Sherm Login

Author: Marnie Cruickshank

Audit Evidence: What to Keep, What to Drop, What to Digitise

Posted on by Marnie Cruickshank

If you’ve ever prepared for a WHS audit, you know the temptation: keep everything.

Folders expand. Shared drives overflow. Email chains get archived “just in case.”

But experienced auditors don’t reward volume — they look for relevance, reliability, and traceability.

Whether you’re preparing for a regulator interaction, client audit, or certification against ISO 45001, here’s how to decide what audit evidence to keep, what to drop, and what to digitise.

First: What Counts as “Audit Evidence”?

Audit evidence is any information that demonstrates your WHS management system:

  • Meets legal requirements (e.g. Work Health and Safety Act 2011 and state equivalents)
  • Is implemented in practice
  • Is effective and reviewed

Evidence must be:

  • Accurate
  • Current
  • Accessible
  • Traceable

If it doesn’t support those criteria, it’s probably clutter.

What to Keep

These are documents and records that auditors consistently request and rely on.

  1. Core Governance Documents

Keep:

  • WHS policy signed by senior leadership
  • Roles and responsibilities
  • Organisational chart
  • Legal compliance register
  • Risk management procedure

These demonstrate structure and accountability.

  1. Risk Management Records

Keep:

  • Current risk assessments
  • SWMS (where applicable)
  • Hazard registers
  • Control implementation records
  • Review evidence

Important: Outdated risk assessments that no longer reflect operations should be archived — not active.

  1. Training and Competency Records

Keep:

  • Induction records
  • High-risk work licences
  • Verification of competency (VOC)
  • Refresher training logs
  • Supervisor competency evidence

Auditors look for proof that workers are competent at the time of work, not just when they were first hired.

  1. Incident and Corrective Action Records

Keep:

  • Incident reports
  • Investigation findings
  • Root cause analysis
  • Corrective action tracking
  • Evidence of close-out

What matters most is showing that actions were implemented and verified.

  1. Consultation Evidence

Keep:

  • Safety committee minutes
  • HSR records
  • Toolbox talk records
  • Worker consultation feedback

WHS legislation places strong emphasis on consultation — auditors expect to see evidence of it.

What to Drop (or Archive Properly)

Not all documents need to stay in your active audit folder.

  1. Superseded Policies and Procedures

If a document has been replaced:

  • Archive it with version control
  • Remove it from operational folders
  • Ensure only current versions are accessible

Auditors often identify “document control failures” when outdated procedures remain in circulation.

  1. Redundant Forms

Many organisations collect forms no one reviews:

  • Pre-start checklists never analysed
  • Hazard reports with no follow-up
  • Meeting minutes no one reads

If a record doesn’t inform decisions or improvements, question why it exists.

  1. Excessive Email Evidence

Email chains are weak audit evidence unless:

  • They demonstrate formal approval
  • They verify a decision
  • They confirm action completion

Where possible, convert critical decisions into controlled records.

  1. Duplicated Records

If information exists in multiple systems:

  • Choose one “source of truth”
  • Eliminate manual duplication
  • Reduce reconciliation errors

Duplication creates audit risk.

What to Digitise

Digitisation isn’t just about convenience — it improves traceability and audit readiness.

  1. Training Registers

Move from spreadsheets to:

  • Centralised training management systems
  • Automated refresher alerts
  • Licence expiry tracking

This reduces non-compliance risk.

  1. Risk Registers

Digital risk systems allow:

  • Version control
  • Review tracking
  • Control verification
  • Dashboard reporting

Auditors appreciate systems that clearly show when risks were last reviewed.

  1. Corrective Action Tracking

Manual spreadsheets often fail because:

  • Actions aren’t assigned clearly
  • Deadlines aren’t monitored
  • Close-outs aren’t verified

Digital systems provide accountability and audit trails.

  1. Contractor Management

Digitise:

  • Prequalification documents
  • Insurance currency
  • SWMS approvals
  • Induction records

This is especially valuable for construction, logistics, and multi-site businesses.

How Long Should You Keep WHS Records?

Retention requirements vary depending on the type of record and state legislation, but common examples include:

  • Incident records involving serious injury: often 5+ years
  • Health monitoring records (e.g. asbestos exposure): decades
  • Training records: duration of employment + additional period

Always align with applicable WHS regulations and industry-specific requirements.

The “Audit-Ready” Test

Ask these five questions about any document:

  1. Does this demonstrate compliance or effectiveness?
  2. Is it current?
  3. Is it controlled (versioned and authorised)?
  4. Can we retrieve it within minutes?
  5. Does it show follow-through, not just intent?

If the answer is “no” to most of these, reconsider its place in your system.

The Biggest Mistake Businesses Make

They build systems for the audit — not for the business.

Auditors (including those assessing against ISO 45001) are trained to detect:

  • Over-documented systems
  • Forms created purely for compliance
  • Records that exist but aren’t used

Strong evidence is:

  • Simple
  • Relevant
  • Consistent
  • Embedded in daily operations

Final Thoughts

Good audit evidence isn’t about volume — it’s about clarity and control.

Keep what proves your system works. Drop what adds noise. Digitise what improves visibility and accountability.

