What this provision requires is that an organization have processes are in place to “circle back” at some later point in time to verify that the corrective actions taken actually worked.

What does this “effectiveness review” need to include?

At a minimum, two determinations are needed –

1. Was the proposed corrective action done?
2. Was the action taken “effective”?

First, was it done – was some action actually taken, was the action that was completed what was proposed and has it been sustained?

It is not uncommon to find that the proposed action was never done.  Sometimes, people get “busy” and taking the specified corrective action is constantly “put off until tomorrow” as other priorities take precedence.  In other cases, the action actually undertaken is NOT the action that was initially proposed.  Perhaps the proposed action didn’t actually work when it comes to actually implementing it.  Then there are the situations where changes are made initially but the organization quickly reverts to doing things the old way.

Second, was the action taken “effective” in fixing the issue identified as the nonconformity?

It is not uncommon to find that the action actually taken as corrective action bears little, or no, relationship to “the problem” identified as the nonconformity in the first place.  In the process of evaluating what actions should be taken, it is easy to get sidetracked by other interests and priorities and end up “fixing” something else entirely.  (“Gee, this is a great opportunity to justify getting the new training software we have always wanted.”)

The other difficulty with determining the effectiveness of the action taken is that “effective” is not a defined term and is a very subjective standard.

What qualifies as “effective”?

The dictionary defines “effective” as “adequate to accomplish a purpose” – not very much help. 

The key to this effectiveness determination is deciding whether or not the action taken will prevent “the problem” identified from recurring again in the future.  This determination needs to be based on an objective (i.e. unbiased) review of factual evidence.  Click here to access an interesting article on verifying the effectiveness of corrective action – including common questions to ask about the actions taken.  As the author of this article, Craig Cochran, puts it – “Verification isn’t an act of suspicion; it’s a necessary part of problem solving.”

© ENLAR Compliance Services, Inc. (2012)

They have lots of ideas, but no direction.  Plenty of concepts, but few plans.

The same can often be said of many OH&S management system implementation projects.

This editorial goes on to discuss a New Year’s Eve gathering at the Occupy Tampa location -

They discussed how to greet the new year.  They discussed if a toast was appropriate and what the toast should be.  And who should offer it.

Eventually someone began a countdown.

They had eight seconds to spare.

This reminded me of how some organizations approach OHSAS 18001 certification.

Lots of meetings and conference calls.  Lots of discussion of what should be done – particularly by someone else.

Little “rolling up the sleeves” for taking concrete action. More importantly, little completion – until the countdown for registration starts and there are “eight seconds to spare.”

As with the Occupy movement, too many ideas by too many players and too much accommodation of every perspective leads to a scattered and disjointed approach to an OHSMS. 

At some point, decisions and focus and action are needed. 

In the end, it is better to be done than it is to be perfect. 

After all, there is always next year.

PS – Want help in figuring out your plan for implementing an OHSAS 18001 management system?   Click here to request your copy of ENLAR’s EHSMS Implementation Checklist.

© ENLAR Compliance Services, Inc. (2012)

At the end of the year, our attention often focuses on planning – the setting of goals and objectives for the coming year.  This can be exciting - plans for launching new projects or products – or it can be depressing - setting aside time to organize old files.

Planning is a key component of an OH&S management system.  The planning section of OHSAS 18001 consists of 3 elements –

• Identifying hazards and risks (4.3.1)
• Identifying legal and other requirements (4.3.2)
• Establishing objectives and programs (4.3.3)

Many organizations put a great deal of time and attention into identifying both their hazards and risks and their legal and other requirements. Often, less attention is paid to establishing objectives and programs.

This lack of attention to objectives and programs may be due, in part, to a lack of clarity about how “objectives” actually fit into a management system.  This lack of clarity about objectives, and their interrelationship with risk management, has been an issue of much heated discussion.  It has lead to a lack of consensus in ISO’s attempt to develop consistent definitions across all of its management system standards (see discussion of ISO’s MSS initiative).

One of the areas of confusion relates to the ownership of OH&S objectives.  Although individuals need to be assigned responsibility and authority for achieving OH&S objectives, OH&S objectives are organizational – not personal.  This is clear from the definition of OH&S objective in section 3.14 of OHSAS 18001.  An objective is a goal that an organization sets itself to achieve.   Therefore, OH&S objectives need to be set from an organizational perspective – not as individual performance targets.  This is a critical distinction.  It is the organization itself that is ultimately responsible for setting and achieving its objectives.  This responsibility cannot be shifted onto the backs of individual employees – such as the facility Safety Manager.

A second area of confusion relates to the use of the words “objective” and “risk” in two different contexts within the ISO management system standards and OHSAS 18001. 

The “top-level” meaning – used in defining both what a “management system” is and the meaning of the word “risk.” 

