Systems in Focus

8/20/2019 Systems in Focus

1/31

Systems in focusGuidance on occupational safety

and health management systems


2/31

IOSH publishes a range of free

technical guidance. Our

guidance literature is designed

to support and inform

members and motivate and

influence health and safety

stakeholders.

Systems in focus – guidance onoccupational safety and healthmanagement systemsThe aim of this guide is to provideoccupational safety and health (OSH)practitioners, managers, educators andothers with a basic understanding ofthe role and development of OSHmanagement systems. Starting with abrief introduction to the subject, theguide contains:- general structure – main

components, history, links withinternational regulatory regimes andintegrated systems

- detailed structure – key elements ofeffective systems

- discussion – advantages anddisadvantages, certification andgetting started.

The guide also has reference andfurther reading sections.

If you have any comments or questionsabout this guide please contactResearch and Information Services atIOSH:- t +44 (0)116 257 3100- [email protected]

PDF versions of this and other guidesare available at www.iosh.co.uk/ freeguides.

Our materials are reviewed at leastonce every three years. This documentwas last reviewed and revised inAugust 2014.

http://www.iosh.co.uk/techguidehttp://www.iosh.co.uk/techguidehttp://www.iosh.co.uk/freeguideshttp://www.iosh.co.uk/freeguideshttp://www.iosh.co.uk/freeguideshttp://www.iosh.co.uk/freeguideshttp://www.iosh.co.uk/freeguideshttp://www.iosh.co.uk/freeguideshttp://www.iosh.co.uk/techguidehttp://www.iosh.co.uk/freeguideshttp://www.iosh.co.uk/freeguides


3/31

Contents

1 Introduction 022 The main components of OSH management systems 033 Typical systems – an overview 054 Regulatory and industry standards

– some global perspectives 085 Should management systems be integrated? 096 The key features of an effective OSHMS 107 Advantages and disadvantages of OSHMSs 188 OSHMS certification 219 How to get started 22

References 24Further reading 25Appendix: List of abbreviations 27Acknowledgments 28

List of figures1 Plan–Do–Check–Act diagram 032 Flowchart based on HSG65 053 Flowchart based on OHSAS 18001 064 Flowchart based on ILO guidelines 075 OSHMS stakeholders 136 Process for developing an OSHMS 23

List of tables1 Typical changes faced by an organisation 102 Advantages and disadvantages of internal audit 163 Advantages and disadvantages of external audit 164 OSHMS comparison table 22


4/31

Guidance contextChanges in workDeveloped countries are experiencing ashift of balance from manufacturing toservice industries, new technologies,globalisation, flexible work practicesand an ageing workforce. Meanwhile,many developing countries are shiftingfrom rural to industrial and serviceactivities. Both scenarios presentchanging work patterns and associatedhazards. The multitude of work-relatedrisks requires a systematic approach tooccupational safety and health (OSH)management, and some of theprincipal management tools areoccupational safety and healthmanagement systems (OSHMSs).

Management system developmentsOrganisations are being encouraged toadopt formal management systemsthrough their supply chains, and to alesser extent through legal pressures.

Current systems include both genericapproaches and sector-specificarrangements developed by tradebodies. The continued development andwider use of formal systems seems to beinevitable, particularly where corporategovernance issues have a high priority.

Common featuresFormal systems have at their core theelements of plan, do, check and act(PDCA) – embodying the principle of

continual improvement. Although thereare potential disadvantages to formalsystems, such as increased paperwork,the benefits of developing arrangementsthat fully meet your organisation’s needsmake them worthwhile when they’reproperly implemented.

IOSH’s positionIOSH recognises that work-relatedaccidents and ill health can be preventedand wellbeing at work can be improvedif organisations manage health andsafety competently and apply the sameor better standards as they do to othercore business activities. We believe thatthe formal OSHMSs mentioned in thisguidance, and others based on similarprinciples, provide a useful approach toachieving these goals.

GuidanceThis document helps professionalhealth and safety advisers to explorewhat OSHMSs can offer their ownorganisations and those that theyadvise. It has three specific aims:- to support improvements in

effective health and safetymanagement

- to help organisations that want tointroduce formal OSHMSs

- to encourage IOSH members to playa full part in these developmentsand in continually improvingexisting systems.

Structure of guidanceAdopting and implementing an OSHMS,and integrating it with othermanagement systems, requires carefulplanning and management. Thisguidance outlines the basis of thesesystems, discusses some of their benefits

and pitfalls, offers practical suggestionsand explains how to implement anddevelop an effective OSHMS.

OSHMSs – an overviewThe main components of an OSHMSinclude both policy – a ‘missionstatement’ for health and safety thatprovides a mechanism for managementcontrol and accountability – andarrangements for implementation,monitoring (including audit) andcontinual improvement. Formalisingthese arrangements removes thepotential arbitrariness of processesdeveloped by a few individuals andhelps to support a management culturethat can involve the whole workforce.

OSHMSs have developed throughnational and international co-operation.Some were boosted by legaldevelopments such as the EuropeanUnion (EU) Framework Directive,1 whileothers were created in response toindustrial sector needs (eg Responsiblecare2 in the chemical industry). With thepublication of International Labour

Organization (ILO) guidelines3 in 2001,the international dimension came fullyinto focus. Today, the leadinginternational standard is OHSAS 18001.4

This guidance is divided into threebroad parts. Sections 2–5 cover thegeneral structure of OSHMSs, includingtheir history, links with internationalregulatory regimes and the issuesinvolved in integrating them with othermanagement systems and with

business risk management. The detailedstructure of an OSHMS and the keyissues involved in implementing it arecovered in section 6. Sections 7–9provide information on the advantagesand disadvantages of OSHMSs, theissue of third-party certification, andhow to get started. The appendixcontains a list of the main abbreviationsused in this guidance.

1 Introduction

02


5/31

Whatever management model you use,it’s likely to be based on the principleof plan, do, check and act (PDCA –also known as the ‘Deming cycle’).

Numerous types of management systemare based upon this principle, notablyhealth and safety (OHSAS 18001),quality management (the ISO 9000series) and environmental management(the ISO 14000 series). You can gainsignificant benefits by integrating yourorganisation’s approach to these areas –in other words, by adopting a holisticapproach (see page 09).

Effective OSHMSs include the followingelements:- Policy – a statement of commitment

and vision by the organisation, whichcreates a framework foraccountability that is adopted and ledby senior management.

- Planning – a plan for identifying

hazards, assessing and controllingrisks, and preparing for andresponding to emergencies, as wellas identifying legal and otherstandards that apply. The

organisation should set long termOSH objectives and plan targets andactions to achieve them.

- Organising – a definition of theorganisational structure, allocationof OSH responsibilities to employeeslinked to operational controls, andways of ensuring competence,training and consultation.

- Workers’ representatives* – acrucial resource that can make avaluable contribution to theorganisation’s overall response torisk and opportunities.

- Communicating – from basicinformation and work procedures tothe details of the system itself, frommanagers to workers and vice versa.

- Consulting – whatever the flow ofinformation, you need an effectiveway of tapping into the fund ofknowledge and expertise held byyour workforce, clients, suppliersand other stakeholders (eg

regulators, trade unions andneighbours). Involving all thesegroups will also help you to shapeyour risk management programme.

- Implementing and operating –putting management processes andplans in place and carrying out theactivities from risk assessment toaudit – in other words, putting theOSHMS into practice.

- Measuring performance – fromreactive data on the rates of work-related injuries, ill health, nearmisses (sometimes referred to as‘near hits’) and other incidents, toactive data on routine inspections,health and safety committeeactivities, training, risk assessmentsand so on (see IOSH’s guidance onreporting performance5). Formalaudits should evaluate the overallperformance of the system.

- Corrective and preventiveactions – a fundamental OSHMScomponent is a systematic approachto identifying opportunities forpreventing accidents and ill health,including those that stem from

investigating work-related injuries,ill health and incidents. Varioustechniques are used to identify andcorrect weaknesses in the systemand to find ways of preventingfailures and harm.

03

2 The main components of OSH management systems

* We’ve used ‘workers’ representatives’ in this guidance to mean any workers’ safety representatives, regardless of whether they’re appointed by

a trade union or chosen in some other way.

- Policy

- Planning

- Hazard identification and risk assessment

- Implementation and operation

- Performance assessment> (active and reactive)

- Review and continual improvement

Plan

Do

Check

Act

Figure 1: Plan–Do–Check–Act diagram


6/31

- Management review – anevaluation of how appropriate theoverall design and resourcing of thesystem are, as well as its objectivesin the light of the performanceachieved. This includes making surethat compliance with relevant legaland other requirements isperiodically checked.

- Continual improvement – at theheart of the system is afundamental commitment tomanage health and safety risksproactively, so that accidents and illhealth are reduced (effectiveness)and/or the system achieves thedesired aims by using fewerresources (efficiency).

