Back to Blog
Compliance

How to Run a Mock OSHA Audit

June 10th, 2026 iReportSource Team Compliance
How to Run a Mock OSHA Audit
# How to Run a Mock OSHA Audit

The first time most companies experience an OSHA inspection is when one actually happens. By then it is too late to do anything except answer the door and hope the documentation holds up.

A mock OSHA audit is the only way to find out what an inspector would actually see before an inspector actually sees it. It is also one of the highest-leverage exercises a safety program can run, because the gaps it surfaces tend to be the same gaps that produce real citations.

This is a step-by-step guide to running one at your own facility. It is written for safety professionals, plant managers, and operations leaders at small and mid-sized organizations who want to test their program against the standards an inspector would actually apply. Roughly half a day of preparation and half a day of execution, repeated annually.

Why mock audits matter

OSHA inspections follow a predictable structure. An inspector arrives unannounced, presents credentials, holds an opening conference to explain the scope, conducts a walkaround of the facility, reviews documentation, interviews employees, and closes with a conference summarizing findings. Citations follow within six months. The penalty for a single serious violation can reach $16,550 as of 2026. Willful or repeated violations can reach $165,514.

The companies that come through an inspection well are not the ones with perfect programs. They are the ones who knew what their program looked like before the inspector walked in. A mock audit produces that knowledge.

There is a second reason worth naming. Mock audits build muscle memory. The first time your designated OSHA point person handles the credentials presentation, the opening conference, and the walkaround should not be when the stakes are real. Practicing the choreography means the real inspection runs smoother, you say less of the wrong thing, and your team looks composed instead of scattered.

Before you start

A few things to have in place before the audit day.

Pick your auditor. The auditor should be someone other than the person who runs your safety program day to day. If you are the safety lead, you are not the right person to audit your own work. The options are a peer from another facility, an external safety consultant, or a third-party firm that runs mock audits as a service. Outside eyes catch what inside eyes have stopped seeing.

Define the scope. OSHA inspections are typically scoped to specific hazards (a complaint-driven inspection focuses on the alleged hazard), to specific programs (a programmed inspection might focus on amputations or heat exposure), or comprehensive (everything). Your mock audit should follow the same pattern. Decide whether you are running a comprehensive sweep or focusing on one area, like lockout/tagout, machine guarding, or hazard communication.

Choose the standards to test against. Pull the OSHA standards that apply to your operation. For most general industry employers that includes 29 CFR 1910 (general industry standards), the OSHA 300 recordkeeping requirements, and the relevant HazCom, lockout/tagout, PPE, and machine guarding standards. Construction operations test against 1926. The auditor needs the same standards an inspector would apply.

Set a date and tell no one. A surprise mock audit produces a more honest picture than one your team has prepared for. If the goal is to know what an actual inspection would find, give the floor the same notice an inspector would, which is none.

The audit, step by step

Step 1: The credentials and opening conference

Start the audit by simulating the moment an OSHA compliance officer would arrive. Your auditor knocks on the door, asks for the person in charge, and presents themselves the same way an inspector would. Note who gets called, how long it takes for them to arrive, and whether your reception or front-line staff knows what to do.

The opening conference is where the audit's scope gets defined. Your auditor explains what they will be looking at, what areas they will tour, and what documentation they will need to review. Your safety lead should be the person sitting across the table, taking notes, and asking clarifying questions. This is the practice run for the real version.

What to test in this phase:

  • Does your reception know who to call when someone arrives asking to speak with the person in charge?
  • Does your designated OSHA point person know they are designated?
  • Does that person have a backup if they are off-site?
  • Can your safety lead take a measured opening-conference posture without volunteering information that is not asked for?

    • Step 2: The document review

    OSHA inspectors typically request a defined set of records during the opening conference. Your auditor should request the same set:

  • The written safety and health program
  • OSHA 300 and 301 logs for the last five years
  • OSHA 300A annual summaries with proof of February 1 through April 30 posting
  • Training records for the specific hazards present in the operation
  • Safety Data Sheets for chemicals visible during the walkaround
  • Inspection records for required equipment (forklifts, fall protection, fire extinguishers, eyewash stations, and others)
  • Documentation of corrective actions taken in response to past findings
  • Hazard Communication program documentation
  • Lockout/tagout program documentation and periodic inspections
  • Respiratory protection program if applicable, with fit-test records

    • Your auditor times how long it takes to produce each document. A digital safety program produces most of these in under an hour. A paper-based program often takes a day or longer, and frequently surfaces gaps. The exercise of producing the documentation under realistic time pressure is itself the test.

    What to test in this phase:

  • Are the documents complete?
  • Are they current?
  • Are they accessible without depending on a single person?
  • Does the training documentation show proof of competency, not just attendance?
  • Are corrective actions from past findings actually documented as closed?

    • Step 3: The walkaround

    The walkaround is the largest part of the audit and the part that produces the most findings. Your auditor walks the same path an OSHA inspector would, in the same order, observing the same things.

    A useful structure for the walkaround:

    Start at the highest-hazard area. Hot work, confined space entry points, areas with heavy chemical exposure, elevated work, or any area where a recent incident occurred. These are the areas an inspector responding to a complaint or fatality would visit first, and they are where the most serious citations tend to come from.

