Whether you’re doing your first health and safety audit or simplify your existing process, these six steps (and free template) will help you on your way. 

When it comes to analysing a business’ workplace health and safety (WHS) performance, audits are fundamental. But they’re not always seen this way.

If the word ‘audit’ conjures up a montage of clipboards, inspections, and interrogations, you’ve either had terrible experiences or you’re expecting the worst.

Safety audits shouldn’t be a policing process. They’re key for finding out where your safety performance currently sits, and where it needs to be – as per the agreed parameters. So think of them as a positive learning opportunity to improve the safety of your team.


Who can conduct a health and safety audit?

WHS auditors can be internal employees or someone external. Some businesses prefer to conduct their audits in-house, as they know the areas they want to focus on. Others prefer to hire someone externally to utilise a fresh set of eyes and perspective.

Some businesses choose both and conduct an internal audit as a precursor to the external audit. Others use the audit to tease out any deficiencies in specific processes or areas of the business.

For the sake of this article, let’s say you’re a small business owner conducting an internal audit on your own company.

Your task is to compare what’s happening in your business with what’s written in your safety management system. This will highlight any gaps you need to close in your business. If you don’t have a safety management system, get in touch and we can create one for you.


Why is a Health and Safety Audit Important?

As well as identifying gaps, health and safety audits are important for challenging the benchmarks you’ve set out in your safety management system.

They’re really helpful for coming up with actionable steps you can take to improve your business’ safety, and can be used to:

  • Document that your safety management system complies with legislation
  • Test if your safety management system is achieving its objectives
  • See if your safety management system is maintaining the performance criteria and the auditing system is effective
  • Assess whether your organisation has completed any previous modification compliance audits, when necessary
  • Constantly improve your organisation


What Types of Safety Audits are There?

There are many types of safety audits, but the two most widely used are:

  1. Management system audits
  2. Safety function audits


Management System Audits:

A management system audit is “horizontal”. This means it looks across the entire company structure and considers the broad, in-depth scope of management policies and procedures that are in place to manage the organisation’s health and safety at the site.

Management system audits are typically assessed against the following standards:

  • AS/NZS 4801 – Occupational Health and Safety Management System
  • ISO 45001 – Occupational Health and Safety
  • OHSAS 18001 – Occupational Health and Safety Management System
  • ISO 14001 – Environmental Management
  • ISO 9001 – Quality Assurance


Safety Function Audits:

Safety function audits are “vertical”. This means they look at the detail of a specific activity through a vertical slice of the organisation’s structure, from senior management to the workplace.

Safety function audits include, but are not limited to:

  • Classified plant and administration
  • Electrical safety management systems
  • Emergency preparedness
  • Fixed plant
  • Isolation and tagout
  • Manual tasks
  • Noise
  • Traffic management
  • Workshops


The Safety Audit Process – 6 Steps

Most internal health and safety audits can follow a six-step process…

1. Identify Areas to Audit

First things first, you need to make a note of each area of the business that should be audited. Some areas have simple processes, while others are more complex.

It’s important that an internal audit doesn’t try to do everything at once.  .

Whatever the area of focus, you should use a ‘systematic and disciplined approach to their work’ according to The Institute of Internal Auditors Australia.

You also need to set benchmarks and standards, and make sure everyone agrees on them before the audit takes place.


2. Decide How Often to Audit

Choosing how often to audit will depend on the size of your business, the industry you’re in and if your work environment is continuously changing (like a construction site).

However, some timings are decided for you, for example HACCP audits must be completed quarterly.

It’s likely that some areas of your business will need auditing more often than others as they carry higher health and safety risks.

Your safety management system should outline how often you need to audit different areas, but you may wish to change the frequency – i.e. from quarterly to monthly, or monthly to weekly – depending on the risks.

Once you know how often you want to audit each area, put it in your calendar. It’s easy for the months to roll past and for internal audits to not happen, so schedule them out for the year ahead. Send out a copy of the calendar so an upcoming audit is never a surprise to staff.


3. Conduct the Audit

Again, the audit process will look different depending on your organisation and the area being audited.

You may need to test equipment, or ask staff to explain a process and compare it to what’s written on the policy to assess competency and potential training shortfalls.

  1. Start with a kick-off meeting. The kick-off meeting is a good opportunity to introduce the audit team and key participants, explaining the purpose and approach of the audit, and establishing the required communication protocols.
  2. Carry out in-field observations and interviews. In-filed observations don’t mean hiding behind equipment with your camera ready to snap someone being non-compliant. The approach should be casual and inclusive to understand how the processes work in reality. Likewise, interviews shouldn’t feel like interrogations, they should be in the field with the people that are most familiar with the processes.
  3. Collect evidence. Collecting evidence is important as it helps demonstrate the outcome of the audit and can be used to help improve the system in the future or celebrate the success you are achieving. Evidence could be completed documents, photos, and interview statements.


4. Document the Results

Take notes as you go to help you write your report.

You need to review any collected documents and notes, and comprehensively write up your findings. Document any gaps in compliance to ensure they appear in your report.

Make sure while you are documenting the audit findings, you’re communicating these with the   (the people you’re asking questions or interviewing). Give them the opportunity to discuss the findings (e.g. a non-conformance) before you make the report.


5. Report the Findings

No one likes wordy reports, and your audit’s report is the same. Use a tabular format with graphs, diagrams and photos to make information easier to find and understand.

And don’t be afraid to pump up your own tyres. The report should cover positive notes about things your organisation is doing well. Lessons could be learned from them and applied to gaps and shortcomings in other areas of the business.

The Institute of Internal Auditors Australia recommends you include a consequence/impact/effect for why something occurred. Determining the cause and discussing the best action to take with management can lead to the best outcome.

As a small business owner and decision maker, your report is vital for highlighting how to improve your business’ safety.

If you’re not the decision maker, your report will need to go to management. They should read the report and take appropriate actions towards improvement.

If the report doesn’t generate any actions, the audit was a waste of time. To help things along, you should create an audit action plan…


RELATED: Different Risk Assessment Approaches and Processes – What’s Right for Your Business?


6. Create an Audit Action Plan

Now that you’ve found areas to improve, what are you going to do about them?

It’s so easy to file the report away and continue business as usual. But you need to create an audit action plan to improve your business.

Audit action plans document what needs to be actioned, any notices issued, and informs the workplace health and safety representative/s of the outcome.

There are three categories in an action plan:

  1. Non-compliance – the organisation is in breach of a requirement and urgent action is required to fix any non-compliant issues. If the contravention can’t be rectified in a day or two, a Notice to Remedy with a due date is provided.
  2. Observation – the opinion of the auditor (and therefore subjective). The organisation can decide whether to implement any changes based on the advice provided, it isn’t mandatory.
  3. Opportunity for Improvement – a suggestion for making a change that could lead to a better outcome, but it’s not compulsory.

Use what you’ve highlighted in your report to guide your action plan and justify why you’re doing what you’re doing. Decide what’s important and communicate it back to the organisation so that everyone is on the same page.

Remember to revert back to your action plan regularly to continuously improve your organisation.


The action an organisation takes after an audit is what matters the most. Make it a priority to fix any non-compliance issues and look at observations as opportunities for improvement.

Changes should be carefully considered and – if management agrees – implemented when practical.

We hope this has helped simplify your WHS audits. If you want it even simpler, get in touch today and we’d be happy to help you out.


RELATED: Alcoa Case Study