Sherm Login

Tag: HSEQ Best Practices

Common Reasons Businesses Fail WHS, ISO or Principal Contractor Audits

Posted on by Marnie Cruickshank

Workplace audits, whether for Work Health and Safety (WHS), ISO certification, or principal contractor compliance, are designed to ensure businesses operate safely, legally, and systematically.

Audits may be conducted under state-based WHS regulators such as Safe Work Australia (policy body), enforcement authorities like SafeWork NSW, or as part of ISO certification through standards developed by International Organisation for Standardisation. Principal contractors on construction projects also conduct prequalification and ongoing compliance audits to manage site risk.

Despite good intentions, many businesses fail these audits for preventable reasons. Below are the most common causes, and how to avoid them.

Incomplete or Outdated Safety Management Systems

A common failure point is having a WHS or ISO system that looks good on paper but hasn’t been updated, or implemented, in practice.

Typical issues include:

  • Policies not reviewed annually
  • Procedures that don’t reflect current operations
  • Missing version control
  • Documents that reference outdated legislation

Auditors look for evidence that your system is live, current, and embedded, not just a template stored in a folder.

How to avoid it:

Schedule annual management reviews and document revisions. Ensure procedures match actual site practices.

Poor Hazard Identification and Risk Assessments

Under harmonised WHS laws, businesses must identify hazards and implement effective controls.

Audit failures often arise from:

  • Generic, copy-paste risk assessments
  • Missing Safe Work Method Statements (SWMS)
  • No evidence of site-specific risk review
  • Controls not aligned with the hierarchy of control

Principal contractors in construction are especially strict about SWMS compliance and site-specific risk management.

How to avoid it:

Ensure risk assessments are task-specific, signed, dated, and reviewed when conditions change.

Inadequate Training and Competency Records

You may have competent workers, but if you can’t prove it, you can fail the audit.

Common documentation gaps include:

  • Expired high-risk work licences
  • Missing VOC (Verification of Competency) records
  • No training matrix
  • No induction records
  • No refresher training evidence

ISO standards such as ISO 9001 and ISO 45001 require documented competency evidence.

How to avoid it:

Maintain a live training register and monitor expiry dates proactively.

Lack of Consultation and Worker Participation

WHS laws require consultation with workers on safety matters.

Auditors may ask:

  • How are workers consulted about hazards?
  • Are toolbox talks documented?
  • Is there evidence of safety meetings?
  • Are HSRs (Health and Safety Representatives) involved?

If consultation is informal and undocumented, it may not meet compliance requirements.

How to avoid it:

Keep minutes of toolbox talks and safety meetings. Record attendance and action items.

Incident Reporting and Investigation Failures

Many businesses fail audits not because incidents occurred, but because they weren’t managed correctly.

Red flags include:

  • No incident register
  • No investigation reports
  • No root cause analysis
  • Corrective actions not tracked
  • Notifiable incidents not reported

Regulators expect a structured approach to incident management and corrective actions.

How to avoid it:

Use a formal incident reporting system and track corrective actions through to completion.

Contractor Management Gaps

Principal contractor audits often focus heavily on subcontractor compliance.

Common issues:

  • No contractor prequalification process
  • Missing insurances
  • No SWMS review process
  • No evidence of subcontractor induction
  • Lack of monitoring and supervision

If you can’t demonstrate oversight of subcontractors, you may fail site audits.

How to avoid it:

Implement a documented contractor management procedure with checklists and approval records.

Internal Audits Not Conducted (or Not Effective)

For ISO-certified businesses, internal audits are mandatory.

Frequent problems include:

  • No internal audit schedule
  • Superficial audits with no findings
  • No evidence of corrective action follow-up
  • Management reviews not conducted

Auditors expect to see continuous improvement, not just compliance.

How to avoid it:

Conduct structured internal audits annually and document management review outcomes.

Poor Document Control

Document control is a major ISO audit focus area.

Typical failures:

  • Uncontrolled forms in circulation
  • Staff using outdated procedures
  • Missing document registers
  • No approval signatures

Even strong systems can fail audits if document control is weak.

How to avoid it:

Use a controlled document register with version numbers and review dates.

Leadership and Due Diligence Gaps

Under WHS laws, company officers must exercise due diligence.

Auditors may question:

  • How leadership monitors WHS performance
  • Whether safety KPIs are reviewed
  • If directors receive safety reports
  • How compliance obligations are tracked

If leadership cannot demonstrate active involvement, this can result in major non-conformances.

How to avoid it:

Document board-level WHS reporting and decision-making processes.

“Paper Compliance” Without Real Implementation

One of the biggest audit failures is when systems exist, but workers don’t follow them.

Auditors commonly:

  • Interview workers
  • Observe work practices
  • Compare procedures against actual behaviour

If there’s a disconnect between documentation and practice, it’s a serious red flag.

How to avoid it:

Ensure supervisors enforce procedures and conduct regular site inspections.

Final Thoughts

Most WHS, ISO, and principal contractor audit failures aren’t caused by catastrophic breaches, they’re caused by:

  • Inconsistent documentation
  • Lack of follow-through
  • Poor monitoring
  • Weak leadership engagement

The key to passing audits is embedding safety and compliance into everyday operations, not treating audits as one-off events.

If your systems are current, documented, implemented, and regularly reviewed, audits become far less stressful, and far more predictable.

Proactive compliance doesn’t just help you pass audits, it strengthens your business resilience, protects workers, and enhances your reputation in competitive industries like construction, manufacturing, and civil works.

This article expands on concepts covered in our Audit Readiness pillar page, which explains how these failures can be prevented structurally.

Is RF EME the Next Emerging WHS Risk? Here’s Why You Should Pay Attention

Posted on by Caroline Kingston

In today’s tech-saturated world, Radiofrequency Electromagnetic Energy (RF EME) is everywhere—from mobile phone towers and Wi-Fi routers to smart meters and industrial antennas. While most regulatory bodies claim current exposure levels are safe, growing independent research suggests it’s time to look deeper.

At Sherm, we’re always thinking ahead for our clients. That’s why we’ve just released a new RF EME Awareness Procedure and Risk Assessment Template as part of our commitment to emerging risk management.

⚠️ The Science Isn’t Settled—But the Risk Is Real

Regulatory bodies like ARPANSA and ICNIRP base exposure limits on thermal effects (tissue heating). However, independent research—including the BioInitiative Report and studies published in peer-reviewed journals—highlights non-thermal biological effects such as:

  • Oxidative stress

  • Sleep disturbance

  • DNA damage

  • Neurological changes

  • Increased cancer risk

These effects have been observed at exposure levels well below current “safe” limits.

📋 What Sherm Clients Can Access Now

Our new RF EME document pack includes:

  • A practical RF EME Awareness Procedure aligned with WHS obligations

  • A ready-to-use Risk Assessment Template for evaluating site-based exposure

  • A contrast between ARPANSA/ICNIRP standards and precautionary guidelines recommended by the BioInitiative Report

These documents are perfect for organisations working near high-frequency zones or simply wanting to stay ahead of emerging compliance expectations.

🧭 Leading with Precaution

While there may be no official consensus yet, the principle of “better safe than sorry” has never been more relevant. Proactive management of RF EME exposure isn’t just smart risk governance—it’s responsible leadership in health and safety.

Ready to empower your workforce and strengthen your WHS compliance?

👉 Contact Sherm to learn more or request access to our RF EME documentation suite.

App Login