An audit-ready organisation isn’t the one with the most folders. It’s the one where evidence is accurate, current, and easy to find — every day, not just before the auditor arrives.

Sherm Software will help you to become an audit-ready organisation, book a demo today to see how.

Our Audit Readiness guide explains how businesses can design systems that withstand multiple audit regimes simultaneously.

What WHS Auditors Actually Look For

Posted on by Marnie Cruickshank

Work Health and Safety (WHS) audits can feel intimidating. Whether you’re preparing for a regulator visit, a client prequalification, or certification against ISO 45001, many businesses aren’t entirely sure what auditors are really assessing.

The good news? WHS auditors aren’t looking for perfection. They’re looking for evidence of a functioning safety management system that is practical, understood, and consistently applied.

Here’s what WHS auditors actually focus on.

Legal Compliance with WHS Legislation

First and foremost, auditors assess compliance with the relevant state or territory WHS legislation, such as:

  • Work Health and Safety Act 2011
  • SafeWork NSW requirements
  • WorkSafe Victoria guidance

They want to see that your organisation understands its primary duty of care, officer due diligence obligations, and worker responsibilities.

Typical evidence requested:

  • WHS policy signed by senior management
  • Documented responsibilities
  • Legislative compliance register
  • Evidence of periodic legal reviews

Risk Management Processes

WHS law is risk-based. Auditors expect to see a structured process for:

  • Hazard identification
  • Risk assessment
  • Implementation of controls
  • Review of control effectiveness

They’ll check whether your process aligns with the hierarchy of control (elimination, substitution, engineering, administrative, PPE).

Common areas reviewed:

  • High-risk construction work
  • Plant and equipment
  • Manual handling
  • Hazardous chemicals
  • Psychosocial hazards (increasingly important)

They’re not just checking paperwork — they’ll verify that controls exist in practice.

Consultation and Worker Participation

Under WHS laws, consultation is mandatory. Auditors will examine:

  • Health and Safety Representative (HSR) arrangements
  • Safety committee meeting minutes
  • Toolbox talks
  • Worker feedback mechanisms

They may interview workers directly. If employees can’t explain safety procedures or feel disconnected from the system, that’s a red flag.

Training and Competency

Auditors look for proof that workers are competent to perform their tasks safely.

Evidence may include:

  • Induction records
  • High-risk work licences
  • Verification of Competency (VOC) records
  • Supervisor training
  • Contractor onboarding systems

They’ll also check whether refresher training is scheduled and tracked.

Incident Reporting and Investigation

A strong WHS system treats incidents as learning opportunities.

Auditors review:

  • Incident reports
  • Investigation findings
  • Root cause analysis
  • Corrective actions
  • Evidence that actions were closed out

They may ask:

“Show me an incident from the last 12 months and what changed because of it.”

Documentation vs. Reality

One of the biggest misconceptions is that WHS audits are purely document checks.

They aren’t.

Auditors conduct:

  • Site inspections
  • Worker interviews
  • Observation of work practices

If your procedures say one thing but work is done differently, that gap will be identified. Consistency between Policy, Procedure and Practice is critical.

Contractor and Supplier Management

If you engage contractors, auditors will examine:

  • Prequalification processes
  • SWMS (Safe Work Method Statements)
  • Contractor induction
  • Monitoring and supervision
  • Performance reviews

Principal contractors and businesses conducting high-risk work receive particular scrutiny.

Emergency Preparedness

Auditors assess whether you are prepared for reasonably foreseeable emergencies.

They’ll review:

  • Emergency plans
  • Evacuation diagrams
  • Fire warden training
  • Drill records
  • First aid arrangements

And they’ll often ask workers what they would do in an emergency.

Continuous Improvement

A mature WHS system shows evidence of ongoing improvement.

Auditors look for:

  • Internal audits
  • Management review meetings
  • KPI tracking (e.g. TRIFR, LTIFR)
  • Corrective and preventive action systems

Certification audits (such as ISO 45001) place strong emphasis on leadership commitment and system improvement over time.

Officer Due Diligence

Under WHS law, company officers must exercise due diligence. Auditors may review whether directors and executives:

  • Receive WHS performance reports
  • Allocate adequate resources
  • Understand critical risks
  • Verify the implementation of controls

Board-level visibility of safety is increasingly expected.

What Auditors Are Not Looking For

  • A perfect safety record
  • Zero incidents
  • Overly complex documentation
  • A 500-page safety manual no one reads

They want to see a system that is:

  • Practical
  • Proportionate to your business size and risk
  • Understood by workers
  • Actively maintained

Final Thoughts

WHS audits are about evidence, consistency, and effectiveness.

If your safety system:

  • Identifies real risks
  • Implements appropriate controls
  • Involves workers
  • Learns from incidents
  • Demonstrates leadership commitment

…you’re already aligned with what auditors actually look for.

The key is not preparing for the audit the week before — it’s building a safety system that works every day.

Sherm Software is that safety system, book a demo today and see for yourself.

For a deeper explanation of how these expectations come together, see our guide to Audit Readiness for WHS, ISO and Principal Contractor Audits.

