International Journal of Management, Knowledge and Learning, 8(1), 43-59
Auditing Industrial Safety Management: A Case Study
Sondre L. Bjelle
County Governor of Vestland, Norway Are K. Sydnes
UiT The Arctic University of Norway, Norway
As industries are becoming increasingly self-regulatory, external auditing has become increasingly important to ensure that industrial practices are in line with regulations and the public good. This study asks if there is a fit between the industrial practices of safety management and external auditing. It concludes that while companies largely manage safety through operational-level experience and with a low level of formalisation, the audits have a primary focus on formal documentation and gathering audit evidence at the strategic and tactical levels in the organizations. This limits the effectiveness of auditing as a tool both for learning and regulating safety management.
Keywords: industrial safety, safety management, auditing Introduction
As long as industrial operations have taken place, people have tried to handle the increased risks they entail (Grote, 2012). All Norwegian companies within a broad range of industrial sectors, with 40 employees or more, are required to establish an emergency response capacity as part of their industrial safety system. The industry and government have in partnership established the Norwegian Industrial Safety Organisation (NSO) to facilitate the development of industrial safety and to audit its implementation.
Following the rise of 'new public management,' industries have become increasingly self-regulatory, while the State (as regulator) establishes requirements (laws and regulations) and seeks to control (audit) that these are met (Power, 2003). How they are met is largely left to the industries themselves. However, in ensuring the public good, such enforced self-regulation is dependent on both that industries establish appropriate safety management systems and that state agencies (or their representatives) through audits are capable of controlling that they meet the established requirements (Gilad, 2010).
This brings us to the main issue of this paper: is there a 'fit' between how industrial safety management (emergency response in particular) is conducted by industrial enterprises and how NSO audits are conducted? Previous research has been critical of whether existing auditing practices within

www.issbs.si/press/ISSN/2232-5697/8_43-59.pdf
44 Sondre L. Bjelle and Are K. Sydnes
different sectors manage to find evidence of actual safety practices (Tackett, Wolf, & Claypool, 2004; Blewett & O'Keefe, 2011; Hohnen & Hasle, 2011; Batalden & Sydnes, 2015). Are NSO audits capable of gathering relevant and necessary evidence on whether industrial enterprises uphold safety standards established by laws and regulations? Notably, the focus here is not on levels of compliance with public regulations. Rather, we address how industrial safety management is established and acted upon, and how audits are conducted in practice. Firstly, we ask how companies establish an emergency response as part of their industrial safety systems. Are they based on bottom-up or top-down processes, formal or informal procedures, process or action rules? Secondly, we address how NSO conduct audits of the industrial safety, with a focus on emergency response. In particular, we distinguish whether NSO audits are based on documentation (structural audits), or also include auditing safety practices (operational audits). These issues are critical from a government perspective in terms of their ability to manage, regulate and control, as well as from a business/organizational perspective in terms of learning and developing safe practices.
Regulations, Safety and Audits
In recent decades the regulation of safety has shifted from detailed prescriptive public laws and regulations towards more functionally defined requirements and self-regulation (Power, 2000). It is then largely left to the enterprises to design, establish and maintain systems that ensure that they comply with the publicly required levels of safety (Reason, 1997; Gi-lad, 2010). As a consequence, the State's role as a regulator has been reduced, while the enterprises' role in serving the public good (safety) has increased in importance. It is common that State agencies or other mandated actors conduct systematic checks, referred to as audits, to whether the enterprises activities and arrangements comply with the required standards (Blewett & O'Keefe, 2011). This kind of arrangement between regulator and industry is commonly known as enforced self-regulation and are widespread inter alia within the production, transport and provision of public services (Gilad, 2010). To function as intended it relies heavily on the ability to audit, defined as 'the systematic, independent and documented process of obtaining audit evidence, and evaluating it objectively to determine the extent to which the audit criteria are fulfilled' (International Standard Organization, 2011).
There are many issues that have been raised regarding the role of auditors, audit criteria, audit overloads and so forth (see for example Blewett & O'Keefe, 2011; Batalden & Sydnes, 2015). In this paper we focus on the relation between how industrial safety management systems are established and how audits of these systems are conducted.
International Journal of Management, Knowledge and Learning
Auditing Industrial Safety Management 45
Safety management includes all systematic measures taken to establish and maintain levels of safety that conform to policies, goals and other requirements (Abrahamsen, Aven, Vinnem, & Wiencke, 2004). It commonly includes the elements of policies, goals and objectives, operating standards and norms, monitoring and feedback. Safety management should be a continuous process (Stolzer, Halford, & Goglia, 2008) and an integral part of an organizations activities (McDonald, Corrigan, Daly, & Cromie, 2000).
