Document Control

INTERNAL AUDIT PROCEDURE Reference: OHSMS DOC 9.2

Issue No: 1
(TIER 2) Issue Date:
Page: 1 of 3

1 Scope

This procedure applies to internal OH&S audits. It establishes the requirements for
their planning, preparation, performance, reporting, follow-up and close-down.

[].

[].

2. Responsibilities

The Health and Safety Officer is responsible for the overview and implementation
of this procedure.

Appointed Internal Auditors (including, where applicable, the Health and Safety
Officer) are responsible for the preparation, execution and reporting of audits
assigned to them for completion, in accordance with the training they have
received and the requirements of this procedure. This may require third parties to
be appointed to conduct internal health and safety audits.

[].

3 Procedure

3.1 The Health and Safety Officer shall establish an audit schedule (OHSMS REC
9.2.1) of sufficient scope to ensure that each aspect of the OH&S
management system is audited at least annually. The schedule will identify
the scope/criteria and frequency of audits and will be reviewed and agreed by
Top Management. The plan will be published to all Manager/Executive
(generic/line) and Employees/Staff as appropriate.

3.2 The Health and Safety Officer will propose the audit schedule at least three
months in advance of the start date. They will schedule audits with due Commented [A1]: Normally, the next audit is
consideration to: scheduled immediately following the successful
completion of the current audit.

• Business need;
• Severity of findings at most recent internal audit;
• [];
• []; and
• [].

Audit performance will be reviewed as part of the management review.

3.3 Audits will be assigned to Internal Auditors who are trained to conduct that
type of audit. Internal Auditors shall be deemed as ‘trained’ at the discretion
of the Health and Safety Officer or Top Management, as appropriate.

Organisation Name Classification_3

© IT Governance Publishing Ltd 2018

www.itgovernancepublishing.co.uk
Comments to ssmith@itgovernancepublishing.co.uk
 Document Control
INTERNAL AUDIT PROCEDURE Reference: OHSMS DOC 9.2
Issue No: 1
(TIER 2) Issue Date:
Page: 2 of 3

Internal Auditors may undergo a variety of development practices to further Commented [A2]: E.g. accompanied audits, audit
develop their auditing skills. review meetings and other development methods.

3.4 [].

3.5 []:

• [].
• [].

3.6 Internal Auditors conduct the audit. They examine the objective evidence,
including records, observes activities and records relevant details.

[].

3.7 Confidentiality during audit: Internal Auditors will observe confidentiality at

all times, especially when checking sensitive information.

3.8 During an audit, the Internal Auditors evaluate the evidence found. Findings
from the audit may be:

• Examples of good or best practice.

• Opportunity for improvement – where there is an opportunity for
improvement, or the activity largely meets the requirements but there are
some minor discrepancies.
• [].

[].

3.9 Following completion of an audit, the Internal Auditors prepare a formal audit
report, comprising an audit lead sheet (OHSMS REC 9.2.2), a number of
nonconformance reports (OHSMS REC 10.2B) – one relating to each non-
conformance identified, including those closed at the time of the audit) – and
additional sheets covering observations. The findings of the audit are
summarised on the audit lead sheet, including the number and nature of
nonconformances.

[].

3.10 The Internal Auditors obtain the signature of the main auditee on the audit
lead sheet, acknowledging the findings, and on each non-conformance report
to agree the nonconformity. A copy of the audit lead sheet is given to the
auditee for information and the complete report, together with all working
papers, is sent to the Health and Safety Officer.

3.11 The Health and Safety Officer will file any working papers that do not form
part of the official report separately.

On receipt of the completed audit report, the Health and Safety Officer logs
the report and progresses any nonconformance reports through the
Organisation Name Classification_3

© IT Governance Publishing Ltd 2018

www.itgovernancepublishing.co.uk
Comments to ssmith@itgovernancepublishing.co.uk
 Document Control
INTERNAL AUDIT PROCEDURE Reference: OHSMS DOC 9.2
Issue No: 1
(TIER 2) Issue Date:
Page: 3 of 3

Nonconformity and Corrective Action Procedure (OHSMS DOC 10.2B), cross-

referencing the non-conformance report log number on the audit lead sheet.

3.12 [].

3.13 [].

3.14 [].

3.15 [].

3.16 [].

Document owner and approval

The Health and Safety Officer is the owner of this document and is responsible for
ensuring that this procedure is reviewed in line with the requirements of the
management system.

The current version of this document is available to [all/specified] members of staff

on the [corporate intranet] and is published [describe other/hardcopy availability].

This document is approved by Top Management on the issue date shown and is
issued on a version-controlled basis under appropriate signature.

Signature: Name: Date:

Change history record

Issue Description of change Approval Date of issue

1.0 Initial issue <Manager> dd/mm/yyyy

Organisation Name Classification_3

© IT Governance Publishing Ltd 2018

www.itgovernancepublishing.co.uk
Comments to ssmith@itgovernancepublishing.co.uk