A management system is defined as a “set of interrelated or interacting elements to establish policy and objectives and to achieve those objectives” (ISO 9000, Section 3.2.1 & 3.2.2).  Risk is defined as “the effect of uncertainty on objectives” (ISO 31000, Section 2.1). Both of these definitions are focused on the strategic, organization-wide level of objectives.

This means that the overall “strategic level” objective of an OHSAS 18001 management system must be controlling (managing) OH&S risks in order to prevent injury and ill health to persons working under the control of the organization.  All other OH&S objectives flow from, and must be consistent with, this strategic-level objective.

The “functional level” meaning – used at a project, process or departmental level of an organization. 

This is the level at which most organizational objectives are set and managed.  Financial profitability and sales targets.  Product quality metrics.  Safety performance targets.  Waste reduction goals. 

The functional-level definition of an “OH&S objective”, as set out in section 3.14 of OHSAS 18001, is an “OH&S goal, in terms of OH&S performance, that an organization sets itself to achieve” (OHSAS 18001, Section 3.14).

Functional-level objectives are important.  They are where “the rubber hits the road” so to speak.  However, when evaluating OH&S performance and assessing overall risk management, the objective that must be kept foremost in mind is the strategic, top-level one.

At the end of the day, the question that must be answered is “Are we, as an organization, controlling our OH&S risks in a manner that prevents injury and ill health to those working for our organization?”

© ENLAR Compliance Services, Inc.(2011)

Once I started developing and implementing management systems, I could not resist applying management system theory to this event.  I developed a Christmas Party Checklist.  This checklist sets out the various tasks that need to be done and has blanks for assigning responsibilities and checking off each task when it is done.

Why do I use a checklist?

One year, I found the strawberries for the appetizer course still in the refrigerator when I put the leftovers away.  Another year, I had to scramble to find the meat platter while the guests watched from the table.

This checklist helps the party go smoothly and, more importantly, it helps me relax and actually enjoy the party because I know I am not going to forget anything important.

The morning after the party I make notes and additions to the checklist and file it away for the following year.

So what does this have to do with OHSAS 18001?

Checklists are an important part of a management system.  As with our Christmas party, they prevent you from missing important tasks.  They also help make your job more manageable and enjoyable – that is, if they are done right.

Want to learn more about creating effective checklists?

Click here to check out my previous blog and sign up for my mini-course (starting January 16, 2012) focused on checklist creation.

p.s.  It was a great webinar Tuesday on ISO 19011:2011 – The Impact on Management System Auditing. Thank you to those of you who participated and submitted questions for the Q&A.  Come back here next week for a link you can use to view this presentation.

© ENLAR Compliance Services, Inc. (2011)

So, what is an audit program and how does it differ from audit procedures?

ISO 19011:2011 defines an audit program as “arrangements for a set of one or more audits planned for a specific time frame and directed towards a specific purpose”.

A procedure is defined as “a specified way to carry out an activity or process”. (ISO 9000 3.4.5)

According to www.dictionary.com, a program is a “planned, coordinated group of activities, procedures, etc., often for a specific purpose”.

In other words, audit procedures are one component of an audit program.

In order to have an internal audit program, an organization must have the following:

1. A defined purpose (established audit program objectives)
2. Audit arrangements (audit procedures)
3. Scheduled audits (audits planned for a specific time frame)

Want to know more about establishing an audit program?

Click here to sign up for the FREE webinar I am giving next Tuesday (December 20th) – ISO 19011:2011 – Impact on Management System Auditing.

© ENLAR Compliance Services, Inc. (2011)

The most significant change is that the scope of the standard has been broadened from the auditing of quality and environmental management systems to the auditing of any management system.  This includes audits of occupational safety and health management systems.  ISO 19011:2011 specifically references OHSAS 18001:2007 in the bibliography and includes an “Illustrative example of discipline-specific knowledge and skills of auditors in occupational health and safety management” in Annex A.8.  This expansion in the scope of the standard to cover OH&S management system audits is the primary reason that I participated in this standard development effort as one of the U.S. experts.

Want to know more about the revisions made to the ISO 19011 standard and the likely impact on management system audits?

Sign up below to attend a FREE webinar on December 20, 2011 at 3 pm (Eastern Time). 

In the meantime, you can check out the PowerPoint slides for a presentation I did in May 2011 at the American Industrial Hygiene Conference – click here to go the blog post where you can access this presentation.  Even if you can’t attend the webinar on December 20th – sign up below to get access to the webinar recording so you can listen to it later. 

Also, you can subscribe to this blog (by entering your e-mail in the box on the right) and get future posts delivered to your e-mail.  Over the coming weeks, I will be posting additional information about how the guidelines set out in ISO 19011:2011 will impact environmental and OH&S internal audit programs.