04


7/31

Many OSHMSs have been publishedover the past 25 years. Some reflectthe interests of the sponsoring bodies.For example, the American IndustrialHygiene Association system places theindustrial (occupational) hygienist atcentre stage as the crucial competentperson. Others, such as theInternational Safety Rating System,were developed so that commercialorganisations could offer third partycertification. Three generic OSHMSsreflect this history and illustrate thedifferent emphases of current systems.

HSG65*The UK Health and Safety Executive (HSE)published Successful health and safety management (HS(G)65) in 1991. Thiswas characterised by five key elements:- policy- organising- planning and implementation- measuring performance- audit and review.

It’s based on the traditional PDCAprinciple, where the organisation’s plansreflect the policy document and theimplementation phase is dominated byrisk assessment and application ofcontrols. Checking includes a mixture ofperformance monitoring, auditing andcorrective action.

The guidance intentionally reflectedcontemporary management processesand encouraged readers to harnessthem for health and safetyprogrammes. However, at that time,the HSE was under pressure to restrictits activities to supporting andenforcing legal compliance. This led toa system in which legal compliancebecame embedded in organisationalpolicy and, once achieved, the aim waslargely to maintain the status quo. Thiscompared unfavourably with systemsthat unambiguously focus on continualimprovement, a fundamental weakness

that was addressed in the second and

current edition of HSG65.6 This editioncontains information on managingchange and more advice onconsultation, communication andcontinual improvement. HSG65 retainsthe special status of a managementsystem developed by a regulatoryagency, and it’s familiar to many UK-based managers and OSH practitioners,particularly in larger organisations.

OHSAS 18001OHSAS 180014 grew from a desire tocreate a system capable of assessmentand certification, as a follow-on fromBS 8800 (now revised and reissued asBS 18004:20087).

HS(G)65 covered the implementationof an OSH policy, and implied that thiswould be quite straightforward oncethe policy had been adopted. OHSAS18001, on the other hand, more fullyreflects the problems of changing an

organisation. Building on established

05

3 Typical systems – an overview

Control link

Information link

Policy

Auditing

Organising

Planning andimplementation

Measuringperformance

Reviewing

performance

Figure 2: Flowchart based on HSG65

* HSG65 is currently (May 2011) under revision – see www.hse.gov.uk/managing/index.htm for more information.


8/31

environmental management systems inparticular, OHSAS 18001 recognises theimportance of planning and managingthe changes that are likely to beneeded as an OSHMS is introduced.

ILO OSHMS guidelinesThe ILO is a tripartite United Nationsagency that influences the developmentof labour laws across the globe. Itspublications and guidance are

authoritative and its 2001 Guidelineson occupational safety and healthmanagement systems3 established aninternational model, following adetailed review of over 20 managementsystems worldwide. It reflects theglobalisation of organisations and theincrease in outsourcing and partnering– these changes demonstrate howsystems need to evolve continually toreflect new business practices.

06

Continualreview

Policy

Planning

Implementationand operation

Checking andcorrective action

Managementreview

Figure 3: Flowchart based on OHSAS 18001


9/3107

Audit

Continualimprovement

Policy

Organising

Planning andimplementation

Evaluation

Action for

improvement

Figure 4: Flowchart based on ILO guidelines


10/31

A key factor in implementing a formalOSHMS is consideration of the legalframework that creates theoperational context. In the EU,Australia and offshore regimesgenerally, regulation of major hazardindustries via a ‘safety case’ approachis accompanied by an emphasis oneffective management systems tocomplement and reinforce requiredhigh standards of technical safety.Also, the International MaritimeOrganization (IMO) now requiresmost categories of internationalshipping to use the InternationalSafety Management (ISM) Code,8 anOSHMS for marine operations.

Some countries, particularly in thePacific Rim, require organisations toadopt OSHMSs with third-partyauditing by government-approvedauditors. In others, there have beenmoves to link internal OSHMS status

with the enforcement inspectionregime. For example, under theVoluntary Protection Program in theUnited States, organisations withsystems approved through anextensive audit may be exempted from‘normal’ Occupational Safety andHealth Administration (OSHA)inspections. Proponents of this systemclaim that it allows employers toconcentrate on systems of work ratherthan individual deficiencies (hazards

and risks), but there’s considerabledebate over the merits orshortcomings of this approach.

There’s also been a general worldwidemovement away from prescriptiveregulations – which have theadvantage that employers are toldexplicitly what they have to do – toprocess requirements, with riskassessment as the key process

(although many would argue that inthe EU there’s still a strong drivetowards embedding detailedprescriptive requirements in Directives).Developing management systems isanother step along the same road. Thestructure of a lot of national legislationreflects this. In the UK, for example,the Management of Health and Safetyat Work Regulations 19999 requiredemonstrable management of OSH. InCanada, ‘due diligence’ defences havebeen successfully used by defendantswith a formal OSHMS. In Norway since1991, it’s been mandatory fororganisations to establish internalcontrol systems to make sure thathealth and safety activities, includinginternal and external audit, are legallycompliant, and to document them.Similarly, Swedish law requiressystematic internal control of OSH. InIndia, following the Bhopal disaster,legislation in 1988 prescribed

systematic management to preventsuch events. The Chinese governmenthas adopted the ILO’s OSHMSguidelines and has used them todevelop a certification framework.Australia and New Zealand have a well-developed national OSHMS standard,10

but no plans to make its adoptionmandatory. These are all examples ofthe extension of self-regulation.Some management systems have beendeveloped to meet the needs of

specific sectors. For example:- the chemical industry has developed

Responsible care- the shipping industry uses the IMO’s

ISM Code- oil and gas producers have

published comprehensive, globalguidelines for a health, safety andenvironmental system forexploration and productionactivities.11

Looking aheadThere is increasing internationalcertification to OHSAS 18001 and anincreasing trend towards integratingPDCA management systems. TheOHSAS Project Group surveys havefound that between 2003 and 2007,the number of countries where OSHMScertification occurs has grown from 70to 102 and the number of reportedOHSAS 18001 (or equivalent)certificates from 3,898 to 31,512.These trends are driven by factors suchas the increasingly international natureof business and supply chainrequirements in general, supported byincreasing recognition by enforcers thatmanagement systems – when runproperly – can help to deliver improvedlegal compliance and OSHperformance. In addition, the designersof management systems themselvesare paying increasing attention tosupply chains and dealing with OSH

issues associated with products, not just with operations.

4 Regulatory and industry standards

– some global perspectives

08


11/31

IOSH’s guidance, Joined-up working – an introduction to integrated management systems12 covers:- the case in favour of integrating

management systems- arguments for retaining largely

independent systems- organisational prerequisites for

integration- factors that should be considered

when introducing an integratedmanagement system (IMS)

- maintaining and developing an IMS.

IOSH’s view is that “an effective IMSshould be the preferred option formany, but not all”. A well-planned IMSshould be more efficient and capableof taking the best decisions in the faceof various factors and uncertainties.

An integrated approach is alsoexpected in business risk management(BRM), which is defined in IOSH

guidance13 as “the eradication orminimisation of the adverse effects ofpure and speculative risks to which anorganisation is exposed”. Such riskincludes health and safety,environmental and quality failures.

The requirement for corporateaccountability based on a BRMapproach is highlighted both globallyby the Organisation for EconomicCo-operation and Development and inthe so-called ‘Turnbull Report’,14 whichrequires companies listed on the UKstock market to identify, assess, recordand manage their significant risks in asuitable manner. There must besystems for regularly reviewing theserisks and adjusting their controls,together with statements in companyannual reports that confirm theeffectiveness of these systems.

Hence, the management of OSH,environmental or quality risks shouldnot be treated in isolation, because ofthe impact that poor risk managementcan have on brand, reputation,business continuity and financialwellbeing. This is the fundamentalreason why most organisations

integrate their OSHMS with thesystems used to manage environmentaland/or quality risks. Integration allowsrisks to be prioritised overall, so thatresources can be allocated to achievemaximum risk reduction and benefit. Innon-integrated systems, on the otherhand, resources are allocated to eachrisk area in isolation, and the resourcesallocated to each may not reflect thatrisk area’s overall significance.

The process of integration presentsdistinct challenges to organisations.Those that are most likely to integratetheir systems successfully will alreadyuse multiple channels ofcommunication founded on trust,respect for the expertise of co-workers,and experience of and confidence inmanaging change.

However, while many of the genericelements of an IMS can be set up bynon-specialists, it’s vital that riskassessment processes are supported bypeople who are fully competent in thespecific areas covered by the integratedsystem (quality, environment, health andsafety, and so on). This is necessary bothto avoid overlooking hazards and tomake sure that controls intended tominimise risks reflect current goodpractice.

An IMS encompassing OSH,

environmental and quality risks can bea major step in the direction ofcontinual improvement. This drive forcontinual improvement in all areas ofBRM – including OSHMSs – can befurther enhanced by setting targets,establishing proactive key performanceindicators and using performanceappraisals to formalise responsibilitiesfor all directors, managers andsupervisors who contribute to theachievement of the organisation’s goals,

vision and mission. An effective IMSgreatly enhances OSH managementand leads to continual improvement inthe level of performance.

