Professional Documents
Culture Documents
1 s2.0 S0925753523002904 Main
1 s2.0 S0925753523002904 Main
Safety Science
journal homepage: www.elsevier.com/locate/safety
Audit masquerade: How audits provide comfort rather than treatment for
serious safety problems
Ben Hutchinson *, Sidney Dekker, Andrew Rae
Safety Science Innovation Lab, Griffith University, 170 Kessels Rd, Nathan 4111, Queensland, Australia
A B S T R A C T
Investigations following major accidents sometimes find that auditing failed to identify critical deficiencies. Such findings assume that the deficiencies were just
waiting to be found: if only the audit had looked a little deeper, then the accident could have been prevented. This study analysed health and safety audits to examine
the nature of audit corrective actions and whether they were strongly aligned to operational issues. This provides a picture of the capability of audits to find and fix
problems.
The results demonstrated that only ~ 16% of the 327 audit corrective actions in this sample were strongly connected to the issue or hazard identified by the audit
question. Most actions were weakly or moderately connected to the issue. Stronger corrective actions primarily covered observable physical site issues, such as
correcting inappropriate site signage or correcting slip and trip hazards. Weaker actions covered largely documentation-related factors, such as correcting missing
documentation or displaying a poster.
Pointedly, no corrective actions called for a deep and systematic rectification of deficiencies. Virtually all actions directed localised changes to the immediate
deficiency. This sample of audits prioritised superficial fixes over addressing significant operational risks.
The findings point to a masquerade in what auditing achieves in some contexts: a symbolic activity optimised for surface tweaks, rather than a critical self-
examination about what the organisation believes and tells about itself and its safety.
In some contexts, health and safety audits may have become a well-developed strategy for avoiding uncomfortable findings; successfully blinding the organisation
to necessary hard fixes.
* Corresponding author.
E-mail address: ben.hutchinson@griffithuni.edu.au (B. Hutchinson).
https://doi.org/10.1016/j.ssci.2023.106348
Received 13 February 2023; Received in revised form 27 August 2023; Accepted 5 October 2023
0925-7535/© 2023 The Author(s). Published by Elsevier Ltd. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/).
B. Hutchinson et al. Safety Science 169 (2024) 106348
audit criteria, while “weak alignment” indicates no direct connection. “desktop” scope, involving the examination of documents without field
The study aims to determine the frequency and areas in which corrective visits, or assess field practices and hazards directly related to work, or
actions demonstrate strong alignment. This analysis provides an un combine both approaches. The scope of audits may encompass broad
derstanding of the overall effectiveness of audits in reducing decoupling health and safety systems or focus on specific areas such as electrical or
across different safety risks. It is expected that an audit with less chemical safety. This study encompasses all types of formal and planned
decoupling will exhibit a distribution of corrective actions leaning to health and safety audits, including both field and desktop audits.
wards moderate to strong alignment, whereas greater decoupling will be
indicated by a distribution of corrective actions leaning towards mod 2.2. What makes an effective audit?
erate to weak alignment.
Therefore, the study’s primary research question is: The effectiveness of an audit depends on the context and the inten
ded audience (Bender, 2006). Since no universal guidance existed,
• How are audits influencing decoupling? Bigelow and Robson (2005) reviewed several studies to create a list of
factors that potentially influence the reliability and validity of health
The following sub-questions are employed to answer the primary and safety audits. These authors identified factors relating to auditors,
question: such as competence, auditor bias and independence, and internal versus
external auditors. Factors relating to the audit and audit process were
• What are the characteristics of corrective actions assigned in audits? also identified by Bigelow and Robson (2005) as potentially important
• What is the strength of alignment between specific audit questions for audit effectiveness: the theoretical basis of audits, a comprehensive
and corrective actions? auditing framework, standards that can be used for comparison, how
data is sampled, the objectivity and detail in audit questions, resources
2. Literature on audits available for auditing, quality control, and matters relating to the audit
measurement scales and their weighting factors. Expanding on the
2.1. What are audits? latter, Robson and Bigelow (2010) and Robson et al. (2010) further
emphasised the relevance of measurement properties, such as reliability
Auditing has been defined as a: and validity. While simpler contexts may not necessitate validated and
predictive audit instruments, more complex contexts require in
“systematic examination against defined criteria to determine
struments with assured content validity to effectively identify gaps.
whether activities and related results comply with planned ar
These findings point to a range of items relevant to audit effectiveness.
rangements and whether these arrangements are implemented
Martinov-Bennie et al. (2014) proposed that adapting a “well-tested
effectively and are suitable to achieve the organisation’s policy and
and rigorous systematic approach” (Martinov-Bennie et al., 2014, p. 23)
objectives” (Workcover NSW, 2014).
from financial auditing to health and safety auditing could enhance
Accordingly, audits are inferred to have three direct functional audit performance. This approach emphasised the identification of
elements: safety risks and hazards, assessment of mitigating controls in the safety
management system, and then determining the residual risks and cor
1. Checking compliance (i.e., a match between a set of documents/ responding responses. Hence, health and safety audits should not overly
processes and a set of defined criteria). concentrate on compliance against administrative aspects of the system
2. Checking validity (i.e., a match between a set of documents/pro and documentation. Rather, health and safety audits should prioritise
cesses and underlying reality). addressing tangible and intangible factors linked to actual characteris
3. Checking suitability (i.e., checking fitness for purpose, regardless of tics, states, influences, objects, or practices to enhance the efficacy of the
the defined criteria). safety management system in achieving health and safety goals
(Fernández-Muñiz et al., 2012; Gallagher et al., 2003; International
Audits encompass both tangible and intangible aspects of work Labour Office, 2001; Lindsay, 1992; Martinov-Bennie et al., 2014).
practices, evaluating compliance, validity, and suitability (Blewett & Consistent with this perspective, the present study proposes that a
O’Keeffe, 2011). Tangible elements pertain to actual practices, states, successful audit should focus on minimising decoupling. This phenom
and controls, while intangible aspects include power structures, lead enon arises due to a lack of alignment between the intended objectives of
ership, and relationships (Blewett & O’Keeffe, 2011). When disparities an artefact or safety system and its actual effectiveness in achieving
arise between expectations (as stipulated in procedures or established those objectives in practice. Previous research has highlighted the
norms) and reality, corrective actions are designed and implemented by excessive emphasis on compliance with documented systems in health
internal or external stakeholders. These stakeholders could include au and safety auditing and neglecting the practical functioning and safety
ditors or organisational personnel, who work towards rectifying these of work (Bjelle & Sydnes, 2019; Blewett & O’Keeffe, 2011; Gallagher
discrepancies. et al., 2001; Shaw et al., 2007). Similarly, investigation reports have
Audit structures and scopes differ, leading to varying emphasis on criticised audit approaches preceding accidents for similar reasons
the aforementioned elements. For example, compliance audits prioritise (COMAH Competent Authority, 2011; Longford Royal Commission,
checking the alignment of practices with procedures (Moroney, 2010). 1999; U.S. Chemical Safety and Hazard Investigation Board, 2017).
