Professional Documents
Culture Documents
1 Introduction 02
2 The main components of OSH management systems 03
3 Typical systems an overview 05
4 Regulatory and industry standards
some global perspectives 08
5 Should management systems be integrated? 09
6 The key features of an effective OSHMS 10
7 Advantages and disadvantages of OSHMSs 18
8 OSHMS certification 21
9 How to get started 22
References 24
Further reading 25
Appendix: List of abbreviations 27
Acknowledgments 28
List of figures
1 PlanDoCheckAct diagram 03
2 Flowchart based on HSG65 05
3 Flowchart based on OHSAS 18001 06
4 Flowchart based on ILO guidelines 07
5 OSHMS stakeholders 13
6 Process for developing an OSHMS 23
List of tables
1 Typical changes faced by an organisation 10
2 Advantages and disadvantages of internal audit 16
3 Advantages and disadvantages of external audit 16
4 OSHMS comparison table 22
1 Introduction
02
2 The main components of OSH management systems
Whatever management model you use, organisation should set long term - Implementing and operating
its likely to be based on the principle OSH objectives and plan targets and putting management processes and
of plan, do, check and act (PDCA actions to achieve them. plans in place and carrying out the
also known as the Deming cycle). - Organising a definition of the activities from risk assessment to
organisational structure, allocation audit in other words, putting the
Numerous types of management system of OSH responsibilities to employees OSHMS into practice.
are based upon this principle, notably linked to operational controls, and - Measuring performance from
health and safety (OHSAS 18001), ways of ensuring competence, reactive data on the rates of work-
quality management (the ISO 9000 training and consultation. related injuries, ill health, near
series) and environmental management - Workers representatives* a misses (sometimes referred to as
(the ISO 14000 series). You can gain crucial resource that can make near hits) and other incidents, to
significant benefits by integrating your a valuable contribution to the active data on routine inspections,
organisations approach to these areas organisations overall response to health and safety committee
in other words, by adopting a holistic risk and opportunities. activities, training, risk assessments
approach (see page 09). - Communicating from basic and so on (see IOSHs guidance on
information and work procedures to reporting performance5). Formal
Effective OSHMSs include the following the details of the system itself, from audits should evaluate the overall
elements: managers to workers and vice versa. performance of the system.
- Policy a statement of commitment - Consulting whatever the flow - Corrective and preventive
and vision by the organisation, of information, you need an actions a fundamental OSHMS
which creates a framework for effective way of tapping into the component is a systematic approach
accountability that is adopted and fund of knowledge and expertise to identifying opportunities for
led by senior management. held by your workforce, clients, preventing accidents and ill health,
- Planning a plan for identifying suppliers and other stakeholders including those that stem from
hazards, assessing and controlling (eg regulators, trade unions and investigating work-related injuries,
risks, and preparing for and neighbours). Involving all these ill health and incidents. Various
responding to emergencies, as groups will also help you to shape techniques are used to identify and
well as identifying legal and your risk management programme. correct weaknesses in the system
other standards that apply. The and to find ways of preventing
failures and harm.
- Policy
Plan - Planning
- Hazard identification and risk assessment
- Performance assessment
Check > (active and reactive)
* Weve used workers representatives in this guidance to mean any workers safety representatives, regardless of whether theyre appointed by
a trade union or chosen in some other way.
03
- Management review an
evaluation of how appropriate the
overall design and resourcing of the
system are, as well as its objectives
in the light of the performance
achieved. This includes making
sure that compliance with relevant
legal and other requirements is
periodically checked.
- Continual improvement at
the heart of the system is a
fundamental commitment to
manage health and safety risks
proactively, so that accidents and ill
health are reduced (effectiveness)
and/or the system achieves the
desired aims by using fewer
resources (efficiency).
04
3 Typical systems an overview
Many OSHMSs have been published Its based on the traditional PDCA current edition of HSG65.6 This edition
over the past 25 years. Some reflect principle, where the organisations plans contains information on managing
the interests of the sponsoring reflect the policy document and the change and more advice on consultation,
bodies. For example, the American implementation phase is dominated communication and continual
Industrial Hygiene Association system by risk assessment and application of improvement. HSG65 retains the
places the industrial (occupational) controls. Checking includes a mixture of special status of a management system
hygienist at centre stage as the crucial performance monitoring, auditing and developed by a regulatory agency, and
competent person. Others, such as corrective action. its familiar to many UK-based managers
the International Safety Rating System, and OSH practitioners, particularly in
were developed so that commercial The guidance intentionally reflected larger organisations.
organisations could offer third party contemporary management processes
certification. Three generic OSHMSs and encouraged readers to harness OHSAS 18001
reflect this history and illustrate the them for health and safety programmes. OHSAS 180014 grew from a desire to
different emphases of current systems. However, at that time, the HSE was create a system capable of assessment
under pressure to restrict its activities and certification, as a follow-on from
HSG65* to supporting and enforcing legal BS 8800 (now revised and reissued as
The UK Health and Safety Executive (HSE) compliance. This led to a system BS 18004:20087).
published Successful health and safety in which legal compliance became
management (HS(G)65) in 1991. This was embedded in organisational policy HS(G)65 covered the implementation
characterised by five key elements: and, once achieved, the aim was of an OSH policy, and implied that this
- policy largely to maintain the status quo. This would be quite straightforward once
- organising compared unfavourably with systems the policy had been adopted. OHSAS
- planning and implementation that unambiguously focus on continual 18001, on the other hand, more fully
- measuring performance improvement, a fundamental weakness reflects the problems of changing an
- audit and review. that was addressed in the second and organisation. Building on established
Organising
Planning and
implementation
Measuring
performance
Auditing Reviewing
performance
* HSG65 is currently (May 2011) under revision see www.hse.gov.uk/managing/index.htm for more information.
