Safety Science 169 (2024) 106348

Contents lists available at ScienceDirect

Safety Science
journal homepage: www.elsevier.com/locate/safety

Audit masquerade: How audits provide comfort rather than treatment for
serious safety problems
Ben Hutchinson *, Sidney Dekker, Andrew Rae
Safety Science Innovation Lab, Griffith University, 170 Kessels Rd, Nathan 4111, Queensland, Australia

A B S T R A C T

Investigations following major accidents sometimes find that auditing failed to identify critical deficiencies. Such findings assume that the deficiencies were just
waiting to be found: if only the audit had looked a little deeper, then the accident could have been prevented. This study analysed health and safety audits to examine
the nature of audit corrective actions and whether they were strongly aligned to operational issues. This provides a picture of the capability of audits to find and fix
problems.
The results demonstrated that only ~ 16% of the 327 audit corrective actions in this sample were strongly connected to the issue or hazard identified by the audit
question. Most actions were weakly or moderately connected to the issue. Stronger corrective actions primarily covered observable physical site issues, such as
correcting inappropriate site signage or correcting slip and trip hazards. Weaker actions covered largely documentation-related factors, such as correcting missing
documentation or displaying a poster.
Pointedly, no corrective actions called for a deep and systematic rectification of deficiencies. Virtually all actions directed localised changes to the immediate
deficiency. This sample of audits prioritised superficial fixes over addressing significant operational risks.
The findings point to a masquerade in what auditing achieves in some contexts: a symbolic activity optimised for surface tweaks, rather than a critical self-
examination about what the organisation believes and tells about itself and its safety.
In some contexts, health and safety audits may have become a well-developed strategy for avoiding uncomfortable findings; successfully blinding the organisation
to necessary hard fixes.

1. Introduction fulfill their primary purposes.

In the wake of an accident, inadequacies in safety activities could be
seen as an isolated problem – that is, a failure to conduct the safety
activities “properly” or to sufficient quality (Appleton, 1994, as cited in
Hopkins, 1999, p. 71). An alternate view is that the failings before the
accident are representative of weaknesses inherent to the activities,
rather than isolated exceptions to how the activity is normally con­
ducted (Downer, 2013).
These competing possibilities are important for evaluating health
and safety auditing. Previous research has identified various challenges
that affect the effectiveness of audits. These challenges include a focus
on paperwork rather than operational concerns, the displacement of
goals towards managing audit assessment scores, a collapse of complex
sociotechnical factors into linear and auditable types, and inherent
structural weaknesses in the audit templates (Batalden & Sydnes, 2015;
Bjelle & Sydnes, 2019; Blewett & O’Keeffe, 2011; Le Coze, 2005; Le Coze
& Dupre, 2012; Robson et al., 2017). Such challenges, if they are more
than isolated exceptions, undermine the ability of auditing systems to
This paper starts from the premise that a fundamental purpose of
health and safety audits is to reduce “decoupling”: “the distance be­
tween the intended purpose or function of the artefact versus the actual
function in practice of the artefact” (Hutchinson et al., 2022, p. 2).
Decoupling would exist where a prior audit has, for instance, reported
mine ventilation processes are working as intended, despite critical
defects influencing mine ventilation remaining in place. Effective audits
should reliably identify such gaps and facilitate corrective actions to
close the gaps, thus reducing decoupling. Conversely, audits would “fail”
in this fundamental purpose if they cannot diminish decoupling,
resulting in an ongoing gap between expectations of artefact perfor­
mance and reality.
This study examines the influence of health and safety audits on
decoupling within one large organisation. The unit of analysis is indi­
vidual audit corrective actions. At this level, decoupling is reduced when
a corrective action directly addresses an aspect of physical reality based
on audit criteria. “Strong alignment” refers to a direct connection be­
tween the corrective action and the hazards or issues indicated by the

* Corresponding author.
E-mail address: ben.hutchinson@griffithuni.edu.au (B. Hutchinson).

