5 reasons why audits fail, and what to do about it

5 reasons why audits fail, and what to do about it

Published January 3, 2022

7 minute read

Failure to properly manage safety audit actions can have disastrous consequences. Safety audits are an essential tool for identifying potential hazards and assessing safety performance in the workplace.

While audits are often used to help companies comply with regulations and maintain a safe working environment, not all audits are successful in achieving their goals. In fact, safety audits can fail for a variety of reasons, from poor planning and inadequate resources to lack of employee involvement and ineffective follow-up.

In this blog, safety expert Bridget Leathley talks about the 5 reasons why safety audits fail, highlighting the need for an organization to use an efficient EHS audit inspection software to manage their audits.

 

 

What is an audit supposed to do?


A management system is the sum of an organization's structures, roles and responsibilities, processes and plans for achieving an objective. Management system standards cover many topics, including quality, environment, information security, and occupational health and safety.

The role of an audit is to collect and evaluate evidence to check that a management system is working as expected, and to find opportunities for improvement. Accreditation audits are carried out by external bodies to check that an organization meets a particular standard, such as the international standard for occupational health and safety management systems (OHSMS) ISO 45001. However, internal audits of OHSMS are essential, whether or not an organization is seeking external accreditation.

The objective of an audit is to identify areas of improvement, assess risks, and provide recommendations for enhancing performance, reducing waste, increasing efficiency, and improving controls.

Overall, the purpose of an audit is to provide an independent and objective assessment of the audited system and to help stakeholders make informed decisions based on the findings and recommendations of the auditor.

The devastating consequences of failed audits

There were many, many mistakes that together led to the devastating fire at Grenfell Tower in London in 2017, killing 72 people. As well as construction issues during refurbishment, the Grenfell Tower Inquiry highlighted failures to manage audit actions.

Over many years, audits of the organization responsible for Grenfell Tower discovered that thousands of fire risk assessment actions, along with other safety actions, were not being dealt with. Actions identified in one period were not always followed up in the next review. The list of actions became longer and longer. It is believed that there were over 5000 fire risk assessment actions outstanding at the time of the fire.

It was no surprise to find in the many, many documents on the Grenfell Inquiry website, an Excel spreadsheet being used to record and track actions from various audits, and in another case, an action table buried inside a PDF.

Grenfell was not the first major accident where following up actions from earlier audits might have prevented disaster. In 1983 an audit of an offshore oil installation recommended that firefighting pumps should be left in automatic mode when there were no divers nearby. In 1988, there was an explosion which prevented staff getting to the controls to operate the firefighting pumps. The audit action hadn’t been implemented – the pumps were on manual, the fire spread, and 167 people died on Piper Alpha.

 

Why audits fail – and what you can do about it


Here are five reasons why audits fail - and what you can do about it.

 

1.     Lack of resources

Audits might seem like a ‘nice to have’. If resources are stretched, we always want to focus on getting on with the main job. But you could be throwing money away – audits might identify activities that could be removed because they aren’t adding to safety, or errors that are perpetuated because no one has looked for them.

Inadequate resources can be a major reason why audits fail to achieve their objectives. Limited resources, such as time, budget, or expertise, can hinder the ability of the auditor to conduct a thorough and effective audit, leading to incomplete or inaccurate findings and recommendations.

For example, if an audit is conducted with limited time, the auditor may not have sufficient time to review all of the relevant information or to observe the audited system in operation. Similarly, if the audit is conducted with a limited budget, the auditor may not be able to engage sufficient resources, such as hiring additional auditors or using advanced technology, which can impact the quality and accuracy of the audit.

Finally, if the auditor lacks the necessary expertise, such as specialized knowledge or technical skills, they may not be able to identify critical issues or provide meaningful recommendations, which can result in missed opportunities for improvement.

Inadequate resources can compromise the quality and effectiveness of an audit, and therefore it is important for organizations to allocate appropriate resources to ensure that their audit programs are successful.

The best way to overcome this problem is by rigorous planning. Focus audits initially on the areas where you have most to gain. This could be higher-hazard tasks, more frequent tasks, or locations where there is a higher-than-average number of incidents.

If the audits are in the work plan, it will be easier to negotiate the resources needed. Make sure you have the right audit tools – walking around with a ring binder full of paper notes makes an audit challenging.

Picking a mobile solution that allows you to add photos, document and sound recordings into each audit finding will reduce the time spent to report results.

 

2.     Lack of competence

Internal audits are sometimes delegated to junior staff, because they are cheaper and it is seen as a useful way for them to learn about an organization. While shadowing an auditor would be an excellent learning process, someone new to an organization might not be sure what they are looking for, or what they are seeing. Is the ladder being used correctly? Is that the right sort of PPE for that job?

Some safety inspection management software will provide images to support audit questions, so the auditor can compare what they see with what they should be able to see. Make sure people have appropriate training to understand the purpose of an audit.

