Internal audits are a critical performance evaluation tool within ISO 45001:2018. Clause 9.2 requires organizations to conduct planned internal audits to determine whether the OHSMS conforms to the standard’s requirements and the organization’s own requirements, and whether it is effectively implemented and maintained.
What the Standard Requires
Organizations must plan, establish, implement, and maintain an internal audit program that considers the importance of processes concerned, changes affecting the organization, and results of previous audits. For each audit, define the criteria and scope, select auditors who ensure objectivity and impartiality, ensure results are reported to relevant management, take corrective action without undue delay, and retain documented information as evidence.
Best Practices for Internal Audits
- Train internal auditors on ISO 45001 requirements and audit techniques
- Ensure auditor independence — auditors should not audit their own work
- Use an annual audit schedule that covers all clauses over the audit cycle
- Use audit and inspection software to schedule, conduct, and track audit findings
- Report audit results to relevant management and to workers through consultation processes
- Track corrective actions from audit findings through to verified closure
- Complete at least one full cycle of internal audits before the certification audit
Common Pitfalls
- Treating audits as fault-finding exercises rather than improvement opportunities
- Not closing audit findings with verified corrective actions
- Using auditors who lack independence from the area being audited
- Failing to adjust the audit program based on previous results and changes
