Skip to content

HSE inspections up 47% - HSE carried out over 13,200 workplace inspections in 2024/25.

Blog/HEALTH & SAFETY

Health and Safety Audits: What They Are and Why Your Business Needs One

A
Arinite Health & Safety Consultants
June 13, 2026
20 min read
Health and Safety Audits: What They Are and Why Your Business Needs One

A health and safety audit is a systematic, independent, and documented examination of whether an organisation's health and safety management is genuinely working, not merely whether the right documents exist, but whether they are implemented, effective, and producing real protection. It is the most powerful assurance tool available to any business: the mechanism through which leadership discovers what is actually happening on the ground, regulators and insurers see evidence of due diligence, and procurement teams confirm a supplier is safe to engage. Yet health and safety audits are widely misunderstood, often confused with inspections or risk assessments, and frequently neglected until an incident, an enforcement action, or a failed tender forces the issue. With the HSE securing over £33 million in fines across 246 prosecutions in 2024/25, and procurement and ESG demands rising, the documented evidence that only a genuine audit provides has never mattered more. This guide explains what health and safety audits are, what they examine, how often to conduct them, and how to choose the right auditor.

Why Health and Safety Audits Are the Foundation of Assurance

Every organisation believes its health and safety management is adequate, until something proves otherwise. The purpose of a health and safety audit is to replace that belief with evidence.

The distinction matters because the gap between documented intention and operational reality is where workplace harm and regulatory enforcement occur. A business may have a comprehensive health and safety policy, a full set of risk assessments, and a training matrix, and still be failing in practice because the controls specified in the risk assessments were never implemented, the training lapsed, or the policy describes arrangements that no longer reflect how the organisation actually operates. Only an audit reveals these gaps before they cause harm.

Health and Safety Audits serve four distinct audiences simultaneously:

  • Leadership and boards, who need objective assurance that the organisation is genuinely managing its risks and meeting its legal obligations
  • Regulators, for whom a history of independent audit demonstrates the systematic management and due diligence the law expects
  • Insurers, who price risk partly on the quality of safety management and the evidence supporting it
  • Clients and procurement teams, who increasingly require audit evidence as a condition of doing business

This combination of internal assurance and external evidence is why the audit sits at the heart of credible health and safety management.

1. What Is a Health and Safety Audit?

A health and safety audit is a structured, systematic, and documented evaluation of an organisation's health and safety management system, assessing how effectively it identifies hazards, controls risks, complies with legal requirements, and protects people.

Crucially, an audit examines the management system as a whole, not just individual hazards. It asks not only "are the fire exits clear?" but "is there a functioning process that ensures fire exits remain clear, that someone is accountable for checking, that failures are recorded and corrected, and that the arrangement is reviewed?" The audit assesses the system that produces safety, not only the conditions at a single moment.

The defining characteristics of a health and safety audit:

  • Systematic: It follows a structured methodology against defined criteria, not an informal walk-around
  • Independent: It is conducted objectively, ideally by someone independent of day-to-day management of the area being audited, so that familiarity does not conceal problems
  • Documented: It produces a formal report with findings, evidence, and recommendations, creating the record that provides assurance and evidence
  • Evidence-based: Findings are supported by what the auditor has seen, read, and been told, not assumption

A health and safety audit is the "Check" stage of the Plan-Do-Check-Act cycle that underpins the HSE's HSG65 Managing for Health and Safety framework, the point at which an organisation verifies whether its arrangements are actually working.

2. Audit vs Inspection vs Risk Assessment: Understanding the Difference

These three activities are frequently confused, and the confusion leads businesses to believe they are doing more than they are. Each is distinct, and each is necessary.

Risk assessment identifies hazards, evaluates the risk they present, and specifies the controls needed. It answers: "What could cause harm here, and what should we do about it?" It is forward-looking and hazard-focused.

Inspection is a routine, often frequent, check of physical conditions and working practices against a checklist. It answers: "Are conditions safe right now?" A workplace inspection might happen weekly or monthly, checking that fire exits are clear, equipment is in good order, and practices are being followed.

Audit is a periodic, in-depth examination of the whole management system. It answers: "Is our entire approach to managing health and safety working, and how do we know?" An audit assesses not just current conditions but the systems, processes, accountability, and culture that produce those conditions over time.

