Conducting an internal audit for ISO 45001 is an essential part of maintaining compliance with the Occupational Health and Safety (OHS) management system. It helps organizations ensure that their safety practices are aligned with the ISO 45001 standard, identify areas for improvement, and address potential risks before they escalate. This process is crucial for the ongoing health and safety of employees and the overall efficiency of the workplace. Here’s a step-by-step guide on how to conduct an internal audit for ISO 45001.

1. Understand the Scope and Requirements of ISO 45001

Before starting an internal audit, it’s important to familiarize yourself with the ISO 45001 standard and understand the specific requirements for occupational health and safety management systems. ISO 45001 outlines the criteria for establishing, implementing, and maintaining an OHS management system that aims to reduce workplace risks and enhance employee safety and well-being. Ensure that your internal audit covers all relevant clauses of the standard, including leadership commitment, risk assessment, legal requirements, and operational controls.

2. Plan the Internal Audit

A well-organized audit begins with a solid plan. The audit plan should include:

• Audit Objectives: Define the purpose of the audit. Are you aiming to evaluate compliance, identify nonconformities, or assess the effectiveness of the safety management system?
• Scope of the Audit: Identify which departments, processes, or areas will be audited. This can include areas like hazard identification, risk assessments, emergency preparedness, and worker involvement.
• Audit Schedule: Set a timeline for the audit, ensuring that all relevant activities are included and that there’s sufficient time to complete the audit without rushing.
• Audit Team: Select qualified individuals to conduct the audit. Ideally, the audit team should include people with knowledge of ISO 45001 and the areas being audited. You might also want to involve employees from different departments to get a more holistic view of the OHS practices.

3. Review the ISO 45001 Manual and Documentation

One of the first steps in an internal audit is to review the ISO 45001 manual and any related documentation, including safety policies, procedures, risk assessments, and training records. This helps ensure that the organization's health and safety management system align with the documented processes and the ISO 45001 standard. As you review the manual, pay attention to:

• The structure and content of the ISO 45001 manual to confirm that it covers all required aspects of the standard.
• Whether the manual and procedures are regularly updated to reflect any changes in the organization, legal requirements, or identified risks.
• The alignment of documented processes with actual practices in the workplace.

4. Conduct Interviews and Gather Evidence

Interviews with employees and management are a critical component of the audit. Talk to workers at different levels of the organization to understand how health and safety procedures are followed and whether they are familiar with the ISO 45001 manual and its contents. During these interviews, ask about:

• Their understanding of workplace safety procedures and their role in maintaining a safe environment.
• Whether they feel safe at work and if they know where to report hazards or unsafe practices.
• How the organization addresses mental health and worker well-being, if applicable.

5. Evaluate Compliance with ISO 45001 Requirements

As you conduct the audit, evaluate the organization’s adherence to the requirements of ISO 45001. Specifically, assess whether:

• Hazard identification and risk assessment procedures are being followed consistently across all levels of the organization.
• The ISO 45001 manual is being adhered to in daily operations and whether procedures for controlling risks are documented and implemented.
• Corrective and preventive actions are taken promptly in response to identified risks or safety concerns.
• Employee participation in the safety management system is effective, and whether workers are engaged in decision-making processes related to their safety.
• Management reviews are held regularly to assess the effectiveness of the OHS management system and to drive continuous improvement.

6. Identify Nonconformities and Opportunities for Improvement

During the audit, you may find areas where the organization is not fully compliant with ISO 45001 requirements. These are known as nonconformities. It’s important to document these findings clearly and categorize them based on their severity.

Additionally, identify any opportunities for improvement. Even if processes are compliant, there may still be areas where the organization can improve to further reduce risks, increase efficiency, or enhance employee well-being.

7. Prepare the Audit Report

After completing the audit, compile your findings into an audit report. This should include:

• A summary of the audit process, including the objectives, scope, and methodology used.
• A list of nonconformities, along with their severity and the evidence that supports the findings.
• Opportunities for improvement or areas where the system could be made more effective.
• Recommendations for corrective actions to address the nonconformities, including timelines and responsibilities.

Ensure that the report is clear, actionable, and well-organized. It should be shared with key stakeholders, including top management, to ensure that the necessary corrective actions are taken.

8. Follow-Up and Corrective Actions

The audit process doesn’t end with the report. After identifying nonconformities and opportunities for improvement, work with management to develop a corrective action plan. This plan should outline the specific actions needed to address the audit findings, assign responsibilities, and set deadlines for implementation.

Once corrective actions are implemented, a follow-up audit should be scheduled to verify that the actions were effective and that the nonconformities have been resolved.