In defining organizational roles in the handling of unwanted incidents, it is common to distinguish between strategic, tactical and operative levels of organization (Canton, 2006; Hovden, 2012). Actors at these levels have important roles and functions in safety management. The operative level is the 'sharp end' of the safety system that directly responds to unwanted incidents. The tactical level leads the response through coordinating activities. The strategic level is responsible for long-term and over-arching processes that guide the operative response (Canton, 2006).
There are two main analytical approaches to study safety management (Hale & Borys, 2013). These can be labelled as Model 1 and model 2 (Dekker, 2005). Model 1 is commonly referred to as a rationalistic, top-down approach. It has a focus on hierarchy, formal rules and routines, the standardization of safety procedures, and a top-down approach to establish safety regulations (Hale & Borys, 2013). The central decision-makers are to be found at the strategic and tactical levels that seek to provide detailed directions to the operators in the sharp end. It is assumed that activities are documented well and that audits can rely on this as a source of data.
Model 2 is a bottom-up approach, where the operators at the sharpend are assumed to have the central role (Hale & Borys, 2013). Rules and routines are dynamic and are not prescriptive; rather they function as guidelines (Hale & Borys, 2013). The operators are constantly evaluating the safety situation during operations based on their knowledge and experience. A high degree of flexibility is considered essential to be able to handle operative uncertainties that arise (Grote, 2012). Consequently, the levels of documentation and formalization are low. This makes the gathering of audit evidence more challenging (Hale & Borys, 2013).
Audits can be conducted in a variety of ways and by various actors. Audits can be internal or external (International Standard Organization, 2011; Kjellen & Albrechtsen, 2017). Internal audits check if the safety performance is according to its own organizational criteria. External audits can be conducted by a public authority (or mandated agent), or be market-based. In these cases, the enterprise or organization is audited according to criteria set externally by public laws and regulations, industrial standards or market-based criteria (Baldwin, Cave, & Lodge, 2010). One can also distinguish audits according to what data and information is gathered as audit evidence
Volume 8, Issue 1, 2019
46 Sondre L. Bjelle and Are K. Sydnes
Model 1	<	Structural audit
Figure 1
Models of Safety	Model 2	<	Operational audit
Management and Auditing
in the process. Structural (also known as document or desk-top) audits are based on available documentation and a consideration whether these documented activities meet the established criteria (Blewett & O'Keefe, 2011; Kongsvik, 2013). Operational audits also include interviews and observations to verify whether safety rules and routines are implemented in practice (Costella, Saurin, & Guimaraes, 2009; Kongsvik, 2013).
There has been much debate regarding audit practices; for example, the use of the establishment of criteria, audits reflection of safety practices, the competence of auditors, their use as a basis for organizational learning, and so forth (Power, 2000; Hohnen & Hasle, 2011, Blewett & O'Keefe, 2011; Batalden & Sydnes, 2015). In this study, we will elaborate on the relation between the industrial safety system (model 1 and model 2) and the auditing approach (structural and operational audits). We, firstly, ask how rules for industrial safety are established within the organizations. Secondly, we ask how external NSO audits of industrial safety are conducted. Finally, we discuss the relative 'fit' between the approaches to safety management and audits in providing a basis for valid and effective safety.
The underlying assumption is that structural audits based on documentation is only suited to conduct audits of organizations with a high degree of formalization, prescriptive standards, rules and procedures, structure and documentation procedures and, in general, to a top-down approach to management - referred to as Model 1 in safety management (Dekker, 2005; Hale & Borys, 2013). Structural audits are not well suited to gather audit evidence from organizations with a low degree of formalization, a bottom-up approach to safety management, and a high degree of flexibility in decisionmaking - referred to as Model 2 in safety management (Dekker, 2005; Hale & Borys, 2013). Auditing Model 2 organizations are claimed to require a more thorough gathering of audit evidence, including operational audits whereby one can observe the SMS in action. Operational audits could naturally also be a benefit to Model 1 organizations, but not as necessary to gather relevant audit evidence. These questions are of importance as they determine whether audits actually gather relevant evidence and ensure that enterprises whose operations may pose a risk to society uphold the required safety standards.
International Journal of Management, Knowledge and Learning
Auditing Industrial Safety Management 47
Table 1 List of Respondents
Respondent	Al	A2	A3	A4	B1	B2	B3	CI	C2	C3	T1	T2	T3
Business enterprise	A	A	A	A	B	B	B	C	C	C			
Title in industrial safety	ERP	ERP	ISM		OSC	ISM		OSC	ISM		A	A	A
Level in industrial safety	O	O	T	S	O	T	S	0	T	S			
Notes ISM - industrial safety manager, OSC - on scene commander, ERP - emergency response personnel, A - auditor, S - strategic level, T - tactical level, O - operative level.
Methods and Data
This is a qualitative case-study (Yin, 2003) of industrial safety audits in Norway. It is based on a series of semi-structured interviews, document analysis and observations of industrial safety audits. We have chosen to triangulate the sources of data to strengthen the empirical findings of the study (Bryman, 2008).