In contrast, performance audits focus on gathering evidence regarding
organisational performance against criteria or the effectiveness of pro 2.3. Are audits of safety management systems effective?
cesses (Moroney, 2010). Audits also vary based on the entity conducting
them. Internal audits are carried out by the organisation itself, exam Audits are used extensively in modern society—referred to by Power
ining its processes and performance (first-party audits), while external (1999) as an audit explosion. Despite the prevalence, evidence for the
audits involve parties external to the organisation, such as customers efficacy of health and safety audits in improving organisational perfor
assessing suppliers or independent auditing organisations (second-party mance is relatively scarce and mixed. Evidence in favour of audits tends
and third-party audits, respectively; Standards Australia / Standards to come from studies examining correlations between audit activity and
New Zealand, 2019). other measures of safety. To illustrate, Hassan et al. (2021) found that
Audits can take the form of formal, planned activities or informal integrated management system audits improved business sustainability
internal assessments or inspections conducted to monitor ongoing ac practices in their meta-analysis of 77 studies. External quality audits
tivities (Center for Chemical Process Safety, 2011). They may have a were also found to improve quality assurance processes in Australian
2
B. Hutchinson et al. Safety Science 169 (2024) 106348
universities over ten years in Shah’s (2012) review. major failure. Audits may, similarly, enable work to traverse contractual
Alruqi and Hallowell (2019) examined the relationship between gates or project hold-points, while facilitating a degree of decoupling in
leading indicators in construction and safety performance. Through a some circumstances.
meta-analysis of eight studies, they found that safety auditing had a Artefacts acting as enabling devices is a neutral description—not
strong relationship to injuries when measured as an active indicator positive nor negative. Decoupling, on the other hand, can introduce
(when including site safety observations and inspections). Salas and unmitigated safety risks into organisations. An open question from
Hallowell’s (2016) study specifically identified significant associations Hutchinson et al. (2022) was whether decoupling also affects health and
between safety performance and a composite measure encompassing safety audits? This paper proposes that decoupling is an active issue in
auditing and various safety management activities (such as near-miss auditing and may explain the aforementioned disparity via (at least) two
reporting and job safety analysis). Lingard et al. (2017) also reported overlapping and linked mechanisms: a focus on surface compliance,
a statistically significant and moderate correlation between audits and which then leads to documents being managed at the expense of oper
safety performance in a separate study not included in the meta-analysis. ational matters.
Furthermore, regulatory inspections, if considered part of auditing, may
contribute to improved health and safety outcomes in specific circum 2.5. A focus on surface compliance activities
stances (Safe Work Australia, 2013). While there is a clear statistical
association between audit measures and safety performance, there is no Auditing may over-prioritise the collection and review of docu
strong evidence to suggest that audits directly cause performance mentation. The shift in auditing away from the functionality of systems
improvements. towards paperwork and demonstrable evidence can be seen as a shift in
On the other hand, evidence challenging the effectiveness of health the “depth” of compliance activities. Deep compliance is a form of
and safety audits stems from a more detailed examination of audit compliance that meets the intention and strategy to achieve the organ
mechanisms. Robson et al. (2010) evaluated the predictive ability of isational outcome. In contrast, surface compliance drives efforts towards
metrics derived from audit data on firm injury claims. Although the “merely [demonstrating] compliance with safety rules and procedures”
audit instrument exhibited structural validity and high internal consis (Hu et al., 2020, p. 4), where minimal effort is invested in the task.
tency, it failed to predict subsequent claims data. Another study by Industrial safety audits in Norway were seen to focus on formal
Robson and Bigelow (2010) assessed seventeen distinct audit tools for documentation rather than on system implementation and effectiveness
their measurement properties. Only five tools demonstrated content in practice (Bjelle & Sydnes, 2019). Similar findings were reported in the
validity, and only one audit tool showed construct validity. Overall, the New South Wales mining industry and following the 2005 Texas City
inter-rater reliability was deemed “unacceptably low”. Lastly, Robson Refinery explosion. In the former, audits were seen to focus on paper
et al. (2017) investigated the predictive ability of an audit instrument compliance and “minutiae” like spelling (Shaw et al., 2007). In the
regarding workers’ compensation claims outcomes and other factors. latter, auditing focused on system processes and artefacts over actual
The instrument did not demonstrate construct validity and generally operating practices at the refinery (The BP US Refineries Independent
showed limited predictability for claim outcomes. In summary, multiple Safety Review Panel, 2007).
studies have highlighted insufficient validity of health and safety audit Blewett and O’Keeffe (2011, p. 1018) in their evaluation of industry
tools, suggesting methodological challenges in reliably improving auditing detailed how paperwork was collected to create an auditable
certain aspects of safety performance through audits. trail, where the quality of information within the documents “was often
a secondary consideration”. Further, they observed a decoupling be
2.4. What is going wrong with audits? tween the purpose of paperwork and the point of collating it, such that it
was practically inaccessible to the operational people it was supposed to
The empirical evidence about audits provides inconsistencies that protect. This disparity was said to represent the difference between
need resolving. Some work shows a positive association between safety paperwork that keeps people safe versus paperwork that helps complete
performance and audits/inspections, while other work shows poor audit audits (Blewett & O’Keeffe, 2011).
validity when closely scrutinised. Other examples of a focus on paperwork at the expense of evaluating
An earlier investigation on audit failings pointed toward auditors actual implementation or effectiveness of systems were found in the case
themselves. For example, Tackett et al. (2004) suggested that audit of the 2005 Buncefield oil storage depot fire (COMAH Competent Au
success was impacted by unintentional errors, deliberate fraud, and thority, 2011, p. 30), the Snorre A platform gas blowout in 2004 (by way
vested financial or personal interests between the auditor and auditees. of a questionnaire survey over actual verification to governing docu
However, newer work suggests foundational and systemic issues ments; Petroleum Safety Authority, 2005, p. 26) and the 2014 Airgas
affecting audit failures, such as lack of worker participation, a focus on Nitrous Oxide Explosion (where auditing lacked a deep dive into safety
paperwork, confusion of audit criteria, and auditing leading to unin systems and practices; U.S. Chemical Safety and Hazard Investigation
tended consequences and goal displacement (Blewett & O’Keeffe, 2011). Board, 2017, p. 114). In the case of the Esso Longford gas plant accident,
More recently, Robson et al. (2017) suggested several explanations the management system governing the safe operation of the plant was
for the poor validity of the tested audit instrument in their study. Two of said to be complex and difficult for people to comprehend (Longford
these explanations: 1) audit elements in the instrument not being the Royal Commission, 1999, p. 200). Management of this system was seen
most important elements for predicting safety performance and 2) the to take on a life of its own, where people completed system processes
audit items not capturing the most important content of the ele that were disconnected from operational issues in the field (Longford
ments—suggests factors consistent with decoupling are present within Royal Commission, 1999, p. 200).
health and safety audits. Another example was from the 2010 San Bruno pipeline explosion.
Organisations use safety deliverables like emergency plans or risk The involved company was noted to have had a strong commitment to
assessments as enabling devices: artefacts that enable work to progress safety and drew on bespoke risk modelling techniques to estimate
beyond some process gate or constraint, like a contractual arrangement pipeline risks (Hayes & Hopkins, 2015). Despite the completion of
to deliver an emergency plan before commencing work. While the plan compliance activities at this company—e.g. completing forms, risk as
intends to help the organisation better manage emergencies, what can sessments, and risk modelling—the integrity management system was
instead happen is managing the document but believing the issue to be also seen to have taken on a life of its own (Hayes & Hopkins, 2015, p.
addressed (Hutchinson et al., 2022). This type of “decoupling” between 159); more symbolic than instrumental.
how artefacts influence practices, and thereby influence employee per In both Esso Longford and San Bruno accidents, management of
ceptions around how safe work to be, can increase the propensity for system artefacts like plans, forms, registers, and the like were seen to
3
B. Hutchinson et al. Safety Science 169 (2024) 106348
have replaced the functional management of operational risks. A similar occupational health and safety matters and not broader system safety
phenomenon may operate with health and safety auditing. Rather than factors and engineering (McInerney, 2005a, 2005b).
evaluating the management of hazards or the effectiveness and quality
of systems designed to manage hazards, audits end up focusing on the In sum, audits have at least dual purposes. One purpose is a direct
management systems themselves as products and outputs; conflating the functional role (explored under section 2.1) while another role is for
system itself with the steps required to systematically manage safety enabling work; helping planning arrangements to progress through
(Blewett & O’Keeffe, 2011; Hopkins, 2015). procedural and contractual gateways.
