A health and safety audit is not an inspection designed to catch you out. Understanding what the process actually involves makes it considerably more useful for your business.
Many businesses approach a health and safety audit with a degree of apprehension, particularly if it is their first one or if it follows a period where health and safety management has not received consistent attention. That reaction is understandable, but it tends to be based on a misunderstanding of what an audit is actually for.
An audit is a structured assessment of how well your health and safety arrangements are working. It is not about finding fault for its own sake. The purpose is to give you an accurate picture of where your systems are effective and where they need attention, so that you can address gaps before they become incidents, enforcement notices or worse.
This article walks through what typically happens during a professional health and safety audit, what auditors look at, and what a useful audit report should contain.
Before the Audit Begins
A well-run audit starts before the auditor sets foot on site. You should expect some initial dialogue about the scope of the review, the nature of your business, the size of your operation and any specific areas of concern you want covered. This allows the audit to be focused and relevant rather than generic.
You may be asked to provide documentation in advance, such as your health and safety policy, recent risk assessments, training records and any previous audit reports. Reviewing these ahead of the visit allows the auditor to arrive with an informed understanding of your existing arrangements and to focus their time on site more effectively.
If you are anxious about what to prepare, a straightforward conversation with the auditor beforehand will usually clarify what is needed. There is no benefit to either party in arriving unprepared.
What the Auditor Will Look at on the Day
The on-site element of the audit typically covers two broad areas: your documentation and your physical arrangements. Both matter, and a gap between the two is one of the most common findings.
On the documentation side, the auditor will want to see that your health and safety policy is current and signed off at the appropriate level, that your risk assessments cover the activities your business actually carries out, that method statements are in place where required, and that your records — training logs, inspection records, RIDDOR reports where applicable — are being maintained consistently.
On the physical side, the auditor will observe how work is actually being carried out. This is where audits differ meaningfully from a desk-based review. Seeing your workplace in operation reveals things that documentation alone cannot: whether PPE is being worn correctly, whether access routes are clear, whether equipment is being used safely, and whether the working practices described in your method statements bear any resemblance to what is happening on the ground.
Conversations with workers and supervisors are also a standard part of the process. An auditor asking your team questions about how they manage a particular task or who they would contact if they spotted a hazard is not looking to catch anyone out. It is a straightforward way to understand whether your health and safety culture is functioning in practice, not just on paper.
Common Areas Where Gaps Are Found
Experience across a range of sectors reveals certain recurring themes. Risk assessments that were produced at the outset of a project or when the business first set up its systems, and have not been meaningfully reviewed since, are among the most common findings. Documentation that describes processes which no longer reflect how work is actually done is another.
Training records frequently reveal gaps, particularly around refresher training and where staff turnover has left new starters without documented inductions. In construction environments, CDM documentation is regularly found to be incomplete or out of date relative to the current stage of the project.
None of these findings are unusual, and none are automatically serious. What matters is that they are identified clearly and addressed in a structured way.
What a Good Audit Report Should Contain
The audit report is where the value of the process becomes tangible. A good report does more than list what was found on the day. It gives you a clear understanding of what is working well, what needs attention and, importantly, what priority you should give each issue.
Findings are typically categorised by severity. Some will be critical, requiring prompt action to address a significant legal or safety risk. Others will be advisory, representing good practice improvements rather than compliance failures. A well-structured report distinguishes between these clearly, so that you know where to focus your effort first.
Recommendations should be specific and actionable. Telling a business that its risk assessments need to be reviewed is less useful than identifying which risk assessments, what the specific deficiencies are, and what a compliant version should include. The more concrete the recommendations, the easier they are to act on.
You should also expect the report to be delivered and explained, not simply emailed over. A brief conversation to walk through the findings, answer questions and discuss priorities is a standard part of a professional audit service.
What Happens After the Audit
The audit itself is only part of the process. What matters equally is what the business does with the findings.
Some organisations have the internal resource to act on audit recommendations without further support. Others benefit from ongoing assistance — whether that is help updating documentation, reviewing specific risk assessments, or having a consultant available to advise as changes are implemented. A retained consultancy arrangement is often the most efficient way to ensure that improvements are made properly and that the business does not find itself in the same position at the next audit.
Regular auditing, rather than a one-off exercise, is the most effective approach for most businesses. An annual audit gives you a consistent benchmark, helps you demonstrate a proactive commitment to compliance, and keeps your health and safety management in step with changes to your operations or the regulatory environment.
Mast Safety carries out health and safety audits for businesses across London and the UK, working across construction, manufacturing, warehousing, logistics, and commercial environments. If you would like to discuss what an audit would cover for your business, our team is happy to talk it through.
