Safety Audit Checklist for Construction

Last updated: March 2026

Your audit is six weeks out. You've got binders full of safety documents, a crew that barely remembers their last toolbox talk, and a sinking feeling that something in your program has a gap you haven't found yet. We help contractors prepare for and pass COR audits every week, and here's what we've learned: the companies that fail rarely have bad safety programs. They have disorganized ones.

This guide breaks down exactly what a COR safety audit checks, how the scoring works, and what your auditor is actually looking for under each element. No theory. No fluff. Just the checklist you need to walk into audit day with confidence.

What Does a COR Safety Audit Actually Check?

A COR (Certificate of Recognition) safety audit is a structured evaluation of your company's health and safety management system, measuring whether your program exists on paper, is actually being followed on site, and is working to keep people safe. That distinction between documentation, implementation, and effectiveness is what separates a COR audit from a simple compliance check.

Most contractors think a COR audit is a paperwork exercise. They're wrong. Documentation is only one piece. Your auditor uses three distinct verification methods to score your program:

• Documentation review: Does the policy, procedure, or form exist? Is it current, signed, and accessible?
• Observation: Is what's written down actually happening on site? Does the auditor see FLHAs being completed, PPE being worn, inspections being done?
• Interviews: Can your workers, supervisors, and managers describe your safety procedures in their own words? Do they know the reporting process? Can they explain what happens after an incident?

Here's the blunt truth: you can have a perfect safety manual sitting on a shelf and still fail your audit. If your crew can't describe your hazard reporting process when asked, the auditor scores that as a gap. a safety management system only works when your people actually use it.

How Does the COR Audit Scoring System Work?

The COR audit scoring system evaluates your program element by element, with each element carrying a specific point value. To pass, most provinces require:

• 80% overall score across all elements combined
• Minimum 50% per individual element (no element can fall below this threshold)
• 100% on all legislated requirements (questions flagged as "legislated" are non-negotiable)

Note: Specific thresholds vary by province and certifying partner. In Ontario, for example, IHSA requires 65% minimum per element. Always check with your certifying partner for exact requirements.

For maintenance audits (Years 2 and 3 of your cycle), the overall threshold typically drops to 60%. But don't treat that as permission to coast. A maintenance score below 80% means your program is trending in the wrong direction, and recertification will be harder.

This scoring structure means you can't just ace two elements and neglect the rest. A contractor who scores 95% on documentation but 40% on inspections still fails the audit. Every element matters.

Not sure where your program stands right now? Book a free safety assessment and we'll identify your gaps before the auditor does.

What Are the COR Audit Elements?

The specific audit elements and their point values vary by certifying partner. In Alberta, ACSA's 2023 audit instrument uses 10 elements. In Manitoba and other provinces, you may see 14 or 15 elements. The Canadian Federation of Construction Safety Associations (CFCSA) sets national accreditation standards, but each province's certifying partner adapts the instrument to local regulations.

Here's a breakdown of the core elements most audit instruments cover, along with what auditors look for in each one. Use this as your preparation checklist.

1. Management Leadership and Commitment

What the auditor checks:

• A signed, dated health and safety policy that's current (reviewed within the past year)
• Evidence that management participates in safety activities (not just delegates them)
• Defined safety responsibilities for management, supervisors, and workers in writing
• Proof that safety is resourced with budget, time, and personnel
• Management involvement in incident reviews and safety meetings

Common gap: The policy exists but hasn't been reviewed or re-signed in two years. Or management has clear responsibilities on paper but zero evidence of participating in safety activities.

2. Hazard Identification and Assessment

What the auditor checks:

• Formal hazard assessments for each job type (not just one generic assessment)
• Field-level hazard assessments (FLHAs) completed daily before work starts
• Evidence that hazard assessments are reviewed and updated when conditions change
• Worker participation in developing and reviewing hazard assessments
• A process for communicating identified hazards to all affected workers

Common gap: FLHAs exist but are clearly copy-paste from day to day. When the auditor interviews a worker and asks "walk me through how you completed your FLHA this morning," a vague answer costs you points. Learn how to build FLHAs your crew will actually use.

3. Hazard Control

What the auditor checks:

• Controls identified for each hazard following the hierarchy of controls (elimination, substitution, engineering, administrative, PPE)
• Evidence that controls are actually implemented on site (observation, not just documentation)
• Safe work practices and safe work procedures documented and accessible
• PPE requirements identified and enforced for each task
• Supervisor enforcement of hazard controls

Common gap: Safe work procedures exist but workers have never seen them, or they're stored on a shared drive nobody can access from site.

4. Worker Competency and Training

What the auditor checks:

• A training matrix or plan that identifies required training for each role
• Orientation records for all workers (site-specific and company-level)
• Training records showing completion dates and expiry tracking
• Evidence that training is delivered by competent instructors
• Proof that workers are assessed for competency after training (not just attendance)

Common gap: Training records are incomplete or scattered across filing cabinets, email inboxes, and random spreadsheets. The auditor asks for "the training record for John Smith" and it takes 20 minutes to find it. That signals a system failure. Download our free orientation and onboarding package to standardize your process.