An illustration of the difference: A risk assessment identifies that a machine needs guarding. An inspection checks that the guard is in place today. An audit asks whether there is a reliable system ensuring all machines are assessed, all guards maintained, all failures reported and fixed, all relevant staff trained, and the whole arrangement reviewed, and whether that system is actually working across the organisation.

All three are needed. A business that inspects diligently but never audits may have safe conditions today while its underlying management system quietly decays. The audit is what catches systemic weakness before it produces failure.

3. Why Health and Safety Audits Matter: The Four Returns

A health and safety audit delivers value across four distinct dimensions, making it one of the highest-return investments in any organisation's risk management.

Legal protection and due diligence: UK health and safety duties are qualified by "so far as is reasonably practicable." An organisation that conducts regular independent audits, acts on the findings, and can demonstrate continuous improvement has the strongest possible evidence that it took all reasonably practicable steps, the foundation of any defence in enforcement action or civil litigation. The Health and Safety at Work Act 1974 and Management of Health and Safety at Work Regulations 1999 set the duties; the audit evidences compliance with them.

Genuine risk reduction: Audits find the gaps that day-to-day management misses, the controls that were specified but never implemented, the training that lapsed, the procedure that everyone stopped following. Closing these gaps prevents the incidents they would otherwise have caused.

Commercial advantage: Procurement processes, SSIP accreditation schemes, the Common Assessment Standard, ESG reporting, and insurance underwriting all increasingly require evidence of audited safety management. A current independent audit report is frequently the difference between qualifying for a contract and being excluded.

Continuous improvement: Each audit establishes a baseline and measures progress against the last, driving the systematic improvement that turns compliance from a static minimum into an upward trajectory, exactly what the HSG65 framework and ISO 45001 expect.

4. The Health and Safety Audit Process

A professional health and safety audit follows a structured process designed to produce reliable, evidence-based findings.

Step 1: Scoping and planning The auditor agrees the scope, which sites, activities, and elements of the management system are included, and the criteria against which the audit will assess, typically legal requirements, the organisation's own policies, and recognised standards such as HSG65 or ISO 45001.

Step 2: Documentation review The auditor examines the health and safety management documentation: the policy, risk assessments, training records, maintenance and inspection records, incident and near-miss records, previous audit reports, and any enforcement history. This establishes what the system is supposed to do.

Step 3: Site assessment and observation The auditor examines physical conditions and working practices, comparing what the documentation says with what actually happens. This is where the gap between intention and reality becomes visible.

Step 4: Interviews The auditor speaks with people at all levels, senior leaders, managers, and frontline staff, to test whether documented arrangements are understood, implemented, and effective in practice. Frontline interviews frequently reveal the gap between policy and reality.

Step 5: Evaluation and findings The auditor evaluates the evidence against the audit criteria, identifying findings and rating them by significance, typically as critical, major, or minor, so that the organisation can prioritise.

Step 6: Reporting The auditor produces a structured report setting out findings, the evidence supporting each, the relevant legal or standard reference, and specific, actionable recommendations.

Step 7: Action planning and follow-up Findings are translated into an action plan with named owners and deadlines, and progress is tracked to completion, frequently through Health and Safety Consultants and Software that escalate overdue actions automatically. The follow-up is what turns an audit from a document into improvement.

5. What a Health and Safety Audit Examines

A comprehensive health and safety audit assesses the full breadth of an organisation's management system. While the specific scope varies by sector and risk profile, a thorough audit typically examines the following.

Policy and leadership: Is there a current, signed health and safety policy? Does leadership demonstrate genuine commitment, through resource allocation, board-level attention, and visible engagement?

Organisation and accountability: Is a competent person appointed? Are health and safety responsibilities clearly defined and understood at every level?

Risk assessment: Are risk assessments suitable and sufficient, specific to actual conditions, current, and, critically, are the controls they specify actually implemented?

Training and competence: Have all workers received the training their roles require? Is it current? Are records complete?

Operational control: Are safe systems of work in place and followed? Are contractors managed? Is equipment maintained?

Emergency arrangements: Are fire safety, first aid, and emergency procedures adequate and tested? Are fire risk assessments current?

Incident management: Are incidents and near misses reported, investigated for root cause, and acted upon? Are RIDDOR obligations met?

Monitoring and review: Does the organisation monitor its own performance, inspect regularly, and review its arrangements when things change?

Culture: Do workers feel able to raise concerns? Is safety genuinely valued, or treated as a paperwork exercise?

