Guidance Document

OSHAD
AUDIT
GUIDELINE

First Issue
2016
Important Disclaimer:
The contents of this document are intended solely for the purpose of guidance and awareness.
Users shall refer to www.oshad.ae for the published version of the OSHAD-SF. If any conflict is
found between the requirements listed within this document and those within the OSHAD-SF, the
requirements within the OSHAD-SF shall prevail.
The aim of the guideline is to raise awareness on OSHAD SF requirements by sharing the following:

a) Positive points which are considered as good initiatives adapted by some entities. These points
are intended to encourage / inspire the entities on OSH initiatives.
b) Noncompliances (NCs) are considered gaps which require corrective action. These NCs are
listed which are the most commonly observed in the entities.
Contents:

1. Introduction 01

2. Purpose 01

3. Audit Terms Definitions 02

4. OSHAD Audit Process 03

5. Entities Roles & Responsibilities 08

6. Audit Process Summary 09

7. Detailed Requirements 10

7.1 OSH Policy 11

7.2
OSH Roles and Responsibilities 12

7.3
OSH Targets and Objectives 13

7.4
Legal Compliance 14

7.5
Risk Management 15

7.6
Management of Contractors 18

7.7
Emergency Management 20

7.8
Operational Procedures 23

7.9
Management of Change 25

7.10
Training and Competency 26

7.11
Incident Reports and Investigation 29

7.12
Communication and Consultation 31

7.13
Inspection and Audit 33

7.14
OSH Performance Monitoring 35

7.15 Document Control and Record Retention 37

7.16
Management Review 38

8. References 39
 1. Introduction:

In February 2010, Abu Dhabi Occupational Safety and Health Center (OSHAD)
was established to ensure the implementation of a comprehensive and integrated
management system for occupational safety and health (OSH) and to oversee all
OSH issues at Emirate level, to ensure reduction of incidents, injuries and illnesses
and provision of safe and healthy workplaces.

2. Purpose:

As part of OSHAD’s endeavor to ensure the implementation of Abu Dhabi

Occupational Safety and Health System Framework (OSHAD-SF) requirements
which will lead to the provision of safe and healthy workplaces for all in Abu Dhabi
Emirate. This Guideline has been developed to explain OSHAD-SF requirements,
and highlight audit findings for improving compliance of OSHAD-SF requirements.

The guideline includes OSHAD Audit Process and selected findings of OSHAD
OSHMS Compliance Audits. The aim of providing examples from OSHAD audits
including positive points and noncompliance is to clarify compliance expectations
and ensure effective implementation of an OSHMS.

Therefore, this guideline is intended to contribute to both (a) enhancing entity’s

understanding of compliance requirements and (b) improving internal auditors
and practitioners’ skills in the government and private sector.

First Issue
01
 Guidance Document - OSHAD Auditing Process

3. Audit terms Definitions:

A systematic, independent and documented process for obtaining audit

Audit: evidence and evaluating it objectively to determine the extent to which audit
criteria are fulfilled.
Audit Criteria: A set of policies, procedures or requirements (used as a reference).
The boundaries of audit, i.e. location, organizational units, activities and
Audit Scope: processes to be audited.
A person who is registered by OSHAD based on Qudorat requirements,
Auditor:
international standards, experience and qualifications in conducting OSH
audits.
A person who is registered by OSHAD as «Lead Auditor» based on Qudorat
Lead Auditor:
requirements, international standards, experience and qualifications in
conducting OSH audits.
Audit Evidence: Implies records, statements of facts or other information relevant to the
audit criteria and verifiable
Objective Evidence: Qualitative or quantitative information, records, or statements of
fact, pertaining to implementation of OSHMS based on observation,
measurement, or test, and which can be verified.
OSHAD Audit Findings: Positive Point:
Worth mentioning points of strength, good practice which organization
should continue.
Satisfactory:
Fully meets requirements and expectations and effectively implemented.
Observation:
Requirements and expectations are met, but with minor inadequacies
or omissions and/ or in the opinion of the auditor preventive action will
improve effectiveness of the implemented OSHMS; corrective action is not
mandatory.
Minor Non Compliance:
Issues which reduce the effectiveness of the OSHMS implementation, partial
breakdown of a process of OSHAD-SF; corrective action is mandatory
Major Non Compliance:
Issues which can result in harm to human health & safety or a complete
breakdown of a process of OSHAD-SF or ‘Minor NC’ which is observed
consistently in the organization; corrective action is mandatory.
Corrective Action: Steps that are taken by an entity to remove the causes of a non conformity
or undesirable situation. The corrective action aims to prevent the
recurrence of non-conformities or undesirable situations.

2016
02
 4. OSHAD Audit Process:

This section presents OSHMS Compliance Audit Process. The objective of presenting
OSHAD Audit Process is to help the entities in understanding expectations on
establishing an OSHMS Audit Program.

Entities’ OSHMS Audit program shall comply with the OSHAD-SF requirements
including:

• OSHAD SF Elements
• OSHAD SF Technical Guidelines

4.1 Before the Audit

The pre-audit phase includes preparation of the audit schedule, determining the
scope of the audit, formation of the audit team and developing the audit plan of
the entity to be audited.

4.1.1 Audit Schedule:

An annual audit schedule is developed by identifying the entities to be audited taking into
consideration the risk level, entities activities, performance and other criteria. The audit dates
and duration (number of audit days) selected for each entity based on the risk level, complexity
of operations and entity’s number of locations required to be audited.

First Issue
03
 Guidance Document - OSHAD Auditing Process

4.1.2 Audit Scope:

The objective of audit is to verify the effective implementation of OSHAD-SF requirements as
applicable to the entity’s operations and activities.
The scope of OSHMS compliance audit includes review of documents & records, interviews with
selected facility staff and a sample inspection of equipment, operations, activities, facilities and
locations of the audited entity.

4.1.3 Audit Team:

The audit team consists of lead auditor and a number of OSHAD auditors as per audit
requirements. The auditors are selected based on their experience and accredited training.

4.1.4 Audit Plan:

OSHAD focal point contacts the entity to be audited requesting the below listed pre
audit information as minimum which are important for the lead auditor:

• Main activities
• Locations details
• High risk activities
• Audit focal point
• Any other information

The lead auditor develops the audit plan based on the information
provided by the entity and on OSHAD-SF criteria (Elements).

The audit plan generally includes:

• Meeting with the entity’s focal point
• Opening meeting with the entity’s top management representative
• Review the entity’s OSHMS documents including manual,
procedures and records to ensure complying with OSHAD-SF
requirements (Elements)
• Auditors meeting to review and finalize the audit findings
• Closing meeting with the entity representative to inform about audit findings and signoff

2016
04
 4.2 Conducting the Audit:
OSHAD audit team conduct the audit according to the audit plan using audit
checklist and following the audit scope through the following steps:

4.2.1 Opening Meeting:

The lead auditor conducts the opening meeting with entity’s representatives and he/she
introduces the audit team memebers, agrees on the audit plan and clarifies the scope of the
audit and the mechanism for determining the outcome of the audit and reviews previous results.

