0 / 40
Not Started
Interactive Assessment Tool

Psychosocial Hazard
Audit Readiness Checklist

If the regulator inspected your organisation tomorrow, could you evidence the following?

Why This Matters Now

Workplace health and safety regulators are actively auditing organisations on psychosocial hazard compliance. Inspectors are not asking "Have you run a wellbeing program?"

They are asking: Show me your documented risk assessment. Show me your controls. Show me evidence of consultation. Show me Board oversight.

This checklist reflects what regulators are currently reviewing, based on the Managing Psychosocial Hazards at Work Code of Practice and WHS Regulation 2025.

Quick Pulse Check

Before the full audit — a 60-second snapshot of where you stand

This section is for your own reflection — it does not count toward your Audit Readiness Score below.
Psychosocial hazards are on our WHS risk register
We have a documented risk assessment from the last 12 months
We can evidence higher-order controls (not just training)
Leaders have demonstrated competency (not just attendance)
The Board receives formal psychosocial risk reporting
We have documented worker consultation
Controls are monitored for effectiveness
Policies reflect our actual workplace risks
Investigation procedures are compliant
We could produce documentation within 48 hours of a request
Strengths identified: 0 / 10

Based on the Managing Psychosocial Hazards at Work Code of Practice and WHS Regulation 2025. Regulators will look for documented evidence across these six critical areas.

1
Hazard Identification
Systematic identification across all 14 hazard categories
0 / 7
We have systematically identified psychosocial hazards across all 14 recognised categories: job demands, low job control, poor support, lack of role clarity, poor change management, inadequate reward and recognition, poor organisational justice, traumatic events or material, remote or isolated work, poor physical environment, violence and aggression, bullying, harassment, conflict or poor workplace relationships
Hazard identification includes both qualitative data (worker consultation, surveys, focus groups, exit interviews) and quantitative data (absenteeism rates, turnover, WorkCover claims, incident reports)
We have documented evidence of consultation with workers during hazard identification
We considered vulnerable or high-risk groups (new workers, young workers, those with caring responsibilities, shift workers, isolated workers)
Hazard identification is current (within the past 12 months) and reviewed when circumstances change
Records of hazard identification are available for regulator review
We have considered hazards arising from the interaction of multiple risk factors, not just individual hazards in isolation
⚠ Critical Red Flag
If hazard identification relies solely on generic wellbeing surveys, informal observations, or anecdotal evidence without documented systematic review, you do not meet Code of Practice requirements.
2
Risk Assessment
Documented, defensible assessment of risk profile
0 / 6
We have assessed our organisational risk of psychosocial hazards, including the proportion of employees at elevated risk
We have insights about the nature of the risks, including their prevalence and cause (considering the interaction of multiple hazards, work design, job demands, and environmental conditions)
We have a mechanism to identify and offer support to at-risk employees
We have benchmarked results (internally across departments or externally against industry standards)
Risk assessment has been reviewed and signed off by executive leadership
Psychosocial risks are formally integrated into our WHS risk register (not managed separately) and risk assessment documentation is available and demonstrates our methodology
⚠ Critical Red Flag
If psychosocial hazards are not on your formal WHS risk register, or if risk assessment is undocumented or informal, you are exposed. Regulators will request to see written records.
3
Risk Control & Mitigation
Documented controls following the mandatory hierarchy
0 / 7
We have documented control measures for each identified hazard
Controls follow the mandatory hierarchy: Level 1 Elimination → Level 2 Redesign work systems → Level 3 Engineering/environmental → Level 4 Administrative (policies, training) → Level 5 Personal coping strategies
We can evidence that higher-order controls (elimination and redesign) were considered first, before relying on training or individual coping strategies
We have assigned clear ownership and accountability for implementing each control measure
Implementation of controls is documented and verifiable (not just 'planned')
Controls are monitored and reviewed regularly (at minimum annually, or when circumstances change)
We have evidence that controls are effective (not just implemented) — e.g. reduction in incidents, improved survey results, decreased WorkCover claims
⚠ Critical Red Flag
If your primary or only control measure is 'leader training' or 'resilience workshops,' this is insufficient under WHS Regulation 2025. Regulators will specifically look for higher-order controls. Training alone does not satisfy the hierarchy of controls.
4
Leader Competency & Accountability
Assessed understanding, not just attendance records
0 / 6
Leaders and managers have received formal training on: their WHS duties regarding psychosocial hazards, how to identify risks, how to apply the hierarchy of controls, what 'reasonably practicable' means, and escalation pathways
Leader competency has been assessed and documented (not just attendance) — including post-training assessments, demonstrated application, and capability reviews
We can evidence that leaders understand their personal liability under WHS laws
Psychosocial risk management is embedded in leadership KPIs, performance reviews, job descriptions, and induction for new leaders
Escalation pathways and reporting procedures are clearly defined, documented, and understood by all leaders
We have documented evidence of leader accountability (e.g. action taken when risks identified, minutes of leadership discussions on psychosocial risks)
⚠ Critical Red Flag
If you cannot evidence leader competence (only completion), your compliance position is weak. Regulators may interview managers on-site to verify understanding.
5
Policies & Documentation
Specific, current, and evidenced as live documents
0 / 7
Our WHS policy explicitly addresses psychosocial hazards and is aligned with the Managing Psychosocial Hazards Code of Practice
Policies clearly define behavioural expectations, reporting and escalation processes, investigation procedures, support available, and consequences for non-compliance
Policies cover all 14 psychosocial hazard categories (not just bullying and harassment)
Investigation procedures are compliant, documented, and demonstrate timeliness, procedural fairness, confidentiality protections, interim measures, and follow-up actions
We have documented evidence of structured worker consultation: HSR involvement, feedback mechanisms, and how worker input influenced risk assessments and controls
Board or executive oversight of psychosocial risks is formally documented: regular reporting, minutes evidencing review and sign-off, Board-level accountability assigned
Policies are current (reviewed within the last 2 years) and accessible to all workers
⚠ Critical Red Flag
Generic, outdated, or 'copy-paste' policies that don't reflect your actual workplace risks will not satisfy regulators. Policies must be specific, current, and evidenced as 'live' documents.
6
Monitoring, Review & Continuous Improvement
Documented cycle of assess → control → monitor → review → improve
0 / 7
We have a documented monitoring framework that includes: regular review of psychosocial hazards (minimum annually), monitoring of control effectiveness, tracking of leading indicators (survey results, consultation feedback) and lagging indicators (WorkCover claims, turnover, absenteeism)
Monitoring data is documented and demonstrates trends over time
We can show evidence of adjustments to controls following new data or changing circumstances
The Board/Executive receives periodic reporting on psychosocial risk profile, including current risk ratings, control effectiveness, emerging risks, and actions taken
We can demonstrate a continuous improvement cycle: Identify → Assess → Control → Monitor → Review → Adjust → Repeat
Incident investigation outcomes feed back into hazard identification and risk assessment processes
We have evidence of lessons learned and changes made based on incident investigations, worker feedback, monitoring data, and changes in work practices or environment
⚠ Critical Red Flag
If you cannot show a documented cycle of assess → control → monitor → review → improve, your compliance may be questioned. A one-off risk assessment with no follow-up is insufficient.

