Qualityworld

A healthy business

Many organisations are increasingly concerned about demonstrating a sound occupational health and safety (OH&S) performance to their stakeholders by managing the risks and improving the beneficial effects of their activities, products and services. OHSAS 18001 can help, explain Ender Bebek and Marcio Viegas of BVQI

In the UK the management of OH&S at Work Regulations, 1999, which covers the management of risks, is an example of legislation that employers must comply with. Organisations with five or more employees have to carry out OH&S risk assessments and document their findings. Increasingly, stringent legislation, the development of economic policies, human resources management and other measures are used to foster OH&S protection and welfare.

The recent debate on management of social responsibility also poses challenges to organisations willing to have practical answers to basic OH&S questions. OHSAS 18001 is already benefiting thousands of companies and millions of people and can be an answer to that. Before the 1990s, many leading industrial organisations put great effort into developing their own OH&S programme. It is easy to understand that initial impetus by taking into consideration the direct and indirect costs of loss of manpower by incidents in workplaces and the lack of standards in the marketplace. The reason for the fast growth of OH&S management was also related to the expectations of the interested parties: customers, shareholders, legal authorities, media, employees and others, not to mention accidents in Seveso, Bhopal and Chernobyl.

During the 1990s, many reference documents were developed by standards bodies. The UK published BS 8800 in 1996, Australia and New Zealand published AS/NZ 4801 and Ireland published NSAI SR 320. Certification bodies also published their own standards: BVQI, for example, published SafetyCert in 1998.

Meanwhile, ISO was asked to develop standards on OH&S. However, in 1996 and 2000 the two-thirds majority needed to move the issue to the ISO Technical Management Board was not achieved. In the midst of the proliferation of documents and the immobility of ISO, a number of the worlds' leading national standards bodies, even certification bodies, for the first time decided to combine efforts to develop an international standard by using many previous studies and documents, including BS 8800, AS/NZ 4801, NSAI SR 320 and BVQI's SafetyCert.

In 1999, OHSAS 18001 was introduced as an international specification to help companies ensure quality of their OH&S management systems. Later, in December 2002, an amendment to OHSAS 18001:1999 was issued. The amendment shows the links to ISO 9001:2000 and ILO-OSH guidelines published in 2001.

A response to business needs

OHSAS 18001:1999 is not an ISO standard, but in practice is an international standard, used in more than 70 countries, giving requirements related to OH&S management systems in order to enable an organisation to control its risks and improve its performance. It is an assessment specification for OH&S management aspects and is complemented by OHSAS 18002:2000, 'OH&S management systems guidelines for the implementation of OHSAS 18001'.

The specification is applicable to any organisation from all types of business sectors and activities. Certification against OHSAS 18001 is aimed at the way a company has control over, and knowledge of, all relevant risks resulting from normal operations and abnormal situations. It can be adapted to existing management system standards as a complementary standard to both ISO 9001 and ISO 14001. The clauses and its order are very similar to other standards which follow the plan-do-check-act cycle (see table 1).

Table 1. OHSAS 18001:1999 requirements

4.2

OH&S policy

4.3.1

Planning for hazard identification, risk assessment and risk control

4.3.2

Legal and other requirements

4.3.3

Objectives

4.3.4

OH&S management programme(s)

4.4.1

Structure and responsibility

4.4.2

Training, awareness and competence

4.4.3

Consultation and communication

4.4.4

Documentation

4.4.5

Document and data control

4.4.6

Operational control

4.4.7

Emergency preparedness and response

4.5.1

Performance measurement and monitoring

4.5.2

Accidents, incidents, non-conformances and corrective and preventive action

4.5.3

Records and records management

4.5.4

Audit

4.6

Management review

OHSAS 18001 is focused on the management of OH&S and as such addresses an organisation's continual improvement that can be used to provide stakeholders and others with assurance of conformance to its stated OH&S policy.

As for other management system standards, the main philosophy of OHSAS is the continual improvement of OH&S management performance in organisations at work. The organisation commits to the control and reduction of OH&S risks in workplaces based on local and international regulations but also to other requirements such as customer requirements, company mission, vision and policies.