4.2.2 Evaluation Compliance:

The audit team reviews all related documents including manual / SoPs / procedures
and samples of records and related documents such as:

• Risk registers
• Training matrix
• Emergency response plans
• Evacuation drill reports
• Inspection reports
• Internal audit reports
• Legal registers
• Targets and objectives programs
• Incident records
• Management review MoM,
• Other related documents and records.

It also involves verifying the implementation of the

corrective actions for non-compliance raised in any
previous audit reports (where applicable).

First Issue
05
 Guidance Document - OSHAD Auditing Process

Mechanism of identifying audit findings:

The Audit process also includes random interviews of the entity’s staff and a sample inspection
of equipment, operations, activities, facilities and locations of the audited entity. The audit is
conducted on a sample basis being used by the audit team in concluding the audit findings.
Audit findings are based on the information provided by the entity; therefore, the entity should
ensure the accuracy or completeness of the information provided to the auditors. The lead
auditor will determine the audit results according to the following criteria:

• Level of entity’s OSHMS compliance with OSHAD-SF requirements.

• Comparing the level of compliance with the established criteria.
• Evaluating the effectiveness of the entity’s approved OSHMS and its suitability to the entity’s
scope of work.
• Evaluating the effectiveness of implementing the entity’s approved OSHMS and comparing the
level and suitability of implementation to the complexity and type of activities.
• Assess the level of impact of certain practices on employees’ and contractors’ Safety
and Health.
• Evaluating the entity’s performance in terms of the overall commitment to OSH matters.
• Evaluation of entity’s employees and contractors to understand their OSH roles and
responsibilities which are specified in the approved OSHMS.

However, there may be instances of non-compliance which may not have been identified in the
audit sample during the audit. Entity must ensure its OSHMS is robust and proactive, as intended
in OSHAD-SF and is capable of identifying non-compliance at an early stage.

4.2.3 Closing Meeting:

The lead auditor and the entity representative signoff the “Closing Meeting Report” which
includes the noncompliance identified during the meeting.

2016 06
 4.3 After the Audit

This phase includes issuance of the audit report and sending it to the entity
audited. Then the entity sets the corrective action plans to close non-
compliances identified in the reports. These plans are reviewed and approved by
the lead auditor.

4.3.1 Preparing Audit Report:

The lead auditor writes the audit report, and then the report is reviewed and approved
internally. The audit report consists of the below findings:

• Positive
• Satisfactory
• Observation
• Minor Non-compliance
• Major Non-compliance

4.3.2 Issuing the Audit Report:

The audit report and the non-compliance forms
are sent to the entity within an agreed timeframe.
The entity shall submit the corrective action
plans to OSHAD within 30 days of receiving
the report.
Lead auditor reviews and accepts the corrective
action plan. OSHAD audit team verifies the effective implementation of the corrective
actions in the next audit.

4.3.3 Follow-up Audit:

OSHAD may conduct a follow up audit on the
entity depending on the audit findings and com-
pliance status. The follow-up audit schedule will
be agreed with the entity.

First Issue
07
 Guidance Document - OSHAD Auditing Process

5. Entities Roles & Responsibilities

Entities that will be audited by OSHAD shall ensure implementing the below
requirements before, during and after OSHAD audits:

5.1 Before the Audit

• Provide the necessary training and qualifications to relevant employees to be specialized in
internal audit process including auditors and lead auditors accredited training courses.
• Conducting OSH internal audit on the entity approved OSHMS.
• Provide the pre audit information to OSHAD.
• Ensure the availability of OSH Staff / and OSHMS Documents (in an organized manner) and
make all arrangements as per the audit plan.

5.2 Conducting the Audit

• Welcoming audit team
• Safety orientation
• Provide PPE to the audit team when needed
• Provide all required documents and records to the auditors in an organized manner.
• Provide access to departments and staff as required by the audit plan and facilitate the
auditors for interviews
• Provide representatives to accompany the audit team throughout the audit period
• Provide status of corrective actions implementation of the previous audit NCs.
• Attend the opening and closing meeting
• Signing off the audit findings (Closing Meeting Report) during the closing meeting

5.3 After the Audit

• Receive and review Audit Report
• Generate Corrective Action Plan
• Fill the Non-compliance reports “action plan” and submit to OSHAD within 30 days.
• Track the implementation of the corrective action plans to close all non-compliances as
scheduled in the action plans.
• Update OSHAD on status / progress of Corrective Action Plan.

2016 08
 6. Audit Process Summary

1. Annual
OSHAD Audit
Schedule

9. Continual 2. Selecting
Improvement Audit Team

8. Verifying the
Implentation 3. Pre Audit Info
of Corrective
Actions

7. Corrective 4. Entity Audit

Actions Plan

5. Conducting
6. Audit Report
the Audit

First Issue
09
 Guidance Document - OSHAD Auditing Process

7. Detailed Requirements:
This section presents three main subjects based on OSHAD Audits on Govt.
Entities OSHMS:

1. First: OSHAD SF requirements for each element (listed below).

2. Second: Positive points examples observed during the audit for each element
3. Third: Examples that can lead to non-compliances (NC) that were observed during the audit
for each element. The entities should avoid these points to ensure compliance.

The three above subjects are explained for the following OSHAD SF elements:

1. OSH Policy
2. OSH Roles and Responsibilities
3. Targets and Objectives
4. Legal Compliance
5. Risk Management
6. Contractor Management
7. Emergency Management
8. Operational Controls
9. Management of Change
10. Training and Competency
11. Incident Notification and Reporting
12. Communication and Consultation
13. Inspection and Audit
14. OSH Performance Monitoring
15. Document Control and Record Retention
16. Management Review

2016 10
 7.1 OSH Policy:
7.1.1 OSHAD-SF Requirements:
The entity’s OSH policy shall, at a minimum:
• demonstrate Occupational Safety and Health commitment;
• be authorized by Top Management;
• be appropriate to the nature and scale of the entity’s OSH risks;
• include commitment to:
a. prevention of injury and illness;
b. enhancement of employee health and wellbeing;
c. legal compliance;
d. setting, monitoring and reviewing OSH targets
and objectives;
e. provision of appropriate OSH resources; and
f. continual improvement.

• be communicated to all relevant stakeholders;

• be reviewed periodically to ensure it remains relevant and appropriate.

7.1.2 Positive points observed, for example but not limited to:
• OSH Policy effectively communicated to employees, contractors and visitors through
distribution of the policy in the appropriate locations and intranet.

