, the paperwork (or the electronic equivalent) is being completed as required, that the right signatures are present, and that the paperwork is stored where it should be.

In other words, the audit is checking that the Permit to Work system is working as it should. In popular safety language, checking that the "Work as Done" is the same as the "Work as Planned".

However, as an Inspector I asked a slightly different question: is the Permit to Work system adopted by the company the right system to start with?  In order to make this judgment I might draw upon my inspections of other companies, as well as published industry good practice.

The company’s own audits were often compliance audits (i.e., has the company policy or standard been implemented correctly), rather than determining whether the system was fit for purpose.

By all means, use audits to check compliance against your company standards, to ensure that you’re doing what you say you’re doing (and act on the findings). But given that people, technology, systems and standards change over time - you should also ask whether your system is the right system in the first place.

There’s little point in verifying that you are complying with something that is less than ideal to start with.

 

Martin Anderson is a Principal Consultant at HF Integration, working at the intersection of human factors and process safety.

James Fairburn

Professional Process Safety Engineer

1mo

As a process safety practitioner at an operating facility, I am fearful of audits which conclude that all our systems in place are ‘world class’ if I know that they’re not. This may not necessarily lead to a false sense of security but definitely can push previously identified improvement opportunities down the priority list. I agree that the most effective auditors seem to have an external outlook, with familiarity how other companies operate. An audit practice which should be outlawed is allowing the same auditors to frequently return to the same operating facility - if they walked passed something previously, they’re unlikely to spot it on the 2nd or 3rd visit.

HF Integration Pty Ltd A lot depends on the organisational environment and whether senior management has a genuine desire to understand potential hazards and effectively manage safety. Audit terms of reference should not only outline these expectations but also ensure that non-compliances are addressed effectively. Paul O'Neill’s approach to safety as CEO of Alcoa was a compelling demonstration of effective safety management. However, in a toxic organisation where psychological safety is lacking, does an audit risk becoming merely a tick-box exercise, where some managers spin bad news into good to satisfy a safety compliance charter and maintain a license to operate? From experience, I can attest that this is sometimes the case. It often reflects a company’s focus on promoting good news over addressing issues, with genuine concerns being downplayed or minimised by management to avoid criticism.

To view or add a comment, sign in

More articles by HF Integration Pty Ltd

Insights from the community

Others also viewed

Explore topics