Skip to main content
RAE IQ
Compliance & audit

Audit programme

An audit programme is the planned schedule of internal audits across a WHSMS for a defined cycle (typically annual). ISO 45001 Clause 9.2 requires the audit programme to plan, establish, implement and maintain an audit programme โ€” coverage of every clause across the cycle, by competent auditors, with findings driving CAPA.

Legal context

Under ISO 45001 Cl 9.2, an internal audit programme must define the frequency, methods, responsibilities, planning requirements and reporting of audits โ€” taking into account the importance of the processes concerned, changes affecting the organisation, and results of previous audits. The auditors must be objective and impartial (i.e. not auditing their own work). The audit programme typically rotates coverage so every clause of the WHSMS is audited at least once per certification cycle (commonly annual). Audit findings (NCs, observations, opportunities for improvement) feed into the CAPA register. The Management Review under Cl 9.3 reads out audit-programme performance as one of its 10 mandatory inputs.

Where this shows up in RAE IQ

Related terms

ISO 45001

ISO 45001:2018 is the international standard for occupational health and safety management systems (OHSMS). It uses the Annex SL high-level structure shared with ISO 9001 and ISO 14001, organised around Plan-Do-Check-Act and 10 clauses from context (4) through improvement (10).

NCR

A Non-Conformity Report records a failure to meet a defined requirement โ€” a WHS rule, an ISO 45001 clause, an internal procedure, a regulator condition. NCRs feed the CAPA register and are the primary lag indicator of system performance.

CAPA

Corrective and Preventive Action is the structured response to a non-conformity or incident: investigate root cause, define corrective action (fix this) and preventive action (stop it recurring elsewhere), assign accountable owners and due dates, and verify the action was effective. ISO 45001 Cl 10.2 governs the workflow.

Management review

A management review is the formal periodic (typically annual) review by top management of the WHSMS to ensure its continuing suitability, adequacy and effectiveness. ISO 45001 Cl 9.3 specifies 10 mandatory inputs and 5 mandatory outputs.

Platform pillars

Governance & Audit

Browse the full glossary.

47 WHS and HSWA terms with legal context, FAQs and regulator references.

See all terms