• Phil Potter

ISO 45001:2018 Clause 9.2 Internal Auditing

9.2.1 General

Your organization will conduct internal audits at planned intervals to provide information on whether the OH&S management system conforms to:

  1. Your organization’s own requirements for its OH&S management system (including the OH&S policy and OH&S objectives)

  2. The requirements of the ISO 45001:2018 standard

These audits will also be carried out to ensure the OH&S management system is effectively implemented and maintained.



9.2.2 Internal audit program:

Your organization will:


1. Plan, establish, implement and maintain an audit programme

This includes documenting the;

  • frequency

  • methods

  • responsibilities

  • consultation

  • planning requirements

  • reporting

This shall take into consideration the importance of the processes concerned and the results of previous audits.


You can have a program that spans say 3 years with the higher risk and compliance areas of your system looked at more regularly.


Click here to download an example of an audit schedule.



2. Define the audit criteria and scope for each audit

This includes outlining what you are looking at in your audit and what you need to carry it out.



3. Select auditors and conduct audits

When doing this, you must ensure ensure objectivity and the impartiality of the audit process. Auditors should have some form of training external with on the job training as well.



4. Ensure results of the audits are reported to relevant managers

Ensure that relevant audit results are reported to workers, and, where they exist, workers’ representatives, and other relevant interested parties.


Results should be presented at Management Meetings, your consultation meetings and at your Safety Management System Review Meetings.



5. Take action to address nonconformities and continually improve its OH&S performance

I will go into more detail on this in clause 10, where we will look at how you raise nonconformances, corrective actions and opportunities for improvement.



6. Retain documented information

It is important that you keep documented information as a source of evidence of the implementation of the audit program and the audit results.


You need to maintain an audit program, record/document your audit findings and maintain records of nonconformances, corrective actions and improvement opportunities.


You also need evidence of how the results of audits are communicated to workers and other relevant parties.

RESOURCE: SMS Audit Programme 2019


For more information on auditing and the competence of auditors, see ISO 19011.