The business enterprises (A-C) in the study are all located in Norway. They all have >50 employees and are obliged by the industrial safety regulation (Naringslivets sikkerhetsorganisasjon [Norwegian Industrial Safety Organisation], 2015) to establish an industrial safety system.
All interviews were conducted in the period January-February 2016 by the first author. Employees of the business enterprises (A1-C3) were selected based on their position in the industrial safety system, according to formal title and level in management. The auditors interviewed (T1-T3) are all employees of the Norwegian Industrial Safety Organisation. All interviews were recorded and transcribed with the consent of the informant. Eleven interviews were conducted face-to-face on the site of audits, while one was conducted by telephone and another on Skype.
The first author participated as a non-participating observer during the audits of the three enterprises in the study. The audits observed were all conducted by the same auditor (T1). This gave access to observe the safety context of the enterprises and the audits taking place.
A document study was conducted of relevant public laws and regulations on industrial safety, evaluations and guidelines by the Norwegian industrial safety organization, and internal documentation from the business enterprises in the study. Unfortunately, the business enterprises had limited documentation available, e.g. only enterprise A had developed a contingency plan for industrial safety. The document study was used both as a basis for gathering interview- and observational data, and as a supplement to strengthen empirical findings.
Volume 8, Issue 1, 2019
48 Sondre L. Bjelle and Are K. Sydnes
Industrial Safety in Norway
'Industrial safety' is the enterprises own preparedness to handle unwanted incidents in the time-period until public emergency responders arrive on scene and further provide support to the latter (Naringslivets sikkerhet-sorganisasjon, 2017). The kind of incidents vary but typically include fire, personnel injuries, and leakages of toxic substances. Enterprises with 40 employees or more, within certain industries, have a duty to establish an appropriate level of industrial safety (Justis- og beredskapsdepartementet, 2015).
In 2015 there were 1066 enterprises that had industrial safety systems, with a total of 15206 emergency response personnel (Naringslivets sikker-hetsorganisasjon, 2015). Among these enterprises, 269 of them activated the systems in 848 actual incidents. In 565 of these cases, it was reported that the industrial safety systems had contributed to mitigate the consequences of the incidents. In short, industrial safety is important both for the individual enterprises and the public in general.
NSO was established in 1938 by the Confederation of Norwegian Enterprise (NHO) (Naringslivets sikkerhetsorganisasjon, 2012). From an initial focus on war-related safety and preparedness, industrial safety has focused on handling accidents and unwanted incidents as part of the enterprises overall work on HSE (Naringslivets sikkerhetsorganisasjon, 2012). NSO is a supervision authority with the main task to supervise and audit enterprises with a duty to establish industrial safety systems. NSO is mandated by the Ministry of Justice and Public Security based on the Civil Protection Act (Justis- og beredskapsdepartementet, 2010, §23) and the Industrial Safety Regulation (Justis- og beredskapsdepartementet, 2015). Its task is to provide an overview of enterprises with industrial safety systems, gather annual reports from the enterprises, provide training and coordinate with other HSE authorities. However, the main task is to conduct industrial safety audits of the enterprises.
Organizationally, NSO falls both under the NHO and the Ministry of Justice and Public Security. The latter follows up on the activities of the NSO through setting the frames and conditions for its activities through the Norwegian Directorate for Civil Protection (http://nso.no/om-nso). However, the NSO is run as an independent organization financed through an annual industrial safety fee established by NHO and paid by the relevant member enterprises.
NSO has two categories of audits: the so-called inspections and the audits related to large-scale accidents (Naringslivets sikkerhetsorganisasjon, 2015). The vast majority of audits (262 of 293 in 2015) are inspections (Naringslivets sikkerhetsorganisasjon, 2015). An inspection is an audit that
International Journal of Management, Knowledge and Learning
Auditing Industrial Safety Management 49
is planned ahead and systematically covers selected issues related to the enterprise, to control that the latter complies with established laws and regulations. After audits, a report is written by the auditor on the findings, including both formal non-conformities and comments on less serious issues (Naringslivets sikkerhetsorganisasjon, 2015). In 2015, approximately half of the 262 audits resulted in 291 formal non-conformities with established laws and regulations (Naringslivets sikkerhetsorganisasjon, 2015). Among these, there were non-conformities related to exercises (29%), risk assessments (15%), contingency plans (15%), and qualifications (10%).
Industrial Safety and Emergency Response
Here we present our findings from the three industrial companies in the study. We focus on four factors that are important in distinguishing between a Model 1 or Model 2 approach to safety management. These are: how internal safety procedures are established by the enterprises (participation), whether safety management is a continuous process, the level of flexibility in rules and procedures, and whether decision-making in emergency situations is centralised or de-centralised.
