Beyond auditing for due diligence

One of the most significant motivators for changes in safety leadership in the executive circles in Australia has been the obligation to apply due diligence to occupational health and safety (OHS) matters. The obligation has existed for several years now but is still dominated by legal interpretations rather than managerial ones. To support the legal obligations, OHS professionals should look at how they can add value to due diligence.  One way of achieving, and exceeding, compliance of due diligence would be to subject OHS systems and strategies to a peer-review rather than a narrow audit process.


Firstly, a definition and then some elaboration. Workcover NSW defines OHS due diligence as, amongst others:

  • “having up-to-date knowledge of WHS matters
  • having an understanding of the business or undertaking and generally of the hazards and risks associated with it.
  • ensuring the business has  (and uses) appropriate resources and processes to eliminate or minimise safety risks from the work carried out
  • ensuring that the business has  appropriate processes to receive information about incidents, hazards and risks and responding  in a timely manner to that information
  • ensuring the business has and implements processes to comply with any duty or obligation under WHS laws. These can include:

Up-to-date knowledge could be interpreted as subscribing to an OHS bulletin but WHS (work health and safety) matters is not just the latest legal prosecution or whiz-bang flange.  Knowledge is much more than just information; it requires an active engagement in the OHS profession and relevant industry sector.  Too many companies seem to be happy with a broad OHS newsletter subscription and the occasional session with a legal representative.

The third element may be the most contentious as it relies on “appropriate resources”.  This is not only the number of OHS advisers, for instance, but also the quality of those advisers.  One could argue that an OHS professional without a tertiary qualification is less valuable than one who does but each “resource” should be evaluated for the specific worth it can provide the organisation.

This element equally applies to equipment. Inadequate equipment can encourage workers to “make do” with what they have, particularly if the project or operations managers have not allowed sufficient time for a work task to be done safely.

Peer review

A peer review process should be applied from the initial stages of the OHS process in order to verify that safety has not only been included in the design of objects but also in the design of a system or strategy.

Government policy makers, Courts and academics place enormous value on evidence being validated by being reviewed by peers or, in the case of experimental research, being replicated.  Companies do not seem to verify their OHS management systems and strategies except through formalised, and often overly controlled and narrowly applied, audit processes.  Audits are often assessments of the existence of something without assessing the quality of that something.  For instance, an audit may find that there is a comprehensive sign-in process at the start of a shift but the appearance of a joke signature, such as Adolf Hitler, on the register shows that the process is not being taken seriously by workers and that the supervisors are not verifying the sign-in process.  (There are also emergency management issues and other matters processes that rely on an accurate list of people on-site).

In a 2007 podcast Professor Michael Quinlan, in relation to major hazards, advocated a “triple-auditing process” which included an audit by the inspectorate, another by company auditors and a third being  increased consultation with the workforce. This audit system could be applied to any size business but mostly occurs after OHS management systems have been introduced.

Peer review can be a process of ongoing assurance in development, application and dismantling of an OHS system.  Such a review can be embedded in a project or process onsite or could be on-call.  It could involve nothing more than a quick second opinion or a detailed verification/questioning of a submission, project brief, or management strategy. But it should be much more than a legal opinion if successful OHS, as we are constantly being told, relies on leadership and organisational culture.  Legal opinions rarely assess these crucial OHS elements except in a narrow auditable process described above.

It is important to identify who the “peer” is to be.  To apply due diligence, that peer needs to have, expanding upon the WorkcoverNSW elements above, an up-to-date knowledge of WHS matters, an understanding of the business or undertaking and the hazards and risks associated with it, an understanding of the industry and maybe political context in which the company operates, and a capacity to think creatively and to foster innovation.

Establishing a peer review process would strengthen the ability of a company and its executives to claim an appropriate level of due diligence on OHS matters (perhaps a “best practice” or “gold standard” level depending on which cliche is more comfortable).  But also this would provide access to a level and breadth of OHS knowledge from which companies can innovate, remain competitive and achieve a longer term sustainability.

