Plan, do, check, act.

Information gained from audits result in improved management at all levels, it should be a continuous, cyclic process of: plan, do, check, act.  Audits by College staff or external auditors, check whether College policies (including any attendant arrangements, organisations and systems) are implemented and effective at both College and department level, and enable other departments to learn from shared experience.

Audit questions

What is the purpose of College health & safety audits?

PDCAThese audits are designed to review the effectiveness of the health and safety policy, throughout the College and including all of its activities, paying particular attention to:

• the College health and safety management system (HSMS), on whether it has been implemented fully in a department or if not, whether there are gaps in the College HSMS itself;
• the degree of compliance with health and safety performance standards (including legislation); particularly training, knowledge of responsibilities and risk assessment procedures;
• areas where standards are absent or inadequate;
• the presence and effectiveness of control measures and emergency procedures
• achievement of stated objectives within given timescales;
• injury, illness and incident data analyses of immediate and underlying causes, trends and common features
• how the head of department sets, promotes and monitors health and safety standards
• identifying, sharing and promoting best practice throughout the department, faculty and College

What is the difference between an inspection and an audit?

  • An audit is a means to verify a system is a) in place b) effective - and to ascertain exactly what the gaps in the system are and their route causes. It can be conducted at department, College or external level. An audit could include inspection or areas and documents, discussion and observation of people.

  • An inspection is a visual means to check the visible parts of systems are in place - and where possible to check they are working correctly (ie by looking at monitors and indicators). Typical inspections (even for office areas) might check the following: housekeeping standards, trip hazards are controlled, fire routes are clear, lights are in place and working, storage is sufficient and heavy items not stored above head height, wastes are not accumulating, electrical equipment has been tested. In laboratory /workshop areas, in addition to these, there would be activity-related elements (including those relating to policy/statutory requirements eg checking the following: PPE compliance; whether gas cylinders are secured correctly and regulators inspected, whether LEV is within its test period).

  • Inspections can be conducted at department, College or external level (including by the Regulatory Authorities including the HSE and EA).

Who does the auditing and how?

auditingThe College Safety Auditor is a qualified Lead Auditor to OHSAS 18001, and to the Universities Safety and Health Association's (USHA) standard (HASMAP). Audits are carried out by the College Safety Audit team in accordance with the process described in BSEN ISO19011 (outlined below). 

Where possible, an appropriate member of the department being audited (usually a member of safety personnel), is invited to join the audit team to learn about the process, verify their own inspection and investigation skills, and to provide local information.


Confidentiality during and after the audit

  1. It is important that auditors maintain confidentiality and professional behaviour at all times. Interviews are confidential so findings are reported in a general way.
  2. During the course of the audit, any findings considered to be an imminent danger to an individual or individuals, or to the premises or reputation of the College, will be notified immediately to the Head of Department - and to any relevant stakeholders - at the time the risk becomes apparent.  However, as only some facts may be known at the time, the full extent of any risk may be lesser or greater than originally thought, in which case auditors will make this clear to the Head of Department and any stakeholders, and update them accordingly as more facts come to light.
  3. Draft audit reports are circulated only to the HoD or their agreed delegates, in order for them to correct errors of fact. 
  4. Once agreed, the final version of the report is issued, but again only to the HOD or their agreed delegates, and the Director of Safety. At this point, the HOD will need to provide a written management response and a draft action plan highlighting any priorities, along with a named persons to implement actions. 
  5. Once the audit team receive the HODs management response and action plan, they amalgamate it with the audit report. At this point the full report may be released to other stakeholders such as the Director of Estates, Head of Security, Director of Safety, Director of Occupational Health. 
  6. Full audit reports (which may relate to a department, activity, area or topic), may require either the person who commissioned it or the main stakeholder, to undertake checks, then complete the management response and action plan. Once received, the auditors amalgamate these with the report and send it to key stakeholders, followed by presentation at the College HSE Committee. 
  7. Full department audits reports are circulated to and presented to the College HSE Committee by the College Safety Auditor who will summarise the main findings; the HOD is also required to attend to present the management response and outline the action plan.
  8. After this, and always with the associated management response and action plan, report excerpts may be circulated within faculties and departments as examples of best practice or lessons learnt and shared.

What standards does the College use to gauge assurance?

HASMAP is based on OHSAS 18001, HSG65 and ISO 45001, and enshrines the Institute of Directors own management and leadership standards. It makes internal benchmarking possible, and because many universities use it, it can also be used for external benchmarking. 

It provides for three levels of assurance, basic, substantial and high.  The higher levels are not included in the Corrective Action Report (CAR) until the whole of the lower level has been achieved.



Download a pdf of this flowchart here:

Standards used to gauge assurance

What are the different types of health and safety audit?


HASMAP AuditEvery two years, each department is audited against indicators selected from the HASMAP record‌.  The audit scoping, pre-planning, document review, interviews and inspections, and issue of draft report, normally takes about 6 weeks in total, although the audit interviews and site visit takes one day. There is a follow up progress meeting within 6 months, and a further one at 12 months, in order to support and assist the department with their action plan, and to verify closed out actions.

