Internal audits are the process of making sure your policies, procedures and systems are working as expected, and any possible improvements identified. It includes evaluating and improving the effectiveness of any risk management, control and governance processes.
The aim is to identify how well risks are managed, including whether the right processes are in place, and whether agreed procedures are being followed.
Internal audits should include suppliers and contractors that you interact with – especially those operating under your licence and safety case. This way you’ll know the inputs to your end-to-end process are safe. These audits are sometimes referred to as ‘second party’ audits.
Internal audits give the assurance your organisation is meeting its goals, achieving what it set out to do, and is managing its risks effectively.
Even if your organisation is running smoothly and operating well, there’s always the risk that something will go wrong. The most well-developed safety case and safety system still needs to be checked.
You shouldn’t be reviewing your processes, procedures and activities just to meet your legal requirements – meeting them should be a by-product of your operation running safely and effectively.
Auditors should be independent enough to be able to identify and comment on anything they find. It shouldn’t be someone involved in running the part of the organisation being audited but it could be someone from a different department, a sister organisation or a contractor.
An auditor doesn’t have to be a technical expert in what they’re auditing but should be familiar enough with the area to understand the documents they’re auditing.
We charge for the time spent on a safety assessment and when considering safety case variations. Internal audits help reduce how long it takes to do these and reduces the chance of compliance actions (such as remedial actions), which can also have costs.
For more information on costs and how you may be able to reduce them:
