Standard Operating Procedure: Safety Management System (SMS) Audit

This Standard Operating Procedure (SOP) defines the mandatory process for auditing a Safety Management System (SMS). The objective of this audit is to verify that safety policies, procedures, and risk controls are not only documented but are effectively implemented and continuously improved across the organization. This audit serves as a critical compliance mechanism to ensure alignment with regulatory standards (such as ISO 45001 or OSHA guidelines) and to proactively identify hazards before they manifest as incidents.

1. Documentation and Policy Review

• Verify the existence of a current, signed Safety Policy statement.
• Confirm that safety objectives are documented, measurable, and communicated to all departments.
• Ensure all safety-related documentation (SOPs, manuals, work instructions) is current, approved, and accessible to relevant personnel.
• Audit the document control system to ensure outdated versions are removed and replaced.

2. Risk Management and Hazard Control

• Review the organization’s Hazard Identification and Risk Assessment (HIRA) register.
• Verify that identified risks have corresponding, effective mitigation controls in place.
• Confirm that a process exists for Management of Change (MOC) whenever new equipment, processes, or personnel are introduced.
• Assess whether emergency response plans are documented and mapped to the specific risks identified in the register.

3. Training and Competency

• Audit employee training records for completion, recertification, and accessibility.
• Confirm that specialized roles (e.g., forklift operators, chemical handlers) hold valid, up-to-date certifications.
• Evaluate the effectiveness of safety induction programs for new hires and contractors.
• Verify that records of safety drills (fire, medical, spill) are documented with attendee lists and lessons learned.

4. Operational Oversight and Incident Reporting

• Conduct a physical "walkthrough" inspection to verify that PPE usage matches written policy requirements.
• Review the Incident/Near-Miss log to ensure reporting timelines were met.
• Audit the Corrective and Preventive Action (CAPA) process to ensure that root causes were identified and resolved for reported incidents.
• Verify that maintenance logs for safety-critical equipment (e.g., fire extinguishers, machine guards) are current.

5. Management Review and Continuous Improvement

• Confirm that periodic Management Reviews of the SMS are conducted and documented with meeting minutes.
• Check for evidence of "Management Commitment," such as budget allocation for safety improvements.
• Evaluate the feedback loop: How are employee suggestions for safety improvements captured and implemented?

Pro Tips & Pitfalls

• Pro Tip: Use a "Trust but Verify" approach. Do not accept a signed training record at face value; ask an employee to demonstrate the safety process described in that training.
• Pro Tip: Focus on "Evidence of Effectiveness" rather than "Evidence of Existence." A pristine, dusty manual is useless if nobody knows the procedures inside it.
• Pitfall: Over-relying on internal perception. If the audit is done solely by the safety manager who wrote the system, they will likely overlook their own blind spots. Rotate internal auditors or bring in third-party eyes.
• Pitfall: Ignoring "Near Misses." Many auditors focus only on accidents. High-performing systems prioritize the investigation of near-misses as the most valuable data for preventing future accidents.

FAQ

Q: How often should an SMS audit be performed? A: It is industry standard to conduct a comprehensive audit at least annually. However, internal "spot audits" or departmental checks should occur quarterly to ensure ongoing compliance.

Q: What is the most common reason for an SMS audit failure? A: The most frequent failure is a breakdown in documentation (lack of records), followed closely by a failure to follow the "Management of Change" process when physical layouts or operational procedures are altered.

Q: Should I involve frontline employees in the audit process? A: Absolutely. Frontline employees are the best source of truth. Interviewing them provides real-world context that documentation cannot capture and helps build a culture of safety transparency.

<script type="application/ld+json"> { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [ { "@type": "Question", "name": "What is the primary objective of an SMS audit?", "acceptedAnswer": { "@type": "Answer", "text": "The primary objective is to verify that safety policies, procedures, and risk controls are documented, effectively implemented, and continuously improved to meet regulatory standards." } }, { "@type": "Question", "name": "Which regulatory standards does this SMS audit process align with?", "acceptedAnswer": { "@type": "Answer", "text": "This audit process is designed to align with major international and national safety standards, including ISO 45001 and OSHA guidelines." } }, { "@type": "Question", "name": "What should be included in an SMS audit for risk management?", "acceptedAnswer": { "@type": "Answer", "text": "A comprehensive SMS audit must review the Hazard Identification and Risk Assessment (HIRA) register, verify mitigation controls, and check the Management of Change (MOC) process." } } ] } </script> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "SoftwareApplication", "name": "Safety Management System (SMS) Audit SOP", "applicationCategory": "BusinessApplication", "operatingSystem": "All", "description": "A standardized operating procedure for conducting Safety Management System audits to ensure regulatory compliance and continuous safety improvement.", "provider": { "@type": "Organization", "name": "Safety Compliance Experts" }, "offers": { "@type": "Offer", "price": "0.00", "priceCurrency": "USD" } } </script>