As a lead auditor and advisor, I have the necessary experience in auditing and implementing quality and environmental management systems.
Starting from the context analysis of the organisation and based on a SWOT, stakeholder and risk analysis, the important internal and external issues, which are applicable to the management system and relevant for achieving the intended results, are identified and documented. The results, affecting the organisation’s goal and strategic direction, have been translated into the objectives and policy. The standard says nothing about the method of implementation, this is entirely up to the organisation, so that a good fit in with the existing operational management and structures is not obstructed (ISO is there for the organisation and not the other way around). As an auditor you look at the results of the context analysis, the methodology is up to the company.
It is important to bear in mind that within the integrated management system, from within the context of the various underlying systems, other issues are relevant to the implementation of a SWOT, stakeholder and risk analysis. This is also reflected in the objectives, policy and control of the processes. As a result of a one-sided approach by the company to be audited, the auditor often observes that within an integrated management system for (for example) quality and the environment, the quality objectives prevail and the environmental objectives are too weak or even lacking, which then translates into the policy and control of the processes.
Introduction of risk-based thinking in the new HLS standards
One of the major changes in the new HLS standards is the development of a systematic approach to assessing risks and opportunities across the whole management system rather than preventive action as a separate part of it. Risks are inherent to all aspects of the management system.
Risk-based thinking is part of the process approach. Not all processes within the integrated management system have the same level of risk in relation to context and compliance. This is partly translated into the company objectives and policy.
Another point of attention with regard to the business objectives
Once the objectives and policy have been determined and recorded, it is also important that they are communicated with and understood by the employees. Clearer objectives supported by the employees, who are also actively involved in the realisation of these objectives, are an important building block for the success of a company and the achievement of the intended results of the management system.