09

5 Should management systems be integrated?


12/31

This section covers four essentialelements of an OSHMS:- continual improvement (and how to

achieve it)- system activities (high-level objectives

and detailed OSHMS activities)- stakeholder involvement (internal

and external)- auditing and verification (good

practices in OSH auditing andauditor competence).

Continual improvementQuality systems standards did not initiallyinclude continual improvement. Thisomission was corrected in ISO 9001:

2008,15 but may be one reason for awidespread view that the primary outputof quality management systems ispaperwork, rather than real improvementin processes and products. In fact,continual improvement is vital ifmanagement systems are to be effective(in the sense that the results achievedare what’s required) and efficient (in thesense that the resources used aresustainable in the long term). This isparticularly true for organisations

operating in a continually changingenvironment (see Table 1). It also

explains why discussion about the needfor an OSHMS often starts from thecontinual pressure to reduce accidents,incidents and ill health.

With continual improvement built intoan OSHMS, opportunities to improveeffectiveness and efficiency aresystematically identified and action istaken. Often this can be done at lowcost as part of the preparation for, orresponse to, other required changes.

However, ‘improvement’ need notimply greater complexity. If the OSHMSis simplified, it may become easier tounderstand and apply, yielding betteroverall results. Improvement may alsobe possible by broadening the scope ofthe system, for example by applying itto outsourced services, value chaininteractions and new technical areassuch as occupational road risk.

Continual improvement in an OSHMScan have four aspects:- results that are better year on year,

as measured by falling rates ofinjuries, ill health and damage

- steady or improved results that areachieved with fewer resourcesbecause the OSHMS itself improvesand effort is better targeted

- results that move the culture of thewhole organisation to a new stateof effectiveness and efficiency, often

described as ‘breakthroughperformance’

- improvements in the system itself,so that it’s more comprehensive,easier to understand, or in otherrespects better than before.

How to achieve continualimprovementTraditionally, the audit stages of theOSHMS are seen as the fount of allimprovement wisdom, but thisviewpoint unnecessarily restrictsthinking about improvements inmanaging the workplace. There are

other important sources of data,including statistics, benchmarking andindustry or sector guidelines, as well asthe people in the organisation.

People who operate systems are oftena fertile source of improvement ideas –if they’re encouraged to express them.Managers, team leaders, workers andtheir representatives – if they truly feelthey ‘own’ the work processes and areactively monitoring them – usually have

many ideas for improvement, to makeprocesses both easier to operate

6 The key features of an effective OSHMS

10

Table 1: Typical changes faced by an organisation

A good system?If you want a simple diagnostic for‘is our OSHMS good?’, then evaluatehow effective it is at drivingimprovements in performance,rather than simply discipliningpeople to follow set procedures.

Reporting up?When launching a more systematicapproach to health and safety, oneimprovement will be in reportingrates, ie staff and managers willdeclare a higher proportion ofaccidents and incidents. This leads toan apparently rising rate – which canlook like failure. Prepare colleaguesfor this before you begin.

External changes Internal changes

- New guidance, industry or national standards- National targets, such as Revitalising health and safety

(launched in 2000 in the UK)16 – for more informationsee www.hse.gov.uk/statistics/pdf/prog2009.pdf

- New hazards, or new emphasis on old hazards, such asstress and asbestos

- Campaigns by regulators, trade unions, non-governmental organisations (NGOs), media

- New or revised legislation- Supply chain (client) pressures

- New products, services or workplaces- New working arrangements, such as a union agreement

or home working- Business reorganisation, such as outsourcing- Business growth and change- New work equipment, or changed contractors or

suppliers- New employees, or experienced employees leaving the

organisation- Merger or takeover


13/31

(efficient) and more likely to producethe desired results (effective). Involvingthe workforce, particularly throughworker representatives, is crucial toachieving OSH improvements. Onemethod that is effective is the creationof ‘diagonal slice’ groups – such asworker, team leader, engineer andmanager – working as an improvementteam. To achieve good OSH results, it’salso essential that directors, managers,team leaders and the whole workforcesee health and safety issues as theirresponsibility, not just the concern ofthe OSH professionals.

A process is needed to make sure thatimprovement ideas are gathered andevaluated (with feedback given to theoriginators), and that those that addvalue are suitably resourced,implemented and monitored. It’simportant that improvementsuggestions support long term strategic

goals. If they do, and they’re swiftlyimplemented, the net effect of manysmall improvements can be dramatic.The process of creating improvementideas can also be subject to formalmanagement processes. For example:- issues can be managed using

‘SMARTT’ improvement plans, iespecific, measurable, agreed, realistic,timetabled and tracked actions thatare reported back to the ‘owner’(accountable person or group) –

which may be the safety committee,the local line manager or a director- a task group can be set up to

review a particular issue, such asworkplace transport, with a brief toreport back with recommendationsfor improvement to the owner ofthe issue.

System activitiesDocumenting your organisation’sactivities, whether on paper orelectronically, is important and should

be the basis for:- training people with OSHMS

responsibilities- the OSHMS trainees’ reference

manual- the audit standard.

High-level objectivesThe OSHMS will incorporate detailedactivities designed to achieve orsupport the following high-levelobjectives:- clear policy-making with written

commitment to good standards atthe highest level in theorganisation, supported by visibleleadership, adequate resources,personal involvement, and regularmonitoring and reviews ofperformance (which, for example,require the chief executive officer ormanaging director to ask probingquestions during meetings and sitevisits, and all directors to participatein risk inspections or reviews)

- employment of competent staff,with adequate resources and timeto train and develop them

- effective arrangements for involvingand consulting key stakeholders suchas employees (including developing

partnership agreements with tradeunions), customers, regulators andother statutory consultees,contractors, partners andneighbours, and also for sharinglessons across the organisation andmore widely as appropriate

- making sure that materials,equipment and services boughtoutside the organisation are chosenaccording to appropriate OSHcriteria as well as price.

-

making sure that technical andoperational records are available,updated and retained as necessaryto meet business needs andregulatory requirements

- regular monitoring of all parts ofthe OSHMS by those responsible forbusiness processes, work groupsand work sites, to compare actualperformance with expected resultsand goals

- a system for planned audits toverify how effective the OSHMS is

in practice (see page 16)- systems for identifying and

reporting instances where therequired standards aren’t met,including external reporting whererequired

- investigation of the root causes ofthese non-conformances, withcorrective actions applied toimprove the OSHMS and preventrecurrences

- emergency systems, including plansand competent people toimplement and respond to them,for containing and controllingserious system or business failuresand minimising adverse effects.

11

What is the system?A description of a managementsystem is not the system itself.Sometimes a manual is handed overwith the comment ‘this is ourmanagement system’, when what

should be said is ‘this documentdescribes and summarises what wedo in practice – our managementsystem’.

‘Step change’ or ‘continual’?A ‘step change’ is often suggested,perhaps in response to externalpressures for improvement. But theability to achieve a step change inmost organisations is limited – evenwhen there are true step changes ininputs to a complex system, outputsalter much more slowly. Step changesin organisations often haveunplanned and undesired effects.Even where a real step change is

needed, an effective project to makeit happen will consist of many smallchanges, each contributing to theoverall plan and aligned with theoverall objectives. Thus, a ‘continualimprovement’ model is a good wayto manage all types of change. Thiswas recognised by Rolls-Royce plcwhen it initiated the ‘One small step’programme for organisationaltransformation. It was summarisedwell by the Japanese industrialist,

Soichiro Honda, who once said: “It ismore benefit to the success of thebusiness that 1,000 people take onestep forward rather than one persontaking 1,000 steps forward.”


14/31

Detailed OSHMS activitiesThe OSHMS model you use (see page22 for information on choosing theright one) should be adapted to meetthe needs of your organisation. Howthe high-level requirementssummarised above are broken downinto activities and described in practicecan depend on:- the type of hazards managed by the

system – are they well understoodor new? Are external and/or internalstakeholders at risk? Do they haveshort or long term effects?

- the type of organisation – does itcover a single site or many? Is theremuch outsourcing or not? Howmany products and customers areinvolved?

- the range of technologies – howmany technical disciplines andstandards are there?

- legislative and other applicablestandards – are they based on

prescriptive laws and externaloperating standards or goal-setting?

Each of the OSHMS activities should bein the form of an auditable standard –in other words, a ‘system’ or ‘process’that uses defined inputs to achievedefined output goals. Here are someexamples:- A current health and safety policy

statement, signed by theresponsible director, is readily

available and used during theinduction process for all employeesand contractors.

- A register of relevant hazards isheld by each work section,including summaries of key controlsand any current improvement plans(risk assessments). This includes thelikely consequences if controlsystems fail, such as single ormultiple fatalities, small or largescale damage and short or longterm ill health.

- All reported accidents arecategorised by potential (not justactual) outcome and prioritised forinvestigation into root causes onthe basis of this potential outcome.Suitable recommendations aremade to prevent recurrence and aremonitored to verify that they’vebeen followed through.

- Contracts are awarded andmanaged with OSH performanceamong the key performance criteria.

