Workplace audits, whether for Work Health and Safety (WHS), ISO certification, or principal contractor compliance, are designed to ensure businesses operate safely, legally, and systematically.
Audits may be conducted under state-based WHS regulators such as Safe Work Australia (policy body), enforcement authorities like SafeWork NSW, or as part of ISO certification through standards developed by International Organisation for Standardisation. Principal contractors on construction projects also conduct prequalification and ongoing compliance audits to manage site risk.
Despite good intentions, many businesses fail these audits for preventable reasons. Below are the most common causes, and how to avoid them.
Incomplete or Outdated Safety Management Systems
A common failure point is having a WHS or ISO system that looks good on paper but hasn’t been updated, or implemented, in practice.
Typical issues include:
- Policies not reviewed annually
- Procedures that don’t reflect current operations
- Missing version control
- Documents that reference outdated legislation
Auditors look for evidence that your system is live, current, and embedded, not just a template stored in a folder.
How to avoid it:
Schedule annual management reviews and document revisions. Ensure procedures match actual site practices.
Poor Hazard Identification and Risk Assessments
Under harmonised WHS laws, businesses must identify hazards and implement effective controls.
Audit failures often arise from:
- Generic, copy-paste risk assessments
- Missing Safe Work Method Statements (SWMS)
- No evidence of site-specific risk review
- Controls not aligned with the hierarchy of control
Principal contractors in construction are especially strict about SWMS compliance and site-specific risk management.
How to avoid it:
Ensure risk assessments are task-specific, signed, dated, and reviewed when conditions change.
Inadequate Training and Competency Records
You may have competent workers, but if you can’t prove it, you can fail the audit.
Common documentation gaps include:
- Expired high-risk work licences
- Missing VOC (Verification of Competency) records
- No training matrix
- No induction records
- No refresher training evidence
ISO standards such as ISO 9001 and ISO 45001 require documented competency evidence.
How to avoid it:
Maintain a live training register and monitor expiry dates proactively.
Lack of Consultation and Worker Participation
WHS laws require consultation with workers on safety matters.
Auditors may ask:
- How are workers consulted about hazards?
- Are toolbox talks documented?
- Is there evidence of safety meetings?
- Are HSRs (Health and Safety Representatives) involved?
If consultation is informal and undocumented, it may not meet compliance requirements.
How to avoid it:
Keep minutes of toolbox talks and safety meetings. Record attendance and action items.
Incident Reporting and Investigation Failures
Many businesses fail audits not because incidents occurred, but because they weren’t managed correctly.
Red flags include:
- No incident register
- No investigation reports
- No root cause analysis
- Corrective actions not tracked
- Notifiable incidents not reported
Regulators expect a structured approach to incident management and corrective actions.
How to avoid it:
Use a formal incident reporting system and track corrective actions through to completion.
Contractor Management Gaps
Principal contractor audits often focus heavily on subcontractor compliance.
Common issues:
- No contractor prequalification process
- Missing insurances
- No SWMS review process
- No evidence of subcontractor induction
- Lack of monitoring and supervision
If you can’t demonstrate oversight of subcontractors, you may fail site audits.
How to avoid it:
Implement a documented contractor management procedure with checklists and approval records.
Internal Audits Not Conducted (or Not Effective)
For ISO-certified businesses, internal audits are mandatory.
Frequent problems include:
- No internal audit schedule
- Superficial audits with no findings
- No evidence of corrective action follow-up
- Management reviews not conducted
Auditors expect to see continuous improvement, not just compliance.
How to avoid it:
Conduct structured internal audits annually and document management review outcomes.
Poor Document Control
Document control is a major ISO audit focus area.
Typical failures:
- Uncontrolled forms in circulation
- Staff using outdated procedures
- Missing document registers
- No approval signatures
Even strong systems can fail audits if document control is weak.
How to avoid it:
Use a controlled document register with version numbers and review dates.
Leadership and Due Diligence Gaps
Under WHS laws, company officers must exercise due diligence.
Auditors may question:
- How leadership monitors WHS performance
- Whether safety KPIs are reviewed
- If directors receive safety reports
- How compliance obligations are tracked
If leadership cannot demonstrate active involvement, this can result in major non-conformances.
How to avoid it:
Document board-level WHS reporting and decision-making processes.
“Paper Compliance” Without Real Implementation
One of the biggest audit failures is when systems exist, but workers don’t follow them.
Auditors commonly:
- Interview workers
- Observe work practices
- Compare procedures against actual behaviour
If there’s a disconnect between documentation and practice, it’s a serious red flag.
How to avoid it:
Ensure supervisors enforce procedures and conduct regular site inspections.
Final Thoughts
Most WHS, ISO, and principal contractor audit failures aren’t caused by catastrophic breaches, they’re caused by:
- Inconsistent documentation
- Lack of follow-through
- Poor monitoring
- Weak leadership engagement
The key to passing audits is embedding safety and compliance into everyday operations, not treating audits as one-off events.
If your systems are current, documented, implemented, and regularly reviewed, audits become far less stressful, and far more predictable.
Proactive compliance doesn’t just help you pass audits, it strengthens your business resilience, protects workers, and enhances your reputation in competitive industries like construction, manufacturing, and civil works.
This article expands on concepts covered in our Audit Readiness pillar page, which explains how these failures can be prevented structurally.