Kevin Jones


4 thoughts on “Beyond auditing for due diligence”

  1. Bernie, I think that your first paragraph summarises OHS auditing well – it is more about compliance than innovation. It seems to me that auditing is promoted as part of “continuous improvement” but mostly maintains, and perhaps reinforces, the OHS status quo.

    I agree about workloads and have spoken for several years about co-recognition of management system elements so that audits can complement previous management audits rather than duplicating them. Ever since the management standards used to tabulate corresponding elements across Risk, Quality and OHS, this co-recognition seemed sensible, or at least worth investigating. In this way, audits are streamlined and could be conducted jointly or in parallel.

    When I studied OHS auditing, the ethics of auditing were repeatedly stressed and I know of auditors who have been “coerced” but also those who believe in auditing as a valid continuous improvement process and who stick to their professional ethics. A temptation here, as with those OHS professionals who are in the Regulators’ small business programs, is to accommodate a business’ wishes in order to achieve repeat business. I sympathise with the economic desire but this desire counters the integrity and purpose of OHS auditing. The audit has to be an assessment on which business decisions can rely.

  2. Audits, peer reviews, assessments and the like can play an invaluable role in determining the level of compliance with legislation, policy and procedures. I would think that if a purely tick and flick approach were taken, compliance would be relatively easy to identify. However, one should consider the workloads being undertaken by those being subjected to an audit etc.

    It is possible that a well prepared audit team could find even minute details on which to ‘hang’ someone out to dry. There is considerable value in using the audit process to educate the various levels within an organisation so that audited learn about the systems and processes they are supposed to comply with. A peer review process helps to maintain the integrity of reporting and particularly when the ‘peers’ are either independent to the audit team or to the organisation.

    In command and control type organisations, there is a risk that an audit team could be biased for many reasons, or be ‘coerced’ into providing a one side view that could be used against the person being audited.

    There is also a risk if the auditor is one who plays by the rules and will not be swayed or coerced into providing other than an accurate audit/assessment report. For example, if an audit is conducted and numerous improvement opportunities are identified and documented in an initial report, the auditor has to hold their line when pressure is applied by senior managers who only expected 4/5 recommendations or improvements being required.

    In terms of due diligence, a skilled auditor should be able to structure questions in a way that will determine whether or not there is a real understanding of what is required for ‘due diligence’. Asking a senior manager about their OHS responsibilities and being told “It’s not my job, I have a OHS Coordinator who looks after that” could be sign that there are issues requiring further investigation or exploration.

  3. Lindsay, you seem to have blended audits, cultural surveys and peer review to complement the standard Standards. Perhaps, we can set up a company offering Second Opinion Safety. “When you think you’ve got OHS right – get a Second Opinion”.

  4. Kevin, you have touched on a raw nerve with this topic. The ongoing dispute as to the level and fineness applied during audits is constantly being raised. Some sites complain about being over audited, particularly MHF’s, and others only seeing audits as a tick in the box every couple of years.

    I have participated in a number of audits, from compliance audits for OHSAS18001, to peer reviews, and the most successful; benchmarking reviews. Each have their good and bad points but the holy grail, from a OHS professionals perspective, is to measure the effectiveness of the Safety systems. Do the documented procedures match actual work values, do the systems work (PTW & Incident reporting), and is there a consensus in the effectiveness of the SMS throughout the workplace?

    A couple of years ago I was fortunate to be involved in the development of a benchmarking system which took a vertical slice of the organisation by asking the same questions from the CEO to the new apprentices. Simple and very effective. Based on the James Reason Cultural Model, questions were asked in each of the 5 culture areas. This was then followed up by an online survey open to all staff, managers and workers alike. This benchmarking review revealed some very ‘interesting’ misalignments and misconceptions within SMSs, even though the sites were all certified to either AS4801 or OHSAS18001.

    Peer reviews (audits) are very powerful tools, IF done properly. But again it comes back to identifying the right tools, and resourcing with the right people.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Concatenate Web Development
© Designed and developed by Concatenate Aust Pty Ltd