There are many reasons organizations go through audits. Whether the motivation is compliance assurance, performance improvement or something in between, assembling a competent audit team is the foundation of a successful audit. Third-party auditors are often used to meet regulatory requirements and provide a fresh perspective. However, they can also potentially put the site in a vulnerable position where the client is obligated to address recommendations that have been developed without a full understanding of the site.
There is a fine line between an auditor's best professional judgment and compliance- driven action items. The question of "should" vs. "must" is often left unclarified. Fear not, reader: With a little bit of forethought and communication, using a third party is painless and incredibly beneficial. To maximize the effectiveness of third-party audits, start expecting more engagement and objectivity, and consider the impact of recommendations.
Start expecting employees to actively participate in the audit process and demand the audit team actively engage all site personnel. This working relationship can even include having company representatives participate as audit team members. A properly run audit will be enhanced by this dynamic. As external auditors gain insight into the company by listening to the ongoing discussions of company representatives, the audit will also be more efficient, achieve a higher level of dialogue and allow unforeseen roadblocks to be resolved quickly.
Recently, a colleague told me an auditor politely asked his corporate team, which was scheduled to support a process safety management audit, to leave the room and not participate. This was a shock to the corporate team, as they had engaged the third party as an extra measure of objectivity. This is an example of a missed opportunity by the consulting firm. A better way would have been to engage the corporate team, as planned, to evaluate the company's true compliance culture along with the relationship between corporate and facility personnel.
Companies should expect auditors to engage all personnel and take a genuine interest in their jobs. Meaningful engagement allows companies the opportunity to explain undocumented work practices that wouldn't otherwise be discovered. Most importantly, it will result in a better audit.
Some professionals prefer clients not be directly involved in a third-party audit, believing that active participation will negatively impact the objectivity of the audit and skew the final results. This is only the case if the third party doesn't understand the objective, the true purpose of the audit. Peter Drucker, founder of the concept "management by objective," stated, "Management by objective works -- if you know the objectives. Ninety percent of the time, you don't." Like Drucker's concept of management by objective, audits should measure performance against established standards. The standards should be pre-defined in the audit's protocol because they serve as a starting place from which the client company can ask questions about the audit findings.
A qualified third-party audit team should possess the abilities to maintain professional barriers and understand the difference between clients providing information in service of the audit vs. manipulation to skew the results.
Third parties conduct audits, then move on to the next project. Although efficient auditing is a positive quality, auditors don't have to live with their recommendations -- the client does. This can leave clients in a difficult position, as discretionary recommendations must be addressed. For this reason, companies should not accept third parties that leave a laundry list of recommendations based solely upon the third party's opinion of the facility.
Require high levels of engagement with site personnel and demand the auditor maintain its objectivity by using a pre-established audit protocol. Once the audit has been completed, accept nothing less than an audit report that defines the organization's risk for each finding, distinguishes between regulatory-based action items and best practices, and prioritizes implementation based on defined risk.
For more information, visit www.OneSourceEHS.com or call (866) 606-5306.