IHSA oversees the COR® program in Ontario. As a result, the following procedures, training, and information are managed by IHSA, but are not limited to:

  • managing the COR® Program Guidelines
  • designing and maintaining the programs used to train the internal auditor and senior management
  • reviewing and/or validating all audits submitted for the COR® audit process
  • ensuring all COR® audit standards and protocols are followed for the program
  • fostering a positive audit environment by assisting and co-operating with member employers so that audit objectives can be met
  • maintaining the COR® information database
  • controlling the security and confidentiality of audit documents and results
  • maintaining quality assurance of auditors and the audit process.

Employer/Senior Management Representative

In addition to the prescribed training, Employers (Senior Management Representatives) have the following obligations.

  • Notify IHSA immediately at cor@ihsa.ca of any changes to company registration information such as WSIB account number, company name, address, personnel affiliated with the COR® audit etc.
  • Ensure audits are properly planned, scheduled and signed off by employer/senior management
  • Provide access to facilities and supporting information as requested by IHSA
  • Actively participate in the COR® audit process and maintain COR® training requirements
  • Provide the IHSA with feedback on the audit process to assist with continuous improvement
  • Ensure maintenance of their COR® status is achieved on an annual basis, always prior to their anniversary date
  • Designate a permanent full time employee to act as internal auditor who is knowledgeable in health and safety and has a sufficient understanding of the business process.
  • If the designated senior management representative is no longer available, the employer is responsible for designating and training a new senior management representative and notifying IHSA in writing of the change
  • If the internal auditor is no longer available, the employer is responsible for designating and training a new internal auditor and notifying IHSA in writing of the change.

Internal Auditor

To qualify as an Internal Auditor, the employee appointed by the employer must be a permanent full-time employee of the organization and must complete specific IHSA training. The employee's name and records of training must be submitted with the internal audit to IHSA for verification.

The Internal Auditor's responsibilities include but are not limited to:

  • Administering and overseeing the organization's COR® program
  • Completing and submitting the Employer's COR® Internal Audit and the supporting documentation (as set out in Instructions for Completing the COR® Audit document) by the anniversary date (date of certificate issue)
  • Completing pre and post audit meetings
  • Developing a written corrective action plan to ensure continuous improvement
  • Providing additional audit information to the External Auditor if requested
  • Act as the liaison person between the employer and IHSA for the COR® program
  • Compliance with COR® program guidelines
  • Performing to industry standards and ethical practices.

External Auditor

The term External Auditor refers to the IHSA employee assigned to provide COR® auditing services. These services include but are not limited to:

  • Reviewing an employer's Internal Audit
  • Communicating audit requirements to the employer
  • Performing the COR® audit
  • Generating the audit report
  • Following a code of ethics
  • Maintaining confidentiality


An IHSA employee who provides consulting services to a specific employer cannot be assigned to act as External Auditor to that employer. The External Auditor must declare a conflict of interest if circumstances arise between the auditor and the Employer (or their representative) which may be viewed as a conflict.