Safety Program Audit Guide: How to Evaluate What's Actually Working

A safety program audit reveals the gap between policy and practice. Learn the audit framework, key documents to review, and how to act on what you find

Updated February 27, 2026 · 7 min read

Reviewed by: SafetyRegulatory Editorial Team

Regulation check: February 27, 2026

Next scheduled review: August 27, 2026

Most safety programs look good on paper. The written programs exist. The training records are filed. The inspection checklists are in a binder somewhere. A safety program audit tells you whether any of that is actually working.

The audit is the gap analysis between what your program says and what people actually do on the floor.

What a Safety Program Audit Is (and What It Isn’t)

There are two broad types of audits, and mixing them up leads to wasted effort.

A compliance audit checks whether required elements exist. Do you have a written lockout/tagout program? Does it meet 29 CFR 1910.147? Are the affected employees trained? Compliance audits are important when you’re new to a site or preparing for an OSHA inspection. They’re a baseline check.

A program effectiveness audit goes further. It asks whether the program works. Workers may be trained on lockout/tagout, but do they actually follow the procedure? Are supervisors enforcing it? Are energy control procedures updated when equipment changes? This is where most programs fail. Effectiveness audits require observation, interviews, and honest conversation.

You need both. Start with compliance if you’re new. Move toward effectiveness once the baseline is solid.

When to Audit

The annual audit is the minimum. But there are four situations where you shouldn’t wait for the calendar.

When you start a new safety manager role, audit within your first 90 days. You need to know what you’re actually working with, not what you’ve been told. See the first 90 days guide for a full onboarding framework.

After a serious incident or near-miss, audit the relevant program immediately. A recordable injury during a confined space entry is not just a recordkeeping event. It’s a signal that something in your permit system, training, or supervision broke down. Find out what.

Before an OSHA inspection, if you have advance notice or reason to believe one is coming. Knowing your gaps before an inspector does gives you time to fix what’s fixable and document the rest.

After major operational changes, including new equipment, new processes, new facilities, or significant workforce changes. Your programs are built around specific conditions. When conditions change, the programs need to catch up.

The Audit Framework

A thorough audit has three components: document review, field observation, and interviews. Running only one or two of these will produce a partial picture.

Document Review

Pull every written safety program the site is supposed to maintain. For most general industry employers, that list includes hazard communication, lockout/tagout, confined space entry, respiratory protection, PPE assessment, emergency action plan, and fall protection, among others. For construction sites, the list shifts but the principle is the same.

For each program, check four things. Does the document exist? Is it current? Does it match your actual conditions and equipment? And does it reflect how work is actually performed?

A lockout/tagout program written in 2018 that still references equipment you replaced in 2022 is non-compliant. A confined space entry permit with a generic template that doesn’t match your actual space configurations is worse than useless.

Also pull training records. For each required program, confirm that every employee who needs the training has received it, when they received it, and whether refresher training is current. Training records with no names, no dates, or no topic are red flags.

Pull your OSHA 300 log and the last three years of incident data. Look for patterns. Repeated injuries in the same department, same task, or same shift point to a program that isn’t working. See the OSHA 300 log recordkeeping guide for what those records should look like.

Equipment inspection logs matter too. If your fall protection equipment is supposed to be inspected before each use, you should find documentation. If you’re looking at a pile of harnesses with no inspection tags and no records, that’s a finding.

Field Observation

Walk the floor. Spend time in each department or work area. You’re not looking for one violation to write up. You’re watching to see whether the programs you just reviewed in the documents are reflected in how work actually happens.

Watch how workers handle lockout/tagout on a real task. Watch how chemical containers are labeled and stored. Watch how PPE is selected, used, and maintained. Watch whether supervisors correct unsafe behavior when they see it or look the other way.

Document what you see with notes and photos. Be specific. “Workers in Bay 3 using angle grinders without face shields on two occasions, 9:15 AM and 10:40 AM, on March 5” is a useful observation. “Some workers not wearing PPE” is not.

