Skip to main content

Developer-ready checklist for Module 13: Audit & Inspection (InspectIQ), formatted for engineering, QA, and compliance verification with full integration and acceptance criteria.

13. Audit & Inspection — Developer Checklist

(InspectIQ – OSHA §1910.1200(e)(1)(iv) periodic review + 1904 CAPA documentation)

0) Foundations (must be ready before dev)

Feature flags: inspectiq.enabled, inspectiq.ai, inspectiq.mobile, inspectiq.checklist_builder, inspectiq.capa_linked, inspectiq.api_export. DB schema: audits, audit_checklists, audit_questions, audit_answers, audit_findings, audit_actions, audit_escalations, audit_signoffs. Integrations: Sentinel (#9), Insights (#8), Training (#7), IncidentIQ (#10), SafeEntry (#12). Mobile PWA or native shell: offline capture queue + background sync. AI microservice (Pro): photo classifier (labels/PPE), recommendation LLM, compliance score regression model. Storage: photos, attachments, GPS metadata (DO Spaces or S3).

13.1 Purpose & Event Hooks

Emit events: audit.scheduled, audit.started, audit.completed, finding.created, capa.assigned, audit.closed. Feed audit scores and unresolved CAPA counts into Insights dashboards. Trigger Sentinel alerts for overdue inspections and CAPA. Acceptance: Insights + Sentinel reflect live audit metrics and escalation timelines.

13.2 Checklist & Template Creation

13.2.1 Checklist Library

Prebuilt OSHA/HazCom templates (HazCom Plan Review, SDS Audit, Labeling, Training, PPE/Storage). CRUD for custom templates (company/site).

13.2.2 Checklist Builder (Standard + Pro)

Drag-drop builder for question blocks (Yes/No/NA, Photo, Score, Category). Weighted scoring config by section. Acceptance: Built template usable immediately by scheduler; preview matches stored layout.

13.2.3 Question Tagging (Pro)

Optional osha_ref or sop_ref tag per question. Enables filtering reports by regulation/SOP reference. Acceptance: Tag filter works in report exports.

13.3 Scheduling & Assignment

13.3.1 Schedule Types

One-time, recurring (weekly/monthly/quarterly/annual). CRON-like recurrence persisted in DB.

13.3.2 Assignment Logic

Assign per site/location/department. Notify auditor + site manager via email/in-app.

13.3.3 Integration Hooks

Sentinel triggers can auto-schedule related audits (e.g., repeated label alerts). Acceptance: Event → inspection auto-created; notifications sent.

13.4 Conducting Inspections

13.4.1 Mobile/Web Interface

Offline-first; background sync when online. Capture photos, notes, GPS. File attachments linked to question.

13.4.2 Smart Inputs (Standard + Pro)

“Copy last audit” option; prefill previous answers. Barcode scan → link chemical or SDS.

13.4.3 AI Assistant (Pro)

Suggests answers from prior audits. Detects anomalies in photos (missing label, open container). Generates recommendations per non-conformance. Acceptance: Confidence score visible; AI-suggested text editable before save.

13.5 Scoring & Findings

13.5.1 Weighted Scoring

Auto-calc compliance % and category subscores. “Pass / Conditional / Fail” display thresholds configurable.

13.5.2 Deficiency Recording

Status types: Non-Compliant, Observation, Recommendation. Photos, notes, responsible person, due date fields.

Create CAPA directly from finding → pushes to IncidentIQ (#10). Verification required before close. Acceptance: CAPA close auto-updates audit finding → Resolved.

13.6 Notifications & Escalations

13.6.2 Escalation Logic

Path: Site Manager → Coordinator → Admin → Corporate EHS. CAPA >14 days triggers Sentinel escalation event. Acceptance: Escalation visible in Sentinel dashboard with timestamps.

13.7 Reporting & Analytics

13.7.1 Inspection Reports

Auto-generate PDF (checklist, findings, photos, score, summary). CSV/XLSX export; Pro exposes API /audits/reports. Acceptance: Reports watermarked & signed; match stored data.

13.7.2 Trend Dashboards

Graph compliance scores over time. Breakdown by category, site, recurring violations.