https://doi.org/10.1016/j.ssci.2023.106348
Received 13 February 2023; Received in revised form 27 August 2023; Accepted 5 October 2023
0925-7535/© 2023 The Author(s). Published by Elsevier Ltd. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/).
B. Hutchinson et al.
audit criteria, while “weak alignment” indicates no direct connection.
The study aims to determine the frequency and areas in which corrective
actions demonstrate strong alignment. This analysis provides an un­
derstanding of the overall effectiveness of audits in reducing decoupling
across different safety risks. It is expected that an audit with less
decoupling will exhibit a distribution of corrective actions leaning to­
wards moderate to strong alignment, whereas greater decoupling will be
indicated by a distribution of corrective actions leaning towards mod­
erate to weak alignment.
Therefore, the study’s primary research question is:
• How are audits influencing decoupling?
The following sub-questions are employed to answer the primary
question:
• What are the characteristics of corrective actions assigned in audits?
• What is the strength of alignment between specific audit questions
and corrective actions?
2. Literature on audits
2.1. What are audits?
Auditing has been defined as a:
“systematic examination against defined criteria to determine
whether activities and related results comply with planned ar­
rangements and whether these arrangements are implemented
effectively and are suitable to achieve the organisation’s policy and
objectives” (Workcover NSW, 2014).
Accordingly, audits are inferred to have three direct functional
elements:
1. Checking compliance (i.e., a match between a set of documents/
processes and a set of defined criteria).
2. Checking validity (i.e., a match between a set of documents/pro­
cesses and underlying reality).
3. Checking suitability (i.e., checking fitness for purpose, regardless of
the defined criteria).
Audits encompass both tangible and intangible aspects of work
practices, evaluating compliance, validity, and suitability (Blewett &
O’Keeffe, 2011). Tangible elements pertain to actual practices, states,
and controls, while intangible aspects include power structures, lead­
ership, and relationships (Blewett & O’Keeffe, 2011). When disparities
arise between expectations (as stipulated in procedures or established
norms) and reality, corrective actions are designed and implemented by
internal or external stakeholders. These stakeholders could include au­
ditors or organisational personnel, who work towards rectifying these
discrepancies.
Audit structures and scopes differ, leading to varying emphasis on
the aforementioned elements. For example, compliance audits prioritise
checking the alignment of practices with procedures (Moroney, 2010).
In contrast, performance audits focus on gathering evidence regarding
organisational performance against criteria or the effectiveness of pro­
cesses (Moroney, 2010). Audits also vary based on the entity conducting
them. Internal audits are carried out by the organisation itself, exam­
ining its processes and performance (first-party audits), while external
audits involve parties external to the organisation, such as customers
assessing suppliers or independent auditing organisations (second-party
and third-party audits, respectively; Standards Australia / Standards
New Zealand, 2019).
Audits can take the form of formal, planned activities or informal
internal assessments or inspections conducted to monitor ongoing ac­
tivities (Center for Chemical Process Safety, 2011). They may have a
2
Safety Science 169 (2024) 106348
“desktop” scope, involving the examination of documents without field
visits, or assess field practices and hazards directly related to work, or
combine both approaches. The scope of audits may encompass broad
health and safety systems or focus on specific areas such as electrical or
chemical safety. This study encompasses all types of formal and planned
health and safety audits, including both field and desktop audits.
2.2. What makes an effective audit?
The effectiveness of an audit depends on the context and the inten­
ded audience (Bender, 2006). Since no universal guidance existed,
Bigelow and Robson (2005) reviewed several studies to create a list of
factors that potentially influence the reliability and validity of health
and safety audits. These authors identified factors relating to auditors,
such as competence, auditor bias and independence, and internal versus
external auditors. Factors relating to the audit and audit process were
also identified by Bigelow and Robson (2005) as potentially important
for audit effectiveness: the theoretical basis of audits, a comprehensive
auditing framework, standards that can be used for comparison, how
data is sampled, the objectivity and detail in audit questions, resources
available for auditing, quality control, and matters relating to the audit
measurement scales and their weighting factors. Expanding on the
latter, Robson and Bigelow (2010) and Robson et al. (2010) further
emphasised the relevance of measurement properties, such as reliability
and validity. While simpler contexts may not necessitate validated and
predictive audit instruments, more complex contexts require in­
struments with assured content validity to effectively identify gaps.
These findings point to a range of items relevant to audit effectiveness.
Martinov-Bennie et al. (2014) proposed that adapting a “well-tested
and rigorous systematic approach” (Martinov-Bennie et al., 2014, p. 23)
from financial auditing to health and safety auditing could enhance
audit performance. This approach emphasised the identification of
safety risks and hazards, assessment of mitigating controls in the safety
management system, and then determining the residual risks and cor­
responding responses. Hence, health and safety audits should not overly
concentrate on compliance against administrative aspects of the system
and documentation. Rather, health and safety audits should prioritise
addressing tangible and intangible factors linked to actual characteris­
tics, states, influences, objects, or practices to enhance the efficacy of the
safety management system in achieving health and safety goals
(Fernández-Muñiz et al., 2012; Gallagher et al., 2003; International
Labour Office, 2001; Lindsay, 1992; Martinov-Bennie et al., 2014).
Consistent with this perspective, the present study proposes that a
successful audit should focus on minimising decoupling. This phenom­
enon arises due to a lack of alignment between the intended objectives of
an artefact or safety system and its actual effectiveness in achieving
those objectives in practice. Previous research has highlighted the
excessive emphasis on compliance with documented systems in health
and safety auditing and neglecting the practical functioning and safety
of work (Bjelle & Sydnes, 2019; Blewett & O’Keeffe, 2011; Gallagher
et al., 2001; Shaw et al., 2007). Similarly, investigation reports have
criticised audit approaches preceding accidents for similar reasons
(COMAH Competent Authority, 2011; Longford Royal Commission,
1999; U.S. Chemical Safety and Hazard Investigation Board, 2017).
2.3. Are audits of safety management systems effective?
Audits are used extensively in modern society—referred to by Power
(1999) as an audit explosion. Despite the prevalence, evidence for the
efficacy of health and safety audits in improving organisational perfor­
mance is relatively scarce and mixed. Evidence in favour of audits tends
to come from studies examining correlations between audit activity and
other measures of safety. To illustrate, Hassan et al. (2021) found that
integrated management system audits improved business sustainability
practices in their meta-analysis of 77 studies. External quality audits
were also found to improve quality assurance processes in Australian
B. Hutchinson et al.
universities over ten years in Shah’s (2012) review.
Alruqi and Hallowell (2019) examined the relationship between
leading indicators in construction and safety performance. Through a
meta-analysis of eight studies, they found that safety auditing had a
strong relationship to injuries when measured as an active indicator
(when including site safety observations and inspections). Salas and
Hallowell’s (2016) study specifically identified significant associations
between safety performance and a composite measure encompassing
auditing and various safety management activities (such as near-miss
reporting and job safety analysis). Lingard et al. (2017) also reported
a statistically significant and moderate correlation between audits and
safety performance in a separate study not included in the meta-analysis.
Furthermore, regulatory inspections, if considered part of auditing, may
contribute to improved health and safety outcomes in specific circum­
stances (Safe Work Australia, 2013). While there is a clear statistical
association between audit measures and safety performance, there is no
strong evidence to suggest that audits directly cause performance
improvements.
On the other hand, evidence challenging the effectiveness of health
and safety audits stems from a more detailed examination of audit
mechanisms. Robson et al. (2010) evaluated the predictive ability of
metrics derived from audit data on firm injury claims. Although the
audit instrument exhibited structural validity and high internal consis­
tency, it failed to predict subsequent claims data. Another study by
Robson and Bigelow (2010) assessed seventeen distinct audit tools for
their measurement properties. Only five tools demonstrated content
validity, and only one audit tool showed construct validity. Overall, the
inter-rater reliability was deemed “unacceptably low”. Lastly, Robson
et al. (2017) investigated the predictive ability of an audit instrument
regarding workers’ compensation claims outcomes and other factors.
The instrument did not demonstrate construct validity and generally
showed limited predictability for claim outcomes. In summary, multiple
studies have highlighted insufficient validity of health and safety audit
tools, suggesting methodological challenges in reliably improving
certain aspects of safety performance through audits.
2.4. What is going wrong with audits?
The empirical evidence about audits provides inconsistencies that
need resolving. Some work shows a positive association between safety
performance and audits/inspections, while other work shows poor audit
validity when closely scrutinised.
An earlier investigation on audit failings pointed toward auditors
themselves. For example, Tackett et al. (2004) suggested that audit
success was impacted by unintentional errors, deliberate fraud, and
vested financial or personal interests between the auditor and auditees.
However, newer work suggests foundational and systemic issues
affecting audit failures, such as lack of worker participation, a focus on
paperwork, confusion of audit criteria, and auditing leading to unin­
tended consequences and goal displacement (Blewett & O’Keeffe, 2011).
More recently, Robson et al. (2017) suggested several explanations
for the poor validity of the tested audit instrument in their study. Two of
these explanations: 1) audit elements in the instrument not being the
most important elements for predicting safety performance and 2) the
audit items not capturing the most important content of the ele­
ments—suggests factors consistent with decoupling are present within
health and safety audits.
Organisations use safety deliverables like emergency plans or risk
assessments as enabling devices: artefacts that enable work to progress
beyond some process gate or constraint, like a contractual arrangement
to deliver an emergency plan before commencing work. While the plan
intends to help the organisation better manage emergencies, what can
instead happen is managing the document but believing the issue to be
addressed (Hutchinson et al., 2022). This type of “decoupling” between
how artefacts influence practices, and thereby influence employee per­
ceptions around how safe work to be, can increase the propensity for
3
Safety Science 169 (2024) 106348
major failure. Audits may, similarly, enable work to traverse contractual
gates or project hold-points, while facilitating a degree of decoupling in
some circumstances.
Artefacts acting as enabling devices is a neutral description—not
positive nor negative. Decoupling, on the other hand, can introduce
unmitigated safety risks into organisations. An open question from
Hutchinson et al. (2022) was whether decoupling also affects health and
safety audits? This paper proposes that decoupling is an active issue in
auditing and may explain the aforementioned disparity via (at least) two
overlapping and linked mechanisms: a focus on surface compliance,
which then leads to documents being managed at the expense of oper­
ational matters.
2.5. A focus on surface compliance activities
Auditing may over-prioritise the collection and review of docu­
mentation. The shift in auditing away from the functionality of systems
towards paperwork and demonstrable evidence can be seen as a shift in
the “depth” of compliance activities. Deep compliance is a form of
compliance that meets the intention and strategy to achieve the organ­
isational outcome. In contrast, surface compliance drives efforts towards
“merely [demonstrating] compliance with safety rules and procedures”
(Hu et al., 2020, p. 4), where minimal effort is invested in the task.
Industrial safety audits in Norway were seen to focus on formal
documentation rather than on system implementation and effectiveness
in practice (Bjelle & Sydnes, 2019). Similar findings were reported in the
New South Wales mining industry and following the 2005 Texas City
Refinery explosion. In the former, audits were seen to focus on paper
compliance and “minutiae” like spelling (Shaw et al., 2007). In the
latter, auditing focused on system processes and artefacts over actual
operating practices at the refinery (The BP US Refineries Independent
Safety Review Panel, 2007).
Blewett and O’Keeffe (2011, p. 1018) in their evaluation of industry
auditing detailed how paperwork was collected to create an auditable
trail, where the quality of information within the documents “was often
a secondary consideration”. Further, they observed a decoupling be­
tween the purpose of paperwork and the point of collating it, such that it
was practically inaccessible to the operational people it was supposed to
protect. This disparity was said to represent the difference between
paperwork that keeps people safe versus paperwork that helps complete
audits (Blewett & O’Keeffe, 2011).
Other examples of a focus on paperwork at the expense of evaluating
actual implementation or effectiveness of systems were found in the case
of the 2005 Buncefield oil storage depot fire (COMAH Competent Au­
thority, 2011, p. 30), the Snorre A platform gas blowout in 2004 (by way
of a questionnaire survey over actual verification to governing docu­
ments; Petroleum Safety Authority, 2005, p. 26) and the 2014 Airgas
Nitrous Oxide Explosion (where auditing lacked a deep dive into safety
systems and practices; U.S. Chemical Safety and Hazard Investigation
Board, 2017, p. 114). In the case of the Esso Longford gas plant accident,
the management system governing the safe operation of the plant was
said to be complex and difficult for people to comprehend (Longford
Royal Commission, 1999, p. 200). Management of this system was seen
to take on a life of its own, where people completed system processes
that were disconnected from operational issues in the field (Longford
Royal Commission, 1999, p. 200).
Another example was from the 2010 San Bruno pipeline explosion.
The involved company was noted to have had a strong commitment to
safety and drew on bespoke risk modelling techniques to estimate
pipeline risks (Hayes & Hopkins, 2015). Despite the completion of
compliance activities at this company—e.g. completing forms, risk as­
sessments, and risk modelling—the integrity management system was
also seen to have taken on a life of its own (Hayes & Hopkins, 2015, p.
159); more symbolic than instrumental.
In both Esso Longford and San Bruno accidents, management of
system artefacts like plans, forms, registers, and the like were seen to
B. Hutchinson et al.
have replaced the functional management of operational risks. A similar
phenomenon may operate with health and safety auditing. Rather than
evaluating the management of hazards or the effectiveness and quality
of systems designed to manage hazards, audits end up focusing on the
management systems themselves as products and outputs; conflating the
system itself with the steps required to systematically manage safety
(Blewett & O’Keeffe, 2011; Hopkins, 2015).
This makes sense when considering that managing operational is­
sues, steeped often in uncertainty around the likelihood and severity of
outcomes versus the required cost to mitigate the risk, is harder than
managing a documented system. Indeed, checking and tweaking written
artefacts is easier than solving a real issue (Pentland & Feldman, 2008;
Pratt & Rafaeli, 1997) but possibly nearly as cathartic. Because of this
difficulty, managing systems and processes are made the centre of
auditing (Hohnen & Hasle, 2011) and condensing difficult uncertainties
into a narrow and auditable set of issues (Hohnen & Hasle, 2011).
2.6. Documentation provides false assurance that issues are being
managed
When auditing prioritises the collection and review of documents, it
can shift the type of work from operational to administrative matters.
Under certain circumstances, auditing may optimise performance of
documentation and resultingly, invoke a type of false assurance: man­
agement of documents and processes is conflated with the management
of the issues themselves. Stakeholders have little reason to question the
situation since the completed and audited management system artefacts,
minutiae and all, are verified as present and compliant. Said differently,
systems and artefacts can increase an individual’s (subjective) confi­
dence that the issues of importance are being managed, while not
improving the objective management of issues (Hayes & Hopkins, 2015;
Hutchinson et al., 2022; Rae & Alexander, 2017). Decoupling is prob­
lematic because people genuinely believe that systems are working as
intended and that audits will find serious deficiencies. This leads to less
vigilance, time and resources in managing operational issues.
Insights from major accidents and process safety-oriented audits
allow speculation on how the discrepancy between the anticipated
effectiveness of audits and reality is influenced in health and safety
audits. Insights include:
• audits failing to identify or provide feedback about active issues as
with audits before the Buncefield oil storage depot explosion
(COMAH Competent Authority, 2011). In the Esso Longford (Long­
ford Royal Commission, 1999) and Buffalo Dupont facility (U.S.
Chemical Safety and Hazard Investigation Board, 2012a) accidents,
audits provided contradictory feedback by praising safety manage­
ment performance despite critical deficiencies;
• audits identifying but then not relaying intel to people who could
resolve the issues, e.g. with the methane explosion in the Moura no 2
underground mine (Hopkins, 1999). Elsewhere, issues were relayed
but then not heeded. For instance, an insurance audit triggered the
testing (and confirmation) of combustible dust before a flash fire and
hydrogen explosion accident at the Hoeganaes facility in Texas (U.S.
Chemical Safety and Hazard Investigation Board, 2012b), but this
did not lead to “an effective overhaul of the dust containment and
housekeeping procedures [at the facility]” (p. 14);
• audits identifying corollaries of issues or reframing issues to be less
concerning, e.g. an external audit before sugar fires and explosions at
an Imperial Sugar Company facility in Georgia identified the accu­
mulation of sugar dust but framed these as food quality issues and
not also as combustible dust hazards (U.S. Chemical Safety and
Hazard Investigation Board, 2009); and
• audits lacking the structural methodologies to identify particular
issues or appropriately frame their significance. The internal audit­
ing process before the Waterfall train accident was said to focus on
4
Safety Science 169 (2024) 106348
occupational health and safety matters and not broader system safety
factors and engineering (McInerney, 2005a, 2005b).
In sum, audits have at least dual purposes. One purpose is a direct
functional role (explored under section 2.1) while another role is for
enabling work; helping planning arrangements to progress through
procedural and contractual gateways.
Audits are meant to help keep these purposes aligned so that the
progression of gateways is achieved via accurate, present, and functional
systems. However, based on the literature from the prior sections this
paper speculates that audits are also impacted by decoupling.
Because of mixed findings on the impact of audits in managing
safety, there remains an empirical need to examine the mechanisms of
audits. Specifically, this study evaluates the sorts of findings and
corrective actions raised in audits and how these relate to matters of
decoupling.
3. Methods
A selection of health and safety audit reports (discussed in sections
3.1 and 3.2) were drawn from a large Australian provider of integrated
services (employing tens of thousands of workers). This company de­
signs, builds, and maintains assets and infrastructure across rail, roads,
energy, mining, and utilities. Health and safety issues varied, depending
on the industry and context. This included personal safety (construction
hazards like dropped objects and moving plant) and some process/major
safety risks (chemical stock management and gas-related hazards).
All reports were selected from a repository on the selected company’s
incident reporting system and came from varied parts of the business.
Audits included internal reports (the primary company auditing itself),
external (consultants or clients auditing the primary company), or reg­
ulatory reports. The external and regulatory reports came from sixteen
different and independent auditing companies or regulatory authorities
that audited the selected company. These independent companies used
different auditing approaches, templates, and personnel.
In this study, audit corrective actions were used as the primary unit
of data. This is because audit reports were largely inconsistent with
reporting the specific findings for each audit criterion. That is, in many
cases, audit reports did not necessarily report a deficiency as a discrete
and separate finding, but rather reported the deficiency as a corrective
action to be resolved.
Two studies with different aims were utilised.
3.1. Study 1 method
Study 1 selected 100 audit reports at random by entering audit-
related search terms into the company’s incident reporting system.
This number was arbitrarily selected as a starting point to capture a
broad and sufficient number of audits, with the option to extend the
sample if saturation was not reached. Audit reports were included in the
sample if they met the following inclusion criteria:
a) Addressed health and safety.
b) Were complete reports.
c) Contained corrective actions.
42 audit reports met the inclusion criteria and were analysed: 27
external, six internal, and nine regulatory. All reports included both
system and documentation reviews and field inspections. Most internal
reports that were reviewed as part of the initial sample of 100 did not
meet inclusion criteria due to a lack of corrective actions or missing/
incomplete information.
Corrective actions were listed in a Microsoft Excel spreadsheet in
conjunction with audit descriptive information. 327 corrective actions
were analysed from the 42 reports. An iterative qualitative coding
scheme was used to categorise audit corrective actions based on their
B. Hutchinson et al. Safety Science 169 (2024) 106348

