All organisations with established management systems have some form of auditing program that incorporates internal audits, external audits and, potentially, certification audits. If this program is not managed effectively, ‘audit fatigue’ can seriously impact on the effectiveness of audits, and more importantly on the proper management of audit findings.
Where management systems have specific legislative requirements, such as Health and Safety or Environmental systems, audit findings may indicate legislative non compliances. Where this is the case, it is critical that such findings are actioned as soon as possible after the audit, or at least documented within an action plan. Where a finding relates to an imminent physical health and safety or environmental hazard, action must be taken to ensure the hazard is mitigated.
Management system audits should present findings to clearly indicate to the auditee what the compliance issue is and to facilitate the prioritisation of corrective actions. As such findings should be categorised as follows:
- Major non-conformance – A non-fulfilment of a requirement of the standard, internal organisational requirement or non-compliance to a legislative requirement that affects the ability of a management system to achieve the intended results or a number of minor non-conformities listed against similar areas.
- Minor non-conformance – A non-conformity from the Standard or internal organisation requirement that does not affect the capability of the management system to achieve its intended results.
- Opportunity for Improvement – OFIs are identified where there is conformance with potential to improve or streamline an area or process and may also indicate trends which may result in a future non-conformance.
However, all too often organisations are subject to a myriad of audits with managers having to deal with multiple corrective actions in order to meet individual and company KPIs.
The resulting audit ‘fatigue’ can cause serious issues to be overlooked, or audit ‘desensitisation’ where auditees become so used to receiving audit findings that they simply relegate them to business as usual, with the result that routine tasks are often prioritised before potentially serious legislative non compliances.
Organisations can benefit from conducting a thoughtful review of the amount of audits they subject their people to, with consideration of how each audit contributes to the final objective of the audit program. The audit program can then be revised to ensure that audits are focussed on areas where they are most needed (to avoid audit duplication), scheduled to allow sufficient time for the implementation and review of any management system based corrective actions. We would strongly recommend the use of a risk-based approach to the audit regime, and clear linkages between the risks, the controls and the audit process.
Please contact QRMC for more information.