Common Reasons Businesses Fail WHS, ISO or Principal Contractor Audits

Posted on by Marnie Cruickshank

Workplace audits, whether for Work Health and Safety (WHS), ISO certification, or principal contractor compliance, are designed to ensure businesses operate safely, legally, and systematically.

Audits may be conducted under state-based WHS regulators such as Safe Work Australia (policy body), enforcement authorities like SafeWork NSW, or as part of ISO certification through standards developed by International Organisation for Standardisation. Principal contractors on construction projects also conduct prequalification and ongoing compliance audits to manage site risk.

Despite good intentions, many businesses fail these audits for preventable reasons. Below are the most common causes, and how to avoid them.

Incomplete or Outdated Safety Management Systems

A common failure point is having a WHS or ISO system that looks good on paper but hasn’t been updated, or implemented, in practice.

Typical issues include:

  • Policies not reviewed annually
  • Procedures that don’t reflect current operations
  • Missing version control
  • Documents that reference outdated legislation

Auditors look for evidence that your system is live, current, and embedded, not just a template stored in a folder.

How to avoid it:

Schedule annual management reviews and document revisions. Ensure procedures match actual site practices.

Poor Hazard Identification and Risk Assessments

Under harmonised WHS laws, businesses must identify hazards and implement effective controls.

Audit failures often arise from:

  • Generic, copy-paste risk assessments
  • Missing Safe Work Method Statements (SWMS)
  • No evidence of site-specific risk review
  • Controls not aligned with the hierarchy of control

Principal contractors in construction are especially strict about SWMS compliance and site-specific risk management.

How to avoid it:

Ensure risk assessments are task-specific, signed, dated, and reviewed when conditions change.

Inadequate Training and Competency Records

You may have competent workers, but if you can’t prove it, you can fail the audit.

Common documentation gaps include:

  • Expired high-risk work licences
  • Missing VOC (Verification of Competency) records
  • No training matrix
  • No induction records
  • No refresher training evidence

ISO standards such as ISO 9001 and ISO 45001 require documented competency evidence.

How to avoid it:

Maintain a live training register and monitor expiry dates proactively.

Lack of Consultation and Worker Participation

WHS laws require consultation with workers on safety matters.

Auditors may ask:

  • How are workers consulted about hazards?
  • Are toolbox talks documented?
  • Is there evidence of safety meetings?
  • Are HSRs (Health and Safety Representatives) involved?

If consultation is informal and undocumented, it may not meet compliance requirements.

How to avoid it:

Keep minutes of toolbox talks and safety meetings. Record attendance and action items.

Incident Reporting and Investigation Failures

Many businesses fail audits not because incidents occurred, but because they weren’t managed correctly.

Red flags include:

  • No incident register
  • No investigation reports
  • No root cause analysis
  • Corrective actions not tracked
  • Notifiable incidents not reported

Regulators expect a structured approach to incident management and corrective actions.

How to avoid it:

Use a formal incident reporting system and track corrective actions through to completion.

Contractor Management Gaps

Principal contractor audits often focus heavily on subcontractor compliance.

Common issues:

  • No contractor prequalification process
  • Missing insurances
  • No SWMS review process
  • No evidence of subcontractor induction
  • Lack of monitoring and supervision

If you can’t demonstrate oversight of subcontractors, you may fail site audits.

How to avoid it:

Implement a documented contractor management procedure with checklists and approval records.

Internal Audits Not Conducted (or Not Effective)

For ISO-certified businesses, internal audits are mandatory.

Frequent problems include:

  • No internal audit schedule
  • Superficial audits with no findings
  • No evidence of corrective action follow-up
  • Management reviews not conducted

Auditors expect to see continuous improvement, not just compliance.

How to avoid it:

Conduct structured internal audits annually and document management review outcomes.

Poor Document Control

Document control is a major ISO audit focus area.

Typical failures:

  • Uncontrolled forms in circulation
  • Staff using outdated procedures
  • Missing document registers
  • No approval signatures

Even strong systems can fail audits if document control is weak.

How to avoid it:

Use a controlled document register with version numbers and review dates.

Leadership and Due Diligence Gaps

Under WHS laws, company officers must exercise due diligence.

Auditors may question:

  • How leadership monitors WHS performance
  • Whether safety KPIs are reviewed
  • If directors receive safety reports
  • How compliance obligations are tracked

If leadership cannot demonstrate active involvement, this can result in major non-conformances.

How to avoid it:

Document board-level WHS reporting and decision-making processes.

“Paper Compliance” Without Real Implementation

One of the biggest audit failures is when systems exist, but workers don’t follow them.

Auditors commonly:

  • Interview workers
  • Observe work practices
  • Compare procedures against actual behaviour

If there’s a disconnect between documentation and practice, it’s a serious red flag.

How to avoid it:

Ensure supervisors enforce procedures and conduct regular site inspections.

Final Thoughts

Most WHS, ISO, and principal contractor audit failures aren’t caused by catastrophic breaches, they’re caused by:

  • Inconsistent documentation
  • Lack of follow-through
  • Poor monitoring
  • Weak leadership engagement

The key to passing audits is embedding safety and compliance into everyday operations, not treating audits as one-off events.

If your systems are current, documented, implemented, and regularly reviewed, audits become far less stressful, and far more predictable.

