Health and Safety audits are a critical element of a successful workplace risk management system. They provide a structured way to assess whether your organisation is complying with legal duties, identify hazards before they result in incidents, and demonstrate to insurers and regulators that you take safety seriously. In the UK, this means aligning with the Health and Safety at Work etc. Act 1974, guidance from the Health and Safety Executive (HSE), and, where adopted, the principles of ISO 45001 for occupational health and safety management systems.
A well-designed audit programme does more than simply check boxes. It encourages continuous improvement, enhances worker engagement, and supports a culture of accountability. For many organisations, key audit components include detailed checklists, photographic evidence logs, trackers for corrective actions, RAG dashboards to visualise audit outcomes, and tools for managing permits and contractor controls.
Kingfisher Professional Services specialises in designing risk-based, tailored audit frameworks that support real-world applications. From frontline walk-throughs to boardroom reviews, our approach ensures audits become a tool for insight, not just oversight.
Legal and Standards Framework
UK Legal Requirements & ISO 45001
The legal requirement to manage workplace risk is enshrined in the Health and Safety at Work etc. Act 1974. This foundational legislation places a duty on employers to ensure, so far as is reasonably practicable, the health, safety, and welfare of employees and others affected by work activities. HSE guidance reinforces this by advocating for systematic checks on safety controls and internal reviews of compliance.
Audits form a critical part of that review process. Whether formal internal audits or informal inspections, they allow organisations to monitor what is working, and what isn’t.
For organisations operating to ISO 45001, audits are not optional; they are a required mechanism for assessing the performance of your Occupational Health and Safety Management System (OHSMS). ISO 45001 places emphasis on risk-based thinking and continual improvement. Audits must be scoped, scheduled, and adjusted based on the complexity of the organisation and its operational risks. A single-site warehouse may need a very different audit regime than a multi-site construction contractor.
Auditing Standards & Competence
A good audit is only as effective as the person carrying it out. Auditor competence is crucial. In smaller organisations, this may be a trained employee, someone with NEBOSH or IOSH qualifications, who understands risk, controls, and reporting standards. In larger or higher-risk organisations, external auditors or health and safety consultants may be preferred to ensure objectivity and specialist knowledge.
Audit competence is often assessed against ISO 19011 (guidance for auditing management systems), and for external providers, ISO 17021. These standards highlight the importance of technical knowledge, impartiality, and consistency in evidence collection and reporting.
Auditors must be capable of linking what is found on the ground with what is stated in policy, and identifying gaps or systemic failings that could pose a risk to people or compliance.
Structuring Your Audit Process
Defining Scope & Frequency
Defining your audit scope is the first step in an effective process. Your audits might focus on a specific site, a high-risk activity, or a set of departments. Scoping is not about checking everything; it’s about prioritising areas where the risk of harm or non-compliance is higher.
Frequency should align with the risk profile of your operations. A generic annual audit may not be enough in high-risk environments. In sectors like construction, manufacturing, or healthcare, it’s common to supplement annual audits with quarterly, monthly, or even weekly inspections in higher-risk areas.
This layered approach creates a responsive audit cadence, where issues are picked up early and learning is continuous.
Pre-Audit Preparation
Preparation plays a major role in determining audit quality. Auditors must have access to core documentation: your Health and Safety Policy, recent risk assessments, training records, maintenance logs, incident reports, permit-to-work files, and records from previous audits.
Auditees, such as department heads, supervisors, or contractors, should be informed well in advance. Providing them with a clear schedule, list of what will be assessed, and the audit format encourages transparency and cooperation.
Pre-audit planning also gives auditors the opportunity to review previous findings and target persistent gaps or risks that have previously been raised.
Execution: Checklist, Interviews & Walkthrough
The audit itself should combine document checks with active observation and worker engagement. Checklists are essential to ensure consistency, but they must be relevant. Generic templates may overlook specific sectoral or site risks. Tailored checklists for hazardous substances, working at height, confined spaces, or lone working improve accuracy.
Walkthroughs give auditors the chance to verify compliance in real time. Are employees wearing the correct PPE? Are machine guards in place? Are COSHH controls being followed? Interviews help confirm whether training has been understood, whether staff feel safe reporting concerns, and whether procedures are embedded in culture, not just on paper.
