A COR is obtained when the company manages to achieve an overall score equal to or greater than 80% and at least 50% in each audit element.
If this score is not achieved because the external auditor noted some shortcomings during their risk management assessment, there are two possibilities.
The possibilities when an audit failure occurs
Contents
Limited scope audit:
If the company achieves 75% or more in the overall score, but less than 80% for minor shortcomings in its risk management program, the auditor may recommend a limited scope audit.
This type of solution is intended to avoid the company having to repeat the entire process to obtain the COR.
The solution is that the auditor identifies the failures and the company, assisted by the internal auditor, can produce improvements focused on its weaknesses to pass a second test in no more than 90 days.
Repeating the process:
If during the test an overall result of less than 70% is obtained, the auditor must communicate to the company that it is necessary to repeat the process in order to achieve the COR. In these cases, a detailed report of the company’s shortcomings with respect to risk management is also obtained so that skills can be improved.
What is the COR audit like?
The preparation of a company to obtain a COR certification is a process that must begin with training on corporate risk management.
Initially, a senior management representative must be designated, as well as a permanent employee to take the courses required by the IHSA. This collaborator will be called an internal auditor.
The internal auditor is the one who will work closely with the external auditor when the time comes.
Once the training is completed, the internal auditor will be able to perform an internal audit of the company’s health and safety management using the IHSA tools.
This internal audit must be sent to the IHSA for review. If it meets all standards, then the external audit will be authorized.
What are the duties and responsibilities of the internal auditor?
Some of the actions they must perform during their work include:
- Manage and supervise the risk management program.
- Complete and submit the internal audit along with supporting documentation to request the COR.
- Schedule pre- and post-audit meetings.
- Develop an effective written action plan to promote continuous improvement with respect to risk management.
- Provide additional information as needed by the external auditor.
- Comply with COR program guidelines.
These responsibilities are not limitative; the internal auditor may act as he/she deems prudent in order to achieve good management.