Bigger every year

OHSAS has been growing steadily since it was published. By December 2003, there were 3,898 certificates in 70 countries (see figure 1), showing an annual growth of over 99 per cent. The sectors adopting OHSAS are following a similar trend to ISO 9001 and 14001 (see figure 2). Considering that some certificates were not reported and taking into account a similar but slower growth, BVQI estimates that 2004 will end with more than 7,000 certificates worldwide. Not a bad evolution for a relatively new standard not developed by ISO.

Figure 1

Figure 1. Top ten countries and growth. Source: OHSAS surveys 2000, 2003, BSI

Figure 2

Figure 2. Top ten sectors and growth. Source: OHSAS surveys 2000, 2003, BSI

The 2003 survey shows that, with a few exceptions, OHSAS is following the ISO 9001 and ISO 14001 trail geographically, with the big exceptions of the US and Germany, but more clearly in terms of business sectors.

Why OHSAS?

Implementation of OHSAS facilitates opportunities to create exchanges by a well-managed OH&S management system and certification is evidence that the performance of OH&S aspects in workplaces is managed and the activities carried out in a safe manner consistent with OHSAS specifications.

Like certification to ISO 9001 or 14001, certification to OHSAS is not a demonstration of a specific level of performance or a guarantee that non-conformities, even accidents, will not happen. It rather promotes a 'proactive' approach to OH&S management for industrial organisations in order to:

  • manage OH&S performance ensuring continual improvement
  • anticipate and prevent incidents
  • take actions prior to risk being realised

In BVQI's experience, organisations adopt OHSAS with the following objectives:

  • to demonstrate commitment to OH&S aspects
  • to provide a systematic framework for managing OH&S performance
  • to establish an OH&S management system to eliminate or minimise risks to employees and other parties
  • to conform with stated vision, policy, legal and other requirements
  • to plan and prioritise improvements in OH&S in a rational manner
  • to reduce direct and indirect costs of potential deficiencies in OH&S performance

More recently, organisations are being challenged to demonstrate their social responsibility, which embraces economic, environmental and social aspects, including OH&S.

Together with ISO 14001, and possibly SA 8000 and AA1000, OHSAS 18001 forms the backbone of a robust and broader social responsibility management system. By implementing OHSAS 18001, an organisation can go beyond glossy reports and also engage with stakeholders, starting with employees in this case.

Organisations which have already implemented ISO 9000 or ISO 14000 are able to orientate their management system methodology into OHSAS without major difficulties, as OHSAS was designed to be integrated with both standards.

Implementation and maintenance

The National Occupational Health and Safety Commission of Australia, in 'OH&S management systems: A review of their effectiveness in securing healthy and safe workplaces' (April 2001), lists barriers to an effective OH&S management system as:

  • off-the-shelf system imposed without modification
  • system imposed by senior management without consultation
  • OH&S management system activities marginalised and restricted to 'technical' experts
  • quality-style audit processes and inadequate auditor skills limit audit comprehensiveness

The simplest way to implement OHSAS 18001 is to follow the ISO 9001 and ISO 14001 route. In addition, experience has shown the importance of:

  • risk management planning and control planning
  • management of regulatory aspects
  • training, competency and awareness activities - probably the most important element in the long term
  • operational control measures
  • subcontractors management
  • emergency and contingency management
  • OH&S management performance monitoring and evaluations
  • management of change

Another critical issue to be taken into consideration in this process is the source of information used. Certification bodies have a huge amount of experience which can be passed onto companies during the certification process.

The certification process

The OHSAS certification process follows a similar process to ISO 14001:

  • pre-audit (optional): gap analysis and diagnosis of your current position against the standard
  • initial audit to evaluate the basis of the system
  • certification audit (certificate issued)
  • surveillance visits to follow the continual improvement
  • recertification after three years through full audit

Aspects to be taken into consideration in selection of the certification body are: fluency in the local language, understanding of the local culture and customs, knowledge of the expectations of the public, awareness of local legal aspects, an easy relationship with employee and being able to share the same atmosphere between the certification body and the organisation willing to be certificated.

