# OHSMS Internal Audit (Clause 9.2) > Plan and execute ISO 45001 OHSMS internal audits: create audit plans with sampling strategies, draft structured audit reports with findings mapped to clauses, validate finding completeness (severity, evidence, clause, corrective action), and verify auditor impartiality. Tags: ISO 45001, OHSMS, Internal Audit, Compliance, Assessment ## Example Prompts - Plan an internal audit for our ISO 45001 OHSMS - Draft our OHSMS internal audit report with findings mapped to ISO 45001 clauses - Check that our OH&S internal auditors are not auditing their own work - Validate that our audit findings have severity, evidence, and corrective actions - Run a combined validation on our OHSMS audit report URL: https://rakenne.app/skills/ohsms-internal-audit/index.md Try this skill: https://rakenne.app/a/?skill=ohsms-internal-audit ## Overview Plan and execute ISO 45001 OHSMS internal audits: create audit plans with sampling strategies, draft structured audit reports with findings mapped to clauses, validate finding completeness (severity, evidence, clause, corrective action), and verify auditor impartiality. The skill covers the full internal audit lifecycle per Clause 9.2: scoping, auditor independence verification, risk-based sampling, structured finding documentation with the correction vs. corrective action distinction that auditors specifically check, and combined report validation. It produces two mandatory deliverables -- an audit plan and an audit report with findings mapped to ISO 45001 clauses. ## Example Conversation > **You:** We need to run an internal audit for our ISO 45001 OHSMS. We're SafeBuild Construction, 200 employees across 3 construction sites. We want to focus on operational controls (Clause 8.1) and emergency preparedness (Clause 8.2) this cycle. Our OH&S Manager is Lisa Torres and our lead auditor is James Park from the Quality department. > **Agent:** I'll set up the audit plan for a focused internal audit covering Clauses 8.1 and 8.2 across your 3 sites. Since James Park is from Quality and is not responsible for operational controls or emergency preparedness, he qualifies as independent. I'll define the sampling strategy based on your 200-employee workforce and 3 sites, then write the plan. Let me confirm a few things -- what are the site names, and when is the audit scheduled? > **You:** Site A is our downtown highrise project (85 workers), Site B is a residential subdivision (70 workers), and Site C is a bridge rehabilitation (45 workers). Audit is scheduled for the week of March 10. > **Agent:** I've drafted `output/OHSMS-Internal-Audit-Plan.md` with scope limited to Clauses 8.1 and 8.2, a risk-based sampling strategy (larger sample from Site A due to highrise hazards), and the audit schedule across the 3 sites. Running `audit_impartiality_checker_ohs` to verify auditor independence. > **Agent:** Impartiality check **PASS** -- James Park (Quality) has no overlap with the operational controls or emergency preparedness scope areas. Independence statement confirmed. Ready for Step 2 -- shall I draft sample findings for the audit report, or do you have actual audit notes? > **You:** We found that Site A has no emergency evacuation drill records for the past 6 months, Site B had expired fire extinguishers in the material storage area, and Site C's toolbox talk records don't mention emergency assembly points. > **Agent:** I've drafted `output/OHSMS-Internal-Audit-Report.md` with three findings: NC-001 (Major NC, Clause 8.2 -- absence of emergency drill records at Site A), NC-002 (Minor NC, Clause 8.1 -- expired fire extinguishers at Site B), and OFI-001 (Clause 8.2 -- toolbox talks at Site C could include emergency assembly points). Each NC includes objective evidence, correction, root cause analysis, and corrective action. Running `audit_report_validator_ohs` for combined validation. > **Agent:** Combined validation **PASS** -- all findings have clause references, severity classifications, objective evidence, and corrective actions for NCs. The report is ready for distribution. ## Output Excerpt **Audit Report (excerpt):** --- ### Finding NC-001 | Field | Detail | |-------|--------| | **ID** | NC-001 | | **Severity** | Major NC | | **Clause** | 8.2 (Emergency preparedness and response) | | **Site** | Site A -- Downtown Highrise Project | | **Finding** | No emergency evacuation drill records exist for the period September 2025 -- February 2026. ISO 45001 Clause 8.2 requires the organization to plan, implement, and periodically test emergency response procedures. | | **Objective evidence** | Reviewed the emergency drill log and interviewed the Site A supervisor. No drill records found for the past 6 months. The previous drill was recorded on 2025-08-12. | | **Correction** | Schedule and conduct an emergency evacuation drill at Site A within 2 weeks. | | **Root cause** | No defined frequency for emergency drills in the site-level emergency plan; reliance on ad-hoc scheduling without a tracking mechanism. | | **Corrective action** | Update the emergency preparedness procedure to mandate quarterly drills at all sites. Add drill scheduling to the OH&S calendar with automatic reminders. Assign site supervisors as drill coordinators. | | **Owner** | Lisa Torres, OH&S Manager | | **Target date** | 2026-04-15 | ## What the Tools Validate **`audit_impartiality_checker_ohs`** verifies auditor independence per Clause 9.2: - **Auditor extraction** -- Reads the audit team section for auditor names and roles. - **Scope extraction** -- Reads the scope section for departments and areas being audited. - **Overlap detection** -- Flags if any auditor's department overlaps with the audit scope (e.g., an OH&S team member auditing OH&S operational controls). - **Independence statement** -- Checks for an explicit independence confirmation statement. - **Input:** Path to the audit plan or report file. - **Output:** PASS if no overlap detected; FAIL with specific conflict details if overlap found. **`audit_finding_validator_ohs`** validates each finding for completeness: - **Severity** -- Every finding must be classified as Major NC, Minor NC, OFI, or Observation. - **Clause reference** -- Every finding must reference at least one ISO 45001 clause (e.g., "Clause 6.1.2"). - **Objective evidence** -- Every finding must cite verifiable evidence (records reviewed, interviews conducted, inspections performed). - **Corrective action** -- Every NC must include a corrective action (not just a correction). The tool checks for keywords like "corrective action", "root cause", "action required". - **Input:** Path to the audit report file. - **Output:** Per-finding PASS/ERROR status with specific guidance on what to add. **`audit_report_validator_ohs`** runs all three checks in a single call: - **Clause mapping** -- Maps each finding to ISO 45001 clauses based on content keywords and checks for explicit clause references. - **Completeness check** -- Validates severity, evidence, and corrective action for each finding (same as `audit_finding_validator_ohs`). - **Severity classification** -- Analyzes finding language against severity indicators and suggests whether the declared severity matches the content (e.g., "absence of" language suggests Major NC). - **Input:** Path to the audit report file. - **Output:** Three-section report (clause mapping, completeness, severity classification) with overall PASS/FAIL result. ## Getting Started 1. Create a new project and install the *OHSMS Internal Audit* skill. 2. Upload any prior audit reports or findings you want to follow up on. 3. Tell the agent your audit scope (full OHSMS or specific clauses), the audit team, and your organization context (sites, headcount, key hazards). 4. The agent will draft the audit plan, verify auditor independence, then guide you through documenting findings with proper severity, evidence, and corrective actions. 5. All deliverables are written to the `output/` directory and validated with the built-in tools before finalization. --- Back to [Skill Library](https://rakenne.app/skills/index.md)