7.1.3 Points could lead to NC, for example but not limited to:

Document & • OSH policy does not refer to OSHAD-SF.

Commitments: • OSH policy is not appropriate to the nature of the entity’s risk.
• OSH policy is not signed by the entity’s top management.
Communication: • OSH Policy is not communicated to employees, contractors
and other concerned persons by the available and appropriate
communication means.
Review and Update: • Review frequency of the OSH policy is not defined.
• OSH Policy not reviewed or updated as per the set review
frequency.

First Issue
11
 Guidance Document - OSHAD Auditing Process

7.2 OSH Roles and Responsibilities:

7.2.1 OSHAD-SF Requirements:
The entity OSH Roles and Responsibilities procedure(s) shall, at a minimum:
• ensure top management is ultimately responsible for the OSHMS and OSH matters;
• ensure appropriate competent OSH resources to develop, implement and maintain an
OSHMS;
• establish clearly defined and documented OSH roles, responsibilities and delegating
authorities for each role within the entity;
• ensure effective communication of roles & responsibilities to all employees and stakeholders;
• establish the means to measure employee conformance against their defined roles,
responsibilities and accountabilities.
• OSHAD SF Guidance Document – Roles and Responsibilities can be used while developing
the entity’s OSH Roles and Responsibilities Procedure.

7.2.2 Positive points observed, for example but not limited to:
• Auditee positive approach and openness towards the audit process.
• OSH Roles and Responsibilities are included in all employees’ job descriptions.
• Employees are aware of their OSH related roles and responsibilities.
• OSH roles and responsibilities undertaken signed by the entity’s employees.

7.2.3 Points could lead to NC, for example but not limited to:

Procedure: • OSH Roles and Responsibilities Procedure not complying with

OSHAD SF requirements.
Resources: • OSH resources are inadequate according to the entity’s scope of
activities and operations.
Communication: • OSH roles and responsibilities are not communicated effectively
within the organization.

2016 12
 7.3 OSH Targets and Objectives:
7.3.1 OSHAD-SF Requirements:
The entity’s OSH policy shall, at a minimum:
• ensure documented and effectively communicated OSH targets and objectives;
• ensure targets and objectives, where practicable shall be measureable;
• incorporates requirements of:
a. the entity’s OSH policy;
b. legal requirements;
c. relevant Competent Authorities requirements;
d. OSHAD-SF mandatory key performance indicators, as
defined in OSHAD SF.
e. Sector specific targets and objectives, if applicable.
• set program(s) for achieving the targets and objectives,
including, the methods, timeframes, monitoring activities and
responsibilities; and
• ensure targets, objectives and procedure(s) are reviewed periodically to ensure they remain
relevant and appropriate.

7.3.2 Positive points observed, for example but not limited to:
• Well defined Objectives and KPI’s monitoring system.
• KPI’s are periodically monitored for on time completion. This information is also used as one
of the inputs for Directors performance appraisal.
• The Entity has implemented an automated KPI’s monitoring software.
• Well developed and detailed management programs.
• Significant reduction in Incident Rate.
• Detailed analysis of OSH KPI is done, which contributes towards improving the OSH perfor-
mance.

7.3.3 Points could lead to NC, for example but not limited to:

Procedure: • Targets and Objectives Procedure not complying with OSHAD SF

requirements.
Targets & Objectives • OSH Targets & Objectives not adequately established at an organizational level.
Program: • Objectives related to incident and injury did not have measureable targets.
• OSH Targets & Objectives are not (SMART)
• OSH Targets & Objectives does not cover all OSHAD-SF requirements
• OSH targets and objectives program not developed (including the
methods, timeframe, monitoring activities and responsibilities).
• Targets & Objectives are not in compliance with the entity’s OSH Policy.
• Targets and objectives are not aligned with the risk register or the OSH policy.
• Legal requirements are not incorporated in the OSH Targets and Objectives.
Monitoring & Review: • Objectives not monitored / reviewed periodically as defined in the
entity action plan.

First Issue
13
 Guidance Document - OSHAD Auditing Process

7.4 Legal Compliance:

7.4.1 OSHAD-SF Requirements:

The entity’s Legal Compliance Procedure(s) shall, at a minimum:
• identify and access relevant legal and other requirements (e.g. Legal Register);
• ensure compliance to relevant legal and other requirements when developing OSHMS proce-
dures, processes and programs;
• ensure communication to relevant stakeholders of legal and other requirements; and
• be reviewed periodically to ensure it remains relevant and appropriate.

7.4.2 Positive points observed, for example but not limited to:
• Legal Register is comprehensive and detailed.
• OSH Legal Register is being updated / reviewed regularly by Legal Dept.

7.4.3 Points could lead to NC, for example but not limited to:

Procedure: • Legal Compliance Procedure not complying with OSHAD SF

requirements.
Legal Register: • Legal register not available
• Evidence of legal compliance monitoring was not available.
• Legal register is not making a reference between ‘operational controls’
and identified legal requirements.
• Legal register is not identifying all the applicable requirements of the
OSHAD-SF.
• Legal register is not identifying all the applicable OSH laws and
regulations.
Legal Compliance: • Legal Compliance Register does not refer to all operational
procedures developed as tools / evidence of compliance to the
related laws.
• There is no evidence of compliance to all legal requirements
identified in the legal register.
Communication: • There was no evidence to show that the legal Register has been
communicated to the concerned/responsible persons.

2016 14
 7.5 Risk Management:

7.5.1 OSHAD-SF Requirements:

The entity’s Risk Management program shall, at a minimum:
• ensure risk management is an integral part of management and is embedded in the entity’s
culture and practices;
• ensure risk management shall be applicable to all activities that an entity undertakes and /or
phases of a project /development (from design to decommissioning / demolition);
• define risk management methodologies and competencies;
• be based on consultation with employees, contractors and other relevant stakeholders;
• incorporate the recognized steps of risk management, which include:
a. identify all OSH hazards in the workplace;
b. assess the risks of these hazards;
c. formulate control measures to reduce the risk to an acceptable and as low as
reasonably practicable (ALARP) level;
d. review the program on a regular basis; and
e. incorporate a management of change process within the entity.
• address routine & non-routine activities of all persons having access to the workplace;
• address supply chain and contractor undertakings;
• address human behavior;
• identify hazards outside the workplace capable of adversely affecting the safety and health
of employees;
• address potential risk to persons not in the entity’s employment;
• address plant, machinery, equipment , substances and materials at the workplace;
• address the design or work areas, processes, work organization and operating procedures;
• and ensures documentation, recording and communication of the results of risk management
activities
When determining control measures, or changes to existing control measures,
consideration shall be given to reducing the risks according to Occupational
Health and Safety Control Hierarchy.

