Audits Potential problems

Some measures of PSM and ESH performance are easy to identify, establish and track. These include accident rates, effluent tonnages and composition and number of days lost to illness. Almost all of these traditional performance measures are end-of-pipe that is, they measure the output of the management system and allow corrective action only after a failure has occurred. The ideal measurement system identifies potential problems ahead of actual failure allowing corrective action to be taken. This requires using techniques such as audits and hazard assessments. 

Technical audits of SCADA devices and networks are critical to ongoing security effectiveness. Many commercial and open-source security tools are available that allow system administrators to conduct audits of their systems/networks to identify active services, patch level, and common vulnerabilities. The use of these tools will not solve systemic problems, but will eliminate the paths of least resistance that an attacker could exploit. Analyze identified vulnerabilities to determine their significance, and take corrective actions as appropriate. Track corrective actions and analyze this information to identify trends. Additionally, retest systems after corrective actions have been taken to ensure that vulnerabilities were actually eliminated. Scan nonproduction environments actively to identify and address potential problems. 

Although a thorough validation cannot rule out all potential problems, the process of method development and validation would address the most common ones. Examples of typical problems that can be minimized or avoided include interferences that coelute with the analyte in liquid chromatography (LC), a particular type of column that no longer produces the separation needed because the supplier of the column has changed the manufacturing process, an assay method that is unable to achieve the same detection limit after a few weeks, or a quality assurance audit of a validation report that finds no documentation on how the validation was performed. 

For studies that have delegated responsibilities to a PI, the study director will rely on that individual to ensure that relevant phase)s) of the study are conducted in accordance with the study plan, relevant SOP, and principles of GLP. The PI should contact the study director when event(s) occur that may affect the objectives defined in the study plan. All communications should be documented. Communication between the study director and the QA is required at different stages of the study. For instance (1) to review study plans (2) to review new and revised SOPs (3) attendance of QA personnel at study initiation meetings and in resolving potential problems related to GLP (4) by responding to inspection and audit reports promptly (5) by indicating corrective action and (6) by necessary liaison with QA staff, and scientific and technical personnel. In certain unforeseen conditions, change of study director becomes essential. Under such conditions, replacement of the study director should take immediate effect. 

Other advantages of the environmental audit is to allow time to properly assess the problem, plan its solution and allow for funding the capital cost required. There are potential problems in having an environmental audit performed. The results of recent court decisions indicate that the environmental audit results may not be able to be kept in confidence and furthermore, they may be used as evidence of noncompliance in civil or criminal court actions. It is conceivable that an audit can increase the potential liabilities. Consequently, management should be prepared to commit to satisfy any negative findings before the audit is undertaken. 

Clause 8.5 requires the organization to plan for continual improvement of the quality system through the use of quality pohcy, objectives, audit results, analysis of data, corrective and preventive action, and management review. The last two subclauses in clause 8.5 are entitled Corrective and Preventive Action. These two requirements were a single clause in the 1994 edition of the standard. This led to some confusion among users of the standard as to the difference between them. Corrective action includes the correction of problems that have occurred, whereas preventive action deals with potential problems that may have never occurred. 

The purpose of completing an audit is to check the effectiveness of the systems in place within the organisation. From the audits carried out, problems and potential problems can be identified, thus leading to changes that will improve the overall system. An audit is defined as a systematic, independent and documented process for obtaining audit evidence and evaluating its objectivity to determine the extent to which the audit criteria are fulfilled (BS EN ISO 19011 2002). Table 9.2 shows types of audits. 

Once the draft report is complete, the auditor must ask a colleague to check it. Failure to do this is an invitation to some of the problems just discussed. The internal reviewer probably will not know the facility being audited. Nevertheless, he or she can at least assess the overall tone and style of the audit, and check for internal inconsistencies. The reviewer can also make sure that all the findings are cross-referenced against the appropriate regulation or standard. In general, the internal reviewer should check for the following potential problems ... 

While audits and the audit process can be a very effective tool for collecting information and evaluating safety performance, they can also pose some potential problems for an organization. Some examples of potential problems with audits include... 

It is important to put weight on items in an audit. The weighted instrument allows for targeting of potential problems as well as tracking those areas where the serious accidents/incidents are most likely to transpire. Numerical scores are much more powerful than hearsay types of data, results, and outcomes. An individualized weighting system tailors audits to the company s specific needs. Inspection records and scores provide a record that affords the company the opportunity to assess progress or the lack of progress of the company s safety and health effort. 

A second scenario is that you have reached the review and improvement stage of the cycle of implementation of a system based on continuons improvement. This m involve more of a look at specific areas in which problems have arisen, perhaps going into them in considerable depth. You have probabfy identified potential problems which arose in the course of an audit, because actual problems are usualfy fixed as they arise. 

Auditing is an essential tool for identifying current and potential problems. This enables management to evaluate problem-solving options and provide a safe and productive work environment. 