Proactive compliance doesn’t just help you pass audits, it strengthens your business resilience, protects workers, and enhances your reputation in competitive industries like construction, manufacturing, and civil works.

This article expands on concepts covered in our Audit Readiness pillar page, which explains how these failures can be prevented structurally.

What Audit Readiness Actually Means

Posted on by Marnie Cruickshank

When organisations say they’re “audit ready,” it often means very different things. For some, it’s a last-minute scramble before the auditor arrives. For others, it’s a year-round discipline embedded in governance, finance, IT, and operations.

True audit readiness isn’t about having neat folders or polished financial statements. It’s about being able to demonstrate compliance, accuracy, and control at any time—under regulatory and accounting standards.

Let’s break down what audit readiness really means in context.

Understanding the Regulatory Landscape

Audit readiness starts with knowing which rules apply to your organisation.

Financial reporting and audit requirements are shaped by:

  • The Australian Securities and Investments Commission (ASIC)
  • The Australian Accounting Standards Board (AASB)
  • The Australian Prudential Regulation Authority (APRA) (for financial institutions)
  • The Australian Charities and Not-for-profits Commission (ACNC) (for charities)

Depending on your structure (company, charity, public sector entity, financial institution), different standards and reporting obligations apply.

Being audit ready means you:

  • Know which standards apply to you
  • Understand reporting deadlines
  • Maintain documentation that aligns with Australian Accounting Standards (AAS)

It’s More Than Just the Annual Audit

Many organisations treat audit readiness as a seasonal project—usually starting a few months before year-end.

In reality, audit readiness means:

  • Clean reconciliations completed monthly
  • Controls operating consistently throughout the year
  • Policies reviewed and updated regularly
  • Evidence retained in real time

If documentation is only assembled when auditors ask for it, you’re not audit ready—you’re audit reactive.

Strong Internal Controls (Not Just Good Intentions)

Auditors focus heavily on internal controls. That includes:

  • Segregation of duties
  • Delegations of authority
  • Approval workflows
  • IT access management
  • Change management processes

For APRA-regulated entities, expectations are even higher around risk governance and operational resilience.

Audit readiness means controls are:

  • Documented
  • Tested
  • Understood by staff
  • Consistently applied

And importantly—evidence exists to prove it.

Documentation Is Everything

In audits, if it isn’t documented, it didn’t happen.

That includes:

  • Board minutes approving financial statements
  • Signed contracts
  • Revenue recognition support
  • Grant acquittals
  • Asset valuations
  • Lease calculations under AASB 16

Being audit ready means documentation is:

  • Centralised
  • Version controlled
  • Accessible
  • Complete

Auditors should not need to chase multiple departments repeatedly for basic evidence.

Alignment with Australian Accounting Standards

Australian Accounting Standards (AAS) align closely with IFRS but have specific local requirements.

Common areas where organisations struggle include:

  • Revenue recognition (AASB 15)
  • Leases (AASB 16)
  • Financial instruments (AASB 9)
  • Impairment assessments
  • Consolidations

Audit readiness means technical accounting positions are:

  • Clearly documented
  • Supported by calculations
  • Reviewed internally
  • Consistent year to year

If your team cannot explain why a treatment was adopted, auditors will flag it.

Governance and Board Oversight

Governance expectations are strong—particularly for public companies, large charities, and regulated entities.

Audit readiness includes:

  • Active audit and risk committees
  • Clear financial oversight
  • Documented risk management frameworks
  • Regular internal reporting

Board members should understand key financial judgments—not just sign off at year-end.

Data Integrity and Systems Reliability

Modern audits increasingly assess:

  • ERP system controls
  • Cybersecurity controls
  • Backup and disaster recovery
  • Data accuracy and integrity

Poor system controls often lead to expanded audit testing, higher fees, and delayed signoffs.

Audit readiness means your systems can:

  • Produce reliable reports
  • Track changes
  • Restrict unauthorised access
  • Maintain audit trails

Being Ready for Regulator Scrutiny

Audit readiness also means being prepared beyond the auditor.

Regulators such as ASIC, APRA, or the ACNC can request documentation, explanations, or supporting materials.

Organisations that are genuinely audit ready can:

  • Produce requested documents quickly
  • Demonstrate compliance clearly
  • Show consistent governance practices

This reduces regulatory risk and reputational damage.

Audit Readiness Reduces Cost and Stress

Audit fees continue to rise—particularly for regulated industries and larger organisations.

Poor readiness leads to:

  • Extended audit timelines
  • Multiple information requests
  • Rework and corrections
  • Increased audit fees

Strong readiness typically results in:

  • Faster fieldwork
  • Fewer audit adjustments
  • Cleaner audit reports
  • Better internal financial confidence

What Audit Readiness Is Not

Let’s be clear about common misconceptions.

Audit readiness is not:

  • A last-minute clean-up
  • Outsourcing responsibility to auditors
  • Relying on one finance team member
  • Assuming “we’ve always done it this way” is sufficient

It’s a structured, organisation-wide discipline.

The Real Definition of Audit Readiness

Audit readiness means:

Your organisation can demonstrate compliance, accuracy, governance, and control at any time—under regulatory and accounting standards—without scrambling for evidence.

It’s proactive, not reactive.