This makes sense when considering that managing operational is Audits are meant to help keep these purposes aligned so that the
sues, steeped often in uncertainty around the likelihood and severity of progression of gateways is achieved via accurate, present, and functional
outcomes versus the required cost to mitigate the risk, is harder than systems. However, based on the literature from the prior sections this
managing a documented system. Indeed, checking and tweaking written paper speculates that audits are also impacted by decoupling.
artefacts is easier than solving a real issue (Pentland & Feldman, 2008; Because of mixed findings on the impact of audits in managing
Pratt & Rafaeli, 1997) but possibly nearly as cathartic. Because of this safety, there remains an empirical need to examine the mechanisms of
difficulty, managing systems and processes are made the centre of audits. Specifically, this study evaluates the sorts of findings and
auditing (Hohnen & Hasle, 2011) and condensing difficult uncertainties corrective actions raised in audits and how these relate to matters of
into a narrow and auditable set of issues (Hohnen & Hasle, 2011). decoupling.
3. Methods
2.6. Documentation provides false assurance that issues are being
managed A selection of health and safety audit reports (discussed in sections
3.1 and 3.2) were drawn from a large Australian provider of integrated
When auditing prioritises the collection and review of documents, it services (employing tens of thousands of workers). This company de
can shift the type of work from operational to administrative matters. signs, builds, and maintains assets and infrastructure across rail, roads,
Under certain circumstances, auditing may optimise performance of energy, mining, and utilities. Health and safety issues varied, depending
documentation and resultingly, invoke a type of false assurance: man on the industry and context. This included personal safety (construction
agement of documents and processes is conflated with the management hazards like dropped objects and moving plant) and some process/major
of the issues themselves. Stakeholders have little reason to question the safety risks (chemical stock management and gas-related hazards).
situation since the completed and audited management system artefacts, All reports were selected from a repository on the selected company’s
minutiae and all, are verified as present and compliant. Said differently, incident reporting system and came from varied parts of the business.
systems and artefacts can increase an individual’s (subjective) confi Audits included internal reports (the primary company auditing itself),
dence that the issues of importance are being managed, while not external (consultants or clients auditing the primary company), or reg
improving the objective management of issues (Hayes & Hopkins, 2015; ulatory reports. The external and regulatory reports came from sixteen
Hutchinson et al., 2022; Rae & Alexander, 2017). Decoupling is prob different and independent auditing companies or regulatory authorities
lematic because people genuinely believe that systems are working as that audited the selected company. These independent companies used
intended and that audits will find serious deficiencies. This leads to less different auditing approaches, templates, and personnel.
vigilance, time and resources in managing operational issues. In this study, audit corrective actions were used as the primary unit
Insights from major accidents and process safety-oriented audits of data. This is because audit reports were largely inconsistent with
allow speculation on how the discrepancy between the anticipated reporting the specific findings for each audit criterion. That is, in many
effectiveness of audits and reality is influenced in health and safety cases, audit reports did not necessarily report a deficiency as a discrete
audits. Insights include: and separate finding, but rather reported the deficiency as a corrective
action to be resolved.
• audits failing to identify or provide feedback about active issues as Two studies with different aims were utilised.
with audits before the Buncefield oil storage depot explosion
(COMAH Competent Authority, 2011). In the Esso Longford (Long 3.1. Study 1 method
ford Royal Commission, 1999) and Buffalo Dupont facility (U.S.
Chemical Safety and Hazard Investigation Board, 2012a) accidents, Study 1 selected 100 audit reports at random by entering audit-
audits provided contradictory feedback by praising safety manage related search terms into the company’s incident reporting system.
ment performance despite critical deficiencies; This number was arbitrarily selected as a starting point to capture a
• audits identifying but then not relaying intel to people who could broad and sufficient number of audits, with the option to extend the
resolve the issues, e.g. with the methane explosion in the Moura no 2 sample if saturation was not reached. Audit reports were included in the
underground mine (Hopkins, 1999). Elsewhere, issues were relayed sample if they met the following inclusion criteria:
but then not heeded. For instance, an insurance audit triggered the
testing (and confirmation) of combustible dust before a flash fire and a) Addressed health and safety.
hydrogen explosion accident at the Hoeganaes facility in Texas (U.S. b) Were complete reports.
Chemical Safety and Hazard Investigation Board, 2012b), but this c) Contained corrective actions.
did not lead to “an effective overhaul of the dust containment and
housekeeping procedures [at the facility]” (p. 14); 42 audit reports met the inclusion criteria and were analysed: 27
• audits identifying corollaries of issues or reframing issues to be less external, six internal, and nine regulatory. All reports included both
concerning, e.g. an external audit before sugar fires and explosions at system and documentation reviews and field inspections. Most internal
an Imperial Sugar Company facility in Georgia identified the accu reports that were reviewed as part of the initial sample of 100 did not
mulation of sugar dust but framed these as food quality issues and meet inclusion criteria due to a lack of corrective actions or missing/
not also as combustible dust hazards (U.S. Chemical Safety and incomplete information.
Hazard Investigation Board, 2009); and Corrective actions were listed in a Microsoft Excel spreadsheet in
• audits lacking the structural methodologies to identify particular conjunction with audit descriptive information. 327 corrective actions
issues or appropriately frame their significance. The internal audit were analysed from the 42 reports. An iterative qualitative coding
ing process before the Waterfall train accident was said to focus on scheme was used to categorise audit corrective actions based on their
4
B. Hutchinson et al. Safety Science 169 (2024) 106348
5
B. Hutchinson et al. Safety Science 169 (2024) 106348
Fig. 1. The distribution of corrective actions per category of actions as a frequency and (percentage of total).
address physical workplace conditions as their primary purpose. a) Addressed health and safety.
b) Were complete reports.
c) Could be matched with the corresponding closure report from the
3.2. Study 2 methodology
same incident reporting system.
Audit corrective actions assigned by auditors may not be closed in
Fifteen audit reports met the inclusion criteria. Each of the 15 reports
the way that the auditor expected. It could be that certain corrective
had an accompanying corrective action closure report, which was
actions, for instance, corrective actions to correct physical hazards, are
written by the respective auditee and described how they addressed
addressed via artefacts that describe how the physical issue will be
each of the corrective actions. These reports were different from study 1,
resolved without actually addressing the physical issue. For example, an
as they were selectively sourced to ensure a matching pair of audit
audit corrective action may request that the site discuss “recent inves
report and closure report. Case-matching between the audit corrective
tigation findings … at work group meetings [and to include] publishing
action and closure report was performed for all 122 actions listed in the
of the Lessons Learned [alert]”. The corresponding audit closure report
15 reports. Data was listed in side-by-side columns in Microsoft Excel
may then state that this corrective action was closed by the auditees
and then qualitatively coded and analysed using the same methodology
when they “published and disseminated [the lessons learnt alert] to
as study 1.
work groups”.
In the following results, sections 4.1 to 4.4 cover study 1 findings,
Consequently, study 2 evaluated whether there are significant dif
and section 4.5 covers the findings from study 2.
ferences between the corrective action as it was assigned by the auditor
versus the auditee’s description of how they addressed the corrective
4. Results
action. Study 2 evaluated 28 health and safety audit reports from the
same incident repository as study 1 (using the same search terms and
4.1. What are audit corrective actions focussed on?
strategy). Study 2 was limited to a smaller sample by virtue of the dif
ficulty in matching audit reports to their subsequent corrective action
Following coding of the data, saturation of the corrective action
closure reports.
categories was reached within approximately the first five audit reports
Reports were included for study if they met the following inclusion
(physical, administrative, administrative addressing physical aspect,
criteria:
Table 3
Strength of corrective actions by categories.
