Audit Committee – 24 June 2009 Internal Audit Report – Health & Safety Executive summary and recommendations Introduction As part of the internal audit programme for 2009/10 PKF undertook a review of Health & Safety within HPC. The attached report which includes a management response was agreed with the Executive in June 2009. Decision The Committee is asked to discuss the report. Background information None Resource implications None Financial implications As budgeted for in the 2009/10 Financial year Appendices Appendix 1 – Report from PKF Date of paper 11 June 2009
Health Professions Council Employees' Health & Safety Management Review 2009/10
Final June 2009 Confidential
Health Professions Council
Confidential
Contents 1
Introduction and scope ............................................................................... 1
2
Executive summary .................................................................................... 2
3
Detailed findings......................................................................................... 4
4
Action plan.................................................................................................. 8
5
Assurance definitions ............................................................................... 10
Project timescales Date project commenced
19/05/09
Date field work completed
05/06/09
Date draft report issued
10/06/09
Date
10/06/09
final
management
comments received Date final report issued
10/06/09
Health Professions Council
Confidential
1
Introduction and scope
1.1
In accordance with the 2009/10 internal programme for the Health Professions Council (“HPC”) that was agreed with the Audit Committee in February 2009, we have undertaken a review of the management arrangements over employees’ health & safety in operation at the HPC.
Scope of our work 1.2
As specified in our audit programme the aim of this project was to provide assurance to the HPC regarding its risk management arrangements over employees’ health & safety.
1.3
We therefore reviewed the HPC’s arrangements for the managing the organisation’s key risks in relation to this area. Specifically these included:
1.4
•
Policies and procedures;
•
Health & safety risk assessments undertaken by specialist contractors;
•
Incident reporting; and
•
Insurances.
The work was carried out primarily by holding discussions with relevant staff and management, reviewing any available documentation and undertaking detailed testing on a sample basis, where required. The audit fieldwork was undertaken in May and June 2009.
1.5
This report has been prepared as part of the internal audit of the Health Professions Council under the terms of the contract for internal audit services. It has been prepared for the Health Professions Council and we neither accept nor assume any responsibility or duty of care to any third party in relation to it.
1.6
The conclusions and recommendations are based on the results of audit work carried out and are reported in good faith. However, our methodology is dependent upon explanations by managers and sample testing and management should satisfy itself of the validity of any recommendations before acting upon them.
Final June 2009
Introduction and scope 1
Health Professions Council
Confidential
2
Executive summary
2.1
This report summarises the work undertaken by PKF within the agreed scope of our review of the management arrangements over employees’ health & safety in operation at the HPC. The work was performed as part of our agreed internal audit plan for 2009/10.
Background 2.2
Health & safety law places duties on organisations and employers. Directors can be personally liable when these duties are breached. Members of the board (or Council in the case of the HPC) have both collective and individual responsibility for health & safety.
Our assessment 2.3
Based on the audit work carried out we concluded that the HPC’s management arrangements over employees’ health & safety were satisfactory and operating effectively at the time of our review.
Principal findings 2.4
Executive responsibility for health & safety and fire safety at senior management level rests with the Chief Executive and Registrar supported by the Director of Finance and the Facilities Manager (Safety Officer). Ultimate responsibility rests with Council.
2.5
A Safety Group (currently the Fire and Safety Team – “FAST”) has been established to coordinate and review risk assessments, incident reporting, health & safety audits and workplace inspections and to update the organisation’s policy and procedures where appropriate.
2.6
However, in view of the overall responsibilities of Council for health & safety we believe that members should be provided with details of the incidents that have arisen at least annually. This would ensure that they were kept better informed of the nature and extent of health & safety issues for which they have given delegated responsibility to the Chief Executive and Registrar. We have therefore raised a recommendation in relation to this matter.
2.7
The HPC has a risk assessment in place prepared by appropriate technical specialists and has procedures for monitoring the heath & safety impact of any ongoing developments to its premises and for undertaking workplace inspections.
2.8
However, the Health & Safety Executive (“HSE”) recommends that a formal review of the health & safety risk assessment should be undertaken at least annually. We have therefore raised a further recommendation in relation to this matter.
Final June 2009
Executive summary 2
Health Professions Council 2.9
Confidential
We noted that the HPC has comprehensive employees’ liability insurance with AIG UK Limited for any personal accidents that may arise to its employees during eth course of their work and in travelling on HPC business.
2.10
We have not therefore raised a recommendation in relation to this area.
2.11
We wish to thank all members of staff for their availability, co-operation and assistance during the course of our review.