    Observe before you ask. Your auditor watches operations for at least 10-15 minutes in each area before talking to anyone. Are workers wearing required PPE? Are lockout/tagout procedures being followed? Are guards in place and intact? Are housekeeping issues visible? Are pedestrian and forklift paths separated? Inspectors observe before they engage, and so should your auditor.

    Photograph and document. Your auditor takes the same photos an inspector would. Any condition that could be cited gets documented with a photo, a location, the apparent standard being violated, and a brief description. This becomes the audit report.

    Interview workers. OSHA inspectors interview employees privately. Your auditor should too, ideally in pairs of two or three workers per area. The questions are practical: What is the procedure for X? Who do you report a hazard to? What is your training schedule? Have you ever felt unsafe doing this job? Worker answers tell you whether your written program matches what is actually happening on the floor. Disconnects between the two are some of the most common audit findings.

    What to test in this phase:

  • PPE compliance in every area
  • Machine guarding condition and presence
  • Lockout/tagout practice (not just policy)
  • Forklift and pedestrian separation
  • Chemical labeling and SDS accessibility
  • Emergency egress, exit signage, and exit lighting
  • Fire extinguisher inspections and access
  • Eyewash and shower locations and access
  • Hot work permits if applicable
  • Confined space entry procedures if applicable
  • Fall protection in any work at height
  • Electrical safety, panel access, and cord conditions
  • Housekeeping and tripping hazards
  • Posted OSHA "It's the Law" poster
  • Posted OSHA 300A summary in posting period

    • Step 4: The records and program review

    After the walkaround, your auditor sits down with the documentation requested earlier and reviews it against what was seen on the floor. The walkaround surfaces conditions; the records review surfaces program gaps. Both matter.

    Specifically:

    Cross-check training against observed practice. If you saw a worker operating a forklift, find that worker's forklift certification. If the training was supposed to be refreshed every three years, check the date. If you observed someone in a confined space, find the entry permit and the training records for that entrant and attendant.

    Review the OSHA 300 logs for completeness. Are entries dated? Are days-away counts accurate? Have any recordable injuries been missed? If your 300A summary doesn't match the underlying 300 log, an inspector will catch it.

    Look for corrective action follow-through. Past inspections, past audits, and past incident investigations should each have a documented corrective action with a closure date. Open items more than 90 days old without progress notes are a pattern an inspector flags immediately.

    Step 5: The closing conference

    The closing conference is where the audit becomes useful. Your auditor walks the safety lead and any leadership representatives through what was found, what would likely be cited, what the likely classification would be (serious, willful, repeat, other-than-serious), and what the abatement options are.

    The deliverable from the closing conference should be a written audit report with:

  • An executive summary suitable for sharing with leadership
  • A list of findings with the relevant OSHA standard cited
  • A classification of each finding by severity
  • Recommended corrective actions with realistic timelines
  • A summary of program-level gaps that go beyond any single finding

    • This document becomes your roadmap for the next 12 months of program work, and it is also the artifact that proves to leadership that the safety program is being measured against real standards.

    What to do with the findings

    A mock audit that surfaces 30 findings and sits in a drawer is worse than no audit at all, because it becomes documented proof that you knew about hazards and did not address them. The findings have to be tracked through to closure.

    A practical approach:

  • Triage findings by severity. Anything classified as serious or willful gets addressed first, often within 30 days.
  • Assign each finding to an owner with a target closure date.
  • Track progress monthly in a leadership review.
  • Document the closure of each finding with photos or records.
  • Re-audit specific areas that produced major findings within 90 days to confirm the fix held.
  • Roll the unresolved findings into the next year's audit as a starting list.

    • A safety program that runs a mock audit annually, tracks the findings to closure, and uses the results to drive program improvements is the kind of program that holds up under real inspection. The findings stop being surprises.

    A note on outside help

    A safety professional running a mock audit on their own program will catch a lot of what is broken. They will also miss the things they have stopped seeing, which is exactly what an OSHA inspector will catch on day one. Outside eyes are worth what they cost, especially for the first mock audit. After the first cycle, internal audits work fine for the in-between years.

    If you do not have a dedicated safety professional, or if your safety lead is stretched too thin to run a full audit cycle, an annual mock OSHA audit is one of the services that benefits most from outside help. It is bounded in scope, produces a clear deliverable, and the deliverable is genuinely useful to leadership in a way that other safety work sometimes isn't.

    Either way, the work is worth doing. The price of finding out what your program looks like before an inspector does is significantly lower than the price of finding out the other way.

    ---

    *Will Hack works in marketing at iReportSource, an EHS software and safety services company serving organizations across North America.*

    *This article was posted on LinkedIn on June 10th, 2026.*

    iR

    iReportSource Team

    Reviewed by the iReportSource safety team — Certified Safety Professionals (CSP), Construction Health and Safety Technicians (CHST), and OSHA Authorized Outreach Trainers with field experience in manufacturing, construction, and food production, per our editorial standards. Learn about our team →

    Ready to Transform Your Safety Program?

    See how iReportSource can help you streamline your safety management and keep your workers safe.

    Schedule a Demo