05
environmental management systems in authoritative and its 2001 Guidelines
particular, OHSAS 18001 recognises the on occupational safety and health
importance of planning and managing management systems3 established
the changes that are likely to be an international model, following a
needed as an OSHMS is introduced. detailed review of over 20 management
systems worldwide. It reflects the
ILO OSHMS guidelines globalisation of organisations and the
The ILO is a tripartite United Nations increase in outsourcing and partnering
agency that influences the development these changes demonstrate how
of labour laws across the globe. systems need to evolve continually to
Its publications and guidance are reflect new business practices.
Policy
Continual
review
Planning
Implementation
and operation
Checking and
corrective action
Management
review
06
Policy Continual
improvement
Organising
Planning and
implementation
Audit
Evaluation
Action for
improvement
07
4 Regulatory and industry standards
some global perspectives
A key factor in implementing a process (although many would argue Looking ahead
formal OSHMS is consideration of that in the EU theres still a strong There is increasing international
the legal framework that creates drive towards embedding detailed certification to OHSAS 18001 and an
the operational context. In the EU, prescriptive requirements in Directives). increasing trend towards integrating
Australia and offshore regimes Developing management systems is PDCA management systems. The
generally, regulation of major hazard another step along the same road. The OHSAS Project Group surveys have
industries via a safety case approach structure of a lot of national legislation found that between 2003 and 2007,
is accompanied by an emphasis on reflects this. In the UK, for example, the number of countries where
effective management systems to the Management of Health and Safety OSHMS certification occurs has grown
complement and reinforce required at Work Regulations 19999 require from 70 to 102 and the number of
high standards of technical safety. demonstrable management of OSH. In reported OHSAS 18001 (or equivalent)
Also, the International Maritime Canada, due diligence defences have certificates from 3,898 to 31,512.
Organization (IMO) now requires most been successfully used by defendants These trends are driven by factors
categories of international shipping with a formal OSHMS. In Norway such as the increasingly international
to use the International Safety since 1991, its been mandatory for nature of business and supply chain
Management (ISM) Code,8 an OSHMS organisations to establish internal requirements in general, supported
for marine operations. control systems to make sure that by increasing recognition by enforcers
health and safety activities, including that management systems when
Some countries, particularly in the internal and external audit, are run properly can help to deliver
Pacific Rim, require organisations legally compliant, and to document improved legal compliance and OSH
to adopt OSHMSs with third-party them. Similarly, Swedish law performance. In addition, the designers
auditing by government-approved requires systematic internal control of management systems themselves
auditors. In others, there have been of OSH. In India, following the are paying increasing attention to
moves to link internal OSHMS status Bhopal disaster, legislation in 1988 supply chains and dealing with OSH
with the enforcement inspection prescribed systematic management issues associated with products, not
regime. For example, under the to prevent such events. The Chinese just with operations.
Voluntary Protection Program in government has adopted the ILOs
the United States, organisations OSHMS guidelines and has used them
with systems approved through an to develop a certification framework.
extensive audit may be exempted Australia and New Zealand have a well-
from normal Occupational Safety developed national OSHMS standard,10
and Health Administration (OSHA) but no plans to make its adoption
inspections. Proponents of this mandatory. These are all examples of
system claim that it allows employers the extension of self-regulation.
to concentrate on systems of work Some management systems have
rather than individual deficiencies been developed to meet the needs of
(hazards and risks), but theres specific sectors. For example:
considerable debate over the merits or - the chemical industry has developed
shortcomings of this approach. Responsible care
- the shipping industry uses the
Theres also been a general IMOs ISM Code
worldwide movement away from - oil and gas producers have
prescriptive regulations which published comprehensive, global
have the advantage that employers guidelines for a health, safety
are told explicitly what they have and environmental system for
to do to process requirements, exploration and production
with risk assessment as the key activities.11
08
5 Should management systems be integrated?
IOSHs guidance, Joined-up working The requirement for corporate The process of integration presents
an introduction to integrated accountability based on a BRM distinct challenges to organisations.
management systems12 covers: approach is highlighted both globally Those that are most likely to
- the case in favour of integrating by the Organisation for Economic integrate their systems successfully
management systems Co-operation and Development and will already use multiple channels of
- arguments for retaining largely in the so-called Turnbull Report,14 communication founded on trust,
independent systems which requires companies listed on the respect for the expertise of co-workers,
- organisational prerequisites for UK stock market to identify, assess, and experience of and confidence in
integration record and manage their significant managing change.
- factors that should be considered risks in a suitable manner. There must
when introducing an integrated be systems for regularly reviewing However, while many of the generic
management system (IMS) these risks and adjusting their controls, elements of an IMS can be set up
- maintaining and developing an IMS. together with statements in company by non-specialists, its vital that risk
annual reports that confirm the assessment processes are supported by
IOSHs view is that an effective IMS effectiveness of these systems. people who are fully competent in the
should be the preferred option for specific areas covered by the integrated
many, but not all. A well-planned IMS Hence, the management of OSH, system (quality, environment, health
should be more efficient and capable environmental or quality risks should and safety, and so on). This is
of taking the best decisions in the face not be treated in isolation, because of necessary both to avoid overlooking
of various factors and uncertainties. the impact that poor risk management hazards and to make sure that controls
can have on brand, reputation, intended to minimise risks reflect
An integrated approach is also business continuity and financial current good practice.
expected in business risk management wellbeing. This is the fundamental
(BRM), which is defined in IOSH reason why most organisations An IMS encompassing OSH,
guidance13 as the eradication or integrate their OSHMS with the environmental and quality risks can
minimisation of the adverse effects systems used to manage environmental be a major step in the direction of
of pure and speculative risks to and/or quality risks. Integration allows continual improvement. This drive for
which an organisation is exposed. risks to be prioritised overall, so that continual improvement in all areas of
Such risk includes health and safety, resources can be allocated to achieve BRM including OSHMSs can be
environmental and quality failures. maximum risk reduction and benefit. In further enhanced by setting targets,
non-integrated systems, on the other establishing proactive key performance
hand, resources are allocated to each indicators and using performance
risk area in isolation, and the resources appraisals to formalise responsibilities
allocated to each may not reflect that for all directors, managers and
risk areas overall significance. supervisors who contribute to the
achievement of the organisations goals,
vision and mission. An effective IMS
greatly enhances OSH management and
leads to continual improvement in the
level of performance.