When I asked one untrained auditor how their site was so perfect every month, his answer astonished me: ‘I thought the purpose was to tick everything on the list. I didn’t realize we were supposed to find problems.’


Competence refers to having the knowledge, skills, and experience required to perform the audit effectively. If the auditor does not have the necessary competence, they may not be able to identify and evaluate the critical safety issues that are present in the audited system.

This can result in incomplete or inaccurate findings, leading to missed opportunities for improvement or false assurances of compliance. For example, if an auditor is not familiar with the relevant safety standards or regulations, they may overlook significant safety hazards or inaccurately assess compliance with the relevant requirements.

Similarly, if the auditor lacks the necessary technical expertise, such as knowledge of complex machinery or equipment, they may not be able to identify potential safety issues or make meaningful recommendations for improvement.

Therefore, it is crucial to ensure that the auditor possesses the necessary competence and experience to perform the safety audit effectively. This can be achieved through proper training, hiring experienced auditors, or engaging external experts when necessary.

3.     Auditing work as imagined, not work as done

During the lockdown, some audit organizations were offering remote audits. Necessarily, these focused on what the available paperwork said was happening. Some audits, even when there is an opportunity to look further, focus on what has been written down.

Auditing neat paper forms full of ticks gives a reassuring feeling that all is right with the world. But when were the ticks added? And do they represent real checks made? It used to be that the only clue I had that housekeeping checklists or hazard checks had been completed an hour before I arrived was that they were all in the same pen; in real time, people rarely use the same pen every time.

Now, electronic checklists make it impossible to retrospectively tick multiple weeks – every check is time-stamped, and in many cases tagged to a location and a person. But even this doesn’t go far enough – when you audit, how do you know the check was actually made? One approach is to ask people to show you how they make a check. If there is a systematic failure, it might be because people don’t know what to do.

In one organization, I found manager after manager at different sites who couldn’t show me how to make all the checks that they had been signing off. What started as an audit became a coaching session.

4.     Audits for ‘assurance’

The perception of audits is often that they should provide assurance that all is well, so auditors feel pressure to produce favorable findings. You need an auditor who will unsettle any cozy view that everything is fine: you want them to look for opportunities for improvement.

I’ve worked with organizations where managers are ‘scored’ on how well they do in a six-monthly audit. As a result, they don’t raise any issues, they won’t admit where they can’t meet a safety requirement because of lack of resources, and they will hide problems from a casual auditor who looks only at the paperwork. Senior management will think everything is fine – until something goes badly wrong.

Be skeptical if audit results are always positive. Auditors are not doing their job if they don’t identify areas for improvement. Audits are more impartial where there is support to collect other forms of evidence – such as photographs of equipment and workplaces, copies of servicing records, or readings from monitoring devices (such as temperature or pH).

5.     Lack of independence


If the auditor is the person who created the system, it will be difficult for them to find faults. External auditors can be more independent, but they can suffer from not understanding the organizational context, and they can still be biased by wanting to please the customer.

Independence refers to the ability of the auditor to perform the audit without bias, influence, or conflicts of interest. If the auditor lacks independence, it may result in a compromised audit, leading to inaccurate or incomplete findings and recommendations.

For example, if the auditor has a personal or financial interest in the outcome of the audit, they may not be able to remain objective or impartial in their assessment of the audited system. Similarly, if the auditor is influenced by the audited organization or its management, they may overlook critical safety issues or fail to report accurately on the findings of the audit.

Lack of independence can result in a loss of credibility for the audit and can lead to a lack of trust in the audit process. To ensure independence, auditors should adhere to ethical and professional standards

Many businesses find a successful approach is to use managers from a different department, or for multi-site organizations, from a different location. They will understand context and share the goal of wanting the business to be successful, but can retain objectivity because their job is not at risk.

Summary

An audit that only checks the paperwork is unlikely to find opportunities for improvement. Auditors must be trained and supported with the time and tools to do a good job, and encouraged to look beyond the tick boxes. Where actions are identified to improve the OHSMS these must be followed through – not left in an Excel spreadsheet to be discovered when something goes wrong.

If you want to learn more about how to effectively manage actions through to completion, learn more about our Corrective Action Tracking software.

New call-to-action


Author Bridget Leathley CMIOSH

Bridget is a chartered health and safety professional, providing risk management and on-site safety support to clients. With a human factors background, she has a keen interest in getting organizations to adopt technologies that keep workers safe.

Our related posts

| Health & Safety
Preventing Isolation: Ensuring the safety of your frontline lone workers

If you want to ensure the safety of your lone workers, the first step is knowing who and where they are.

| Health & Safety
Cultivating strong partnerships with operational leaders and management to improve safety culture

A strong safety culture can truly help you create a safer work environment for all employees. When safety is at the...

| Health & Safety
An interview with sustainability experts: CSRD tips, insights and more!

Are you having difficulty navigating the EU Corporate Social Reporting Directive (CSRD)? With so many different...