Table 1 improving or delivering induction and training. In some cases, a

Types of corrective actions.
Focus of action categories
Physical = the audit corrective action is
directly addressing a physical thing,
aspect, or routine in the workplace
Administrative = the audit corrective
action is addressing an administrative
thing or aspect in the workplace
Administrative addressing physical aspect
= the audit corrective action is an
administrative corrective action which
is targeting/ checking/ addressing
physical things, aspects, or routines in
the workplace
Review or assessment of risk = the audit
corrective action is an administrative
action that calls for an assessment or
review
Examples
Add or change site signage, rectify a
site hazard, add or fix fencing or
delineation, rectify deficiencies on
vehicles and plant
Revising a plan, filling in a register,
instructing for a form to be signed
Revising a work instruction with a clear
link to a physical practice or hazard,
scheduling workplace inspections,
instructions to deliver training, or a
toolbox talk
Completing a risk assessment,
reviewing a risk register
corrective action contained two different foci – e.g., write a new pro­
cedure and then facilitate a toolbox information session on the proced­
ure. In these instances, the corrective action was divided into sub-
actions and then each was assessed based on their key foci separately.1
In part three, another qualitative coding scheme was developed
which evaluated each corrective action on its strength of connection to
addressing a physical hazard or issue (Table 2). The steps involved in
part 3 were:
1. A physical hazard or an issue to be rectified was identified in each
audit corrective action. This was based on either the audit question
directly or inferred based on the corrective action.
2. The steps to be completed by each corrective action were then listed.
3. The relationship was then classified between the requested correc­
tive action and the physical hazard or issue to be rectified.
4. An evaluation was undertaken of the strength of connection between
the corrective action and the hazard or issue to be rectified.

Strength of connection is defined as the likelihood that completion of

Table 2 the audit corrective action will result in reducing the likelihood of the
Categories of corrective action strength. hazard exposure or safety–critical issue, or that the corrective action
Strength of connection Rationale Examples leads to a positive change of a real workplace issue (i.e. a characteristic,
to issue state, influence, object, or practice in reality that influences the inter­
Strong category (a): Completing the audit Increase the height of action with a hazard).
Corrective action corrective action windrows beside site For example, if an audit corrective action directed the height in­
directly addresses the expected to directly access road to prevent
crease of road windrows (due to being too shallow to prevent a vehicle
underlying hazard or reduce the likelihood vehicle roll-overs; provide
issue adequate bunding for roll-over), then this would be assessed as having a strong connection to
hazardous chemical tanks the physical hazard of vehicle roll-overs. The corrective action would be
Strong category (b): Completing the audit As category (a) but also assessed as having a weak connection if the action advised updating the
Corrective action corrective action seeks to investigate why roles and responsibilities of vehicle safety in a site plan and had little
directly addresses the expected to directly the deficiency occurred
underlying hazard or reduce the likelihood and/or implement means
direct connection to vehicle roll-over safety. This coding scheme was
issue and seeks to of a family of issues, to eliminate all similar influenced by the US Department of Veteran Affairs’ root cause analysis
rectify that family of including the hazard issues, e.g., investigate corrective action hierarchy (National Patient Safety Foundation, 2016;
issues why windrows height was and influenced by its application in sources like Hibbert et al., 2018;
insufficient and check all
Wood & Wiegmann, 2020), the hierarchy of control methodology (Safe
other windrows for
compliance Work Australia, 2011), and drawing on insights from Hu et al.’s (2020)
Moderate: Corrective Completing the Deliver a training module concept of surface and deep compliance.
action indirectly corrective audit action to address a specific site This qualitative coding scheme was selected based on its ability to
addresses the can reasonably be hazard; ensure a permit is tease out relative strengths and weaknesses of both physical and
underlying hazard or expected to result in completed and
issue via a proxy further actions that understood by workers for
administrative corrective actions. In contrast, the hierarchy of control, a
directly reduce the work at heights possible alternative coding scheme, was assessed as being too dismissive
likelihood of administrative correction actions. A strength of focusing on audit
Weak: Corrective Completing the audit Update table of roles and reports is that they are artefacts that can be readily evaluated and
action indirectly action could result in responsibilities in a plan
compared across a large sample of reports; thereby containing a rela­
addresses the further actions that (with no clear justification
underlying hazard or directly reduce the on why); place up a tively fixed and stable dataset. A limitation is that the data was limited to
issue and/or addresses likelihood, but could noticeboard poster; what was written within the reports, compared to detailed descriptions
an issue not directly also result in no further change a document of the work of auditing by observations or interviews.
connected to the issue actions template The first author and an experienced health and safety general man­
or hazard
ager within the same company independently coded the corrective ac­
None / not applicable: Completing the audit Changing the word
No obvious or corrective action has “assessor” to “person tions against the part three criteria. Internal reliability on scoring the
discernible hazard or no obvious causal completing the corrective actions between the coders was high (Cronbach’s alpha =
issue could be connection to further competency” in a 0.98). Any inconsistencies were worked through until agreement was
determined actions that would verification of
found across all of the corrective actions.
directly reduce the competency assessment
likelihood form An additional sample of 14 communication-specific audit reports
taken from the same repository was evaluated in conjunction with the
42 reports above by searching for “communication” as a search term
characteristics. Coding was divided into three parts and all data was (yielding 35 corrective actions). These reports provided insights into
entered into the spreadsheet. how auditing addresses non-physical aspects and processes in the
Part one assigned each corrective action to its primary focus: 1) workplace. The communication audit reports were used to frame and
physical corrective action, 2) administrative corrective action, 3) discuss findings in this study but were not included in the percentage
administrative corrective action addressing a physical workplace aspect, calculations from the main sample of reports because they do not
and 4) review or assessment of risk (Table 1).
Part two refined this classification by assigning each corrective ac­
tion a further code based on the specific action mentioned in the 1
Thus, the total number of corrective actions in this sample includes a small
corrective action, e.g., revising documents, correcting trip hazards, or number of sub-divided corrective actions.