09
6 The key features of an effective OSHMS
This section covers four essential explains why discussion about the need - improvements in the system itself,
elements of an OSHMS: for an OSHMS often starts from the so that its more comprehensive,
- continual improvement (and how to continual pressure to reduce accidents, easier to understand, or in other
achieve it) incidents and ill health. respects better than before.
- system activities (high-level objectives
and detailed OSHMS activities) With continual improvement built Reporting up?
- stakeholder involvement (internal into an OSHMS, opportunities to When launching a more systematic
and external) improve effectiveness and efficiency approach to health and safety, one
- auditing and verification (good are systematically identified and action improvement will be in reporting
practices in OSH auditing and is taken. Often this can be done at low rates, ie staff and managers will
auditor competence). cost as part of the preparation for, or declare a higher proportion of
response to, other required changes. accidents and incidents. This leads to
A good system? an apparently rising rate which can
If you want a simple diagnostic However, improvement need not look like failure. Prepare colleagues
for is our OSHMS good?, then imply greater complexity. If the OSHMS for this before you begin.
evaluate how effective it is at driving is simplified, it may become easier to
improvements in performance, understand and apply, yielding better How to achieve continual
rather than simply disciplining overall results. Improvement may also improvement
people to follow set procedures. be possible by broadening the scope Traditionally, the audit stages of
of the system, for example by applying the OSHMS are seen as the fount
Continual improvement it to outsourced services, value chain of all improvement wisdom, but
Quality systems standards did not initially interactions and new technical areas this viewpoint unnecessarily restricts
include continual improvement. This such as occupational road risk. thinking about improvements in
omission was corrected in ISO 9001: managing the workplace. There are
2008,15 but may be one reason for Continual improvement in an OSHMS other important sources of data,
a widespread view that the primary can have four aspects: including statistics, benchmarking and
output of quality management - results that are better year on year, industry or sector guidelines, as well as
systems is paperwork, rather than real as measured by falling rates of the people in the organisation.
improvement in processes and products. injuries, ill health and damage
In fact, continual improvement is vital if - steady or improved results that People who operate systems are often
management systems are to be effective are achieved with fewer resources a fertile source of improvement ideas
(in the sense that the results achieved because the OSHMS itself improves if theyre encouraged to express them.
are whats required) and efficient (in and effort is better targeted Managers, team leaders, workers and
the sense that the resources used are - results that move the culture of their representatives if they truly feel
sustainable in the long term). This the whole organisation to a new they own the work processes and
is particularly true for organisations state of effectiveness and efficiency, are actively monitoring them usually
operating in a continually changing often described as breakthrough have many ideas for improvement, to
environment (see Table 1). It also performance make processes both easier to operate
12
A prerequisite of good performance and also accept personal responsibility
Reality check
is that leaders of organisations for organisational performance, theyll
Make sure that senior managers
consistently demonstrate that health be able to make a huge difference
and directors visit accident sites
and safety results are as important to the commitment to continual
and those affected by accidents,
as other key business goals. This improvement. In the UK, the Institute
such as people who are hospitalised
should be reflected in annual business of Directors and the HSE have
following an accident. This will
targets. Similarly, OSH performance produced a guide for directors and
help to make sure that senior staff
should form part of business agendas, their equivalents.18
dont become isolated from the
formal and informal discussions with
realities of daily workplace hazards
employees and so on.
and the damaging effects to
individuals of failures in the OSHMS.
If leaders display behaviour that
Conversations with workers
demonstrates the high value they
representatives can also act as a
place on the health and safety of each
helpful reality check for senior staff.
person for whom theyre responsible,
Internal stakeholders
- directors and trustees,
or equivalents
- workforce, including
trade unions, worker
representatives and
on-site contractors
- OSH professionals
External stakeholders
- regulators
- neighbours
- clients and supply chain
- insurers
- shareholders/investors
- corporate social responsibility
lobby/consumers
- global bodies
13
The workforce legal requirement. Representatives may, for example, monitor exposure to
The workforce is a key stakeholder for contribute to the effectiveness of the hazardous substances) and engineering
a number of reasons: OSHMS with their detailed knowledge inspectors (who may examine and test
- If OSH management is deficient, of what happens at the sharp end. local exhaust ventilation and so on).
the workforce is usually the group They can:
most at risk from injury and ill - identify opportunities for Its likely that an OSH professional will
health. This is a major focus for improvement be appointed custodian of the OSHMS
trade unions, both at individual - make sure that workplace on behalf of the organisation, with a
workplaces and through national inspections and monitoring are key role in its effective implementation
and international campaigning. thorough and regular review. OSH professionals
- Employees have first-hand - check that planned improvements should also be able to make key
experience of many workplace and changes are realistic contributions to audit processes and
hazards and of how efficient and - help with root-cause investigations investigations of serious incidents such
effective current controls are in of failures as injury, ill health or damage.
