What is internal control? 5 requirements you must document for HSE
All Norwegian businesses are legally required to have internal control. Nevertheless, many experience that their Health, Safety, and Environment (HSE) work ends up as a paper exercise that is rarely updated. The routines exist, but they don't live on in everyday practice.
What Is Internal Control?
Systematic OHS (Occupational Health and Safety) work requires a clear structure for planning, implementing, and maintaining measures. This is often done via an OHS system that covers the entire process from planning to follow-up, in line with
with current legislation.
Internal control is the company's self-monitoring of this system. It deals with how you plan, monitor, and ensure that the HSE system actually works. Think of it as quality assurance for HSE work.
Is Internal Control Required?
Yes. The HMS regulations (Regulations on systematic health, environment, and safety work) requires all businesses to carry out systematic health, safety, and environment (HSE) work, including follow-up and quality assurance. It is not optional.
Who Is Responsible?
The managing director holds the overall responsibility. The actual work can be delegated, but the responsibility cannot. At the same time, all employees must be involved and contribute to ensuring that measures are actually implemented.
The safety representative has a central role. It is the safety representative's task to ensure that the employer complies with the HSE requirements, and that employees are heard in matters concerning the working environment. Businesses with ten or more
Employees are required to have a safety representative. Smaller companies can agree on a different arrangement, but someone must fulfil the role.
Employees also have a statutory duty to participate. This means you can't just sit back and wait for management to sort everything out. If you see a risk or a deviation, you have a duty to report it. Good self-monitoring
fungerer kun når rapportering sker fra alle niveauer i organisationen.
The Value of Systematic HSE Efforts
The legal requirement is reason enough. But there are also good business reasons for doing this properly:
Fewer fines and sanctions. A lack of HSE monitoring can lead to enforcement notices from the Labour Inspection Authority. This costs money and damages reputation.
Problems are identified early. Risk assessments and deviation handling prevent small problems from escalating.
Lower sickness absence. A working environment where people feel safe leads to fewer accidents and less strain.
Better reputation. Customers, partners, and job applicants notice businesses that take security and quality seriously.
Without a functioning health and safety system, you risk higher accident rates, poorer efficiency, and a weakened reputation. Internal control is a barometer of how healthy the company is.
Want to see what this looks like in practice?
Lie Blikk received three ISO certifications at the same time as they introduced Business Online. The quality control plans were what tied the system together.
What needs to be documented?
Health, safety, and environment (HSE) work and internal control must be documented in writing. This is a legal requirement. Five things must be included:
1. HMS objectives
2. Overview of the organisation (responsibilities, tasks and authority related to HSE)
3. Risk assessments with associated measures and plans
4. Procedures for identifying, rectifying and preventing non-conformities
5. Systematic monitoring and review of internal control
Many find the documentation time-consuming. With the right tools, it doesn't have to be. Checklists, forms, and reports can be filled out continuously with automatic notifications and reminders.
This is how it works in Business Online
Business Online offers you a quality system integrated with Microsoft 365. All projects have their own workspaces where you register deviations and risk assessments, either individually or as part of a workflow.
Data is collected automatically in the KHMS module, which provides management with a visual dashboard of the company's health status. You can quickly see which parts of the organisation require follow-up.
Deviations can also be reported directly via the KHMS module, irrespective of the project. This is important, because quality work does not function if only management has access. Business Online provides all employees with the tools they need to report and work in accordance with internal guidelines.
Effective internal control isn't an annual one-off effort. It's something that happens every day, within the tools people already use.
Other relevant articles about quality and HSEQ
See how the quality system works
We'll show you how Business Online meets ISO requirements, with your processes and documents. 30 minutes, no obligation.