5
B. Hutchinson et al. Safety Science 169 (2024) 106348

Fig. 1. The distribution of corrective actions per category of actions as a frequency and (percentage of total).

address physical workplace conditions as their primary purpose. a) Addressed health and safety.
b) Were complete reports.
c) Could be matched with the corresponding closure report from the
3.2. Study 2 methodology
same incident reporting system.
Audit corrective actions assigned by auditors may not be closed in
Fifteen audit reports met the inclusion criteria. Each of the 15 reports
the way that the auditor expected. It could be that certain corrective
had an accompanying corrective action closure report, which was
actions, for instance, corrective actions to correct physical hazards, are
written by the respective auditee and described how they addressed
addressed via artefacts that describe how the physical issue will be
each of the corrective actions. These reports were different from study 1,
resolved without actually addressing the physical issue. For example, an
as they were selectively sourced to ensure a matching pair of audit
audit corrective action may request that the site discuss “recent inves­
report and closure report. Case-matching between the audit corrective
tigation findings … at work group meetings [and to include] publishing
action and closure report was performed for all 122 actions listed in the
of the Lessons Learned [alert]”. The corresponding audit closure report
15 reports. Data was listed in side-by-side columns in Microsoft Excel
may then state that this corrective action was closed by the auditees
and then qualitatively coded and analysed using the same methodology
when they “published and disseminated [the lessons learnt alert] to
as study 1.
work groups”.
In the following results, sections 4.1 to 4.4 cover study 1 findings,
Consequently, study 2 evaluated whether there are significant dif­
and section 4.5 covers the findings from study 2.
ferences between the corrective action as it was assigned by the auditor
versus the auditee’s description of how they addressed the corrective
4. Results
action. Study 2 evaluated 28 health and safety audit reports from the
same incident repository as study 1 (using the same search terms and
4.1. What are audit corrective actions focussed on?
strategy). Study 2 was limited to a smaller sample by virtue of the dif­
ficulty in matching audit reports to their subsequent corrective action
Following coding of the data, saturation of the corrective action
closure reports.
categories was reached within approximately the first five audit reports
Reports were included for study if they met the following inclusion
(physical, administrative, administrative addressing physical aspect,
criteria:

Table 3
Strength of corrective actions by categories.
Corrective Action Categories

Strength Total # Physical # Administrative # Administrative addressing Review or assessment

(%) (%) (%) physical aspect # (%) of risk # (%)

Strong (category a): Corrective action directly addresses the underlying 48 (32) 1 (1) 3 (4) 0 (0)
hazard or issue
Strong (category b): Corrective action directly addresses the underlying 0 (0) 0 (0) 0 (0) 0 (0) 0 (0)
hazard or issue and seeks to rectify that family of issues
Moderate: Corrective action indirectly addresses the underlying hazard 63 (42) 23 (25) 27 (40) 15 (75)
or issue via a proxy or moderately addresses the underlying issue or
hazard
Weak: Corrective action only weakly addresses the underlying hazard 126 (39) 38 (26) 51 (56) 32 (48) 5 (25)
or issue or addresses an issue not directly connected to the issue or
hazard
None / not applicable = No obvious or discernible hazard or issue could 21 (6) 0 (0) 16 (18) 5 (7) 0 (0)
be determined
Total # (%) 327 149 (1 0 0) 91 (1 0 0) 67 (1 0 0) 20 (1 0 0)
(1 0 0)