practice. Employees are a prime - act as a focus for employees
source of ideas for continual questions and concerns External stakeholders
improvement. But some hazards - give access to external information Regulators
arent easily identified, as their about best practices via trade unions Regulators actions reflect societys
effects are long term or are realised - provide a valuable reality check for growing intolerance of organisations
so rarely that theres no workforce senior managers and regulators, as whose profits appear to be earned
memory. This means that its representatives are typically confident without due care for the health and
essential to train relevant staff so in stating their views. safety of workers, customers or the
that theyre competent in practical public. Outside the UK and particularly
hazard identification. Workers representatives need training in the Pacific Rim, its becoming
- Trade unions and workers to be effective; team leaders and increasingly common for national
representatives generally have a supervisors also need training on how legislation to require certification to
wide knowledge of and strong to work with representatives. a recognised national or international
commitment to health and safety, OSHMS standard, particularly for higher
so are a significant resource for OSH professionals hazard industries such as construction.
the OSHMS to incorporate and OSH professionals form the main group In the UK, areas regulated by safety
benefit from. of people who advocate the benefits of cases (eg nuclear, onshore major
- Whatever formal systems and OSH systems. UK-based organisations hazards, pipelines, offshore, railways,
controls are used, the individual or have a legal requirement to appoint gas supply) all require a summary of
small team performing a task has one or more competent persons to the OSHMS to be included in the safety
great influence over its outcomes. help them comply with relevant OSH case submitted by the operator to the
Legally and morally, each person legislation. Where more than one person regulator. In addition, some industries
has a duty of care to him or herself is appointed, team work is important have adopted voluntary codes and
and to others who may be affected to make sure that the OSHMS is standards that include a systematic
by acts or omissions. You can comprehensive, efficient and effective. approach to OSH management (see the
change the behaviour of individuals examples on page 08).
and groups by making sure that OSH professionals have a key role in
they understand the hazards advising others with responsibilities Investors and insurers
identified by the local OSHMS, the under the OSHMS, especially in Both investors and insurers are
controls in place and why these are knowing about hazards, their likely concerned about risk, particularly
judged to be sufficient. effects and current good practice for risk that isnt managed effectively.
avoiding, minimising, controlling and Whereas the Turnbull requirements
Workers representatives mitigating them. For OSH professionals (see page 09) are targeted at avoiding
Setting up a system of employee OSH to be able to give advice, they must major losses, investors are increasingly
representatives can act alongside understand relevant legislation, requiring more positive reassurance
promoting personal motivation to add standards, best practice, practical risk that a business is well managed,
value to the OSHMS. Such a system is assessment methods, cost-effective and may take health and safety as a
often developed as part of the formal controls and training provision. The marker for performance in general.
election of workers representatives. OSH professional is also likely to liaise Insurers may decline certain types of
In the EU and some other regulatory with external professionals, such as risk unless theyre convinced that the
regimes, employee consultation is a occupational hygiene consultants (who issues are well managed. Evidence of
14
a comprehensive and effective OSHMS globalisation, such standards assume - interviews to confirm that
can help directors respond to questions higher profiles and responsible awareness, competence and
and concerns raised by both investors organisations must pay more attention resources are appropriate
and insurers. to ensuring compliance. There is special - observation to check that
focus on the protection of vulnerable arrangements and standards
CSR lobby groups such as children, migrant described in the OSHMS are actually
In developed countries, theres now workers and female workers. The ILO present in the workplace.
significant demand for CSR, including has published numerous codes on a
public corporate reporting. Both the wide variety of health and safety issues, Audits have several key features:
Dow Jones and the FTSE operate seeking to set minimum standards of - Auditors independence gives
investor listings linked to CSR results practice around the world. credibility to the audit findings.
that include health and safety. Auditors should not have any
Compliance with relevant ILO, IMO personal accountability, or direct
In addition, non-governmental and WHO codes for workplace health reporting relationships, in the group
organisations, investors and and safety is often a requirement for or area theyre auditing.
consumers19 ask questions about operating in developing economies, - Auditors need a strong analytical
OSH results, particularly of global in particular for projects funded by ability but also well-developed
organisations, if they suspect that the World Bank or the International people skills, so that they can
activities are being exported to Monetary Fund. It can be expected that collect reliable evidence quickly. The
locations where workplace OSH compliance with GRI guidelines will skills of a good accident investigator
standards are lower than in the move, in due course, from voluntary have a lot in common with those of
organisations home country, thereby towards mandatory status. Third-party a good auditor, and vice versa.
increasing profits at the expense of verification of such compliance may also - Company procedures and local
the workforces health and safety. The be expected, hence the link to OSHMSs. documents are sampled and
ASSE and IOSH guidelines, Global best evidence is collected to check that
practices in contractor safety,20 cover Auditing and verification operational practice is consistent
some of these issues and identify more Good practices in OSH auditing with documented practice. In other
than 60 aspects of good practice for Auditing is the sampling of a words, say what you do; do what
both clients and contractors these process by a competent person you say you do; and prove it.
are applicable to workplace health whos independent of the process. - Evidence is collected from corporate
as well as safety. Compliance with a Auditors report on the effectiveness and local documents, interviews
recognised OSHMS standard is one of of the process, focusing on inputs, and inspections of workplaces.
the recommended good practices. outputs and testing internal controls. Auditors should choose some
Verification has a similar meaning to samples themselves, not just accept
Voluntary codes, such as the Global audit, but where verification involves what is put before them.
