Safety Moment #27: Audits and Assessments

Audits and Assessments for process safety

Further discussion and guidance on the topic of Audits and Assessments is provided in the ebook Audits and Assessments.

Evaluations of risk management programs can take one of two forms. The first is a formal audit in which a management program is measured against an external standard such as a regulation, an engineering standard or corporate benchmark. An audit compares “what is” with “what should be”. It is fundamentally a pass/fail test; it is legalistic in nature.

The second type of evaluation is a less formal assessment or review. An assessment is not a pass/fail test. Instead, the person conducting the assessment provides guidance and suggestions for improved performance.

(The terms Verification and Validation are sometimes used to make the distinction between audits and assessments. Verification is concerned with ensuring that a facility meets the letter of the law or regulation; validation determines whether it is meeting the spirit of the same law.)


Audits are a necessary component of any management system. By comparing actual performance with written standards audits deficiencies and gaps are identified. For example, paragraph 1910.119(f)(1) of the OSHA (Occupational Safety & Health Administration) Process Safety Standard states that:

The employer shall develop and implement written operating procedures that provide clear instructions for safely conducting . . . Initial startup;

An auditor who is examining a facility’s operating procedures will check that they do in fact contain instructions to do with initial startups. If they do, then the audit requirement has been met. If the auditor finds that the requirements have not been met then he or she generates a finding or gap. It is then the responsibility of the facility management to determine the cause of the problem and then to correct it. It is not the auditor’s job to provide suggestions or guidance as to how the gap might be closed.

(The formal nature of audits does not mean that they cannot lead to performance improvements or that the audit is just a paper exercise. Indeed, the fear looking bad or of being penalized is a strong motivator that can generate major performance improvements.)

If the auditor is asked to provide guidance — as is often the case — then he or she has stopped being a formal auditor and has become an advisor or consultant. There is nothing wrong with this shift in the task description, but it is important to understand that the shift has taken place. An auditor’s opinions and insights are often extremely valuable, but they are not a part of the formal auditing process.


The second type of program evaluation is less formal — it is a Review or Assessment in which the reviewer provides an opinion as to the quality of the process safety program. In the case of initial startup procedures, for example, a reviewer will provide an opinion as to whether or not those procedures will actually help ensure that the facility starts safely and according to plan. He or she will develop that opinion by asking questions to do with the level of detail, the writing style and the clarity of the instructions.

An auditor must be strictly objective and show (a) that he or she has been measuring performance against an external standard, and (b) that all findings are fully documented. A reviewer, on the other hand, is allowed to be subjective and is encouraged to offer opinions based on general experience.

Much of the literature to do with auditing stresses the “team relationship” that should exist between the auditor and the personnel of the facility being audited. According to this view both auditor and persons being audited work together to develop ever higher levels of excellence. This rather rosy picture belies that the fact that an auditor aims to find gaps and deficiencies. Indeed, given that the identification of gaps or deficiencies may result in penalties being applied or careers being held back, it would be naïve to believe that the auditor and the facility management are always “on the same team”. A reviewer, however, is certainly on the same team as his or her client.

You are welcome to use this Safety Moment in your workplace. But there are restrictions — please read Use of Safety Moments.

Copyright © Ian Sutton. 2018. All Rights Reserved.