First Issue
15
 Guidance Document - OSHAD Auditing Process

7.5.2 Positive points observed, for example but not limited to:

• Comprehensive risk assessment has been developed which covers all the activities
undertaken by the entity.
• Risk assessment and operational controls process being implemented and managed in all
activities projects.
• Expectant mother risk assessment done for all expectant mothers once they report the same.
This may lead to necessary changes in their work assignment.

7.5.3 Points could lead to NC, for example but not limited to:

Procedure: • Risk Management Procedure not complying with OSHAD SF

requirements.
Risk Register: • Risk Register is not adequate and not unified among the entity’s site
offices.
• Risk Register is developed; however, some hazards were not
identified.
• Risk assessment is not considering the exposure of ‘other persons’
to health and safety hazards resulted from the workplace.
Covering All Routine • Risk assessment not covering the work related travel over water and
and Non-Routine visit of employees to construction site.
• Some activities exposing employees to the possibilities of cuts from
Activities:
sharp objects are not identified in the risk assessment, even though
there had been previous incidents.
• Construction Activities were being undertaken without adequate
OHS precautions posing a high risk to the workers and public.
• Risk assessment does not cover all the activities / processes, e.g.:
driving, animal handling, etc.
• The risk management program does not cover all foreseeable risks
within the organization, such as storage and use of hazardous
materials.
• ‘Site Visit Activity’ categorized as high risk in risk assessment.
While operational control highlighted the need for a detailed risk
assessment; however, no evidence of a detailed risk assessment is
available.
Risk Matrix: • The risk matrix used in not consistent across organization all sites
and locations.

2016 16
 OSH Hierarchy of • There was no evidence to show that the legal Register has been
Control: communicated to the concerned/responsible persons.

Consultation: • There was no evidence showing consultation with employees when

conducting the risk assessments.

Communication: • Inadequate communication of risk register to ensure implementation

of the control measures e.g. no MSDS available in Chemical Storage.
• There was no evidence to show that the risk register has been
communicated to stakeholders (Employees, Contractors, etc.) within
the organization
• Employees interviewed not aware of the operational controls as
defined in the risk register.
Implementation of the • Responsibilities for individual control measures have not been
Controls: assigned along with timescales for implementation. Further no
process in place to monitor the implementation of control measures.
• Operational controls related to specific activities e.g. smoking not
implemented as evidence of smoking seen in offices.
• Control measures identified within the risk register have not been
implemented.
• Some operational controls were not implemented as defined in the
risk assessment examples are: First Aid training of Contractor Staff
hired for specific activity.
• No evidence was available to show controls had been monitored or
the timescales for implementation.
Review and Update: • Risk Assessment is not reviewed annually as stated in the entity
“Risk Management Procedure” Risk assessments are not reviewed
after the incidents occurrence and before closing out the incident
investigation reports.
• Risk Assessment has not been updated to cover all the Activities of
the entity’s operations activities.

First Issue
17
 Guidance Document - OSHAD Auditing Process

7.6 Management of Contractors

7.6.1 OSHAD-SF Requirements:
• Management of Contractors Process
a. Establishment of Project OSH Requirements
b. Evaluation / Selection
c. Contractual Agreement
d. Co-ordination and Communication
e. Mobilization / Work in Progress
f. Monitoring Performance
g. Commissioning
h. Demobilization / Decommissioning
i. Contract Closeout

7.6.2 Positive points observed, for example but not limited to:
• Effective OSH pre-qualification and assessment during projects tendering and contractor
selection process.
• Health & safety requirements are incorporated in Project Document like “Instruction for
Technical Tender Document” which is used at the RFP stage.
• OSH review of the service providers / contractors is done at tender evaluation stage.
• OSH requirements comprehensively defined in “Project Contract” document.
• Safety and Health on the construction sites are effectively managed using Safety and Health
assessment, regular inspection and weekly site management meetings.
• Permit to Work (PTW) is being implemented for different types of contractors’ activities.
• Contractor monitoring includes process for issuance of OSH Violation Notices on non-
compliances to OSH requirements.

2016 18
 7.6.3 Points could lead to NC, for example but not limited to:

Procedure: • Management of Contractors Procedure does not comply with OSHAD

SF requirements.

Including the • OSH requirements are not included in the Contractor Management
requirements: documents

Evaluation and • OSH requirements are not evaluated during tender / contract
Selection: evaluation stage. Even though contract management program states
for evaluation of the same.
• A tender evaluation criterion doesn’t include OSH.
• Contractor Selection Process is not based on minimum acceptable
OSH rating, which is not defined. Bidders scoring high or low
scores can still be awarded the contract in spite of low OSH
rating. Contractor selection Process shall ensure that (a) minimum
acceptable OSH rating (score) is defined (b) only those bidders
can be awarded the contract whose OSH rating is higher than the
minimum acceptable score.

Contractor • OSH criteria / requirements are not defined within the contractor
Performance management process (monitoring of performance)
Monitoring: • OSH performance of contractors not monitored through the contract
life cycle. No evidence of OSH evaluation during tender, ongoing
operations and contract close out are observed. This includes OSH
inspections / audits of contractor activity as well.
• Site inspectors don’t review the control measures identified in the
risk register before performing inspection on the site. Inspectors
visiting hazardous environment (oxygen cylinders, forklift trucks etc.)
without proper preparations / awareness of the site conditions.

Control and • Lack of control and coordination from the entity to its contractors
Coordination: • Unsafe scaffold used by a contractor working at height

Contractors • Contractors are not evaluated against OSH requirements during all
Performance the stages of project life cycle.
Evaluation: • Contractor OSH assessment and evaluation not done after the close-
out of the contract.

First Issue
19
 Guidance Document - OSHAD Auditing Process

7.7 Emergency Management

7.7.1 OSHAD-SF Requirements:
Emergency Management Program:

The entity’s Emergency Response and Management program / procedure(s) shall address, at a minimum:
• risk-based identification & response to potential emergency situations;
• specific emergency response & management roles, responsibilities and resources;
• appropriate risk-based emergency response and management plan(s), including:
a. threat-specific plan(s);
b. facility specific(s); and
c. appropriate support / functional plans.
• provision of appropriate resources (e.g. human, equipment, facilities, training, etc.);
• arrangements for external stakeholder communications;
• arrangement for communications with concerned SRA’s and emergency services,
if applicable;
• periodic emergency response and management tests and exercises; and
• monitoring and review of plans and procedures.

Specific Emergency Response and Management Plans:

• Entity specific risk assessment of potential emergency scenarios shall identify reasonably
foreseeable emergencies and hazards.
• Specific plans shall be developed to deal with reasonably foreseeable emergencies and high-
risk hazards.

