The inspector does not always call ahead.

Under the model WHS laws, a WHS inspector can enter any workplace at any time — without prior notice — if they reasonably believe it is a workplace. They do not need a warrant. They do not need to explain the reason for their visit before they enter. They can seize documents, equipment, and electronic records. They can interview workers privately. And under the 2025 NSW amendments, extended to other jurisdictions, unions exercising right of entry can now collect measurements, conduct tests, and make audiovisual recordings — not merely observe.

When an inspector arrives — whether in response to a complaint, following a notifiable incident, as part of a planned compliance program, or entirely unannounced — they are assessing one central question: does this organisation's safety management system actually work? And the most important sub-question beneath that one is not whether you have policies. It is whether you can prove your system is functioning.

That distinction — between having a system and being able to prove it works — is where the majority of Australian SMEs fall short. And it is the gap that drives enforcement action more often than the underlying hazard itself.

This blog examines the seven documentation gaps that WHS inspectors most consistently identify in incident management systems, what the inspector is looking for at each step, and what a functional, audit-ready incident management system looks like in practice.

Any time

A WHS inspector can enter your workplace without prior notice if they reasonably believe it is a workplace — no warrant required (model WHS Act s.171)

30 days

The period within which an inspector can issue a notice to produce documents after leaving the site — even from a visit that appeared routine (2025 model WHS amendment)

What Inspectors Are Actually Assessing

The single biggest misconception about WHS inspections is that they are primarily document checks. They are not — or at least, not only. An experienced inspector arrives with a multi-layer assessment framework that runs simultaneously across three dimensions: what your documents say, what your workers do, and whether those two things match.

A business with beautifully written incident management procedures and a workforce that has never read them, never practised them, and does not know what to do when something happens will fail an inspection more comprehensively than a business with rougher documentation but consistent, demonstrable practice. Inspectors are specifically trained to look for the gap between policy and practice — and they find it by talking directly to workers, not to management.

The inspection methodology follows a consistent pattern: document review (what do your policies, procedures, records, and registers say?); site observation (what is actually happening in the workplace?); and worker interviews (conducted privately, often without management present) to verify whether workers understand the system, know how to use it, and feel safe using it. Where these three streams produce consistent answers, the inspector's confidence in the system grows. Where they produce contradictions — where the procedure says one thing, the site shows another, and the workers describe something else — the inspector has found a functioning safety culture gap, which is the most serious finding an inspection can produce.

In 2025, SafeWork NSW was granted expanded powers to request documents up to 30 days after a site visit, via written notice — even for visits that appeared routine or concluded without incident notices. This is a significant change. It means an inspection that seemed uneventful may be followed weeks later by a formal document production request. If the documents requested don't exist, are incomplete, or have been reconstructed, the follow-up investigation is triggered. The inspector's visit was not the audit. The document request is.

Inspectors assess three things simultaneously: what your documents say, what your workers actually do, and whether those two things match. The gap between them is where enforcement action begins.

The Seven Documentation Gaps That Most Consistently Trigger Enforcement Action

Based on inspector methodology, published enforcement data, and consistent findings across WHS audit literature, seven documentation gaps account for the majority of incident management compliance failures in Australian SME workplaces. Each gap has a specific legal dimension, a specific investigative consequence, and a specific fix.

Gap 1: No incident register — or a register that doesn't reflect what actually happened

What the inspector finds: The business has an incident register template, but it is largely empty. Near-misses are not recorded. Minor injuries are handled informally and not entered. The entries that do exist are sparse — date, name, injury type — with no description of circumstances, contributing factors, or controls that failed.

Why it matters legally: The incident register is the primary evidence that the PCBU has been monitoring its workplace. An empty or incomplete register does not mean nothing happened. It means the PCBU was not capturing what happened. Regulators interpret sparse registers as evidence of a non-functioning safety system, not a safe one — particularly when workers describe incidents informally that never appear in writing.

The fix: A register that captures every incident, near-miss, and unsafe condition — including date, time, location, persons involved, description of what happened, immediate response taken, and who was notified. The register should be accessible to workers for reporting (not locked in the manager's office), and entries should be made as soon as practicable after an event — not reconstructed at end of week or month.

Gap 2: Incident reports without root cause analysis — treatment records, not investigation records

What the inspector finds: Incidents have been recorded, but the records describe what happened rather than why it happened. The 'cause' field reads 'worker distracted' or 'slippery surface' — the immediate cause — with no analysis of the underlying system, management, design, or supervision failure that created the condition.

