What competences should an ISO 45001 internal auditor have?
One of the fundamental components of any ISO 45001-certified OHSMS (Operational Health and Safety Management System) is the function of the internal audit. As a mandatory part of the ISO 45001 standard itself, the internal audit is essential for checking your system’s performance and compliance. It is also an excellent tool to ensure continual improvement through identification of gaps and areas where performance could be adjusted for the better. It therefore stands to reason that to maximize the benefits of the internal audit function, you must have the correct internal auditor in place, and that person should have a unique and defined skillset. So, what should that skillset be, and to what effect can it be matched with the requirements of ISO 45001 itself and the needs of the organization?
Knowledge or qualifications – or both?
Previously, in the article How to perform internal audits in ISO 45001, we looked at the mechanics of performing the internal audit within the OHSMS, but without considering the qualities of the person best placed to do it. While auditing qualifications can be gained from colleges, universities, or specialized training organizations, these are not strictly necessary in most sectors. However, when your organization considers the risk present in its sector, it might be that having a qualified person or people performing vital elements like the internal audit becomes desirable.
Consider the caliber of person required to carry out an internal audit in a nuclear plant versus that in a clean office environment – and the implications of failing to complete this element effectively. It is easy to imagine that organizations in high-risk sectors may recruit specially-trained auditors as a matter of course. In this case, it might be wise to consider the use of the ISO 19011:2018 standard, which provides advice and guidance on auditing management systems, and can be hugely beneficial in providing advice on the structure and content of your audit program. This is a decision your top management team should make based on these contextual factors.
What skills must an OHSMS auditor possess?
After deciding whether qualifications are necessary or not, it is wise to build up a profile of the person you need to become your OHSMS auditor. There are several ways of doing this, but perhaps the most effective is building a “job specification” type of document that can match the requirements of the audit in line with the ISO 45001 standard. After doing this, you can then more easily match the skills of the individual you are considering for the position or task of internal auditor. Here are key competences you should look for:
- Good knowledge of the ISO 45001 standard: This seems obvious, but unless the person being considered for the task has good knowledge of the standard, it is highly unlikely that he/she will be suitable. In other words, a person with little experience with OH&S in the workplace may not make the best OHSMS auditor.
- An understanding of the company structure and procedures: While not strictly necessary – for example, the external auditor will not have this knowledge – good insight into the way your organization works will help your auditor understand the processes, people, and the risks and opportunities that arise from your organization’s activities.
- A solid understanding of risk: Risk is the key factor in any OHSMS, and an effective auditor will have a keen eye for identifying the main risk points within a business.
- A methodical way of thinking: Your auditor should be able to think logically and methodically. Without this ability, you may find gaps in your audits, leading to non-conformances for your organization when it comes time for your certification audit, and daily risks to your employees.
- Good evaluation skills: Collecting findings accurately and methodically is vital, but evaluating these correctly and formulating actions is equally important. An auditor with the ability to do this will be of great value to your organization.
- Good written skills: As internal audit recording is mandatory and critical. It is also easy to imagine that the better the structure and content of an internal audit report, the more advantageous the outcome will be for your OHSMS and employees.
- Excellent knowledge of root cause and corrective action processes: Having an auditor with this key skill is vita. The ability to analyze root cause, suggest an effective corrective action, and the intelligence to recognize if reoccurrence is likely, possible, or unlikely.
Ensuring your auditor and audits work for your organization
We can see that many qualities are necessary and desirable to ensure that you have the correct person to deliver effective internal audits of your organization’s OHSMS. While it is possible that a person with no great quality or environmental experience can audit elements of a Quality or Environmental Management System, this is probably not recommended in an OHSMS where the implications of unidentified hazard and risk bring danger to your employees. Assess whether your auditor has the qualities above, and your organization will be on its way to making internal OHSMS audits part of the continual improvement cycle.
To learn the details of ISO 45001 internal audit process, download this free white paper: How to perform an internal audit using ISO 19011.
About the author:
John Nolan is a Fellow of the Institute of Leaders and Managers in the United Kingdom, and Prince 2 accredited with a background in Engineering and Electronics and Data Storage and Transfer. Having studied and qualified as both a Mechanical and Electronic Engineer, he has spent the last 15 years designing and delivering Quality Systems and projects across many sectors in the UK, including both national and local government.