Bit of a harsh title I admit. I personally believe that in the right context and environment, audits can be an essential part of a good safety system. I've just published a post on this, as part of my series on Safety Myths.
In my experience, however, that's only true if the organisation is willing and able to learn from the experience. What happens in practice, especially when there is a continuing approval at stake, can be a sham. A mountain that has to be climbed at any cost.
The focus on the "badge" becomes the whole purpose.
This leads to tactical audits focussed on ticks in boxes in a checklist that doesn't necessarily reflect what the organisation is about, or, in its heart, even wishes to emulate.
I agree - more often than not, many managers focus on passing the audit to get the auditor's badge of approval, rather than genuinely achieving appropriate safety management practices. I've seen the same happen with other audits, too - e.g., ISO9001.
It doesn't help when managers - including the OHS / compliance managers themselves - set up their management systems rigidly following the standard, often mirroring the standard clause by clause.
A standard sets out the essential requirements; it is a checklist, NOT a template! But it takes some time and effort to grasp the underlying intentions of each requirement and apply them to the organisation. It's very common to see a safety / compliance management system in ways that seem primarily aimed at making the audit easier for the auditor, while completely overlooking the accompanying lack of coherence in this approach with the organisation's core business processes and needs.
When I advise client companies on their management systems, I like to tell them, "The auditor doesn't live here - YOU do!" I aim to interpret requirements for the organisation, to be 'the bridge' and facilitate solutions that make sense for the business, rather than being the tail trying to wag the dog.
If the systems don't make sense for the overall business, and even more importantly if they don't make sense to the workers required to carry out workplace safety processes, management systems are unlikely to gain any depth of traction, and they are much more likely to fall over due to enduring resistance and neglect.
It doesn't help when senior managers impose performance KPIs on safety practitioners that include passing an audit without providing appropriate support from the top and sufficient resources to achieve it. It all becomes quite a rort then, doesn't it?
Any organisation that rigidly mirrors a standard should definitely be questioned on its leadership and authenticity of commitment. Such an approach signals loudly that they are setting out to do the least possible and mainly want 'the badge' to provide the right kind of appearances to their customers, rather than genuinely doing those things.
Seems to me there are three main types of audit
First is the totally random one where an auditor comes in unannounced, assess what is actually happening against required standards and people have a genuine desire to learn from and improve the gaps. No badge, no fuss. Just a genuine desire to gather independent information with a focus on improvement
Then there is the "My bonus rests on a pass" or "we want to signal to our peers how great we are" type audits where, oh my gosh the business on the prescribed day is able to show the auditor all the great things that are done to meet the standards. Great big badges are at stake here.
And then there is the "what can I do today to create an income" type audit where someone creates a standard, sets about implementing those standards with lots of conversations and chocolate fish then brings the auditor in and tutt tutts on the results and then spends the next year improving things off the checklist while in the mean time the rest of the business simply gets on with with producing widgets. No badge here - just a participation certificate.
The "badge" seems to be the most prevalent type audit. And the "badge", goes into the collection with others like the "Zero Harm" badge and a few others I shan't name for fear of being flamed.
But its all good because audits keep people busy and employed and that's not necessarily a bad thing.
Just having participated in stage 1 and 2 of ISO 45001 certification audits I got some good learing points from this experience:
Conduct more mini audits. These templates need to be easy to use. Target group - management team during their walkabouts
Add what is done right to the audit report. During audits we tend to pick out all that is wrong which puts a very negative spin on it over time.
Do a better job of documenting verifiable evidence. Select 'non-conformance', write in relevant data and take pictures then select 'conformance' for better record keeping.
Develop audit tools are fit for purpose. Ensure that they reflect the criterea of the system the organization has in place to monitor them more effectvely