Standard Operating Procedure: ISO 45001 Internal Audit Process

This document outlines the systematic procedure for conducting an internal audit of an Occupational Health and Safety Management System (OHSMS) in compliance with ISO 45001:2018. The objective of this audit is to verify that the organization’s safety processes are effectively implemented, maintained, and continually improved. This SOP is designed to serve as a framework for generating or executing a comprehensive PDF audit checklist, ensuring all mandatory requirements of the standard are systematically evaluated and documented.

Section 1: Audit Preparation and Planning

• Define Audit Scope: Determine which departments, physical locations, and shifts will be included in the current audit cycle.
• Appoint Audit Team: Select internal auditors who are impartial and possess adequate competence in both ISO 45001 requirements and specific workplace hazards.
• Gather Documentation: Collect the Quality Manual, previous audit reports, risk registers, legal registers, and safety meeting minutes.
• Develop the Checklist: Create a structured checklist (in PDF format) covering all clauses of ISO 45001 (4.1 through 10.2).
• Schedule Audits: Notify department heads of the audit timeline to ensure key personnel are available for interviews.

Section 2: On-Site Audit Execution

• Opening Meeting: Conduct a brief meeting with management to review the audit scope, schedule, and methodology.
• Evidence Collection: Use the audit checklist to conduct interviews, observe site conditions, and verify records.
• Operational Control Verification: Check that standard operating procedures for high-risk activities are being followed exactly as documented.
• Worker Participation Review: Verify that non-managerial staff are actively consulted and involved in the OH&S management system.
• Incident Investigation Check: Review a sample of recent incidents to ensure root cause analysis and corrective actions were completed effectively.

Section 3: Reporting and Closing

• Identify Non-Conformities (NCs): Clearly define discrepancies between the standard’s requirements and the observed reality.
• Draft the Audit Report: Consolidate checklist findings into a formal PDF report, highlighting strengths, opportunities for improvement, and mandatory NCs.
• Closing Meeting: Present findings to leadership, ensuring clarity on the corrective actions required.
• Corrective Action Plan (CAP): Assign responsibility and deadlines for addressing all identified non-conformities.
• Verification: Schedule a follow-up date to ensure that all corrective actions were implemented as intended.

Pro Tips & Pitfalls

• Pro Tip (The "Show Me" Method): Never rely solely on interviews. Always ask, "Can you show me the record for that?" to verify compliance.
• Pro Tip (Focus on Context): Ensure your checklist reflects the specific nature of your industry. Generic checklists often miss site-specific risks (e.g., chemical storage vs. machine guarding).
• Pitfall (Checklist Mentality): Do not treat the audit as a "tick-box" exercise. An audit is a diagnostic tool for improvement, not just a document for certification.
• Pitfall (Ignoring Culture): Don't focus only on paperwork. If employees are following the procedure but feel pressured to ignore safety for speed, your system is failing.

Frequently Asked Questions (FAQ)

1. How often should we conduct an internal audit? ISO 45001 requires internal audits to be performed at "planned intervals." Most organizations choose a 12-month cycle, but high-risk environments may benefit from semi-annual audits.

2. Can I use the same person to perform the internal audit every year? While you can, it is recommended to rotate auditors or introduce a fresh pair of eyes to prevent "audit blindness," where the auditor becomes too familiar with a process to notice flaws.

3. What happens if I find a non-conformity during the audit? Do not panic. A non-conformity is a standard part of the ISO process. It provides the necessary evidence to trigger a corrective action, which is a core component of the "Plan-Do-Check-Act" cycle required for continuous improvement.

<script type="application/ld+json"> { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [ { "@type": "Question", "name": "What is the primary goal of an ISO 45001 internal audit?", "acceptedAnswer": { "@type": "Answer", "text": "The primary goal is to verify that an organization's Occupational Health and Safety Management System (OHSMS) is effectively implemented, maintained, and continually improved in compliance with ISO 45001:2018 standards." } }, { "@type": "Question", "name": "Who should be appointed to the ISO 45001 audit team?", "acceptedAnswer": { "@type": "Answer", "text": "Internal auditors should be impartial, objective, and possess adequate competence in both ISO 45001 requirements and the specific hazards associated with the organization's workplace." } }, { "@type": "Question", "name": "What documents are required for ISO 45001 audit preparation?", "acceptedAnswer": { "@type": "Answer", "text": "Key documents include the Quality Manual, previous audit reports, risk registers, legal registers, safety meeting minutes, and a structured audit checklist covering ISO 45001 clauses 4.1 through 10.2." } } ] } </script> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "SoftwareApplication", "name": "ISO 45001 Audit Management System", "applicationCategory": "BusinessApplication", "description": "A comprehensive SOP framework for managing ISO 45001 internal audits, including checklist generation, evidence collection, and non-conformity reporting.", "operatingSystem": "All", "offers": { "@type": "Offer", "price": "0.00", "priceCurrency": "USD" } } </script>