It’s embedded, not seasonal.

And it’s a competitive advantage.

If your organisation is preparing for growth, external funding, regulatory scrutiny, or board-level governance uplift, strengthening audit readiness is one of the most practical investments you can make.

Because when the auditor walks in, readiness shouldn’t start—it should already exist.

Learn more about Audit Readiness and use our free checklist to see how audit ready your organisation is.

The Importance of Conducting a Gap Analysis

Posted on by Marnie Cruickshank

In an increasingly regulated and risk-aware business environment, organisations are expected to demonstrate robust management of work health and safety (WHS), quality, and environmental responsibilities. These expectations are driven by legislation, industry standards, customer requirements, and broader societal demands for safe, ethical, and sustainable operations. One of the most effective ways for companies to ensure their management systems meet these obligations is through conducting a comprehensive gap analysis.

A gap analysis is a structured assessment that compares an organisation’s current practices against relevant legal requirements, standards, and best-practice frameworks. When applied across WHS, quality, and environmental management systems, it becomes a critical tool for identifying weaknesses, managing risk, and driving continual improvement.

Understanding Management System Gaps

Management systems such as WHS, quality, and environmental frameworks are often aligned with recognised standards, including ISO 45001 (Work Health and Safety), ISO 9001 (Quality), and ISO 14001 (Environmental Management). However, simply having policies or certifications in place does not guarantee compliance or effectiveness.

A gap analysis examines the difference between what is currently being done and what should be done to meet:

  • Legislative requirements (such as WHS Acts and Regulations)
  • International and Australian Standards
  • Industry codes of practice
  • Client, contractor, and supply-chain expectations

By identifying these gaps, organisations gain a clear and evidence-based understanding of where systems fall short, are inconsistent, or are not fully implemented.

Strengthening Legal and Regulatory Compliance

One of the most compelling reasons to conduct a gap analysis is to ensure compliance with laws and regulations. Under WHS legislation, organisations have a primary duty of care to provide a safe working environment. Failure to comply can result in serious incidents, prosecutions, financial penalties, and reputational damage.

Similarly, environmental legislation imposes strict obligations regarding pollution control, waste management, and resource use, while quality requirements are often embedded in contractual and consumer protection frameworks.

A gap analysis helps organisations:

  • Identify areas of non-compliance before regulators do
  • Address outdated procedures that no longer align with current legislation
  • Demonstrate due diligence and proactive risk management

This proactive approach significantly reduces the likelihood of enforcement action and supports defensible decision-making if incidents occur.

Improving Risk Management and Performance

Effective risk management is central to WHS, quality, and environmental systems. Without a clear understanding of system gaps, risks may remain unrecognised or inadequately controlled.

A gap analysis enables organisations to:

  • Identify missing or ineffective risk controls
  • Highlight inconsistencies between documented procedures and actual practice
  • Detect areas where staff competency, training, or awareness is insufficient

By addressing these gaps, organisations can reduce workplace injuries, product or service failures, and environmental incidents. This leads to improved operational performance, reduced downtime, and lower costs associated with rework, claims, and remediation.

Supporting Certification and Integrated Management Systems

Many organisations seek or maintain certification to ISO standards as a way of demonstrating credibility and consistency. A gap analysis is often the first step in achieving certification or transitioning between standards (for example, upgrading from older versions of ISO standards).

For organisations operating integrated management systems—where WHS, quality, and environmental requirements are managed together—a gap analysis helps:

  • Identify duplication or conflicting processes
  • Streamline documentation and governance
  • Align objectives and performance measures across systems

This integration improves efficiency and ensures that compliance efforts support broader business goals rather than operating in silos.

Enhancing Governance and Leadership Oversight

Strong governance requires visibility over risks and controls. Boards and senior leaders are increasingly accountable for WHS and environmental outcomes, particularly in high-risk industries.

A structured gap analysis provides leadership with:

  • Clear, objective insights into system maturity
  • Prioritised actions based on risk and impact
  • Evidence to support strategic investment in safety, quality, and sustainability initiatives

This level of insight allows leaders to make informed decisions and demonstrates a genuine commitment to responsible corporate management.

Building a Culture of Continuous Improvement

Beyond compliance, gap analysis plays a key role in fostering a culture of continuous improvement. It encourages organisations to move beyond “minimum compliance” and focus on effectiveness, efficiency, and resilience.

When conducted regularly, a gap analysis:

  • Encourages open discussion about system weaknesses
  • Engages workers and managers in improvement initiatives
  • Tracks progress over time and measures the effectiveness of corrective actions

This continuous improvement mindset supports long-term sustainability and adaptability in a changing regulatory and business landscape.

Conclusion

Conducting a gap analysis of work health and safety, quality, and environmental management systems is not merely a compliance exercise—it is a strategic business imperative. It enables organisations to identify risks, meet legal obligations, improve performance, and strengthen governance.

By investing time and resources into a thorough gap analysis, companies position themselves to protect their people, deliver consistent quality, minimise environmental impact, and build trust with regulators, clients, and the broader community. Ultimately, a well-executed gap analysis supports safer, more efficient, and more sustainable business operations.

Get in touch with us and make conducting your gap analysis easier. Or better still, subscribe to Sherm Software and you will be able to see and rectify gaps as they arise.

