Navigating health and safety audits: A guide for SMEs

Running a small company comes with many responsibilities, and none is more important than keeping people safe. Under the Health and Safety at Work etc. Act 1974 every employer – whether you have one employee or a hundred – must protect workers, contractors and visitors. That duty applies to SMEs and micro‑businesses as much as it does to large corporations.

Why health & safety audits matter for SMEs

Safety audits are not just another box to tick; they help you spot hidden risks and avoid costly mistakes. Recent statistics from the Health and Safety Executive (HSE) underline why compliance matters:

• 1.7 million workers suffered work-related illness in 2023/24 (776,000 stress cases, 543,000 musculoskeletal disorders)

• 604,000 workers sustained non-fatal injuries, with 61,663 RIDDOR-reportable incidents

• 124 worker fatalities in 2024/25, primarily in construction and agriculture

• £21.6 billion estimated annual cost of workplace injuries and ill health

• 14,700 HSE inspections conducted in 2023/24 with 7,000+ enforcement notices issued.

2025 Key trends from recent HSE Statistics:

• Mental health remains a leading cause of absence,

• high-risk sectors like construction and agriculture dominate fatality statistics, and

• regulators are increasing inspection frequency with a 92% conviction rate in prosecutions.

What Is a Health & Safety Audit?

A health & safety audit is a systematic review of your workplace safety management system. It checks that policies, procedures and risk assessments are up to date, properly implemented and effective. HSE guidance advocates a Plan‑Do‑Check‑Act cycle: plan your policy, implement it, check performance and act on lessons learnt. Regular audits ensure you remain compliant and continuously improve your system.

Types of Health and Safety Audit

Small businesses can approach health & safety audits in two ways. Each option supports compliance but knowing how they differ makes it easier to decide which one suits your company best. They are.

• Internal audit

• External Audit

Internal Audit

An Internal audit is an audit carried out within a company by someone who is deemed a competent person under UK law.

A competent person is someone who has the necessary skills, knowledge and experience to help you meet the requirements of health and safety law.

Process:

The competent person will typically:

• Walk through the workplace and observe conditions.

• Review risk assessments and control measures (e.g. PPE, fire safety, manual handling)

• Check documentation such as training logs, maintenance records, and incident reports.

• Speak with staff to understand how procedures are followed in practice.

Benefits:

• Cost-effective - no consultancy fees, just staff time

• flexible timing - can be conducted as often as needed (monthly, quarterly, annually)

• builds internal awareness of safety responsibility.

Limitations

• Potential bias

• May lack specialist knowledge

External Audit

An external health & safety audit is carried out by an independent, qualified auditor usually a health & safety consultant with specialist training and experience.

Process:

The auditor will follow the recognised HSE framework (HSG65 – Managing for Health and Safety). This typically involves visiting your site and reviewing:

• Details of your workforce and operations

• Health & safety data and incident reports

• Your systems for managing risks.

• Copies of policies, risk assessments, and training records.

Benefits:

• Objective and impartial — no internal bias

• More comprehensive than most internal audits

• Brings expert knowledge and ensures compliance with current law.

• Provides credibility with regulators, insurers, and clients.

Limitations:

• More disruptive: may require parts of your operations (e.g. production lines) to pause during assessment.

• Higher cost than internal audits (typically £375–£2,000+ for SMEs, depending on size and complexity)

Health & safety legal requirements for employers

Even tiny firms must follow the law. Under the Health and Safety at Work Act, all employers must ensure the health, safety and welfare of employees and others. Key duties include:

• Appoint a competent person to oversee health and safety

• Write a policy (mandatory for 5+ employees, recommended for all)

• Conduct risk assessments covering all workplace hazards

• Provide training and maintain records

• Report incidents under RIDDOR requirements

• Review annually or after significant changes

HSE achieved 92% conviction rate in 248 prosecutions (2023/24). Non-compliance leads to notices, fines, and potential prosecution even without accidents occurring.

4-Step Audit Process for Employers

1. Plan

Define your policy and responsibilities

Write or update your health & safety policy, outlining commitments, responsibilities and emergency procedures. Ensure a competent person is appointed.

Schedule the audit

Aim for an annual audit; high‑risk environments may need more frequent checks. Use a digital tool to set reminders and allocate tasks.

