While your organisation may seem to be running smoothly and has been operating in the same way for years, there will always be the risk that something will go wrong. Even the most well-developed safety case (and accompanying safety system) needs to be checked to make sure it’s still accurate and that you’re actually achieving your safety commitments.
You shouldn’t be reviewing your processes, procedures and activities just to meet your legal requirements – meeting them should be a by-product of your operation running safely and effectively.
Internal audits provide objective assurance that your organisation is meeting its goals, can achieve what it set out to, and is managing its risks effectively.
Auditors should be independent enough to be able to identify and comment on the things you don’t want to hear about. It could be someone from a different department, a sister organisation, or a contractor (they don’t have to work directly for you), but it shouldn’t be someone who is involved in the running of the organisation.
An auditor does not have to be a technical expert in what they are auditing, but they should be familiar enough with the area to understand the documents that they are auditing practice against.