Work Health and Safety Requirements in Australia for 2026

Posted on by Marnie Cruickshank

As Australia enters 2026, employers and safety officers must stay vigilant in implementing and adapting to updated Work Health and Safety (WHS) obligations. WHS laws across Australia are governed by the model WHS Act and supported by WHS Regulations and Codes of Practice, which are adopted by each state and territory. The national policy is shaped by Safe Work Australia, while individual regulators enforce the rules on the ground.

Ongoing Duty to Provide a Safe Workplace

At the foundation of WHS laws is the primary duty of care for Persons Conducting a Business or Undertaking (PCBUs). This duty requires PCBUs to ensure, so far as is reasonably practicable, the health and safety of workers and others affected by their work. This includes:

  • Identifying hazards and assessing risks in all work activities.
  • Implementing control measures, using the hierarchy of controls.
  • Maintaining and reviewing controls to ensure ongoing effectiveness.
  • Consulting with workers about WHS issues and risk management.

Failure to meet these duties can result in significant penalties and enforcement action by WHS regulators.

Regulatory Updates Taking Effect in 2026

Psychosocial Hazards and Mental Health

Mental health and psychosocial hazards — such as bullying, excessive job demands, fatigue, poor organisational change management, and harassment — are now explicitly part of WHS risk management in many jurisdictions. New codes of practice and updated guidance seek to help duty holders identify and control these risks, with practical steps to prevent both psychological and physical harm.

Sexual and Gender-Based Harassment Code of Practice

From March 2025, a national Code of Practice on Sexual and Gender-Based Harassment came into effect. Employers must take proactive steps to prevent harassment (in person or online) and to establish appropriate controls, handling, and reporting processes.

Indexation of Penalties

Under recent changes, penalties under the WHS Act are indexed annually to reflect economic conditions. This means fines for breaches increase regularly, making compliance even more critical for PCBUs and officers.

Industry and Hazard-Specific Requirements

Workplace Exposure Standards

Australia is transitioning from Workplace Exposure Standards (WES) to Workplace Exposure Limits (WEL) for airborne contaminants. While WEL won’t apply until 1 December 2026, employers must still comply with current WES limits and prepare for the transition to the new limits, which may be stricter and align more closely with international benchmarks.

State and Territory Regulation Changes

Several jurisdictions have updated or remade their WHS Regulations to clarify duties and operations:

  • New WHS Regulations commenced in NSW in August 2025 with updated procedural requirements and risk management duties, including strengthened psychosocial risk provisions.
  • The ACT has revised multiple WHS Codes of Practice effective from late 2025 to reflect national model updates, covering noise, confined spaces, construction work, and risk controls.

Practical Steps for WHS Compliance in 2026

To meet WHS requirements in the new year, PCBUs and safety officers should focus on the following:

Conduct comprehensive risk assessments

Evaluate physical, chemical, biological, and psychosocial hazards. Document risks and apply the hierarchy of controls to eliminate or minimise them.

Review and update WHS documentation

Ensure policies, procedures, and codes of practice references are current and aligned with 2026 Regulations. Update safety management systems accordingly.

Train and consult with workers

Engage workers on WHS issues, ensure they understand hazards and controls, and involve them in risk management and continuous improvement efforts.

Prepare for WEL transition

Review your chemical exposure assessments and adjust controls in anticipation of WEL adoption from December 2026.

Plan for emergency and first aid readiness

Establish emergency plans, maintain first-aid resources, and conduct regular drills consistent with business.gov.au guidance.

Enforcement and Culture

Regulators in each state and territory will continue to enforce WHS laws through inspections, notices, and potential prosecutions for non-compliance. Promoting a proactive safety culture, where workers feel empowered to raise concerns without fear of reprisal, is one of the most effective ways to meet legal obligations and reduce workplace harm.

Conclusion

The WHS framework in Australia for 2026 builds on existing laws that require PCBUs to protect workers and others from harm. Key areas of focus this year include managing psychosocial hazards, complying with updated codes of practice, preparing for changes to exposure limits, and maintaining dynamic risk management practices. Employers and safety officers should prioritise these updates to ensure legal compliance and foster safer, healthier workplaces.

Sherm Software is here to help with all of these requirements, from managing the health and safety of your workers, subcontractors and visitors to site, to ensuring you are complying with updated codes of practice by having them available at your fingertips anytime in your Legal Register.

Get in touch with us today and see how amazing Sherm is.

End-of-Year WHS: What Every Workplace Should Prioritise

Posted on by Marnie Cruickshank

As the end of the year approaches, many workplaces experience increased pressure, changing schedules, and shifting priorities. While it can be a rewarding time, it also brings a unique set of Work Health and Safety (WHS) risks. The combination of fatigue, staff shortages, festive events, and operational deadlines means safety systems can easily become strained.

To ensure a safe and compliant close to the year—and a strong start to the next—businesses should take a proactive, structured approach to WHS. Here are the key concerns and obligations employers should address during the final months of the year.

Managing Fatigue and Workload Pressures

Why it matters

End-of-year deadlines, increased customer demand, and leave-related staffing gaps often result in longer hours or compressed workloads. Fatigue reduces concentration, slows reaction time, and significantly increases the risk of incidents.

