Process safety management systems – are we making progress?

History teaches us that major accidents have multiple causes. While immediate causes may stem from poor design, equipment malfunctions or errors made by frontline staff, the deeper underlying reasons are often traced back to organisational shortcomings.

These shortcomings manifest as poor policies, a lack of clear direction, and critical gaps in essential safety procedures (Figure 1).  

Worryingly, an analysis of enforcement notices issued by the UK Health and Safety Executive under COMAH[1] over the last 12 months reveals a similar pattern (Figure 2). So can you be sure that the systems you have in place to prevent major accidents are working effectively? Because just like plant and equipment, management systems degrade over time.

Recognising the potential for degradation, the COMAH Regulations (Schedule 2) place a requirement on every COMAH operator to adopt and implement procedures “…for periodic systematic assessment of the major accident prevention policy and the effectiveness and suitability of the safety management system.” This points to the need for monitoring, audit, and periodic review of the safety management system[2].

Some principal areas of failure leading to major accidents.

Figure 1. Some principal areas of failure leading to major accidents.

Some principal areas for enforcement action under COMAH

Figure 2. Some principal areas for enforcement action under COMAH.

Process safety auditing and process safety management systems auditing – do you know the difference?

Process safety auditing and process safety management (PSM) systems auditing are fundamentally different activities. Process safety auditing focuses on identification and evaluation of specific hazards and the controls in place whereas PSM systems auditing involves assessment and verification of the management system elements to ensure ongoing hazard control[3].

By way of an example, an inspection of main plant items, piping and equipment might identify the absence of protective devices. However, review and audit of the management systems in place will help ensure that protective devices have been specified, designed, installed, and operated and maintained in accordance with company standards.

Both are important, but a clear distinction between the two is that review and audit of the PSM system elements should lead to correction of the underlying reasons why the hazardous condition came to exist, and not just correction of a specific shortfall at a given instant in time.

PSM systems auditing involves checking the implementation of system elements at specific locations, where audit team members examine samples from large populations of records and documents to determine compliance. The sampling method used must therefore ensure that the information gathered adequately represents the population under review. Restricting the scope of auditing activities, for example to worst case scenarios, thereby limiting the sample size, might unintentionally lead to biased, inaccurate, or unsubstantiated conclusions.

Planning for PSM systems audits

PSM systems auditing starts with examination of the management system design to ensure it is fit for purpose (PSM Systems Review) before evaluating the quality and degree of implementation (Deep Dive Audit). Both are necessary as a sound system may be undermined by poor implementation.

Designing an effective PSM systems audit programme typically involves several steps:

Define the Audit Criteria

The criteria to be met for success, considering the organisation, operating regions, relevant legislation, codes and standards, and recognised good practice guidance. In other words, a set of clearly defined, measurable, explicit statements that can be used to assess the system design and standards of implementation.

Define the Audit Scope

This should be based on the facilities to be covered, nature of the hazards, operational complexity, operating experience, PSM elements to be covered, local regulatory requirements, and of course the resources available – remembering always, it is better to perform a series of audits with a narrower scope than to perform hurried incomplete audits with a broader scope that may only serve to undermine the entire programme.

Establish the Audit Frequency

The period between audits may be determined by the nature of operations, PSM programme maturity, results of previous audits, incident history, company policies, and local regulations (e.g., UK versus US requirements).

Build the Team

Audits normally require a team effort to incorporate a range of disciplines, skills, experiences, and to introduce new perspectives. Subject matter experts may be required in key areas such as functional safety and human factors, and staff from other departments or sites may be needed to provide a degree of independence. Site or departmental exchanges of staff can also add value by providing opportunities for shared learning through new insights and knowledge transfer.

Reporting Requirements

Although there is no set standard, reports should include location, scope, findings, and details of auditors as a minimum, but reporting may be by exception (negative results) or include general commentary and positive results, and findings may be prioritised or simply listed. The language should also be clear and concise, and the retention policy should be established at the outset.

Follow-up Requirements

This should include the requirement for action planning, a timetable, and ongoing involvement of those responsible for each action. As items are completed, the specific action taken should be documented and retained on file, and corrective actions should be verified by the audit team. Actions discharged (i.e., where the decision is to take no further action) should also be recorded together with the justification.

It follows then that the audit programme requires choices to be made that will be organisation and location dependent, and there is no one size fits all, but it is important to clearly define the programme objectives and establish a consistent approach to ensure continued progression towards desired outcomes.

Getting started

If you would like to know more about how to develop an effective process safety management systems audit programme, then why not attend one of our scheduled open training courses or contact us today to find out more about tailored inhouse training.

Alternatively, we can conduct a review of your existing programme using OpenPSM® to help identify current strengths and weaknesses versus good practice guidance, and get you started on your own continuous improvement journey.

[1] The Control of Major Accident Hazards Regulations 2015 (

[2] PSM is about people, plant and systems, and what they do in real life – OpenPSM

[3] CCPS Guidelines for Auditing Process Safety Management Systems