Earlier this week I fielded an inquiry about a matter that the person thought might be a Sarbanes Oxeley issue. I stressed that the auditing I do is not to be confused with that which would satisfy Sarbanes Oxeley, as such audits were done on accounting systems and needed specific competencies.
But that doesn't let me off the hook for auditing against safety and environmental laws, as I am the site internal auditor for those systems plus QMS, and now also Process Safety Management. I can't be expected to know and audit against details within the various laws, codes and regulations, especially in different states and countries.
However, I am responsible for verifying my organization has a functioning system in place that does identify the requirements, make plans and allocate for meeting them, executes defined processes to support the effort and self assesses for effectiveness. In other words, I am a management systems auditor and not an inspector.
That doesn't mean I can't or shouldn't call out something specific if I have the competencies to recognize it. If I see and recognize something like fall hazard or lockout tagout violation, I am arguably ethically required to report it to my organization for immediate action, and I should also pursue it as a question of how these requirements are being missed. ("Why does it take me to find and raise this issue - don't we know what we're supposed to do?") Ethically, IMO (not humble) I should do this whether or not I noticed it during an audit.
I can't find the reference now, but I remember having it drilled into me years ago that regulations were at the tippy-top of the document hierarchy. Even if that simply means their requirements never get nullified or diluted by lower level documentation, in my work I have always maintained they are "on the table" at all times.
Does this mean I am the site expert and authority on the subject? Certainly not, nor do I claim to be. It means that if I see something that I think is questionable based on my education, training and experience, I raise it with the site responsible person and area manager for his/her more expert review and disposition.
Here's what it looks like: recently I raised a question of flammable lockers' compliance to NFPA 30. It was discovered during review that there were conflicting codes; the site eventually chose to go with the local versus federal code because it was stricter and more likely to get audited by code inspectors. Fine; the issue that I raised was resolved by the people who have the responsibility, authority and expertise to do so, yet the issue was resolved because I raised it as one during an internal audit.
Overkill? Maybe. But we in this facility are more compliant and perhaps safer than before, and I didn't go out on a limb to do my part.
Safety is everyone's job - mine too.