Each of these describes goals to beachieved, but doesn’t detail whatactually happens in the workplace. TheOSHMS activity description is ‘goal-setting’, minimising the need forrevision whenever the organisation andits work processes change. Prescriptivedetailed procedures, responsibilities,documents, training modules and so onare needed, but these operational-leveldocuments don’t usually form part of

the OSHMS description. Operational-level procedures need to include thekey element of accountability and mustbe sample audited to make sure thatthey define who’s responsible for whatand when (or how often), and what theexpected outcome is. The monitoringand audit steps are used to checkwhether such supporting processes areavailable where needed, and whetherthey’re effective, and to identifypossible improvements.

It’s increasingly apparent that effectiveOSHMSs cover human factors and don’tassume a mechanistic approach toorganisational and individual behaviour.For example, leadership and the effectsof human reliability on the effectivenessof hazard controls are important issuesto consider and monitor.

Stakeholder involvementA range of individuals and groups are‘stakeholders’ in the OSHMS – in otherwords, they may be affected by itsresults and therefore potentiallyinterested in its content andeffectiveness. They include people bothinside and outside the organisation itself,

as shown in Figure 5.

Internal stakeholdersDirectors or trusteesDirectors (including charity trustees andsenior officers of public bodies, asspecified in their policies andarrangements) are legally responsible fororganisational performance.Traditionally, financial performanceindicators are the only ones included indirectors’ annual reports, but measures

of performance in other key areas,notably corporate social responsibility(CSR) – which includes health andsafety, environmental and other issues –are increasingly used. UK accountingstandards for organisations quoted onthe London Stock Exchange (Turnbull14)and for registered charities (SORP17)require directors, trustees and seniorofficers to provide assurances that allsignificant risks, including health andsafety risks, have been identified andthat appropriate controls are in place.

IOSH has published guidance for peopleresponsible for reporting organisationalhealth and safety performance,outlining how to include these data inannual reports.5

12

Tailor the systemIt is vital to adapt the ‘standard’OSHMS to the particularorganisation. An OSHMS used by alarge multinational organisation canhave more than 200 ‘activities’ – allof which are needed somewhere –although each small part of theorganisation will implement only thesubset relevant to its part of theorganisation. A smaller single-site

organisation might needsubstantially fewer activities to covereverything significant.


15/31

A prerequisite of good performance isthat leaders of organisationsconsistently demonstrate that healthand safety results are as important asother key business goals. This shouldbe reflected in annual business targets.Similarly, OSH performance shouldform part of business agendas, formaland informal discussions withemployees and so on.

If leaders display behaviour thatdemonstrates the high value they placeon the health and safety of eachperson for whom they’re responsible,

and also accept personal responsibilityfor organisational performance, they’llbe able to make a huge difference tothe commitment to continualimprovement. In the UK, the Instituteof Directors and the HSE haveproduced a guide for directors andtheir equivalents.18

13

Internal stakeholders

- directors and trustees,or equivalents

-

workforce, includingtrade unions, workerrepresentatives andon-site contractors

- OSH professionals

External stakeholders

- regulators-

neighbours- clients and supply chain- insurers- shareholders/investors- corporate social responsibility

lobby/consumers- global bodies

Figure 5: OSHMS stakeholders

Reality checkMake sure that senior managersand directors visit accident sites andthose affected by accidents, such aspeople who are hospitalisedfollowing an accident. This will helpto make sure that senior staff don’tbecome isolated from the realitiesof daily workplace hazards and thedamaging effects to individuals offailures in the OSHMS.

Conversations with workers’representatives can also act as ahelpful ‘reality check’ for senior staff.


16/31

The workforceThe workforce is a key stakeholder fora number of reasons:- If OSH management is deficient, the

workforce is usually the group mostat risk from injury and ill health.This is a major focus for tradeunions, both at individualworkplaces and through nationaland international campaigning.

- Employees have first-handexperience of many workplacehazards and of how efficient andeffective current controls are inpractice. Employees are a primesource of ideas for continualimprovement. But some hazardsaren’t easily identified, as theireffects are long term or are realisedso rarely that there’s no workforce‘memory’. This means that it’sessential to train relevant staff sothat they’re competent in practicalhazard identification.

- Trade unions and workers’representatives generally have awide knowledge of and strongcommitment to health and safety,so are a significant resource forthe OSHMS to incorporate andbenefit from.

- Whatever formal systems andcontrols are used, the individual orsmall team performing a task hasgreat influence over its outcomes.Legally and morally, each person

has a duty of care to him or herselfand to others who may be affectedby acts or omissions. You canchange the behaviour of individualsand groups by making sure thatthey understand the hazardsidentified by the local OSHMS, thecontrols in place and why these are judged to be sufficient.

Workers’ representativesSetting up a system of employee OSHrepresentatives can act alongside

promoting personal motivation to addvalue to the OSHMS. Such a system isoften developed as part of the formalelection of workers’ representatives. Inthe EU and some other regulatoryregimes, employee consultation is a

legal requirement. Representativescontribute to the effectiveness of theOSHMS with their detailed knowledgeof what happens at the ‘sharp end’.They can:- identify opportunities for

improvement- make sure that workplace

inspections and monitoring arethorough

- check that planned improvementsand changes are realistic

- help with root-cause investigationsof failures

- act as a focus for employees’questions and concerns

- give access to external informationabout best practices via trade unions

- provide a valuable ‘reality check’ forsenior managers and regulators, asrepresentatives are typically confidentin stating their views.

Workers’ representatives need training

to be effective; team leaders andsupervisors also need training on howto work with representatives.

OSH professionalsOSH professionals form the main groupof people who advocate the benefits ofOSH systems. UK-based organisationshave a legal requirement to “appointone or more competent persons” tohelp them comply with relevant OSHlegislation. Where more than one person

is appointed, team work is important tomake sure that the OSHMS iscomprehensive, efficient and effective.

OSH professionals have a key role inadvising others with responsibilitiesunder the OSHMS, especially inknowing about hazards, their likelyeffects and current good practice foravoiding, minimising, controlling andmitigating them. For OSH professionalsto be able to give advice, they mustunderstand relevant legislation,

standards, best practice, practical riskassessment methods, cost-effectivecontrols and training provision. TheOSH professional is also likely to liaisewith external professionals, such asoccupational hygiene consultants (who

may, for example, monitor exposure tohazardous substances) and engineeringinspectors (who may examine and testlocal exhaust ventilation and so on).

It’s likely that an OSH professional willbe appointed custodian of the OSHMSon behalf of the organisation, with akey role in its effective implementationand regular review. OSH professionalsshould also be able to make keycontributions to audit processes andinvestigations of serious incidents suchas injury, ill health or damage.

External stakeholdersRegulatorsRegulators’ actions reflect society’sgrowing intolerance of organisationswhose profits appear to be earnedwithout due care for the health andsafety of workers, customers or thepublic. Outside the UK and particularlyin the Pacific Rim, it’s becoming

increasingly common for nationallegislation to require certification to arecognised national or internationalOSHMS standard, particularly for higherhazard industries such as construction.In the UK, areas regulated by safetycases (eg nuclear, onshore majorhazards, pipelines, offshore, railways,gas supply) all require a summary of theOSHMS to be included in the safetycase submitted by the operator to theregulator. In addition, some industries

have adopted voluntary codes andstandards that include a systematicapproach to OSH management (see theexamples on page 08).

Investors and insurersBoth investors and insurers areconcerned about risk, particularly riskthat isn’t managed effectively. Whereasthe Turnbull requirements (see page09) are targeted at avoiding majorlosses, investors are increasinglyrequiring more positive reassurance

that a business is well managed, andmay take health and safety as a markerfor performance in general. Insurersmay decline certain types of risk unlessthey’re convinced that the issues arewell managed. Evidence of a

14


17/3115

comprehensive and effective OSHMScan help directors respond to questionsand concerns raised by both investorsand insurers.

CSR lobbyIn developed countries, there’s nowsignificant demand for CSR, includingpublic corporate reporting. Both theDow Jones and the FTSE operateinvestor listings linked to CSR resultsthat include health and safety.

In addition, non-governmentalorganisations, investors andconsumers19 ask questions about OSHresults, particularly of globalorganisations, if they suspect thatactivities are being ‘exported’ tolocations where workplace OSHstandards are lower than in theorganisation’s home country, therebyincreasing profits at the expense of theworkforce’s health and safety. The

ASSE and IOSH guidelines, Global best practices in contractor safety ,20 coversome of these issues and identify morethan 60 aspects of good practice forboth clients and contractors – these areapplicable to workplace health as wellas safety. Compliance with arecognised OSHMS standard is one ofthe recommended good practices.

Voluntary codes, such as the GlobalReporting Initiative (GRI)21 and Social

Accountability 8000,22

bring togetherthe expectations of variousstakeholders in this area, including theneed for appropriate managementsystems and verification. In addition,there’s a growing consensus thateffective risk management needs toextend throughout an organisation’ssupply chain, to ensure security andthus sustainability (a developmentreflected in the ILO OSHMS guidelines).

