As auditors how do we manage opinions in the workplace? Because there’s a lot out there isn’t there?
I came across an example of this in an audit recently. I was looking at the evidence of First Aid training that had been completed. With this first aid training it included Nationally Recognised training (NRT), which here in Australia is nationally recognized.
Five of the company’s team attended the training, so I asked to see the certificates - as we do as auditors. The owner of the business came back with three certificates. There were obviously two certificates missing. The owner of the business went on to explain that he and his wife do not agree with having to have a USI number. A USI (Unique Student Identifier) number is required in Australia when you enrol in any nationally recognised training. It essentially helps the government to monitor training delivered, who has completed training, they provide surveys and therefore can review the level of training delivered nationally. The owner of the business felt that this was just another way that the government tracks you and he and his wife didn’t want to be a part of it. Due to this the training provider was not able to issue the certificates. Certificates cannot be issued to attendees unless a USI number has been provided.
Now I understood why 2 certificates were missing. As an auditor, this meant that I couldn’t verify that they had actually attended or completed the training.
What was I meant to do here?
There was no evidence. It was just a statement from the owner of the business that he had attended. I did ask whether the training provider had confirmed attendance and completion by email or whether they had provided a Certificate of Attendance rather than a Certificate of Competency. These were all options; however, this had not been done.
There was simply no visible evidence that would back their statement of attendance up.
You can see how at all times I just went back to the standard that I was auditing against. I didn’t come into his opinion or my opinion. My job was that I required documented information of evidence of competence – words straight out of the ISO Standards. Not my opinion – simply requirements from the criteria I was auditing.
This is where we are fortunate as auditors as we can and should always go back to the requirements of the criteria. That is the fact and therefore removes opinions from the equation.
Now …. the newest opinion that’s crept into the workplace is vaccination for Covid-19. Yep, there you go, I said it!
I don’t want to get into an argument here and voice my opinion. As a person I do have my opinion, however as an auditor I always go back to the requirements.
Where does the Covid-19 vaccination come into the workplace? See, this is the challenge, there are no requirements or legislation (depending on industry of course) to state that vaccination is mandatory. This is challenging for us as auditors as we love going back to requirements.
It IS important that businesses do identify Covid-19 in their hazard id and risk assessment process, and we would expect to see this on their risk registers. We’ve already seen some controls in place, such as Working from Home, hand sanitiser, hand washing signs, online training, social distancing come into the workplace. I would expect to see these on the business risk register as controls also.
Whether vaccination ends up on the risk register is dependent on the industry and the risk (e.g., aged care, health, quarantine etc).
However, there is unrest out there with some employer’s opinions coming into the mix. Again, as auditors we don’t get mixed up in opinions, we look at facts. If you’re auditing an industry that is high risk, then you will know what the vaccination requirements are. If not, it may be an option that an employer offers, however may not be able to mandate or bully their employees into. That opens up a whole new area!
When I was told this story by another auditor, the first thing I did was pick up my Standard – I picked up ISO 45001. This is where I would go to see what I would expect. I would be looking at clause 6.1.2 Hazard identification and assessment of risks and opportunities as well as clause 8.1.2 Eliminating hazards and reducing OH&S risks. I’d review what they’d identified as the hazards and risks and what controls were in place. I’m interested in seeing whether they’d identified all of the relevant hazards and risks and then after implementing controls had actually reduced the risk. I’m not looking for opinions.
This is where we're lucky as auditors', we don't get mixed up in opinions.
Always have your Standards nearby and go straight to the requirements.
It’s dangerous stuff to have your opinions as an auditor. If you do have opinions on improving the system these could be Improvement Opportunities only of course. They should definitely not creep into nonconformances.
What experiences have you had in dealing with opinions as an auditor or auditee?