6
B. Hutchinson et al.
review or assessment of risk). Saturation for the corrective action
strength distribution emerged after approximately 25 audit reports;
audits evaluated after this point did not significantly shift the relative
total percentages of each strength category (strong (a), moderate, weak,
and None / not applicable categorisation). Resultingly, the authors are
confident that the audit sample is representative for answering the pa­
per’s specific research questions.
Fig. 1 highlights the distribution of audit corrective actions per
category. Physical-related corrective actions made up nearly half of all
actions. Despite this, administrative corrective actions (which included
the risk assessment category) made up most corrective actions.
As per Table A1 in the appendix, the most frequently assigned audit
corrective actions were to resolve incomplete or missing documents or
forms, resolve or review missing site signage, properly inspect, place, or
review emergency equipment (fire extinguishers or first aid kits), and
revise documents.
Other frequent corrective actions were to display or submit docu­
ments to stakeholders (e.g., first aid personnel posters and the like),
resolve unsigned documents or documents that had incorrect version
numbers or formatting, and undertake workplace inspections or audits.
Finally, four corrective actions relating to environmental issues were
highlighted in this sample – suggesting that either environmental
management does not play much of a role in these types of audits or
there is a lack of observable deficiencies.
Table A1 in the appendix lists the full break-down of the corrective
action descriptions from study 1.
4.2. How is the strength of corrective actions distributed?
Table 3 provides the breakdown of audit corrective action strength
per category. Of the 327 corrective actions in study 1, 126 (~39%) were
classified as “weakly connected to the physical issue or hazard”. Almost
identical was moderate strength corrective actions at 128 (~39%). A
small number (21 total or ~ 6%) had no determinable connection to an
issue or hazard.
Fifty-two corrective actions (~16%) were classified as strongly
connected to the physical hazard or issue. That is, ~78% of corrective
actions were either weakly or moderately connected to the issues they
were designed to address.
A distinct pattern was evident in the distribution of corrective action
strength. Almost all strong corrective actions were found under the
physical classification, compared to administrative categories which
had few corrective actions described as strong. This finding is unsur­
prising since administrative corrective actions are more likely to involve
levels of abstraction whereas actions focusing on physical components
tend to be more directly linked to the issue.
Next, the paper explored how corrective actions were spread across
audit reports as a function of their assigned strength; these data are not
presented in the study’s tables. In ~ 62% of reports there were no
corrective actions with a “strong” categorisation (26 of the total 42). In
balancing this point, six reports had only weak corrective actions
assigned, and in all these cases the report had only one corrective action
in total. Audit reports having strong corrective actions are less likely
than not, but it is not common for reports to only have weak corrective
actions. Instead, the norm is to have a mixture of weak and moderate-
strength corrective actions.
Just one example of a design or engineering corrective action was
found (directing for higher side road windrow height). Moreover, ex­
amples of elimination (the most preferred mitigation under the hierar­
chy of control), were found only in a limited set of corrective actions; all
these related to the elimination of incidental hazards, like slip and trip
hazards or falling object hazards (hoses suspended precariously over­
head or hanging from handrails).
7
Safety Science 169 (2024) 106348
4.3. What are the “strong” corrective actions focusing on?
In the limited number of “strong” corrective actions identified in this
sample (refer to Table A1 in the appendix), the five most frequent cat­
egories were exclusively associated with physical site conditions or
observations. These categories, in descending order, encompassed
equipment/plant unsuitability, inadequate fencing/delineation/path­
ways, subpar chemical separation/management, electrical safety con­
cerns, and risks posed by falling objects. Strong physical corrective
actions were directly linked to the immediate issues at hand. For
instance, instances included inadequate delineation of vegetation pro­
tection zones, improper positioning of an elevated work platform basket
in an open roadway, or a worker standing within a drop zone while
another worker performed tasks at height.
One notable example of a stronger administrative corrective action,
targeting a physical aspect, involved a site being advised to incorporate
the use of a water cart in the procedure for wetting down a landing zone
to enhance and facilitate aeromedical evacuations. Another adminis­
trative control aimed to strengthen the system governing explosive
blasting, particularly emphasising the responsibilities of blast activity
and outlining the work practices that process operators should follow for
halting operations via radio communication. These actions demon­
strated a clear link to the practices and processes associated with
blasting work.
Virtually all corrective actions categorised as “strong” focused on
rectifying immediate or incidental physical conditions. Audits that
specifically addressed particular topics, such as electrical safety or
hazardous chemicals, tended to yield more precise and stronger-
connected corrective actions.
As indicated in Table 3, the coding scheme did not uncover any in­
stances of systematic review or remediation of that family of issues or
hazards (category strong [b]). Additionally, no evidence was found of
auditors directing auditees to investigate the underlying causes of site or
management system issues.
4.4. What are the “weak” corrective actions focusing on?
The hierarchy of control categorises administrative corrective ac­
tions, such as procedures, as relatively weaker controls. However, our
coding scheme acknowledges that certain procedural changes can have a
significant impact on operational practices and risk control when
implemented at a deep and functional level. Therefore, corrective ac­
tions were coded based on their connection to addressing the identified
issue or hazard, rather than against the hierarchy of control. Despite this
approach, the paper found that most administrative corrective actions
were weakly linked to the issues they were intended to address.
The weakest classes of corrective actions, as outlined in Table A1 in
the appendix, consistently demonstrated the weakest connection to
addressing underlying issues. These classes included incomplete or
missing documents and forms, displaying site signage without clear
justification or hazard identification, displaying or submitting various
documents (e.g., posters or flowcharts), and inspecting, reviewing, or
placing emergency equipment. Within the category of reviewing or
placing emergency equipment, most weakly coded corrective actions
focused on minor changes to the contents or location of a first aid kit or
sign.
Incomplete or missing documents or forms, which accounted for the
highest number of corrective actions (35 in total) and the largest number
of weak corrective actions (15), consistently lacked clear links to
addressing issues or hazards. Discrepancies included incorrect times or
dates indicated on forms, minor inconsistencies between information
discussed in pre-start meetings and information stated in a site vehicle
management plan, missing information in a safe work method statement
footer, and more.
This finding is supported by other weak administrative corrective
actions. For instance, nine corrective actions centred around missing
B. Hutchinson et al.
signatures or incorrect document templates or version numbers, while
another six corrective actions required auditees to revise plan roles and
responsibilities tables. Out of the 178 administrative corrective actions
across the three categories of administrative-type actions, only seven
corrective actions focused on operational work plans or work in­
structions (usually safe work method statements). Despite their limita­
tions in application (Borys, 2012), these work plans and instructions
arguably have a closer spatial connection to directing work routines
compared to higher-level plans and artefacts.
Analysing communication-specific audit reports distinct from the
main body of 42 audits yielded additional noteworthy observations.
These reports rarely evaluated actual communication on-site. Out of a
total of 35 corrective actions or observations, only seven commented on
either 1) the content of communication, 2) the effectiveness of
communication, or 3) the quality and retention of communicated
information.
One positive example involved the auditor observing the specific
information discussed during the pre-start meeting and the tasks
assigned to the work crews for the day. In other instances, the auditor
assessed how site information was received by personnel and provided
guidance to site supervisors on improving planning, preparation for
meetings, and information exchange with personnel.
Contrarily, the remaining 28 corrective actions focused solely on
communication outputs, such as completed and signed toolboxes or pre-
start training attendance sheets, or the content displayed on notice­
boards. Consequently, most observations or corrective actions in this
sample did not assess the quality or content of communication. For
instance, numerous observations simply stated that a pre-start or
toolbox meeting took place, minutes were recorded, information was
posted on a noticeboard or saved somewhere, or the company logo on
the noticeboard was incorrect.
In conclusion, audit corrective actions regarding communication
predominantly emphasise the outputs of communication rather than the
content, reception, or value of the communication itself. This suggests
that audits may prioritise verifying the production of artefacts over
assessing the quality or content of communication. In this process, the
artefacts unintentionally overshadow the underlying issues at hand.
4.5. Study 2: Audit action comparison
Study 2 explored the differences between the corrective action as
assigned by auditors versus how the corrective action was claimed to
have been addressed by the auditee. The sample of 15 audit reports in
the second study listed 122 corrective actions.
The findings indicated that auditees addressed most corrective ac­
tions either exactly or partially as instructed by the auditor (94% of
total). In three cases there was evidence of some variance in the way the
audit corrective action was addressed versus the original wording of the
corrective action. In four cases it could not be determined how the
corrective action was addressed.
Two key observations emerged. One relates to the use of toolbox
talks and pre-start information to correct site or process deficiencies.
Although delivering toolboxes and pre-starts represented just 10% of the
total corrective actions, examples were found of toolboxes or pre-starts
being used to address the corrective action even where the corrective
action called for a non-communication response to be undertaken. For
example, one corrective action called for the auditees to develop job
safety hazard analyses that incorporate environmental hazards, and
another corrective action called for the site to consider risk management
planning focusing on mental health among the site workforce. In both
cases, a toolbox delivering information was implemented by auditees to
address the corrective actions and did not describe how these toolboxes
improved the structure of the job safety analyses or addressed mental
health on site. Three more examples highlighted how communicating at
toolboxes was used to correct physical site issues or process issues rather
than investigating how and why those site issues exist, or how to directly
8
Safety Science 169 (2024) 106348
correct them.
Finally, a host of examples were found where audit corrective actions
focused on surface compliance activities. This included changing in
documents: course names, glossaries, general wording, or formatting
and proof-reading.
4.6. Summary of key findings
In sum, key examples for our research sub-questions are:
• What are the characteristics of assigned corrective actions?
o A spread of audit corrective actions involving the rectification of
administrative defects and physical corrective actions to rectify
hazard-related defects.
o The most frequently assigned corrective actions targeting admin­
istrative aspects involved the rectification of incomplete or missing
documents, and regarding physical defects, the most numerous
corrective actions targeted the resolution of missing signage or the
inspection, placement, or review of emergency equipment.
o There is an apparent over-representation of corrective actions
involving communication (e.g., toolbox talks) even when the un­
derlying issue is not related to communication.
o Audits with an espoused focus on site communication practices
focused almost exclusively on outputs of communication and not
on communication practices per se.
• What is the strength of alignment between specific audit questions
and corrective actions?
o Weak and moderate strength corrective actions were approxi­
mately equal at ~ 39%. Most of these corrective actions were
administrative (e.g., incomplete, or missing documents) and, for
the weak corrective actions at least, a substantial proportion had
little discernible connection to a specific hazard or issue.
o 16% of corrective actions had a strong connection to a physical
hazard or issue and virtually all of these fell under the physical
category. Just one example of design or engineering improvement
corrective actions was observed. No corrective action directed
attention to the systematic investigation and resolution of a class
of issues.
o Most stronger corrective actions are related to rather trivial and
superficial physical hazards, such as inadequate signage or emer­
gency equipment (first aid kits and fire extinguishers) and slip and
trip hazards.
Drawing on the findings from studies 1 and 2, the paper now seeks to
answer the primary research question about how audits influence
decoupling.
5. Discussion
5.1. Do audits effectively reign in decoupling?
The results show that auditing in this sample rarely digs beneath
superficial matters of documentation and system administration. When
auditing does focus on operational issues then the emphasis shifts to the
remediation of trivial or incidental hazards. Indeed, it appears that au­
ditors myopically take a “find and fix” (Lundberg et al., 2009) approach
to immediate site issues rather than a deeper systematic focus on
learning and improvement; at least when it comes to assigning written
corrective actions.
Therefore, the results suggest that these audits may be a type of
masquerade - a symbolic activity optimised for confirmation of system
artefacts and surface tweaks, rather than an ongoing critical self-
examination that is both able and willing to ask substantive questions
about what the organisation believes and tells about itself and its safety.
As a result, some audits may be a sophisticated way for organisations to
avoid uncomfortable findings; successfully blinding the organisation to
B. Hutchinson et al.
necessary hard fixes.
Only 16% of corrective actions assigned to improve health and safety
management were strongly linked to a direct source of harm or safety
improvement, with the remaining corrective actions distributed across
moderate and weak categories – indicative of decoupling. Verma et al.
(2018) also found that proactive safety observations at a steel plant did
