This is the second edition of a very successful book which first appeared in 2006. I said then that it was a most welcome addition to the library of any manager active in this field and ought to be the standard work in HSEQ auditing; this second edition only confirms me in this opinion.
A thriving and constantly improving HSEQ culture depends on those in control questioning its condition, measuring its successes and failures and defining routes towards development. Much in the way that a financial audit determines the monetary health of a management system, HSEQ audits test these elements of performance. Some audit systems are one-size-fits-all prescriptions, which, although successful in many applications, cannot be said to succeed in all, simply because management structures vary so much. Indeed, earlier audit systems tended to give a false sense of security precisely because there was a fundamental mismatch between the management system under scrutiny and the audit system chosen. Hence Stephen Asbury’s approach to letting the management structure determine the what and how of auditing, and that is its major strength.
‘Risk’ is defined herein as the scale of any type of impact on an organisation’s objectives, i.e. very widely. The purpose of this book is therefore to instruct the reader in how to focus on especial classes of risk, how best to interrogate the management system responsible for that aspect, and what to make of the outcome(s).
The book comprises 10 main chapters plus 5 appendices. The novice auditor and senior general manager or director would be well advised to simply start at the beginning and wade in, for there is much to be gained from Asbury’s understanding of the current business environment and how the structure and control functions of an organisation operate. If you’re familiar with modern management studies, then you might skip the first two chapters, but there are plenty of inset boxes with nuggets of good sense and advice that you won’t want to miss. The crux of the matter starts in the next section, where it is explained why, how and by whom and auditing culture comes about in an organisation. This leads into a discussion of the interactions between auditor and those individuals who control the aspects of management under scrutiny. This is important if the audit process is to elicit the best and most accurate data on which future strategy can be confidently based.
The “Audit Adventure” is the author’s term for the thought processes around the dynamics used by auditors. This steers auditors through the major steps of the audit. Since an audit is a project like any other, it comprises a series of inter-related activities with a timescale, budget and resource allocation, plus clearly understood objectives. The remainder of the main sections of the book detail the principles and practices of this audit adventure.
If you have been appointed as lead auditor, chapters 6 – 10 will lead you by the hand, telling you how to approach the tasks involved, how to get the best from your team, and to prepare and execute the best programme you can. All the important aspects of this vital process are dealt with expertly, and with good humour. Good preparation is, naturally, vital for a potentially complex project such as an audit. The audit team and especially the lead auditor must understand what is expected of them, the audit processes they will use and how the deliverables agreed will be uncovered. As Asbury says, “the key to a successful audit is a thoroughly prepared audit team”. Once the groundwork has been laid, the audit team will, hopefully, have unearthed a representative sample of significant risks for inclusion in the audit work plan. The actual conduct of the audit is, quite properly, the major section of this book and the author explains in some detail the variables inherent in these processes, how difficulties can be minimised and focus retained. It’s all most helpful, with case studies, tips and pithy asides to guide the reader towards a deeper understanding. Of greatest use to the auditee will be the formal report and perhaps a presentation giving the conclusions of the audit. Where immediate risks or major non-conformancies have been uncovered, the lead auditor needs to be prepared to help in arriving at workable solutions. This is all part and parcel of the audit process. All these aspects are covered in enough detail to let the prospective lead auditor understand what is required, and conversely what a director of an auditee company can and should expect.
The graphic design is superb with inset case studies to illustrate important points and tips garnered from the author’s personal experience, Special mention must be made of Paul Richardson’s cartoons. Auditing may not be the ‘sexiest’ topic for humour, but these really do work well and don’t detract from the seriousness of the subject.
There is so much to enjoy and admire in this book. The introductory chapters are as good a summary of the nature of business risk as one can have without straying into magnum opus territory for management studies undergraduates. That this is achieved without recourse to ‘management speak’ is quite remarkable. The writing style throughout is accessible and the layout leads the eye to the salient matters of each topic. There are, in addition to the main text, five main appendices plus lots of extras, not the least of which is the useful website supported by the publisher at: [...] There is also a good index, which makes life a lot easier.
Auditing ‘how-to’ guides tend not to be the most thrilling reads. One reads them because one wants to understand the process or to pass an exam. This one, however, actively draws the reader into an understanding of how important these activities are to the health of an organisation so that one appreciates that without such processes, success or failure would be pretty much left to chance. In today’s business environment, no senior manager should be content with that. This book will tell you how to find out what could go wrong and how to address such challenges. This second edition remains the ‘go to’ handbook for those who aspire to drive a prosperous and thriving business and I highly recommend it.