Independent audit and assurance is an essential component of best practice in safety and risk management. It is an important tool because it helps business leaders to ensure their legal obligations are being met, and it helps prevent harm to people.
Assurance activities are the fundamental building blocks of a company’s safety improvement strategy and corporate governance.
Assurance activities help to answer the following:
- Is the company complying with regulatory obligations?
- Are control measures effective and are they being implemented as intended?
- Is the company’s HSE Management System operating as intended?
- Are work teams and individuals working safely and in accordance with procedures?
- Does the company’s contractors continue to meet the required standard?
- Is continuous improvement being achieved
- Are lessons being learned and acted upon?
The ‘Three Lines of Defence‘ model of assurance provides a great framework for large and small companies, and this approach has been adopted by many organisations.
Three lines of defence within an organisation provides assurance at all levels of the business that risks are being identified and managed. Here is a breakdown of the three lines:
First Line: Operational Management
This line of defence involves individuals and teams who are directly involved in day-to-day operations. These teams are responsible for designing and implementing health and safety controls to prevent harm. Operational teams should carry out First Line of Defence activities through regular inspections, audits and checks of their workplace.
Second Line: Risk Management and Compliance
This line of defence comprises internal audits to check that risk and management practices are fit-for-purpose and are being implemented across the business. These audits focus on the implementation of holistic policies, procedures, safety and environmental management systems, and they offer assurance by overseeing the control framework and by monitoring its effectiveness.
Third Line: Independent Audit
This line of defence typically comprises internal audit, often carried out by independent and qualified auditors. The purpose of these audits is to provide objective and independent assurance on the effectiveness of overall governance, risk management and internal control systems.
Summary
The Three Lines of Defence model is a useful tool to help Boards, committees and executive management understand where their business is in relation to compliance and good industry practice.
Audit and Assurance is an essential element of the Plan, Do, Check, Act cycle. As such, the Health and Safety Executive (HSE) in the UK, in their guidance document Managing for Health and Safety, has emphasised the importance of the PDCA approach because it helps to achieve a balance between the systems and behavioural aspects of management. Implementing the Three Lines of Defence model will greatly help achieve the fundamentals of the Plan, Do, Check, Act approach.
If you would like more information about Three Lines of Defence and how it might apply to your business, please get in contact. We have a free guidance document that explains the model in more detail. Contact us for your free copy.
