From our perspective as consultants, in recent audits we have observed a recurring pattern — the re-emergence of previously identified issues that had been marked for corrective action but not effectively resolved. These “repeat findings” are more than a simple non-compliance; they’re a clear indicator of weaknesses in an organisation’s corrective action and assurance processes.

When findings repeat – what it really means

A repeated audit non-conformance suggests that corrective actions may have been poorly implemented, inadequately monitored, or not verified for effectiveness. While it can be easy to attribute such findings to auditor subjectivity or differing interpretations, the reality is often simpler: somewhere between the audit close-out and daily operations, the loop on corrective action tracking has not been closed.

QRMC’s experience shows that even robust systems can falter when actions are not assigned clear accountability, timeframes, and follow-up verification. Without a structured process for monitoring and evaluating the effectiveness of controls, risks inevitably re-surface, often in more serious forms.

The legal concept of ‘state of knowledge’

From a legal perspective, audit reports do more than highlight system weaknesses. They also establish an organisation’s state of knowledge regarding its WHS risks. Under WHS legislation, once a duty holder becomes aware of a hazard or non-compliance, they are legally obligated to take reasonably practicable steps to eliminate or minimise that risk.

For organisational Officers, this extends further into the duty of due diligence. An Officer who is aware of an unresolved issue (such as one highlighted in an audit) must ensure that adequate resources, systems, and oversight mechanisms are in place to address it. Ignoring such findings effectively shifts the organisation into a high-risk legal position, where failure to act may expose both the entity and individuals to enforcement action or prosecution.

The compliance and reputational risk

Beyond the legal implications, repeat audit findings reflect poorly on an organisation’s safety culture and governance maturity. They signal to regulators, insurers, and stakeholders that the organisation may not have effective mechanisms for continuous improvement. In the event of a serious incident, documented audit findings can quickly transform from evidence of diligence to evidence of negligence, demonstrating that management knew of the risk but failed to act.

Closing the loop: best-practice recommendations

QRMC recommends that organisations:

  • Maintain a live register of all audit corrective actions with clear ownership and status tracking.
  • Periodically review the effectiveness of implemented controls, not just their completion.
  • Integrate corrective action monitoring into management review and due diligence reporting.
  • Treat audit findings as opportunities to strengthen governance and demonstrate proactive compliance.

In summary, an audit report does more than identify risks – it establishes awareness. Once that “state of knowledge” exists, inaction is no longer an option. Effective management of corrective actions is not just a compliance requirement; it’s a key indicator of leadership commitment, organisational resilience, and due diligence in practice.

Please contact us for more information or assistance.