As noted above, it is common to distinguish between three organizational levels: strategic, tactical an operative (Canton, 2006; Engen, Kruke, Lind0e, Olsen, & Pettersen, 2016). While the strategic and tactical levels are central decision-makers in model 1, the operative level has a central role in model 2 (Hale & Borys, 2013). A prominent view among informants from all three companies was that managers on the tactical level are vital in working out written rules (A1, A2, A3, A4, B1, B2, B3, C1, C2, C3). To what extent strategic and operational levels are central in making written rules was somewhat uncertain. One informant put it as follows: 'the industrial safety manager and HSE-manager have worked on the written rules. The operative have not participated much, really. It has been done that way, as the industrial safety manager and HSE-manager have a good overview of the enterprise and know a lot about what is required' (B2). Some informants added that workers at the operational level also were welcome to share their points of view (A1, A2, B3, C1, C2). Although some informants said that strategic level was crucial in making written rules (A1, A2, A3, B1), others mentioned that strategic level generally did not contribute (A4, B2, B3, C1, C2, C3). Informant B3 noted that the strategic level was mainly included during complicated decisions. This does sound likely, in particular when decisions have wider implications (economic or organizational) for the enterprise.
According to the auditors, the ideal is that all three levels cooperate in preparing written rules (T1, T2, T3). The plans should be rooted in the toplevel management as there should be a broad agreement in the enterprise
Volume 8, Issue 1, 2019
50 Sondre L. Bjelle and Are K. Sydnes
on what the emergency response should be for. The tactical level in the enterprise should participate to be able to delegate responsibility further on, and they often have important knowledge that is crucial for the practical conduct of emergency response (T3). T2 adds that 'those that are to follow the rules should also be central in their making, that is, the operative [level].'
Safety management should be a continuous process (Stolzer et al., 2008). Plans, documents and procedures should be updated regularly through established procedures. In our cases, we find that one informant stated that safety management is a circular activity in their company (A4), while others disagreed (B1, B2, B3, C1, C2). One informant explained: 'We are usually so busy that assessments and changes are not done until we have to. Often in relation to near-accidents, accidents or audits' (B3). Three informants, all from company A, claimed that their company carried out the safety management according to the established requirements (A1, A2, A3). 'The list of unwanted incidents should be reviewed a minimum once per year and be updated in the case of changes that affect the organization and dimensioning' (Justis- og beredskapsdepartementet, 2015, §5).
Audit results found that all three companies had non-conformities related to their documentation, both in terms of their content and in keeping documents up to date. While company A struggled to prove they had updated their contingency plan within a year, the 'industrial safety' in the two enterprises B and C had no relevant contingency plan.
One respondent on the operative level argued that assessments and corrections may have been done, even if it is not visible in the contingency plan. He explained that assessments and corrections in certain situations are made orally. He also stated: 'It is seldom that we make changes to the written material, that is, contingency plans and risk assessments. Probably far too seldom. It happens that we (the operative-level) make oral assessments and changes of the industrial safety system before we start on new projects that require changes' (C2). This may be interpreted as an indication of documents not being vital for operational feasibility.
Another indication of documents being less important for the operational level is related to how apprentices are being taught. The informants appear to know the documents are located at the manager's office (A1, A2, A3, B1, B2, B3, C1, C2, C3), but documents turn out to be an insignificant source of learning among apprentices. Learning from experienced crew appears to be more common. One informant put it like this: 'Some of what is important to know about our industrial safety system is not to be found in any document. Who is good at what and how an individual performs his/her work, for example. We are supposed to operate as a team and are dependent on good cooperation' (A2).
International Journal of Management, Knowledge and Learning
Auditing Industrial Safety Management 51
Safety rules can be divided into categories based on their degree of flexibility, performance rules, process rules and goal rules (Grote, Weichbrodt, Zala-Mezo, & Künzle, 2011). In general, all informants expressed that the procedures are most formalized in the early phase after the emergency alarm has been activated (A1, A2, A3, A4, B1, B2, B3, C1, C2, C3). One informant explained that 'when the alarm sounds everyone part of the industrial safety meet at the designated site, and all the remaining employees at their designated site' (A2). The degree of flexibility increases as soon as the staff is gathered at the destined meeting-place following evacuation. 'It is not possible to plan ahead for an accident, that is why the rules and procedures have a fair amount of flexibility' (C3). From the auditors point of view, both standardization and flexibility are necessary to handle emergency situations (T1, T2, T3).
