ISO 45001 Internal Audits in South Africa: What DoL Inspectors Actually Look For

There is a common misconception among South African safety managers that a passing ISO 45001 internal audit provides protection against DoL enforcement action. It does not. ISO 45001 and the OHS Act have different objectives, different evidence requirements, and different enforcement mechanisms. Understanding the distinction — and building a system that satisfies both simultaneously — is the key to genuine compliance.

What ISO 45001 Clause 9.2 Requires

ISO 45001 Clause 9.2 requires organisations to conduct internal audits at planned intervals to determine whether the OHS management system conforms to the organisation's own requirements and the requirements of the standard, and is effectively implemented and maintained. The audit programme must consider the importance of the processes concerned, changes affecting the organisation, and the results of previous audits.

The standard requires that audit results be reported to relevant management and that corrective actions be taken without undue delay. Documented information must be retained as evidence of the audit programme and the audit results.

What DoL Inspectors Actually Look For

A DoL inspector conducting an unannounced inspection under the OHS Act is not auditing your management system. They are looking for specific evidence that specific legal requirements are being met. The questions they ask are concrete and operational.

Are the risk assessments current and do they reflect the actual hazards present on site today? Are the legal appointments in place and are the appointees' competency certificates valid? Are the incident records complete and have the required reports been submitted within the prescribed timeframes? Are the training records current and do they demonstrate that operators hold valid certificates for the equipment they are operating?

These questions are not answered by a management system audit score. They are answered by the operational records that the management system is supposed to generate and maintain.

Bridging the Gap

The organisations that perform best in both ISO 45001 surveillance audits and DoL inspections are those that have built systems where the management system audit and the operational compliance check are the same exercise. When an internal auditor reviews the risk assessment process, they are simultaneously verifying that the risk assessments are current, that the controls are being monitored, and that the evidence trail is complete.

SHEQ24's audit management module supports this integrated approach. Internal audits are conducted against templates that map ISO 45001 clauses to the specific OHS Act requirements that satisfy them. A finding that the risk assessment process is not being followed generates a corrective action that addresses both the ISO non-conformance and the OHS Act compliance gap simultaneously.

The Corrective Action Imperative

The most common failure point in South African OHS management systems is not the audit — it is the corrective action. Organisations conduct audits, identify findings, and then fail to close the corrective actions within the required timeframe. When a DoL inspector arrives and finds open corrective actions from an internal audit conducted six months earlier, the audit record becomes evidence of known non-compliance rather than evidence of systematic management.

SHEQ24's closed-loop corrective action process prevents this outcome. Every audit finding generates a corrective action with a mandatory due date. The system sends automated reminders as the due date approaches and escalates to senior management if the action is not closed on time. The audit finding remains open in the system until the corrective action is verified as effective — creating the closed-loop evidence trail that both ISO certification bodies and DoL inspectors require.