Corrective Action Categories
Strong (category a): Corrective action directly addresses the underlying 48 (32) 1 (1) 3 (4) 0 (0)
hazard or issue
Strong (category b): Corrective action directly addresses the underlying 0 (0) 0 (0) 0 (0) 0 (0) 0 (0)
hazard or issue and seeks to rectify that family of issues
Moderate: Corrective action indirectly addresses the underlying hazard 63 (42) 23 (25) 27 (40) 15 (75)
or issue via a proxy or moderately addresses the underlying issue or
hazard
Weak: Corrective action only weakly addresses the underlying hazard 126 (39) 38 (26) 51 (56) 32 (48) 5 (25)
or issue or addresses an issue not directly connected to the issue or
hazard
None / not applicable = No obvious or discernible hazard or issue could 21 (6) 0 (0) 16 (18) 5 (7) 0 (0)
be determined
Total # (%) 327 149 (1 0 0) 91 (1 0 0) 67 (1 0 0) 20 (1 0 0)
(1 0 0)
6
B. Hutchinson et al. Safety Science 169 (2024) 106348
review or assessment of risk). Saturation for the corrective action 4.3. What are the “strong” corrective actions focusing on?
strength distribution emerged after approximately 25 audit reports;
audits evaluated after this point did not significantly shift the relative In the limited number of “strong” corrective actions identified in this
total percentages of each strength category (strong (a), moderate, weak, sample (refer to Table A1 in the appendix), the five most frequent cat
and None / not applicable categorisation). Resultingly, the authors are egories were exclusively associated with physical site conditions or
confident that the audit sample is representative for answering the pa observations. These categories, in descending order, encompassed
per’s specific research questions. equipment/plant unsuitability, inadequate fencing/delineation/path
Fig. 1 highlights the distribution of audit corrective actions per ways, subpar chemical separation/management, electrical safety con
category. Physical-related corrective actions made up nearly half of all cerns, and risks posed by falling objects. Strong physical corrective
actions. Despite this, administrative corrective actions (which included actions were directly linked to the immediate issues at hand. For
the risk assessment category) made up most corrective actions. instance, instances included inadequate delineation of vegetation pro
As per Table A1 in the appendix, the most frequently assigned audit tection zones, improper positioning of an elevated work platform basket
corrective actions were to resolve incomplete or missing documents or in an open roadway, or a worker standing within a drop zone while
forms, resolve or review missing site signage, properly inspect, place, or another worker performed tasks at height.
review emergency equipment (fire extinguishers or first aid kits), and One notable example of a stronger administrative corrective action,
revise documents. targeting a physical aspect, involved a site being advised to incorporate
Other frequent corrective actions were to display or submit docu the use of a water cart in the procedure for wetting down a landing zone
ments to stakeholders (e.g., first aid personnel posters and the like), to enhance and facilitate aeromedical evacuations. Another adminis
resolve unsigned documents or documents that had incorrect version trative control aimed to strengthen the system governing explosive
numbers or formatting, and undertake workplace inspections or audits. blasting, particularly emphasising the responsibilities of blast activity
Finally, four corrective actions relating to environmental issues were and outlining the work practices that process operators should follow for
highlighted in this sample – suggesting that either environmental halting operations via radio communication. These actions demon
management does not play much of a role in these types of audits or strated a clear link to the practices and processes associated with
there is a lack of observable deficiencies. blasting work.
Table A1 in the appendix lists the full break-down of the corrective Virtually all corrective actions categorised as “strong” focused on
action descriptions from study 1. rectifying immediate or incidental physical conditions. Audits that
specifically addressed particular topics, such as electrical safety or
4.2. How is the strength of corrective actions distributed? hazardous chemicals, tended to yield more precise and stronger-
connected corrective actions.
Table 3 provides the breakdown of audit corrective action strength As indicated in Table 3, the coding scheme did not uncover any in
per category. Of the 327 corrective actions in study 1, 126 (~39%) were stances of systematic review or remediation of that family of issues or
classified as “weakly connected to the physical issue or hazard”. Almost hazards (category strong [b]). Additionally, no evidence was found of
identical was moderate strength corrective actions at 128 (~39%). A auditors directing auditees to investigate the underlying causes of site or
small number (21 total or ~ 6%) had no determinable connection to an management system issues.
issue or hazard.
Fifty-two corrective actions (~16%) were classified as strongly 4.4. What are the “weak” corrective actions focusing on?
connected to the physical hazard or issue. That is, ~78% of corrective
actions were either weakly or moderately connected to the issues they The hierarchy of control categorises administrative corrective ac
were designed to address. tions, such as procedures, as relatively weaker controls. However, our
A distinct pattern was evident in the distribution of corrective action coding scheme acknowledges that certain procedural changes can have a
strength. Almost all strong corrective actions were found under the significant impact on operational practices and risk control when
physical classification, compared to administrative categories which implemented at a deep and functional level. Therefore, corrective ac
had few corrective actions described as strong. This finding is unsur tions were coded based on their connection to addressing the identified
prising since administrative corrective actions are more likely to involve issue or hazard, rather than against the hierarchy of control. Despite this
levels of abstraction whereas actions focusing on physical components approach, the paper found that most administrative corrective actions
tend to be more directly linked to the issue. were weakly linked to the issues they were intended to address.
Next, the paper explored how corrective actions were spread across The weakest classes of corrective actions, as outlined in Table A1 in
audit reports as a function of their assigned strength; these data are not the appendix, consistently demonstrated the weakest connection to
presented in the study’s tables. In ~ 62% of reports there were no addressing underlying issues. These classes included incomplete or
corrective actions with a “strong” categorisation (26 of the total 42). In missing documents and forms, displaying site signage without clear
balancing this point, six reports had only weak corrective actions justification or hazard identification, displaying or submitting various
assigned, and in all these cases the report had only one corrective action documents (e.g., posters or flowcharts), and inspecting, reviewing, or
in total. Audit reports having strong corrective actions are less likely placing emergency equipment. Within the category of reviewing or
than not, but it is not common for reports to only have weak corrective placing emergency equipment, most weakly coded corrective actions
actions. Instead, the norm is to have a mixture of weak and moderate- focused on minor changes to the contents or location of a first aid kit or
strength corrective actions. sign.
Just one example of a design or engineering corrective action was Incomplete or missing documents or forms, which accounted for the
found (directing for higher side road windrow height). Moreover, ex highest number of corrective actions (35 in total) and the largest number
amples of elimination (the most preferred mitigation under the hierar of weak corrective actions (15), consistently lacked clear links to
chy of control), were found only in a limited set of corrective actions; all addressing issues or hazards. Discrepancies included incorrect times or
these related to the elimination of incidental hazards, like slip and trip dates indicated on forms, minor inconsistencies between information
hazards or falling object hazards (hoses suspended precariously over discussed in pre-start meetings and information stated in a site vehicle
head or hanging from handrails). management plan, missing information in a safe work method statement
footer, and more.
This finding is supported by other weak administrative corrective
actions. For instance, nine corrective actions centred around missing
7
B. Hutchinson et al. Safety Science 169 (2024) 106348
8
B. Hutchinson et al. Safety Science 169 (2024) 106348
necessary hard fixes. Part of the audit’s role is to ensure the presence, currency, and
Only 16% of corrective actions assigned to improve health and safety alignment of expected system artefacts (e.g., plans, registers, training
management were strongly linked to a direct source of harm or safety records) with predefined criteria. This sample unquestionably confirms
improvement, with the remaining corrective actions distributed across that health and safety audits address these aspects. To demonstrate, of
moderate and weak categories – indicative of decoupling. Verma et al. the 178 administrative corrective actions:
(2018) also found that proactive safety observations at a steel plant did
not routinely evaluate factors implicated in incidents, suggesting a poor • 35 focused on missing or incomplete documents and forms deemed
coupling between issues that matter and those matters under focus. necessary by system requirements or the auditor;
The paper’s coding scheme was selected because the authors • 14 corrective actions directed auditees to revise or review
believed that few corrective actions would rank high on the hierarchy of documents;
control; conversely, the paper recognised that well-designed adminis • 9 corrective actions directed attention to non-compliance with
trative actions could theoretically have a strong connection to physical version control, formatting, template type, or the storage location of
issues. However, this made little difference to the overall findings as few documents; and
particularly deep examples and no systematic administrative changes • 10 corrective actions focused on undertaking risk assessments due to
were found. Administrative corrective actions were the weakest class, some type of gap in the identification, analysis, or management of
although just a third of physical corrective actions were also coded as hazard exposures.
