Get 4 FREE months of Conformio to implement ISO 27001

Why you should perform effective internal audits in ISO 45001

Updated 2018-12-04 according to ISO 45001

Many organizations use ISO 45001 to ensure continuing health, safety, and well-being for their employees. While legislation can change from country to country and even region to region, ISO 45001 stands as the one universal standard that signifies that an organization cares about and seeks to continually improve its workplace conditions for all. Therefore, ensuring that an effective Health and Safety Management System is in place is paramount for companies, especially those in sectors where risk of injury may be higher. Think, for example, of being sent to work in a nuclear power site or to help construct high-rise buildings with no health and safety guidelines or regulations. Thankfully, that cannot happen in this day and age as long as widely available legislation is followed.

So, we have ascertained that health and safety precautions are vital in the workplace, and that ISO 45001 helps deliver that. We know that the “Plan, Do, Check, Act” cycle runs through the family of ISO standards and helps to ensure measuring, monitoring, and action to ensure continual improvement. A vital part is played in this process by the internal audit mechanism, which can identify gaps, non-conformances, and bad practices, and correct them.  So, why is the internal audit vital in this process, and how do we go about ensuring we get maximum value from it?

Internal audit – What do I need to achieve?

Internal audits are viewed as a necessary evil in many sectors of business. As part of your ISO 45001 system, it is not too dramatic to say that this very function, if carried out correctly, can drastically improve conditions and even potentially save lives for organizations in some sectors. You will have planned for an agreed number of internal audits when your management team had its Management Review, which you can read about in this previous article: How to perform management review in ISO 45001. It is even possible that your management’s risk assessment policy, stakeholder or employee suggestions, or the unfortunate occurrence of a workplace accident or incident has increased the need for internal audit frequency. Whatever the frequency agreed, the internal audit will need to satisfy certain criteria:

  • ensure that the audit will need to be performed by a person internally who is not a stakeholder in the actual department audited, and can show neutrality and fairness
  • ensure your auditor has the correct training to do the job effectively
  • ensure that all legal requirements and legislation are met, communicated, and abided by
  • ascertain that the management team play a “leadership” role in setting and ensuring targets, standards, and objectives are achieved
  • involve the workforce, which is critical in assessing whether an OH&S management system is effective and whether training and awareness are thought to be effective
  • ensure risks are constantly assessed, managed, mitigated, and removed
  • ensure a communication channel exists where information, feedback, and suggestions can be passed up and down, between top management and all employees and stakeholders
  • ensure a continual improvement cycle is established that allows the ethos of improved health and safety to exist and flourish
  • ensure a corrective action procedure (or equivalent) exists to effectively help quantify, specify root cause, and remove any identified issues to the satisfaction of both management and employees of an organization

Having your internal audit process is fine, but you must ensure that you then have the process in place to follow up: to record the audit data formally for your management system, to capture the findings formally, to plan the changes and improvements within a planned time period, and to communicate the changes effectively amongst your staff and stakeholders, with an effective review process to ensure the changes are maintained.

So, having effective internal audits will ensure that there is a lesser chance of an accident in the workplace? Obviously, yes, and that’s critical, but let us examine what other benefits that an organization might gain from ensuring this audit process is effective.

Less chance of accidents, more benefits too?

We have looked at how to identify OH&S hazards in the previous blog article How to identify and classify OH&S hazards, and this will assist you in terms of identifying target areas for internal audit, so what benefits can you expect to see when you have an effective internal audit process embedded within your OH&S Management System?

Financial savings. What management team doesn’t like financial benefits? An effective OH&S management system supported by effective internal audits will ensure you do not have costly production delays due to accidents and incidents.

Morale and positive internal relationships. A safe working environment is a happy one. Ensuring your internal audit process supports your OH&S management system can help sustain morale. Your employees can see by deeds and actions that the organization cares for its staff, and by engaging employee opinion during the internal audit process, it can be seen that the issue of workplace safety is taken seriously and employees are truly valued.

Reputational benefits. Using effective internal audits to sustain an exceptional health and safety record is an excellent indicator of the health of a business for a prospective customer. Displaying a record of achievement and continual improvement within your OH&S management system can provide the reassurance to a potential client that your organization is serious regarding its priorities and is safe to do business with.

So, the benefits of an effective OH&S management system supported by a robust internal audit process are manifold. It’s clear that ISO 45001 compliance can not only protect your employees, but potentially take your business to the next level. Now could be the time to ensure that ISO 45001 is part of your organization’s future.

To assess where your organization stands versus the ISO 45001 standard, please access our Gap Analysis Tool.

Advisera John Nolan
John Nolan
John Nolan is a Fellow of the Institute of Leaders and Managers in the United Kingdom, and Prince 2 accredited with a background in Engineering and Electronics and Data Storage and Transfer. Having studied and qualified as both a Mechanical and Electronic Engineer, he has spent the last 15 years designing and delivering Quality Systems and projects across many sectors in the UK, including both national and local government.