To manage risk, the likely causes must first be determined. With this insight, controls can be developed that prevent adverse effects. But how do we know that the controls are effective and not just providing a false sense of security?
By conducting audits you will discover whether your organization is really doing what it says it is doing. Auditing is a practical tool that provides assurance of control effectiveness. Audits can be scheduled on a recurring basis, as an integral part of your safety management system, or whenever you need to make an informed decision.
Through auditing the organization becomes a learning organization that addresses risk with a preventive and proactive mindset. Insight from audits can be used to adjust controls before a risk event occurs, thereby keeping the organization on track to achieve its objectives. Like the output of any risk assessment, audit insight can also be used to define a risk based approach for your organization, so that resources can be used in the most efficient manner.