strong. These findings suggest that the issue runs deeper than whether
an audit focuses on the desktop system or practices. Aligned with the While the paper argues in the following section that addressing
findings from Robson et al. (2010, 2017), some audits may not be formatting, document structure, and grammar primarily reflects surface
structurally capable of delivering the expected capabilities nor sup compliance activities, these actions can still enhance the understand
porting auditors to focus systematically on improving the management ability and clarity of the respective processes. Other corrective actions
of core issues. Audits may miss important safety deficiencies and never also support the potential strengths of audits. For instance, one admin
find those issues to begin with. istrative corrective action focused on improving the use of a water cart
during emergencies, while another recommended tightening the
5.2. How do audits help resist decoupling? explosive blasting process for operators. These actions are primarily
aimed at enhancing planning and work. Similarly, various corrective
5.2.1. Audits effectively identify readily observable site hazards actions identified gaps in daily sign-on/sign-off or pre-start/toolbox
This sample of audits demonstrated characteristics that resist completion, such as missing signatures of on-site employees, or de
decoupling. Audits successfully identified a significant percentage of ficiencies in induction records. Two additional corrective actions
observable site-based hazards, such as slip, trip, and fall hazards, addressed the issue of missing persons in drug and alcohol testing, which
improper PPE handling, inconsistencies in signage, chemical storage is crucial for workplace safety assurance, although efficacy data on this
issues, certain aspects of electrical safety (e.g., testing and tagging), matter are weak and inconsistent (Alfred et al., 2020; Pidd et al., 2016;
equipment not fit for purpose (e.g., requiring servicing), and frequent Pidd & Roche, 2014).
problems with first aid and fire response equipment and processes. Some It is important to note that these findings are limited due to the small
of these issues can be categorised as ’housekeeping’. number of observations. However, these examples suggest that audits
Previous research supports the importance of focusing on house can be effective in uncovering inconsistencies or areas for improvement
keeping. A 2003 study involving construction professionals and 100 when comparing planned arrangements (work-as-imagined) with actual
construction accidents found that poor housekeeping and site layout on-site practices or conditions (work-as-done).
problems contributed to half of the accidents (Hide et al., 2003). More Finally, only five administrative corrective actions called for the
recent data from the Norwegian inspectorate, which examined 176 se development of new processes or documents. This indicates that, in this
vere construction accidents, identified ’local hazards’—similar to those sample, health and safety audits do not excessively contribute to safety
frequently found in this audit sample—as immediate causal factors in clutter (Rae et al., 2018) by requesting new artefacts.2
40% of cases (Winge et al., 2019). Additionally, Hallowell et al. (2013)
associated higher safety performance with better site housekeeping in 5.3. How do audits hinder the prevention of decoupling?
their Delphi-based construction study.
Audits with specific themes, such as electrical safety or hazardous 5.3.1. Audits focused on “surface compliance”
chemical audits, were more likely to involve subject matter experts and Two variations of surface compliance were found.
uncover physical deficiencies in the workplace compared to audits with
a broader health and safety focus. Specific-themed audits allow for a 5.3.1.1. An “illusion of depth” where superficiality replaces depth. The
deeper exploration of actual work conditions and processes beyond findings throughout this audit sample revealed numerous instances of
surface observations. Furthermore, the audit observations generally superficial corrective actions; similar in principle to the ’illusion of
aligned with the audit questions, indicating that more specific criteria explanatory depth’ (Rozenblit & Keil, 2002). Auditors tended to address
can be developed for important organisational matters. However, immediate issues through corrective actions without calling for the
excessive specificity may limit the auditor’s scope. investigation of the underlying causes. For example, one corrective ac
Finally, a positive finding is that the study identified only 21 cases tion addressed the replacement of an excavator quick-hitch split pin
where the corrective actions could not be linked to a direct or indirect with a plastic cable tie, but no recommendation was made to evaluate
source of physical harm or safety-related matters. This suggests that the why such a safety–critical element was not appropriately managed.
audit corrective actions and their associated criteria have a satisfactory Additionally, no instances were observed of corrective actions directing
level of content validity (Robson & Bigelow, 2010). In other words, the auditees to systematically rectify a family of issues related to any audit
audit instrument can identify some issues at a high-level, although it criterion (strong category [b], Table 2).
may not be precise enough for all purposes. The illusion of depth suggests that auditors may appear to uncover
critical deficiencies related to audit criteria, but often fail to delve
5.2.2. Audits effectively identify the presence of expected safety artefacts
The finding that most administrative corrective actions were deemed
weakly connected to the relevant issue does not necessarily imply the 2
But not ruling out other types of clutter, which would require further
lack of validity or significance of these corrective actions. research to elucidate.
9
B. Hutchinson et al. Safety Science 169 (2024) 106348
beyond surface-level symptoms. Corrective actions rarely question the prioritised (Blewett & O’Keeffe, 2011). Additionally, real issues may be
functioning, purpose, or effectiveness of a process. Instead, auditors may formalised within the safety system, with stakeholders believing that the
focus on the presence of a document as evidence of a process working or issues will be adequately addressed, as observed in Oswald et al.’s
make minor adjustments to terminology or references in procedures. For (2018) study on safety observation reporting in construction. In essence,
instance, corrective actions may call for the addition or revision of tables audits can inadvertently shift the focus towards managing artefacts
of roles and responsibilities for site personnel without a clear rationale rather than fulfilling their functional purpose.
or expected impact on operational issues.
Relating to roles and responsibilities, only one out of the six 5.3.2. Audits or audit methodology could not identify particular issues
corrective actions demonstrated a goal-directed focus on addressing a Two variations were found for audits lacking certain capabilities to
specific deficiency, while the others lacked a discernible reason for their identify issues.
implementation or expected effect on operational issues. Similar find
ings have been reported in accident investigation research in the con 5.3.2.1. A lack of connection between the requirements and specifications.
struction industry, where corrective actions such as toolbox talks were In terms of organisational safety management, a distinction exists be
identified without clear explanations of their content, purpose, or tween requirements and specifications. Requirements outline the over
effectiveness measurement (Woolley et al., 2018, p. 6). arching goal or problem to be addressed, the ’why,’ while specifications
Specific-themed audits, such as electrical audits, performed better describe the intended behaviour or corrective actions to achieve that
than general health and safety audits. Electrical audits were more likely goal, the ’how’ (Jackson, 2010; Jackson, 2001). For example, the re
to go beyond the presence of statements in plans and identify physical quirements of a mine ventilation plan pertain to managing mine venti
deficiencies in the workplace. However, when evaluating electrical lation, while the specifications encompass the various methods the
safety under general-scope audits, the focus mainly revolved around organisation employs to fulfill that goal. However, a discrepancy may
inspecting testing tags and residual current devices, indicating a ten arise when adding, removing, or modifying specifications does not
dency to prioritise superficial aspects of safety without input from effectively align with the overarching requirements.
subject matter experts. The expertise and experiences of the stake This audit sample revealed a similar phenomenon. It highlighted
holders involved have been observed to influence the findings in inci numerous instances of corrective actions focusing on minor specifica
dent investigations as well (Goncalves Filho et al., 2019, 2021). tions, such as signatures, templates, version numbers, footer informa
Therefore, it is not substantiated to suggest that auditors should tion, generic site signage, and an array of non-displayed posters or
solely emphasise the physical site inspection component of audits, as forms. These minor details often display weak connections to the process
surface compliance activities already dominate such inspections, requirements, the very issues they are meant to address. Out of 58
including cleanliness, housekeeping, and signage. corrective actions related to the aforementioned factors, only two
demonstrated a strong connection to the issue.