Reporting Initiative (GRI)21 and confirming conformity to an external, - Because an audit is a sample,
Social Accountability 8000,22 bring recognised standard and results in the however well judged, it can never
together the expectations of various issue of a compliance certificate, it result in a perfect view of the
stakeholders in this area, including the is generally called certification. ISO facts. Also, findings are valid only
need for appropriate management 1901123 is a useful overall guide on up to the time of the audit. When
systems and verification. In addition, how to set up and run a successful planning improvements, audit
theres a growing consensus that audit programme. It can be applied evidence, though very powerful,
effective risk management needs to to virtually any PDCA management should be reviewed alongside other
extend throughout an organisations system; though it only covers data on system performance.
supply chain, to ensure security and environmental and quality systems,
thus sustainability (a development it can easily be adapted to apply to Some small and medium-sized
reflected in the ILO OSHMS guidelines). health and safety auditing and is in enterprises may not have a fully
the process of being amended to documented OSHMS, but will be able
Global bodies incorporate this. to demonstrate a clear understanding
The United Nations and its subsidiary of hazards and effective controls.
bodies, such as the ILO, the World Typical audits cover three types of
Health Organization (WHO) and the evidence: Examples of good auditing practice
IMO, set standards, as does the GRI, - documentation is it adequate? - Techniques to avoid conflict between
based for example on the Universal Does it reflect all OSH hazards of the aims of the auditor and the
Declaration of Human Rights. With the organisation? perceptions of the auditee include:
15
Avoid paper mountains - For large organisations, an overall - As audit processes mature, include
In audits, dont overemphasise audit plan is required so that all auditors from clients, contractors,
the need for comprehensive areas are covered in an agreed trade unions or other partners to
documentation if evidence from timescale. The initial plan may aid both transparency and the
interviews and work sites shows the be hazard-based (areas with the sharing of good practice. Consider
system produces high quality results, highest potential for harm are the value of external certification
would more or better paperwork audited first), later becoming as an additional source of
add value? risk-based (areas with least improvement ideas.
effective controls are checked
using a transparent
more than those with proven Positive and practical?
performance standard as an
effective controls). A really effective audit system is one
agreed basis for audit (eg the
organisations own OSHMS
- Any audit scoring system should in which those being audited look
encourage future improvements forward to the process, expecting
activity descriptions or a
in preference to highlighting new and useful ideas for practical
published standard)
past successes. Discourage improvements. If they face audits
making sure that audit reports
overemphasis on numerical scores with dread, the audit system
arent seen as the only source
and inter-group competition based needs to improve, not those being
for continual improvement ideas
on them; scores should be used as audited!
including positive as well as
benchmarks for improvement.
negative findings in the final
report
- In the UK, the HSEs guidance,
Measuring health and safety
discussing potential negative
performance,24 can be used
findings as the audit progresses,
both as an input to OSH audit
to give people the chance to
methodology and as a source of
produce additional evidence if
ideas on quantifying audit results.
provisional findings are incorrect.
Advantages Disadvantages
- Internal auditors know the organisation and where to - External stakeholders may have suspicions about the
look for evidence independence of internal auditors
- Internal auditors reports have high internal credibility - Internal auditing takes resources away from normal
- Because internal auditors audit their peers, their findings work for both training and planned audits
are more likely to be seen as realistic by auditees - Internal auditors can have a limited vision of
- Auditing is an excellent developmental experience improvement opportunities because of a lack of
because employees learn in detail about other parts of external benchmarks
the organisation
- Using internal auditors helps the transfer of good
practices across the organisation because they identify
opportunities for sharing
Advantages Disadvantages
- External auditors have high credibility with external - External auditors must earn respect for their findings
stakeholders within the organisation initially, they are often viewed
- External auditors provide strong benchmarking knowledge negatively
and can give access to external verification bodies and - External auditors dont know the organisation, so may
recognised certification where this adds value ask for a lot of pre-audit documentation and take
longer than internal auditors to complete their work
- External audits can be expensive
Table 3: Advantages and disadvantages of external audit
16
Auditor competence Chartered Members of IOSH. Their
Auditors experience
Competence of auditors is a critical Continuing Professional Development
Whatever their understanding
factor. Competence requires (CPD) should also ensure that their
of OSHMS models and theory, if
knowledge, skill, practical experience auditing skills are current. However,
an OSHMS auditor lacks current
and suitable personal qualities, and where certification is not involved, and
experience in practical OSH hazard
must cover two areas: auditing methods particularly where specialist areas are
identification, assessment and
and the processes being audited. Its being audited, it may be enough for
implementation of suitable controls
often easier to supply the necessary the leader to meet these standards,
in the type of organisation theyre
breadth and depth of competence while other team members have an
auditing, their report is unlikely to
in a small audit team than in a single appropriate mix of OSH and audit
add much value.
individual. A team approach also competences. OSH professionals
allows new or inexperienced auditors providing internal OSHMS audit
to be introduced to processes and services should meet similar standards
organisations. When planning audits, to those of external auditors.
you must decide whether to use
auditors who are external to the While part-time internal OSHMS
organisation, or to use internal auditors auditors are unlikely to benefit from
who are independent of the areas to be formal qualifications and CPD to the
audited. same extent, they should have basic
training in both OSH and audit skills,
Where formal certification is offered as which can be given through internal
a result of an audit, all auditors should courses and experience.
meet recognised competence standards
in OSH, such as those required of
17
7 Advantages and disadvantages of OSHMSs
* Debate still continues on definitions for quality of life; collectively they highlight that its a subjective state encompassing physical, psychological
and social functioning, and a key feature is its basis on the perceived gap between actual and desired living standards.7
20
8 OSHMS certification
The desire to gain certification of This poses few problems provided - Make sure that an external
an OSHMS may come from internal the certification process is applied to certification audit isnt viewed
stakeholders who need assurance that a developed OSHMS, validating its solely as a pass/fail exercise, but
their organisation meets a verifiable effectiveness, or encouraging as one step within an overall OSH
standard, or who judge that certification further improvements to meet the continual improvement plan.
will add value with clients or customers. external standard. An OSHMS that - Where external certification isnt
However, its more likely that pressures is seen as just a tool for obtaining a pressing business need, develop
will come from external stakeholders, the required certification will be internal audit processes first.
in particular prospective or existing ineffective in its true purpose of - Where possible, base external
clients, or regulators as part of national continually reducing work-related audits primarily on evidence from
policy. In this case, certification is likely accidents and ill health. internal audits. Consider adding
to move rapidly from being a preferred IOSH recognises OSHMS standards and external auditors to internal teams
option to become an entry condition, certification processes as relatively new in preference to increasing the
without which existing or potential and still developing, and we suggest the number of audits.
business is lost. following as good practices in relation - Make sure that internal and
to OSHMS certification: external OSHMS auditors meet the
- Dont allow a business need for IOSH competence standards (see
external certification of OSH page 17).
standards and practices to get
in the way of developing strong
internal continual improvement
processes, including internal audit.