The HASMAP Audit report comprises:

  • Key list of findings  where relevant, these may be illustrated on a system flow chart based on the College HSMS or an executive summary report prepared.
  • Corrective Action Report (CAR)  which highlights HASMAP indicators which have been achieved either fully or partly with reference to the particular findings, with the following statements: “achieved – verbal/documentary/observed evidence” or “not/partly achieved” with the finding reference number, or “not sampled”
  • HASMAP record this provides the department with a record of their progress in the selected indicator, and an overview of all the indicators in HASMAP, along with guidance on how to achieve them; this document is designed to enable departmental checks (see below).
  • Key list of findings the Key findings have College-wide implications, or where there are repeat findings in several departments, these are included in the termly highlight report to the College HSE Committee, and in an annual report to the same.

New heads of departments


For departments where there has been a change of head of department, the new head of department will receive an initial visit from the College Safety Auditor to explain the standards, process, the HOD’s expected role, and to provide assurance and reassurance.

College HSMS audits

HSMSDepartments that have never been audited, there may be a longer site visit and more interviews looking at every aspect of the College HSMS; this however depends on the risk profile of relevant department.  Audit reports are circulated to the College HSE Committee and the HOD is expected to attend to deliver their management response and action plan.

Topic-based audits 

TopicThis is where a particular Code of Practice or College-wide concern might be audited; these audits may involve academic and support services, as well as any relevant interface organisations. Audit reports are circulated to the College HSE Committee and any relevant persons expected to attend to advise the College of any concerns and implications, and deliver an action plan if appropriate.

Departmental checks

Dept checksDepartments are responsible for coordinating and conducting their own checking and inspection programmes which could be based on the entire department, a specific area or topic, or perhaps against the Department’s Code of Practice, local rules or emergency procedures.

External health and safety audits


The College also undergoes regular external auditing by specialist suppliers. These are tendered for every three or four years; reports are circulated to the College HSE Committee and any others which may be relevant.

The College internal auditors (Governance)


This also includes a number of health and safety-related questions in their departmental audits.


What is the College’s health and safety audit process?

  1. The annual programme - is agreed at the College HSE Committee; the Safety Administrator or Audit Team will contact the departments to arrange a scoping visit or visit to a new HOD; once agreed, the department being audited will set up the interview room, interviews and site visits for the agreed day, and not less than two weeks in advance of the visit, send all the requested documentation to the Safety Department.  The list of typically required documentation can be found in the HASMAP audit process flowchart

  2. Purpose of scoping visits with HODs – these are to establish if there are particular areas of concern or areas where they are seeking greater assurance, for example an area of concern may be a particular departmental asset (such as facility or expensive item of equipment), or an area about which nothing is known, or one where there are or have been, previous safety-related concerns. This may be an interface with other academic or support departments or organisations, shared space etc. anywhere where responsibilities and procedures may be unclear.

  3. Interviews, site visits and access to documents - once the scope is agreed and the interview list and site locations agreed, the Audit team will send the department a timetable proforma to complete. Normally there are four interviews in the morning following by the site visit, an audit team meeting, followed by a debrief with the Head of Department, although for the longer departmental or topic audits, this process may take place over a week or more, with many more interviewees and sites visited.

  4. Required documentation - the audit team will send the department a list of required documentation, and request access to locations such as Sharepoint, intranet and wiki pages.  In order to give time to review the documentation and request more if needed, access is required at least two weeks in advance of the audit date.

  5. Day of the audit – if there are any particular concerns, these will be highlighted to the HOD in the debrief.  Departments can carry out actions immediately if they wish to – or may need to act immediately in some circumstance. 

    - Personal protective equipment - auditors will expect to be issued with the appropriate personal protective equipment, and will request it if not.
    - Specific PPE requirements – if there is a need for safety shoes (steel toe caps) or other specific PPE, the auditors will need to be informed of this in advance.

  6. Draft report – once written, usually within two weeks of the audit visit, this is issued to the appropriate member of the department for comment on errors of fact or tone. Once this has been agreed, the final report is issued to the Head of Department for a management response and action plan with timescale and named persons.

  7. Circulation of the report – the audited department should circulate the report to relevant staff for discussion and information (e.g. at staff and department safety committee meetings). The auditors will request the minutes of meetings where the report and associated actions have has been discussed, progressed, and closed out.

  8. Six-month period progress meeting – this will generally be with the Lead Auditor. The department will be asked to provide documentary or other visible evidence of progress.

  9. Twelve-month period close-out/progress meeting – there may be a further meeting, generally be with the Lead Auditor.  The department will be asked to provide a written progress report, with reference to documentary or other visible evidence of progress or close out.  It is anticipated that some actions may take longer than 12 months to close out.

  10. Department checks are expected to be undertaken during the following years.  See Department checks in 'What are the different types of health and safety audits'

  11. Two years on from the original audit - the audit cycle begins again.  The Leadership element will always be audited against, and progress checks made of other elements.  Other audit themes may be selected for the next two-year cycle, for example “Accidents and Incidents”

College H&S audit schedule


The College audit schedule, which includes the dates of past audits, is planned a couple of years in advance; the Safety Audit team will contact departments throughout the year to fix the precise dates for scoping with the Head of Department (HOD), the audit itself, and a follow up also with the HOD.

This table will be kept as current as possible; for queries and enquiries please contact the Safety Department x49423

Download a copy of the current and past Audit schedule‌ and status (last updated 27 January 2020)