The information on this page is intended to help you if you are uncertain about what to expect from a company audit or of the standard audit procedures.
What to Expect
An audit begins with a pre-audit meeting followed by the auditor(s) gathering their information in the following three ways:
- Documentation: Involves reviewing all written components of the health & safety program.
- Interviews: The interviews conducted must meet a representative sampling.
- Observation: Observing the work environment, how employees are conducting their day-to-day activities, and observe the status of deficiencies noted found in the documentation.
Once the data gathering is completed, the auditor(s) will then compile the information, justify the awarded scores with written notes, prepare a written report, and will hold a close-out meeting.
Auditors have very specific timelines that must be met in order to meet ACSA / PIR standards. They are:
- 45 days to complete the “data collection” portion of the audit. The start date of an audit is the first day the auditor begins to gather data. This includes receiving company documents via mail, email, or by hand prior to visiting the company office or worksite. The end-date of the audit will be the last day any D/O/I is completed.
- The auditor then has an additional 21 days from the end-date for “audit submission”, which includes the closeout meeting, writing the audit report, and submitting it to the ACSA.
These timelines are in place to ensure the standards are being met and to also ensure the audit data has been reviewed and returned to the audited company in a timely manner. They also provide for implementation of an effective health and safety management system or action plan.
There are a number of different types of audits that a company can take, depending on whether it is an internal (maintenance) or external audit year. Read through the following to see which one could apply to you.
COR Certification (External)
A certification audit, otherwise known as external audit, is the last step in the COR process for companies who are trying to achieve COR (or recertify on subsequent years). These audits are completed by a certified peer auditor or consultant auditor.
COR Maintenance Audit (Internal)
A COR maintenance audit, otherwise known as an internal audit, is conducted on the two calendar years following a COR certification audit. These audits are completed by a certified internal or external auditor.
ACSA Action Plans offer an alternative way for companies to audit and maintain their Certificate of Recognition (COR).
Instead of conducting an internal audit, COR companies now have the option to develop and deliver an Action Plan that maps out measurable goal-setting using a company’s combined corporate and safety objectives.
To find out more about Action Plans and if you are eligible to do one, visit our COR Action Plan page
A self-qualification audit, otherwise known as a self-audit, is required for individuals who wish to become certified auditors. The self-qualification audit must be completed within 66 days of completing the Auditor Training Program and may have a modified scope.
Self / Internal Audit
A self / internal audit is a combination of a self-qualification and COR maintenance audit. It is intended for someone who completes needs to certify as an auditor and works for a company also requires their COR maintenance audit. A self / internal satisfies both the auditor and company requirements.
Auditor Maintenance Audit
An auditor maintenance audit, otherwise known as a maintenance audit, is done by auditors who need an annual audit to keep their auditor status, but are not completing either an COR maintenance or certification audit. These audits can have a modified scope.
Peer and Consultant Audit Process
Not sure of the difference between a ‘Peer Audit’ and a ‘Consultant Audit’ or which one your company is eligible for? Visit our Peer & Consultant Auditors information page for a comprehensive breakdown and tips on how to ease your audit process.
When related companies are controlled together and operate using a common health and safety management system, one audit may be conducted to include all of the companies instead of completing one for each.
For sampling purposes, the auditor may treat the related companies as if they were a single combined entity. The audit must be representative of the overall operations of all the companies together, and follow ACSA sampling requirements with regards to the number of interviews conducted and the number of work sites sampled.
If you are interested in conducting a group audit, download and complete the Common Ownership Form available in the Downloads section of this webpage. If the application is approved, your company will need to undergo an external audit. You cannot begin auditing together mid-cycle or on an internal year.
The Common Ownership form is to be submitted each time a group audit is requested.
For Shared Training Only
Companies who meet the requirement to conduct a Group Audit, but do not want to audit together, can apply for Shared Training Only. This allows one person with the COR courses to represent all the companies that are commonly owned. Shared Training Only does not allow the companies to audit together, but the application process is the same.