Employer obligations

  • Monitor hours worked and ensure employees take adequate rest breaks
  • Review rosters to avoid excessive overtime or back-to-back shifts
  • Encourage reporting of fatigue-related concerns without stigma
  • Ensure management leads by example in maintaining sustainable workloads

Recommended actions

  • Implement fatigue checks for high-risk roles
  • Communicate clear expectations around workload management
  • Consider temporary staffing to avoid overburdening teams

Seasonal Stress and Mental Health Risks

Why it matters

End-of-year stressors—both professional and personal—can heighten psychological risks. High workloads, performance reviews, financial pressures, and holiday-related stress can impact wellbeing.

Employer obligations

  • Identify and manage psychosocial hazards as part of WHS duties
  • Provide access to mental health support services (e.g., EAP)
  • Foster a culture where psychological safety is prioritised

Recommended actions

  • Check in with staff about workplace pressures
  • Promote wellbeing initiatives and remind staff of support resources
  • Train supervisors to identify signs of stress or burnout

Safety Risks During End-of-Year Shutdowns or Ramp-Ups

Many businesses either slow down significantly or push into high-activity periods depending on the industry. Both come with WHS considerations.

If your workplace shuts down

  • Conduct shutdown inspections: electrical, plant, security, and hazardous substances
  • Develop procedures for safe isolation of equipment
  • Communicate clear shutdown responsibilities and timelines

If operations intensify

  • Reconfirm competency of all staff operating plant or equipment
  • Ensure temporary or seasonal workers receive full WHS inductions
  • Increase supervision in high-risk or high-traffic areas

Safe Celebrations and End-of-Year Events

Why it matters

Work functions—whether onsite or offsite—can introduce WHS risks related to alcohol, travel, behaviour, and environment.

Employer obligations

  • Provide a safe environment and manage foreseeable risks
  • Set clear standards of behaviour aligned with workplace policies
  • Have transport options or safe-travel guidance for attendees

Recommended actions

  • Communicate conduct expectations before events
  • Limit alcohol service and provide food and non-alcoholic options
  • Ensure managers understand their responsibilities during events

Reviewing Incidents, Hazards and Risk Controls

The end of the year is a strategic time to reflect on safety performance and prepare for the year ahead.

Employer obligations

  • Document and investigate all incidents and near misses
  • Review risk assessments for relevance and accuracy
  • Consult workers on what’s working and what needs improvement

Recommended actions

  • Analyse WHS data for trends
  • Update safety procedures and training plans
  • Schedule early-year WHS training refreshers

Ensuring Compliance With Legal and Reporting Requirements

End-of-year periods can distract from mandatory compliance obligations. Businesses should ensure no WHS requirements are overlooked.

Key obligations may include (depending on jurisdiction):

  • Maintaining up-to-date safety documentation and registers
  • Meeting reporting requirements for notifiable incidents
  • Ensuring licenses, permits, and certifications are current
  • Keeping training records complete and accurate

Recommended actions

  • Conduct an internal WHS audit or compliance check
  • Assign responsibility to a dedicated WHS coordinator or manager
  • Set up automated reminders for time-sensitive obligations

Preparing for the New Year

A strong start to the upcoming year depends on planning before the current year ends.

Recommended actions

  • Schedule safety meetings and training for the start of the new year
  • Update WHS objectives and targets
  • Plan maintenance or upgrades during shutdown periods
  • Communicate early about key safety initiatives for the coming year

Conclusion

End-of-year WHS management is not just about compliance—it’s about protecting people during a period known for higher risk. By focusing on fatigue, mental health, safe celebrations, operational changes, and compliance obligations, employers can safeguard their teams and set the stage for a productive and safe new year.

New Workplace Exposure Limits: What’s Changing and Why It Matters

Posted on by Marnie Cruickshank

What are Workplace Exposure Limits (WEL)?

Workplace Exposure Limits (WEL) are the maximum concentrations of airborne contaminants (dust, fumes, vapours, gases, mists) that a person can be exposed to in the workplace without suffering serious or long-term harm.

Starting 1 December 2026, WEL will officially replace the current Workplace Exposure Standards (WES) in Australia. While the old WES already served as protective benchmarks, the shift to WEL is more than just a name change — it reinforces that these are limits that must not be exceeded, not simply best-practice standards.

Why the Change?

  1. Better Health Protection – The WES were reviewed against more up-to-date health evidence. Based on this, many exposure limits have been revised. Some have been lowered to reflect newer research, while others have been raised, and a number of previously unlisted substances are now included.
  2. International Alignment – Renaming “standards” to “limits” brings Australian WHS terminology more in line with international practice.
  3. Regulatory Clarity – Calling them limits underscores a stricter compliance requirement: they aren’t aspirational targets but enforceable boundaries.

What Exactly Is Changing?

