Standard Operating Procedure: ISO 45001:2018 Internal Audit

Introduction

This Standard Operating Procedure (SOP) serves as a framework for conducting an effective internal audit of an Occupational Health and Safety Management System (OH&SMS) compliant with ISO 45001:2018. The objective of this audit is to verify that the organization’s safety processes are effectively implemented, maintained, and continually improved. Auditors must ensure that the audit process is objective, systematic, and documented to identify non-conformities and opportunities for improvement prior to external certification assessments.

ISO 45001 Internal Audit Checklist

Section 1: Context and Leadership (Clauses 4 & 5)

• Context of the Organization: Verify that internal/external issues and the needs of interested parties (employees, regulators, contractors) have been documented.
• Scope: Confirm the OH&SMS scope is clearly defined and available to relevant stakeholders.
• Leadership Commitment: Review meeting minutes for evidence of top management engagement and promotion of a safety culture.
• OH&S Policy: Ensure the policy is current, documented, communicated, and available to all workers.
• Roles and Responsibilities: Confirm that safety authorities and responsibilities are clearly defined and understood across all levels of the organization.

Section 2: Planning and Risk Assessment (Clause 6)

• Hazard Identification: Review the process for ongoing identification of work-related hazards.
• Risk Assessment: Verify that OH&S risks and opportunities have been evaluated and prioritized.
• Legal Requirements: Check the register of applicable legal and other requirements to ensure it is up-to-date.
• Objectives: Review OH&S objectives; confirm they are measurable, tracked, and monitored against key performance indicators (KPIs).

Section 3: Support and Operations (Clauses 7 & 8)

• Competence and Training: Inspect training records to ensure all personnel are competent for their specific safety tasks.
• Communication: Verify evidence of both internal (toolbox talks) and external (regulatory reporting) communication channels.
• Documented Information: Check that records are retrievable, legible, and protected from loss.
• Operational Control: Ensure controls are in place for outsourced processes, procurement, and contractors.
• Emergency Preparedness: Review records of emergency drill execution and the effectiveness of response plans.

Section 4: Performance Evaluation and Improvement (Clauses 9 & 10)

• Monitoring and Measurement: Confirm that safety performance is being measured and equipment (e.g., air quality monitors) is calibrated.
• Incident Investigation: Review reports for accidents, near-misses, and the resulting corrective actions.
• Internal Audit Results: Verify that previous internal audits have been reviewed by management.
• Management Review: Ensure a formal management review meeting has occurred with documented outputs.
• Non-conformity and Corrective Action: Review the log of non-conformities to ensure root cause analysis was performed and actions were closed out.

Pro Tips & Pitfalls

• Pro Tip: Focus on "Evidence of Effectiveness": Do not simply look for a signed form; look for proof that the procedure is actually practiced on the floor (e.g., observe a forklift operator or check if a safety sign is actually located where the hazard exists).
• Pro Tip: Practice "Process Auditing": Instead of auditing against specific clauses, follow the flow of a process (e.g., start with a training need and follow it through to the training certificate and subsequent job performance).
• Pitfall: Over-Documentation: Avoid creating documents that do not add value to safety. ISO 45001 requires documented information, not unnecessary bureaucracy.
• Pitfall: Ignoring Contractor Safety: A common failure point in external audits is failing to manage contractors. Ensure they are vetted and inducted properly before starting work.

Frequently Asked Questions (FAQ)

1. How often should an internal audit be conducted? ISO 45001 does not mandate a specific frequency, but it requires that audits be conducted at "planned intervals." Standard industry practice is at least once every 12 months, or more frequently if there are significant operational changes.

2. Can an employee audit their own department? No. An audit must be objective and impartial. You should ensure that auditors are independent of the work being audited to avoid a conflict of interest.

3. What constitutes "documented information"? Under ISO 45001, this includes any information required to be controlled and maintained by the organization. It ranges from policies and objectives to incident reports, training logs, and risk assessment matrices, regardless of whether they are in digital or physical formats.

<script type="application/ld+json"> { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [ { "@type": "Question", "name": "What is the primary goal of an ISO 45001 internal audit?", "acceptedAnswer": { "@type": "Answer", "text": "The primary goal is to verify that the organization's Occupational Health and Safety Management System (OH&SMS) is effectively implemented, maintained, and continually improving in accordance with ISO 45001 standards." } }, { "@type": "Question", "name": "How often should an ISO 45001 internal audit be conducted?", "acceptedAnswer": { "@type": "Answer", "text": "Internal audits should be conducted at planned intervals to ensure the OH&SMS conforms to your own requirements and the ISO 45001 international standard, typically on an annual basis or as defined by organizational risk." } }, { "@type": "Question", "name": "What key areas must be audited under ISO 45001 clauses 4-8?", "acceptedAnswer": { "@type": "Answer", "text": "Key areas include organizational context and leadership commitment, risk assessment and hazard identification, legal compliance, competence and training records, and operational controls." } } ] } </script> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "SoftwareApplication", "name": "ISO 45001 Internal Audit Management SOP", "applicationCategory": "Compliance Management Software", "operatingSystem": "Web-based", "description": "A comprehensive standard operating procedure and checklist framework for maintaining ISO 45001:2018 certification compliance within an OH&SMS environment.", "softwareVersion": "2018", "offers": { "@type": "Offer", "price": "0.00", "priceCurrency": "USD" } } </script>