Why it matters legally: The WHS duty requires PCBUs to eliminate or minimise risks so far as is reasonably practicable. Root cause analysis is the mechanism through which systemic failures are identified and addressed. A record that documents the outcome of an incident without identifying contributing causes demonstrates that the PCBU has not used incidents as the learning mechanism the WHS framework requires. In prosecution, the absence of root cause analysis suggests the business was managing incidents reactively — recording them to satisfy a process, not to understand and prevent recurrence.

The fix: Every incident report (and near-miss report) should include a structured root cause section identifying immediate causes, contributing factors, and underlying system or management conditions. The 'five whys' methodology or equivalent is sufficient for most SME settings. The investigation record should name who conducted it and when, and should be signed off by a person with authority to act on the findings.

Gap 3: No corrective action log — or one where actions were identified but never closed out

What the inspector finds: Incidents have been investigated and corrective actions identified. But the corrective action register shows actions that were opened months or years ago and never completed. There is no record of whether the action was implemented, by whom, or whether its effectiveness was reviewed.

Why it matters legally: An identified corrective action that was never implemented is, in regulatory terms, an identified risk that the PCBU knowingly left unaddressed. It is not mitigating evidence — it is aggravating evidence. It shows the PCBU was aware of the risk, documented it, and then failed to act. In a subsequent prosecution for the same or similar incident, an open corrective action from a prior event will be used to demonstrate that the PCBU knew about the risk and chose not to address it.

The fix: Every corrective action must have a named responsible person, a target completion date, and a verification step confirming it was implemented. Actions should be reviewed at regular management intervals — not left in a register that no one checks. Where an action is not completed by the target date, the delay must itself be recorded with a reason and a revised date. Open corrective actions are a specific focus of WHS inspector audits.

Gap 4: No consultation records after incidents — workers informed but never involved

What the inspector finds: After incidents, management communicates the findings to workers informally — a toolbox talk, a team briefing, an email. But there is no written record that consultation occurred: no attendance list, no summary of what was discussed, no record of what workers raised or contributed, and no documentation of how worker input was considered in the corrective action.

Why it matters legally: Consultation is a legal duty under the WHS Act — not a cultural nicety. After an incident, the obligation to consult with workers and their health and safety representatives about findings, proposed changes, and risk management decisions is an active compliance requirement. An inspection that reveals management makes all post-incident decisions without documented worker involvement is an inspection that has found a structural consultation failure — one that is separately enforceable from the underlying incident.

The fix: A brief written record of post-incident consultation: who was present (or who was consulted if they were absent from the workplace), what information was shared, what the workers contributed, and how that contribution was reflected in the corrective action. This does not need to be a lengthy document — a half-page summary is sufficient. It must be contemporaneous, not reconstructed.

Gap 5: No board or officer-level WHS reporting — incidents happening below the governance waterline

What the inspector finds: The business has an incident register, investigation records, and corrective actions — but none of this information reaches the business owner, the board, or the senior leadership team in any structured way. WHS is managed entirely at the operational level, and the people with officer liability under s.27 of the WHS Act have no visibility of what is happening.

Why it matters legally: Officers have a non-delegable personal duty to take reasonable steps to ensure the business meets its WHS obligations. One of those steps is receiving and acting on WHS information. An officer who cannot describe the incident trends in their own business — who does not know whether corrective actions are being completed, whether there are patterns in how incidents are occurring, or whether the incident management system is functioning — has not met their due diligence obligation. The fact that an operations manager has been dealing with it is not a defence. The officer's obligation to be informed is personal.

The fix: A structured WHS reporting mechanism that brings incident data — at minimum a summary of incidents, corrective action status, and any near-misses or notifiable events — to the attention of officers on a regular basis. For a small business, a brief monthly WHS update to the owner or board is sufficient. It must be documented: what was reported, to whom, when, and what decisions or instructions followed.

Gap 6: No return-to-work documentation tied to incident records

What the inspector finds: Workers who were injured returned to work, but there is no documentation connecting the return-to-work process to the incident record. The WHS file and the workers' compensation file exist in parallel, with no cross-reference. The incident record does not note when the worker returned, what modified duties were arranged, or what monitoring was in place during the return.

Why it matters legally: Return to work is a legally regulated process under state workers' compensation frameworks — but its connection to the WHS incident record matters for a different reason. Where a worker returns to a workplace in which the hazard that caused their injury has not been controlled, and then re-injures themselves, the absence of documented return-to-work planning tied to the corrective action is evidence that the WHS duty to ensure a safe return was not met. Additionally, extended absences are now — under the December 2025 model amendments — potentially notifiable to the WHS regulator. The documentation trail connecting injury, absence, medical advice, and return must be coherent across HR, workers' compensation, and WHS.