Global bodies

The United Nations and its subsidiarybodies, such as the ILO, the WorldHealth Organization (WHO) and theIMO, set standards, as does the GRI,based for example on the UniversalDeclaration of Human Rights. With

globalisation, such standards assumehigher profiles and responsibleorganisations must pay more attentionto ensuring compliance. There is specialfocus on the protection of ‘vulnerablegroups’ such as children, migrantworkers and female workers. The ILOhas published numerous codes on awide variety of health and safety issues,seeking to set minimum standards ofpractice around the world.

Compliance with relevant ILO, IMO andWHO codes for workplace health andsafety is often a requirement foroperating in developing economies, inparticular for projects funded by theWorld Bank or the InternationalMonetary Fund. It can be expected thatcompliance with GRI guidelines willmove, in due course, from voluntarytowards mandatory status. Third-partyverification of such compliance may alsobe expected, hence the link to OSHMSs.

Auditing and verificationGood practices in OSH auditingAuditing is the sampling of a processby a competent person who’sindependent of the process. Auditorsreport on the effectiveness of theprocess, focusing on inputs, outputsand testing internal controls.‘Verification’ has a similar meaning to‘audit’, but where verification involvesconfirming conformity to an external,

recognised standard and results in theissue of a compliance certificate, it isgenerally called ‘certification’. ISO1901123 is a useful overall guide onhow to set up and run a successfulaudit programme. It can be applied tovirtually any PDCA managementsystem; though it only coversenvironmental and quality systems, itcan easily be adapted to apply tohealth and safety auditing and is in theprocess of being amended toincorporate this.

Typical audits cover three types ofevidence:- documentation – is it adequate?

Does it reflect all OSH hazards ofthe organisation?

- interviews – to confirm thatawareness, competence andresources are appropriate

- observation – to check thatarrangements and standardsdescribed in the OSHMS are actuallypresent in the workplace.

Audits have several key features:- Auditors’ independence gives

credibility to the audit findings.Auditors should not have anypersonal accountability, or directreporting relationships, in the groupor area they’re auditing.

- Auditors need a strong analyticalability but also well-developed‘people skills’, so that they cancollect reliable evidence quickly. Theskills of a good accident investigatorhave a lot in common with those ofa good auditor, and vice versa.

- Company procedures and localdocuments are sampled and

evidence is collected to check thatoperational practice is consistentwith documented practice. In otherwords, say what you do; do whatyou say you do; and prove it.

- Evidence is collected from corporateand local documents, interviewsand inspections of workplaces.Auditors should choose somesamples themselves, not just acceptwhat is put before them.

- Because an audit is a sample,

however well judged, it can neverresult in a ‘perfect’ view of the facts.Also, findings are valid only up tothe time of the audit. Whenplanning improvements, auditevidence, though very powerful,should be reviewed alongside otherdata on system performance.

Some small and medium-sizedenterprises may not have a fullydocumented OSHMS, but will be ableto demonstrate a clear understanding

of hazards and effective controls.

Examples of good auditing practice- Techniques to avoid conflict between

the aims of the auditor and theperceptions of the auditee include:

5 How should employers promote health?


18/3116

using a transparentperformance standard as anagreed basis for audit (eg theorganisation’s own OSHMSactivity descriptions or apublished standard)

making sure that audit reportsaren’t seen as the only sourcefor continual improvement ideas

including positive as well asnegative findings in the finalreport

discussing potential negativefindings as the audit progresses,to give people the chance to

produce additional evidence ifprovisional findings are incorrect.

- For large organisations, anoverall audit plan is required sothat all areas are covered in anagreed timescale. The initial planmay be hazard-based (areas withthe highest potential for harmare audited first), later becomingrisk-based (areas with leasteffective controls are checkedmore than those with proveneffective controls).

- Any audit scoring system shouldencourage future improvements inpreference to highlighting pastsuccesses. Discourageoveremphasis on numerical scoresand inter-group competition basedon them; scores should be used asbenchmarks for improvement.

- In the UK, the HSE’s guidance,Measuring health and safety performance,24 can be used bothas an input to OSH auditmethodology and as a source of

ideas on quantifying audit results.

- As audit processes mature, includeauditors from clients, contractors,trade unions or other partners toaid both transparency and thesharing of good practice. Considerthe value of external certificationas an additional source ofimprovement ideas.

Avoid paper mountainsIn audits, don’t overemphasise theneed for comprehensivedocumentation – if evidence frominterviews and work sites shows thesystem produces high quality results,would more or better paperworkadd value?

Positive and practical?A really effective audit system is onein which those being audited lookforward to the process, expectingnew and useful ideas for practicalimprovements. If they face auditswith dread, the audit system needsto improve, not those beingaudited!

Advantages Disadvantages

- Internal auditors know the organisation and where to

look for evidence

- Internal auditors’ reports have high internal credibility

- Because internal auditors audit their peers, their findings

are more likely to be seen as realistic by auditees

- Auditing is an excellent developmental experience

because employees learn in detail about other parts ofthe organisation

- Using internal auditors helps the transfer of good

practices across the organisation because they identifyopportunities for sharing

- External stakeholders may have suspicions about the

independence of internal auditors

- Internal auditing takes resources away from normal

work – for both training and planned audits

- Internal auditors can have a limited vision of

improvement opportunities because of a lack ofexternal benchmarks

Table 2: Advantages and disadvantages of internal audit

Advantages Disadvantages

- External auditors have high credibility with external

stakeholders

- External auditors provide strong benchmarking knowledge

and can give access to external verification bodies andrecognised certification where this adds value

- External auditors must earn respect for their findings

within the organisation – initially, they are often viewednegatively

- External auditors don’t know the organisation, so mayask for a lot of pre-audit documentation and takelonger than internal auditors to complete their work

- External audits can be expensive

Table 3: Advantages and disadvantages of external audit


19/3117

Auditor competenceCompetence of auditors is a criticalfactor. Competence requires knowledge,skill, practical experience and suitablepersonal qualities, and must cover twoareas: auditing methods and theprocesses being audited. It’s often easierto supply the necessary breadth anddepth of competence in a small auditteam than in a single individual. A teamapproach also allows new orinexperienced auditors to be introducedto processes and organisations. Whenplanning audits, you must decidewhether to use auditors who areexternal to the organisation, or to useinternal auditors who are independentof the areas to be audited.

Where formal certification is offered asa result of an audit, all auditors shouldmeet recognised competence standardsin OSH, such as those required of

Chartered Members of IOSH. TheirContinuing Professional Development(CPD) should also ensure that theirauditing skills are current. However,where certification is not involved, andparticularly where specialist areas arebeing audited, it may be enough forthe leader to meet these standards,while other team members have anappropriate mix of OSH and auditcompetences. OSH professionalsproviding internal OSHMS auditservices should meet similar standardsto those of external auditors.

While part-time internal OSHMSauditors are unlikely to benefit fromformal qualifications and CPD to thesame extent, they should have basictraining in both OSH and audit skills,which can be given through internalcourses and experience.

Auditors’ experienceWhatever their understanding ofOSHMS models and theory, if anOSHMS auditor lacks currentexperience in practical OSH hazardidentification, assessment andimplementation of suitable controlsin the type of organisation they’reauditing, their report is unlikely toadd much value.


20/31

AdvantagesA system meeting your risk needsAn OSHMS can prioritise the planning,organising, control, monitoring andreview of measures to protect peoplefrom work risks. It’ll help you allocatethe correct resources, achievingeffectiveness and efficiency.

Occupational health focusSignificant occupational health riskscan be assigned the correct level ofimportance and be properly resourced.This isn’t always the case with ad hocOSH processes, which depend largelyon the experience of available OSHpractitioners (including occupationalhygienists) and the internal structuresof the organisation. Also, employeesgenerally have a greater understandingof safety risks than health risks. Whenimplemented correctly, an OSHMSshould address these issues and strikethe right balance in controlling all risks.

OSH is as important as otherbusiness objectivesMany organisations struggle to giveOSH objectives the same importance asother business objectives. At times, thisfailure threatens the survival of anorganisation; at others, it can lead toprosecutions and other penalties. Acorrectly implemented OSHMS willmake sure that appropriate OSHobjectives are set by focusing on policy

and the process of setting objectivesand their delivery through themanagement programme.

OSH in relation to qualityBritish and international standardssupport the drive towards ‘customerfirst’ services, and as a result quality ishigh on the agenda. Quality isn’t usuallya legal requirement, but health, safetyand (often) environmental performanceare. The development of formalOSHMSs should make sure that

sufficient importance is given to OSHperformance, which typically has moreimpact on employees than on customers.

Legal compliance is easier toattain and proveThe development and extension ofhealth and safety law, notably through‘new approach’ Directives to helpcreate a single European market, haveled to additional legal requirements.Organisations can have difficultykeeping up to date with therequirements relevant to their sectors.An OSHMS helps identify relevantstatutory provisions and creates aframework of procedures to make surethat the organisation consistentlycomplies with the law.