6. Types of Health and Safety Audit

Health and safety audits come in several forms, each serving a different purpose. Understanding the types helps organisations commission the right audit for their needs.

Compliance audit: Assesses whether the organisation meets its legal obligations, the most common type, providing assurance and due diligence evidence against regulatory requirements.

Management system audit: Assesses the management system against a recognised standard such as ISO 45001 or the HSG65 framework, examining the whole system rather than only legal compliance. Essential for organisations pursuing or maintaining ISO 45001 certification.

Baseline audit: Establishes a starting position, common when a business first engages a consultant, following an acquisition, or when entering a new market, against which future progress is measured.

Pre-acquisition or due diligence audit: Assesses the health and safety position of a target business before acquisition, identifying liabilities and integration requirements that affect valuation and post-completion planning.

Internal vs external audit: Internal audits, conducted by the organisation's own staff, are valuable for routine monitoring but lack independence. External audits, conducted by an independent qualified auditor, provide the objectivity and credibility that boards, regulators, insurers, and clients require. A robust programme typically combines both: frequent internal monitoring and periodic independent external audit.

Virtual, in-person, and hybrid audit: Audits can be delivered in person, virtually using video and digital tools, or as a hybrid combining both, an increasingly common approach that balances thoroughness with cost and reach, particularly for multi-site and international programmes.

7. How Often Should a Health and Safety Audit Be Conducted?

There is no single legally mandated audit frequency, the right interval depends on the organisation's size, sector, risk profile, and circumstances. However, clear best-practice patterns apply.

Annual independent audit as the baseline: For most organisations, an annual independent Health and Safety Audit is the standard. It aligns with the natural cycle of policy review, provides regular assurance, and demonstrates the ongoing due diligence that regulators and insurers expect.

More frequent audit for higher-risk operations: Organisations in higher-risk sectors, construction, manufacturing, healthcare, or those with complex operations or poor recent performance, benefit from more frequent audit, sometimes six-monthly or quarterly for specific high-risk activities.

Trigger-based audit: Beyond the regular cycle, audit should be triggered by significant change: a major expansion, a new site, an acquisition, a serious incident, a change in activities, or new legal requirements. Each materially changes the risk picture and warrants fresh assessment.

The relationship with inspection: Audit and routine inspection work together. Frequent inspections (weekly or monthly) monitor current conditions; periodic audits (annually or more often) assess the whole system. The two are complementary, not alternatives.

The most important principle is consistency: a regular, sustained audit programme that establishes a baseline and measures improvement over time delivers far more value, and far stronger evidence, than occasional ad hoc audits.

8. Health and Safety Audit Software and Technology

Modern health and safety audits are increasingly delivered through, and supported by, Health and Safety Consultants and Software platforms that transform their efficiency, consistency, and value.

What audit software provides:

Digital audit checklists: Structured templates completed on a tablet or phone during the audit, with findings rated by severity and evidence, including photographs, captured directly.

Consistent methodology: The same criteria applied across every audit and every site, enabling meaningful comparison and trend analysis across an estate.

Automatic action generation: Each finding generates an action assigned to a named owner with a deadline, entering the action management system immediately rather than after a report is circulated.

Action tracking and escalation: Outstanding actions tracked to completion, with overdue items escalating automatically, closing the gap between identifying a problem and fixing it, which is where audits most often fail to deliver.

Report generation: Structured reports produced directly from completed checklists, dramatically reducing turnaround time.

Trend analysis: Findings tracked across successive audits, revealing whether the organisation is genuinely improving and where systemic issues persist.

Multi-site dashboards: For organisations with several locations, consolidated visibility of audit findings and action status across the whole estate.

The combination of expert auditor and audit software produces audits that are more thorough, more consistent, faster to report, and more reliably acted upon than paper-based approaches, while the auditor's professional judgement remains central.

9. Choosing a Health and Safety Auditor

The credibility and value of an audit depend heavily on the competence and independence of the auditor. With an unregulated market, choosing the right auditor requires evaluating specific criteria.

Professional qualification: The auditor should hold a recognised professional credential, in the UK, CMIOSH (Chartered Member of IOSH) and OSHCR registration, supported by the HSE. Verify that the individual conducting the audit holds these credentials, not only the firm's leadership.

Independence: The auditor should be independent of the day-to-day management of the area being audited. This is why external audit carries more weight than internal, the external auditor has no stake in the findings and no familiarity that might cause issues to be overlooked.