21
9 How to get started
The way forward for organisations Initial status review (gap analysis) Making it happen
developing their first formal OSHMS The gap analysis approach ensures that Most of the OSHMSs referred to
is to choose the system they wish you dont waste effort on developing in this document include extensive
to use as a basis, establish which new systems when existing internal practical guidance in support of the
arrangements are already in place, and arrangements are working well. Even main code or standard, usually in
then identify gaps between those and organisations which believe that they subsidiary publications (see further
the requirements of the OSHMS. have nothing in place often find that reading on IOSHs website at www.
there are long-established working iosh.co.uk/freeguides). However,
Choosing a system practices that have never been formally theres no doubt that adapting a
One way of choosing a system is to recognised or documented. standard system for use in a particular
create a comparison table and score organisation requires significant time
the systems you wish to consider to A simple way of carrying out the initial and resources.
see which most closely meets your status review is as a desktop exercise,
preferred specification the more with the draft safety management plan Organisations with experience of
relevant features you tick, the better. drawn as a flow diagram or matrix on a managing significant internal process
The example in Table 4 includes flipchart. Its important to consult and or organisational change should find it
comparisons between some of the involve all parties in the organisation, relatively easy to introduce an OSHMS
main management systems mentioned including workers representatives by using similar methods. Organisations
in this guidance. However, if theres ownership and success of the OSHMS is without such experience may need to
a preferred system for your particular likely to be greater because of the employ external change management
industry, you may also want to interest developed in this way. advisers to help effective consultation
include an industry-specific column. and to ensure the involvement and
For instance, if your organisation is a Remember the most successful commitment of all necessary parties.
contractor to the chemical industry, you management systems arent created at
could include Responsible care in this initial status review, but are developed Techniques to support effective
column. In addition to those features through effective performance implementation include:
listed, there may be in-house and other measurement, review and continual - clear support and personal
factors to be considered, in which improvement. However, reporting commitment from leaders in the
case you can add them to the table the status review to senior managers organisation, including modelling of
(for example, if your customers use a or directors, and communicating the desired behaviour
particular system, adopting the same results to the workforce, can get this - incorporating both OSHMS
system will enhance your compatibility). process under way at this early stage. implementation and results in
Management systems
Features HSG65actors (eg BS 18004 OHSAS 18001 ILO Industry-specific
your customer (eg Responsible
uses this system) care)
Certifiable
International
(see note below)
Regulator support
(some non-UK)
Tested (> 2 years old)
Stakeholder
recognition
In-house factors (eg
your customer uses
this system)
Note: Responsible care isnt classed here as international because, while some
countries do adopt a management systems approach to it, many dont.
Table 4: OSHMS comparison table for a UK-based contractor to the chemical industry
22
declared high-level business targets - trials in one or more selected areas Getting started
(eg x per cent of sites are expected before the OSHMS is launched
One large catering organisation
to complete their gap analysis by more widely
appointed a mixed team of
y and their initial roll-out by z; - not taking too long trying to managers and workers to undertake
priority improvements over the next develop a perfect system, but
an initial status review. The
year are to be areas a, b, c) rather implementing something
team undertook this exercise by
- seconding staff from across the reasonable and learning how to
identifying key elements of the
organisation full-time to the do better via the internal audit,
existing processes, completing a
development and implementation management review and continual
brainstorming exercise to identify
team improvement processes
gaps within the system and then
- customising the model system - recognising and celebrating small mapping this out in the form of a
to suit the needs and culture of successes on the route to a fully
flow diagram.
the organisation, and linking it to sustainable OSHMS.
internal consultation processes
- developing benchmarking contacts
with similar organisations that have
experience of implementing similar
systems
Review of OSH
performance, including
incidents and accidents Draft an OSH management
plan, including:
Identification and review of Initial status review - an OSH policy statement
existing OSH management (gap analysis) - hazard identification and
arrangements or processes Undertaken by a mixed safety risk assessments
management team that - OSH management
includes worker arrangements
Competence and training representatives and a - competence and training
requirements competent practitioner needs
- OSH management
Workforce involvement Where are we now?
programme
23
References
1 Council Directive 89/391/EEC of 10 Occupational health and safety 18 Leading health and safety at work
12 June 1989 on the introduction management systems general leadership actions for directors
of measures to encourage guidelines on principles, systems and board members, INDG417.
improvements in the safety and supporting techniques, AS/ Sudbury: HSE Books, 2007. See
and health of workers at work. NZS4804:2001. Sydney: Standards www.iod.com/hsguide and
Official Journal of the European Australia International Ltd, 2001. www.hse.gov.uk/leadership.
Communities, 29 June 1989, L183, 11 Guidelines for the development 19 The first ever European survey
Brussels. and application of health, safety of consumers attitudes towards
2 Responsible Care management and environmental management corporate social responsibility
systems guidance, RC127 (fourth systems, Report no. 6.36/210. and country profiles. Brussels:
edition), and Links between the London: OGP, 1994. See www.ogp. CSREurope (MORI poll), 2000.
