What causes a company to fail an ISO 45001 audit, even when most satisfaction surrounds its safety systems?
The answers have more to do with poorly implemented controls and vague documentation than with the absence of safety measures in the company. They may also include a lack of workers' involvement in the process.
To get to the bottom of the frequently occurring audit failures, we consulted over 100 certified ISO 45001 lead auditors and analyzed numerous real-world audit reports from global industries.
The result is this practical resource breakdown of the top 100 non-conformities organizations encounter during the ISO 45001 certification process, along with clear remediation strategies.
This guide also helps teams evaluate and optimize their current ISO 45001 checklist, ensuring nothing is missed when it’s time for a lead auditor to arrive.
Whether you're gearing up for your first ISO 45001 audit or surveillance review or honing your internal audit checklist, this guide will give you a sharper edge in audit preparation and safety performance.
📌 Clause: 5.3 – Organizational Roles, Responsibilities and Authorities
What’s Going Wrong: Many organizations have safety roles written in policy documents, but these are not actively communicated, assigned, or understood by workers. Supervisors and line managers may be unaware of their specific OH&S responsibilities, leading to fragmented accountability.
Why It Matters During an Audit: ISO 45001 certification emphasizes leadership and accountability at every level. Auditors expect to see a structured approach to assigning and communicating safety roles throughout the organization.
How to Fix It: Develop a RACI chart or responsibility matrix for OH&S duties. Incorporate these roles into job descriptions, team briefings, and performance evaluations. Provide refresher training to managers and ensure ownership is visible in internal audit trails.
Real-World Result: Clear delegation of safety responsibilities supports stronger compliance, more efficient audits, and better ownership of OH&S performance.
GSDC’s ISO 45001 Lead Auditor certification equips safety professionals with the skills, tools, and frameworks required to audit, evaluate, and improve Occupational Health & Safety Management Systems in line with ISO 45001:2018.
📌 Clause: 6.1.2.2 – Hazard Identification and Risk Assessment
What’s Going Wrong: Risk assessments are often conducted once during implementation and rarely updated. They may not reflect new equipment, changing operations, or recent incidents, and rarely include input from workers performing the tasks.
Why It Matters During an Audit: The ISO 45001 audit checklist requires that risk assessments be current, complete, and regularly reviewed. Incomplete assessments are seen as critical gaps that can undermine hazard controls.
How to Fix It: Schedule quarterly or biannual reviews of all risk assessments. Involve cross-functional teams in identifying hazards, especially those who directly engage with the process. Link findings to control measures and include updates in management reviews.
Real-World Result: Comprehensive and current risk assessments reduce workplace incidents, enhance legal compliance, and improve audit outcomes.
📌 Clause: 5.4 – Consultation and Participation of Workers
What’s Going Wrong: Many safety programs are created by management without input from the people most exposed to the risks. Workers may be unaware of procedures, excluded from hazard identification, or not involved in incident investigations.
Why It Matters During an Audit: One of the key differentiators of ISO 45001 vs. older standards is its focus on meaningful worker participation. Auditors expect to see evidence of worker involvement in system planning, implementation, and improvement.
How to Fix It: Establish structured consultation mechanisms such as safety committees, toolbox talks, and anonymous feedback forms. Involve workers in inspections, audits, and risk analysis, and document their contributions.
Real-World Result: Worker involvement increases safety culture maturity, promotes ownership, and satisfies a foundational ISO 45001 requirement.
📌 Clause: 8.2 – Emergency Preparedness and Response
What’s Going Wrong: Emergency procedures exist on paper, but drills are not conducted, or feedback from past incidents is never used to improve the response plan. Staff may be unaware of their roles during emergencies.
Why It Matters During an Audit: ISO 45001 requires that emergency preparedness plans be evaluated for effectiveness through drills and regularly updated based on outcomes. Lack of testing is a common and serious non-conformity.
How to Fix It: Schedule realistic emergency simulations at least annually. Include fire, chemical spills, first aid, and evacuation scenarios. Capture feedback, conduct after-action reviews, and revise procedures as needed.
Real-World Result: Well-tested plans improve response time, prevent panic during real events, and demonstrate proactive risk management to auditors.
📌 Clause: 6.2.1 – OH&S Objectives and Planning to Achieve Them
What’s Going Wrong: Objectives are often too broad (e.g., “improve safety”) and lack measurable indicators, timeframes, or assigned owners. There’s no documentation to show progress or evaluate effectiveness.
Why It Matters During an Audit: ISO 45001 requires SMART objectives (Specific, Measurable, Achievable, Relevant, Time-bound) and regular monitoring. Auditors will request documented plans and updates.
How to Fix It: Break broad goals into focused KPIs like “reduce lost time injuries by 15% in 12 months.” Assign responsibility, allocate resources, and track performance through monthly dashboards and reports.
Real-World Result: Documented and reviewed objectives drive real improvement and clearly demonstrate commitment to safety to auditors.