not routinely evaluate factors implicated in incidents, suggesting a poor
coupling between issues that matter and those matters under focus.
The paper’s coding scheme was selected because the authors
believed that few corrective actions would rank high on the hierarchy of
control; conversely, the paper recognised that well-designed adminis­
trative actions could theoretically have a strong connection to physical
issues. However, this made little difference to the overall findings as few
particularly deep examples and no systematic administrative changes
were found. Administrative corrective actions were the weakest class,
although just a third of physical corrective actions were also coded as
strong. These findings suggest that the issue runs deeper than whether
an audit focuses on the desktop system or practices. Aligned with the
findings from Robson et al. (2010, 2017), some audits may not be
structurally capable of delivering the expected capabilities nor sup­
porting auditors to focus systematically on improving the management
of core issues. Audits may miss important safety deficiencies and never
find those issues to begin with.
5.2. How do audits help resist decoupling?
5.2.1. Audits effectively identify readily observable site hazards
This sample of audits demonstrated characteristics that resist
decoupling. Audits successfully identified a significant percentage of
observable site-based hazards, such as slip, trip, and fall hazards,
improper PPE handling, inconsistencies in signage, chemical storage
issues, certain aspects of electrical safety (e.g., testing and tagging),
equipment not fit for purpose (e.g., requiring servicing), and frequent
problems with first aid and fire response equipment and processes. Some
of these issues can be categorised as ’housekeeping’.
Previous research supports the importance of focusing on house­
keeping. A 2003 study involving construction professionals and 100
construction accidents found that poor housekeeping and site layout
problems contributed to half of the accidents (Hide et al., 2003). More
recent data from the Norwegian inspectorate, which examined 176 se­
vere construction accidents, identified ’local hazards’—similar to those
frequently found in this audit sample—as immediate causal factors in
40% of cases (Winge et al., 2019). Additionally, Hallowell et al. (2013)
associated higher safety performance with better site housekeeping in
their Delphi-based construction study.
Audits with specific themes, such as electrical safety or hazardous
chemical audits, were more likely to involve subject matter experts and
uncover physical deficiencies in the workplace compared to audits with
a broader health and safety focus. Specific-themed audits allow for a
deeper exploration of actual work conditions and processes beyond
surface observations. Furthermore, the audit observations generally
aligned with the audit questions, indicating that more specific criteria
can be developed for important organisational matters. However,
excessive specificity may limit the auditor’s scope.
Finally, a positive finding is that the study identified only 21 cases
where the corrective actions could not be linked to a direct or indirect
source of physical harm or safety-related matters. This suggests that the
audit corrective actions and their associated criteria have a satisfactory
level of content validity (Robson & Bigelow, 2010). In other words, the
audit instrument can identify some issues at a high-level, although it
may not be precise enough for all purposes.
5.2.2. Audits effectively identify the presence of expected safety artefacts
The finding that most administrative corrective actions were deemed
weakly connected to the relevant issue does not necessarily imply the
lack of validity or significance of these corrective actions.
9
Safety Science 169 (2024) 106348
Part of the audit’s role is to ensure the presence, currency, and
alignment of expected system artefacts (e.g., plans, registers, training
records) with predefined criteria. This sample unquestionably confirms
that health and safety audits address these aspects. To demonstrate, of
the 178 administrative corrective actions:
• 35 focused on missing or incomplete documents and forms deemed
necessary by system requirements or the auditor;
• 14 corrective actions directed auditees to revise or review
documents;
• 9 corrective actions directed attention to non-compliance with
version control, formatting, template type, or the storage location of
documents; and
• 10 corrective actions focused on undertaking risk assessments due to
some type of gap in the identification, analysis, or management of
hazard exposures.
While the paper argues in the following section that addressing
formatting, document structure, and grammar primarily reflects surface
compliance activities, these actions can still enhance the understand­
ability and clarity of the respective processes. Other corrective actions
also support the potential strengths of audits. For instance, one admin­
istrative corrective action focused on improving the use of a water cart
during emergencies, while another recommended tightening the
explosive blasting process for operators. These actions are primarily
aimed at enhancing planning and work. Similarly, various corrective
actions identified gaps in daily sign-on/sign-off or pre-start/toolbox
completion, such as missing signatures of on-site employees, or de­
ficiencies in induction records. Two additional corrective actions
addressed the issue of missing persons in drug and alcohol testing, which
is crucial for workplace safety assurance, although efficacy data on this
matter are weak and inconsistent (Alfred et al., 2020; Pidd et al., 2016;
Pidd & Roche, 2014).
It is important to note that these findings are limited due to the small
number of observations. However, these examples suggest that audits
can be effective in uncovering inconsistencies or areas for improvement
when comparing planned arrangements (work-as-imagined) with actual
on-site practices or conditions (work-as-done).
Finally, only five administrative corrective actions called for the
development of new processes or documents. This indicates that, in this
sample, health and safety audits do not excessively contribute to safety
clutter (Rae et al., 2018) by requesting new artefacts.2
5.3. How do audits hinder the prevention of decoupling?
5.3.1. Audits focused on “surface compliance”
Two variations of surface compliance were found.
5.3.1.1. An “illusion of depth” where superficiality replaces depth. The
findings throughout this audit sample revealed numerous instances of
superficial corrective actions; similar in principle to the ’illusion of
explanatory depth’ (Rozenblit & Keil, 2002). Auditors tended to address
immediate issues through corrective actions without calling for the
investigation of the underlying causes. For example, one corrective ac­
tion addressed the replacement of an excavator quick-hitch split pin
with a plastic cable tie, but no recommendation was made to evaluate
why such a safety–critical element was not appropriately managed.
Additionally, no instances were observed of corrective actions directing
auditees to systematically rectify a family of issues related to any audit
criterion (strong category [b], Table 2).
The illusion of depth suggests that auditors may appear to uncover
critical deficiencies related to audit criteria, but often fail to delve
2
But not ruling out other types of clutter, which would require further
research to elucidate.
B. Hutchinson et al.
beyond surface-level symptoms. Corrective actions rarely question the
functioning, purpose, or effectiveness of a process. Instead, auditors may
focus on the presence of a document as evidence of a process working or
make minor adjustments to terminology or references in procedures. For
instance, corrective actions may call for the addition or revision of tables
of roles and responsibilities for site personnel without a clear rationale
or expected impact on operational issues.
Relating to roles and responsibilities, only one out of the six
corrective actions demonstrated a goal-directed focus on addressing a
specific deficiency, while the others lacked a discernible reason for their
implementation or expected effect on operational issues. Similar find­
ings have been reported in accident investigation research in the con­
struction industry, where corrective actions such as toolbox talks were
identified without clear explanations of their content, purpose, or
effectiveness measurement (Woolley et al., 2018, p. 6).
Specific-themed audits, such as electrical audits, performed better
than general health and safety audits. Electrical audits were more likely
to go beyond the presence of statements in plans and identify physical
deficiencies in the workplace. However, when evaluating electrical
safety under general-scope audits, the focus mainly revolved around
inspecting testing tags and residual current devices, indicating a ten­
dency to prioritise superficial aspects of safety without input from
subject matter experts. The expertise and experiences of the stake­
holders involved have been observed to influence the findings in inci­
dent investigations as well (Goncalves Filho et al., 2019, 2021).
Therefore, it is not substantiated to suggest that auditors should
solely emphasise the physical site inspection component of audits, as
surface compliance activities already dominate such inspections,
including cleanliness, housekeeping, and signage.
5.3.1.2. Artefacts take on the guise of the issue. The second variation of
surface compliance involves auditors frequently focusing on revising
artefacts without adequately addressing the underlying physical issues.
This variation aligns with prior work (Hayes & Hopkins, 2015; Longford
Royal Commission, 1999) that highlights how highly symbolic safety
systems can shift attention towards managing system artefacts, such as
document tweaking and production, rather than effectively addressing
operational issues.
Two examples illustrate this point. In the first example, the audit
question assesses whether all major hazards on the site have been
identified. The auditor accepts a “completed” site risk register as evi­
dence of a thorough assessment of risks. In the second example, the audit
question concerns the application of a specific process at the site, and the
existence of the process’s flowchart on a noticeboard is deemed suffi­
cient evidence of its implementation. However, having a site risk reg­
ister does not guarantee the identification of all major hazards, and
displaying a flowchart does not indicate the actual usage of the process.
Despite being treated as approximately equivalent, these artefacts do not
serve as direct evidence of the desired outcomes.
Another notable observation is that auditors seldom discuss hazards
beyond immediate physical observations during site inspections. When
hazards or issues are addressed, the focus is primarily on safety artefacts
rather than directly engaging with the issues themselves. For instance,
work instructions, job safety analyses, and safe work method statements
are emphasised when evaluating work-related matters, while risk reg­
isters, plans, and permits are emphasised when assessing site hazards.
Traffic hazards are discussed in the context of vehicle and traffic plans,
and site safety inspections revolve around the monthly site inspection
schedule as the applicable unit of analysis.
In these examples, the call for artefact changes aims to establish a
presumed connection to the physical issue or work. However, in many
cases, these artefacts have limited direct relevance to the actual work. By
prioritising artefact adjustments over practice changes (Pentland &
Feldman, 2008), audits may inadvertently lead to goal displacement,
where issues are transformed into audit scores and inappropriately
10
Safety Science 169 (2024) 106348
prioritised (Blewett & O’Keeffe, 2011). Additionally, real issues may be
formalised within the safety system, with stakeholders believing that the
issues will be adequately addressed, as observed in Oswald et al.’s
(2018) study on safety observation reporting in construction. In essence,
audits can inadvertently shift the focus towards managing artefacts
rather than fulfilling their functional purpose.
5.3.2. Audits or audit methodology could not identify particular issues
Two variations were found for audits lacking certain capabilities to
identify issues.
5.3.2.1. A lack of connection between the requirements and specifications.
In terms of organisational safety management, a distinction exists be­
tween requirements and specifications. Requirements outline the over­
arching goal or problem to be addressed, the ’why,’ while specifications
describe the intended behaviour or corrective actions to achieve that
goal, the ’how’ (Jackson, 2010; Jackson, 2001). For example, the re­
quirements of a mine ventilation plan pertain to managing mine venti­
lation, while the specifications encompass the various methods the
organisation employs to fulfill that goal. However, a discrepancy may
arise when adding, removing, or modifying specifications does not
effectively align with the overarching requirements.
This audit sample revealed a similar phenomenon. It highlighted
numerous instances of corrective actions focusing on minor specifica­
tions, such as signatures, templates, version numbers, footer informa­
tion, generic site signage, and an array of non-displayed posters or
forms. These minor details often display weak connections to the process
requirements, the very issues they are meant to address. Out of 58
corrective actions related to the aforementioned factors, only two
demonstrated a strong connection to the issue.
Confusion between requirements and specifications is evident in
other instances as well. One corrective action highlighted an inconsis­
tency where an emergency assembly point was, positively, acknowl­
edged during the pre-start meeting (indicating an awareness of the
control), but it had not been documented. Another action requested
additional information to be included in the vehicle management plan,
including parking spots. However, the audit reports failed to specify the
actual deficiency or explain the value derived from adding such
information.
Other noteworthy corrective actions emerge. In one case, a correc­
tive action implied that site safety inspections were not being conducted,
yet the recommendation focused solely on updating the site inspection
schedule to reinstate the inspection activity, rather than addressing the
lack of inspections themselves. Similarly, when asked about the appli­
cation of a specific process in practice, the auditor simply requested that
the process’s flowchart be displayed on a noticeboard, without assessing
whether the activity was taking place. Once again, the auditor
emphasised a specification with only a weak connection to the under­
lying issue.
One implication of our work on enabling devices is the disconnection
between how safe members of an organisation believe the organisation
to be, versus members’ actual exposure to harm. The paper underscored
how these mechanisms divert organisational efforts away from
addressing the most crucial issues at hand (Hutchinson et al., 2022). For
instance, an organisation may emphasise the importance of effective
training in its management plans and inductions but allocate insufficient
resources to conduct thorough training and verify its quality and
completion. Similarly, these findings indicate that audit corrective ac­
tions often direct organisations to address issues of lesser importance or
relevance.
Considering this section, the paper argues that auditing should pri­
marily focus on verifying the effectiveness of a system or component
(requirements) rather than merely confirming its presence, display, or
documentation – the various specifications. Nonetheless, the bulk of the
paper’s evidence suggests that audits predominantly centre around
B. Hutchinson et al. Safety Science 169 (2024) 106348