5.3.1.2. Artefacts take on the guise of the issue. The second variation of Confusion between requirements and specifications is evident in
surface compliance involves auditors frequently focusing on revising other instances as well. One corrective action highlighted an inconsis
artefacts without adequately addressing the underlying physical issues. tency where an emergency assembly point was, positively, acknowl
This variation aligns with prior work (Hayes & Hopkins, 2015; Longford edged during the pre-start meeting (indicating an awareness of the
Royal Commission, 1999) that highlights how highly symbolic safety control), but it had not been documented. Another action requested
systems can shift attention towards managing system artefacts, such as additional information to be included in the vehicle management plan,
document tweaking and production, rather than effectively addressing including parking spots. However, the audit reports failed to specify the
operational issues. actual deficiency or explain the value derived from adding such
Two examples illustrate this point. In the first example, the audit information.
question assesses whether all major hazards on the site have been Other noteworthy corrective actions emerge. In one case, a correc
identified. The auditor accepts a “completed” site risk register as evi tive action implied that site safety inspections were not being conducted,
dence of a thorough assessment of risks. In the second example, the audit yet the recommendation focused solely on updating the site inspection
question concerns the application of a specific process at the site, and the schedule to reinstate the inspection activity, rather than addressing the
existence of the process’s flowchart on a noticeboard is deemed suffi lack of inspections themselves. Similarly, when asked about the appli
cient evidence of its implementation. However, having a site risk reg cation of a specific process in practice, the auditor simply requested that
ister does not guarantee the identification of all major hazards, and the process’s flowchart be displayed on a noticeboard, without assessing
displaying a flowchart does not indicate the actual usage of the process. whether the activity was taking place. Once again, the auditor
Despite being treated as approximately equivalent, these artefacts do not emphasised a specification with only a weak connection to the under
serve as direct evidence of the desired outcomes. lying issue.
Another notable observation is that auditors seldom discuss hazards One implication of our work on enabling devices is the disconnection
beyond immediate physical observations during site inspections. When between how safe members of an organisation believe the organisation
hazards or issues are addressed, the focus is primarily on safety artefacts to be, versus members’ actual exposure to harm. The paper underscored
rather than directly engaging with the issues themselves. For instance, how these mechanisms divert organisational efforts away from
work instructions, job safety analyses, and safe work method statements addressing the most crucial issues at hand (Hutchinson et al., 2022). For
are emphasised when evaluating work-related matters, while risk reg instance, an organisation may emphasise the importance of effective
isters, plans, and permits are emphasised when assessing site hazards. training in its management plans and inductions but allocate insufficient
Traffic hazards are discussed in the context of vehicle and traffic plans, resources to conduct thorough training and verify its quality and
and site safety inspections revolve around the monthly site inspection completion. Similarly, these findings indicate that audit corrective ac
schedule as the applicable unit of analysis. tions often direct organisations to address issues of lesser importance or
In these examples, the call for artefact changes aims to establish a relevance.
presumed connection to the physical issue or work. However, in many Considering this section, the paper argues that auditing should pri
cases, these artefacts have limited direct relevance to the actual work. By marily focus on verifying the effectiveness of a system or component
prioritising artefact adjustments over practice changes (Pentland & (requirements) rather than merely confirming its presence, display, or
Feldman, 2008), audits may inadvertently lead to goal displacement, documentation – the various specifications. Nonetheless, the bulk of the
where issues are transformed into audit scores and inappropriately paper’s evidence suggests that audits predominantly centre around
10
B. Hutchinson et al. Safety Science 169 (2024) 106348
checking for the existence of components with limited critical exami Table A1
nation of whether those components are functioning as intended. This Frequency of the strength of corrective actions listed per description.
finding aligns with the key observation made in the 2005 Buncefield oil Strength per class None Weak Moderate Strong
storage facility fire report, where accepting the presence of a system as (a)
evidence without evaluating its usage proved detrimental (COMAH Physical action descriptions
Competent Authority, 2011). Animals 0 0 0 1
Chemical separation/management 0 1 2 5
5.3.3. Signatures provide symbolic value Dust/hygiene 0 0 0 1
Electrical safety 0 0 1 5
The paper previously argued that excessive reliance on symbolic Environment 0 2 0 2
artefacts, particularly relating to the effectiveness of safety plans, doc Equipment/plant not fit for purpose 0 1 1 6
uments, and systems, can pose increased risks to organisations (Hutch Falling objects 0 0 0 3
inson et al., 2022). This is partly because individuals may perceive Fencing/delineation/pathways 0 1 2 6
Hazardous conditions 0 0 3 2
things to be safer than they are simply because a process is in place,
Housekeeping/site maintenance 0 3 4 1
despite the underlying issues remaining unaddressed. Inadequate emergency preparedness 0 0 0 1
This paper identified several corrective actions that placed undue awareness
emphasis on the presence or absence of a signature on a safety artefact, Noise generation 0 0 0 1
which the paper contends exemplifies misplaced symbolism. Corrective Other hazards or issues 0 1 2 0
Plant servicing/maintenance 0 2 1 0
actions referred to signatures on risk assessments or safe work method Pre-start inspection 0 0 1 0
statements as if they were synonymous with worker comprehension and Review communication 0 1 1 0
agreement to the document’s conditions. In the latter case, obtaining a Rigging and lifting equipment 0 0 0 2
signature on a plant risk assessment was treated literally as an Site maintenance 0 1 1 0
Slips/trips/falls 0 1 4 0
acknowledgment of the content within the assessment itself. Other
Test/tag 0 0 5 1
research supports this observation regarding the perceived role of sig Vehicle separation/parking 0 0 2 0
natures on safe work method statements (Pillay, 2023). Vehicles, vehicle movement 0 0 3 2
Likewise, our findings indicate that signatures carry significant PPE 0 2 0 1
symbolic value in confirming that a task has been completed or that Administrative-related action
descriptions
understanding has been internalised. However, these are distinct mat
Define roles/responsibilities 1 3 1 0
ters. It is possible to sign something without fully grasping its content or Develop or review register 0 6 6 0
the operational implications that may ensue. Safety management ac Display or submit document 6 6 0 0
tivities, such as the development and refinement of plans, work in Improving resourcing or HR 0 1 0 0
arrangements
structions, and registers, may not necessarily influence the issues they
Incomplete or missing document/form 3 15 16 1
are believed to address (Hutchinson et al., 2022). IT 0 2 0 0
The importance of signatures on work permits was also highlighted Maintain records 0 1 0 0
in the Piper Alpha disaster (Cullen, 1990), where the absence of signa New process/document 0 4 1 0
tures was among several factors indicating an ineffectively implemented Out-of-date documents 0 1 0 0
Outstanding audit actions 0 0 2 0
permit-to-work system. As demonstrated in this audit sample and
Reporting system/KPIs 0 3 0 0
potentially at Piper Alpha, signatures alone may only weakly correlate Revise or review document 4 7 2 1
with the physical issues at hand, without additional contextual infor Send document to a stakeholder 1 0 0 0
mation such as knowledge of the process or issues involved, and the Sign document 0 9 0 0
Undertake an audit 0 4 3 0
work undertaken to carry out the process.
Undertake risk review/assessment 0 2 8 0
To summarise this effect, this paper proposes that the pursuit of Update or review training records or 0 8 1 0
signatures may introduce a potent form of symbolic verification—a training needs
subjective assurance for auditors. Consequently, this symbolic verifica Vehicle pre-start 0 0 2 0
tion can pull audits towards their enabling function, detached from the Version control, format, template, or 5 2 2 0
storage location
core issues they are intended to address.
Mixed physical / administrative
action descriptions
6. Limitations Deliver toolbox, information, or 0 4 3 0
committee meeting
Deliver training 0 4 6 1
Some limitations are present in this study. The first challenge is
Display/review signage 0 14 11 2
external validity. Whilst this study included 71 audit reports (across the Enhance communication & consultation 0 0 2 0
main sample of 42 audit reports, 14 additional communication audit Inspect / review / place emergency 1 11 14 2
reports, and then another 15 matched audit reports), from a range of equipment (fire extinguisher, first aid,
different auditors, auditing organisations, and for a range of different spill kit)
Not following established process 0 1 5 2
purposes, no sample of health and safety audits could be considered Permit to work 0 0 1 1
truly representative of all audits. External validity is also limited by the Schedule, review or practice emergency 0 0 3 1
single organisational context (albeit the sample did include 16 external preparations or evacuation
and independent audit providers). Future research drawing on a larger Undertake workplace inspection or 0 2 6 1
review of inspection schedule
sample from multiple organisations would address this limitation.
