A recap of Saladin Consulting’s webinar, HSEQ ISO Audits Demystifyed: What Auditors Look Out For and How to Prepare

HSEQ Audit Preparation

HSEQ audit preparation is one of those things most organisations only take seriously in the weeks before an auditor is scheduled to arrive. Folders get opened. Emails get forwarded with urgency. Someone asks where the last management review minutes are. Procedures get printed and placed on desks that have not seen them in months.

Everyone knows what this is. And most people know it should not be this way.

That was the honest starting point for Saladin Consulting’s latest webinar, HSEQ ISO Audits Demystified, which brought together two experienced practitioners for a session that was refreshingly candid about where organisations actually fail, and what genuinely strong systems look like in practice. William Maina, an HSEQ specialist with experience across multinationals and manufacturing SMEs in Kenya, and Harold Mtwazi, a QMS practitioner and marine cargo survey expert based in Tanzania, shared insights drawn from hundreds of real-world audits across East Africa.

Here is what came out of it.

The Gap Every HSEQ Audit Preparation Must Close First

If there is one thread that ran through the entire discussion, it is this: the most common and most damaging failure in HSEQ systems is not a missing document. It is the distance between what the document says and what actually happens.

William called it plainly. The procedure sometimes looks very good on paper, well documented and well signed, but when you go down to the shop floor, operational controls are inconsistent, and sometimes the operators do not fully understand those procedures.

Harold reinforced this from his experience in marine and logistics operations, where a single process breakdown can simultaneously trigger an environmental incident and put people at physical risk. The document may describe the system, he said, but the operations reveal the truth.

This gap between the written system and the lived system is what auditors spend most of their time looking for. It shows up in ways that are immediately visible to anyone who knows what to look for. According to ISO’s guidance on management system standards, the intent of every ISO framework is operational consistency, not documentation completeness. That distinction is at the heart of effective HSEQ audit preparation.

What Auditors Actually Notice Before They Ask a Single Question

You might assume auditors arrive with a checklist and work through it systematically. In practice, experienced auditors are reading the room from the moment they walk in.

William described what immediately raises concern during an HSEQ audit: when staff start searching through emails, scrolling through WhatsApp messages, going through loose papers to find a record, the system is clearly not under control. Evidence that is difficult to retrieve is evidence that the system is not functioning as documented.

Harold added a dimension from the maritime and logistics sector. Many organisations focus entirely on the auditable standards while overlooking the supporting standards within the same family. ISO 14001 for environmental management, for instance, sits within a broader framework that includes ISO 14015 for site assessment and ISO 14090 for climate change adaptation. Organisations that have implemented only the auditable standard often find their systems shallow when auditors probe deeper.

Thorough HSEQ audit preparation means understanding not just the standard you are being audited against, but the ecosystem of requirements it sits within.

HSEQ Audit Preparation: 5 Proven Truths Auditors Never Tell You

HSEQ Audit Preparation Must Address the Certificate Misconception

One of the most important points raised in the webinar, and one that deserves direct statement, is this: ISO certification does not equal compliance. And regulators across Kenya and East Africa increasingly know the difference.

William was direct. He has seen organisations with valid certificates struggle during regulatory inspection because operators could not demonstrate process control or provide traceable records. Certification, he explained, sits on a maturity continuum, from statutory compliance, which is the legal minimum required by frameworks like NEMA regulations in Kenya, through to optimised ISO systems that drive genuine operational improvement.

Many organisations stop somewhere in the middle, believing the certificate marks the destination. You can be legally compliant and still operationally unstable, William said. ISO is what transforms compliance into a sustainable management system.

Harold framed the same misconception differently: most organisations think that once they have a certificate, the system is mature. But the real maturity is when documented things are being taken into practice. The document describes the system. The operations reveal whether it is real.

HSEQ audit preparation grounded in this understanding looks fundamentally different from preparation focused on defending a certificate. It focuses on building a system that works, not one that looks good for three days every eighteen months.

