Safety Basics X: Unpacking the Process of Effective Workplace Safety Self-Audits

Announcer: Welcome to the Ogletree Deakins podcast, where we provide listeners with brief discussions about important workplace legal issues. Our podcasts are for informational purposes only and should not be construed as legal advice. You can subscribe through your favorite podcast service. Please consider rating this podcast so we can get your feedback and improve our programs. Please enjoy the podcast.

John Surma: Welcome back to the 10th in our Safety Basics series. This episode of our Safety Basics series is on workplace safety audits. My name is John Surma. I’m an Ogletree Deakins shareholder resident in the Houston office. With me today, I have Robert Rodriguez. Robert, would you go ahead and introduce yourself to our audience?

Robert Rodriguez: Yeah, thanks so much, John. I’m Robert Rodriguez. I’m a shareholder in the Sacramento, California office of Ogletree Deakins, and my practice focuses almost exclusively on OSHA and workplace safety matters. And I generally cover the West Coast from Arizona all the way up through Washington, including California and Nevada, Oregon. And I’m really excited to be here with John to discuss this topic today.

John Surma: And Robert, we’re very happy that you joined us. Very happy that you presented a webinar on this. First and foremost, for our audience, we probably ought to give them kind of an expectation or a definition of what we’re talking about when we’re talking about workplace safety audits. So, if you wouldn’t mind indulging me and the audience, would you kind of define that term for us?

Robert Rodriguez: Yeah, yeah. As you mentioned, we’re here to talk about workplace safety self-audits, and generally what this is, it’s going to be a proactive assessment that employers conduct. And what we’re looking for here is to evaluate its workplace safety and health practices, policies and procedures. So, we’re looking at kind of where the rubber meets the road, how we’re doing in our workplace safety arena, either at a work site or organization-wide. But looking at those practices. Now, kind of specifically we’re talking about today, John, is going to be self-audits. So, it’s not going to be something that’s required by law or statute or regulation. This is going to be something where an employer proactively decides to do this investigation or audit of their workplace safety practices.

John Surma: And by self-audit, Robert, I’m assuming you’re not necessarily, or we’re not necessarily limiting it to something that’s done by the employer’s own staff. It could be something that’s done with third-party consultants or advisors involved as well. Is that a fair assumption?

Robert Rodriguez: Yeah, definitely. And I think that’s a great point to bring up is when we’re undertaking these self-audits, we want to be cognizant of who we’re going to have on the self-audit team. And it doesn’t necessarily mean it has to be company personnel only. Generally, you will want company personnel on there. They’re going to be the subject matter experts about what policies and procedures we have, what practices we have, maybe what gaps we’ve already identified in our safety programs. But a lot of times, I do see, in my experience, an external consultant is very valuable in kind of two reasons. Number one, these expert consultants or outside consultants can provide technical expertise needed to identify hazards that the company personnel may miss.
So, something very specialized, like maybe a PSM or a lockout tagout, you might want to bring an expert in on that. Second is, if you only have company personnel, sometimes we do have this unconscious bias of maybe missing stuff or having blinders on. When you have an outside consultant come in, it could be a really, really good opportunity to have somebody who doesn’t know your practices come in with an unbiased opinion and give you an unvarnished opinion about where there may be gaps and where there may be very great areas, as well.

John Surma: Yeah, no, you’re describing the concept that I refer to as the equivalent of nose blindness. For those of us that have watched one of the air freshener commercials where you kind of lose sight of the smell that’s in the house because you live with it all the time, and somebody outside the house comes into it, and they notice an odor that you’ve gone nose blind to. And I think that’s absolutely spot on, Robert. So, before we get too bogged down into television commercials and advertisements for air fresheners, let’s shift gears just a little bit to talk about the purpose of performing a workplace safety audit.

Robert Rodriguez: There’s a number of reasons we want to conduct these safety audits. Number one, we want to identify potential hazards before they result in accidents or injuries. So, seeing where there may be gaps in preventing any kind of injury or incident is always a positive. Second, we’re going to help ensure compliance with applicable safety laws and standards. So, during this audit, we’re going to uncover information about our programs, our written programs, and then also kind of where the rubber meets the road, on the ground, what is actually happening between that written plan and what folks are doing on the ground. So, making sure that we’re compliant with all applicable regulations.
Third, I’ve seen this a lot; these audits can improve your workplace safety culture and morale overall. A lot of times when frontline workers see management or employers doing these audits, drilling down, finding out where the rubber meets the road, what the workplace safety practices are, it really does mean a lot to them that, “Hey, they actually care about us, and they want to make sure that we’re in a safe environment.” And then it also includes reducing risks and liabilities associated with workplace incidents. If we are able to demonstrate that we’re doing our due diligence in good faith, trying to find issues that could reduce liability down the road for these incidents. And so, I think those are the main reasons why we want to do these.

