Tim's Blog

How to conduct HSE legal compliance audits

 

 

For over 25 years, our health, safety, and environmental auditors have been assisting organisations with customized audit solutions, including conducting legal compliance audits against the most current HSE legislation.

 

In this blog I will take you through the process of how to effectively conduct a HSE legal compliance audit. But before we do that, let’s look at what a legal compliance audit is and who should conduct it.

 

What is a legal compliance audit?

 

A legal compliance audit is an in-depth assessment of the physical and system aspects of an organisation against the most current and applicable HSE acts and regulations, as well as any site licences, permits and consents. These audits look for noncompliance before they lead to injuries, environmental harm, penalties or bad publicity.

 

Legal compliance audits vs. inspections

There is a common misconception that conducting regular inspections is enough to assess compliance. That is not correct.

 

Inspections are performed to assess whether the physical elements or risk controls, required for legal compliance, are implemented and maintained. For example, inspecting to ensure spill-containment is in place and spill kits are stocked. Inspections are a necessary part of any HSE system and are usually conducted against a checklist.

 

Audits, on the other hand, follow a more systematic and thorough process, examining the physical aspects (e.g. whether spill kits are the correct type and located in the best place) as well as system aspects (e.g. whether procedures are adequate and being used, and whether inspections are being done well and as per the schedule). Audits generally conclude with a written report highlighting noncompliance and areas requiring improvement.

 

 

 

 

Who should conduct the legal compliance audit?

 

The auditor(s) can be staff members from within your organisation or from an external auditing company.

 

Internal auditors

For internal auditor(s), you need to ensure they have:

  • basic auditing skills
  • thorough knowledge of the audit criteria; for a legal compliance audit, that is the most current applicable HSE legislation and site licences, permits or consents
  • (ideally) some knowledge of case law (court decisions) to assist in interpreting legislation.

 

Importantly, they should also be independent, i.e. not have direct responsibility for, or major involvement in, the activities being audited.

 

External auditors

If you choose to use an external auditor, here are some other things to consider:

  • previous experience: get details of recent audits the assigned auditor has previously performed
  • references: if the auditor is new to you, you might ask for 2-3 referees for whom the assigned auditor has completed audits
  • sample audit reports: ask for a sample of their audit reports to gauge their style and content, and feel free to ask for changes to report content
  • details of noncompliance: make sure, for all noncompliance, their report will include evidence sighted, which part of the audit criteria the noncompliance relates to, and why the evidence didn’t comply
  • audit process: get an understanding of what their audit process entails including time frames, staff that might be required to assist or any documentation required for review
  • fixed quote: ask for a fixed quote with no hidden extras
  • assessment of systems: ensure the auditor is not only assessing compliance from what they see on the day but will also be assessing the effectiveness of your HSE systems in ensuring future legal compliance
  • learning from the auditor: make sure the auditor is willing to have yourself or other staff members accompany them during the audit and explain what they are evaluating.

 

 

 

 

 

 

Our HSE legal compliance audit process

 

Whether you use an internal or external audit team, it is important that you are aware of the process to ensure you are getting the most comprehensive and effective HSE legal compliance audit.

 

1. Define the audit objectives, scope and criteria

 

The audit objectives, scope and criteria set the focus for the audit. Having clear audit objectives can help determine scope and criteria and guide the assessment.

 

Examples of audit objectives:

  • assessing compliance against legal requirements, site requirements and internal policies
  • assessing systems used for hazard identification and risk control to ensure they are effective.

 

The audit scope specifies what is to be examined, for example, a particular site, department, facility, or shift. The audit criteria are what the auditor will be assessing against. For legal compliance audits, the criteria are generally HSE legislation and other mandatory requirements such as site licences, permits or consents.

 

Based on the scope and criteria, the auditor may prepare for the audit by creating a checklist of areas to inspect and documentation required for review. The auditor may also schedule staff members to interview and develop questions to ask them.

 

 

2. Conduct the audit

 

HSE legal compliance audits should cover two aspects: physical aspects and system aspects.

 

Physical aspects

Assessing the physical aspects generally involves walking around the area(s) within the scope and assessing compliance from the evidence sighted. These physical aspects include the tangible evidence such as guarding on machinery, accessibility of first aid kits, electrical equipment tagged and tested and spill control in place.

 

System aspects

The system coverage involves assessing the management processes that are used to ensure legal compliance. This will include processes (procedures) for ensuring, for example, that safety and environmental hazards are identified and controlled, that these risk controls are reviewed periodically to ensure they are effective, that equipment and hazardous chemical use have been assessed for hazards and that psychological hazards have been identified.

 

Evaluating these system aspects requires staff interviews and looking through documentary evidence.

 

Using the audit as a training opportunity

Legal compliance audits are an opportunity to educate employees about legal obligations. Auditors should provide explanations as to why their questions are being asked and their importance and provide feedback on the legal implications of what the auditor is seeing.

 

 

 

 

3. Draft the audit report

 

The audit report provides feedback in the form of audit findings – in particular any noncompliance found. A good audit report should:

  • record the audit objectives, audit scope and audit criteria
  • detail all noncompliance (audit criteria that wasn’t met, audit evidence and why that evidence didn’t comply)
  • describe any weaknesses identified in the organisation’s systems
  • highlight any areas of concern (where due diligence might not be able to be demonstrated).

 

 

 

 

 

 

 

Should the auditor give advice on remedial action?

 

One important point to finish. The objective of all audits is purely to assess compliance with the audit criteria. It is not the role of an auditor to give advice on remedial action, nor is it advisable to do so. Development of remedial actions will usually benefit from consultation with workers. For safety risk management work, this consultation is mandatory, as is application of the hierarchy of control.

 

An auditor offering advice on remedial actions may short-circuit these requirements. For example, the auditor may find a chemical without spill-containment and report this. The organisation’s staff may subsequently apply the hierarchy of control and decide the chemical isn’t needed any more. If the auditor had also given advice on the remedial action to take, i.e. the appropriate spill-containment, the “elimination” option may not have been considered.

 

 


 

 

Our HSE auditors have extensive knowledge of HSE legislation so we can guarantee our legal compliance audits will cover the most applicable legal requirements for your site and operations.

To have your health and safety or environmental legal compliance audits conducted by our experienced and knowledgeable auditors then contact us today.