Where the PDCA Cycle Breaks Down and What HSEQ Audit Preparation Should Fix

Every HSEQ practitioner knows the Plan-Do-Check-Act cycle. Most organisations can execute the planning stage reasonably well. Fewer execute all four stages with consistent discipline, and the breakdown point is consistent across industries.

William identified it precisely. The aspect of planning is normally the easiest, he said. Organisations create procedures, conduct training, and launch systems. The point where the PDCA breaks down for most organisations is at the Check and Act stage.

This is where the real work of a management system happens and where most organisations go quiet. Internal audits become checkbox exercises. Corrective actions get logged but not meaningfully closed. The same non-conformity appears in successive audit cycles because the root cause was addressed on paper, not in practice.

Harold described a measurement problem that sits beneath this: organisations measure system activity instead of system effectiveness. They track how many trainings were conducted, how many procedures exist, but those are input indicators. They are not evidence of whether the system is achieving its intended results.

A mature system is not measured by how well it was planned. It is measured by how consistently it identifies problems, traces them to root causes, and prevents recurrence. Effective HSEQ audit preparation addresses this stage directly, not just the documentation that precedes it.

HSEQ Audit Preparation Fails When Leadership Is Not in the Room

Perhaps the sharpest observation of the webinar came on the role of leadership. Most audit failures, William said, are not technical failures. They are leadership failures.

When leadership treats HSEQ as a departmental responsibility, something the Quality Manager or Safety Officer owns, the system becomes structurally vulnerable. Internal audits lose authority. Management reviews become formalities. Corrective actions stall because no one with resource allocation power is invested in closing them.

Since the 2015 revisions to ISO 9001 and the related suite of management system standards, leadership has been an explicit clause, not a background condition. The top management team is not merely aware of the management system. They are responsible for it.

William offered a practical prescription: incorporate HSEQ objectives into the organisation’s strategic plan. Once it is part of the strategy, it is automatically owned by top management, because they own the strategy. When leadership owns it, culture changes. When a quality or safety officer owns it alone, the system survives but does not thrive.

Harold closed this point by noting what strong cultural embedding looks like in practice. A strong system produces open dialogue where people surface problems early. It produces customer retention that reflects genuine confidence. It produces lower turnover because staff feel their work connects to something real. These outcomes do not come from HSEQ audit preparation done in a panic. They come from systems that run every day.

The Three-Part HSEQ Audit Preparation Framework That Works

For organisations facing an imminent audit, William offered a practical framework built around three readiness categories. They are actionable immediately and apply regardless of which standard is being audited.

System Readiness. Has an internal audit been conducted recently? Are open non-conformities closed? Do procedures reflect what actually happens on the ground? The desk audit, which is the auditor’s first pass through documentation before they visit the floor, surfaces gaps here quickly.

Evidence Readiness. When an auditor requests a record, can it be produced in under two minutes? Are KPIs current? Are training records, maintenance logs, and monitoring records controlled and accessible? Evidence that requires excavation signals a system that is not under control.

People Readiness. This is the category organisations most consistently underestimate. Staff at every level should be able to explain what they do, why they do it, and how it connects to the system. Staff should not memorise ISO clauses, William said. They should be able to explain their role clearly. An auditor who interviews three operators and receives three different accounts of the same process has found a non-conformity, whether or not the procedure is technically documented.

These three categories, applied consistently and not just before an audit cycle, represent what sustainable HSEQ audit preparation actually looks like in practice.

HSEQ Audit Preparation: 5 Proven Truths Auditors Never Tell You

What Comes Next

The webinar closed with a request from attendee Calvin for a future deep-dive session on internal auditing from an Integrated Management System perspective. That is already being planned. Watch this space.

If you missed the session, the recording is available here. To learn more about Saladin’s HSEQ audit and assessment services, or to discuss where your organisation sits on the management system maturity curve, contact the team at info@saladinglobal.com or call +254 729 127 702.

Saladin Consulting Ltd is a specialist HSEQ and environmental advisory firm supporting organisations across East Africa through ISO gap assessments, internal audits, ESIA services, and PECB-aligned training across ISO 9001, ISO 14001, ISO 45001, and ISO 50001.