John Nolan
April 5, 2017
The internal audit is one of the key elements in any OHSMS (Operational Health and Safety Management System) that is certified according to ISO 45001:2018 and, as such, producing an audit report to ensure that all vital information is captured and effective actions can be taken is also critical. Given that employee health, safety and well-being – and, in some cases, the lives of people – may be at risk in your chosen business sector, recording data that results from the internal audit becomes even more important to your OH&SMS and the business in general. So, given that the report of any internal audit can be deemed critical, what is the real purpose and recommended content of this report?
The ISO 45001 standard directs that internal audits should be conducted at planned intervals to ensure that the OHSMS meets the terms of the standard, has been properly established and maintained, can help the organization’s objectives be met, and can effectively pass the correct and accurate information to the top management team in terms of audit results. While these elements are all critical to having an effective internal audit process, the audit report can be designed specifically to ensure that the information passed to top management is accurate and contains the details required. Considering that policy and process changes may be made based on this information, accuracy and detail become ever more important. So, knowing that, what should the content and purpose of the audit report be?
The ISO 45001 standard itself provides no mention of the audit report, although the ISO 19011 standard provides guidance on auditing management systems; however, if you have good knowledge of the ISO 45001 standard, the elements that need to be captured should be obvious:
Thinking of the possible outcomes and actions from an internal audit on the OHSMS, it would also seem prudent to include the following details on the audit report:
Think of your audit report as a type of report card on your OHSMS – that is, a report on the progress and effectiveness of objectives, with areas identified to improve in the future. The audit itself is a critical element in preparation and readiness for your certification or surveillance audit, but again, the ability to improve processes is only as good as the level of detail found on the report. It is worth noting that while a non-conformance may be fresh in the auditor’s mind on the day, in some cases it may be some weeks before this is reviewed and actions decided upon by the top management team, and therein lies the criticality of the level of detail and accuracy recorded. Whether you decide to audit your full OHSMS at once, or break it down into bite-size sections to enable you to cover all clauses in one year, or even a full certification cycle, the detail on your audit report – whether recording non-conformance, recommendations, or suggestions – has a great bearing on the opportunity to improve the OHSMS and its performance.
Given that the safety objectives and strategic goals of an organization should be aligned, you can see that the internal audit report is more than just a function of the OHSMS or ISO standard, but also a business tool. If your organization works in a “high risk” sector, then employee safety and the OHSMS may be critical to your ability to gain a license to operate in your chosen sector. This level of seriousness again illustrates the importance of the accurate recording, processing, and decision making behind internal audit reporting. Perform this critical element with the correct level of planning and execution, and your OHSMS performance will surely benefit.
For more information on using the ISO 19011 standard to improve internal auditing, download this free white paper: How to perform an internal audit using ISO 19011