John Surma: No, I think those are all good points, Robert, and I appreciate your thoughts on that. Shifting gears just a little bit into the mechanics or the structure of the workplace safety audit, is there any specific requirement for how an employer does these, or are there specific steps that an employer should go through when performing a workplace safety audit?

Robert Rodriguez: Generally, what this is going to involve it’s going to be reviewing documentation policies, inspecting facilities and equipment, interviewing employees, and then analyzing data on incidents or near misses. So, that’s kind of the information we definitely want to gather. In terms of structuring it, we want to make sure that employers are right-sizing this audit, because we want to make sure that you’re not taking on too much. Because one of the most important, at least for me, one of the most important keys is once you find a gap in this audit, you want to make sure you have the resources to address it immediately. So, you don’t want to bite off more than you can chew. You want to make sure that if you do identify it, you’re able to deploy resources and deploy manpower to address that gap.
And so, it’s very important that you set out the scope from the beginning. And I’ve seen in my practice, some employers want to do an organization-wide audit where we’re going to look at everything, we’re going to look at every safety policy over the course of six months, and we’re going to identify gaps. Again, you may have a big checklist of things you have to accomplish once that happens, or I’ve seen smaller employers say, “Look, we think we might have a problem with our lockout tagout program. Let’s focus on that small piece right now, and that way we make sure we have enough resources to bring to bear if we do find something wrong with our lockout tagout program.”

John Surma: Thank you, Robert. I think those are all excellent points. I guess let me ask the question a little bit differently. From the standpoint of the scope and breadth of the self-audit, generally speaking, if this is a voluntary process, I’m assuming there’s no mandate that it be a certain size or a certain configuration, but that, to kind of use your terms for it’s a good idea that the employer rightsize it and not get too ambitious, not get too aggressive so that they don’t end up with more than they can handle going forward. Is that kind of a fair summary?

Robert Rodriguez: Yeah, generally that’s right. Like I said, there’s no, this is a self-audit that’s not required by law. This is where an employer is voluntarily undertaking something to identify maybe an issue or a problem. But yes, that’s definitely a fair assessment. We want to rightsize it to make sure that we’re not taking on too much.

John Surma: And obviously, beyond not taking on too much and not creating a list of 1,000 findings that are going to take three years to work through and cause all kinds of headaches going forward if the employer doesn’t have them addressed appropriately. Are there other things during a self-audit that an employer should consider doing? Or let me rephrase that, that the employer should consider avoiding?

Robert Rodriguez: Yeah, I definitely think that employers should consider avoiding in terms of their findings, we want to involve the audit team, but we don’t want to have too many folks involved in the audit team. Meaning, we want to make sure that we’re having our documents and communications around the audit kind of right size to the group that should be involved in it. So, we want to make sure we’re protecting confidentiality during it. That means if we’re going to create documents or notes or things of that nature, have one centralized location, like perhaps a Dropbox that’s only accessible by the audit team about where we’re going to put these things, have one repository.
And I think we covered this a little bit, but I do want to make sure that your audience understands that we commit to a prompt response. If we identify something in the audit from the beginning, employers should consider committing to a prompt response that we’re going to address this and not let it linger if we do find something. And then some best practices also is document your response. So, when you do identify an issue or a gap, let’s put down on paper what that gap is and what we’re doing, the specific steps to address that issue.

John Surma: And Robert, you kind of raised two things here that I want to talk to you about, but I want to kind of take them in order. One of them is, and you’ve kind of addressed this already, and so I apologize that this is a little bit duplicative, but I think it bears some additional attention from the standpoint of findings, is an employer, when it’s a voluntary self-audit, is an employer obligated to act on all of the findings?

Robert Rodriguez: Employers should consider giving the appropriate gravity to each of the findings of the audit. And obviously resources can be limited. We want to address those issues in order of gravity of their risk to folks on the ground. So, that’s my take on it.

John Surma: Yeah, I know, and I generally agree, and this kind of leads to the next area that I wanted to talk to you about. You had mentioned the confidentiality and the privilege, and the reason that we have concerns about confidentiality and privilege in these contexts is to the extent that it takes a certain amount of time to implement solutions, or if we ultimately determine that something that’s been identified is a lower priority than more urgent things and something happens negatively that ultimately could result in litigation or an OSHA citation, we want to be able to protect the product with privilege to the extent that we can. And so, I really wanted to talk to you about the concept of these audits being privileged and whether they are considered privileged and, therefore, not subject to being produced to adverse parties, whether they be OSHA folks or private litigants.