📌 Clause: 10.2 – Incident, Nonconformity and Corrective Action
What’s Going Wrong: Incident reports often focus on what happened, not why. Investigations stop at immediate causes (e.g., "employee error") without exploring systemic failures like poor training, unclear instructions, or lack of supervision.
Why It Matters During an Audit: Auditors assess whether the organization uses structured methodologies to learn from incidents and prevent recurrence. Superficial investigations indicate a reactive safety culture.
How to Fix It: Train supervisors and safety staff in root cause analysis tools like the “5 Whys,” fault tree analysis, or fishbone diagrams. Standardize the investigation template to include these sections.
Real-World Result: Deeper investigations lead to meaningful corrective actions, reduce recurrence, and demonstrate proactive learning to auditors.
📌 Clause: 9.3 – Management Review
What’s Going Wrong: Management reviews are rushed or superficial. Key inputs such as audit results, OH&S performance data, and worker feedback are missing. There are no documented outputs like decisions, resource allocations, or improvement actions.
Why It Matters During an Audit: ISO 45001 requires formal and structured management review processes. Auditors view this as a reflection of leadership commitment.
How to Fix It: Use a standardized agenda that includes all required inputs from Clause 9.3. Record meeting minutes, assigned actions, and deadlines. Integrate findings into the continual improvement plan.
Real-World Result: Well-executed reviews show leadership involvement and system oversight, both of which are heavily weighted during ISO 45001 audits.
📌 Clause: 6.1.3 – Determination of Legal and Other Requirements
What’s Going Wrong: Organizations either have outdated lists of legal obligations or rely on external consultants without verifying applicability. Changes in law or new regulations are missed, leading to silent non-compliance.
Why It Matters During an Audit: Demonstrating knowledge and monitoring of OH&S legal compliance is essential for ISO 45001 certification.
How to Fix It: Maintain a live compliance register linked to legislation, codes, and client
requirements. Assign ownership for updates and review quarterly. Subscribe to regulatory update services or legal alerts.
Real-World Result: Proactive legal tracking avoids fines and builds credibility during audits.
📌 Clause: 7.2 – Competence
What’s Going Wrong: Organizations often conduct safety training but fail to document who attended, when it occurred, and whether the training was effective. Job-specific competencies are not defined.
Why It Matters During an Audit: ISO 45001 requires that personnel be competent based on education, training, and experience—and that this is verifiable.
How to Fix It: Create a competence matrix per job role. Log training sessions, test results, and assessments of effectiveness. Retain certificates and attendance sheets.
Real-World Result: Competence records prove readiness and show commitment to safety, making audits smoother and more predictable.
📌 Clause: 9.1.1 – Monitoring, Measurement, Analysis and Performance Evaluation
What’s Going Wrong: Safety performance is reviewed only after incidents. Data is collected but not analyzed, compared against targets, or used to drive decision-making.
Why It Matters During an Audit: ISO 45001 emphasizes performance-based evaluation. Simply collecting data is not enough; auditors look for trend analysis and data-driven improvement.
How to Fix It: Define key safety indicators (e.g., near-miss rates, training hours, audit scores). Use dashboards to visualize data and link trends to corrective actions.
Real-World Result: Meaningful metrics drive proactive decisions, ensure compliance, and impress auditors with a culture of continuous improvement.
We've compiled all 100 audit failures — complete with clause references, real-world causes, and step-by-step solutions — into a comprehensive checklist and worksheet to help you:
✅ Prepare for internal audits with confidence
✅ Strengthen your ISO 45001 audit checklist and documentation
✅ Train your audit team with real-world context
✅ Avoid repeat findings in surveillance audits
✅ Align your safety program with ISO 45001 certification standards
Download now and take a proactive step toward safety excellence, audit success, and long-term occupational health resilience.
ISO 45001 Certification is not just about passing the audit; it is about establishing a safer, healthier, and more integrated organization from within. A robust OHSMS can certainly drive accidents down, lift the morale of employees, and even make apparent to the outside world your commitment to improvement and compliance.
Out of the 100 audit failures documented in this guide, these several ones bring out the major high-impact common nonconformity observed by certified ISO 45001 lead auditors worldwide. By preemptive identification and closure of these issues, an organization can save on costly delays, enhance operational risks, and pay safety as a normal cultural phenomenon — not simply a compliance requirement.
A well-implemented ISO 45001 framework means that regulatory standards are not only met but also surpassed.
Whether you're just starting to explore what ISO 45001 is or you're deep into implementation, this guide helps transform your compliance efforts into a competitive strength.
Good safety management builds trust among stakeholders, reduces operational disruptions, and positions your business as a responsible employer and called a leader in the industry.
Stay up-to-date with the latest news, trends, and resources in GSDC
If you like this read then make sure to check out our previous blogs: Cracking Onboarding Challenges: Fresher Success Unveiled
Not sure which certification to pursue? Our advisors will help you decide!