A beginner's guide to health and safety auditing

In this resource

• What OSH auditing is and why it matters
• The main purpose of OSH audits
• Key activities involved in an audit
• How audit findings are categorised

What is OSH auditing? 

OSH auditing is a systematic way of checking that OSH processes are working properly. By looking at the safety procedures, actions, equipment, training and legal compliance, the audit results should show what is and what is not working, so accidents and health problems do not occur.

An OSH audit aims to find whether:

• safety policies and procedures are being followed 
• the right safety controls are in place 
• your OSH management system is protecting workers 
• where the gaps are that leave people unprotected.

The key purposes of auditing 

Audits aren’t just for OSH. Financial audits, IT audits, payroll audits and others all exist for the same reasons.

Audits help organisations:

• find weaknesses before they cause accidents  
• check compliance with legal requirements and company standards  
• improve safety systems based on evidence  
• provide assurance to senior management that OSH is being managed properly 
• track progress in OSH performance over time

What does an audit involve?

An audit could be either internal (completed by in-house staff) or external (performed by auditors from outside the organisation).

Activities included in an audit include:

• planning and deciding the depth and extent of the review and what will be checked, e.g. audit of the entire facility or just one section 
• documentation review to understand safety policies, risk assessments, training records, and compliance documents
• workplace inspection to physically check the work environment for hazards and observe how tasks are carried out
• interviews with workers to understand how safety is practiced from day to day
• compliance checks to compare what is happening against legal requirements, as well as against the company's policies
• identify gaps where safety measures may be missing or not implemented correctly
• reports and recommendations to summarise the findings and suggests improvements to reduce risk and close legal gaps
• develop an action plan with dates to address all audit findings.

Understanding audit findings

Auditors look at all aspects of an organisation's OSH management, and report on the positive and negative findings. Reports may contain:

Positive feedback

Highlighting good practices they've seen. Examples might include:

• well-designed OSH training programmes 
• effective incident reporting systems 
• strong and visible leadership from managers.

Opportunities for improvement

Suggestions that could make things better but aren't failures. For example:

• "Consider adding more visual safety reminders in the workshop"
• "Think about providing refresher training more frequently"

Non-conformances

Things that don’t conform to the legal requirements or required work processes. These are actual problems that need fixing.

These could be minor non-conformances - small gaps that haven't caused significant issues yet:

• few missing signatures on training records 
• one procedure that's slightly out of date.

Or major non-conformances - serious problems that could lead to fines, non-conformance notices, accidents or work-related ill health:

• no system to control contractors 
• workers not using their personal protective equipment
• critical safety equipment not being maintained 
• use of unsafe scaffolding equipment
• electrical equipment that has not been PAT (Portable Appliance Testing) tested

Records should be kept of actions taken and changes made, so that their effects can be measured. For example, if a new machine is purchased because the audit showed excessive noise associated with the old one, you should record the installation date.

Also, complete noise measurements should demonstrate that the noise levels have decreased. All changes will need a policy and procedure review to ensure they are still relevant and amended where necessary – see Creating effective health and safety policies: your foundation for workplace protection.

Key takeaways

• OSH auditing is a structured process to check if safety systems are effective and compliant.
• Audits help identify weaknesses, ensure legal compliance, and improve workplace safety.
• Internal audits are done by in-house staff, external audits by independent auditors.
• Audit activities include planning, document review, inspections, interviews, and compliance checks.
• Record all changes and review policies after updates.
• Communicate audit results to leaders and workers for transparency.

Checklist

• Define scope and objectives of audit
• Gather relevant documents (policies, risk assessments, training records)
• Schedule inspections and interviews
• During the audit, review documentation for compliance
• Inspect workplace for hazards
• Interview staff about safety practices
• Compare findings against legal and company standards
• Categorise findings: positive, improvements and non-conformances
• Develop an action plan with deadlines
• Implement remedial and corrective actions
• Record all changes and measure impact
• Update policies and procedures as needed
• Share results with senior leaders and workers

Audits are intended to provide useful information and insight about how things are working within your organisation. They can show you what isn’t working, where time is being wasted, and where there are risks to health, safety and wellbeing that need to be addressed. Audit results should be discussed by senior leaders as part of effective governance and communicated to workers.

This guide provides an introduction to health and safety auditing concepts. For detailed technical guidance and advanced auditing techniques, IOSH members can access comprehensive resources through our member portal.