Internal Audit Programme¶
Document Reference: HSQEMS-IAP-2026 Version: 1.0 Classification: CRGI Information Document Owner: Sean Ashton, Operations Manager Approved By: Dragos Ciordas, CEO Issue Date: 14/03/2026
1. Purpose¶
This audit programme defines the scope, schedule, and system elements to be audited for each internal audit cycle, ensuring full coverage of the integrated management system across ISO 9001:2015, ISO 14001:2015, and ISO 45001:2018.
The programme follows the structure established in the legacy QEMS audit plan, updated with new HSQEMS document references and expanded to reflect the integrated H, S, Q & E scope.
2. System Elements per Audit Section¶
The table below defines which policies, procedures, and registers/records are to be examined during each audit area. This ensures every element of the IMS is audited at least once per annual cycle.
Section 1 & 2 — Context of the Organisation & Leadership¶
| Category | HSQEMS Documents to be Audited |
|---|---|
| Policies | HPOL01 HSQE Policy, Statement of Intent |
| Procedures | HPROC19 Customer Feedback, HPROC05 Objectives & KPI Management |
| Registers & Records | HREG01 Risk & Opportunity Register, HREG04 Legal Compliance Register, HREG05 Objectives & KPI Register |
| Other Documents | HSQEMS01 IMS Manual, HSQEMS02 Scope & Context (SWOT, PESTLE, Context & Interested Parties), HSQEMS03 Roles & Responsibilities, APP01 Organisation Chart, HFORM09 Management Review Minutes |
| ISO Clauses | 4.1, 4.2, 4.3, 4.4, 5.1, 5.2, 5.3 |
Section 3 — Planning¶
| Category | HSQEMS Documents to be Audited |
|---|---|
| Policies | HPOL05 Risk Assessment |
| Procedures | HPROC01 Risk Assessment, HPROC02 Hazard Identification, HPROC03 Environmental Aspect Identification, HPROC04 Legal Compliance Evaluation, HPROC05 Objectives & KPI Management |
| Registers & Records | HREG01 Risk & Opportunity Register, HREG02 Environmental Aspects Register, HREG03 Hazard Register, HREG04 Legal Compliance Register, HREG05 Objectives & KPI Register |
| Other Documents | Document Traceability Register |
| ISO Clauses | 6.1, 6.2 (9001/14001/45001) |
Section 4 — Support¶
| Category | HSQEMS Documents to be Audited |
|---|---|
| Policies | HPOL06 Training |
| Procedures | HPROC09 Training Delivery, HPROC10 Document Control, HPROC11 Calibration Control |
| Registers & Records | HREG06 Training & Competency Matrix, HREG12 Calibration Log, HREG13 Software Validation Log |
| Forms | HFORM04 Training Record, HFORM16 Toolbox Talk Record, HFORM17 Calibration Record, HFORM18 Induction Checklist |
| Other Documents | Training & Competence records (inductions, DSE assessments, toolbox talks) |
| ISO Clauses | 7.1, 7.2, 7.3, 7.4, 7.5 (9001/14001/45001) |
Section 5 — Operations¶
| Category | HSQEMS Documents to be Audited |
|---|---|
| Policies | HPOL22 CDM Designer Duties, HPOL18 Emergency Response |
| Procedures | HPROC06 Design Process Control, HPROC07 Change Management, HPROC08 Supplier Assessment, HPROC16 Emergency Response, HPROC20 RAMS Production |
| Registers & Records | HREG10 Approved Supplier List, HREG11 Equipment & Asset Register, HREG14 Emergency Equipment Log |
| Forms | HFORM06 Supplier Assessment, HFORM07 Change Request, HFORM15 RAMS Template |
| Other Documents | Supplier PQQs & evaluations, RAMS archive, Emergency Preparedness & Response Matrix |
| ISO Clauses | 8.1, 8.2 (9001), 8.1, 8.2 (14001), 8.1, 8.2 (45001) |
Section 6 — Performance Evaluation¶
| Category | HSQEMS Documents to be Audited |
|---|---|
| Policies | HPOL01 HSQE Policy |
| Procedures | HPROC12 Internal Audit, HPROC13 Management Review, HPROC05 Objectives & KPI Management |
| Registers & Records | HREG01 Risk & Opportunity Register, HREG05 Objectives & KPI Register, HREG07 Internal Audit Log, HREG08 Corrective Action Log, HREG15 Customer Feedback Log |
