View Current

WHSMP15: WHS Audit and Assurance Procedure

This is the current version of this document. You can provide feedback on this policy to the document author - refer to the Status and Details on the document's navigation bar.

Section 1 - Purpose and Scope

(1) The purpose of this procedure is to outline the continuous improvement process for monitoring the Work Health and Safety Management System (WHSMS) using audit,  assurance and monitoring of corrective and preventative actions to evaluate its implementation and effectiveness at Southern Cross University (SCU). 

(2) The purpose of this procedure is to ensure Southern Cross University’s management, employees, contractors, students, visitors and others are aware of the monitoring process for conducting audit and assurance activities in the workplace. 

(3) All employees, students and others including both independent contractors and contractors under SCU control are to be made aware of and follow this procedure. 

(4) This Procedure applies to all SCU Work Units and sites. The procedure aligns with WHS legislation in the relevant jurisdictions SCU operates in. 

Top of Page

Section 2 - Definitions 

Action 
An action raised in response to an identified deficiency. 
Action Plan 
An action plan lists what steps must be taken to achieve compliance. 
Auditor 
The person who conducts the audits. 
Audit Criteria 
Set of requirements used as a reference against which objective evidence is compared (requirements may include legal, policies, procedures, work instructions, contractual obligations, etc.). 
Audit Evidence 
Records, statements of fact or other information, which are relevant to the audit criteria and verifiable. 
Conformance 
Activities undertaken and results achieved that fulfil the requirements defined by relevant standards, and regulations, ensuring that health and safety measures are correctly implemented and maintained.  
Corrective Action 
Actions taken to eliminate the cause of or control an identified non-conformance.  
Corrective Action Register 
Available in online databases or spreadsheets that record identified WHS non-conformances and the corrective and/or preventative actions to be implemented.  
HoC 
 
Non-conformance 
Non-fulfilment of specified requirements 
Preventative Action 
 
RiskWare 
RiskWare is SCU’s cloud-based online component of its safety management system.  The audit module in RiskWare is used to design audits, checklists and inspections, schedule them to be conducted, and create corrective actions for non-conformances. 
Health & Safety Committee 
A consultation committee on all matters relating to work, health and safety issues. 
Workplace Safety Audit 
A workplace safety audit is a systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled. 
Workplace Safety Inspection 
A workplace safety inspection is a formal process of observing and documenting safety hazards and unsafe practices in the workplace using a checklist to assist with the identification and monitoring of hazards and risks. 
Observation 
Deviation from the written instructions or information that will not compromise the WHSMS. 
*That was observed during the audit process 
Top of Page

Section 3 - General Principles 

Identification, Investigation, and Assessment of WHS Non-Conformances  

(5) WHS non-conformances can be identified through various activities within the WHS Management System, including but not limited to:  

  1. Consultation. 
  2. Risk assessment. 
  3. Hazard, accident, and incident reporting.  
  4. Inspection and testing of plant and equipment. 
  5. Assessment or monitoring of contractors and other stakeholder activities in the workplace. 
  6. WHS document review as outlined in WHSMP08: Document and Records Management Procedure. 
  7. Management review as outlined in WHSMP16: WHSMS Management Review.   
  8. WHS Audits and Assurance inspections as outlined below. 

Workplace Safety Audits & Assurance Inspections 

(6) SCU audits and assurance inspections are conducted to verify that key aspects of the WHSMS are effectively implemented and operate as desired. The audits and assurance inspections focus on the areas that have the greatest WHS risk exposure, hence primarily focus on the enterprise WHS Critical Risks and the implementation of the WHSMS.  

(7) Difference between audits and assurance inspections 

Assurance Inspections 
Audits 
Identify unacceptable drift between ‘work as done’ and ‘work as imagined’ 
Identify unsafe processes (and systemic casual mechanisms of injury) 
Focus on an action (what) 
Focus on how 
Involves exploring the gap and drift 
Involves making judgement 
Visual and conversational 
Visual, observational and interviews 

Types of Audits and Assurance Activities 

  1. Desktop audits (review of existing documentation). 
  2. Gap analysis against High-Risk Procedures. 
  3. Compliance audit testing (auditing system elements, policies, procedures, premises, plant & equipment against current WHSMS). 
  4. Systems audit. 
  5. WHS Management Plan Audit. 
  6. Some audits might be a combination of the above. 