The fix: The incident record should include a return-to-work section noting the date of return, any medical restrictions, the modified duties arrangement, and confirmation that the relevant hazard was controlled before return. This should be connected to — not separate from — the corrective action log.

Gap 7: No accessible, confidential reporting channel — the record gap that precedes all others

What the inspector finds: Workers, when interviewed privately, describe incidents and near-misses that are not in the register. They describe a culture in which concerns are raised informally but not recorded. They describe reluctance to report — fear of blame, fear of consequences, uncertainty about process, or simply not knowing how. The incident register underrepresents what actually happened because the reporting mechanism only captures what workers felt safe raising openly.

Why it matters legally: Every other documentation gap in this list flows from this one. An incident that was not reported cannot be investigated. A near-miss that was not documented cannot generate a corrective action. A pattern of harm that workers know about but management does not is invisible to the inspection — until workers describe it. The WHS duty to consult, to identify hazards, and to implement controls depends on information reaching the people responsible for acting on it. Where the reporting culture or mechanism prevents that, the entire compliance architecture is built on an incomplete picture.

The fix: A reporting mechanism that is confidential, accessible outside business hours and outside the management chain, and that workers trust enough to use. The mechanism must be genuinely confidential — not a suggestion box on the wall — and must be accessible to workers whose first language is not English, whose working hours don't align with management availability, or who are not comfortable raising concerns face to face. The reporting mechanism is not a supplement to the incident register. It is the foundation that makes the incident register credible.

The Distinction That Determines Outcomes: Contemporaneous vs. Reconstructed Records

Of all the principles that govern how WHS documentation is assessed in enforcement proceedings, none is more important than the distinction between contemporaneous and reconstructed records.

A contemporaneous record is one made at the time the event occurred, or as soon as practicable afterwards, by the person who witnessed or managed it. Its value as evidence lies in its proximity to the event: the details are fresh, the timestamp reflects when it was created, and the record exists independently of any subsequent investigation or legal process.

A reconstructed record is one created after the fact — often after an injury has crystallised into a claim, or after an inspector has arrived, or when the business realises it needs documentation it does not have. It may be accurate. But it cannot be verified as accurate. It lacks the timestamp that places it before the investigation. And if it is inconsistent with anything else the regulator has gathered — a worker's account, a prior complaint, a workers' compensation claim — the inconsistency will be interpreted as evidence of reconstruction rather than accurate recall.

In WHS enforcement, reconstructed records do not merely fail to help — they actively harm. A business that cannot produce contemporaneous documentation of an incident investigation is not a business that conducted the investigation and lost the paperwork. It is a business that did not conduct the investigation and is now attempting to manufacture a record. Regulators are experienced at recognising reconstruction, and the regulatory response is not sympathy. It is escalation.

The 'Policy in a Folder' Problem

WHS auditors consistently find the same failure in SME workplaces: a comprehensive, professionally written incident management policy sitting in a folder — physical or digital — that managers and workers have never read, never practised, and cannot describe when asked. A policy document is not evidence of a functioning system. It is evidence that someone once wrote about a system. The inspector's question is not 'do you have a policy?' It is 'show me how the policy works' — and the only answer is contemporaneous, operational documentation: a register that has been used, investigations that were conducted, corrective actions that were completed, workers who can describe the process. The policy is the skeleton. The records are the proof of life.

How Inspection Triggers Have Changed — Who Can Now Show Up and Why

Understanding what inspectors check is important. Understanding what brings them to your door is equally important — because the trigger for an inspection increasingly arrives before any serious incident occurs.

The complaint-triggered inspection

A worker, a former worker, a union delegate, or a member of the public contacts the regulator with a concern about the workplace. The regulator assesses the complaint and, if it meets the threshold for investigation, sends an inspector. The business typically has no warning. The inspector arrives with the complaint already in hand, with specific questions about the circumstances described, and with access to documentation requests that target the exact records relevant to the concern raised.

The incident-triggered inspection

A notifiable incident has been reported. The regulator is required to investigate. The inspector arrives at the scene, exercises the power to preserve evidence, conducts worker interviews, and requests the incident management documentation. At this point, the inspection is not a general compliance check — it is a targeted investigation into a specific event, with a specific question: did the PCBU comply with its duties? The documentation produced at this point will determine whether the outcome is a finding of compliance, an improvement notice, a prohibition notice, or a referral for prosecution.