PKF (UK) LLP June 2009
Final June 2009
Executive summary 3
Health Professions Council
3
Confidential
Detailed findings Background
3.1
The HPC has a general legal duty to ensure the health & safety of its employees at all workplaces, and in every aspect, related to its work. This is required by Section 2(1) of the Health and Safety at Work Act 1974 (there are similar requirements in Section 3 in respect of risks to non-employees such as visitors and volunteers).
3.2
Specific regulations made under this Act that the HPC needs to comply with (where appropriate) include:
3.3
•
Health and Safety at Work Act 1974;
•
The Management of Health and Safety at Work 1999;
•
Safe Use of Work Equipment, Provision and use of Work Equipment 1998;
•
Manual Handling Operations 1992;
•
Workplace (Health, Safety and Welfare)1992;
•
Personal Protective Equipment at Work 1992;
•
Health and Safety (Display Screen Equipment) 1992; and
•
Regulatory Reform (Fire Safety) Order 2005.
Health & safety law places duties on organisations and employers. Directors can be personally liable when these duties are breached. Members of the board (or Council in the case of the HPC) have both collective and individual responsibility for health & safety.
3.4
Larger public and private sector organisations need to have formal procedures for auditing and reporting health & safety performance. If a health & safety offence is committed with the consent or connivance of, or is attributable to any neglect on the part of, any director, manager, secretary or other similar officer of the organisation, then that person (as well as the organisation) can be prosecuted under section 37 of the Health and Safety at Work Act 1974. In extreme cases, those found guilty are liable for fines and potentially imprisonment. More recent legislation regarding corporate manslaughter also needs to be considered carefully.
3.5
The HPC’s health & safety risks arise primarily at its Head Office in Kennington, although some fitness to practise hearings or conference activity may take place off site. The impact of not managing these risks effectively may be an injury or death of an employee or visitors to the building and contractors.
Final June 2009
Detailed findings 4
Health Professions Council
Confidential
Key risk 3.6
The HPC has identified the health & safety of its employees as a high inherent risk in its February 2009 risk register.
3.7
The focus of our work was therefore upon the arrangements to manage the health & safety of the HPC’s employees. Other arrangements for the protection of visitors and contractors were outside the scope of this review.
3.8
The key management controls that the HPC is relying upon to manage the health & safety of its employees are as follows:
3.9
•
Policies and procedures;
•
Health & safety risk assessments undertaken by specialist contractors;
•
Incident reporting; and
•
Insurances.
The findings of our review of these controls and health & safety risk management in general are set out below.
Findings Policies and procedures 3.10
Following a detailed review by the Finance and Resources Committee, the HPC’s health & safety policy was adopted by Council in September 2007. The policy was developed with the advice of external health & safety consultants Lawrence Webster Forrest (“LWF”).
3.11
The policy states that the HPC undertakes to comply with statutory health & safety and fire safety requirements and that the HPC is responsible to ensure that there are sufficient arrangements in place for the safety of all employees and visitors and other building occupants in each of the buildings and premises it occupies. The policy brings together the HPC’s policies on Security, Fire Procedures, Smoking and First Aid that were previously included separately in the Employee Handbook.
3.12
Executive responsibility for health & safety and fire safety at senior management level rests with the Chief Executive and Registrar supported by the Director of Finance and the Facilities Manager (Safety Officer). Ultimate responsibility rests with Council.
3.13
A Safety Group (currently the Fire and Safety Team – “FAST”) has been established to coordinate and review risk assessments, incident reporting, health & safety audits and workplace inspections and to update the organisation’s policy and procedures where appropriate.
Final June 2009
Detailed findings 5
Health Professions Council 3.14
Confidential
We noted that this group met twice during 2008/09 and is scheduled to meet again shortly. The group comprises the nominated health & safety representatives for each department and the fire wardens and those responsible for health & safety within the HPC.
3.15
We understand that training in health & safety matters was provided to these individuals by the Facilities Manager during 2008/09. This is to be followed up by a further programme of training to be provided by LWF during 2009.
3.16
At each meeting of the Finance and Resources Committee, an update on health & safety matters is provided in the Facilities Management report. This report is also included in the Management Information Pack for Council, presented by the Chief Executive.
3.17
Based on our review work and discussions with management we understand that very few health & safety incidents have arisen in recent years at the HPC. During 2008/09 we are advised that only two relatively minor incidents arose. However, in view of the overall responsibilities of Council for health & safety we believe that members should be provided with details of the incidents that have arisen at least annually. This would ensure that they were kept better informed of the nature and extent of health & safety issues for which they have given delegated responsibility to the Chief Executive and Registrar.