checking for the existence of components with limited critical exami­ Table A1
nation of whether those components are functioning as intended. This Frequency of the strength of corrective actions listed per description.
finding aligns with the key observation made in the 2005 Buncefield oil Strength per class None Weak Moderate Strong
storage facility fire report, where accepting the presence of a system as (a)
evidence without evaluating its usage proved detrimental (COMAH Physical action descriptions
Competent Authority, 2011). Animals 0 0 0 1
Chemical separation/management 0 1 2 5
5.3.3. Signatures provide symbolic value Dust/hygiene 0 0 0 1
Electrical safety 0 0 1 5
The paper previously argued that excessive reliance on symbolic Environment 0 2 0 2
artefacts, particularly relating to the effectiveness of safety plans, doc­ Equipment/plant not fit for purpose 0 1 1 6
uments, and systems, can pose increased risks to organisations (Hutch­ Falling objects 0 0 0 3
inson et al., 2022). This is partly because individuals may perceive Fencing/delineation/pathways 0 1 2 6
Hazardous conditions 0 0 3 2
things to be safer than they are simply because a process is in place,
Housekeeping/site maintenance 0 3 4 1
despite the underlying issues remaining unaddressed. Inadequate emergency preparedness 0 0 0 1
This paper identified several corrective actions that placed undue awareness
emphasis on the presence or absence of a signature on a safety artefact, Noise generation 0 0 0 1
which the paper contends exemplifies misplaced symbolism. Corrective Other hazards or issues 0 1 2 0
Plant servicing/maintenance 0 2 1 0
actions referred to signatures on risk assessments or safe work method Pre-start inspection 0 0 1 0
statements as if they were synonymous with worker comprehension and Review communication 0 1 1 0
agreement to the document’s conditions. In the latter case, obtaining a Rigging and lifting equipment 0 0 0 2
signature on a plant risk assessment was treated literally as an Site maintenance 0 1 1 0
Slips/trips/falls 0 1 4 0
acknowledgment of the content within the assessment itself. Other
Test/tag 0 0 5 1
research supports this observation regarding the perceived role of sig­ Vehicle separation/parking 0 0 2 0
natures on safe work method statements (Pillay, 2023). Vehicles, vehicle movement 0 0 3 2
Likewise, our findings indicate that signatures carry significant PPE 0 2 0 1
symbolic value in confirming that a task has been completed or that Administrative-related action
descriptions
understanding has been internalised. However, these are distinct mat­
Define roles/responsibilities 1 3 1 0
ters. It is possible to sign something without fully grasping its content or Develop or review register 0 6 6 0
the operational implications that may ensue. Safety management ac­ Display or submit document 6 6 0 0
tivities, such as the development and refinement of plans, work in­ Improving resourcing or HR 0 1 0 0
arrangements
structions, and registers, may not necessarily influence the issues they
Incomplete or missing document/form 3 15 16 1
are believed to address (Hutchinson et al., 2022). IT 0 2 0 0
The importance of signatures on work permits was also highlighted Maintain records 0 1 0 0
in the Piper Alpha disaster (Cullen, 1990), where the absence of signa­ New process/document 0 4 1 0
tures was among several factors indicating an ineffectively implemented Out-of-date documents 0 1 0 0
Outstanding audit actions 0 0 2 0
permit-to-work system. As demonstrated in this audit sample and
Reporting system/KPIs 0 3 0 0
potentially at Piper Alpha, signatures alone may only weakly correlate Revise or review document 4 7 2 1
with the physical issues at hand, without additional contextual infor­ Send document to a stakeholder 1 0 0 0
mation such as knowledge of the process or issues involved, and the Sign document 0 9 0 0
Undertake an audit 0 4 3 0
work undertaken to carry out the process.
Undertake risk review/assessment 0 2 8 0
To summarise this effect, this paper proposes that the pursuit of Update or review training records or 0 8 1 0
signatures may introduce a potent form of symbolic verification—a training needs
subjective assurance for auditors. Consequently, this symbolic verifica­ Vehicle pre-start 0 0 2 0
tion can pull audits towards their enabling function, detached from the Version control, format, template, or 5 2 2 0
storage location
core issues they are intended to address.
Mixed physical / administrative
action descriptions
6. Limitations Deliver toolbox, information, or 0 4 3 0
committee meeting
Deliver training 0 4 6 1
Some limitations are present in this study. The first challenge is
Display/review signage 0 14 11 2
external validity. Whilst this study included 71 audit reports (across the Enhance communication & consultation 0 0 2 0
main sample of 42 audit reports, 14 additional communication audit Inspect / review / place emergency 1 11 14 2
reports, and then another 15 matched audit reports), from a range of equipment (fire extinguisher, first aid,
different auditors, auditing organisations, and for a range of different spill kit)
Not following established process 0 1 5 2
purposes, no sample of health and safety audits could be considered Permit to work 0 0 1 1
truly representative of all audits. External validity is also limited by the Schedule, review or practice emergency 0 0 3 1
single organisational context (albeit the sample did include 16 external preparations or evacuation
and independent audit providers). Future research drawing on a larger Undertake workplace inspection or 0 2 6 1
review of inspection schedule
sample from multiple organisations would address this limitation.
The audit reports also did not focus on less-tangible facets of
organisational performance, like psychosocial factors, power distribu­ managing the most serious issues. Thus, what was left in the audit re­
tions, or climates/cultures. ports were the remaining, lower consequence issues needing resolution.
Another limitation is that our conclusions are based only on what
auditors or auditees chose to comment on in the reports. It is conceivable 7. Conclusion
that auditors verbally discussed various issues and positive observations
in depth that did not get transcribed into written reports. Another pos­ Audits are positioned in contemporary organisations as critical
sibility is that the project sites under review generally were good at