Proving ‘reasonably practicable’In the UK and some other countries,you may have to prove that you’ve met‘practicable’ and ‘reasonablypracticable’ requirements in order todemonstrate legal compliance. When abalanced management system isimplemented and risk management is

systematically applied – based upon theproportionality of risk – it should beeasier to prove compliance. Forexample, quality management systems(QMSs) have been used to prove duediligence for compliance with foodsafety law and to ensure product safety.

Helping system integrationMany organisations started with aQMS, then adopted an environmentalmanagement system and are now

considering an OSHMS. The structuresare similar, and adopting an OSHMSwill mean that if, at a later date, youdecide you need a holistic business riskmanagement approach, integrationshould be straightforward.

Continual improvementThis process aims to improve some partof the OSHMS at any one time, ratherthan trying to improve all the elementsin the system simultaneously. Thisstructured and very practical approach

allows the organisation to improveareas that aren’t operating effectivelyor efficiently, using reviews and auditsto identify systematically theopportunities for improvement.

Increasing the effectivenessof initiativesThe longevity of management andother health and safety-relatedinitiatives in organisations varies. Manyorganisations use campaigns andawareness-raising programmes toimprove knowledge and encourageparticipation in health and safetyissues. An OSHMS requires continualimprovement and this can increase theduration and effectiveness ofmanagement initiatives, allowing themto adapt and develop in line withpolicy commitments.

Visible commitment of‘top managers’OSHMSs, like other managementsystems, formally require ‘topmanagement’ to be involved in andcommitted to the system. This iscarefully documented through settingpolicies and objectives and through

regular reviews to check the resultsachieved. Once the objectives are set,senior managers must visiblydemonstrate their commitment toachieving them. It’s consistently arguedthat such commitment is essential for‘world-class’ OSH results – an OSHMSdemands it.

Regular auditsAudits present an opportunity forbenchmarking (eg through creating

audit teams with members fromdifferent departments or from outsidethe organisation) and identifyingopportunities for improvement. Externalcertification and assurance bodies –which audit against applicable standards– can help to identify non-compliancesand necessary improvements.

Part of corporate governanceThere’s an ever-increasing requirementfor directors to follow codes of practiceand meet the standards expected in

public life. Demonstrating that OSHcontrols are adequate is an importantpart of meeting this responsibility, andindependent audit to externally setstandards is an impartial way of

18

7 Advantages and disadvantages of OSHMSs


21/31

achieving this. Regular managementreview of audit reports and OSHMSresults meets governance requirementsfor OSH risks.

Reassuring the enforcementauthoritiesEnforcement authorities requireorganisations to comply with applicablehealth and safety legislation. Theformality and systematic approach tocompliance required by an OSHMSencourages confidence in theorganisation’s internal approach. In theUK, for example, the HSE’s HSG65states: “If you do follow the guidanceyou will normally be doing enough tocomply with the law.”

A focus on OSH resourcesAn OSHMS requires resources to beallocated in all functions and at alllevels throughout the organisation. Arisk-based approach which ensures that

the scale of a management system isproportionate to the risks and necessarycontrol measures makes such resourceallocation intrinsic to the wholeorganisation. This is, in part, what theTurnbull Report requires of LondonStock Exchange-listed companies.

Emergency preparednessOSHMSs should make sure that suitableresources are made available to respondto foreseeable emergencies. This may

include provision for contacting outsideagencies, including emergency services,and developing and communicating on-and offsite emergency plans. AnOSHMS places such planning in aproper management context.

Managers have a ‘finger on the pulse’The OSHMS includes defect (‘non-conformance’) reporting, whichdirects managers’ attention toopportunities for correcting problemsand making improvements. Managers

need to address health and safetyissues effectively, no matter how busythey are. Alerting managers toproblems and actions they can take orsanction continually reminds them oftheir critical health and safety role.

Systematic risk managementPerhaps the biggest challenge is tocomply with the legislative need toplan, organise, control, monitor andreview the preventive measures inplace to control significant risks. AnOSHMS creates a structured system forcompliance with the requirements ofboth applicable legislative codes andindustrial sector best practice.

DisadvantagesBureaucracy (paperwork orelectronic documents)The need for a simple, effective systemwon’t be met if the system generatesexcessive paperwork. You need tominimise the number of documentsand records (in other words, streamlinedocument control), but be careful indoing this.

IntegrationUsually discussed as an advantage,

integration depends on many factors,including internal politics. There’s a riskof diluting health and safety effort orcreating inequality betweenmanagement of quality, health andsafety, and environment. For example,an organisation in a high hazard industrymay not benefit from system integrationif it doesn’t allow a focus on managingsignificant risks. Similarly, if existingmanagement systems are inefficient,then adding health and safety to the mix

will be counterproductive.

Time to implementDesigning and implementing anOSHMS can be very time-consuming.This may be exacerbated by overstatingsystem requirements anddocumentation, by not matching thesystem to the organisation’s health andsafety risks, or by not incorporatingexisting OSH management processesbut starting again from scratch.

Heavy demand on resourcesA lot of resources are required to set upan OSHMS. Although this can be offsetby the inclusion and involvement ofemployees, key managers and safetyrepresentatives, a realistic appraisal will

still identify the need for significantmanagement time, and implementingan OSHMS is likely to dominate thework of the OSH professionals involved.If some of the work is contracted out,take care to check that the resultsmatch the organisation’s needs.

Human behaviour may not befully addressedRecent developments in determiningreasons for health and safety errorsplace greater emphasis on thebehaviour of workers and managers.This focus on the human factor can belost if there’s too much emphasis onthe paperwork requirements of aformal OSHMS. For example, it’s easyto overlook the need to monitorworkplace behaviour and talk with andinvolve people. However, withattention to continual improvement,any issue – including human factors –can be addressed.

Certification and assurance bodiesare still learningThere can be conflict when auditors’interpretations of health and safetyare different from those of the sectoror organisation being audited.Differences can often be resolved byreferring to relevant guidance notesand authoritative information. Thistype of conflict can reflect the relativeinexperience of external auditors in

this work.

True independence?OSHMS certification is relativelyimmature and underdeveloped. Ifexternal auditors are to be trulyindependent, they shouldn’t haveplayed any part in advising theorganisation on how best toimplement an OSHMS in the first place.Also, as has been learned withfinancial audits, it may be difficult toprovide genuinely independent

auditing if there’s an existingrelationship with the auditors or ifservice costs are a prime issue.

19


22/31

Barriers to changeBarriers to change are invariablyerected in the way of new systems.Often there’s a suspicion, at times wellfounded, that change is being madefor its own sake and without business justification. Some organisations maybe able to manage health and safetysuccessfully by consistent and goodmanagement, without the need for aformal system.

Managers don’t understandthe systemsTypically, managers are not committedto the introduction of new systems.Managers require time, training andmotivation to make sure they becomeadvocates of the system and notenemies within. It’s a mistake to thinkthat OSHMSs are self-evidently ‘a goodthing’; they require effectivecommunication to win people over.

Numerous auditsThese days, stress is recognised as aworkplace hazard that needs to bemanaged within the framework of theOSHMS. It should also be recognisedthat pressure to achieve certification fora new OSHMS can create its own stresson managers and employees alike.Don’t overlook the need to providesupport before and during audits.

Which OSHMS model?Deciding which OSHMS to use can beconfusing. The aim should be asystem that is consistent with yourorganisation’s needs and itsmanagement approach. While OHSAS18001 aligns extremely well with ISO1400125 and other international PDCAstandards, and is therefore useful forintegration, the organisation, clients,enforcement authorities orgovernment may better understandother systems based on standards or

guidelines such as BS 18004, HSG65,ILO or an industry code. All systemsneed to be adapted to the specificneeds and culture of the organisationor they won’t be sustainable.

Is the written procedure safeand healthy?In some countries there’s a tendency towrite down what’s currently done andadopt that as the OSHMS. This cancreate a significant liability risk if theprocedures haven’t been checked tomake sure they are in factcomprehensive (that they cover allhazards) and adequate (that thecontrols are effective in reducing risk).The liability exists in any event, but theOSHMS documentation then appearsto validate it. A properly functioningOSHMS should make sure that theseproblems are identified and corrected.

20

* Debate still continues on definitions for quality of life; collectively they highlight that it’s a subjective state encompassing physical, psychological

and social functioning, and a key feature is its basis on the perceived gap between actual and desired living standards.7


23/31

The desire to gain certification of anOSHMS may come from internalstakeholders who need assurance thattheir organisation meets a verifiablestandard, or who judge that certificationwill add value with clients or customers.However, it’s more likely that pressureswill come from external stakeholders, inparticular prospective or existing clients,or regulators as part of national policy.In this case, certification is likely to moverapidly from being a ‘preferred option’to become an ‘entry condition’, withoutwhichexisting or potential business islost.