3.18
We have therefore raised the following recommendation. Recommendation R1. Council should be provided with details of the number and type of health & safety incidents that have arisen at the HPC at least once annually. Health & safety risk assessments
3.19
A health & safety risk assessment covering the HPC’s activities was undertaken by external health & safety consultants LWF in 2007 when the organisation’s health & safety policy was developed. Health & safety audits and work place inspections are to be undertaken by the Facilities Manager or nominated representatives in accordance with the risk assessment. The completion of these audits is monitored through the FAST group.
3.20
Since the risk assessment was undertaken, there have been significant structural changes made to the HPC’s Head Office, which were the subject of our previous reports on 22-26 Stannary Street. A further phase of works is currently underway. Through the procurement and design processes for this work health & safety issues have been given a high priority and we noted that the contractors are required to report on health & safety issues in their monthly progress report. The Facilities Manager is responsible for issuing contractors with ‘Permits to Work’ or ‘Hot Work Permits’ (if required) and specific contract conditions pertaining to health & safety and fire safety prior to commencement of work.
Final June 2009
Detailed findings 6
Health Professions Council 3.21
Confidential
The premises development works took place throughout 2008 and have continued into 2009. The approach adopted by the HPC has been to manage the health & safety impact of any works that have been undertaken as part of the project and contractor management process taking into account the risks highlighted in the organisation’s risk assessment.
3.22
The HPC therefore has a risk assessment in place prepared by appropriate technical specialists and has procedures for monitoring the heath & safety impact of any ongoing developments to its premises and for undertaking workplace inspections. However, the Health & Safety Executive (“HSE”) recommends that a formal review of the health & safety risk assessment should be undertaken at least annually. We have therefore raised the following recommendation. Recommendation R2. The HPC should undertake a formal review of its health & safety risk assessment each year in order to meet HSE best practice. Incident reporting
3.23
The nominated health & safety representatives are responsible for recording and reporting all accidents, incidents and near misses to the Facilities Manager. We noted that these were being considered at the meetings of the FAST group. Where there is a possibility that there is legal requirement to report the incident to the Health & Safety Executive (“HSE”), for example under (“RIDDOR”) Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995, we understand that the Facilities Manager liaises with the HSE.
3.24
We have not therefore raised a recommendation in relation to this area. Insurances
3.25
The HPC has comprehensive employees’ liability insurance with AIG UK Limited for any personal accidents that may arise to its employees during eth course of their work and in travelling on HPC business.
3.26
The maximum limit of cover for any one accident amounts to £15 million with a higher limit set for aircraft accidents. Our review indicated that the insurance is reviewed and renewed on an annual basis. The most recent renewal was undertaken in March 2009 and the st
covers runs until 31 March 2010. 3.27
We have not therefore raised a recommendation in relation to this area.
Final June 2009
Detailed findings 7
Health Professions Council
4
Confidential
Action plan
Ref.
Findings
Recommendations
Priority
Management Response
Due Date
Responsible Officer Policies and procedures R1
In view of the overall responsibilities of
Council should be provided with
Council for health & safety we believe that
details of the number and type
members should be provided with details of
of health & safety incidents that
the incidents that have arisen at least
have arisen at the HPC at least
annually. This would ensure that they were
once annually.
Low
Agreed.
July 2009
Chief Executive and Registrar
kept better informed of the nature and extent of health & safety issues for which they have given delegated responsibility to the Chief Executive and Registrar.
Final June 2009
Action plan 8
Health Professions Council
Ref.
Findings
Confidential
Recommendations
Priority
Management Response
Due Date
Responsible Officer Risk assessments R2
The HPC has a risk assessment in place
The HPC should undertake a
prepared by appropriate technical specialists
formal review of its health &
and has procedures for monitoring the heath &
safety risk assessment each
safety impact of any ongoing developments to
year in order to meet HSE best
its premises and for undertaking workplace
practice.
Medium
Agreed.
July 2009
Facilities Manager
inspections. However, the HSE recommends that a formal review of the health & safety risk assessment should be undertaken at least annually.
Final June 2009
Action plan 9
Health Professions Council
5
Confidential
Assurance definitions Assurance Level
Sound
Definition Satisfactory design of internal control that addresses risk and meets best practice and is operating as intended.
Satisfactory
Satisfactory design of internal control that addresses the main risks but falls short of best practice and is operating as intended.
Satisfactory in Most Respects
Generally satisfactory design of internal control that addresses the main risks and is operating as intended but either has control weaknesses or is not operating fully in some significant respect.
Satisfactory Except For…..
Satisfactory design of internal control that addresses the main risks and is operating as intended in most respects but with a major failure in design or operation in the specified area.
Inadequate
Major flaws in design of internal control or significant non operation of controls that leaves significant exposure to risk.
Final June 2009
Assurance definitions 10