The audit reports also did not focus on less-tangible facets of
organisational performance, like psychosocial factors, power distribu managing the most serious issues. Thus, what was left in the audit re
tions, or climates/cultures. ports were the remaining, lower consequence issues needing resolution.
Another limitation is that our conclusions are based only on what
auditors or auditees chose to comment on in the reports. It is conceivable 7. Conclusion
that auditors verbally discussed various issues and positive observations
in depth that did not get transcribed into written reports. Another pos Audits are positioned in contemporary organisations as critical
sibility is that the project sites under review generally were good at
11
B. Hutchinson et al. Safety Science 169 (2024) 106348
checks of whether their safety management systems are functioning as Downer, J., 2013. Disowning Fukushima: Managing the credibility of nuclear reliability
assessment in the wake of disaster. Regulation & Governance 287–309. https://doi.
intended. The paper tested this assumption by investigating 71 audit
org/10.1111/rego.12029.
reports from a large, Australian provider of integrated services. Fernández-Muñiz, B., Montes-Peón, J.M., Vázquez-Ordás, C.J., 2012. Occupational risk
This evidence highlights that audits, largely, were assigning correc management under the OHSAS 18001 standard: Analysis of perceptions and
tive actions focused on the evaluation and modification of safety arte attitudes of certified firms. J. Clean. Prod. 24, 36–47.
National Patient Safety Foundation. (2016). RCA2: Improving root cause analyses and
facts, conflating the presence of a document as evidence of the actions to prevent harm.
effectiveness of the process. Namely, audits: a) focused on surface Gallagher, C., Underhill, E., Rimmer, M., 2001. OHS Management Systems: A Review of
compliance activities, and b) lacked a focus on critical components or their Effectiveness in Securing Healthy & Safe Workplaces. National Occupational
Health and Safety Commission, Commonwealth of Australia.
had a methodology lacking capability to identify particular issues. Gallagher, C., Underhill, E., Rimmer, M., 2003. Occupational safety and health
These findings suggest that some auditing approaches may be at risk management systems in Australia: Barriers to success. Policy and Practice in Health
of tweaking documents or addressing insignificant physical issues at the and Safety 1 (2), 67–81.
Goncalves Filho, A.P., Jun, G.T., Waterson, P., 2019. Four studies, two methods, one
expense of properly addressing critical issues or hazards. That is, while accident–An examination of the reliability and validity of Accimap and STAMP for
providing a false veneer that these issues are being appropriately accident analysis. Saf. Sci. 113, 310–317.
managed: the audit masquerade. Goncalves Filho, A.P., Waterson, P., Jun, G.T., 2021. Improving accident analysis in
construction–Development of a contributing factor classification framework and
These results have implications for the organisational logic of why an evaluation of its validity and reliability. Saf. Sci. 140.
audit is needed and what benefits and outcomes audits are expected to Hallowell, M.R., Hinze, J.W., Baud, K.C., Wehle, A., 2013. Proactive construction safety
deliver. control: Measuring, monitoring, and responding to safety leading indicators.
J. Constr. Eng. Manag. 139 (10).
Hassan, N.A., Mohammad Zailani, S.H., Hasan, H.A., 2021. A Meta-analysis of Integrated
CRediT authorship contribution statement Internal Audit Management Effectiveness towards Business Sustainability. Pertanika
J. Soc. Sci. Human. 29.
Ben Hutchinson: Conceptualization, Methodology, Formal Anal Hayes, J., & Hopkins, A. (2015). Nightmare Pipeline Failures: Fantasy Planning, Black Swans
and Integrity Management. CCH Australia Limited.
ysis, Investigation, Writing - original draft, Writing - review & editing. Hibbert, P.D., Thomas, M.J., Deakin, A., Runciman, W.B., Braithwaite, J., Lomax, S.,
Sidney Dekker: Writing - review & editing. Andrew Rae: Conceptu Prescott, J., Gorrie, G., Szczygielski, A., Surwald, T., 2018. Are root cause analyses
alization, Methodology, Validation, Writing - review & editing, recommendations effective and sustainable? An observational study. Int. J. Qual.
Health Care 30 (2), 124–131.
Supervision. Hide, S., Atkinson, S., Pavitt, T. C., Haslam, R., Gibb, A. G., & Gyi, D. E. (2003). Causal
factors in construction accidents. Research report 156. Health and Safety Executive.
Declaration of Competing Interest https://www.hse.gov.uk/Research/rrpdf/rr156.pdf.
Hohnen, P., Hasle, P., 2011. Making work environment auditable–A ‘critical case’ study
of certified occupational health and safety management systems in Denmark. Saf.
The authors declare that they have no known competing financial Sci. 49 (7), 1022–1029.
interests or personal relationships that could have appeared to influence Hopkins, A., 1999. Managing Major Hazards: The Lessons of the Moura Mine Disaster.
Allen & Unwin.
the work reported in this paper. Hopkins, A., 2015. Lessons From Longford: The Esso Gas Plant Explosion. CCH Australia
Ltd.
Appendix Hu, X., Yeo, G., Griffin, M., 2020. More to safety compliance than meets the eye:
Differentiating deep compliance from surface compliance. Saf. Sci. 130.
Hutchinson, B., Dekker, S., Rae, A., 2022. Writing plans instead of eliminating risks: How
Table A1. can written safety artefacts reduce safety? Saf. Sci. 151.
International Labour Office. (2001). Guidelines on occupational safety and health
References management systems, ILO-OSH 2001.
Jackson, M.A., 2001. Problem Frames: Analysing and Structuring Software Development
Problems. Addison-Wesley/ACM Press.
Alfred, L., Limmer, M., Cartwright, S., 2020. An integrative literature review exploring Jackson, D. (2010). Worked example of a problem from Leveson’s “Safer World”. https://
the impact of alcohol workplace policies. Int. J. Workplace Health Manag. people.csail.mit.edu/dnj/talks/veldhoven10/comments-on-leveson-interlock-ex
Alruqi, W.M., Hallowell, M.R., 2019. Critical success factors for construction safety: ample.pdf.
Review and meta-analysis of safety leading indicators. J. Constr. Eng. Manag. 145 Le Coze, J., 2005. Are organisations too complex to be integrated in technical risk
(3), 04019005. assessment and current safety auditing? Saf. Sci. 43 (8), 613–638.
Batalden, B.-M., Sydnes, A.K., 2015. Auditing in the maritime industry: A case study of Le Coze, J.-C., Dupre, M., 2012. Is it time, in the process industry, to question the limits
the offshore support vessel segment. Saf. Sci. Monit. 19 (1), 3. of safety audits? Hazards XXIII 244–254.
Bender, R. (2006). What is an Effective Audit, and How Can You Tell? Paper prepared for the Lindsay, F., 1992. Successful health and safety management. The contribution of
Audit Committee Chair Forum. Cranfield University School of Management, United management audit. Saf. Sci. 15 (4–6), 387–402.
Kingdom. Lingard, H., Hallowell, M., Salas, R., Pirzadeh, P., 2017. Leading or lagging? Temporal
Bigelow, P., Robson, L., 2005. Occupational health and safety management audit analysis of safety indicators on a large infrastructure construction project. Saf. Sci.
instruments: A literature review. Institute for Work & Health. 91, 206–220.
Bjelle, S.L., Sydnes, A.K., 2019. Auditing Industrial Safety Management: A Case Study. Longford Royal Commission. (1999). The Esso Longford gas plant accident: Report of the
Int. J. Manag. Knowl. Learn. 8 (1), 43–59. Longford Royal Commission. Govt. Printer for the State of Victoria.
