ISO 45001:2018 – Clause 9.2: Internal Audit

Compliance Management, ISO Standards, Management Systems, Occupational Health & Safety

ISO 45001:2018, the Occupational Health and Safety Management System standard was published in early March 2018. This is the twenty-second in a series of blogs, in which we describe what the implementing company must do in order to meet the requirement of the standard. We will now look at clause 9.2: Internal audit.

ISO 45001:2018 – Clause 9.2: Internal Audit

ISO 45001

Clause 9.2.1 General

The organisation must conduct internal audits at planned intervals to provide information on whether the OH&S management system conforms to the organisation’s own requirements for its OH&S management system, including the OH&S policy and OH&S objectives and the requirements of ISO 45001.  In addition, the audit allows the organisation to determine if its OH&S management system is effectively implemented and maintained. The extent of the audit programme should be based on the complexity and level of maturity of the OH&S management system.

Clause 9.2.2 Internal Audit Programme

The organisation must plan, establish, implement and maintain an audit programme, which contains information on:

  • The frequency that audits are conducted;
  • The methodology/protocol used (should be in general conformance with the requirements of ISO 19011:2011 Guidelines for auditing management systems;
  • Who is responsible for managing and conducting audits;
  • What consultation takes place with auditees and the general workforce;
  • How the audits are planned and implemented;
  • The format for reporting audits.

The planning of the internal audit programme must recognise the importance of the processes concerned and the results of previous audits.  This would be reflected in the audit programme being based on the results of the risk assessments of the organisation’s activities and the results of previous audits, which in turn would guide the organisation in determining the frequency of audits of particular activities, areas or functions and what parts of the OH&S management system should be given attention.

The OH&S management system audits should cover areas and activities within the scope of the OHSMS as defined by clause 4.3 of the standard and also assess conformity to ISO 45001.

The organisation must define the audit scope and audit criteria for each audit. Audit evidence should be evaluated against the audit criteria to generate the audit findings and conclusions. Audit evidence should be verifiable.

Prior to conducting the audit, the auditors should review appropriate OH&S management system documented information, and the results of prior audits. This information should be used by the organisation in planning for the audit.

The organisation must select auditors and conduct audits to ensure objectivity and the impartiality of the audit process. It can establish objectivity and impartiality of the internal audit process by creating a process that separates auditors’ roles as internal auditors from their normal assigned duties. Alternatively, it can utilise the services of external companies to conduct its internal audit programme.

After the audit is complete the auditors must ensure that the results of the audits are reported to relevant managers. In addition, relevant audit results must be reported to workers; where they exist, to workers’ representatives and to other relevant interested parties.

The organisation must take action to address nonconformities in a timely and efficient manner and continually improve its OH&S performance. The audit report should be clear, precise and comprehensive.

The organisation must retain documented information as evidence of the implementation of the audit programme and the audit results.

H&S , Health & Safety , ISO 45001 , Occupational Health & Safety , OHS , OHSAS 18001
Related Posts
UK and Ireland: COVID-19 Legislation and Guidance Update The Covid-19 Emergency in Europe UK and Ireland: COVID-19 – What the legislation and guidance is saying? Ergonomics – Importance in the Workplace and Employer’s Responsibilities Legislation Update Ireland: New Ionising Radiation Regulations 2019 Revised Code of Practice for Access and Working Scaffolds Improving Worker Consultation & Participation – ISO 45001:2018 The Safety, Health & Welfare at Work (Chemical Agents) Regulations 2001: Changes & Impacts Practical Ways of Demonstrating Top Management Involvement in ISO 45001 for OH&S Management System The Safety, Health and Welfare at Work (Electromagnetic Fields) Regulations
Request a Demo  
Request a Demo

See Pegasus in action

The best way to understand what Pegasus can do for you, is to see it in action. Request a demo and one of our consultants will set-up a quick online tailored demo to run through the relevant aspects of the service.
  • This form collects your details above so we can contact you back in relation to your enquiry. Please see our privacy policy for more information.