Run Compliance Audits: PSM Element 13 Checklist
Run Compliance Audits: PSM Element 13 Checklist
Author: Fidelis Associates | Published: 2026-03-03 | Last Updated: 2026-03-03
Meta Description: Checklist for OSHA 1910.119(o) Compliance Audits — verify three-year audit cycles, team qualifications, findings documentation, and corrective action verification.
OSHA Reference
Under OSHA's Process Safety Management standard 29 CFR 1910.119(o), employers must certify that they have evaluated compliance with the provisions of PSM at least every three years to verify that the procedures and practices developed under the standard are adequate and are being followed. The compliance audit must be conducted by at least one person knowledgeable in the process. The employer must promptly determine and document an appropriate response to each of the findings of the compliance audit, and document that deficiencies have been corrected. The two most recent compliance audit reports must be retained.
Fidelis Insight
Compliance Audits are the PSM program's quality check — the mechanism that verifies whether all 13 other elements are implemented, documented, and functioning as intended. A well-conducted audit identifies gaps between what the program says and what actually happens in the field. A poor audit confirms what management wants to hear.
The most important distinction in compliance auditing is between document sampling and field verification. Audits that only review files and interview management will miss the most common PSM deficiencies — procedures that exist but aren't followed, training that's documented but didn't build competency, equipment that's on an inspection schedule but hasn't been inspected. Effective audits combine document review with field observation, operator interviews, and physical verification.
Strong audit programs also ensure that findings don't just generate reports — they drive corrective actions that address root causes. The most common audit failure pattern is recurring findings: the same deficiencies appear audit after audit because corrective actions addressed symptoms rather than systemic issues.
Common Gaps We See
- ⚠ Audits rely on document sampling rather than field verification
- ⚠ Audit findings addressed on paper but underlying systemic issues persist
- ⚠ Previous audit findings recur because corrective actions addressed symptoms, not root causes
- ⚠ Audit team lacks process-specific knowledge or operational experience
- ⚠ Three-year audit cycle not maintained — audits delayed or skipped
- ⚠ Corrective action verification is administrative — deficiencies marked "closed" without evidence
- ⚠ Audit scope doesn't comprehensively cover applicable PSM provisions
- ⚠ Audit results not communicated to the workforce
Best Practices Checklist
Audit Scope & Schedule
- [ ] Compliance audits conducted at least every three years
- [ ] Audit scope covers all applicable PSM provisions (Best practice: address each of the 14 elements; the standard requires verification of compliance with PSM provisions generally)
- [ ] Audit evaluates both documentation and field implementation
- [ ] Audit schedule maintained with documented completion dates
- [ ] Two most recent audit reports retained
Team Qualifications
- [ ] At least one audit team member knowledgeable in the process being audited
- [ ] Audit team includes personnel experienced in PSM compliance requirements
- [ ] Auditors independent from the areas being audited (objectivity maintained)
- [ ] Audit team trained in audit methodology and interview techniques
Audit Execution
- [ ] Document review combined with field observation and operator interviews
- [ ] Physical verification of equipment condition, safety system functionality, and procedure availability
- [ ] Previous audit findings reviewed for closure and effectiveness
- [ ] Near-miss and incident investigation data reviewed as part of the audit
- [ ] Contractor compliance included in the audit scope
Findings & Corrective Actions
- [ ] Findings documented with specific evidence and regulatory references
- [ ] Appropriate response determined and documented for each finding
- [ ] Corrective actions assigned to responsible owners with due dates
- [ ] Deficiency corrections verified with documented evidence — not just administrative closure
- [ ] Root causes addressed to prevent recurring findings
- [ ] Audit results communicated to affected personnel
Scoring Tip
- 17–21 checks = Strong audit program
- 10–16 checks = Needs improvement
- 0–9 checks = Immediate action required
Practical Use
Use this checklist to evaluate your compliance audit program and prepare for upcoming audits. Before each audit cycle, review findings from the previous two audits and verify that corrective actions were effective — not just completed. During the audit, prioritize field verification over document review. After the audit, assign corrective actions with clear ownership and timelines, and track them to verified closure.
Key Takeaways
- Compliance audits must verify compliance with PSM provisions at least every three years. Best practice is to address each of the 14 elements systematically.
- Effective audits combine document review with field verification, operator interviews, and physical observation.
- Recurring findings indicate that previous corrective actions addressed symptoms rather than root causes.
- At least one auditor must be knowledgeable in the specific process being audited.
- Corrective action verification requires evidence of correction, not just acknowledgment.
Assess Your Program
Use this checklist as a starting point, then benchmark your program with a FidelisCheck PSM assessment.
Related Resources
- What is Process Safety Management? A Complete Guide
- The 14 Elements of PSM: A Practitioner's Breakdown
- OSHA 1910.119 PSM Compliance Checklist
- PSM Element 12: Emergency Planning and Response Checklist
- PSM Element 14: Trade Secrets Checklist
Frequently Asked Questions
How often are PSM compliance audits required? Under 29 CFR 1910.119(o), employers must certify that they have evaluated compliance with PSM provisions at least every three years. This is a maximum interval — facilities may audit more frequently, and best practice is to conduct interim internal assessments between the formal three-year audits. The three-year clock runs from the completion date of the previous audit, not from the date findings were closed. Delaying or skipping audits is a citable violation.
What qualifications must PSM compliance auditors have? OSHA 1910.119(o) requires that the compliance audit be conducted by at least one person knowledgeable in the process being audited. The standard does not require external or third-party auditors, nor does it mandate specific certifications. However, best practice is to ensure auditors have experience with PSM compliance requirements, audit methodology, and interview techniques, and that they are independent from the areas being audited to maintain objectivity. Many facilities use a combination of internal subject matter experts and external PSM specialists to achieve both process knowledge and independence.
How long must PSM compliance audit reports be retained? The standard requires employers to retain the two most recent compliance audit reports. This means you must keep the current audit and the immediately preceding audit on file at all times. Best practice is to retain all audit reports for the life of the facility, as historical audit data provides valuable trending information and demonstrates a pattern of continuous improvement — or recurring deficiencies that need systemic correction. Corrective action documentation should be retained alongside the audit reports to demonstrate that deficiencies were addressed.
Fidelis Associates provides PSM compliance consulting and assessment services through FidelisCore and FidelisGap. Our team brings 40+ years of combined experience across major operators including Chevron, Valero, and Shell.
Ready to strengthen your operations?
Talk to a Fidelis specialist about how we can help.