Internal Audit Report¶
Audit Identification: IA202615
Area: Legal Compliance
Audit Date: 12/05/2026
Auditor: Sean Ashton (HSQE Consultant, Onyx Operations)
Date Completed: 12/05/2026
Findings: 0 Non-conformities, 1 Observation
Scope: Clause 6.1.3 (ISO 14001 & ISO 45001)
Document Number: FORM_INTAR001 Rev 1 ID 01/09/2025
Builds on prior audit: IA202515 (03/10/2025) — 0 NC, 2 OBS
Executive Summary¶
This audit re-examined Legal Compliance one year on from IA202515. Both 2025 observations are progressed:
- CAR-2025-020 (legal register update frequency — bi-annual to quarterly) — partially closed. APP_10 Legal & Compliance Register at Rev 3 (1 June 2026) covers 72 items. The standing weekly Director / HSQE compliance call provides routine awareness of regulatory changes; quarterly formal review remains the explicit cadence.
- CAR-2025-021 (visual one-page compliance updates for site notice boards) — partially closed. The new TBT Programme (TBT_PROG_01) provides the cascade mechanism — every TBT brief carries the relevant legal reference (TBT-2026-05 references NRSWA chapter 8, POL_HSQE_06 + 13; TBT-2026-06 references Control of Vibration at Work Regulations 2005; TBT-2026-07 references HSE COSHH and chlorine SDSs). Visual one-pagers per topic may still be useful as standalone notice-board items.
Material legal-compliance wins this cycle: APP_10 captures new 2026 obligations including (a) UK GDPR / Data Protection Act 2018 cited in POL_HSQE_30 IT Security; (b) Equality Act 2010 cited in POL_HSQE_29 Mental Health; (c) Modern Slavery Act 2015 §54 threshold position confirmed (AMWS below £36M threshold); (d) Hazardous Waste Regs 2005 reg 49 3-year retention captured in SOP 9.5; (e) Confined Spaces Regulations 1997 thresholds in SOP 8.12.
Year-on-year follow-up — IA202515 outcomes¶
| 2025 ref | 2025 finding (summary) | Status in 2026 audit |
|---|---|---|
| OBS-15.01 / CAR-2025-020 | Quarterly legal register reviews | Partially closed. Weekly compliance call provides routine awareness; quarterly formal review cadence retained. |
| OBS-15.02 / CAR-2025-021 | Visual one-page compliance updates for site notice boards | Partially closed. TBT Programme provides cascade mechanism; visual notice-board summaries still desirable. Rolled forward as IA202615 OBS-01. |
Introduction¶
This audit examined Legal Compliance under clause 6.1.3 — both ISO 14001 and ISO 45001 — one year on from IA202515 and after multiple 2026 documents that introduced new legal references.
Aims & Objectives¶
- Confirm closure or progress on IA202515 OBS-15.01 and OBS-15.02
- Verify APP_10 Legal & Compliance Register currency and coverage of new 2026 obligations
- Confirm new 2026 documents correctly reference applicable legislation
- Sample 5 statutory licences / certifications for currency
- Confirm enforcement-notice status (none received in last 5 years per APP_22)
Audit Method¶
- Document Review: APP_10 Legal & Compliance Register Rev 3 (72 items, 1 June 2026), POL_HSQE_30 IT Security (UK GDPR / DPA 2018 / Computer Misuse Act 1990), POL_HSQE_29 Mental Health (HSWA 1974 / MHSWR 1999 / Equality Act 2010), POL_HSQE_03 Anti-Slavery (Modern Slavery Act 2015), SOP 9.5 Hazardous Waste (Hazardous Waste Regs 2005 reg 49), SOP 8.12 Confined Space (Confined Spaces Regulations 1997).
- Interviews Conducted: Director (Aaron Mason — legal-compliance owner), HSQE Consultant.
- Observations: APP_10 cross-checked against the new 2026 documents to confirm reciprocal references.
- Sampling: 5 statutory licences (ISO 9001 / 14001 / 45001 certificates expiry 23/11/2027; Goods Vehicle Operator's Licence; Waste Carrier Registration expiry 12/08/2028); APP_22 enforcement-notice column for 2021–2026 (zero).
Non-conformities¶
No non-conformities identified.
Observations¶
| Ref | Finding | Clause | Priority | Ref |
|---|---|---|---|---|
| OBS-01 | Visual one-page compliance updates for notice boards (rolled forward from CAR-2025-021). The TBT Programme cascade is in place; standalone notice-board one-pagers for high-traffic regulatory topics (excavation services, COSHH chlorine handling, RIDDOR thresholds) would reinforce the cascade for operatives who arrive after a TBT. | 7.4 communication / 6.1.3 compliance obligations | Low | CAR-2026-010 |
Corrective Action Summary¶
CAR-2026-010 — Owner: Sean Ashton (HSQE Consultant). Target close: 30/09/2026 — produce 3 one-page visual compliance summaries for the yard notice board (NRSWA service strikes, COSHH chlorine, RIDDOR thresholds).
Conclusions¶
Legal compliance is well-managed:
Areas Meeting Requirements (sustained from IA202515):
- APP_10 Legal & Compliance Register continues to be the canonical source (72 items at Rev 3)
- No enforcement notices received in last 5 years
- All 5 sampled statutory licences in date with comfortable margins
- Bi-annual formal review cadence sustained; weekly compliance call provides interim coverage
- Triple-certified ISO 9001 / 14001 / 45001 maintained
New strengths since IA202515:
- APP_10 expanded to capture the 2026 documents' regulatory references — new policies (POL_HSQE_29, 30) and new procedures (PROC_R2W_01) all cite specific UK legislation and link back to APP_10.
- TBT Programme (TBT_PROG_01) provides cascade mechanism with legal reference per topic.
- Concrete regulatory thresholds embedded in HTML SOPs — Confined Spaces Regulations 1997 thresholds in SOP 8.12; Hazardous Waste Regs reg 49 in SOP 9.5; EPA 1990 s.34 in SOP 9.4; Control of Vibration at Work Regs 2005 EAV/ELV in SOP 8.10; etc. Auditor can read regulatory thresholds directly in the procedural document.
- Modern Slavery Act §54 position explicitly documented (below £36M threshold; policy maintained nonetheless) in POL_HSQE_03 + Z_NOT-APPLICABLE_CFSI.txt.
Recommendations¶
- Close CAR-2026-010 with 3 one-page visual compliance summaries by 30/09/2026.
- Continue the standing weekly compliance call as the active legal-awareness forum.
- APP_10 next bi-annual review due autumn 2026.
Feedback & Acknowledgments¶
Full cooperation. The 2026 IMS rebuild has materially strengthened the legal-compliance picture by embedding regulatory thresholds in operational documents rather than abstracted into APP_10 only.
Audit Report Prepared By¶
| Name | Position | Signature | Date |
|---|---|---|---|
| Sean Ashton | HSQE Consultant | S. Ashton | 12/05/2026 |
| Aaron Mason | Director | A. Mason | 12/05/2026 |
Corrective Action Close Out¶
CAR-2026-010 — open. Target close 30/09/2026.