(8) Types of Assurance Inspections 

  1. Regulatory Inspection
  2. Electrical test and tag, and residual current device 
  3. Fire safety installations 
  4. Registrable plant 
  5. Emergency provisions including first aid kids, automated external defibrillator, eye wash and safety showers 
  6. Fleet Vehicles 
  7. Equipment inspections 
  8. Scheduled inspections of locations: 
  9. Plant room 
  10. Workshops 
  11. Accommodation 
  12. Emergency preparedness 
  13. Off-campus sites 
  14. Grounds 
  15. Laboratories (including PC2) 

Critical Control Verification  

(9) All nineteen critical risks and corresponding critical controls are to be verified according to the agreed frequency outlined in the SCU Critical Risk Management Framework 

Frequency 

(10) The frequency of WHS audits is determined by the level of risk associated with the activity, area or procedure and the WHS Team will determine audit frequency as part of the development of the annual audit and assurance inspection program.  It considers: 

  1. the results of previous audits. 
  2. accident and incident statistics. 
  3. the significance of problems encountered in the areas to be audited. 
  4. emerging hazards or issue. 
  5. any regulatory obligations. 

(11) Assurance inspections will be conducted according to the agreed frequency outlined in the SCU Critical Risk Management Framework, or in relevant High-Risk Procedure or Procedure. 

Criteria  

(12) Audit and assurance inspection criteria are used to determine conformity.  Criteria may be taken from applicable policies, processes, procedures, regulatory requirements, critical controls, management system requirements or information regarding the risk, codes of practice and industry standards. 

(13) Audit criteria is created and reviewed every 2 years once the audit and inspection program has been determined by the WHS Team. Audit criteria will remain in place for the entire annual program to ensure consistency for each Auditee. Audits and assurance inspections may be conducted from time to time by relevant third parties.  

Verifying information 

(14) During the audit and assurance inspection, information relevant to the audit and assurance inspection criteria should be verified with evidence where possible. Methods of collecting information includes interviews, observations, review of documentation and analytical procedures. 

(15) The audits require information verification to obtain compliance against criteria of the audit. 

(16) Assurance inspections require confirmation that compliance is demonstrated or sighted against the verification requirements outlined in the inspection checklist or critical control.  

(17) Verifying information means the information is: 

  1. Complete (all expected content is contained in the documented and sighted information); 
  2. Correct (the content conforms to other reliable sources such as standards and regulations); 
  3. Consistent (the documented information is consistent in itself and with related documents); 
  4. Current (the content is up to date). 

Conformance 

(18) To achieve a conformance the Auditee must demonstrate and provide evidence that: 

  1. University procedures have been implemented/met; and 
  2. All pertinent WHS legislative requirements are met, as outlined in the procedure. 

Non-conformances 

(19) To conclude a non-conformance, the Auditor must find evidence that there was: 

  1. an absence of evidence towards compliance. 
  2. an absence or failure of system elements or a part of the system. 
  3. an absence in documented systems or procedures. 
  4. a failure to follow the documented systems or procedures. 
  5. apparent legislative non-compliance; or 
  6. little or no evidence towards continued improvement. 

(20) If non-compliance has been identified, the non-compliance must be discussed with the Auditee to determine if a follow-up workplace safety audit or inspection is required outside of the normal frequency. Where appropriate a Compliance Action Plan is to be completed or entered into the Corrective Action module in RiskWare. 

Investigation of Non-Conformances  

(21) Upon identifying a non-conformance, an investigation may be necessary to determine its systemic causes and assess the level of risk, depending on the nature and complexity of the non-conformance. Heads of Work Units, managers, or supervisors should investigate non-conformances within their areas of responsibility, and may consult with Health and Safety Representatives (HSR) and/or designated employees.  

(22) The WHS Team may appoint individuals to investigate non-conformances with a systemic impact on the WHS management system or when similar non-conformances occur repeatedly. The investigation team should determine the likelihood of recurrence, potential consequences (harm) if it re-occurs, and the level of risk using the SCU risk rating table. Action priorities should be set according to the SCU risk classification table.  

Compliance Action Plan 

(23) If non-compliance is identified because of a WHS Audit, the Auditor will enter a compliance action plan into RiskWare in consultation with the Auditee. Where required, any resulting corrective actions will be assigned to the responsible person(s) for implementation and agreed timeframes. 

(24) The purpose of an action plan is to clarify what resources are required to reach compliance and formulate a timeline for when specific tasks need to be completed. 

(25) Action plans developed by external Auditors will be placed into RiskWare by the WHS Team. An external auditor will also record all findings into an approved WHS Audit Report template from the third party the University engages. 

Identification of Corrective and Preventative Actions  

(26) The WHS Manager or the Head of the Work Unit should:  

  1. Determine if it is reasonably practicable to eliminate the potential for recurrence of the non-conformance.  
  2. If eliminating the recurrence is not reasonably practicable, select corrective and preventative actions by applying the Hierarchy of Control. 
  3. Assign responsibility for implementing the required actions and communicate that information to the concerned individuals. 
  4. Set a timeframe for action completion, considering the risk rating and what is reasonably practicable under the circumstances. 
  5. Complete the relevant sections of RiskWare. 
  6. Communicate the corrective or preventative actions to relevant employees. 