The Industrial Safety regulation of 2015 established that an on-scene-commander is to be appointed with responsibility for all emergency response personnel during incidents. All companies have assigned on-scene commanders. The informants from the companies also confirm that the on-scene commander is in charge during incidents. However, it is clear that he/she frequently delegates tasks to the operative emergency response personnel (A1, A2, A3, A4, B1, B2, B3, C1, C2). Moreover, as one informant notes, 'the operative emergency response personnel may of course make suggestions and often has to make its own assessments during an emergency' (A3). As such, there is a high degree of decentralization of decisions during incidents. The auditors agree with the informants from the companies in that decentralized control is necessary to make fast decisions (T1, T2, T3).
Structural and Operational Audits
This section examines the approach to audits that is prevailing among auditors from NSO. We will be distinguishing between the two main approaches to auditing, structural and operational audits.
All informants, both from the enterprises and the auditors, stated that NSO has a focus on various evidence during their audits. The three most important sources of audit evidence are document control, interviews with employees and managers, and inspections of the site (A3, A4, B1, B2, B3, C1, C2, C3). We also observed that the audits included all these three methods of evidence gathering, but that the time spent on each differed.
According to NSO's recommended guidelines, representatives from strategic, tactical and operational levels should all be interviewed by the auditor (Naringslivets sikkerhetsorganisasjon, n.d.). However, observations from the audits demonstrated that most of the time was spent on interviewing the strategic and tactical levels, while less time was spent on interviews
Volume 8, Issue 1, 2019
52 Sondre L. Bjelle and Are K. Sydnes
with representatives from the operational level. This observation contradicts what the auditors claimed during the interview conducted as part of the study: 'The on-scene commander together with the industrial safety manager provide a good overview of the enterprise' (T1). Another auditor adds that: 'The most important thing for me is that the enterprise actually has a sufficient capacity to ensure the emergency response personnel's [safety]. The emergency response personnel should have sufficient training and courses, good enough protective gear, enough time for exercises and so forth. When I am sure this is in place, then I can move upwards in the system and look at the more over-arching issues. My experience is that when things are in order at the operative level, they usually are in order at the tactical and strategic levels, as well' (T3). As such, there is a degree of variation in the focus the individual auditors have during audits: the operative, tactical or strategic levels of the organizations.
According to Blewett & O'Keeffe (2011), too much focus on document control might exclude important information. It was commonly held among informants from the companies that it is generally too much focused on documents during NSO-audits (A3, B1, B2, B3, C1, C2, C3). One informant explains that: 'My impression is that the auditors generally are too preoccupied with the documentation. I agree that the documents are important to establish the foundation for good industrial safety, but it is not the papers that are to save us in an emergency situation. It is after all a bit too easy to get away with presenting fancy documents that do not show are actual operative capacities' (C3). B3 agrees and adds: 'I willingly admit that we previously have presented false documentation. The most important for me is the operative capacity, not fancy documents.' An example of such incorrect documentation that had been presented during audits was contingency plans (B3, C3).
The auditor gave, to some extent, contradicting answers about whether the audits are focusing too much on documents or not. One auditor says he understands those who think the audits emphasize documents too much. 'Already before the audit has started, we ask the enterprises to send documentation' (T3). The same auditor notes that such document control is demanded by the regulations (Justis- og beredskapsdepartementet, 2015). Meanwhile, he notes that there are several positive aspects of document control. 'I would say that the documentation provides us with a cue of how things are done in the enterprise. A sort of map that shows us where the challenges are to be found' (T3). On the other hand, the other two auditors do not find NSO audits being too much about document control (T1, T2).
A key issue of audits is, of course, how non-conformities are followed up upon by the auditees (Batalden & Sydnes, 2015). A common opinion among the company informants is that non-conformities may be positive, as they
International Journal of Management, Knowledge and Learning
Auditing Industrial Safety Management 53
may assist the company to reveal weaknesses and improve their safety management (A3, A4, B1, B2, B3, C1, C2, C3). A crucial prerequisite is that the auditor is capable to identify non-conformities that are affecting the actual emergency preparedness capabilities (B2, B3, C1, C2, C3). 'My experience is that the NSO are quite reasonable in their considerations. But I have previously experienced getting non-conformities for minor details' (C3). Another informant disagrees with the auditors' conclusion and claimed that: 'I think non-conformities can be positive. But it was clear that the auditor during this audit was aiming to make money when he was trying hard to sell NSO courses as a consequence of the audit results' (A4).
NSO presented their annual evaluation of non-conformities statistics in the Conference on Industrial Safety 2016. Of 209 audits conducted from 1/1/2016 to 20/11/2016, 47 (22.5%) did not result in non-conformities. Informants from NSO explained that the number was relatively low, and even lower than earlier years. 'It is positive that we do not find nonconformities. I would not say that it is a sign that we are incapable of detecting non-conformities. There are certainly enterprises that do not get nonconformities that have everything in order. However, zero non-conformities does not imply that one can relax. We have seen enterprises that have gone from good results to bad results in a short period of time' (T1).