Sector experience: An auditor with genuine experience in the organisation's sector will identify the hazards and assess the controls that matter most. Ask for evidence of comparable clients.

Methodology: A credible auditor uses a structured, recognised methodology, typically aligned to HSG65 or ISO 45001, and can explain their approach, their findings rating system, and how they support conclusions with evidence.

Reporting quality: The audit report is the deliverable. Ask to see an anonymised example. A good report is clear, specific, evidence-based, prioritised, and actionable, not a generic checklist with boxes ticked.

Professional indemnity insurance: Confirm the auditor carries appropriate cover.

Technology capability: Modern auditors use digital platforms that make audits more consistent, actionable, and trackable than paper-based approaches.

10. International Health and Safety Audits

For organisations operating across multiple countries, International Health and Safety Audits provide consistent assurance across borders, a significant challenge given that each jurisdiction has its own legal framework.

The international audit challenge: A UK compliance audit assesses against UK law. It does not assess whether a Dutch office meets the Arbowet, whether a French office has a compliant DUERP, or whether a German office meets DGUV requirements. Auditing international operations requires either local knowledge in each jurisdiction or a consistent methodology with jurisdiction-specific compliance layers.

How international audit programmes work: The most effective international audit programmes use a consistent assessment framework, typically ISO 45001-aligned, applied across all locations, with each country's specific legal requirements, the Dutch RI&E, the French DUERP and PAPRIPACT, the German Gefährdungsbeurteilung, incorporated as local compliance criteria. This produces comparable findings across countries, enabling group management to benchmark performance and direct resources to where risk is highest.

Board-level assurance across borders: Group boards and audit committees need assurance that health and safety is managed effectively across all operations, not only the home market. International audit reports, using consistent methodology, provide this in a format appropriate for governance and ESG reporting.

International Health and Safety Consultants who combine consistent methodology with genuine in-country knowledge deliver the international audit programmes that globally active organisations require.

11. Health and Safety Audits and ISO 45001

ISO 45001, the internationally recognised occupational health and safety management system standard, places audit at the heart of its requirements, and health and safety audits are central to both achieving and maintaining certification.

Internal audit under ISO 45001: Clause 9.2 of ISO 45001 requires organisations to conduct internal audits at planned intervals to assess whether the management system conforms to both the organisation's own requirements and the requirements of the standard, and whether it is effectively implemented and maintained. A structured internal audit programme is therefore a mandatory element of ISO 45001 compliance.

Certification and surveillance audits: ISO 45001 certification is granted following a certification audit by an accredited certification body, and maintained through periodic surveillance audits. The organisation's own internal audit programme is what ensures it is ready for, and remains compliant between, these external assessments.

The audit as the engine of continual improvement: ISO 45001 is built around continual improvement, and audit is the mechanism that drives it, identifying nonconformities and opportunities, feeding corrective action, and measuring progress over time.

For organisations pursuing or holding ISO 45001 certification, a robust health and safety audit programme is not optional, it is fundamental. Professional Health and Safety Audits aligned to the standard provide both the internal audit the standard requires and the readiness for external certification assessment.

12. How Arinite Delivers Health and Safety Audits

Arinite provides independent Health and Safety Audits to organisations across every sector and, through International Health and Safety Consultants, across 50+ countries, supporting over 1,500 businesses with a 95%+ client retention rate.

Arinite's audit services:

Independent compliance audits: Systematic, evidence-based assessment against UK legal requirements and recognised standards, conducted by CMIOSH-qualified, OSHCR-registered auditors, producing clear, prioritised, actionable reports.

Management system audits: Assessment against the HSG65 framework and ISO 45001, supporting organisations pursuing or maintaining certification.

Baseline and due diligence audits: Establishing starting positions for new clients, post-acquisition integration, and pre-acquisition assessment.

International Health and Safety Audits: Consistent audit methodology across global operations, with jurisdiction-specific compliance layers, producing comparable group-level assurance.

Virtual, in-person, and hybrid delivery: Audit delivery matched to the organisation's risk profile, locations, and budget.

Health and Safety Consultants and Software: Audits delivered through integrated platforms, with digital checklists, evidence capture, automatic action generation and tracking, trend analysis, and multi-site dashboards.

The full management picture: Because Arinite also provides risk assessment, policy, training, and competent person services, audit findings connect directly to the support that addresses them, turning assurance into improvement.