| Forms | HFORM08 Audit Checklist, HFORM09 Management Review Template, HFORM10 Customer Feedback |
| Other Documents | HSQEMS02 Scope & Context (Context & Interested Parties), Internal Audit Reports, Management Review Minutes |
| ISO Clauses | 9.1, 9.2, 9.3 (9001/14001/45001) |
Section 7 — Improvement¶
| Category | HSQEMS Documents to be Audited |
|---|---|
| Procedures | HPROC14 Corrective Action, HPROC19 Customer Feedback |
| Registers & Records | HREG08 Corrective Action Log, HREG15 Customer Feedback Log |
| Forms | HFORM05 Corrective Action, HFORM10 Customer Feedback |
| Other Documents | Management Review Minutes (HFORM09), Continual Improvement Register |
| ISO Clauses | 10.1, 10.2, 10.3 (9001/14001/45001) |
Section 8 — Health and Safety¶
| Category | HSQEMS Documents to be Audited |
|---|---|
| Policies | HPOL04 Health & Safety, HPOL05 Risk Assessment, HPOL10 Drug & Alcohol, HPOL11 Fatigue Management, HPOL12 Behavioural Safety, HPOL15 PPE, HPOL16 Welfare Facilities, HPOL17 First Aid, HPOL18 Emergency Response, HPOL19 Manual Handling, HPOL22 CDM Designer Duties |
| Procedures | HPROC01 Risk Assessment, HPROC02 Hazard Identification, HPROC15 Incident Investigation, HPROC16 Emergency Response, HPROC20 RAMS Production |
| Registers & Records | HREG03 Hazard Register, HREG04 Legal Compliance Register, HREG09 Incident Log, HREG11 Equipment & Asset Register, HREG12 Calibration Log, HREG14 Emergency Equipment Log, HREG16 COSHH Register |
| Forms | HFORM01 Risk Assessment, HFORM02 Hazard Report, HFORM03 Incident Report, HFORM12 COSHH Assessment, HFORM13 Fire Risk Assessment, HFORM14 First Aid Assessment |
| Risk Assessments | RA001–RA010 (all site-specific risk assessments) |
| ISO Clauses | 6.1.2, 8.1.2, 8.2, 10.2 (45001 specific) |
Section 9 — Environmental¶
| Category | HSQEMS Documents to be Audited |
|---|---|
| Policies | HPOL03 Environmental Policy, HPOL14 Ethical Purchasing |
| Procedures | HPROC03 Environmental Aspect Identification, HPROC04 Legal Compliance Evaluation, HPROC17 Waste Management, HPROC18 Environmental Monitoring |
| Registers & Records | HREG02 Environmental Aspects Register, HREG04 Legal Compliance Register |
| Other Documents | Life Cycle Analysis records, Environmental performance data |
| ISO Clauses | 6.1.2, 6.1.3, 8.1, 8.2, 9.1.2 (14001 specific) |
3. Audit Schedule¶
3.1 — 2025 Audit Cycle (Completed)¶
The inaugural internal audit programme was conducted between April–May 2025 during the first 14 weeks of IMS operation under the legacy QEMS platform.
| Audit Ref | Section | Area | Date | Auditor | NCs | CARs Raised | Status |
|---|---|---|---|---|---|---|---|
| IA-RPT-2025-001 | 1 & 2 | Context & Leadership | 19/05/2025 | Sean Ashton | 1 | CAR-2025-001 | Closed |
| IA-RPT-2025-002 | 3 | Planning | 19/05/2025 | Sean Ashton | 1 | CAR-2025-002 | Open |
| IA-RPT-2025-003 | 4 | Support | 20/05/2025 | Sean Ashton | 1 | CAR-2025-003 | Open |
| IA-RPT-2025-004 | 5 | Operations | 21/05/2025 | Sean Ashton | 1 | CAR-2025-004 | Closed |
| IA-RPT-2025-005 | 9 | Environmental | 21/05/2025 | Sean Ashton | 1 | CAR-2025-005 | Closed |
| IA-RPT-2025-006 | 6 | Performance Evaluation | 22/05/2025 | Sean Ashton | 1 | CAR-2025-006 | Closed |
| IA-RPT-2025-007 | 8 | Health & Safety | 17/04/2025 | Sean Ashton | 3 | CAR-2025-007/008/009 | Closed |
| IA-RPT-2025-008 | 7 | Improvement | 28/05/2025 | Sean Ashton | 2 | CAR-2025-010/011 | Open |
2025 Summary: 8 audits completed, 11 NCs identified, 11 CARs raised (8 closed, 3 open).
3.2 — 2026 Audit Cycle (Planned)¶
The 2026 audit programme covers the full HSQEMS scope following the system migration from the legacy QEMS platform. Audits are scheduled quarterly across the year to ensure continuous coverage.