Safety inspections and safety audits are two different things. They are related, but they are intended to spot potential problems at two different levels. Keep in mind that not only the frequency of safety inspections and audits, but also who performs them and their depth can tell a lot about safety culture. We discuss safety inspections and audits in more detail in Chapters 11 and 12. 

Measures to reduce human error are often implemented at an existing plant, rather than during the design process. The decision to conduct an evaluation of the factors that can affect error potential at an existing plant may be taken for several reasons. If human errors are giving rise to unacceptable safety, quality or production problems, plant management, with the assistance of the workforce, may wish to carry out a general evaluahon or audit of the plant in order to identify the direct causes of these problems. 

Despite these potential benefits, there are possible problems associated with the use of generic safety audit systems. Questions that need to be considered in the case of such standardized audits include ... 

In subsequent sections the application of PIFs to various aspects of error reduction will be described. One of the most important of these applications is the use of comprehensive lists of PIFs as a means of auditing an existing plant to identify problem areas that will give rise to increased error potential. This is one aspect of the proactive approach to error reduction that forms a major theme of this book. This application of PIFs can be used by process workers as part of a participative error reduction program. This is an important feature of the human factors assessment methodology (HFAM) approach discussed in Section 2.7. 

The principles of GLP require an independent quality assurance (QA) program to ensure that the study is being conducted in compliance with GLP. The QA personnel cannot overlap with those of the study because of the potential conflict of interest, but they may be part-time staff if the size of the study does not warrant a full-time QA section. The responsibilities of the QA unit are to maintain copies of plans, standard operating procedures, and in particular the master schedule of the study, and to verily, in writing, that these conform to GLP. The QA unit is responsible for inspections and audits, which must be documented and the results made available to the study director and the principal investigator. The QA unit also signs off on the final report. Any problems discovered or corrective action that is recommended by the unit must be documented and followed up. 

Proactive mindset—Auditing should not be its primary function. Periodic evaluations focused on compliance and quality trends and assessments of personnel practices and adherence to SOPs would serve to alert CQA of potential issues before serious problems arise. Sharing a vision of quality early on is key. 

Often auditing selected partial data sets can indicate if the data system is in good shape or if there is potentially a systemic problem. It is also possible to determine if problems exist with the data collection system or with execution of system-defined tasks. 

Audits are conducted under rules of continuous communication—when a problem is found, the emphasis is on full understanding of the identified problem as well as identification of potential solutions. Deficiencies are documented and adjudicated. Contentious issues sometimes arise, but an attempt is made to resolve them during the audit process. 

Another option is to have the organization s environmental health and safety staff conduct inspections. In a smaller organization, these types of inspections may adequately address the ILCI frequency recommendations. In larger institutions, the safety staff may be limited to semiannual or even annual walk-throughs. A more practical use of safety staff for inspections may be to target certain operations or experiments. Or the safety staff could focus on a particular type of inspection, such as safety equipment and systems. Finally, they could perform "audits" to check the work of other inspectors or look specifically at previous problem areas. It is important for the safety staff to address noted deficiencies with appropriate reminders and/ or additional training. Punitive measures should be employed, but only for chronic offenders or deliberate problems that pose a serious potential hazard. 

A Road Safety Audit tries to identify potential road safety problems and suggests ways in which these identified problems can be minimised. 

In this scenario, the Road Safety Auditor may describe a road safety problem, but the recommendation is ignored and there is no Exception Report. The person responding to the Road Safety Audit now has a potential liability problem. 

As an alternative to a formal Road Safety Audit it may be better in these circumstances for the client to commission a Road Safety Assessment. This can be more flexible in its content and style and can comment on positive road safety benefits as well as commenting on potential road safety problems. It may be possible to give advice on the safest option to choose. 

Process verification testing is often called screening. Screening involves 100% auditing of all manufactured products to detect or precipitate defects. The aim is to preempt potential quality problems before they reach the field. In principle, this should not be required for a well-controlled process. When uncertainties are Hkely in process controls, however, screening is often used as a safety net. 

An audit of the condition of all buildings should be conducted as early as possible to establish a baseline for the physical plant. In addition to anticipating potential lAQ problems, an audit has value to all other aspects of operations and maintenance. Results of an effective (and periodic) audit can also be used as due diligence groundwork in instances of lawsuits related to building lAQ. Such audits can be performed by properly prepared and knowledgeable mechanical and environmental engineers. 

While this does seem to be a comprehensive suite of risk control measures, the real reason for the problem emerged during a potential human error audit and safety management system review which was being rmdertaken at the mine - not one of the 150+ vehicles in the undergrotmd fleet at the mine was fitted with a speedometer. 

Detector builders worry that poor test results are really due to test set problems, and the customer will want to be sure that good results are real. These concerns are sometimes justified it is quite common to find errors in test setups and data, particularly with new or recently modified equipment. It is incumbent on test engineers to audit and monitor their setups to discover and eliminate potential errors. 

---