John Nolan The internal audit function is an important element of any OHSAS 18001-certified OHS&MS (Operational Health and Safety Management System), as most health and safety professionals will confirm. The internal audit process can not only measure how your organization has dealt with risk and hazards, but also provide a vital measure as to whether continual improvement has taken place. Given the importance of accident and incident prevention to most modern businesses, the part that the internal audit can play in determining gaps and defining progress can be critical to the overall performance of your system and the ultimate well-being of your employees. It therefore stands to reason that an organization’s internal audits must be accurate and thorough, and while elements need to be focused on your business and its hazards and risks, there are also parts of the OHSAS 18001 standard itself that the internal audit needs to take recognition of. Knowing this, it would seem to make sense to prepare an internal audit checklist that can be used and adapted for the internal audit cycle within your OH&SMS. So, what considerations do we need to make when compiling this?
Internal audit checklist – What do we need to consider?
When you consider the elements that you need to include in your internal audit checklist, and how you can apply them, try to include the following:
- Review of documents: As you may be aware, there are some documents that are mandatory within the OHSAS 18001 standard, such as the OH&S Policy itself. Ensure that there is a thorough review of this document within your internal audit, and you will have taken the first step towards a successful internal audit. You can learn more about OH&SMS internal audit processes in the article How to perform internal audits in OHSAS 18001.
- Create a physical checklist: If you consider the documents you require and the clauses of the OHSAS 18001 standard itself, you are on the way to making your checklist. Look at your own policies, and ensure that your actions match them. Consider your approach to hazards and risk, and ensure that your organization meets both the requirements of the standard and the statements you have made in your policies and procedures. Checking that both have been done effectively is at the heart of your internal audit.
- Planning and executing the audit itself: Remember that part of your checklist is ensuring that you know what departments and parts of your processes to concentrate on and spend time auditing. As with most parts of the OHSAS 18001 standard, planning is key. Ensure that you know where you need to spend time, and critically – what questions you need to ask.
- Ensuring you meet with legislation: Critically, you must ensure that your OH&SMS meets with legislation and complies with the laws of your region.
- Reporting and measurement: Ensure that your checklist has the appropriate section to record findings as they happen – remember, after the audit is over you will have a lot of information to collate, and if you have recorded it correctly then there is more chance that it will be accurate and representative of your findings.
- Review section: The success of your internal audit is not only dependent on the planning and recording of data, but also on the actions you take to fill any gaps or correct any non-conformances. Ensure that this is recorded accurately on your checklist for the avoidance of doubt.
Having an accurate checklist
So, as we can see from above, your checklist must contain some elements that are mandatory from the OHSAS 18001 standard itself, and some that directly check whether your policies and procedures are being carried out in the correct fashion. Reading the standard with care to ensure that your audit is accurate is critical, as is reading your own process documents if you are not aware of them. Get to know them both well, and you are well on the way to compiling an internal audit checklist that will help you greatly.
The contents of the checklist
There are certain elements you will want to include in your checklist to encourage accuracy:
- OHSAS 18001 clause reference: This is critical to align the standard with the segments of your audit.
- The issue you are looking for: If you have a concern, worry, or results from a previous audit, it is highly likely that this is what you are looking for.
- Compliance status: “Yes,” “No,” “Not applicable,” or sometimes a comment leading to another action will be required.
- Findings, responsibility, and actions: As mentioned above, further action may be required to close out your internal audit and ensure that your organization is compliant. Record who is responsible, the action required, and the timeline agreed upon for resolution on your checklist, and you will be on your way to ensuring it is effective.
Just do it!
All that remains is to examine the standard, match up your own policy requirements, and ensure that your checklist matches both. Your checklist must ensure that you maintain the discipline to check both of these vital elements, and critically, that you record suitable detail to allow you to undertake effective actions to correct any findings. It is sometimes the case that there can be a gap between the audit itself and the actions, meaning that the accuracy of records is vital to ensure that the actions you decide on are appropriate to eliminate the root cause of the issue discovered. If you can ensure that your checklist can match up all these elements, then your organization is well on the way to OHSAS 18001 compliance, and very likely, successful certification.
Use this free OHSAS 18001 Gap Analysis tool to see which items should be included in the internal audit checklist.
