What is an ISO 45001 internal audit programme (clause 9.2)?

ISO 45001:2018 clause 9.2 requires the organisation to:

• Conduct internal audits at planned intervals to determine whether the OH&S management system conforms to ISO 45001 requirements and is effectively implemented and maintained.
• Plan, establish, implement and maintain an audit programme — including the frequency, methods, responsibilities, planning and reporting — that takes into consideration the importance of the processes, the changes affecting the organisation, and the results of previous audits.
• Define audit criteria and scope for each audit.
• Select auditors and conduct audits to ensure objectivity and impartiality.
• Ensure findings are reported to management.
• Take action to address NCs and continually improve.
• Retain documented information as evidence of the programme and audit results.

A practical audit programme typically includes:

1. Annual programme — calendar of internal audits across processes and sites, with risk-based frequency.
2. Audit checklist per process — questions, evidence to look at, sample selection.
3. Lead auditor + audit team assignment.
4. Findings register — NC, observation, opportunity for improvement.
5. CAPA linkage — every NC becomes a CAPA in the corrective-action register (clause 10.2).
6. Audit report PDF with management response.

RAE IQ's Internal Audit Programme module (feature #29, Business tier) covers all of this — AI-generated checklists per process area, finding capture, CAPA linkage and PDF audit reports.