Auckland Transport

Audit procedure


  1. Background and purpose

Auckland Transport (AT) strives to continually improve its Health and Safety Management System and a critical part of this is the assessment of performance related to its objectives and targets. This will be undertaken through health and safety audits that will assist with providing assurance to AT’s Board that it is managing its health and safety risks effectively, and meeting its policy and legislative obligations.

Other health and safety performance monitoring may be required where significant risk is associated with tasks or particular workplaces.

  1. Scope

This procedure applies to all AT employees, members of the public, visitors, and suplliers who may be affected by AT’s activities or who undertake activities on behalf of AT.  It has been completed to align with Auckland Transport’s health and safety framework.

This procedure is to be read in conjunction with the relevant AT Health and Safety Roles and Responsibilities Standard.

  1. Responsibilities

Divisional Managers

  • Plan and undertake audits to ensure health and safety performance is reviewed on a regular basis.
  • Select competent auditors to undertake audits within their area of responsibility.
  •  A process and plan is in place to undertake, review and manage audits and audit recommendations.
  • All managers are aware and understand their responsibility to ensure this procedure is implemented within their area of work or workplace.

Line Managers

  • Participate and co-operate with aspects of the audit and with the auditor.
  • Ensure all their employees participate in the process for audits and cooperate with auditors.
  • Assist with actioning of any audit recommendations and outcomes.


  • Participating in aspects of the audit process and auditor requirements.
  • Assisting management with implementation of any audit recommendations and outcomes.

Health and Safety Manager

  • Developing an audit process and system, and ensuring the process is regularly reviewed.
  • Ensuring health and safety management system audits are undertaken annually.
  • Supporting the organisation in appointing a competent auditor to undertake audits.
  • Supporting and advising management on effective implementation of audit recommendations and outcomes.
  • Reporting all audit findings and outcomes to the ELT and Board.
  1. Process

Audit Programme

A H&S management audit programme for AT shall be developed based on a ‘Tier’ system of auditing, on organisation wide risks, and on the results of other audits.

Tier 1 audits are inter-organisation audits that examine AT policy and its strategic framework. These shall be undertaken by external assessment bodies and are identified through the AT audit programme.

Tier 2 audits examine supplier’s performance, AT management systems and procedures. These audits shall be conducted within a sample of business divisions and shall be programmed on a ‘Risk’ basis.

Tier 3 audits address sites and assets, and assess the extent of compliance with legislation, and with requirements of AT’s health and safety management systems, and with internal standards and guidance. These audits shall be conducted at a selection of physical work sites, office buildings or other workplaces with medium to high risk.

In addition, where an issue is identified as a potential or actual problem at some sites, a cross-company audit can be undertaken to assess whether it is a widespread problem.

Selection of Audits

Health and safety audits can be requested from any area of the business, e.g., Process Owner, Divisional Managers, H&S or other interested parties. In addition, information from low level audits, incident / near miss reports, customer feedback and management requirements will be reviewed to decide on subjects for audit.

Once requested, H&S will review selection using the following criteria:

  •  Justification / Validity of audit;
  • Risk to business;
  • Audit Capacity.

If successful, the audit will be added to the H&S Audit Schedule and an auditor assigned. If not successful then H&S will feed back to the requestor with an explanation.

The greatest proportion of health and safety auditing time shall be allocated to areas with the greatest risk or exposure to risk, i.e. physical works.

High risk projects will be selected for health and safety audits at different stages of development to give a broad spectrum of activities and potential risks. Projects shall then be prioritised according to any particular H&S sensitivities, or known areas of concern.

Health and safety audits of operational sites shall review the site, plus any maintenance work or minor projects underway at the time of the visit. These sites shall be selected on the basis of their potential or actual H&S impact or the H&S sensitivity of their location.

Cross-organisation audits shall occur at least annually or wherever there is a significant change.

The health and safety audit programme shall be flexible and be reviewed quarterly. If actual or potential concerns are identified about certain sites, additional or replacement audits can be scheduled. The programmed audit schedule will be periodically reviewed against all clauses of the relevant Standards to ensure inclusion.

Audit findings

Audit findings and evidence shall be recorded on audit checklists or equivalent. Audit findings are to be categorised as:

  • Major Non Conformance or Dangerous (MC) – High risk and likelihood of an error occurring that may contribute to non-achievement of a control objective. Immediate management action needs to be taken to address the control deficiencies noted.
  • Minor Non Conformance or Improvement Required (NC) – Moderate risk and likelihood of an error occurring that may contribute to non-achievement of a control objective. Management action is required to ensure a sound control environment.
  • Recommendation or Improvement Required (RC) – Improvement in control that strengthens the compliance process and represents a best practice or efficiency gain.
  • Good Practice (GP) – activities carried out that represent good practices.

Corrective actions/improvements shall be agreed with the auditee and recorded on the AT H&S Corrective Action Register (Synergi Life online) or in a format that clearly details the findings, actions, responsibilities and timescales for improvement implementation.

Audit Reports

An audit report shall be produced for each audit undertaken. All audit reports are then categorised depending on the significance of the issues being raised as follows and in accordance with the rating thresholds set out under Audit Findings:

  • Good – High degree of assurance; control weaknesses noted, if any relatively minor.
  • Satisfactory – Reasonable degree of assurance; controls are generally functioning as intended but some changes are necessary to make control environment more efficient and effective.
  • Improvement Needed – Less than satisfactory degree of assurance and subjects the company to heightened risk; control weaknesses were noted that required immediate attention and remediation by management.
  • Unsatisfactory – No assurance. Controls not functioning as designed or non-existent and subjects the company to significant risk; major control weaknesses were noted and must be remediated immediately.

Audit reports shall be provided initially to the auditee to enable any inaccuracies within the report to be amended. Audit reports shall be provided to line managers responsible for closeout of the actions.

A summary of the audits shall be provided in the monthly AT ELT H&S Management report. All Health & Safety and audit reports categorised as “Unsatisfactory” or any findings rated as ‘MC’ shall be provided to members of AT’s H&S Committee. In addition, an analysis of all audit findings shall be presented at senior management meetings.

Actions arising from the audits are to be closed out by the appropriate manager, and this process shall be monitored and influenced by the H&S Team.

Auditor Competence

Independent, competent and trained auditors shall conduct health and safety audits. In certain circumstances other competent individuals may be used to conduct audits, but only if authorised by the H&S Manager. (Refer to Health and Safety Competency and Training Procedure for clarification of competency).

  1. Definitions

Related Standard