13.7.3 AI Insights (Pro)

Detect repeat deficiencies across sites. Predict next high-risk area/site. Recommend corrective training or plan updates.

13.7.4 Integration with Insights (#8)

Feeds compliance scores + open findings to Insights Home Dashboard. Acceptance: HazCom Health Index updates post-audit automatically.

13.8 Permissions & Access

13.8.1 Roles

13.8.2 Security & Sign-offs

Workflow: inspector → manager → coordinator → optional corporate sign-off. PDF watermark: site, timestamp, version, signatures. Audit records immutable post-sign-off. Acceptance: Sign-off chain visible; tamper attempt logged in audit_signoffs.

13.9 Tiering Summary

Acceptance: Tier flags toggle APIs and UI features accordingly.

Security Checklist (must-pass)

Tenant RLS for audits and findings. Image/file encryption at rest. GPS + timestamp validation for field entries. Hash chain for finding/CAPA edits (tamper-evident). Audit reports digitally signed; revocation list managed. AI model sandboxed; no external upload of proprietary images.

QA Test Matrix

Happy Paths Audit scheduled → auditor completes → photos + findings → CAPA assigned → verified → report generated → score posted to Insights. Sentinel auto-triggers new audit from repeated alert. Edge Cases Offline entry sync merges correctly. AI detects photo issue → user overrides suggestion → logs reason. CAPA overdue triggers escalation. Deleted checklist template → dependent audits unaffected (versioned copy stored). Performance Checklist load < 1 s; offline sync batch < 5 s. PDF generation < 3 s for 100 questions. AI detection < 6 s avg per photo.

Observability / Alerts

Metrics: total audits, average compliance %, CAPA backlog, overdue audits. System alerts: AI timeout, sync failure, report generation error. Weekly summary email: upcoming audits, overdue CAPA.

Deliverables (Definition of Done)

Figma/UI: Checklist Builder, Audit Form, Photo Capture, CAPA panel, Report Viewer, Dashboard. OpenAPI: /audits, /audits/{id}, /audits/reports, /audits/capa, /audits/schedule. Localization: EN/ES UI, reports, emails. E2E Tests: schedule → inspect → CAPA → verify → report → Insights sync. Admin Tools: clone checklist, import/export templates, bulk close audits, escalate CAPA. Rollback Plan: disable inspectiq.ai → manual inspections continue; AI suggestion panel hidden.

✅ Compliance Alignment

Would you like to proceed next with Module 14 – Administration, Billing & Audit Logs (AdminHQ) — which ties together user management, subscriptions, audit trail, and system governance?

TierChannelsExamples
StarterEmailAudit scheduled / overdue
StandardEmail + In-appCAPA due / report submitted
ProEmail + In-app + Slack/Webhook/SMSHigh severity unresolved >7d / recurring issue
RoleScope
AdminGlobal
Program CoordinatorAssigned sites
AuditorAssigned checklists only
Site ManagerRead findings + manage CAPA
EmployeeRead-only for related findings
FeatureStarterStandardPro
Prebuilt Checklists✅ Basic OSHA✅ + Custom✅ + AI Tagging
Schedule / AssignManualAutoSentinel-triggered
Mobile Inspection✅ + Offline✅ + AI Photo Detection
CAPABasicLinked to IncidentIQ+ AI Root Cause Assist
ReportsPDFPDF + CSVPDF + CSV + XLSX + API
AnalyticsBasicTrend ChartsCross-site + Predictive
AlertsEmailEmail + In-appMulti-channel
RolesAdmin/Auditor+ Coordinator+ Multi-site Dashboard
IntegrationsInsightsSentinel, Insights, IncidentIQ
OSHA / EHS RequirementInspectIQ FeaturePurpose
§1910.1200(e)(1)(iv)Scheduled auditsRegular HazCom evaluation
1904.7–1904.33CAPA & FindingsRecordable action documentation
Training verificationLinked Training (#7)Confirm awareness during audits
SDS & Labeling checksChecklist LibraryValidate field implementation
AccountabilitySign-offs & EscalationEnsure oversight and closure