Capturing & Evaluating Findings
Evidence Logging & RAG Reporting
Capturing audit findings is not just about noting what was wrong. It’s about building a comprehensive record that shows when the issue occurred, where, and what the potential consequence might be.
Evidence should be collected in real time, with clear notes, photographs, timestamps, and severity indicators. Having this evidence allows safety teams to track patterns across sites and ensure issues are seen and addressed by senior leadership.
RAG (Red-Amber-Green) coding is a simple but powerful visual tool. Red items are urgent and pose an immediate risk; amber issues are non-compliant or at risk of becoming critical; green indicates full compliance. This system helps prioritise actions quickly, especially when senior managers need an overview without diving into every line of the report.
Risk-Based Evaluation & Actions
Findings must be assessed based on potential impact, not just compliance. An untidy storeroom may seem minor until it blocks a fire exit. Auditors must use a risk lens to evaluate findings in context.
For each issue, assign responsibility, a deadline for resolution, and a clear plan for follow-up. Where the issue could reoccur, address the root cause through training, procedural change, or design alteration. Without this action-oriented approach, audits risk becoming performative rather than preventative.
Closing the Loop: Follow-Up & Continuous Improvement
Tracking & Verifying Corrective Actions
Once actions are agreed, they must be tracked through to completion. Many organisations use spreadsheets, project management software, or custom dashboards for this purpose. The system should allow you to monitor which actions are outstanding, who is accountable, and when each was last reviewed.
It’s good practice to schedule re-audits or spot checks for any red or high-risk findings to verify that corrective actions have been effective. These follow-ups turn audits from static reports into dynamic drivers of improvement.
Management Review & Systemic Learning
Audit results should never sit on a shelf. They must inform broader management decisions about risk, training, and investment. ISO 45001 calls for structured management reviews that include audit findings as a performance indicator.
Sharing key insights across departments, such as near misses, recurring non-conformities, or training gaps, supports systemic learning. This avoids repeating mistakes and ensures that safety improvements are embedded into culture and systems.
Audits should also inform future policy updates, risk control measures, and refresher training schedules. When used well, they become a vital mechanism for continuous improvement.
Practical Tools & Templates
Audit Checklists & Evidence Logs
Standardised tools ensure audits are consistently conducted and easily benchmarked. Kingfisher provides fully customisable checklists for site safety, fire compliance, machinery inspection, COSHH, and contractor management.
Our evidence log templates allow auditors to upload images, categorise findings, and assign severity levels. This creates an audit trail that is robust, searchable, and accessible to key stakeholders.
Corrective-Action Trackers & Audit Cadence Planner
Action trackers help manage the post-audit workload. Kingfisher’s templates highlight priority levels, assign deadlines, and allow teams to document follow-up actions. Dashboards display progress in real time, reducing the chance that critical actions are delayed or overlooked.
We also offer audit cadence planners – templates to schedule and log all audits throughout the year, including annual reviews, quarterly inspections, and event-triggered audits. This helps maintain accountability and momentum across teams.
How Kingfisher Can Help
Kingfisher Professional Services offers a complete range of support services to strengthen your audit framework and embed safety assurance into daily operations:
- Tailored Audit Frameworks: We help you design a bespoke audit process aligned with legal duties, ISO 45001, and your organisation’s operational risks.
- Practical Audit Tools: We provide custom checklists, evidence logs, action trackers, and RAG dashboards that make auditing streamlined and effective.
- Internal Auditor Training: Our training equips your staff with the skills to carry out competent, confident, and consistent internal audits.
- Ongoing Support & Consultancy: From implementation to follow-up, our consultants provide expert guidance, sector-specific insights, and compliance assurance.
With Kingfisher by your side, audits become a foundation for informed decision-making, reduced risk exposure, and a safer, more resilient workplace.
Conclusion
Health and Safety audits are more than a compliance requirement; they are a proactive tool for creating a safer workplace and building a culture of accountability. By assessing how safety is practised on the ground, identifying risks before incidents occur, and ensuring that corrective actions are followed through, audits support legal compliance and long-term performance improvement.
With the right structure, competent auditors, tailored tools, and expert guidance, audits can transform from a checklist exercise into a genuine driver of organisational change.
Partner with Kingfisher Professional Services to ensure your audit strategy is robust, responsive, and risk-informed.