7.7.2 Positive points observed, for example but not limited to:
• Emergency Management Procedures and Emergency Response Plans in place with clear
safety sig­nage and adequate emergency response equipment provided.
• Emergency evacuation chairs provided for disabled employees.
• Each work area has a displayed list of first aiders, fire wardens, emergency numbers and
graphical illustration of how to use fire extinguishers.
• The emergency plan is communicated to visitors by using simple tools like pocket cards, etc.
• Good response times following activation of emergency alarms.

2016 20
 7.7.3 Points could lead to NC, for example but not limited to:

Procedure: • Emergency Management Procedure not complying with OSHAD

SF requirements.
Emergency Response • Not all locations have emergency response plan (entity with
Plans: multiple locations).
• Emergency management procedure / plan does not identify and
refer to all the risk based emergency scenarios.
• Employees while interviewed have different (inadequate)
understanding about Emergency response.
• Employees are not aware of emergency response procedure / plan.
• Emergency response plan does not identify emergency scenarios
other than fire.
• The entity did not consider the requirements of UAE Fire & Life
Safety Code.
Safety Signs: • Some locations do not have emergency exit signs.
• Emergency evacuation plan / evacuation layout are not displayed.
Review and Update: • Review of emergency response plans not done after emergency drills
or occurrence of actual emergency situation.

Evacuation Drill: • Emergency drill conducted but not analyzed (critiques) for any
desired improvement in the Emergency Response System.
• Emergency procedure does not specify the frequency for the
Emergency Drills / Exercises.
• Emergency drills not conducted.
• No records were available of the actual emergency evacuations
events that have taken place.

First Issue
21
 Guidance Document - OSHAD Auditing Process

Emergency Team: • No emergency response team was assigned.

• No first aiders or fire wardens have been identified.
• First aiders and fire marshal list / names not updated and
communicated to employees.
Fire System: • The building does not have fire Safety Systems in place.
• There was no Emergency System available such as (Water Sprinklers,
Smoke/Heat Detectors and Fire alarm) in the designated areas.
• Smoke detectors in the building found covered with plastic tape.
• Not enough portable fire extinguishers were available.
• Fire extinguishers were observed not maintained and expired.
Passageway: • Corridors were not free for emergency evacuation.

First Aid Box: • The contents of First Aid boxes were expired and inadequate.
• First aid box not available or accessible

2016 22
 7.8 Operational Procedures
7.8.1 OSHAD-SF Requirements:
The entity’s operational program(s) / procedure(s) shall address, at a minimum:
• Operations and activities that are associated with identified hazard(s) that require
implementation of control measure(s) to manage risk(s);
• Control measures related to supply chains (purchase of goods, equipment and services);
• Control measures related to contactors and other visitors to the workplace; and
• Stipulated operating criteria / instructions, maintenance instructions / integrity programs
where their absence could lead to an increase in OSH risk(s).

7.8.2 Positive points observed, for example but not limited to:
• Photocopy machines are kept in a confined and segregated space away from employees.
• Well defined operational controls incorporated into operational procedures (Division
Processes & Procedure Manual)
• Entity has comprehensively documented its operational controls.
• Project Manual includes detailed OSH processes related to all the stages of project life cycle.
• Robust process within licensing and permitting for inspection of facilities
• Pre travelling checklist developed and implemented for abroad missions.

7.8.3 Points could lead to NC, for example but not limited to:

Procedure: • Operational Procedures not developed for high risk activities.

Unsafe Conditions in • Poor housekeeping.

the • Electrical cable creating a tripping hazard and internal coating was
Buildings / Offices:
exposed posing risk for electrocution.
• Office cleaning chemicals were stored in a non-designated area.
• Employees were observed smoking inside the office building.
• Cartons found placed at non-designated areas and were stacked on top
of each other in an unsafe manner
• MSDS not available for the chemicals which are being used by the
cleaning contractors.
• Employee working alone while risk assessment did not cover lone
works activity.
• Access in the corridor was blocked with boxes, which was also creating
a fire hazard.
• Unsafe condition in laboratories:
• Operational controls defined for the lab operations require gloves to be
used as PPE. However, it does not specify type of gloves to be used for
specific hazard.
• Air conditioner vents observed to be dirty with accumulation of dust
etc., which can pose health hazard.

First Issue
23
 Guidance Document - OSHAD Auditing Process

Unsafe Conditions in • Emergency response plan not available.

Sites / Workshops: • No assigned first aiders and fire wardens.
• First aid kit was not available.
• Warehouse has poor housekeeping.
• MSDS not available for stored chemicals.
• Different chemicals were not segregated and stored together.
• Risk assessment of the fuel storage facility was not done.
• Fuel loading and offloading procedure not documented.
• Emergency response plan not available.
• Operators / drivers not aware of safety procedures for handling diesel
pumping operations.
• Fuel tanker / truck has empty fire extinguisher.
• Vaccination and periodic medical check-up of staff handling animals
was not done.
• Diesel storage does not have a spill containment area (boundary wall).
• Diesel stored in overhead fiber glass tank, which is designed for
water storage.
• Safety signs not displayed as required.
• Construction site band saw was observed which did not have a safety
sign. Plant, equipment & pedestrian pathways not segregated (Traffic
Management);
• Lack of banks-men to control heavy equipment while reversing;
• Damaged barriers and signage observed;

Unsafe Conditions • Cooking stove in kitchen placed on wooden top / shelves, which has
in Workers wood underneath. This is creating a fire hazard.
Accomodations (where
• Unsafe living conditions at the workers accommodation observed
applicable):
including fire hazards because of temporary kitchens made of plywood
walls and next to living quarters and improper welfare conditions.

High Risk Activities: • X-Ray equipment safety guideline does not include 2 hrs. max exposure
limit, while operating an x-ray machine, as practiced by employees.
• Standard Operation Procedures are developed; however, they are not
linked with the risk assessment associated with activity.
• Detailed operational controls are documented as Standard Operating
Procedures; however, not referenced, as applicable, within the control
measures column of the risk assessments.
• Manual handling is considered as a routine activity, yet the operational
control procedures do not include instructions for the safe operation
of this activity.
• Contractor staff while polishing the fire exit door was not wearing
appropriate PPE.

2016 24
 7.9 Management of Change

7.9.1 OSHAD-SF Requirements:

The entity’s Management of Change process shall, at a minimum:
• ensure that changes in organizational structure, personnel, plant, machinery, equipment,
materials, documentation, processes or procedures do not result in the inadvertent
introduction of hazards and increased risk;
• analyze changes in operational procedures or processes to identify any required changes in
training, documentation or equipment;
• analyze changes in location, equipment or operating conditions for potential hazards; and
• ensure that all personnel are made aware of and understand any changes in requirements,
procedures and applicable control measures.