5. Inspections and Maintenance

What the auditor checks:

• A formal workplace inspection program with defined frequency
• Completed inspection records showing items inspected, hazards found, and corrective actions
• Equipment pre-use inspection records
• Preventive maintenance program for tools and equipment
• Evidence that inspection findings lead to corrective actions (closed loop)

Common gap: Inspections are done, but corrective actions are never tracked or closed out. The auditor sees 12 inspections with open items from six months ago and no follow-up documentation. Here's how to build an inspection program that actually closes the loop.

6. Emergency Response

What the auditor checks:

• Written emergency response plan covering fire, medical emergency, environmental release, severe weather, and evacuation
• Evidence of emergency drills conducted and documented
• First aid supplies stocked and accessible
• Emergency contact information posted and current
• Workers can describe the emergency procedures (interview verification)

Common gap: An emergency response plan exists, but the crew hasn't done a drill in over a year, or muster points are posted but workers can't name them when asked.

7. Incident Investigation and Reporting

What the auditor checks:

• A documented incident investigation procedure (incidents, near misses, and occupational illness)
• Completed investigation reports with root cause analysis and corrective actions
• Evidence that workers know how to report incidents and near misses
• A system for tracking corrective actions to completion
• Evidence that investigation findings are communicated to prevent recurrence

Common gap: Near misses go unreported because the crew doesn't understand the reporting process or doesn't see the point. When the auditor asks "have you ever reported a near miss?" and a worker says "no," that's points lost on both reporting and safety culture. Download our free incident report and investigation kit to build a process your crew will follow.

8. Worker Participation and Communication

What the auditor checks:

• Safety meeting records (toolbox talks, crew meetings, safety committees)
• A joint health and safety committee or health and safety representative (where legislated)
• A system for workers to raise safety concerns without fear of reprisal
• Evidence that worker feedback leads to action (closed loop)
• Communication of safety policies, procedures, and changes to all workers

Common gap: Toolbox talks happen but aren't documented, or they're documented but attendance records are incomplete. Use our free toolbox talk package with 50+ ready-to-use topics to keep your meetings consistent and documented.

9. Program Administration and Document Control

What the auditor checks:

• A document control process (version control, review dates, approval signatures)
• Safety records organized and accessible (not buried in boxes or scattered across drives)
• Contractor management procedures (prequalification, safety requirements for subs)
• Statistics tracking (incident rates, leading indicators)
• Evidence of annual program review and continuous improvement

Common gap: Documents have no version control. The auditor finds three different versions of the same procedure and none of them have a review date. This is where going digital makes a massive difference.

What Documentation Gaps Fail the Most Audits?

After helping contractors through hundreds of audits, we see the same documentation failures over and over. Here are the ones that kill audit scores:

1. Expired or unsigned policies. Your health and safety policy needs to be signed by the highest-ranking person in the company and reviewed annually. If the date on it is two years old, the auditor sees a program that management doesn't actively support.
2. Missing training records. Not missing training itself, but missing proof. A worker completed WHMIS last month but there's no certificate in the file? The auditor can't score it. Check out our strategies for avoiding this exact problem.
3. Cookie-cutter FLHAs. When every FLHA for the past three months lists the same hazards with the same controls, it tells the auditor your crew is checking boxes, not assessing hazards.
4. No corrective action follow-through. Inspections and investigations generate findings. If those findings sit in a spreadsheet with no evidence of resolution, you'll lose points on multiple elements.
5. Toolbox talks with no attendance records. The talk happened. Nobody signed in. The auditor can't verify participation.
6. Outdated emergency contact lists. Someone left the company eight months ago and they're still listed as the fire warden. That's a legislated item in many audit instruments, meaning it must score 100%.
7. No annual program review. The auditor looks for evidence that your entire safety program was reviewed in the past 12 months, with documented findings and updates. Most companies skip this entirely.

A 20-person electrical contractor in Edmonton came to us after failing their COR audit by 6 points. They had a solid program. Good policies. Decent training. But their inspection corrective actions were scattered across three different spreadsheets and a supervisor's email inbox, with no tracking system. The auditor couldn't verify that findings were being addressed, and they lost points in inspections, investigations, and program administration. Three elements dragged down by one organizational gap.

How Should You Prepare for COR Audit Interviews?

Interviews are where most companies underestimate the audit. Your auditor will interview a cross-section of your workforce: typically a percentage of management, supervisors, and frontline workers. These interviews verify that your written program is actually understood and followed by the people doing the work.