The planned compliance inspection

SafeWork NSW planned a 25 percent annual increase in compliance visit volumes for the period 2023-2026, with organisations of 200 or more workers receiving scheduled visits that include a psychosocial WHS check as a standard component. Other jurisdictions operate similar programs, particularly targeting high-risk industries (construction, healthcare, manufacturing, logistics) and industries with known non-compliance patterns. The planned inspection does not require a specific trigger event — it is a systematic audit of whether the business is meeting its obligations. For these visits, the documentation requested is comprehensive: incident registers, investigation records, corrective action logs, training records, consultation records, risk assessments, and return-to-work documentation.

The union-entry inspection (now with expanded powers)

In NSW, union officials exercising right of entry under the 2025 Workplace Protections amendments now have the power to take measurements, conduct tests, and make audiovisual recordings. A union entry that identifies incident management failures can generate a formal complaint to the regulator, triggering a subsequent inspector visit — with the union's own evidence already gathered. Businesses in industries with active union representation need to treat union entry as a potential precursor to regulatory action, not as an independent and lower-stakes event.

25%

Annual increase in SafeWork NSW compliance inspection visits planned through to 2026, including psychosocial WHS checks at every visit to organisations with 200+ workers

30

Days after a site visit that an inspector can still issue a notice requiring document production — the visit ending does not end the obligation to produce records

2 years

Minimum prosecution limitation period under the WHS Act — running from when the regulator gains sufficient knowledge of the offence, not from when the incident occurred

What 'Proving Compliance' Looks Like in Practice

Compliance with WHS incident management obligations is not a state of being. It is a state of being able to demonstrate. The business that is genuinely compliant but cannot produce the evidence of its compliance is, for regulatory purposes, indistinguishable from the business that is not compliant. The burden of evidence — in an inspection, in enforcement proceedings, in workers' compensation defence — falls on the PCBU.

The following describes what a functional, audit-ready incident management system looks like when an inspector requests documentation from an Australian SME.

What an Audit-Ready Incident Management System Produces on Request

• The incident register: a complete, contemporaneous record of every incident, near-miss, and unsafe condition report, with date, time, description of the event, persons involved, immediate response, and who was notified — including any WHS regulator notification

• The investigation file for each significant incident: methodology, root cause findings, contributing factors, named investigator, date of completion — showing the PCBU treated incidents as learning events, not just reporting obligations

• The corrective action log: every action identified, with responsible person, target date, completion date, and verification — with no actions open beyond their target date without a recorded reason and revised timeline

• Consultation records: post-incident briefing records showing workers were informed, contributed, and that their input was considered — attendance or acknowledgement records, not just a note that a briefing was held

• Officer reporting records: evidence that WHS incident data — including incident trends, corrective action status, and any notifiable events — was reported to officers and that officers considered and responded to that information

• Return-to-work documentation: records connecting each injury to its return-to-work plan, modified duties arrangement, medical clearance, and confirmation that the relevant hazard was controlled before return

• Notification records: for any notifiable occurrence — the date and time of the call to the regulator, the case reference number, any follow-up correspondence, and evidence that site preservation obligations were met

A business that can produce this documentation — from its system, not reconstructed for the visit — is in a fundamentally different regulatory position from one that cannot. It is demonstrating that the system works. The inspector's conclusion is not perfection. It is evidence of a functioning, genuinely operated safety management system. That is the standard the law requires and the standard that determines whether a visit ends with a handshake, an improvement notice, a prohibition notice, or a referral for prosecution.

Where Salus Fits in an Audit-Ready Incident System

Gap 7 in the framework above — the absence of an accessible, confidential reporting mechanism — is the foundation failure that undermines everything else. A business cannot have an audit-ready incident management system if the mechanism for surfacing incidents is broken at the point of worker reporting. If workers do not report, there is nothing to investigate. If there is nothing to investigate, there are no corrective actions. If there are no corrective actions, the register is empty. And an empty register does not pass an inspection — it invites one.

Salus provides the foundation that makes the rest of the system credible. The confidential, 24-hour reporting channel — accessible from any device, outside business hours, outside the management chain — is the structural response to the most common reason incidents go unreported: workers do not feel safe raising concerns through the channels available to them.

When a worker submits a concern through Salus, the record is automatically timestamped, documented, and visible to the people responsible for acting on it. That timestamp is contemporaneous evidence. The record exists independently of any subsequent investigation or legal process. It cannot be reconstructed after the fact, because it was created before the fact. When an inspector asks 'show me how workers report concerns in your workplace', the answer is a system with a documented record of reports, timestamps, and responses — not a manager explaining that workers know they can always knock on the door.

For officers discharging their due diligence obligation under s.27: Salus provides the aggregated, anonymised data that makes board-level WHS reporting possible at the scale an SME can actually manage. Monthly incident trends, concern patterns by team or location, corrective action status — the information that officers are legally required to receive and act upon, in a format they can actually use.

