Who’s handling your safety audits? Internal vs. external

This post examines the pros and cons of internal vs. external  safety auditing within your organisation. It also discusses what a safety audit is and why your organisation should conduct one. 

What is a safety audit?

A number of different definitions exist about ‘health and safety auditing’. The HSE Guidelines for Best Practice define a health and safety audit as:

“the collection of independent information on the efficiency, effectiveness and reliability of the total health and safety management system and drawing up plans for corrective action.”

OHSAS 18001 defines an audit as:

“the systematic examination to determine whether activities and related results conform to planned arrangements and whether these arrangements are implemented effectively and are suitable for achieving the organisation’s policy and objectives.”

These definitions stress the importance of the ‘global’ and ‘systems’ aspects of auditing and by conducting this auditing activity it will highlight the effectiveness of your health and safety management control systems and identify areas of weaknesses within your organisation.

After speaking to a number of customers about auditing, a large number of them prefer to use an audit that provides a numerical measure to quantify data. The reason for this is so it can be easily identified and compared from year to year. The HSE also approve the use of this type of auditing, however they will not endorse any particular audit system. Our Quality Safety Auditing course and consultancy service is based on this type of auditing system and provides reliable auditing methodology which ensures consistency in scoring from year to year.

Why do an audit?

So why should your organisation conduct a health and safety audit? The main reason is that you must comply with health and safety legislation including the Health and Safety at Work Act etc 1974 and the Regulations made under this Act.

You must regularly examine the quality and effectiveness of your health and safety management systems. It is notable that when the HSE conduct their investigations into major accidents, it usually highlights health and safety management failures as being the root of the cause.

A small number of health and safety professionals feel that a health and safety audit should be conducted with an open mind and a blank sheet of paper, rather than assessments forms/auditing checklists. At RoSPA we disagree with this type of audit as it brings into questions the audit’s validity, reliability and objectivity.

RoSPA’s reasons why a health and safety audit should be conducted:

  • It is an essential feature of successful health and safety management systems
  • Control systems weaken over time and need to be constantly reviewed
  • It facilitates planned improvements to the safety management system to reduce losses
  • It helps improve skills and identify weaknesses in human resources
  • It helps demonstrate management commitment to employees, health and safety committee members and third parties.

How to conduct a safety audit?

There are two potential routes to auditing your organisation. The first method is to train an employee to become your internal safety auditor or alternatively an external auditor could be appointed to conduct this safety audit. Here are our pros and cons of both routes:

 Internal auditor 

External auditor

  • Organisations can view the auditor as a  ‘management instrument’ in developing performance standards and working procedures into place
  • Your trained auditor will have greater understanding of how your organisation operates
  • Internal auditors are given more freedom to help with suggestions and will highlight  what sort of action is necessary
  • The audit can be carried out in segments, which also allows it to be flexible and minimise disruption within your organisation
  •  More cost effective in the longer run


  • Auditors tend to be Chartered Members of the Institution of Occupational Safety and Health (CMIOSH) and OSCHR registered
  • Benchmark your organisation against other organisations outside or within your sector
  • Experience of conducting health and safety audits within various industries
  • Unbiased and expert recommendations, detailed report
  • Your organisation can receive an auditing award at the same time as the audit is conducted, which will demonstrate the findings from your safety audit
  • Internal audit reports are not accepted by either shareholders or tax authorities
  • Audit may be biased and therefore organisations cannot depend on such reports
  • If the audit is not conducted by a professional auditor, there could be a higher chance of errors not being detected  
  • Priority may not be given to conducting the audit
  •  Conflicts may arise


  • Your organisation needs to allocate staff time and management to the external auditor
  • An external auditor does not fully understand how your organisation operates
  • An external auditor normally is given a lack of freedom within the organisation that they are visiting
  • Can be expensive and time-consuming, however many training and consultancy providers are flexible with their approach to conducting their safety auditing

Whichever route to auditing you decide to implement, the main duty of any health and safety auditor is to look at your organisation’s safety management systems and assess them in line with the chosen criteria. You can then determine compliance with:

  • Current legislative requirements
  • Good safety management practice, in line with the HSE’s Guidance for Best Practice
  • BS 18004:2008 Guide to achieving effective occupational health and safety performance

Which safety audit system is your organisation using?

If you require any additional assistance with choosing the correct health and safety audit service, please complete our free audit selection tool, which will help determine the correct solution for your organisation.

One thought on “Who’s handling your safety audits? Internal vs. external

Add yours

Powered by WordPress.com.

Up ↑

%d bloggers like this: