How to Conduct a Workplace Health and Safety Audit


A version of this blog post was originally published on Epigroup.

A workplace health and safety audit is used to analyse where an organisation’s safety performance currently is and where it needs to be. They’re key to helping a business ensure it has complete visibility over how effective its current systems and process are. So how do you conduct a workplace health and safety audit?

First of all, an auditor will observe the workplace and find 'gaps' that determine what needs to be done to improve health and safety. This auditor may be an internal employee or an external person. Some organisations conduct an internal audit as a precursor to the external audit, while others use the audit to tease out any deficiencies in specific processes or areas of the business.

Why is a Health and Safety Audit Important?

A safety audit is an important tool to identify safety problems and gaps then come up with actionable steps to improve safety in a business. A safety audit can be used to:

  • Document that a safety management system complies with legislation
  • Test if a safety management system is achieving its objectives
  • See if the safety management system is maintaining the performance criteria and the auditing system is effective
  • Assess whether organisation has completed any previous modification compliance audits, when necessary
  • Constantly improve the organisation

The Safety Audit Process – 5 Steps

Most internal health and safety audits follow a five-step process:

1. Identify Areas to Audit

Make a note of each area of the business that should be the subject of a health and safety internal audit. Some areas have simple processes while others are complex.

It’s important that an internal audit doesn’t try to do everything in one hit. It’s far better to concentrate on one or two areas in detail than to do a broad, shallow review of the whole organisation.

Whatever the area of focus, auditors should use a ‘systematic and disciplined approach to their work’, according to The Institute of Internal Auditors Australia.

2. Decide How Often to Audit

Audits create a culture of continuous WHS improvement and preventative action, so you should always be on the lookout for areas where you can tweak and refine.

However, it’s likely that some areas of your business will need auditing more often than others. For example, office staff are at less risk of serious injury or death than an on-site worker.

Once you know how often you want to audit each area, put it on a calendar. It’s easy for the months to roll past and for internal audits to not happen, so schedule them out for the year ahead. Send out a copy of the calendar so an upcoming audit is never a surprise to staff.

3. Conduct the Audit

The audit process will look different depending on the organisation and the area being audited. However, the audit should be ISO and AS compliant, which Epihub can take care of for you.

The auditor may measure an item, take a sample and do a test. In another area, they may observe staff and ask them to explain their work process to compare it with the written policy to assess competency and potential training shortfalls.

If you’ll be the one conducting the audit, you can simply raise actions in Epihub as you go along, then manage them through to close out.

4. Document the Results

The auditor should make notes to ensure they don’t miss anything when it comes to writing the report. They review any collected documents and notes and comprehensively write up their findings. They should then highlight any gaps in compliance to ensure they appear in the report.

In Epihub it’s super easy to select from pre-built templates or build your own criteria with the form-builder interface. This way you can make sure nothing gets missed and compare your results with last time’s.

5. Report the Findings

The auditor then completes their report and presents it to management. Reports shouldn’t be too wordy – a tabular format with graphs, diagrams and photos included makes information easier to understand. The report shouldn’t only cover areas that need improving, there should be positive notes about things the organisation is doing well.

Processes that are working well should be noted because lessons could be learned from them, and applied to gaps and shortcomings in other areas of the business.

The Institute of Internal Auditors Australia recommends auditors include a consequence/impact/effect for why something occurred. Determining the cause and discussing the best action to take with management can lead to the best outcome.

The Audit Action Plan

The auditor‘s recommendations are provided in an Action Plan. The plan lists what needs to be actioned, any notices issued and informs the workplace health and safety representative/s of the outcome.

There are three categories in an Action Plan:

  1. Non-compliance – the organisation is in breach of a requirement and urgent action is required to fix any non-compliant issues. If the contravention can’t be rectified in a day or two, a Notice to Remedy with a due date is provided.
  2. Observation – this is an opinion of the Auditor and therefore subjective. The organisation can decide whether to implement any changes based on the advice provided, it isn’t mandatory.
  3. Opportunity for Improvement – a suggestion for making a change that could lead to a better outcome but also not mandatory.

The action an organisation takes after an audit is what matters the most. Make it a priority to fix any non-compliance issues.

The auditor’s observations and opportunities for improvement should be carefully considered and, if management agrees, implemented into the organisation when practical.

We should view health and safety internal audits as a valuable opportunity to improve and make the organisation as safe as possible for everyone who works or visits.

If you’re after an easy and reliable way to conduct them, download your free Epihub trial, and give it a whirl.

Category: Blog

Ready to get started?
Start your free trial today.

Try For Free