Named clients including Bell Rock Capital, Figma, Akamai, SUSE, Nikon, Shutterstock, Hearst, IPG, and B&Q rely on Arinite's audit services for objective assurance and documented due diligence.

Frequently Asked Questions

What is a health and safety audit?

A health and safety audit is a systematic, independent, and documented examination of an organisation's health and safety management system, assessing how effectively it identifies hazards, controls risks, complies with the law, and protects people. It examines the whole management system, not just individual hazards or current conditions.

What is the difference between a health and safety audit and an inspection?

An inspection is a routine check of physical conditions and practices, answering "are things safe right now?" An audit is a periodic, in-depth examination of the whole management system, answering "is our entire approach to managing safety working, and how do we know?" Inspections are frequent and condition-focused; audits are periodic and system-focused. Both are necessary.

How often should a health and safety audit be conducted?

For most organisations, an annual independent audit is the standard. Higher-risk operations may audit more frequently. Audit should also be triggered by significant change, expansion, a new site, an acquisition, a serious incident, or new legal requirements. Consistency over time matters more than any single interval.

Who should conduct a health and safety audit?

A credible audit is conducted by a qualified, independent auditor, in the UK, holding CMIOSH status and OSHCR registration. Independence is key: an external auditor provides the objectivity and credibility that internal audits cannot, which is why boards, regulators, insurers, and clients place greater weight on external audit.

What does a health and safety audit examine?

A comprehensive audit examines policy and leadership, organisation and accountability, risk assessment, training and competence, operational control, emergency arrangements, incident management, monitoring and review, and safety culture, assessing not just whether documents exist but whether the system genuinely works in practice.

How do health and safety audits support ISO 45001?

ISO 45001 Clause 9.2 requires internal audits at planned intervals to verify the management system conforms to the standard and is effectively implemented. A robust internal audit programme is mandatory for ISO 45001 compliance and ensures readiness for the external certification and surveillance audits that grant and maintain certification.

Can health and safety audits be conducted across international operations?

Yes. International Health and Safety Audits use consistent methodology, typically ISO 45001-aligned, across all locations, with each country's specific legal requirements incorporated as local compliance criteria. This produces comparable findings that give group management benchmarked assurance across all jurisdictions.

Taking the Next Step

A health and safety audit is the most powerful assurance tool available to any organisation, the mechanism that replaces the belief that safety is managed with the evidence that it is. Whether you need a first baseline audit, an annual compliance audit, ISO 45001 management system assessment, or coordinated international audit across multiple countries, professional independent audit protects your people, your organisation, and its leaders.

Assess your current position: Take our Health and Safety Quiz to evaluate your compliance across the areas an audit would examine.

Discuss your audit needs: Book a free Gap Analysis Call with an Arinite consultant to agree the right audit scope and approach for your business.

Commission your audit: Contact Arinite to arrange an independent Health and Safety Audit from our CMIOSH-qualified, OSHCR-registered auditors, for UK and international operations.

Arinite provides independent Health and Safety Audits and Health and Safety Consultants services to over 1,500 global businesses across the UK and 50+ countries. Key external resources: HSG65 Managing for Health and Safety | Management of Health and Safety at Work Regulations 1999 | Health and Safety at Work Act 1974 | HSE enforcement statistics | ISO 45001 standard | OSHCR consultant register

Share this article
HEALTH & SAFETY
A

Written by

Arinite Health & Safety Consultants

Health & Safety Expert at Arinite

More Articles

Related Articles

Outsourced Health and Safety: What It Is and How It Works
HEALTH & SAFETY

Outsourced Health and Safety: What It Is and How It Works

June 13, 2026
19 min read
Office Health and Safety Consultancy Services for Financial, Fintech, and Professional Firms
HEALTH & SAFETY

Office Health and Safety Consultancy Services for Financial, Fintech, and Professional Firms

June 12, 2026
19 min read
Safety and Health Consultant: Roles, Services, and the Value They Deliver
HEALTH & SAFETY

Safety and Health Consultant: Roles, Services, and the Value They Deliver

June 12, 2026
18 min read
Free Resources

Health & Safety Factsheets

Download our comprehensive library of expert guides, checklists, and templates.

Browse Library
Get Professional Help

Need Expert H&S Advice?

Our qualified consultants are ready to support your specific business needs.

020 7947 9581Contact Us