What Management Gets Asked

• What is your company's health and safety policy, and how do you demonstrate your commitment?
• How do you ensure safety is resourced with adequate budget and personnel?
• What system do you have for workers to provide feedback on safety issues?
• How are safety responsibilities defined and communicated?
• How do you ensure corrective actions from investigations are completed?

What Supervisors Get Asked

• How do you ensure workers complete FLHAs and follow safe work procedures?
• What's the process for reporting and investigating incidents?
• How do you enforce the use of hazard controls on site?
• Have you received training in workplace inspections and your OHS responsibilities?
• How do you communicate new hazards or procedure changes to your crew?

What Workers Get Asked

• Can you describe the company's health and safety policy?
• How do you report a hazard or incident?
• When was your last toolbox talk, and what was the topic?
• Do supervisors enforce the use of hazard controls?
• Are you aware of your right to refuse unsafe work?

Preparation tip: Don't script your crew. Auditors can tell the difference between someone reciting a rehearsed answer and someone who actually understands the process. Instead, make sure your people are living the program daily, not cramming for an audit. If your workers can't describe your safety procedures in normal conversation, the program has a participation gap, not just an interview gap.

What's the Difference Between Internal and External COR Audits?

Understanding the difference between audit types is critical for planning your COR cycle:

External audits are conducted by a certified external auditor, someone who is not an employee of your company. External audits are required for initial COR certification and for recertification (typically every three years). The external auditor must be qualified and recognized by your province's certifying partner (ACSA in Alberta, BCCSA in BC, for example).

Internal audits are conducted by a trained employee of your company who has completed the internal auditor training through your certifying partner. Internal audits are used for maintenance years (the years between certification and recertification).

The key difference: external audits carry higher stakes because they determine whether you earn or keep your COR. Internal audits are your opportunity to catch issues before the external auditor finds them. Read our complete guide to passing your COR audit for more detail on each stage.

Certification Audit vs. Maintenance Audit: What Changes?

The COR program operates on a 3-year cycle:

Note: Passing thresholds and cycle structures vary by province and certifying partner. Always confirm exact requirements with your certifying partner.

Certification audits evaluate your entire health and safety management system for the first time (or again at recertification). They cover every element, every verification method, and require an external auditor. These are the high-stakes audits.

Maintenance audits verify that your program is being maintained and improved between certification cycles. They still follow the same audit instrument, but the passing threshold is typically lower (60% overall in many provinces). Don't mistake this for "easier." A maintenance audit that identifies significant gaps is a red flag that your recertification is at risk. Learn more about the full COR certification process.

10 Tips for COR Audit Day

1. Have all documents organized and accessible before the auditor arrives. Policies, training records, inspection reports, meeting minutes, investigation files. If it takes 15 minutes to find a document, the auditor notices.
2. Assign a point person. Designate someone to escort the auditor, answer questions, and locate documents quickly. This is usually your safety coordinator or internal auditor.
3. Brief your crew honestly. Tell them an auditor is on site. Explain what the auditor might ask. Don't coach specific answers. Genuine responses score better than rehearsed ones.
4. Walk the site before the auditor does. Check that PPE is being worn, FLHAs are posted, inspection tags are current, emergency equipment is accessible, and muster points are visible.
5. Have your most recent corrective actions ready. The auditor wants to see that when you find problems, you fix them. A stack of closed-out corrective actions tells a powerful story.
6. Ensure your policy is signed and dated within the past 12 months. This is one of the first things an auditor checks. Don't lose easy points.
7. Verify that your training matrix is current. Every worker on site should have up-to-date training records that match their assigned tasks.
8. Print backup copies of key documents. Technology fails. If your safety program is digital, have PDF copies of critical documents available in case of connectivity issues.
9. Don't fake it. If a procedure isn't being followed, it's better to be honest about it than to pretend. Auditors are trained to spot inconsistencies between documentation and interviews. Getting caught in a lie is worse than admitting a gap.
10. Schedule the audit when your regular crew is on site. The auditor needs to interview your actual workers and supervisors, not a skeleton crew or temporary staff from another project.

Why Your COR Audit Prep Needs to Start Months Before Audit Day

The biggest mistake we see contractors make is treating audit prep like exam cramming. You can't build six months of inspection records in two weeks. You can't manufacture toolbox talk attendance after the fact. And your crew can't fake familiarity with procedures they've never seen.

Real audit preparation is continuous. It's doing daily FLHAs properly. Running weekly toolbox talks and documenting them. Closing out inspection findings within a reasonable timeframe. Reviewing and updating your policies annually. If you do these things all year, the audit becomes a confirmation of what you already do, not a scramble to prove it.

Safety Evolution builds audit-ready safety programs for contractors. We don't just hand you a binder and wish you luck. We build your program, control your documents, verify your daily forms, and package everything so it's ready when the auditor walks through the door. Book your free safety assessment and get a 30-minute call plus a 90-day action plan at no cost. We'll tell you exactly where your gaps are and how to close them before your next audit.