Robert Rodriguez: And I think that’s a great point because when we undertake, or when employers undertake these self-audits and decide that, “Hey, we’re going to put our programs under a microscope.” There may be instances where an employer doesn’t want to turn that over to an adverse party such as OSHA or maybe in a civil lawsuit to a plaintiff. And so, we want to be mindful of what we’re doing to protect the confidentiality of the findings of the audit and the details of the audit. A couple of different things to unpack, I’d kind of like to talk about the OSHA’s voluntary self-audit policy first. And that would be protecting it from disclosure to OSHA. And so, there is a fed OSHA policy that was promulgated in the year 2000, and it has to do with these voluntary self-audits. And the thought behind it was OSHA wanted to encourage these voluntary audits while addressing employer concerns about using audit information against employers.
And basically, what that means is employers would be disincentivized to actually conduct these audits if OSHA just came in, asked for any self-audit, and then used that as a roadmap to issue citations or enforce regulations against the employer. One thing I do like to highlight is that this OSHA protection of self-audits is just a policy, it’s not actually a regulation. There is really kind of no force of law at this time behind it. It’s more of a guidance for fed OSHA about how they’re going to treat this. Now the policy kind of generally states that OSHA generally will not routinely request self-audit reports at the initiation of an inspection. Now, one problematic term in there is routinely. What does routine mean? Unfortunately, there hasn’t been a lot of litigation or case law around this, but just highlighting the fact that OSHA says they routinely will not. And so, there is a lot of gray area about what routine means versus not routine.
OSHA can also obtain relevant portions of the self-audit if there’s an independent basis to believe a hazard exists. So, for example, if they believe already that there’s maybe a lockout tagout issue, maybe based on an employee complaint or observation when they’re on-site, they may be able to request any kind of audits or reports related to that about lockout tagout. Generally, the policy states that OSHA will not also issue citations for corrected conditions discovered through voluntary self-audits. And that only applies if you find something during the audit and then you correct it before OSHA comes in there. Generally, OSHA will not, their policy says that they will not cite you for that, but this is where kind of documentation is very, very key. We want to make sure that if we’re correcting something on the audit, a finding, that we document what we did. That way if OSHA does show up, we’re able to show them, “Look, we found this, we corrected it immediately and therefore under your policy you shouldn’t take any kind of enforcement.” That’s generally kind of the OSHA piece of it. You have any questions on that, John, or observations?

John Surma: Well, there was something that I thought was important to bring to the attention of our audience. You kind of did it in a subtle way, but your repeated reference to federal OSHA, I think is a critical distinction to make to folks, in as much as there are 22 states that have a pure state OSHA plan, and this policy provision does not apply to those states. And so, if you’re in a state plan state such as the West Coast of this country that you cover, advice may vary, I guess is probably the best way to describe that. Is that a fair statement?

Robert Rodriguez: Very fair statement, yeah. For example, in California, there’s no equivalent to this fed OSHA self-audit policy. And I think that’s a good segue into the next area of what employers may want to consider doing to try to protect these findings. So, if you’re in a state plan state, as John mentioned, this would not apply to you because it is a fed OSHA policy. So, one way that we can protect audit findings or self-audit findings is through the attorney-client privilege. And I have a lot of experience with this, leading audits and inspections and investigations and using external consultants.
And the number one key about this is generally for attorney-client privilege to shield these audit findings or audit reports or audit data from disclosure is that the attorney’s got to be pretty heavily involved. Generally, the audit’s got to be at the direction of an attorney and not just, I’ve seen this a lot, I don’t know if you’ve seen this, John, where folks will kind of just either copy an internal counsel or an external counsel on communications, not really loop the attorney in and kind of automatically assume that because we copied our attorney, this is now privileged. Have you ever run into that issue?

John Surma: Oh yeah, all the time. And that’s one of those things where I’d add to that, the attorney really needs to be part of your team that’s engaged in the audit process, not just a remote recipient of documents that’s periodically chiming in that they’ve received the documents.