Compliance with WHS incident management obligations is not a state of being. It is a state of being able to demonstrate. The business that is genuinely compliant but cannot produce the evidence of its compliance is, for regulatory purposes, indistinguishable from the business that is not.

The Bottom Line for Every Australian Business

When an inspector walks through your door — whether announced or unannounced, whether triggered by a complaint, an incident notification, a planned compliance program, or a union entry — they are not looking for perfection. They are looking for evidence of a system that functions: a register that reflects what actually happens, investigations that identify root causes, corrective actions that are completed, workers who know how to report and feel safe doing so, and officers who are informed and engaged.

The seven gaps documented in this blog are the gaps that most commonly separate a business that passes an inspection from one that doesn't. None of them requires a large compliance budget to address. Each requires a decision to treat documentation as a genuine operational practice rather than a retrospective administrative exercise.

The enforcement environment makes that decision urgent. Inspector visit volumes are rising. Union entry powers have expanded. The 30-day document production notice means a visit that seemed uneventful can become an investigation weeks later. And the December 2025 model amendments have expanded the category of events that must be notified — creating new documentation obligations that most businesses have not yet incorporated into their systems.

The businesses that fare best in inspections are not those with the most sophisticated systems. They are those whose system matches what actually happens in the workplace, whose records reflect what was actually done, and whose workers describe a safety culture that the documentation supports. That alignment — between policy, practice, and record — is what audit readiness means.

The Audit-Readiness Self-Assessment: Seven Questions for Every Australian Business

• Is your incident register a complete, contemporaneous record of every incident and near-miss — including minor events and near-misses that didn't result in injury? Or does it mainly capture recorded injuries for workers' compensation?

• Does every incident investigation include a documented root cause analysis — identifying contributing system and management factors, not just the immediate cause? Or do records describe what happened without explaining why?

• Is every corrective action in your log closed out, with a named responsible person, a completion date, and a verification step? Or are there open actions from months or years ago that were never followed up?

• After incidents, do you have written records of consultation with workers and HSRs — showing what was discussed, what workers contributed, and how that input was reflected in the corrective action? Or are workers informed but never genuinely involved?

• Does your board or senior leadership receive structured WHS incident reporting — including trends, corrective action status, and any notifiable events — on a regular basis? Or does WHS stay at the operational level, invisible to the officers who carry personal liability for it?

• Does every injury record connect to a return-to-work plan, modified duties arrangement, and confirmation that the relevant hazard was controlled before return — as a single coherent file? Or do WHS, HR, and workers' comp records exist in separate silos?

• Does your workplace have an accessible, confidential reporting mechanism that workers actually use — one that captures concerns from workers who would not raise them face-to-face? Or is the only reporting pathway a conversation with the manager?

Next in this series: Blog 31 examines the dual reporting trap that catches businesses in regulated industries — how a single incident can simultaneously trigger obligations to the WHS regulator and a sector regulator, on different timeframes, with different content, and with penalties flowing from both if either is missed.

Key Sources

Safe Work Australia: What Powers Do Inspectors Have to Enter Workplaces (model WHS Act, Part 9) | Safe Work Australia: WHS Prosecutions Dashboard — 2023 Data (2024) | Herbert Smith Freehills Kramer: Australia — Major Reforms to the Model WHS Framework and Incident Notification Duties (December 2025) | KWM: Reforms to NSW Work Health and Safety Laws (2025) | Hamilton Locke: Substantial Reforms to NSW Industrial Relations and WHS Laws Underway (2025) | Bird & Bird: Safety (Compliance) First — Understanding the 2025 NSW Workplace Protections Amendments | Lane Safety Systems: WHS Law Reform — How the 2025 Workplace Protections Bill Could Impact Your Business in NSW (2025) | MiSafe Solutions: Lessons from Recent WHS Audits — What Keeps Businesses Up at Night (August 2025) | Safety for Life: What WHS Auditors Actually Look For (2025) | Action OHS Consulting: Your Complete Guide to Work Health and Safety Audits in Australia (2025) | Sentrient: Compliance Reporting in Australia (December 2025) | SafeWork NSW: Prosecutions Register (2025) | Model WHS Act 2011 ss.27, 38, 39, 55, 171-174 (inspector powers, notification, site preservation, officer duty) | Industrial Relations and Other Legislation Amendment (Workplace Protections) Act 2025 (NSW)

This article provides general information only and does not constitute legal advice. Inspector powers and enforcement priorities vary by jurisdiction. Businesses should seek independent legal advice in relation to their specific circumstances and monitor developments in their state or territory WHS legislation.