Health and safety management profile (HASMAP) audit

1.  Introduction

In line with the University’s Statement of Health and Safety Policy, departments are expected to make arrangements for managing their activities, so as to ensure the health, safety and welfare of those affected. The specific arrangements will differ from one department to another, but all are expected to comply with the requirements of the University’s health and safety policies. From both the University and individual department’s perspective, it would prove beneficial to know how these arrangements actually perform in meeting these requirements. The Health and Safety Management Profile (HASMAP) audit system has been developed for this specific purpose within the University sector.

HASMAP has been accepted by the Health and Safety Executive as a valid audit method for Higher Education and it has been endorsed by the Universities and Colleges Employers’ Association and subsequently recommended to Vice-Chancellors. The overall purpose of the system is to reassure the relevant management of how well they are complying, but also to identify potential areas of concern and to provide indications of how these can be improved.

HASMAP is broken down into a number of key indicators, covering such aspects as leadership, risk analysis, organising controls, and monitoring.  The outcome of the audit gives a clear indication on areas of good performance or areas where improvements can be made. Performance on each indicator is graded in attainment level from “nil” performance (Level 0) to “best practice” (Level 4). The levels are progressive and are summarised [1] as:

Level 4 is best practice that at least equals the requirements of legislation and frequently exceeds them

Level 3 is good practice in health and safety management, giving a high degree of reliability and assurance that the department is meeting the requirements of legislation as they apply to the department

Level 2 reflects “positive action”, which demonstrates that the department is taking steps to improve its systems for health and safety management, though these systems are not sufficiently robust to assure compliance with all aspects of legislation and national guidance

Level 1 indicates a basic level of performance, such that policies are passively accepted without taking positive steps to integrate them into the management systems

Level 0 is no identified performance against the relevant indicator.

In order to maximise the benefits to the department, the University Safety Office will conduct an independent audit using this process. Individuals within the department should be encouraged to participate in order to fully assess the effectiveness of the current safety arrangements. The purpose of the audit is not to penalise individuals or departments, but simply to assist heads of department in meeting their legal health and safety obligations. The evidence gained will remain anonymous with an outline of the findings being reported.

The findings of the audit will be reported back to the head of department for consideration and to identify remedial actions. The outcome of individual department audits will be combined, again anonymously, to give an overall indication of how the University is performing. The proposal is to audit all departments based upon risks and activities over a five-year period. 

HASMAP is a risk-based audit system and so the sampling exercise will revolve around identified risks to the department’s aims and objectives. These will be identified as part of the scoping stage. The department is encouraged to highlight any specific objectives and any known risks that might warrant close investigation. If these are to be included in the audit, it will be outlined within the audit scope.

2.  The audit process

(a)  Process

(i)  Stage 1: scoping                                    

Timeline: to take place at least six weeks prior to an audit

The University Safety Office will contact the department and agree on the scope of the audit. This will involve consideration of the following points:

  • Departmental contact and Safety Office lead auditor
  • Date and timescale for completing the audit
  • Range of activities or buildings to be included in the audit
  • Agreement that HASMAP will be used as the reference standard
  • Brief tour of the department/facility.

The University Safety Office will obtain written agreement from the head of department that the audit will continue in line with the above scope.

(ii)  Stage 2: planning arrangements

Timeline: to take place at least two weeks prior to an agreed audit date    

Before the audit takes place, the lead auditor will liaise with the departmental contact to set up the following:

  • Confirmation of the number and names of auditors involved
  • A suitable room for the auditors to interview key people and to discuss findings
  • Identify and agree on whom, if anyone, will escort the auditors around the department
  •  Identify and arrange, via the departmental contact, formal interviews with key individuals. As a minimum, this will be:

-  Head of department

-  Departmental safety officer

-  Administrator

  • Identify and agree on specific groups that will be visited during the audit. Times will be agreed to visit these groups, in order to enable supervisors to be present during the audit
  • Identify and agree who will be present during the final audit summary meeting 
  • Identify and agree on the distribution of the draft and final report
  • Request documentation that will be required prior to the audit, for instance:

-  Statement of heath and safety organisation

-  Induction documentation for staff, students, visitors and contractors, particularly health and safety manuals or instructions

-  Minutes from departmental safety advisory committee meetings

-  Minutes from other meetings where health and safety was a specific agenda item, particularly senior management meetings

-  Health and safety inspection report

-  Health and safety reviews

-  Health and safety plans

-  Sample risk assessments

-  Sample job descriptions.

(iii)  Stage 3: onsite

Timeline: the length of time that the auditors will be onsite will be agreed as part of the planning process. It will depend upon the size of the department, but will normally consist of two auditors visiting over two consecutive days.

  • The auditors will be on site from 9.30am each day and will leave by 4.30pm
  • At the beginning of the audit, the department will need to outline basic safety procedures, including welfare issues, emergency procedures and local rules
  • At the beginning of each day there will be the opportunity to discuss with the department the day’s events
  • At the end of each day, there will be the opportunity to discuss with the department the day’s findings
  • At the end of the audit, the auditors will hold a final meeting to summarise the overall findings and agree on the key points that will be included in the report.

(iv)  Stage 4: draft audit report

Timeline: within one month of the audit

  • The Safety Office will issue a draft report to the department.
  • The format of the report will be:

-  Introduction, including a summary of performance, key recommendations and the HASMAP bar chart (See Appendix 1 as an example)

-  Findings

-  Specific recommendations

-  Terms of reference/audit work plan

(v)  Stage 5: audit report

Timeline: within one month of the draft report

  • The department will have the opportunity to comment upon the draft.  If there are clear discrepancies in the interpretation of the department’s arrangements, these will be rectified
  • Once agreed, the final audit report will be issued to the head of department and anyone else identified during the pre-audit stage
  • If requested, the auditor(s) will attend an agreed meeting to formally present the findings and recommendations
  • Only the department, Head of Division and University Safety Office will see the report in its entirety.  However the findings will be summarised along with other audits for presentation to the University or other interested parties, although the specific details of departments will be withheld.

(vi)  Stage 6: departmental action

Timeline: within six months of the final report

  • The report will outline the key findings of the audit and propose recommendations for reaching the next level in each element.  It is the head of department’s decision as to whether these recommendations are implemented.  As a minimum, the department is expected to achieve Level 3 in each indicator, so if the recommendations are not adopted then suitable alternatives should be considered.
  • In response to the audit, the department must outline the specific actions that will be taken with a proposed timescale for completion.  The departmental safety advisory committee should be consulted as part of this planning process and should be kept up to date with the progress of any agreed action.
  • A copy of the documented action plan must be sent to the University Safety Office.


[1] copyright of Universities Safety and Health Association 2007

February 2011