7.9.2 Positive points observed, for example but not limited to:
• Corrective action to close the audit findings (NC’s) effectively implemented with the required
revision in entity’s OSHMS.

7.9.3 Points could lead to NC, for example but not limited to:
• No process developed by the entity for Management of Change (e.g. organization structure,
location, change of equipment, work shift, operating conditions, work procedures, etc.)
• No link between Training Procedure and Communication Procedure with Management of
Change Process.
• Management of change requirements for upgrading OSHMS in accordance with OSHAD SF
v2.0 requirement not implemented.
• No evidence for updating Risk Register, Emergency Response Plan etc. following changes in
regulations or incidents investigations.
• No clear process documented or implemented for managing OSH aspects upon
establishment of new division under the entity, e.g. performance reporting and risk
management. The entity OSHMS not updated to account this major change in organization.

First Issue
25
 Guidance Document - OSHAD Auditing Process

7.10 Training and Competency

7.10.1 OSHAD-SF Requirements:

The entity’s Management of Change process shall address, at a minimum:
• identifying and evaluating OSH training needs (e.g. Training Needs Analysis and OSH Training
Matrix), and providing appropriate OSH training including:
a. OSH Management System training;
b. OSH roles and responsibilities;
c. OSH emergency response and management;
d. OSH inductions (generic and site-specific);
e. OSH consequences of non-conformance to
specified procedures;
f. relevant subject specific OSH training;
g. specialized task-specific training.
• planning the implementation of the training:
a. level of responsibility and competence;
b. frequency of training;
c. types of training;
d. literacy, numeracy, language and other
learning requirements;
e. course selection / material development;
f. trainer competency;
g. assessment activities;
h. training records; and
i. refresher training requirements
• monitoring, measuring results; and
• review of OSH training procedure.

The entity’s Management of Compentency process shall address, at a minimum:

• ensure that employees and other persons under its control performing tasks are competent
on the basis of appropriate education, training and/or experience;
• a process to identify and evaluate OSH competency requirements, including:
a. relevant OSH competencies; and
b. task-specific competencies.
• methods of assessing competencies;
• process to record competencies;
• maintaining and improving competencies; and
• a system to review the OSH competency procedure.

2016 26
 7.10.2 Positive points observed, for example but not limited to:

Training: • Providing specialized OSH training to all staff meeting or exceeding

OSHAD-SF requirements.
• Comprehensive induction booklet developed & distributed to all employees.
• Development of an OSH portal internally for the department website and
OSH E-awareness & training for their staff.
• Comprehensive OSH induction program implemented.
• Extensive OSH awareness training conducted using internal resources.
• Safety & emergency hand book developed and distributed to
all employees.
• Good management practices established for field surveys such as
providing OSH induction to all surveyors.
• OSH induction is done on a one to one basis for all employees to ensure
staff is fully aware of their roles and responsibilities with regards to OHS.
• All employees are trained on basic first aid.
• An extensive OSH training program is developed for all employees.
• Training evaluation is conducted and analyzed by HR and used for training
providers continuous performance monitoring.
• Detailed and comprehensive training matrix developed and implemented.
• An effective process for training evaluation. In case of unsatisfactory
performance feedback is provided to the training provider.
• Intensive OSH E-training system which can monitor and ensure that all
mandatory trainings are conducted and proper evaluation is done to the
employees.
Competency: • Special need student’s capacity is evaluated before assigning them in the
technical workshops. Capacity assessment is done to ensure that every
student is capable of performing the complex tasks in a safe manner.
• OSH competencies are included in employee’s performance appraisals.

7.10.3 Points could lead to NC, for example but not limited to

Procedure: • Training and Competency Procedure not complying with OSHAD SF

requirements.
Training Needs Analysis: • OSH training need analysis was not conducted for employees at all levels.
• Heavy equipment operators training not identified in the training matrix.
Neither records of training for the safe use of the specialist equipment
(scissor lift) were available.
• Training is on general awareness rather than risk based.
• Employees training on “Incident Reporting” not conducted; (even though
zero incidents / near miss were reported) leading to incidents’ non-
reporting because employees considered OSH incidents as insignificant.

First Issue
27
 Guidance Document - OSHAD Auditing Process

Inductions: • There was no OHS induction provided to the new employees and
visitors.
• The induction presentation for new employees does not cover the
Emergency Response Plan.
• No OSH Induction/training conducted to Contractors
• No OSH induction of ‘work placement’ students.

Training plan: • OSH Training Matrix was developed. However, training plan was not
developed to ensure the delivery of targeted trainings for the current year.
• Language barrier is not considered while delivering the OSH trainings
to different levels in the organization / contractors.

Refresher requirements: • Refresher training requirements not documented in the training matrix.

Review and update: • Training program not updated to add new training as per new activities
added.
Competency: • Competency measurement criteria do not consider all parameters such
as knowledge, experience, training, qualifications, etc.
• Competency requirement of OSH investigators / inspectors / internal
auditors not defined.

2016 28
 7.11 Incident Reports and Investigation
7.11.1 OSHAD-SF Requirements:
The entity’s OSH Reporting Procedure(s) shall address, at a minimum:
• hierarchies, timetables and responsibilities for reporting;
• internal OSH performance and incident reporting requirements;
• external OSH performance and incident reporting requirements,
including:
a. OSH Incidents to the SRA / CA as required;
b. quarterly OSH performance to the SRA;
c. annual third party external compliance audit results to the SRA;
d. requirements of OSH Performance & Incident Reporting; and
e. other legal and regulatory reporting requirements.
• Requirements outlined in SRA / CA requirements / permits / licenses /
no objection certificates, or equivalent;
• requirements outlined in approved OSH Plans and Studies
• requirements outlined in relevant OSHAD SF Regulatory Instruments; and
• other requirements outlined by the entity’s approved OSHMS.

The entity’s OSH Incident Investigation Procedure(s) shall be compliant with OSHAD
SF and shall address, at a minimum:
• process of recording, investigating and analyzing OSH incidents;
• ensure investigations are performed by competent person(s) in consultation and
coordination with relevant stakeholders;
• ensure investigations are performed in a timely manner;
• process to determine the root causes of OSH incidents;
• identify opportunities for corrective and preventative control measures; and
• ensure effective communication of investigation outcomes to relevant stakeholders.

7.11.2 Positive points observed, for example but not limited to:
• Incident register is accurate and includes all information of OSH incidents from incident date
to completion of investigation and follow up and closure of corrective actions required.
• All the reported incidents are investigated thoroughly, and corrective actions implemented
and verified for effectiveness.
• Employees are encouraged to report Near Miss Reporting, which can prevent major incidents
in the future.
• A unified register exists for all OSH incidents that occurred in the entity (entity with multiple
locations).
• All serious incidents reported to OSHAD and included in the performance report.