Interviews

Talk to workers, supervisors, and managers separately. Ask workers whether they know where to report a hazard, whether they feel comfortable doing so, and whether they’ve seen reports acted on. Ask supervisors how they handle a worker who refuses to follow a safety procedure. Ask managers what safety metrics they review and how often.

The gaps between what the documents say, what you observe, and what people tell you are your most important findings.

What to Audit

Cover these areas in every full program audit:

Written programs and their content accuracy. Training records and completion rates. Hazard identification processes, including how hazards are reported and how reports are tracked. Incident investigation records, looking at whether root causes are identified and whether corrective actions are actually implemented. Equipment inspection logs across all regulated equipment categories. Emergency action plan currency and whether employees know their roles. Management of change procedures for new equipment or processes. And your job hazard analysis library, checking whether JHAs exist for high-hazard tasks and whether workers use them.

Scoring and Reporting Findings

Don’t give every finding equal weight. A missing respirator fit test record and an unlocked electrical panel are not the same severity of problem.

Use a three-tier priority ranking. Priority 1 is an immediate hazard requiring correction before the work continues. Priority 2 is a serious non-compliance that needs correction within 30 days. Priority 3 is a program improvement item with a 90-day window.

Your audit report should include the finding, the applicable standard or program requirement, the priority level, the assigned corrective owner, and the due date. Keep this in a living corrective action log, not a static report that gets filed and forgotten.

Present findings to management in summary form. A one-page dashboard showing total findings by priority, percentage closed from the last audit, and top three programs with gaps is far more actionable than a 40-page report. The management buy-in guide covers how to frame this conversation.

The Gap Between Paper and Practice

The most common finding in any safety program audit isn’t a missing document. It’s a complete disconnect between what the document says and what happens at the job site.

Written programs that were copied from a template without being customized to your actual operations. Training records that show completion but workers who can’t describe what they were trained on. Inspection checklists that are filled out at a desk, not in the field. Incident investigation forms where every root cause is listed as “worker error” regardless of the actual facts.

These aren’t just compliance problems. They’re signals that safety is managed as paperwork, not as a real operating discipline. That distinction matters, because the paperwork compliance provides almost no actual protection. OSHA inspectors know what real programs look like.

Getting Corrective Actions Done

Finding gaps is the easy part. Getting them fixed is where audits either produce results or become exercises in documentation.

Assign every corrective action to a specific person, not a department. “Maintenance Department” won’t fix anything. “John Rivera, Maintenance Supervisor” will, especially when he’s reporting progress at the monthly safety meeting.

Build a business case for significant corrective actions. A supervisor who won’t replace worn fall protection equipment will respond differently when you frame it as a $15,625 OSHA penalty for a serious violation versus a line-item in next year’s budget. The ANSI/ASSP Z10.0 standard provides a hierarchy of controls framework that helps prioritize corrections based on engineering, administrative, and PPE solutions in the right order.

Connect corrective actions to incident costs wherever the data supports it. Workers’ compensation claims, lost productivity, and equipment damage all have real dollar values. Audits that come with cost data get funded. Audits that produce a list of citations do not.

For the long game, document every corrective action you complete. Build a record over time that shows the program is improving, not just cycling through the same findings year after year. That record matters in an OSHA inspection, in litigation, and in your own credibility with leadership.

If you’re preparing to sit for the Certified Safety Professional (CSP) exam, safety program auditing is a core domain. Real audit experience backed by the ANSI Z10 framework is worth more than any prep course.

Sources

Spot an issue or outdated citation? Report a correction.

Related Guides

Your First 90 Days as a Safety Manager: What to Actually Do How to Get Management Buy-In for Safety Programs (2026) OSHA Recordkeeping: How to Fill Out the 300 Log and What Must Be Recorded (2026) Job Hazard Analysis (JHA/JSA): How to Write One That Actually Works (2026) CSP Certification: Requirements, Exam, Cost & Career Impact (2026)