Depends really who is doing the auditing....e.g. finance, MHRA, HSE etc My view for company process would be that System Audit looks more at how your business procedures and process fit and how you comply with that internally. The Compliance Audit is one for compliance with the regulations. This should match your legislation register. There should be a place for both and I do both currently - legislative compliance (a la ISO14001 OHSAS 18001) and business process.

Compliance, i.e. does the organisation comply with what is required of it by regulations, is not always possible. For example, how does an employer demonstrate compliance when there are no standards or limits that apply? This is actually what I have to deal with all the time. When considering the potential for damage to health due to workplace skin exposure there are no exposure limits or other standards. I am often asked by a client whether I consider them compliant. The only answer I can give is that I cannot do this. In effect, provided that there is no case of skin related damage to health then they could well be compliant. What happens should there be such a case? Is it an exception which they could not have anticipated or can it be shown that their risk assessment and management system has failed to identify a potential cause? The best that I believe is possible is to ensure that what they have in place represents best practice in what is a rapidly changing environment. Chris

I carry out compliance audits and inspections. Being an ex inspector this is quite easy. I audit our company against our company policy and procedures as well as against H&S regulations. The minimum standard is H&S legislation. I don't carry out system audits as I lack the relevant qualification. Our lead auditor does this and we are audited against ISO 45001 (previously OHSAS 18001) - International H&S management system