Your Audit Readiness Score

0
/ 40
Complete the checklist above
Work through each of the six sections to build your complete audit readiness picture.

The Four Most Common Gaps We See in 2026

1

Psychosocial hazards not formally integrated into the WHS risk register

Many organisations track psychosocial risks separately (if at all), rather than integrating them into formal WHS governance systems.

2

Insufficient evidence of higher-order controls alongside training

Training is a necessary component, but regulators expect it to sit within a broader framework that includes work redesign, workload management, and systems-level interventions. Organisations need to demonstrate controls across all levels of the hierarchy — not training in isolation.

3

Lack of documented Board oversight

Executive teams often discuss psychosocial risks informally, but formal Board reporting, minuted decisions, and assigned accountability are frequently absent.

4

No independent assessment or review of psychosocial risk

Given the subjective and sensitive nature of psychosocial hazards, internal-only assessments are vulnerable to bias, blind spots, and conflicts of interest. Regulators increasingly expect organisations to demonstrate independent, qualified oversight of their risk identification, controls, and monitoring processes.

If any of these apply to your organisation, you are not alone. But you may be exposed.

Not Sure Where to Start?

Most organisations we work with have some foundations in place but aren't sure what 'good enough' looks like under the new regulations. If this checklist has raised questions, a 30-minute conversation is usually enough to clarify your position and identify your priorities.

AI-enabled risk profiling
Board-ready documentation
Measurable leader competency
Code-aligned policies
Ongoing monitoring framework
Registered psychologist-delivered
Book a Confidential Conversation
or email directly if you prefer
Nick Lee OAM | Co-Director, Healthy Minds Education & Training
nick@healthymindsprogram.com  |  0401 678 893