There are clear advantages to be gained by certification to OHSAS. These include:

  • improved reputation and image
  • reduction of business contingency risks related to OH&S issues
  • satisfaction of employees and related stake-holders
  • a reduced number of incidents and injuries
  • increased productivity, as a consequence of more satisfaction and less time lost with accident and injuries
  • operational cost savings
  • prevention of penalties related to non-compliance with legal issues

Common pitfalls

BVQI conducted an analysis of its audits. The sample consisted of audits in 194 sites in eight countries representing different cultures and socio-economic levels (China, Denmark, India, the Netherlands, Spain, Thailand, United Arab Emirates and the UK). All audits were conducted between 2003 and 2004.

Figure

Figure 3: OHSAS 18001 certification audits - findings by clauses. Source: BVQI

The analysis of 1,638 findings (observations and non-conformities), giving an average of 8.44 findings per site visited, clearly shows which are the most common findings by clause (see figure 3). It can be concluded that auditors appear to be focusing on the most important elements of the OH&S management systems. The ones directly related to OH&S performance are:

  • 4.3.2 - legal and other requirements
  • 4.4.6 - operational control
  • 4.4.7 - emergency preparedness and response
  • 4.5.1 - performance measurement and monitoring
  • 4.5.2 - accidents, incidents, non-conformances and corrective and preventive action

This shows that auditors do not seem to be concentrating their efforts on 'bureaucratic' clauses, like document control (4.4.5) or control of records (4.5.3).

As most organisations certificating to OHSAS 18001 have already achieved ISO 9001 or 14001, they are relatively knowledgeable about common management system requirements, so are better equipped to deal with 'technical' OH&S elements. This shows the useful compatibility with other systems.

The main findings in OHSAS implementation processes can be linked as follows: incomplete, even instinctive identification (4.3.1) and control (4.4.6) of OH&S aspects, including emergencies (4.4.7). On the other hand, but related, deficiency in identifying applicable legal requirements (4.3.2) and lack of preventive actions (4.5.2) may be leading to legal non-compliances (part of 4.5.1), non-conformances and even accidents (4.5.2).

The precise and timely identification of findings and the corrective and preventive actions which follow should lead the organisation to achieve a complete OH&S management system and its benefits.

The benefits

OHSAS specification is based on ensuring continual performance improvement in OH&S performance in the workplace. As a consequence, by smoothly managing OH&S performance, the organisation can afford resources to be creative and focused on managing OH&S aspects by means of 'proactive' understanding of the work-place that brings more benefits.

Implementation of OHSAS also creates a 'reactive' approach but solution-focused organisations should take into consideration the potentially negative aspects of OH&S, such as: hazardous conditions in the workplace, image and public pressure, business contingency problems and delays in schedules, lost man power and high compensation costs, injury and illnesses occurring, responses to regulatory and other requirements, large citations and penalties, expensive medical claims, higher insurance budgets, retention of employees and moreover, satisfaction of the whole organisation.

Follow the big players

An organisation looking for an effective and pragmatic way to manage its OH&S issues should look carefully at OHSAS 18001. Organisations like 3M in Brazil, ABB in Finland, Akzo-Nobel in the Netherlands, Unilever in Israel and Zorlu Energy in Turkey, have done the same and achieved certification.

In order to implement an OH&S management system and to comply with regulations, your organisation may have to invest internal resources in consultancy and in training. Having implemented a system, the costs of certification to OHSAS 18001 itself are usually low and amortised during the certification cycle, particularly when compared with the investment to implement the system.

BVQI could also argue why ISO should develop OH&S standards. However, your organisation may not be able to afford the wait for the three-year discussion, which has not yet started. Perhaps it is better to follow the example of thousands of organisations, including SMEs and multinationals alike, and act now.

The authors would like to thank their colleague David Camara for his support in obtaining the sample data for the analysis of audits.

Biographies

Ender Bebek, business development executive, BVQI Turkey, is an OH&S lead auditor and tutor. Before joining BVQI in 2002 as an environmental, OH&S and quality consultant, he worked for ABB, Aksa Acrylic and Arti Consultancy as an OH&S and environment expert. He is also an ISO 9001 and ISO 14001 lead auditor and tutor. His current position involves management of business development related to certification and training in Turkey and Caspian Sea Republics.

Marcio Viegas, global product manager, BVQI Holdings, London, is an OH&S lead auditor and tutor. He joined Bureau Veritas Group in 1998 in Brazil as an environmental, OH&S and quality consultant. His current position involves global management of certification related to environment, OH&S and social responsibility, encompassing both technical and commercial aspects.