The auditors (T1-T3) expressed that NSO has substantial procedures for following up non-conformities. One auditor tells that: 'We follow up on non-conformities by giving the companies a deadline to submit documentation on suggested corrective actions to resolve the problem. Thereafter, we consider if the solution is good enough. In serious cases, we return for a follow-up audit within one year' (T1). Several informants from all three companies expressed that non-conformities are prioritized in their company, and that they are willing to use resources to make improvements (A4, B1, B2, B3, C3). One informant stated that: 'For us it is important to close nonconformities in a good way. We will work systematically to find appropriate solutions to the non-conformities we got today. We choose to believe that NSO point at non-conformities that are of importance to our safety, and therefore we will do a good job' (A4). However, some informants noted that non-conformities remained unresolved between audits (three years ago), and therefore disagreed in that non-conformities were being prioritized in their company (C1, C2).
Discussion Safety Management
The first issue to be addressed in this study was how industrial safety rules were established by the enterprises. In particular, at what level, differentiating between strategic, tactical and operational levels. In all cases, it was
Volume 8, Issue 1, 2019
54 Sondre L. Bjelle and Are K. Sydnes
clear that the tactical level was central in this process through the industrial safety manager who was responsible for formalizing rules and contingency plans (company A). This is natural as they commonly are tasks assigned to such positions. The question is to what extent the strategic and operational levels in the organizations also contribute in the making of safety rules. It was clear that workers at the operational level provided inputs to the industrial safety manager in the making of safety rules. There were more diverging practices regarding the role of the strategic levels in the organizations in this regard. It was noted that the strategic level (boards and directors) mainly participated in decisions with a certain degree of complexity (B3). Previous studies have also noted the limited role of strategic levels in safety management (Batalden & Sydnes, 2015). Safety management is too often the domain of safety managers with low involvement from the strategic level. This is serious as leadership involvement is a key factor in effective safety management (Kim & Gausdal, 2017). Also, according to Model 1 it is critical that safety management is established and rooted in the higher levels of the organization.
In terms of industrial safety being a continuous process, it is worth noting that enterprises B and C did not have a contingency plan for industrial safety. Enterprise A had a contingency plan that was not updated yearly, as required, and lacked in detail. In general, informants were clear that safety documentation was not a continuous process. Though the strategic level at enterprise A (A4) claimed that they worked continuously on safety documentation, it was registered as a non-conformity during the observed audit.
Though formal safety management is not a continuous process in a formal sense, it is clear that safety work is ongoing in the enterprises. At the operational level, workers are assessing work-situations and changing procedures informally (A1, A2, C1). However, this is not always formalized and documented in the safety management system, but remains as informal practices at the operational level. This is also evident in the training of new employees, which is done by the experienced crew-members, rather than by established procedures based on written documentation and such. The standardized procedures for industrial safety in the companies covered evacuation and establishing meeting points. Beyond this initial phase, emergency response is based on a high degree of flexibility. Roles, responsibilities and equipment were not defined by procedures according to the Industrial Safety Regulation (Justis- og beredskapsdepartementet, 2015, §7). According to auditors, there used to be a higher degree of formalized procedures, but this turned out not to function in practice (T1, T2, T3). The reasoning was that it is impossible to plan for the eventualities of a crisis and that a high degree of flexibility thereby is preferable (T3). This
International Journal of Management, Knowledge and Learning
Auditing Industrial Safety Management 55
is clearly in line with a Model 2 approach, arguing that prescriptive rules alone do not ensure higher levels of safety (Hale & Borys, 2013). This is further emphasized by the fact that, though the on-scene-commanders are in charge during incidents, they commonly delegate responsibility to the operational emergency response personnel. As such, it reflects a pattern of de-centralized decision-making in the industrial safety. In finding the appropriate balance between standardization and flexibility (Grote et al., 2009), the companies studied here generally land on the side of flexibility.
This leads to a situation where the informants claim that they feel 'prepared,' though there is no contingency plan (Companies B and C), or it is not updated (Company A). As demonstrated above, knowledge and experience located at operational level is valued higher than formal contingency plans, rules and documentation (the domain of tactical and strategic level) as a basis for industrial safety. This is clearly in line with a Model 2 to safety management (Hale & Borys, 2013). As such, the formal documentation and contingency plans do not provide an adequate representation of industrial safety practices at the company level. This is problematic in many ways and is a continuous debate in the safety literature (Hale & Borys, 2013; Blewett & O'Keeffe, 2011; Batalden & Sydnes, 2015). However, as regards this study, it provides specific challenges in terms of auditing the performance of industrial safety.
Auditing
This brings us to the second main topic of this study: how audits of industrial safety are conducted. We have initially distinguished between structural and operational audits (Costella et al., 2009). The first focus on whether the documentation of the emergency response and related activities meet with the criteria established by the Industrial Safety Act. The second also includes interviews and observationswith a main focus on whether safety rules and routines are implemented in practice. It is evident that the NSO audits of industrial safety are based on multiple sources of audit evidence: documentation, interviews and inspections. Live exercises are, on the other hand, not conducted during audits. It is clear that the NSO audits have characteristics of both structural and operational audits.