This poses few problems provided thecertification process is applied to adeveloped OSHMS, validating itseffectiveness, or encouragingfurther improvements to meet theexternal standard. An OSHMS that isseen as just a tool for obtaining therequired certification will beineffective in its true purpose ofcontinually reducing work-relatedaccidents and ill health.IOSH recognises OSHMS standards andcertification processes as relatively newand still developing, and we suggest thefollowing as ‘good practices’ in relationto OSHMS certification:- Don’t allow a business need for

external certification of OSHstandards and practices to get inthe way of developing stronginternal continual improvementprocesses, including internal audit.

- Make sure that an externalcertification audit isn’t viewed solelyas a pass/fail exercise, but as onestep within an overall OSHcontinual improvement plan.

- Where external certification isn’t apressing business need, developinternal audit processes first.

- Where possible, base externalaudits primarily on evidence frominternal audits. Consider addingexternal auditors to internal teamsin preference to increasing thenumber of audits.

- Make sure that internal andexternal OSHMS auditors meet theIOSH competence standards (seepage 17).

21

8 OSHMS certification


24/31

The way forward for organisationsdeveloping their first formal OSHMS isto choose the system they wish to useas a basis, establish whicharrangements are already in place, andthen identify gaps between those andthe requirements of the OSHMS.

Choosing a systemOne way of choosing a system is tocreate a comparison table and score thesystems you wish to consider to seewhich most closely meets yourpreferred specification – the morerelevant features you tick, the better.The example in Table 4 includescomparisons between some of themain management systems mentionedin this guidance. However, if there’s apreferred system for your particularindustry, you may also want to includean industry-specific column. Forinstance, if your organisation is acontractor to the chemical industry, you

could include Responsible care in thiscolumn. In addition to those featureslisted, there may be in-house and otherfactors to be considered, in which caseyou can add them to the table (forexample, if your customers use aparticular system, adopting the samesystem will enhance your compatibility).

Initial status review (gap analysis)The gap analysis approach ensures thatyou don’t waste effort on developingnew systems when existing internalarrangements are working well. Evenorganisations which believe that theyhave nothing in place often find thatthere are long-established workingpractices that have never been formallyrecognised or documented.

A simple way of carrying out the initialstatus review is as a desktop exercise,with the draft safety management plandrawn as a flow diagram or matrix ona flipchart. It’s important to consult andinvolve all parties in the organisation,including workers’ representatives –ownership and success of the OSHMSis likely to be greater because of theinterest developed in this way.

Remember – the most successfulmanagement systems aren’t created at

initial status review, but are developedthrough effective performancemeasurement, review and continualimprovement. However, reporting thestatus review to senior managers ordirectors, and communicating theresults to the workforce, can get thisprocess under way at this early stage.

Making it happenMost of the OSHMSs referred to inthis document include extensivepractical guidance in support of themain code or standard, usually insubsidiary publications (see furtherreading on IOSH’s website atwww.iosh.co.uk/freeguides).However, there’s no doubt thatadapting a standard system for use ina particular organisation requiressignificant time and resources.

Organisations with experience ofmanaging significant internal process ororganisational change should find itrelatively easy to introduce an OSHMSby using similar methods. Organisationswithout such experience may need toemploy external change managementadvisers to help effective consultationand to ensure the involvement andcommitment of all necessary parties.

Techniques to support effectiveimplementation include:- clear support and personal

commitment from leaders in theorganisation, including modelling ofdesired behaviour

- incorporating both OSHMSimplementation and results in

22

9 How to get started

Note: Responsible care isn’t classed here as ‘international’ because, while somecountries do adopt a management systems approach to it, many don’t.

Table 4: OSHMS comparison table for a UK-based contractor to the chemical industry

Features

Management systems

HSG65 BS 18004 OHSAS 18001 ILO Industry-specific(eg Responsible

care)

Certifiable

International(see note below)

Regulator support(some non-UK)

Tested (> 2 years old)

Stakeholderrecognition

In-house factors (egyour customer usesthis system)

http://www.iosh.co.uk/freeguideshttp://www.iosh.co.uk/freeguideshttp://www.iosh.co.uk/freeguideshttp://www.iosh.co.uk/freeguides


25/31

declared high-level business targets(eg ‘ x per cent of sites are expectedto complete their gap analysis by y and their initial roll-out by z ’;‘priority improvements over the nextyear are to be areas a, b, c ’)

- seconding staff from across theorganisation full-time to thedevelopment and implementationteam

- customising the model system tosuit the needs and culture of theorganisation, and linking it tointernal consultation processes

- developing benchmarking contactswith similar organisations that haveexperience of implementing similarsystems

- trials in one or more selected areasbefore the OSHMS is launchedmore widely

- not taking too long trying todevelop a ‘perfect’ system, butrather implementing somethingreasonable and learning how to dobetter via the internal audit,management review and continualimprovement processes

- recognising and celebrating smallsuccesses on the route to a fullysustainable OSHMS.

23

Figure 6: Process for developing an OSHMS

Initial status review(gap analysis)

Undertaken by a mixed safetymanagement team that

includes workerrepresentatives and a

competent practitioner

Where are we now?

Typical outputsTypical inputs

The objective is to ensureeffective OSH managementand a process of continualimprovement

Draft an OSH managementplan, including:- an OSH policy statement- hazard identification and

risk assessments- OSH management

arrangements- competence and training

needs- OSH management

programme

Any information relatingto hazard identification

and risk assessment

Review of OSHperformance, includingincidents and accidents

Identification and review ofexisting OSH managementarrangements or processes

Competence and training

requirements

Workforce involvement

OSH legal and otherstandards and bestpractice within the sector,eg a ‘compliance register’

Getting startedOne large catering organisationappointed a mixed team ofmanagers and workers to undertakean initial status review. The teamundertook this exercise byidentifying key elements of theexisting processes, completing abrainstorming exercise to identifygaps within the system and thenmapping this out in the form of a

flow diagram.


26/3124

1 Council Directive 89/391/EEC of 12June 1989 on the introduction ofmeasures to encourageimprovements in the safety andhealth of workers at work. Official Journal of the EuropeanCommunities, 29 June 1989, L183,Brussels.

2 Responsible Care management systems guidance, RC127 (fourthedition), and Links between theResponsible Care management systems guidance and self assessment and the businessexcellence model , RC129 (secondedition). London: ChemicalIndustries Association, London,2003.

3 Guidelines on occupational safety and health management systems,ILO-OSH 2001. Geneva:International Labour Office, 2001.

4 Occupational health and safety management systems –

requirements, OHSAS 18001:2007. London: BSI, 2007.

5 Reporting performance – guidanceon including health and safety performance in annual reports.Wigston: IOSH, 2008. Seewww.iosh.co.uk/performance.

6 Successful health and safety management , HSG65 (secondedition). Sudbury: HSE Books,1997.

7 Guide to achieving effective

occupational health and safety performance, BS 18004: 2008.London: BSI, 2008.

8 International safety management(ISM) code. London: IMO, 2002.See www5.imo.org/SharePoint/ mainframe.asp?topic_id=287.

9 Management of Health and Safetyat Work Regulations 1999, SI1999/3242. London: The StationeryOffice.

10 Occupational health and safety management systems – general guidelines on principles, systems and supporting techniques,AS/NZS4804:2001. Sydney:Standards Australia InternationalLtd, 2001.

11 Guidelines for the development and application of health, safety and environmental management systems, Report no. 6.36/210.London: OGP, 1994. Seewww.ogp.org.uk/pubs/210.pdf.

12 Joined-up working – an introductionto integrated management systems.Wigston: IOSH, 2006. Seewww.iosh.co.uk/joinedup.

13 Business risk management – gettinghealth and safety firmly on theagenda. Wigston: IOSH, 2008. Seewww.iosh.co.uk/businessrisk.

14 Internal control: revised guidance for directors on the Combined Code.London: Financial Reporting Council,

2005. See www.frc.org.uk/ FRC/media/Documents/Revised-Turnbull-Guidance-October-2005.pdf.

15 Quality management systems:requirements, BS EN ISO 9001:2000.London: BSI, 2000.

16 Revitalising health and safety strategy statement , OSCSG0390.Wetherby: Department for theEnvironment, Transport and theRegions, 2000. See

www.ilo.org/wcmsp5/groups/ public/---ed_protect/---protrav/ ---safework/documents/policy/ wcms_212111.pdf.

17 Accounting and reporting by charities: statement of recommended practice. London:Charity Commission for England andWales, 2005. See www.charity-commission.gov.uk/ Charity_requirements_guidance/ Accounting_and_reporting/ Preparing_charity_accounts/

sorpfront.aspx.

18 Leading health and safety at work – leadership actions for directorsand board members, INDG417.Sudbury: HSE Books, 2007. Seewww.iod.com/hsguide andwww.hse.gov.uk/leadership .

19 The first ever European survey of consumers’ attitudes towardscorporate social responsibility and country profiles. Brussels: CSREurope (MORI poll), 2000.

20 Global best practices in contractor safety . Wigston: IOSH, 2001. Seewww.iosh.co.uk/globalcontractor .

21 Sustainability reporting guidelineson economic, environmental and social performance, version 3.0.Netherlands: Global ReportingInitiative, 2006. Seewww.globalreporting.org.