Safe Work Australia has published a detailed list of WELs showing how each airborne contaminant will be affected. Here are the key types of changes to expect:

  • Adjustments to Existing Limits: Some substances will have lower or higher exposure thresholds.
  • New Substances Added: Certain airborne contaminants not previously subject to a limit will now be regulated.
  • Merged or Split Groups: For example, some chemical groups are being combined, others split to reflect different health impacts or particle behaviours.
  • Removal of Some Limits: There are airborne contaminants known as Non-Threshold Genotoxic Carcinogens (NTGCs). These are substances for which no “safe” exposure level can be reliably established. For those, no WEL will be assigned — so PCBUs must eliminate, substitute, or reduce exposure “as much as reasonably practicable.”
  • Types of Limits: There are three kinds of exposure limits in the WEL:
    • TWA (8-hour time-weighted average) — average exposure over a standard shift.
    • STEL (Short-Term Exposure Limit) — average for a short period, typically 15 minutes.
    • Peak Limitation — the maximum instantaneous exposure allowed, even for very short moments.

What Does This Mean for Employers (PCBUs) and Workers?

For Employers / PCBUs:

  • Risk Assessment – Begin reviewing which airborne contaminants you generate or use. Compare your current exposure data (or planned data) against the new WEL values.
  • Control Measures – Use the hierarchy of controls: try to eliminate or substitute harmful substances first, then use engineering controls (ventilation, isolation), administrative controls, and only then PPE / respiratory protection.
  • Monitoring – Air monitoring may need to be reviewed or redone under the new limits. Consider engaging an occupational hygienist to help design monitoring programs.
  • Training and Consultation – Inform and consult with workers about the coming changes. Review Safety Data Sheets (SDS) and talk through exposure risks and controls.
  • Health Surveillance – Depending on the substances, you may need to introduce or upgrade health monitoring for workers.
  • Regulatory Compliance – Ensure you understand how WEL will be implemented under your jurisdiction’s WHS laws.

For Workers:

  • Know Your Rights – You are entitled to understand the risks in your environment, what airborne contaminants you’re exposed to, and what the new limits will mean for you.
  • Use PPE Properly – If respiratory protective equipment (RPE) is required, make sure you know how to fit and use it correctly.
  • Ask Questions – If you’re unsure about exposure, speak to your safety rep or management. Ask if air monitoring has been done or is planned.
  • Stop Work If Necessary – If you believe exposure levels are unsafe, you can raise this concern.

Challenges and Considerations

  • Non-Threshold Carcinogens: For NTGCs (chemicals where there’s no safe threshold), compliance isn’t about meeting a numerical limit — it’s about eliminating or reducing risk as much as reasonably practicable.
  • Multiple Contaminant Exposure: In practice, workers may be exposed to more than one airborne contaminant. The combined (or interactive) effects may be more harmful than each on its own, so a holistic risk assessment is necessary.
  • Resource Constraints: Especially for small businesses, implementing more rigorous monitoring, bringing in occupational hygienists, or upgrading engineering controls can be a cost and resource challenge.
  • Transition Period Awareness: Until 30 November 2026, the old WES still apply. But businesses should not delay preparation.

Next Steps — How to Prepare

  1. Audit Your Current Exposure
    • List all airborne contaminants in use or generated in your workplace
    • Check current exposure levels (or plan monitoring)
    • Compare with the upcoming WEL values (once published)
  2. Engage Experts
    • Consider hiring an occupational hygienist or WHS consultant
    • Use their expertise to design control measures and exposure monitoring
  3. Update Risk Management Plans
    • Review your WHS risk register and update it for WEL risks
    • Revise safe work method statements (SWMS) or SOPs if needed
  4. Train Your Team
    • Run training on the new limits, on appropriate PPE, and on hazard recognition
    • Encourage consultation with workers — especially those working directly with the contaminants
  5. Health Monitoring
    • Where relevant, implement medical surveillance / health-check programs for workers exposed to airborne contaminants.
  6. Stay Informed
    • Subscribe to Safe Work Australia’s “Exposure Standards” mailing list for updates.
    • Check your regulator’s website for local guidance, as implementation details may vary by state / territory

Conclusion

The move to Workplace Exposure Limits (WEL) marks a major step forward for occupational health in Australia. By tightening and updating exposure thresholds, introducing new substances, and changing the language to reinforce these as non-negotiable limits, the transition strengthens protection for workers against airborne hazards.

But it’s not just a regulatory change — it’s a call to action. Employers need to assess, plan, control, monitor, and train. Workers need to stay informed, engage in safety discussions, and make sure protections are in place.

As we all know, time flies. 1 December 2026 seems far away, but there’s a lot to do prior to the implementation date, so the time to prepare is now.

Sherm Software can be a lifesaving tool for your workers and workplace. Sherm’s Registers module includes the Chemical Register which documents all chemicals used within the business, monitors SDS expiry with notification sent when renewal is required, and retains completed Risk Assessments uploaded as an attachment or Sherm gives you the ability to complete an Electronic Risk Assessment. Workers can access SDS on Sherm’s Mobile App.

Your SWMS’s and SOP’s are maintained in Sherm’s Documentation module making them available to workers at any time using the Mobile App.

Training on new limits, appropriate PPE, and on hazard recognition can be scheduled using Sherm’s Training and Competency module ensuring workers are informed and safe, and your obligations have been met.

Sherm’s People module ensures all Health Information is retained with the workers details where medical surveillance / health-check programs have been implemented, with notification sent when retesting is due.

Get in touch with us today and let Sherm help you.

App Login