Corrective Actions 

(27) The Corrective Action module in RiskWare, maintained under the control of the WHS Manager, records all identified WHS non-conformances and the necessary corrective and/or preventative actions. At a minimum, this should include:  

  1. The date the non-conformance was identified. 
  2. A description of the non-conformance.  
  3. The method of identification (e.g., accident/incident report, inspection report, audit findings). 
  4. Risk rating and priority for action. 
  5. Required corrective or preventative actions. 
  6. Person responsible for implementing actions.  
  7. Required close-out date. 
  8. Status (e.g., closed out or outstanding).  
  9. Residual risk rating after controls have been implemented. 
  10. Method of verification of effectiveness (e.g., audit, inspection, testing).  

Overdue Actions 

(28) Action items that are not completed within the agreed timeframes may be included in monthly and quarterly reports as per WHSMP14: WHS Monitoring, Measurement and Reporting Procedure. 

Monitoring and Reviewing Actions for Effectiveness  

(29) Heads of Work Units will monitor the implementation and effectiveness of local corrective or preventative actions during Work Unit meetings. Minutes will document the progress of items and actions being implemented.  

(30) The Workplace Health & Safety Committee (WHSC) should monitor the implementation and effectiveness of all corrective or preventative actions and refer any concerns to the relevant Head of Work Unit. Minutes must record the progress of systemic issues and actions being implemented.  

(31) If new hazards or risks are identified during the monitoring or evaluation process, the Head of Work Unit or the WHS Manager will initiate the risk assessment process again, following WHSMP02: Hazard Identification, Risk and Opportunity Management Procedure.  

(32) Control measures should be evaluated for effectiveness using methods appropriate to the specific non-conformance. This may include, but is not limited to:  

  1. Consultation with workers  
  2. Re-testing or inspection of plant or equipment  
  3. Reviewing controls during workplace inspections  
  4. Conducting an audit or re-audit  
  5. Monitoring hazard and incident statistics and trends  

(33) A Health and Safety Representative (HSR) may request a review of a control measure if they reasonably believe it has not been adequately assessed. Circumstances for requesting a review include:  

  1. The control measure is ineffective in managing the risk it was designed to control 
  2. Changes in the workplace present new or different WHS risks that the control measure may not effectively manage  
  3. Identification of a new relevant hazard or risk  
  4. Consultation results indicate a review is necessary  

(34) The HSR may request a review only if the above circumstances affect or may affect the health and safety of a member of their work unit. The HSR should discuss the issue with their manager and explain their reasons for the request. The manager should reinitiate the risk assessment process based on such a request, following WHSMP02: Hazard Identification, Risk and Opportunity Management Procedure.  

(35) Once actions have been implemented and deemed effective, the Head of the Work Unit or WHS Manager will ensure the item is marked as closed out on the register.  

(36) The WHS Manager will provide regular reports to the WHSC and the Vice Chancellors Group/Executive Leadership Team, listing all outstanding items on the register that require their direction or enforcement.  

(37) The VGC/ELT is responsible for directing action and enforcing the close-out of items when necessary. Minutes from VCG/ELT meetings should document discussion outcomes and actions taken.  

(38) The register should be subject to regular audits and reviews.  

Training  

(39) During the induction process, employees and interested parties should be educated on the corrective and preventative action procedures and how to enter this in RiskWare.   

(40) The Managers, supervisors, and members of the WHS Committee must receive training on the requirements of this procedure. 

Consulting, approval and communication of the Audit and Assurance Program 

(41) The WHS Manager ensures the proposed biannual WHS audit and assurance program is presented to the University Council and SCU Health & Safety Committee for consultation and approval as per WHSMP07: WHS Consultation, Communication and Participation Procedure.  

Reporting Audit and Assurance Results 

(42) The WHS Manager reports the progress of the Audit and Assurance activities following WHSMP14: WHS Monitoring, Measurement and Reporting Procedure.  

Top of Page

Section 4 - Roles and Responsibilities

(43) Refer to WHS Responsibility and Accountability Statement

Top of Page

Section 5 - Records of Documentation  

(44) All relevant documentation will be recorded and kept in accordance with WHS Legislation and other legislative obligations including:  

  1. Internal audits 
  2. External audits 
  3. Training 
  4. Corrective Action module 
  5. Inspections 
Top of Page

Section 6 - Revision and approval history 

(45) This procedure will be reviewed as per nominated review dates or because of other events, such as: 

  1. Internal and external audit outcomes. 
  2. Legislative changes. 
  3. Outcomes from management reviews. 
  4. Incidents. 
Top of Page

Section 7 - References 

Work Health and Safety Act 2011 
Work Health and Safety Regulation in applicable jurisdiction that SCU operates  
Model Code of Practice: How to manage work health and safety risks (2018) 
Top of Page

Section 8 - Related Documents 

WHSMP15 – FOR – 01 – Compliance Action Plan 
WHSMS Overview Manual 
WHSMP14: WHS Monitoring, Measurement and Reporting Procedure 
WHSMP07: WHS Consultation, Communication and Participation Procedure
WHS Responsibility and Accountability Statement