Fill in your contact information below to attend a FREE webinar – ISO 19011:2011 – Impact on Management System Auditing.

If you want to purchase a copy of ISO 19011:2011 – Click here.

© ENLAR® Compliance Services, Inc. (2011)

1. Establishing a management system
2. Implementing a management system
3. Maintaining a management system

The activities associated with each of these phases are distinct.

The activities associated with establishing a management system include – identifying organizational goals and objectives, evaluating existing practices and processes, assigning roles and responsibilities, and writing documentation (e.g. procedures and work instructions).

The activities associated with implementing a management system include – communicating responsibilities, developing competencies and implementing new or revised business practices.

The activities associated with maintaining a management system include – developing performance metrics, evaluating and auditing performance and undertaking corrective and preventive action.

These phases need to be sequential.

Some organizations make the process much more difficult than it needs to be because they attempt to accomplish all three phases at the same time.  This rarely works.

© ENLAR® Compliance Services, Inc. (2011)

Similarly, correction and corrective action are NOT the same.

These are defined terms that have been taken from the quality world and applied to EHS management systems.  They are also an entrenched part of registration audits so it is important to understand how registrars define them (i.e. their ISO 9000 definitions).  When registrars issue corrective action requests (CARs), they often request information on any corrections done as well as a description of the corrective action planned.

A correction is defined as “action to eliminate a detected nonconformity”.  In the quality world, correction is often referred to as containment (as in preventing nonconforming product from reaching the customer).  Correction in a QMS can consist of repair, rework, scrapping the product, etc.  The first action taken is often segregation and control of non-conforming product.

This quality concept was incorporated into ISO 14001 as correction and mitigation – as in taking action to mitigate environmental impacts (see Section 4.5.3 a).  The same concept was also incorporated into OHSAS 18001 as correction and mitigation – as in taking action to mitigate OH&S consequences (see Section 4.5.3.2 a).

In all the standards, the focus of correction is on the immediate fix.

A corrective action is defined as “action to eliminate the cause of a detected nonconformity or other undesirable situation.” A note to this definition in ISO 9000 states that “there is a distinction between correction and corrective action.”  The distinction is the focus.  In corrective action, the focus is on what CAUSED the nonconformity.

Since the focus of corrective action is on causation, some type of root cause analysis is a prerequisite to defining the appropriate corrective action.

© ENLAR® Compliance Services, Inc. (2011)

Checklists are everywhere.  

They are an integral part of many personal activities – from completing your tax return to communicating symptoms to your doctor.  Checklists also play an important role in managing many business processes. 

Checklists will be an important part of your OHSMS documentation.

In order to be effective, checklists need to be intelligently designed and routinely used.  They also need to be controlled.

So how do you go about creating a great checklist?

You need to follow 7 steps –

1. Clearly define the purpose of your checklist.
2. Decide on the right content.
3. Utilize great design.
4. Test that the checklist works as intended.
5. Explain how and when the checklist is to be used (train users).
6. Monitor that the checklist is used as intended.
7. Ensure users are provided new versions when the checklist is changed.

Want to know more? 

Sign up below to receive additional information on learning to create great OHSMS documentation.

© ENLAR® Compliance Services, Inc. (2011)

 This result is most obvious in medicine where the use of surgical checklists has saved thousands of lives and untold suffering. The importance of checklists in medicine was highlighted in a 2007 article in the New Yorker Magazine, The Checklist. The most dramatic of these incentives is the international adoption of a one-page Surgical Safety Checklist developed, promoted and disseminated by the World Health Organization.

Click here to download a copy of this checklist. 

There are numerous uses of checklists in OH&S management systems.  In fact, checklists are one of the most effective way of creating management system procedures and work instructions to meet the OHSAS 18001 requirements. 

Some of the OH&S uses of checklists include –

1. Inspection checklists – for forklift trucks, fire extinguishers and other safety-critical devices, equipment and supplies.
2. Plans and permits – for confined space entry, hot work and equipment lockout where the sequence of tasks and adequacy of precautions are critical.
3. Emergency preparedness – for making sure equipment, materials and personnel will be ready and available when an incident occurs.
4. Risk assessments – for evaluating the hazards and risks associated with materials, equipment and tasks.
5. Internal audit protocols – for making sure that OHSMS audits are complete, inclusive and cost-effective.

As regulations, activities and organizations become more complex, checklists become increasingly important for ensuring that nothing is missed.  This is why pilot checklists were developed in aviation in the 1930s.  This is why surgical checklists are being aggressively promoted in medicine today.  This is why most OH&S management systems would benefit from the use of appropriately-designed checklists. 

In my next blog, I will cover the 5 steps you should follow in order to develop good OHSMS checklists.

In the meantime, click here to request a copy of my EHSMS Implementation Checklist.

© ENLAR® Compliance Services, Inc. (2011)