Most South African SMEs only discover their OHS compliance gaps when an inspector shows up, an injury triggers a claim, or a tender requires a Letter of Good Standing. By that point, the problem is no longer about paperwork — it is about cash, time, and credibility.
The four gaps that catch out almost every SME
After years of helping SMEs ready themselves for the Department of Employment and Labour, four issues come up again and again. None of them are exotic. All of them are fixable in a week of focused work.
1. No HIRA, or a HIRA that nobody can explain
The Hazard Identification and Risk Assessment (HIRA) is the foundation of OHS Act 85 of 1993 compliance. Section 8 places a general duty on every employer to provide a safe workplace, and the regulations require that hazards be identified, assessed, and controlled — in writing.
What we typically find: either no HIRA exists at all, or one was bought as a template years ago, signed by a director who has since left, and not been reviewed since. An inspector who asks the floor manager to walk through the top three risks on the register and gets a blank stare has all they need to issue a notice.
Fix: a HIRA that uses an ISO 45001-aligned methodology (Detection + Severity − Mitigation), is reviewed at least annually or when work changes materially, and that the people doing the work can actually explain.
2. Statutory appointments missing or out of date
The OHS Act and its regulations require named, written appointments for specific roles: 16(2) representatives, OHS representatives where staff exceed 20, first aiders by ratio, and others depending on operations (machinery, construction, fire). Most SMEs we see have a few of these on file from 2019 and nothing newer. When the appointee has resigned, the appointment is not transferable. The position is legally vacant.
Fix: a tracker tied to your HR system that flags appointments at risk, and a 30-day handover process when someone leaves.
3. COIDA registration and annual returns drift
COIDA registration is mandatory for almost every SA employer. The annual W.As.8 return drives your assessment, your Letter of Good Standing, and your eligibility for many tenders. SMEs commonly miss the return, miss assessment payments, or carry incorrect employee earnings on the schedule. The Compensation Fund corresponds slowly — by the time a problem appears in the inbox, the consequences are already running.
Fix: a single register that tracks registration, return submissions, payment status, and Letter of Good Standing renewals across every legal entity and every site.
4. Incident workflow that lives in someone's head
When an injury happens on duty, the clock starts. Internal investigation, WCL2 employer report (within 7 days), WCL4 medical report (within 14 days), and various other deadlines apply. The most common SME failure is not absence of intent — it is that the workflow lives in one person's head, and that person was off when the incident happened. By the time the next manager finds the WCL2 form, the deadline has passed.
Fix: a documented, rehearsed incident workflow with named owners, automatic deadline reminders, and a fallback when the primary contact is not available.
What it costs to leave it alone
The R50 000 number in the title is not a fine — it is the median cost of being unprepared for a single incident or audit. A typical example: an injury occurs, WCL forms are missed, the Compensation Fund declines the claim, the SME pays the medical and lost-earnings bill out of pocket, the Letter of Good Standing lapses, a tender is withdrawn, and a senior compliance hire is rushed in at R45 000 a month for three months to clean it all up. Add legal fees and the manager's time at the wrong end of email threads, and the all-in number lands somewhere between R30 000 and R80 000 for one preventable incident.
Hiring a senior compliance specialist full-time runs R25 000 to R65 000 a month. Most SMEs do not have that work to fill a full-time role.
What we do
GRC Shop is an outsourced compliance department. We run an app-based managed service that maintains your HIRA, statutory appointments, COIDA register, and incident workflow on an ongoing basis, with human supervision over AI-driven document and tracking work. You stop chasing the paperwork. We escalate to you only when something needs your judgement.
If you want to see whether this fits your business, the fastest way is a 30-minute Discovery Call. We will look at your current setup honestly, point out what is working, and tell you what we would do first.