11
B. Hutchinson et al.
checks of whether their safety management systems are functioning as
intended. The paper tested this assumption by investigating 71 audit
reports from a large, Australian provider of integrated services.
This evidence highlights that audits, largely, were assigning correc­
tive actions focused on the evaluation and modification of safety arte­
facts, conflating the presence of a document as evidence of the
effectiveness of the process. Namely, audits: a) focused on surface
compliance activities, and b) lacked a focus on critical components or
had a methodology lacking capability to identify particular issues.
These findings suggest that some auditing approaches may be at risk
of tweaking documents or addressing insignificant physical issues at the
expense of properly addressing critical issues or hazards. That is, while
providing a false veneer that these issues are being appropriately
managed: the audit masquerade.
These results have implications for the organisational logic of why an
audit is needed and what benefits and outcomes audits are expected to
deliver.
CRediT authorship contribution statement
Ben Hutchinson: Conceptualization, Methodology, Formal Anal­
ysis, Investigation, Writing - original draft, Writing - review & editing.
Sidney Dekker: Writing - review & editing. Andrew Rae: Conceptu­
alization, Methodology, Validation, Writing - review & editing,
Supervision.
Declaration of Competing Interest
The authors declare that they have no known competing financial
interests or personal relationships that could have appeared to influence
the work reported in this paper.
Appendix
Table A1.
References
Alfred, L., Limmer, M., Cartwright, S., 2020. An integrative literature review exploring
the impact of alcohol workplace policies. Int. J. Workplace Health Manag.
Alruqi, W.M., Hallowell, M.R., 2019. Critical success factors for construction safety:
Review and meta-analysis of safety leading indicators. J. Constr. Eng. Manag. 145
(3), 04019005.
Batalden, B.-M., Sydnes, A.K., 2015. Auditing in the maritime industry: A case study of
the offshore support vessel segment. Saf. Sci. Monit. 19 (1), 3.
Bender, R. (2006). What is an Effective Audit, and How Can You Tell? Paper prepared for the
Audit Committee Chair Forum. Cranfield University School of Management, United
Kingdom.
Bigelow, P., Robson, L., 2005. Occupational health and safety management audit
instruments: A literature review. Institute for Work & Health.
Bjelle, S.L., Sydnes, A.K., 2019. Auditing Industrial Safety Management: A Case Study.
Int. J. Manag. Knowl. Learn. 8 (1), 43–59.
Blewett, V., O’Keeffe, V., 2011. Weighing the pig never made it heavier: Auditing OHS,
social auditing as verification of process in Australia. Saf. Sci. 49 (7), 1014–1021.
Borys, D., 2012. The role of safe work method statements in the Australian construction
industry. Saf. Sci. 50 (2), 210–220. https://doi.org/10.1016/j.ssci.2011.08.010.
Center for Chemical Process Safety. (2011). Guidelines for Auditing Process Safety
Management Systems. Second Edition. John Wiley & Sons.
U.S. Chemical Safety and Hazard Investigation Board. (2009). Imperial Sugar Company
Dust Explosion and Fire. https://www.csb.gov/.
U.S. Chemical Safety and Hazard Investigation Board. (2012a). E. I. DuPont De Nemours
Co. Fatal Hotwork Explosion. https://www.csb.gov/.
U.S. Chemical Safety and Hazard Investigation Board. (2012b). Hoeganaes Corporation
Fatal Flash Fires. https://www.csb.gov/.
U.S. Chemical Safety and Hazard Investigation Board. (2017). AirGas Facility Fatal
Explosion. https://www.csb.gov/.
COMAH Competent Authority. (2011). Buncefield: Why did it happen? The underlying
causes of the explosion and fire at the Buncefield oil storage depot, Hemel
Hempstead, Hertfordshire on 11 December 2005. http://www.hse.gov.uk/comah
/buncefield/buncefield-report.pdf.
Cullen, W., 1990. The public inquiry into the Piper Alpha disaster. H.M, Stationery
Office.
12
Safety Science 169 (2024) 106348
Downer, J., 2013. Disowning Fukushima: Managing the credibility of nuclear reliability
assessment in the wake of disaster. Regulation & Governance 287–309. https://doi.
org/10.1111/rego.12029.
Fernández-Muñiz, B., Montes-Peón, J.M., Vázquez-Ordás, C.J., 2012. Occupational risk
management under the OHSAS 18001 standard: Analysis of perceptions and
attitudes of certified firms. J. Clean. Prod. 24, 36–47.
National Patient Safety Foundation. (2016). RCA2: Improving root cause analyses and
actions to prevent harm.
Gallagher, C., Underhill, E., Rimmer, M., 2001. OHS Management Systems: A Review of
their Effectiveness in Securing Healthy & Safe Workplaces. National Occupational
Health and Safety Commission, Commonwealth of Australia.
Gallagher, C., Underhill, E., Rimmer, M., 2003. Occupational safety and health
management systems in Australia: Barriers to success. Policy and Practice in Health
and Safety 1 (2), 67–81.
Goncalves Filho, A.P., Jun, G.T., Waterson, P., 2019. Four studies, two methods, one
accident–An examination of the reliability and validity of Accimap and STAMP for
accident analysis. Saf. Sci. 113, 310–317.
Goncalves Filho, A.P., Waterson, P., Jun, G.T., 2021. Improving accident analysis in
construction–Development of a contributing factor classification framework and
evaluation of its validity and reliability. Saf. Sci. 140.
Hallowell, M.R., Hinze, J.W., Baud, K.C., Wehle, A., 2013. Proactive construction safety
control: Measuring, monitoring, and responding to safety leading indicators.
J. Constr. Eng. Manag. 139 (10).
Hassan, N.A., Mohammad Zailani, S.H., Hasan, H.A., 2021. A Meta-analysis of Integrated
Internal Audit Management Effectiveness towards Business Sustainability. Pertanika
J. Soc. Sci. Human. 29.
Hayes, J., & Hopkins, A. (2015). Nightmare Pipeline Failures: Fantasy Planning, Black Swans
and Integrity Management. CCH Australia Limited.
Hibbert, P.D., Thomas, M.J., Deakin, A., Runciman, W.B., Braithwaite, J., Lomax, S.,
Prescott, J., Gorrie, G., Szczygielski, A., Surwald, T., 2018. Are root cause analyses
recommendations effective and sustainable? An observational study. Int. J. Qual.
Health Care 30 (2), 124–131.
Hide, S., Atkinson, S., Pavitt, T. C., Haslam, R., Gibb, A. G., & Gyi, D. E. (2003). Causal
factors in construction accidents. Research report 156. Health and Safety Executive.
https://www.hse.gov.uk/Research/rrpdf/rr156.pdf.
Hohnen, P., Hasle, P., 2011. Making work environment auditable–A ‘critical case’ study
of certified occupational health and safety management systems in Denmark. Saf.
Sci. 49 (7), 1022–1029.
Hopkins, A., 1999. Managing Major Hazards: The Lessons of the Moura Mine Disaster.
Allen & Unwin.
Hopkins, A., 2015. Lessons From Longford: The Esso Gas Plant Explosion. CCH Australia
Ltd.
Hu, X., Yeo, G., Griffin, M., 2020. More to safety compliance than meets the eye:
Differentiating deep compliance from surface compliance. Saf. Sci. 130.
Hutchinson, B., Dekker, S., Rae, A., 2022. Writing plans instead of eliminating risks: How
can written safety artefacts reduce safety? Saf. Sci. 151.
International Labour Office. (2001). Guidelines on occupational safety and health
management systems, ILO-OSH 2001.
Jackson, M.A., 2001. Problem Frames: Analysing and Structuring Software Development
Problems. Addison-Wesley/ACM Press.
Jackson, D. (2010). Worked example of a problem from Leveson’s “Safer World”. https://
people.csail.mit.edu/dnj/talks/veldhoven10/comments-on-leveson-interlock-ex
ample.pdf.
Le Coze, J., 2005. Are organisations too complex to be integrated in technical risk
assessment and current safety auditing? Saf. Sci. 43 (8), 613–638.
Le Coze, J.-C., Dupre, M., 2012. Is it time, in the process industry, to question the limits
of safety audits? Hazards XXIII 244–254.
Lindsay, F., 1992. Successful health and safety management. The contribution of
management audit. Saf. Sci. 15 (4–6), 387–402.
Lingard, H., Hallowell, M., Salas, R., Pirzadeh, P., 2017. Leading or lagging? Temporal
analysis of safety indicators on a large infrastructure construction project. Saf. Sci.
91, 206–220.
Longford Royal Commission. (1999). The Esso Longford gas plant accident: Report of the
Longford Royal Commission. Govt. Printer for the State of Victoria.
Lundberg, J., Rollenhagen, C., Hollnagel, E., 2009. What-You-Look-For-Is-What-You-
Find–The consequences of underlying accident models in eight accident
investigation manuals. Saf. Sci. 47 (10), 1297–1311.
Martinov-Bennie, N., O’Neill, S., Cheung, A., Wolfe, K., & Australia, S. W. (2014). Issues
in the assurance and verification of work health and safety information. Safe Work
Australia.
McInerney, P. (2005a). Special Commission of Inquiry into the Waterfall Rail Accident. Final
Report. Volume 1. January 2005. https://nraspricms01.blob.core.windows.net/asse
ts/documents/Waterfall-Rail-Accident/Waterfall-final-report-Volume-1.pdf.
McInerney, P. (2005b). Special Commission of Inquiry into the Waterfall Rail Accident. Final
Report. Volume 2. January 2005. https://nraspricms01.blob.core.windows.net/asse
ts/documents/Waterfall-Rail-Accident/Waterfall-final-report-Volume-2.pdf.
Moroney, R., 2010. Auditing: A practical approach. John Wiley & Sons.
Oswald, D., Sherratt, F., Smith, S., 2018. Problems with safety observation reporting: A
construction industry case study. Saf. Sci. 107, 35–45.
Pentland, B.T., Feldman, M.S., 2008. Designing routines: On the folly of designing
artifacts, while hoping for patterns of action. Inf. Organ. 18 (4), 235–250.
Petroleum Safety Authority. (2005). Investigation of gas blowout on Snorre A, Well 34/7-
P31A, 28 November 2004. http://www.wellintegrity.net/Documents/PSA%20Inve
stigation%20of%20Snorre%20Blowout.pdf.
B. Hutchinson et al.
Pidd, K., Kostadinov, V., Roche, A., 2016. Do workplace policies work? An examination
of the relationship between alcohol and other drug policies and workers’ substance
use. Int. J. Drug Policy 28, 48–54.
Pidd, K., Roche, A.M., 2014. How effective is drug testing as a workplace safety strategy?
A systematic review of the evidence. Accid. Anal. Prev. 71, 154–165.
Pillay, M., 2023. Resilience Engineering and Safe Work Method Statements in
Construction Projects. In: Human-Automation Interaction. Springer, pp. 639–651.
Power, M., 1999. The Audit Society: Rituals of Verification. Oxford University Press.
Pratt, M.G., Rafaeli, A., 1997. Organizational dress as a symbol of multilayered social
identities. Acad. Manag. J. 40 (4), 862–898.
Rae, A.J., Alexander, R.D., 2017. Probative blindness and false assurance about safety.
Saf. Sci. 92, 190–204.
Rae, A., Provan, D., Weber, D., Dekker, S., 2018. Safety clutter: The accumulation and
persistence of ‘safety’ work that does not contribute to operational safety. Policy and
Practice in Health and Safety 16 (2), 194–211.
Robson, L.S., Bigelow, P.L., 2010. Measurement properties of occupational health and
safety management audits: A systematic literature search and traditional literature
synthesis. Can. J. Public Health 101 (1), S34–S40.
Robson, L.S., Macdonald, S., Van Eerd, D.L., Gray, G.C., Bigelow, P.L., 2010. Something
Might be Missing From Occupational Health and Safety Audits: Findings From a
Content Validity Analysis of Five Audit Instruments. J. Occup. Environ. Med. 52 (5),
536–543. https://doi.org/10.1097/JOM.0b013e3181dbc87c.
Robson, L.S., Ibrahim, S., Hogg-Johnson, S., Steenstra, I.A., Van Eerd, D., Amick III, B.C.,
2017. Developing leading indicators from OHS management audit data: Determining
the measurement properties of audit data from the field. J. Saf. Res. 61, 93–103.
Rozenblit, L., Keil, F., 2002. The misunderstood limits of folk science: An illusion of
explanatory depth. Cognit. Sci. 26 (5), 521–562.
Safe Work Australia. (2011). How to manage work health and safety risks: Code of Practice.
https://www.safeworkaustralia.gov.au/system/files/documents/1702/how_to_m
anage_whs_risks.pdf.
13
Safety Science 169 (2024) 106348
Safe Work Australia. (2013). The effectiveness of work health and safety interventions by
regulators: A literature review. https://www.safeworkaustralia.gov.au/system/files
/documents/1702/effectiveness-whs-interventions-by-regulators-literature-review.
pdf.
Salas, R., Hallowell, M., 2016. Predictive validity of safety leading indicators: Empirical
assessment in the oil and gas sector. J. Constr. Eng. Manag. 142 (10).
Shah, M., 2012. Ten years of external quality audit in Australia: Evaluating its
effectiveness and success. Assess. Eval. High. Educ. 37 (6), 761–772.
Shaw, A., Blewett, V., Stiller, L., Aickin, C., Cox, S., Ferguson, S., Frick, K., 2007. Digging
Deeper: Wran Consultancy Project Final Report. NSW Department of Primary
Industries, Sydney.
Standards Australia / Standards New Zealand. (2019). AS/NZS ISO 19011:2019:
Guidelines for auditing management systems. https://www.techstreet.com.
Tackett, J., Wolf, F., Claypool, G., 2004. Sarbanes-Oxley and audit failure: A critical
examination. Manag. Audit. J. 19 (3), 340–350.
The BP US Refineries Independent Safety Review Panel. (2007). The Report of the BP US
Refineries Independent Safety Review Panel. http://www.csb.gov/assets/1/19/Bake
r_panel_report1.pdf.
Verma, A., Chatterjee, S., Sarkar, S., Maiti, J., 2018. Data-driven mapping between
proactive and reactive measures of occupational safety performance. In: Industrial
Safety Management. Springer, pp. 53–63.
Winge, S., Albrechtsen, E., Mostue, B.A., 2019. Causal factors and connections in
construction accidents. Saf. Sci. 112, 130–141.
Wood, L.J., Wiegmann, D.A., 2020. Beyond the corrective action hierarchy: A systems
approach to organizational change. Int. J. Qual. Health Care 32 (7), 438–444.
Woolley, M.J., Goode, N., Read, G.J., Salmon, P.M., 2018. Moving beyond the
organizational ceiling: Do construction accident investigations align with systems
thinking? Hum. Factors Ergon. Manuf. Serv. Ind. 28 (6), 297–308.
Workcover NSW. (2014). National self-insurer OHS management system audit tool. https
://content.api.worksafe.vic.gov.au/sites/default/files/2018-06/National_self-insur
er_OHS_management_system_audit_tool_Version_3.pdf.