An internal audit is a systematic, independent, and documented process to objectively verify whether the desired objectives of a management system established according to ISO 45001:2018, "Occupational Health and Safety Management Systems - Requirements with Guidance for Use", have been achieved.
Any organization holding ISO 45001 certification or aspiring to obtain it must demonstrate commitment to continuous improvement regarding occupational health and safety matters. Internal audits serve both to identify deviations from intended operations and drive improvements, while also fulfilling a key ISO 45001 requirement that deems them essential for the success of an organization's occupational health and safety management system.
During the audit process, evidence is documented to confirm or disprove compliance with the standard's requirements. Organizations may face internal and external issues impacting effective safety management implementation, including workforce matters, organizational expectations, or compliance with legal requirements. Internal audits specifically verify:
- Roles, responsibilities, and authorities in maintaining safety standards
- Proper functioning of safety-related processes
- Effective communication of issues across organizational levels
- Maintenance of safety focus through formalized findings and records
To properly conduct an ISO 45001-focused internal audit:
- Ensure comprehensive understanding of processes to be analyzed
- Prepare all relevant documentation in advance (internal audit plan, stakeholder communications regarding scope/objectives/criteria)
- Demonstrate effective questioning and active listening skills
- Conduct opening/closing meetings to explain methodology and present findings
- Align audit activities with process metrics, quality objectives, and continuous improvement
- Collect sufficient supporting data for findings
- Prepare and distribute post-audit documentation (nonconformities, observations, conclusions)
Essential auditor competencies for OH&S management system audits:
- Expert knowledge of ISO 45001 requirements
- Thorough understanding of organizational structure and procedures
- Advanced risk management proficiency
- Methodical, logic-based approach
- Strong analytical evaluation skills
- Clear conceptual communication abilities
- Precise technical writing capability
- Mastery of root cause analysis and corrective action processes
The internal audit report provides documented verification results and critical recommendations based on detailed analysis of policies, processes, risk controls, and overall safety management implementation.