Responsible Care management org.uk/pubs/210.pdf. 20 Global best practices in contractor
systems guidance and self 12 Joined-up working an introduction safety. Wigston: IOSH, 2001. See
assessment and the business to integrated management systems. www.iosh.co.uk/globalcontractor.
excellence model, RC129 (second Wigston: IOSH, 2006. See www. 21 Sustainability reporting guidelines
edition). London: Chemical iosh.co.uk/joinedup. on economic, environmental and
Industries Association, London, 13 Business risk management getting social performance, version 3.0.
2003. health and safety firmly on the Netherlands: Global Reporting
3 Guidelines on occupational agenda. Wigston: IOSH, 2008. See Initiative, 2006. See www.
safety and health management www.iosh.co.uk/businessrisk. globalreporting.org.
systems, ILO-OSH 2001. Geneva: 14 Internal control: revised guidance for 22 Social Accountability 8000, SA
International Labour Office, 2001. directors on the Combined Code. 8000:2008, New York: Social
4 Occupational health and London: Financial Reporting Council, Accountability International, 2008.
safety management systems 2005. See www.frc.org.uk/ 23 Guidelines for quality and/or
requirements, OHSAS 18001: FRC/media/Documents/Revised- environmental management
2007. London: BSI, 2007. Turnbull-Guidance-October-2005. systems auditing, BS EN ISO 19011:
5 Reporting performance guidance pdf. 2002. London: BSI, 2002. Currently
on including health and safety 15 Quality management systems: being revised to include OSH.
performance in annual reports. requirements, BS EN ISO 9001:2000. 24 Measuring health and safety
Wigston: IOSH, 2008. See www. London: BSI, 2000. performance, HSE, 2001.See
iosh.co.uk/performance. 16 Revitalising health and safety www.hse.gov.uk/opsunit/
6 Successful health and safety strategy statement, OSCSG0390. perfmeas.pdf.
management, HSG65 (second Wetherby: Department for the 25 Environmental management
edition). Sudbury: HSE Books, Environment, Transport and the systems. Requirements with
1997. Regions, 2000. See www.ilo. guidance for use, BS EN ISO
7 Guide to achieving effective org/wcmsp5/groups/public/--- 14001:2004. London: BSI, 2004.
occupational health and safety ed_protect/---protrav/---safework/
performance, BS 18004: 2008. documents/policy/wcms_212111.
London: BSI, 2008. pdf.
8 International safety management 17 Accounting and reporting
(ISM) code. London: IMO, 2002. by charities: statement of
See www5.imo.org/SharePoint/ recommended practice. London:
mainframe.asp?topic_id=287. Charity Commission for England
9 Management of Health and Safety and Wales, 2005. See www.charity-
at Work Regulations 1999, SI commission.gov.uk/
1999/3242. London: The Stationery Charity_requirements_guidance/
Office. Accounting_and_reporting/
Preparing_charity_accounts/
sorpfront.aspx.
24
Further reading
Auditing a safety and health Development of working model of how HSG65, outlining good practice
management system: a safety and human factors, safety management and the costs of getting it wrong. It
health audit tool for the healthcare systems and wider organisational describes five key steps: set policy;
sector. Health and Safety Authority, issues fit together. Research report RR organise staff; plan and set standards;
2006. Available from www.hsa. 543:2007 prepared by White Queen measure performance; and learn
ie/eng/Publications_and_Forms/ Safety Strategies and Environmental from experience (audit and review).
Publications/Occupational_Health/ Resources Management for HSE There are questions following the
Auditing_Healthcare.pdf. London. Available from www. descriptions to help readers assess how
hse.gov.uk/research/rrpdf/rr543.pdf. well their organisations are doing in
The Health and Safety Authority each area.
(HSA) in the Republic of Ireland has This report describes a project to
produced this audit tool to assist develop a working model linking Managing safety the systems way:
in the continuous development human factors, safety management BS 8800 to OHSAS 18001, HB
and implementation of health and systems and organisational issues in the 10180:2000. London: BSI, 2000
safety management systems for the context of safety. While the focus is on
healthcare sector. Eighteen different chemical major hazards in particular, it This is an easy-to-follow guide
criteria for audit are described and is also intended to apply to health and to implementing the new British
followed by guidance. This tool is to be safety in general. Standard. The book has been revised
used in conjunction with the 2006 HSA and updated to incorporate the
guidance document for the healthcare IMS: The framework integrated requirements of the new BS OHSAS
sector, How to develop and implement management systems series, HB 18001 and best practice. It takes
a safety and health management 10190:2001. London: BSI, 2001 a practical approach to tackling
system, available at www.hsa.ie/eng/ the various elements of an OSH
Publications_and_Forms/Publications/ This outlines a framework for management system for your business.
HealthCare_Sector/Guidance_ managing the operational risks any It also explains how the system can be
Document_for_the_Healthcare_ organisation faces in its day-to-day maintained as OSH evolves, responding
Sector_-_How_to_develop_and_ business. The aim is to provide a to internal and external influences.
implement_a_Safety_and_Health_ structure by which an organisation can
Management_System.html. efficiently and effectively manage its Occupational health and safety
operation through one system. management systems Guidelines for
Code of practice for risk management, the implementation of OHSAS 18001:
BS 31100:2008. London: BSI, 2008 IMS: Implementing and operating 2007, OHSAS 18002:2008. London:
integrated management systems series, BSI, 2008
This standard for risk management HB 10191:2002. London: BSI, 2002
helps organisations to understand This Occupational Health and
how to develop, implement and This gives an approach for integrating Safety Assessment Series (OHSAS)
maintain effective risk management, the management of quality, OSH guideline provides generic advice
thereby helping them achieve their and environmental aspects within on implementing OHSAS 18001 (a
objectives. It treats risk management one management system. This how specification for an occupational safety
as being as much about exploiting to do it manual includes flowcharts, and health management system),
potential opportunities as preventing questionnaires and examples, and explaining its principles, intent, typical
potential problems, and sees it as an takes readers through the model inputs and outputs, and processes.
