2-16. ISO 45001 Internal Audit: Preparation, Execution, and Corrective Action Flow

An internal audit for ISO 45001, the international standard for Occupational Health and Safety Management Systems, is a critical process for confirming the system's effectiveness and driving continuous improvement. It should not be a mere formality but a tool for understanding on-site risks and ensuring improvement activities are embedded in the organization's culture. Here is a breakdown of the ISO 45001 internal audit process, from preparation to implementation and corrective actions.

1. Internal Audit Preparation

Effective internal audits require thorough preparation.

• Develop an Audit Plan: Create an annual audit schedule, specifying the departments and scope to be audited.

• Select Auditors: Choose auditors without conflicts of interest to ensure objectivity. It is also effective to provide internal auditor training to team members.

• Create a Checklist: Prepare a checklist that includes ISO 45001 requirements, legal compliance items, and past non-conformities.

• Gather Pre-Audit Documents: Review manuals, procedures, risk assessment results, training records, and incident reports beforehand.

2. Conducting the Internal Audit

The audit itself should be a systematic and efficient on-site review.

• Opening Meeting: Explain the audit's purpose, scope, and methods to the audited department to ensure a shared understanding.

• Document Review: Check if regulations and records comply with ISO 45001 requirements.

• On-site Observation and Interviews: Walk through the work areas and interview employees to confirm that actual practices align with procedures.

• Evidence Collection: Record observations and interview details as objective evidence to support your findings.

3. Identifying and Reporting Non-conformities

Based on the audit results, categorize non-conformities and areas for improvement.

• Categorize Non-conformities: Classify findings as major non-conformities (violations of standards or laws), minor non-conformities, or opportunities for improvement.

• Create an Audit Report: Clearly state the non-conformities with supporting evidence and provide specific recommendations for improvement.

• Closing Meeting: Explain the results to the audited department and inform them of the need for a corrective action plan.

4. Corrective Action Flow

The goal of an internal audit is not just to find non-conformities but to correct them and prevent recurrence.

• Root Cause Analysis: Use tools like the "5 Whys" analysis or a cause-and-effect diagram to identify the underlying cause of the non-conformity.

• Develop a Corrective Action Plan: Create a plan that specifies deadlines, responsible parties, and concrete measures.

• Implementation and Verification: Execute the corrective measures and confirm their effectiveness through a follow-up audit or internal review.

• Record Keeping: Document the entire corrective action process for future audits and external reviews.

5. Leveraging for Continuous Improvement

Internal audits are a key part of the PDCA (Plan-Do-Check-Act) cycle. They shouldn't be a one-time event; the results should inform the next year's audit plan and risk management review. By reporting audit findings to top management and sharing safety goals and improvement challenges company-wide, you can enhance the overall effectiveness of your ISO 45001 system.

By ensuring a robust process for the preparation, implementation, and follow-up of ISO 45001 internal audits, you can move beyond a simple checklist and foster a culture of safety that adds tangible value to your organization.