Examining the Safety Audit Process

8 minute read

Having worked in safety for over 25 years, I have witnessed that safety professionals are increasingly taking on a broader range of duties. Supporting activities including health, environment, training, security, and even quality.

The common theme is the use of management systems, either formal arrangements with an ISO badge or less formal systems, for example based on HSG65. 

In many cases, it means that whilst advice on safety topics remains a core activity, the supervision of the management system or systems where other people are responsible for the technical input is as important. That will often come down to a well-designed and well delivered audit programme.

I’m a great believer in the value of audits, but I can’t help but notice that my enthusiasm is not always shared. In fact, audits tend to generate a range of reactions, but mostly leaning towards apprehension.
This was in my mind as I sat down this week to mark exam papers, another cause of high anxiety! What struck me was how different these two processes should be, and how alike they often are.

Audits are NOT about Passing or Failing

Examinations are fundamentally about ensuring a candidate has attained, and can demonstrate, a “certain” level of technical knowledge and understanding; this means managers and staff relying on their advice, can have some confidence in their abilities.

Whilst merits and distinction grades are available, the key decision for an examiner is a binary pass or fail. It means that some candidates scrape though, leaving the examiner with an uncomfortable sense of how much they really understand, or whether they could apply that knowledge to the real world. Of course, the opposite is also true, a candidate who is clearly very knowledgeable but lacks the written skills or has ignored the question, and fails to pass.

However, that is the point; an exam, is about demonstrating what you know; it is a chance to shine! It’s not about showing you up for what you don’t know, and indeed no one, not even the candidate will ever really know how well or not they did, only that it was enough to pass, or it wasn’t.

Passing NEBOSH exams or the equivalent are important for individuals; they enable entry into the safety profession, for employers they offer a quality check to ensure a consistent approach to health and safety will be adopted and to avoid cowboys giving poor advice bringing the profession into disrepute. However as a system exams can only go so far.

For starters the NEBOSH pass mark is just 45%, so clearly you can pass the exam and still know not know enough. Secondly, because it is as groups, not as individuals that we perform our QHSE roles. Therefore, that is where audits come in.

The Purpose of Audits

Audits can seem very similar to exams except that instead of assessing individuals we examine an entire organisation and its management arrangements or at least some part of it.

Like exams, many businesses use audits with a scoring system i.e. defined “grades”, sometimes pass or fail, sometime red, amber, green. Others use a definite score, say 70%, whilst for others, the pass mark is comparative, i.e. doesn’t matter what it is, so long as it’s better than someone else.

If audits adopt the same exam, pass or fail style, no wonder that people feel just as apprehensive about them as they might over an exam. Particularly when those with responsibility for the management system, may feel, or be made to feel, personally accountable for the outcome of an audit. This is true even where their ability to control a particular aspect is actually very limited.

However, that’s not the way it should be; audits are not exams that you just pass or fail. It’s a rather sad fact that whilst we love to be told how great we are, whether as individuals or as companies, we don’t really learn anything from that. In fact, the opposite is often true.

The best exam result I ever had, in terms of learning at least, was without doubt, a fail. I will never forget it, level 3 Maths, and I failed by just one mark. It was horrible! But it wasn’t the end of the story. Over that summer with a friend (who failed by two marks), we studied and studied. When the resits came we smashed it. Both of us went on to success at level 5 Maths in the same college and then, mathematically based engineering degrees.

So what If I had managed a pass? That extra one mark would have been fantastic! I would have felt and had a summer to remember but I would have stopped learning. Right there and then. And without an adequate mathematical foundation, I would, at best, have struggled through the rest of my studies. Yes, exams are important, that’s what we tell our kids after all, but they state the position we’ve reached, they don’t necessarily force us to move on. Audits however do inform companies how and where to improve their safety management.

The whole point about an audit is not to demonstrate what you know/do well already but to find opportunities to improve. It’s therefore almost the opposite of an exam and not always comfortable but the only way to progress. That should be exciting news, so why are audits so often a thing of nightmares? I believe it’s because in all the ways I’ve described they are too often treated like exams. 

If the audit is pass or fail, the object becomes not finding opportunities with the auditor but hiding them from the auditor. A game of cat and mouse where a good audit is a high score with no actions rather than “stuff to do” regardless of any score.

In short treating audits like exams can completely mess up the whole point and value of the audit. Naturally, there are exceptions, for example audits carried out as part of a tender may well need to be a pass/fail as part of ensuring suppliers can meet the clients’ needs. There may be other exceptions to complete an audit with a “pass”, however it does raise concerns when a company designs and delivers audit processes for the benefit of it ensuring the effectiveness of its own management systems!

How to Manage Audits

I argued at the beginning that for safety professionals this will often come down to a well-designed and well delivered audit programme. I absolutely believe that to be the case. It begs the question what well designed and delivered means?

Once an organisation can see the differences between audits and exams, and why they are different, then setting about designing an audit programme where people are comfortable with finding problems and issues become much easier. It almost certainly won’t be a system with a simple pass mark.

In my experience where audits are concerned, I’ve had a lot, people that don’t mind being told about opportunities to improve. What they hate, is when what may have been a long and detailed discussion is converted into a number (or colour) devoid of any context and then it is broadcast to their Managers and colleagues. This is not a constructive way to manage audits.

Audits Should

  • Treat the finding of opportunities positively
  • Measure the way actions are addressed
  • Focus on the way issues are addressed
  • Measure important things, not just things which are easy to measure
  • Not unnecessarily embarrass


Audit systems should generate actions and reporting, the success is in addressing those actions (not the quantity) and sharing the learning. People are then seen and monitored for what they do, not what they have not done. But that’s not enough; make sure your audits focus on what’s important and not trivia, that way everyone will be prepared to put in the effort at every point for example:

  • During the audit
  • When accepting its results
  • Afterwards to address the opportunities for improvement

What’s the best way to achieve this? Some good old, always in fashion, employee consultation. 

Need more information on Auditing?

If you want to discuss any support in your company find out more on Auditing and how Astutis can help.

Tags: Health & Safety