| Audit Ref | Section | Area | Planned Date | Lead Auditor | Scope Focus | Status |
|---|---|---|---|---|---|---|
| IA-RPT-2026-001 | 1 & 2 | Context & Leadership | June 2026 | Sean Ashton | Post-migration system effectiveness, updated context analysis, leadership review of new portal | Planned |
| IA-RPT-2026-002 | 3 | Planning | June 2026 | Sean Ashton | Risk registers in new format, hazard/aspect identification, objective tracking via HSQEMS portal | Planned |
| IA-RPT-2026-003 | 4 | Support | July 2026 | Sean Ashton | Training records migration, competency verification, document control in MkDocs, calibration records | Planned |
| IA-RPT-2026-004 | 5 | Operations | July 2026 | Sean Ashton | RAMS production via HPROC20, supplier management, CDM compliance (HPOL22), emergency preparedness | Planned |
| IA-RPT-2026-005 | 9 | Environmental | August 2026 | Sean Ashton | Environmental performance baseline (CAR-2025-005 follow-up), waste management, aspect significance review | Planned |
| IA-RPT-2026-006 | 6 | Performance Evaluation | September 2026 | Sean Ashton | Audit programme effectiveness, KPI monitoring, management review outputs, customer satisfaction | Planned |
| IA-RPT-2026-007 | 8 | Health & Safety | September 2026 | Sean Ashton | Risk assessment currency, incident reporting, H&S documentation, PPE verification, close-out of 2025 H&S CARs | Planned |
| IA-RPT-2026-008 | 7 | Improvement | October 2026 | Sean Ashton | Continual improvement programme (CAR-2025-010 follow-up), corrective action effectiveness, management review actions | Planned |
Surveillance Audit
Surveillance 1 audit by Approachable Certification is scheduled for 27/03/2026. The 2026 internal audit programme is deliberately scheduled to commence after the surveillance audit to allow any external findings to be incorporated into the internal audit scope.
Open CARs from 2025
The 2026 programme will specifically follow up on three open CARs from 2025:
- CAR-2025-002 (Objective monitoring dashboard) — to be reviewed in IA-RPT-2026-002
- CAR-2025-003 (Training matrix competency dates) — to be reviewed in IA-RPT-2026-003
- CAR-2025-010/011 (Continual improvement programme) — to be reviewed in IA-RPT-2026-008
4. Audit Methodology¶
All internal audits are conducted in accordance with HPROC12 — Internal Audit Procedure and follow the methodology defined below:
- Planning — Audit scope and criteria defined using this programme; notification issued to auditees minimum 5 working days in advance
- Preparation — Audit checklist prepared using HFORM08; previous audit findings and open CARs reviewed
- Execution — Document review, staff interviews, process observation (remote via video where applicable), evidence sampling
- Reporting — Audit report prepared using the standard Internal Audit Report template; NCs raised with CAR references
- Follow-up — Corrective actions tracked via HREG08; effectiveness verified before close-out
- Recording — All audits logged in HREG07 Internal Audit Log
5. Auditor Competence¶
| Auditor | Qualification | Role |
|---|---|---|
| Sean Ashton | Lead Auditor (ISO 9001/14001/45001), Operations Manager | Lead Internal Auditor |
| External (TBC) | Qualified auditor to be appointed for independence where required | Supporting Auditor |
Auditor Independence
Where the Operations Manager is the process owner of the area being audited, an external qualified auditor or the CEO will participate to ensure audit independence per ISO 19011 guidelines.
6. Related Documents¶
| Document | Reference |
|---|---|
| Internal Audit Procedure | HPROC12 |
| Audit Checklist | HFORM08 |
| Internal Audit Log | HREG07 |
| Corrective Action Procedure | HPROC14 |
| Corrective Action Log | HREG08 |
| Management Review Procedure | HPROC13 |
Document Owner: Sean Ashton, Operations Manager Last Updated: 14/03/2026 Classification: CRGI Information