The relative significance given to different sources of evidence and how they are gathered are of specific interest to this study. The basis for all audits were the documents submitted by the companies to NSO during the preparation phase. This is the common approach in all auditing and provides the starting point prior to the actual audits (Kjellen & Albrechtsen, 2017).
During the audit interviews that were observed with the companies in this study, the main focus was on the representatives of the strategic and tac-
Volume 8, Issue 1, 2019
56 Sondre L. Bjelle and Are K. Sydnes
Model 1	<	Structural audit
Figure 2
The Practice of Auditing	Model 2	- Operational audit
Safety Management
tical levels of the companies. The representatives at the operational level were less active and involved during the interviews. Moreover, the main focus during the interviews was on the formal documentation rather than on operative safety practices. As such, discussions centered on the documentation and formal system, rather than on its implementation and effectiveness in practice. This focus on formal rather than operational aspects of safety echoes the findings of previous studies of auditing in a variety of sectors (Hohnen & Hasle, 2011; Blewett & O'Keeffe, 2011; Batalden & Sydnes, 2015).
However, the auditors in this study (T1-T3) presented different approaches to gathering data and involving the operative, tactical and strategic levels of organizations. This in itself is a discussion within auditing, where issues related to the clarity of audit criteria versus the individual discretion and competencies of auditors is central (Tacket et al., 2004; Karapetrovic & Willborn, 2000; Beckmerhagen, Berg, Karapetrovic, & Willborn, 2004; Blewett & O'Keeffe, 2011; Batalden & Sydnes, 2015).
When it comes to how companies handle non-conformities, there are several contradictions. On the one hand, non-conformities seem generally to be considered seriously and followed up on by the companies, though there are some exceptions. On the other hand, it is clear that two of the companies have provided auditors with false documentation to avoid nonconformities during audits (B3, C3). This is not surprising in that it has been demonstrated that organizations apply a variety of strategies to both avoid and close non-conformities found in audits (Blewett & O'Keeffe, 2011; Batalden & Sydnes, 2015).
In this study, we have found that the companies analyzed largely abide by a Model 2 approach to safety management. Knowledge and experience at the operational level is considered more important than formalizing safety management through contingency plans and regulations. With the exception of the evacuation phase, the degree of formalization during emergency response is very low. In practice, safety management relies on decisions and adaptations made at the operational level, both when planning new projects or during exercises/emergencies.
The NSO audits of industrial safety are based on a variety of audit evi-
International Journal of Management, Knowledge and Learning
Auditing Industrial Safety Management 57
dence. However, they predominantly are structural audits, based on formal documentation and procedures.
It has been acknowledged that auditing model 2 organizations is complex (Hale & Borys, 2013). This is, of course, made worse when the audits focus on gathering evidence based on formal documentation and top-down procedures (Model 1) and when the companies largely rely on operational experience and knowledge following a bottom-up Model approach.
The findings from this study feed directly into the ongoing debates on both safety management and auditing. It addresses the overall 'fit' between the auditees' safety management systems and the auditors' approaches to provide efficient control of their operations. In a time where public regulation largely is based on self-regulatory-, meta- or smart- approaches, rather than command and control, these issues are crucial in ensuring the public good. From the company perspective, the findings imply that there is limited learning to be done on the basis of the NSO audits, as the audits to a limited degree focus on where the companies important safety work takes place -at the operative level. This may over time influence safety performance.
References
Abrahamsen, E. B., Aven, T., Vinnem, J. E., & Wiencke, H. S. (2004). Safety management and the use of expected values. Risk, Decision and Policy, 9, 347-357.
Baldwin, R., Cave, M., & Lodge, M. (2010). The Oxford handbook of regulation. Cambridge, England: Oxford University Press.
Batalden, B.-M., & Sydnes, A. K. (2015). Auditing in the maritime industry: A case study of the offshore support vessel segment. Safety Science Monitor, 19(1), Article 3.
Beckmerhagen, I. A., Berg, H. P, Karapetrovic, S. V., & Willborn, W. O. (2004). On the effectiveness of quality management system audits. TQM Magazine, 16(1), 14-25.
Blewett, V., & O 'Keeffe, V. (2011). Weighing the pig never made it heavier: Auditing OHS, social auditing as verification of process in Australia. Safety Science, 49(7), 1014-1021.
Bryman, A. (2008). Social research methods (3rd ed.) New York, NY: Oxford University Press.
Canton, L. G. (2006). Emergency management: Concepts and strategies for effective programs. Hoboken, NJ: Wiley.