First Issue
29
 Guidance Document - OSHAD Auditing Process

7.11.3 Points could lead to NC, for example but not limited to:

Procedure: • Incident Reporting and Investigation Procedure is not complying with

OSHAD-SF requirements.

Recording (Incident • There was no evidence of an incident log record developed

Register): • Occupational incidents were not recorded (e.g. incident log); although there
were incidents occurred as stated by the auditees.

Incident Notification: • The Incident Reporting process is not available and employees were not
familiar on how to report incidents.
• Serious OSH incidents not reported to OSHAD.

Incident Reports: • Investigation reports were not identifying the root causes and the corrective
action plan and follow-up requirements.
• An incident was not reported using correct forms by the entity for closure.

Performance Report: • Performance Reporting submitted to OSHAD does not reflect the incident
statistics shown as evidenced during the audit.

Investigation: • Not all reported incidents were investigated.

• No investigation conducted for the Incidents notified to OSHAD to identify
the corrective actions.

Corrective Actions: • No evidence of corrective actions taken to prevent the reoccurrence of similar
incidents e.g. an incident where an electrical cable got burned and no action
taken to identify the root cause and check all other cables that could lead to
same incident.
• Incident corrective actions need to be included in the incident register for
follow up and ensuring close-out.
• Corrective Action identified in Incident Investigation has not been
i m p l e m e n te d .

2016 30
 7.12 Communication and Consultation
7.12.1 OSHAD-SF Requirements:
The entity’s Communication Procedure(s) shall address, at a minimum:
• internal communication throughout the various levels of the entity;
• communication with contractors and other visitors to the workplace;
• relevant communication with external stakeholders; and
• development of an annual OSH performance report, to be used for internal communication
and management review purposes (external stakeholder communication / distribution is
optional).

The entity’s Consultation Procedure(s) shall address, at a minimum:

• ensure effective consultation and participation of employees in OSH matters;
• appropriate involvement in risk management activities;
• appropriate involvement in OSH incident investigation;
• involvement in the development and review of OSH policies
and objectives;
• structure of consultation committees and meetings; and
• consultation with contractors and other external stakeholders

OSH Committee Requirements

• An entity with greater than (50) employees, or as warranted
by risk assessment, shall establish in OSH Committee.
• OSH committee is considered as a platform that allows all
employees to raise their issues and concerns and receive the
required feedback.
• The Element provides clear and specific requirements about
the mechanism of establishing the committee and the
frequency of the committee meetings.

7.12.2 Positive points observed, for example but not limited to:
• Some good initiatives in place including development of an OSH portal internally for the
department website and OSH E-awareness & training for their staff.
• Good OSH communication through Display screens and emails.
• Advance Document Management System for sharing OSHMS documents with all employees
• Safety instructions at the visited sites were displayed in multiple languages.
• A monthly OSH newsletter is issued to all employees which includes OSH.
• Safety and Health Cards provided to all employees visiting the sites (as part of the licensing
activities).

First Issue
31
 Guidance Document - OSHAD Auditing Process

7.12.3 Points could lead to NC, for example but not limited to:

Procedure: • Communication and Consultation Procedure not complying with

OSHAD SF requirements.
Internal Communication: • There was no evidence of OSH communication through various levels
for the following:
a. OSH Policy
b. OSH roles & responsibilities of employees.
c. OSH related forms like incident notification forms
d. Emergency response plan / evacuation plan.
e. First aiders and fire wardens names
• Ineffective communication between the Corporate OSH and OSH
Team at other locations e.g. difference in risk registers and incident
statistics.
OSH Committee: • OSH committee not established
• OSH committee has only met once in the last 12 months, instead of 4
times as required in OSHAD-SF.
• OSH committee’s minutes of meetings were recorded; however,
actions identified in the minutes of meetings were not tracked,
monitored and closed.

2016 32
 7.13 Inspection and Audit
7.13.1 OSHAD-SF Requirements:
The entity’s OSH audit and Inspection program / procedure(s), shall address, at a minimum:
• scope, criteria, and objectives of audits / inspections to be conducted;
• program responsibilities, competencies and resources;
• program planning and implementation processes, including:
a. criteria;
b. frequency and schedule;
c. methods of collecting and verifying information;
d. reporting results; and
e. program record keeping.
• program monitoring and review; and
• internal and external reporting requirements.

7.13.2 Positive points observed, for example

but not limited to:

• Management walk through done on a regular basis which

focuses on OSH compliance as well. Each member of
the management has to do three walk throughs during
the year.
• All internal auditors are trained on auditing requirements.
• Corrective Actions completed on observations, minor
and major NCs raised in OSHAD Audits.
• Internal audits are conducted on multiple levels in the
entity.

First Issue
33
 Guidance Document - OSHAD Auditing Process

7.13.3 Points could lead to NC, for example but not limited to:

Procedure: • Audit and Inspection Procedure not complying with OSHAD SF requirements.

OSH Audit and Inspection • No OSH Audit & Inspection plan was available
Plan: • Inspection plan is not suitable to adequately cover entity’s area and
facilities requiring large scale inspections.
• Audit scope needs to refer to OSHAD-SF as a requirement within the
audit procedure / report / plan etc.
Conducting Internal OSH • Internal OSHMS Compliance Audits were not conducted since approval.
Audit: Moreover, there is no plan in place for internal audit.
• Internal audits were conducted, however, the audit reports and non-
compliances reports template (as per the internal audit SoP) were
not used.
Conducting OSH • Inspection planned to be done at least once a month according to
Inspection:
Workplace Inspection Procedure. However, inspection reports were
not available.
Monitoring Corrective • Corrective actions of non-conformance raised during the internal audit
Actions: were not monitored for closure.
Third Party Audit: • The third party audit scope does not cover OSHAD SF requirements.

2016
34
 7.14 OSH Performance Monitoring
7.14.1 OSHAD-SF Requirements:
The entity’s OSH Monitoring Procedure(s) shall address, at a minimum:
• monitoring of the entity’s OSH targets and objectives;
• monitoring the effectiveness of OSH programs and control measures;
• proactive and reactive measures of performance to monitor conformance with OSH
programs and control measures;
• monitoring compliance with applicable Federal Occupational Standards and OSHAD SF-
Standards and Guideline Values;
• relevant requirements outlined in relevant OSHAD SF Regulatory Instruments;
• requirements outlined in SRA / CA permits / licenses / no objection certificate / etc.;
• requirements outlined in approved OSH Plans and Studies;
• requirements outlined by relevant SRA / Competent Authority(s); and
• description of methodologies and instruments used to monitor, including, calibration
requirements and records.