2. Do

Review risk assessments and controls

Check that assessments cover all hazards and reflect current operations. Confirm that controls (e.g., PPE, signage, training) are implemented.

Inspect the workplace

Observe processes, talk to employees and look for unsafe behaviours or conditions. Consider high‑risk activities like manual handling, working at height and machinery use.

Check documentation

Verify that training logs, maintenance records and incident reports are complete and up to date.

3. Check

Measure performance

Compare practices against your policy and legal requirements. Note any non‑conformities. Look at leading indicators (training completion, near‑miss reports) as well as lagging indicators (injury statistics).

Gather evidence

Take photos, record interviews and collect documents. Digital audit tools let you store evidence securely.

4. Act

Report findings

Summarise what works well and where improvements are needed. Assign actions with deadlines and responsible owners.

Update your plan

Revise risk assessments and procedures based on findings. Schedule follow‑up checks.

Communicate

Share results with staff and management. A transparent process builds trust and encourages participation.

Common health & safety challenges and solutions for SMEs

Health & Safety Audit Case Studies for UK SMEs: Lessons from HSE Enforcement

Construction Firm Fined for Ignoring Fire Safety (2025)
In July 2025, a UK construction company Glovers Court Ltd was fined after failing to maintain proper fire safety controls during building works (HSE).

What happened: The firm ignored fire safety requirements, leaving workers and the public at risk.

Audit relevance: An audit would have flagged missing fire risk assessments and inadequate controls.

Outcome: The business faced a £165,000 fine, alongside a prohibition notice against them, and reputational damage.

SME takeaway: Fire safety must be reviewed regularly during audits, even minor oversights can trigger enforcement.

Key benefits of regular audits

• Protect people: Proactive hazard identification reduces injuries and illness

• Reduce costs: Prevention saves on downtime and compensation claims

• Avoid enforcement: Documented compliance reduces regulatory action risk

• Build safety culture: Demonstrates employee value, improving retention

• Enhance reputation: Compliance helps win contracts and retain customers

Free Audit Checklist for UK SMEs

1. Write or review your health & safety policy and display the HSE poster if you have five or more employees.

2. Appoint a competent person and make sure they have adequate training.

3. Compile risk assessments covering hazards like fire, COSHH, manual handling, DSE and lone working.

4. Provide training and induction and keep records of attendance.

5. Check first aid and fire safety measures (first aid kits, fire extinguishers, alarms and evacuation procedures).

6. Inspect regularly for hazards, including slips, trips, falls, manual handling and violence. Record and address issues.

7. Log incidents and near misses and report those meeting RIDDOR thresholds.

8. Review all documentation annually or after changes in operations. Archive old versions for traceability.

9. Schedule your next audit and monitor action completion.

Our Health and safety software helps you complete these tasks quickly and store evidence securely.

When to consider External Audit

Consider external audit support if:

• Your business operates in high-risk sectors (construction, manufacturing, healthcare)

• You lack internal expertise or time

• Previous incidents have occurred

• Clients/contracts require independent certification

• You want objective validation of current practices

Final thoughts

Health and safety audits protect both people and business sustainability. With 1.7 million annual work-related illnesses and increasing regulatory enforcement, SMEs cannot afford to neglect safety management.

Regular audits whether internal or external help identify gaps, ensure compliance, and build a positive safety culture. The investment in systematic safety management far outweighs the potential costs of accidents, enforcement action, or reputational damage.

BrightSafe offers a simple, affordable way to manage this process and ensure your business meets its legal obligations while protecting your most valuable asset—your people.

Health & Safety Audit FAQs

How often should SMEs conduct audits?

At least annually; high-risk sectors or post-incident situations may require more frequent reviews.

Do small businesses need external auditors?

Not mandatory—competent internal staff may suffice. External reviews add objectivity and specialist expertise.

What if audits reveal significant issues?

Prioritise high-risk gaps, assign corrective actions with deadlines, document improvements, and schedule follow-up checks.

Can I be prosecuted without having accidents?

Yes. Non-compliance with regulations and poor documentation alone can trigger enforcement action.

How much does a health and safety audit cost an SME?

Internal audits cost staff time only; external audits range from £375–£2,000+ depending on business complexity.