Costella, M. F., Saurin, T. A., & Guimaraes, L. B. M. (2009). A method for assessing health and safety management systems from the resilience engineering perspective. Safety Science, 47(8), 1056-1067.
Dekker, S. (2005). Ten questions about human error: A new view of human factors and system safety. Mahwah, NJ: Lawrence Erlbaum Associates.
Engen, O. A., Kruke, B. I., Lind0e, P H., Olsen, O. E., & Pettersen, K. A. (2016) Perspektiver pá samfunnssikkerhet. Oslo, Norway: Cappelen Damm.
Volume 8, Issue 1, 2019
58 Sondre L. Bjelle and Are K. Sydnes
Gilad, S. (2010). It runs in the family: Meta-regulation and its siblings. Regulation & Governance, 4(4), 485-506.
Grote, G. (2012). Safety management in different high-risk domains: All the same? Safety Science, 50(10), 1983-1992.
Grote, G., Weichbrodt, J., Zala-Mezo, E., & Künzle, B. (2009). Coordination in high-risk organizations: The need for flexible routines. Cognition Technology and Work, 11(1), 17-27.
Hale, A., & Borys, D. (2013). Working to rule, or working safely? Part 1: A state of the art review. Safety Science, 55(1), 207-221.
Hohnen, P, & Hasle, P (2011). Making work environment auditable: A 'critical case' study of certified occupational health and safety management systems in Denmark. Safety Science, 49(7), 1022-1029.
Hovden, S. T. (2012). Kriseberedskap (2nd ed.). Stavanger, Noeway: Bokstav.
International Standard Organization. (2011). ISO 19011:2011: Guidelines for auditing management systems. Geneva, Switzerland: Author.
Karapetrovic, S., & Willborn, W. (2000). Quality assurance and effectiveness of audit systems. International Journal of Quality & Reliability Management, 17(6), 679-703.
Kim, T., Gausdal, A. H. (2017). Leading for safety: A weighted safety leadership model in shipping. Reliability Engineering & System Safety, 165, 458-466.
Kjellen, U., & Albrechtsen, E. (2017) Prevention of accidents and unwanted occurrences: Theory, methods, and tools in safety management (2nd ed.) Boca Raton, FL: CRC Press.
Kongsvik, T. (2013). Sikkerhet i organisasjoner. Oslo, Norway: Akademika for-lag.
McDonald, N., Corrigan, S., Daly, C., Cromie, S. (2000). Safety management systems and safety culture in aircraft maintenance organisations. Safety Science 34(1-3), 151-176.
Justis- og beredskapsdepartementet. (2010). Lov om kommunal beredskap-splikt, sivile beskyttelsestiltak og Sivilforsvaret (L0V-2010-06-25-45). Oslo, Norway: Author.
Justis- og beredskapsdepartementet. (2015). Forskrift om industrivern (FOR-2011-12-20-1434). Oslo, Norway: Author.
Naringslivets sikkerhetsorganisasjon. (2012). Naringslivets sikkerheitsorgan-isasjon Ársrapport. Oslo, Norway: Author.
Naringslivets sikkerhetsorganisasjon. (2015). Naringslivets sikkerhetsorganisasjon Ársrapport. Oslo, Norway: Author.
Naringslivets sikkerhetsorganisasjon. (2017). Industrivern - en kort introduk-sjon. Oslo, Norway: Author.
Naringslivets sikkerhetsorganisasjon. (N. d.). Forslag til gjennomforing av tilsyn. Oslo, Norway: Author.
Power, M. (2000). The audit society: Second thoughts. International Journal of Auditing, 4, 111-119.
Power, M. (2003). Evaluating the audit explosion. Law & Policy, 25(3), 185202.
International Journal of Management, Knowledge and Learning
Auditing Industrial Safety Management 59
Reason, J. (1997). Managing the risk of organizational accident. Farnham, England: Ashgate.
Stolzer, A. J., Halford, C. D., & Goglia, J. J. (2008). Safety management systems in aviation. New York, NY: Ashgate. Tackett, J., Wolf, F., Claypool, G. (2004). Sarbanes-Oxley and audit failure: A
critical examination. Managerial Auditing Journal, 19(3), 340-350. Yin, R. K. (2003). Case study research: Design and methods (3rd ed.). Thousand Oaks, CA: Sage.
Sondre L. Bjelle is an advisor on civil protection at the County Governor of Vestland, Norway. His work includes a focus on emergency preparedness and auditing. He holds a master in societal security from UiT the Arctic University of Norway. fmsfslb@fylkesmannen.no
Are K. Sydnes is a professor in societal security at UiT The Arctic University of Norway. He has published numerous articles and conference papers on topics within safety management and emergency response. are.sydnes@uit.no
This paper is published under the terms of the Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License (http://creativecommons.org/licenses/by-nc-nd/4.0/).
Volume 8, Issue 1, 2019