The COR audit is a voluntary standard. Achieving COR certification indicates that a company’s Health and Safety Management System (HSMS) is functioning at a level sufficient to pass the COR audit. Typically, certification also indicates that a company’s HSMS is functioning above the minimum level required by either the Workers Compensation Act and Occupational Health and Safety Regulation or the Canada Labour Code Part II and Canada Occupational Health and Safety Regulations. For ease of use, let’s call those two Acts and two Regulations “Laws”.
COR certification doesn’t guarantee or certify that a company has achieved full compliance with the Laws. This is an important distinction.
The COR audit is not a compliance audit, it is mainly a process and systems audit. A company’s HSMS can be lacking some of the specific, legally required details, and still pass the COR audit.
Here is a guideline from the Personal Protective Equipment section of the TSCBC COR audit:
Review documentation to determine if PPE control measures have been identified for the health & safety hazards based on the hazard recognition and control process. If yes, award 10 points.
Indirectly, that guideline seeks to determine if the company has identified all hazards and identified all PPE to be used as controls for hazards that have been ranked as being most effectively controlled by PPE.
This is a systems/process question. It relies on the results from the company’s hazard recognition process in combination with their PPE program.
To verify this guideline, the auditor makes an assumption that the company has identified all hazards needing PPE controls. If the company hasn’t identified all of the hazards, they might not be compliant regarding PPE. They could still achieve 100% on the COR guideline though. They just need to have PPE controls for all of the identified hazards in their hazard inventory that could be reasonably controlled by PPE.
Auditors, especially external auditors, don’t know every last hazard at any particular company. They rely on their knowledge and expertise as to what would be reasonable for any particular company. In this case, they would mainly rely on the hazard assessment inventory developed by the company.
That is only one example. There are many other guidelines with a similar structure. Some guidelines have example lists. The lists are meant to help the auditor determine what would be reasonable or what the minimum requirements should be. They are not exhaustive lists aimed at every possible compliance item required by law.
In the end it comes down to the company ensuring it is compliant and duly diligent. The Act and Regulation are the required legal standards while the COR audit is a voluntary standard and a measuring tool. The COR audit will help identify HSMS issues but can’t be used to determine absolute legal compliance.
For more information about the COR program please visit our website.
Reprinted December, 2015