Robert Rodriguez: Yeah, and not to get too far in the weeds, but you generally the attorney-client privilege, the purpose behind it is the courts and legislatures have decided, hey, we want to protect confidential communications between attorneys and clients because we want to make sure that attorneys can get the correct information they need to provide legal advice to their clients. And if this wasn’t the case, then maybe an attorney wouldn’t get the correct story, wouldn’t get the information he or she needs to provide that advice. So, in order for the privilege to apply, as John mentioned, legal counsel has to be heavily involved. And, generally, in my experience, it’s best if the attorney, whether that be your internal counsel or an external counsel actually leads the audit and at least by directing the audit, being performed, reviewing the audit findings and recommendations and adding legal conclusions and advice to the audit report.
That way we are kind of wrapping this in a legal package where this audit is designed for the attorney to be able to provide advice to the client about potentially OSHA compliance or potential civil suits. And so that’s going to be a best practice for employers to do is to make sure that we have an attorney directing and leading this. And there is a lot of case law, and obviously, we won’t get too far in the weeds, but there has been protections where not only the communications to the attorney, but actually audit notes, audit interviews, audit data, things generated during the audit that were at the direction of an attorney can also be shielded potentially by this attorney-client privilege.
And what I’ve been doing quite a bit recently, I would say probably at least five to six of the last few months is I’ll have a client come to me with a very discreet issue saying, “Hey, we’ve had some employee complaints about the smell of chlorine in our food processing plant. Can you lead an investigation into this?” Or, “We’ve had employee complaints about lockout tagout, can you lead an investigation into this?” And what I’ve generally done, and I’ve had a lot of success is we as the external counsel, will retain an expert that comes in order to gather facts and data to give me information to provide legal advice to the client. And so, it works out really good because it does kind of set up a bulletproof attorney-client privilege investigation when a lawyer actually retains the expert as opposed to the company retaining the expert.

John Surma: So, Robert, we’ve spent a fair amount of time during this podcast talking about some tips and techniques that employers might want to consider with respect to workplace safety audits. We’ve also talked a little bit about the benefits of a safety audit and how to keep a safety audit privileged. Are there any reasons we would not want to do a self-workplace safety audit?

Robert Rodriguez: Yeah, that’s a great question. And there are a few instances that employers may want to consider when deciding whether or not they want to undertake a voluntary health and safety audit. I would say number one, we covered this a little bit earlier, but just that if you’ve got limited resources to address potential problems that may come up during an audit, we want to make sure we rightsize it. And so, if you don’t have the ability, or the employer thinks they don’t have the ability, to address some of the issues that may be found, they may want to consider holding off on an audit in that situation. I would say number two, in my mind, audits are generally designed to kind of fine-tune workplace safety policies and practices, find potential gaps. If you’ve got a situation where you, the safety culture is just out of control, or maybe you have multiple serious injuries, you may want to consider holding off on that audit and just address kind of the low-hanging fruit or the problems that you see immediately.
If, for example, if you have multiple lockout tagout issues, where you’ve got serious injuries from them, probably just want to hold off on doing an audit and just address immediately what the problems are and find out kind of what the disconnect is. And number three, I’ve recently had a few clients that are kind of in the startup mode where they are in a hazardous industry, and they are looking to build their safety program. In that situation, you’re not so much auditing, you’re really just kind of building a safety program from the ground up. So, in that situation you want to just get all your policies in place, get everything going, and then may consider an audit down the road at some point.

John Surma: I think those are all great points, Robert, I really appreciate it. I really appreciate you spending some time going through this podcast with me and offering this to our audience. In closing, do you have any thoughts or tips relating to workplace self-audits that employers might want to give some consideration to?

Robert Rodriguez: And not to belabor the point, but just the fact that OSHA’s self-audit policy is only that, a policy and also doesn’t apply to the significant number of state plans. Employers may want to consider how early they’re going to get an attorney involved in a self-audit. And I don’t think this applies to just a self-audit, but for example, in California, under the Cal/OSHA regulations, you’ve got to investigate any kind of workplace injuries or incidents. And so, I’ve had a number of clients where they don’t involve an attorney immediately, and so unfortunately, part of their initial investigation is not privileged at that time. And then, if I come in after the fact, that there will be a portion of it. But I would say just really consider if we’re undertaking a self-audit or an investigation into an injury, how early do we want to get that attorney involved?

John Surma: No, I think that’s a great point Robert, and again, I thank you for joining us on this, our 10th in the Safety Basic series of podcasts, and hope you have a great day, and I thank our audience for joining us.

Robert Rodriguez: Thanks so much for having me, John. I appreciate it.

Announcer: Thank you for joining us on the Ogletree Deakins podcast. You can subscribe to our podcast on Apple podcasts or through your favorite podcast service. Please consider rating and reviewing so that we may continue to provide the content that covers your needs. And remember, the information in this podcast is for informational purposes only and is not to be construed as legal advice.