essential part of good management. outlined in IMS: The framework. It includes a correspondence table
The standard establishes the between OHSAS 18001:2007, ISO
principles and terminology and Managing health and safety five 14001:2004 and ISO 9001:2008.
provides recommendations for the steps to success, INDG275. Sudbury: It also features a table showing the
model, framework, process and HSE Books, 1998 (reprinted 2008). correspondence between the clauses of
implementation of risk management. Available from www.hse.gov.uk/ the OHSAS documents and the clauses
pubns/indg275.pdf. of the 2001 ILO-OSH guidelines.
25
Specification of common management key is how organisations live their work-related ill health. It also notes
system requirements as a framework systems. This report covers: that some organisations attach
for integration, PAS 99:2006. London: - the theory underpinning strategies to a greater level of importance to
BSI, 2006 promote safe behaviour health and safety than others and
- the key elements of programmes in that there are weaknesses wherever
This Publicly Available Specification use to promote safe behaviour communication or competence are
(PAS) was produced in response to - how to use behavioural strategies inadequate.
the increased interest in an integrated to promote critical health and safety
approach to management systems and behaviours Regarding strengths, as well as
corporate governance. It contains a - how to integrate behavioural reducing accidents and lost-time in
framework for implementing common strategies into a health and safety the larger organisations, it was felt
requirements of management system management system. that OSHMSs increased employee
standards or specifications in an motivation and identification with their
integrated way. Adopting this PAS The use of occupational safety and employers and also helped develop
will simplify the implementation of health management systems in the their competence.
multiple system standards and any member states of the European
associated conformity assessment. The Union: experiences at company level.
reduction in duplication by combining European Agency for Safety and Health
two or more systems in this way has at Work, 2002. Available from http://
the potential to significantly reduce the osha.europa.eu/en/publications/
overall size of the management system reports/307.
and improve system efficiency and
effectiveness. It can apply to all sizes The European Agency for Safety and
and types of organisation. PAS 99:2006 Health at Work has published this
will be withdrawn when its content is report covering OSHMSs in the member
published in, or as, a British Standard. states of the EU and the best approach
to take. It identifies five key elements
Strategies to promote safe behaviour of effective OSHMSs: initiation (OSH
as part of a health and safety input); formulation and implementation
management system. Prepared by the (OSH process); effects (OSH output);
Keil Centre for HSE: Contract research evaluation (OSH feedback); and
report 430: 2002. Available from improvement and integration (open
www.hse.gov.uk/research/ system elements). It then looks at eleven
crr_pdf/2002/crr02430.pdf. companies across the EU that have
introduced or improved their OSHMSs,
This report promotes safe behaviour indicating which of the key elements
at work as a critical part of the each particular case study highlights.
management of health and safety,
because behaviour is important in The report also comments on the
transforming systems and procedures strengths and weaknesses of the case
into reality. Good systems on their own study systems, noting that they tend
are not enough to ensure successful to concentrate mainly on work-related
health and safety management; the accidents, but give less attention to
26
Appendix: List of abbreviations
27
Acknowledgments
IOSH would like to thank the working We would also like to thank the
party who produced the original version original consultees, who were:
of this guide and also Paul Reeve
CFIOSH CEnv FIEMA for updating it: Dr Janet Asherson CMIOSH, Head of
Environment, Health and Safety, CBI
Lawrence Waterman CFIOSH Dr Tony Boyle CFIOSH, Consultant,
(Chairman), Managing Director, Sypol HASTAM
Martin Allan CFIOSH, Managing David Eves CB, IOSH Honorary Vice-
Director, Martin Allan Partnerships Ltd president and former Deputy
Lawrence Bamber CFIOSH, Managing Director-General, HSE
Director, Risk Solutions International Stephen Fulwell CFIOSH, Independent
Martyn Hopkinson CMIOSH, Company Safety, Health and Environment
Health and Safety Manager, British Consultant
Sugar plc Liam Howe CFIOSH, Safety and
Arran Linton-Smith CFIOSH, Health Training Manager, Coillte Teoranta
and Safety Consultant, MacGregor Jay Joshi CMIOSH, Chief Information
Associates Officer, British Safety Council
Ian Waldram CFIOSH, Safety, Health Brian Kazer CFIOSH, Chief Executive,
and Environment Consultant BOHRF
Richard Jones CFIOSH (Administrator), Paul Reeve CFIOSH, Head of HS&E,
Policy and Technical Director, IOSH Electrical Contractors Association
Owen Tudor, Senior Health and Safety
Policy Officer, TUC
www.cbi.org.uk www.tuc.org.uk
28
IOSH IOSH is the Chartered body for health and safety
The Grange professionals. With more than 44,000 members
Highfield Drive in over 120 countries, were the worlds largest
Wigston professional health and safety organisation.
Leicestershire
LE18 1NN We set standards, and support, develop and
UK connect our members with resources, guidance,
events and training. Were the voice of the
t +44 (0)116 257 3100 profession, and campaign on issues that affect
www.iosh.co.uk millions of working people.
twitter.com/IOSH_tweets
facebook.com/IOSHUK IOSH was founded in 1945 and is a registered
tinyurl.com/IOSH-linkedin charity with international NGO status.
Institution of Occupational
Safety and Health
Founded 1945
Incorporated by Royal Charter 2003
Registered charity 1096790 FS 60566