Blewett, V., O’Keeffe, V., 2011. Weighing the pig never made it heavier: Auditing OHS, Lundberg, J., Rollenhagen, C., Hollnagel, E., 2009. What-You-Look-For-Is-What-You-
social auditing as verification of process in Australia. Saf. Sci. 49 (7), 1014–1021. Find–The consequences of underlying accident models in eight accident
Borys, D., 2012. The role of safe work method statements in the Australian construction investigation manuals. Saf. Sci. 47 (10), 1297–1311.
industry. Saf. Sci. 50 (2), 210–220. https://doi.org/10.1016/j.ssci.2011.08.010. Martinov-Bennie, N., O’Neill, S., Cheung, A., Wolfe, K., & Australia, S. W. (2014). Issues
Center for Chemical Process Safety. (2011). Guidelines for Auditing Process Safety in the assurance and verification of work health and safety information. Safe Work
Management Systems. Second Edition. John Wiley & Sons. Australia.
U.S. Chemical Safety and Hazard Investigation Board. (2009). Imperial Sugar Company McInerney, P. (2005a). Special Commission of Inquiry into the Waterfall Rail Accident. Final
Dust Explosion and Fire. https://www.csb.gov/. Report. Volume 1. January 2005. https://nraspricms01.blob.core.windows.net/asse
U.S. Chemical Safety and Hazard Investigation Board. (2012a). E. I. DuPont De Nemours ts/documents/Waterfall-Rail-Accident/Waterfall-final-report-Volume-1.pdf.
Co. Fatal Hotwork Explosion. https://www.csb.gov/. McInerney, P. (2005b). Special Commission of Inquiry into the Waterfall Rail Accident. Final
U.S. Chemical Safety and Hazard Investigation Board. (2012b). Hoeganaes Corporation Report. Volume 2. January 2005. https://nraspricms01.blob.core.windows.net/asse
Fatal Flash Fires. https://www.csb.gov/. ts/documents/Waterfall-Rail-Accident/Waterfall-final-report-Volume-2.pdf.
U.S. Chemical Safety and Hazard Investigation Board. (2017). AirGas Facility Fatal Moroney, R., 2010. Auditing: A practical approach. John Wiley & Sons.
Explosion. https://www.csb.gov/. Oswald, D., Sherratt, F., Smith, S., 2018. Problems with safety observation reporting: A
COMAH Competent Authority. (2011). Buncefield: Why did it happen? The underlying construction industry case study. Saf. Sci. 107, 35–45.
causes of the explosion and fire at the Buncefield oil storage depot, Hemel Pentland, B.T., Feldman, M.S., 2008. Designing routines: On the folly of designing
Hempstead, Hertfordshire on 11 December 2005. http://www.hse.gov.uk/comah artifacts, while hoping for patterns of action. Inf. Organ. 18 (4), 235–250.
/buncefield/buncefield-report.pdf. Petroleum Safety Authority. (2005). Investigation of gas blowout on Snorre A, Well 34/7-
Cullen, W., 1990. The public inquiry into the Piper Alpha disaster. H.M, Stationery P31A, 28 November 2004. http://www.wellintegrity.net/Documents/PSA%20Inve
Office. stigation%20of%20Snorre%20Blowout.pdf.
12
B. Hutchinson et al. Safety Science 169 (2024) 106348
Pidd, K., Kostadinov, V., Roche, A., 2016. Do workplace policies work? An examination Safe Work Australia. (2013). The effectiveness of work health and safety interventions by
of the relationship between alcohol and other drug policies and workers’ substance regulators: A literature review. https://www.safeworkaustralia.gov.au/system/files
use. Int. J. Drug Policy 28, 48–54. /documents/1702/effectiveness-whs-interventions-by-regulators-literature-review.
Pidd, K., Roche, A.M., 2014. How effective is drug testing as a workplace safety strategy? pdf.
A systematic review of the evidence. Accid. Anal. Prev. 71, 154–165. Salas, R., Hallowell, M., 2016. Predictive validity of safety leading indicators: Empirical
Pillay, M., 2023. Resilience Engineering and Safe Work Method Statements in assessment in the oil and gas sector. J. Constr. Eng. Manag. 142 (10).
Construction Projects. In: Human-Automation Interaction. Springer, pp. 639–651. Shah, M., 2012. Ten years of external quality audit in Australia: Evaluating its
Power, M., 1999. The Audit Society: Rituals of Verification. Oxford University Press. effectiveness and success. Assess. Eval. High. Educ. 37 (6), 761–772.
Pratt, M.G., Rafaeli, A., 1997. Organizational dress as a symbol of multilayered social Shaw, A., Blewett, V., Stiller, L., Aickin, C., Cox, S., Ferguson, S., Frick, K., 2007. Digging
identities. Acad. Manag. J. 40 (4), 862–898. Deeper: Wran Consultancy Project Final Report. NSW Department of Primary
Rae, A.J., Alexander, R.D., 2017. Probative blindness and false assurance about safety. Industries, Sydney.
Saf. Sci. 92, 190–204. Standards Australia / Standards New Zealand. (2019). AS/NZS ISO 19011:2019:
Rae, A., Provan, D., Weber, D., Dekker, S., 2018. Safety clutter: The accumulation and Guidelines for auditing management systems. https://www.techstreet.com.
persistence of ‘safety’ work that does not contribute to operational safety. Policy and Tackett, J., Wolf, F., Claypool, G., 2004. Sarbanes-Oxley and audit failure: A critical
Practice in Health and Safety 16 (2), 194–211. examination. Manag. Audit. J. 19 (3), 340–350.
Robson, L.S., Bigelow, P.L., 2010. Measurement properties of occupational health and The BP US Refineries Independent Safety Review Panel. (2007). The Report of the BP US
safety management audits: A systematic literature search and traditional literature Refineries Independent Safety Review Panel. http://www.csb.gov/assets/1/19/Bake
synthesis. Can. J. Public Health 101 (1), S34–S40. r_panel_report1.pdf.
Robson, L.S., Macdonald, S., Van Eerd, D.L., Gray, G.C., Bigelow, P.L., 2010. Something Verma, A., Chatterjee, S., Sarkar, S., Maiti, J., 2018. Data-driven mapping between
Might be Missing From Occupational Health and Safety Audits: Findings From a proactive and reactive measures of occupational safety performance. In: Industrial
Content Validity Analysis of Five Audit Instruments. J. Occup. Environ. Med. 52 (5), Safety Management. Springer, pp. 53–63.
536–543. https://doi.org/10.1097/JOM.0b013e3181dbc87c. Winge, S., Albrechtsen, E., Mostue, B.A., 2019. Causal factors and connections in
Robson, L.S., Ibrahim, S., Hogg-Johnson, S., Steenstra, I.A., Van Eerd, D., Amick III, B.C., construction accidents. Saf. Sci. 112, 130–141.
2017. Developing leading indicators from OHS management audit data: Determining Wood, L.J., Wiegmann, D.A., 2020. Beyond the corrective action hierarchy: A systems
the measurement properties of audit data from the field. J. Saf. Res. 61, 93–103. approach to organizational change. Int. J. Qual. Health Care 32 (7), 438–444.
Rozenblit, L., Keil, F., 2002. The misunderstood limits of folk science: An illusion of Woolley, M.J., Goode, N., Read, G.J., Salmon, P.M., 2018. Moving beyond the
explanatory depth. Cognit. Sci. 26 (5), 521–562. organizational ceiling: Do construction accident investigations align with systems
Safe Work Australia. (2011). How to manage work health and safety risks: Code of Practice. thinking? Hum. Factors Ergon. Manuf. Serv. Ind. 28 (6), 297–308.
https://www.safeworkaustralia.gov.au/system/files/documents/1702/how_to_m Workcover NSW. (2014). National self-insurer OHS management system audit tool. https
anage_whs_risks.pdf. ://content.api.worksafe.vic.gov.au/sites/default/files/2018-06/National_self-insur
er_OHS_management_system_audit_tool_Version_3.pdf.
13