Is our system allowing us to comply?
Two critical questions senior management need to be asking if they are to meet due diligence requirements.
Two questions an effective management system can provide answers to.
And if your answer to the first question is “no” – then your organisation could be creating a significant legal risk for itself (which is articulated very clearly by Greg Smith, a principal at Nexus Lawyers, https://vimeo.com/162034157)
Yes, the video is sobering viewing, and hopefully puts to bed the myth that voluminous paper work is needed to “save our arse in court”.
The key message is clear – make sure your management system reflects what you are actually doing.
So how can an effective management system provide answers to these questions?
The following diagram highlights areas where an ISO management system standard (e.g. ISO 9001, ISO 14001 and the draft ISO 45001) requires an organisation to determine, plan, manage, evaluate and review it compliance with legal and other obligations (L&O) (numbers correspond to Sections of ISO MS).
- Monitoring and Measurement – can identify trends in performance potentially moving towards non-compliance.
- Evaluation of Compliance – undertaken against the source legal obligation and based on objective evidence – can provide senior management with objective evidence of compliance (i.e. Question 2).
- Internal Audit – a key process to identify instances where the system and procedures are not consistent with the way work is performed (i.e. Question 1).
- Management Review – a thorough management review can provide senior management with the opportunity to review performance and compliance – the essence of due diligence.
I have seen many instances where management review is conducted to simply to generate evidence for external auditors.
Well, it’s time to pay attention senior management. This approach might enable you to scrape through the audit, but harder questions will be asked in court.
- Compliance tasks can be assigned to personnel for action. Escalation is automated to management if no action is taken.
- Evidence needs to be uploaded to action assigned compliance tasks.
- Audits, inspections, corrective actions, incidents, instances of non-conformances and evidence of compliance activities are captured in the one repository.
- Completion status of assigned events/tasks can be reported at any time.
- OHSE performance data is live and ready all the time.
If you want to provide real assurance to your organisation, contact our team.