The monitoring of occupational Safety and Health shall be risk based and include at a minimum:
• occupational noise, air and lighting;
• ergonomic and workplace design factors;
• wellness programs;
• waste management;
• hazardous substances;
• health surveillance;
• occupational illnesses; and
• OSH hazards, near-misses and incidents.

7.14.2 Positive points observed, for example but not limited to:
• Implementing programs for occupational health & safety to enhance employee awareness
and wellbeing e.g. (ergonomic program, Blood donation campaign, Heat Stress and Healthy
heart campaigns etc.).
• Conducting health campaign for employees like blood pressure campaign.
• Implementing programs for vaccination and health follow up for relevant employees in order
to protect them from animal infectious disease.
• Noise monitoring survey to assess indoor noise levels was conducted.
• Organizing annual OSH week including health campaigns and programs like blood pressure
and healthy diets, etc.
• Project OSH performance included in the entity performance reporting on monthly basis.

First Issue
35
 Guidance Document - OSHAD Auditing Process

7.14.3 Points could lead to NC, for example but not limited to:

Procedure: • OSH Performance Monitoring Procedure not complying with OSHAD SF

requirements.

Performance reports: • LTISR not defined in the OSHMS and neither monitored
through objectives.
• Quarterly report sent to OSHAD does not include OSH Performance
data for the operational activities within the scope of entity’s OSHMS.
• OSH Performance data (KPIs) reported to OSHAD does not include all
sites / locations.

Health Surveillance: • No Health Surveillance Program established for employees involved in

specific activities / exposed to health hazards
• Health Surveillance of employees exposed to occupational health
hazards is not conducted.

Corrective actions: • No monitoring process of the proactive and reactive actions (e.g.
tracking register). A tracking register can help in recording the
identified actions in order to monitor and track them for closure.
• No corrective action taken on indoor air quality tests.
• OSH corrective actions were not tracked, monitored and closed.
Examples are:
a. Internal audit non conformities
b. Incident investigation corrective actions
c. Inspections reports corrective actions
d. Findings of risk management activities (controls)

Indoor air quality and • No indoor air quality monitoring conducted although identified in
noise monitoring: Risk Register.
• Indoor air quality monitoring not done in high risk areas.
• Air quality monitoring in the laboratory has not been conducted despite
warning of carcinogens being present within certain areas.

2016 36
 7.15 Document Control and Record Retention

7.15.1 OSHAD-SF Requirements:

The entity’s Document Control procedure(s) shall address, at a minimum:
• ensure documents remain legible, traceable and secure;
• ensure relevant version control to prevent unintended use of obsolete documents;
• ensure appropriate review and approval processes; and
• ensure a distribution process for OSH documents.

The entity’s Record Retention procedure(s) shall address, at a minimum:

• process to maintain OSH records as necessary to demonstrate conformity to the
requirements of this document and Section 3 of Federal Law No. 8 for 1980, on Regulation of
Labor Relations;
• process to ensure identification, storage, protection, retrieval, retention & disposal of records;
• process to retain OSH documents and record for a minimum period of 5 years; and
• process to retain medical / occupational health records for a minimum period of employment
plus 30 years thereafter.

7.15.2 Positive points observed, for example but not limited to:
• OSHMS records are effectively managed with well-established logs.
• The entity OSHMS is very well structured and documented and updated as per latest version
of OSHAD-SF
• Management System processes effectively managed using software application.

7.15.3 Points could lead to NC, for example but not limited to:

Procedure: • Document Control and Record Retention Procedure not complying with OS-
HAD SF requirements.

Record • Process of record management and control requires improvement as some

Management: records were unavailable during the audit.

Updated and • The OSHMS is not upgraded in compliance with OSHAD-SF latest version.
approving OSHMS: • There was no approval signature on all the OHS documents as required un-
der “Document Control & Record Retention Procedure”

Record retention: • Record Retention was not defined as minimum retention period of OSH
records for 5 years and employee medical / occupational health records for
employment duration plus 30 years

First Issue
37
 Guidance Document - OSHAD Auditing Process

7.16 Management Review

7.16.1 OSHAD-SF Requirements:

The entity’s Management System Review procedure(s) shall address, at a minimum:
• ensure top management review the entity(s) OSHMS, at planned intervals to ensure its
suitability and effectiveness, minimum one full review per year;
• identity of key review team members;
• specify clear roles and responsibilities assigned to review team members;
• defines the process of recording, implementing and communicating the results of
management reviews;
• define the criteria for the review, that shall include at a minimum:
a. review of the OSHMS by OSH staff;
b. previous review findings;
c. results of internal and external audits;
d. OSH performance against targets and objectives;
e. changes to legal and other requirements;
f. relevant communications and complaints;
g. OSH incidents, investigations, non-conformances and corrective and preventive
actions; and
h. recommendations for continual improvement

7.16.2 Positive points observed, for example but not limited to:
• High level commitment from the Top Management with regards to OHS follow-up and
monitoring by involvement in the OSH committee and Top Management Committee.
• Weekly OSH action plan status update is sent to the management.
• High level commitment from the Top Management with regards to OHS follow-up and
monitoring to close all issues related to OSH.

7.16.3 Points could lead to NC, for example but not limited to:

Procedure: • Management Review Procedure not complying with OSHAD SF requirements.

Management review • Management review did not cover the minimum agenda as defined in
agenda: OSHAD-SF.

Conducting management • Management review not conducted in the last 12 months.

review: • Management review meeting is confused with OSH committee meeting.

Management review MoM • Management review minutes of meeting not available

Management review • Management review was done; however actions recommended from the
recommendations: management review were not implemented.

2016 38
 8. References:

1. OSHAD SF – Glossary of Terms

2. OSHAD SF – Element 01 – Roles, Responsibilities and Self-Regulation

3. OSHAD SF – Element 02 – Risk Management

4. OSHAD SF – Element 03 – Management of Contractors

5. OSHAD SF – Element 04 – Consultation and Communication

6. OSHAD SF – Element 05 – Training and Competency

7. OSHAD SF – Element 06 – Emergency Management

8. OSHAD SF – Element 07 – Monitoring, Investigation and Reporting

9. OSHAD SF – Element 08 – Audit and Inspection

10. OSHAD SF – Element 09 – Compliance and Management Review

11. OSHAD SF Mechanisms on Performance Reporting and Incident

Reporting & Investigation

12. OSHAD SF – Mechanism 07 – AD OSH Professional Entity Registration

13. OSHAD SF – Mechanism 08 – AD OSH Practitioner Registration

14. OSH Policy Guideline

15. OSHAD SF – Guidance Document – Roles and Responsibilities

16. OSHAD SF – Technical Guideline - Audits & Inspections

17. OSHAD Audit Standard Operating Procedure

First Issue
39
 www.oshad.ae

OSHAD oshad_ae OSHAD oshad_ae oshad_ae