22 Social Accountability 8000, SA8000:2008, New York: SocialAccountability International, 2008.

23 Guidelines for quality and/or

environmental management systems auditing, BS EN ISO 19011:2002. London: BSI, 2002. Currentlybeing revised to include OSH.

24 Measuring health and safety performance, HSE, 2001. Seewww.hse.gov.uk/opsunit/ perfmeas.pdf.

25 Environmental management systems. Requirements with guidance for use, BS EN ISO14001:2004. London: BSI, 2004.

References

http://www.iosh.co.uk/performancehttp://www5.imo.org/SharePoint/mainframe.asp?topic_id=287http://www5.imo.org/SharePoint/mainframe.asp?topic_id=287http://www.ogp.org.uk/pubs/210.pdfhttp://www.iosh.co.uk/joineduphttp://www.iosh.co.uk/joineduphttp://www.iosh.co.uk/businessriskhttp://www.frc.org.uk/FRC/media/Documents/Revised-Turnbull-Guidance-October-2005.pdfhttp://www.frc.org.uk/FRC/media/Documents/Revised-Turnbull-Guidance-October-2005.pdfhttp://www.frc.org.uk/FRC/media/Documents/Revised-Turnbull-Guidance-October-2005.pdfhttp://www.frc.org.uk/FRC/media/Documents/Revised-Turnbull-Guidance-October-2005.pdfhttp://www.frc.org.uk/FRC/media/Documents/Revised-Turnbull-Guidance-October-2005.pdfhttp://www.ilo.org/wcmsp5/groups/public/---ed_protect/---protrav/---safework/documents/policy/wcms_212111.pdfhttp://www.ilo.org/wcmsp5/groups/public/---ed_protect/---protrav/---safework/documents/policy/wcms_212111.pdfhttp://www.ilo.org/wcmsp5/groups/public/---ed_protect/---protrav/---safework/documents/policy/wcms_212111.pdfhttp://www.ilo.org/wcmsp5/groups/public/---ed_protect/---protrav/---safework/documents/policy/wcms_212111.pdfhttp://www.ilo.org/wcmsp5/groups/public/---ed_protect/---protrav/---safework/documents/policy/wcms_212111.pdfhttp://www.charity-commission.gov.uk/Charity_requirements_guidance/Accounting_and_reporting/Preparing_charity_accounts/sorpfront.aspxhttp://www.charity-commission.gov.uk/Charity_requirements_guidance/Accounting_and_reporting/Preparing_charity_accounts/sorpfront.aspxhttp://www.charity-commission.gov.uk/Charity_requirements_guidance/Accounting_and_reporting/Preparing_charity_accounts/sorpfront.aspxhttp://www.charity-commission.gov.uk/Charity_requirements_guidance/Accounting_and_reporting/Preparing_charity_accounts/sorpfront.aspxhttp://www.charity-commission.gov.uk/Charity_requirements_guidance/Accounting_and_reporting/Preparing_charity_accounts/sorpfront.aspxhttp://www.charity-commission.gov.uk/Charity_requirements_guidance/Accounting_and_reporting/Preparing_charity_accounts/sorpfront.aspxhttp://www.charity-commission.gov.uk/Charity_requirements_guidance/Accounting_and_reporting/Preparing_charity_accounts/sorpfront.aspxhttp://www.iod.com/hsguidehttp://www.hse.gov.uk/leadershiphttp://www.iosh.co.uk/globalcontractorhttp://www.globalreporting.org/http://www.globalreporting.org/http://www.hse.gov.uk/opsunit/perfmeas.pdfhttp://www.hse.gov.uk/opsunit/perfmeas.pdfhttp://www.hse.gov.uk/opsunit/perfmeas.pdfhttp://www.iosh.co.uk/performancehttp://www5.imo.org/SharePoint/mainframe.asp?topic_id=287http://www5.imo.org/SharePoint/mainframe.asp?topic_id=287http://www.ogp.org.uk/pubs/210.pdfhttp://www.iosh.co.uk/joineduphttp://www.iosh.co.uk/businessriskhttp://www.frc.org.uk/FRC/media/Documents/Revised-Turnbull-Guidance-October-2005.pdfhttp://www.frc.org.uk/FRC/media/Documents/Revised-Turnbull-Guidance-October-2005.pdfhttp://www.frc.org.uk/FRC/media/Documents/Revised-Turnbull-Guidance-October-2005.pdfhttp://www.frc.org.uk/FRC/media/Documents/Revised-Turnbull-Guidance-October-2005.pdfhttp://www.ilo.org/wcmsp5/groups/public/---ed_protect/---protrav/---safework/documents/policy/wcms_212111.pdfhttp://www.ilo.org/wcmsp5/groups/public/---ed_protect/---protrav/---safework/documents/policy/wcms_212111.pdfhttp://www.ilo.org/wcmsp5/groups/public/---ed_protect/---protrav/---safework/documents/policy/wcms_212111.pdfhttp://www.ilo.org/wcmsp5/groups/public/---ed_protect/---protrav/---safework/documents/policy/wcms_212111.pdfhttp://www.charity-commission.gov.uk/Charity_requirements_guidance/Accounting_and_reporting/Preparing_charity_accounts/sorpfront.aspxhttp://www.charity-commission.gov.uk/Charity_requirements_guidance/Accounting_and_reporting/Preparing_charity_accounts/sorpfront.aspxhttp://www.charity-commission.gov.uk/Charity_requirements_guidance/Accounting_and_reporting/Preparing_charity_accounts/sorpfront.aspxhttp://www.charity-commission.gov.uk/Charity_requirements_guidance/Accounting_and_reporting/Preparing_charity_accounts/sorpfront.aspxhttp://www.charity-commission.gov.uk/Charity_requirements_guidance/Accounting_and_reporting/Preparing_charity_accounts/sorpfront.aspxhttp://www.charity-commission.gov.uk/Charity_requirements_guidance/Accounting_and_reporting/Preparing_charity_accounts/sorpfront.aspxhttp://www.iod.com/hsguidehttp://www.hse.gov.uk/leadershiphttp://www.iosh.co.uk/globalcontractorhttp://www.globalreporting.org/http://www.hse.gov.uk/opsunit/perfmeas.pdfhttp://www.hse.gov.uk/opsunit/perfmeas.pdf


27/3125

Further reading

Auditing a safety and healthmanagement system: a safety and health audit tool for the healthcare sector . Health and Safety Authority,2006. Available from www.hsa.ie/eng/ Publications_and_Forms/Publications/ Occupational_Health/Auditing_Healthcare.pdf.

The Health and Safety Authority (HSA)in the Republic of Ireland has producedthis audit tool to assist in thecontinuous development andimplementation of health and safetymanagement systems for thehealthcare sector. Eighteen differentcriteria for audit are described andfollowed by guidance. This tool is to beused in conjunction with the 2006 HSAguidance document for the healthcaresector, How to develop and implement a safety and health management system, available at www.hsa.ie/eng/ Publications_and_Forms/Publications/

HealthCare_Sector/Guidance_Document_for_the_Healthcare_Sector_-_How_to_develop_and_implement_a_Safety_and_Health_Management_System.html.

Code of practice for risk management ,BS 31100:2008. London: BSI, 2008

This standard for risk managementhelps organisations to understand howto develop, implement and maintain

effective risk management, therebyhelping them achieve their objectives.It treats risk management as being asmuch about exploiting potentialopportunities as preventing potentialproblems, and sees it as an essentialpart of good management. Thestandard establishes the principles andterminology and providesrecommendations for the model,framework, process andimplementation of risk management.

Development of working model of how human factors, safety management systems and wider organisational issues fit together.Research report RR 543:2007 preparedby White Queen Safety Strategies and

Environmental Resources Managementfor HSE London. Available from www.hse.gov.uk/research/rrpdf/rr543.pdf.

This report describes a project todevelop a working model linkinghuman factors, safety managementsystems and organisational issues inthe context of safety. While the focus ison chemical major hazards inparticular, it is also intended to apply tohealth and safety in general.

Guidance for health and safety management systems interfacing. StepChange in Safety, 1999. Available fromhttp://stepchangeinsafety.net/ stepchange.

This guidance addresses the issue ofmeshing OSHMSs used by separateorganisations when they decide towork together – perhaps in a formalpartnership, but more often as client

and contractor or contractor and sub-contractor working at a particularlocation or on a project. The documentincludes two checklists, based on theHSG65 model but adaptable to others,which can be used to identify whichinterfaces have to be managed andwhether there’s clear understandingabout who does what at eachinterface.

IMS: The framework – integrated

management systems series, HB10190:2001. London: BSI, 2001

This outlines a framework formanaging the operational risks anyorganisation faces in its day-to-daybusiness. The aim is to provide astructure by which an organisation canefficiently and effectively manage itsoperation through one system.

IMS: Implementing and operating – integrated management systems series,

HB 10191:2002. London: BSI, 2002

This gives an approach for integratingthe management of quality

Systems in Focus

Documents

Transcript of Systems in Focus