Delegate Manual

Internal Auditor Training Course on OHSMS
ISO 45001:2018
(Course ID:OHM-003))
DELEGATE MANUAL
Table of Contents Bureau Veritas Certification
This manual, any documentation related thereto (with the exception of any national or
international standards referred to herein) and the information disclosed therein, is
confidential and proprietary to Bureau Veritas (BV). The information may not be used
by or disclosed to others for any purpose except as specifically authorised in writing by
BV. The recipient, by accepting this document agrees that neither the document, the
information disclosed therein nor any part thereof shall be reproduced or transferred to
other documents nor used or disclosed to others for any other purpose except as
specifically authorised in writing by BV.
(Copyright) 2018 an unpublished work by BV - All rights reserved.
Internal Auditor Training course on: OHSMS ISO 45001:2018
(Course ID:OHM-003)
DELEGATE MANUAL
Apr’18 Internal Auditor Training Course on OHSMS ISO 45001:2018 Page 1 of 2

(Course ID:OHM-003)
Table of Contents Bureau Veritas Certification
TABLE OF CONTENTS
Section Title: File:

Table of Contents Text
Course Timetable Text
Chapter 1 Course Overview Slides
Chapter 2 Auditing ISO 45001-Context of the Organisation Slides

Chapter 3 Auditing ISO 45001-Leadership & Commitment Slides
Chapter 4 Auditing ISO 45001-Planning Slides
Chapter 5 Auditing ISO 45001-Support Slides
Chapter 6 Auditing ISO 45001-Operation Slides
Chapter 7 Auditing ISO 45001-Performance Evaluation Slides
Chapter 8 Auditing ISO 45001-Improvement Slides
Chapter 9 Planning, performing and completing and Internal Slides

audit

(Course ID:OHM-003)
Course Timetable Bureau Veritas Certification
INTERNAL AUDITOR TRAINING COURSE ON: OHSMS ISO 45001:2018

(COURSE ID: OHM-003)
COURSE TIME TABLE – DAY 1
Session Chapter Exercise Title Start Finish
Registration 0845 0900
1. Chapter 1 Course Introduction & Overview 0900 0930
2. Exercise 1 Refresher session on Auditing 0930 1030
Coffee break 1030 1045
3. Ex 1 Review of Pre Course assignment 1045 1300
Lunch break 1300 1400
4. Exercise 2 Auditing ‘PLAN’& Leadership- Clause 4, 1400 1530

5&6
5. Chapter 2, Recap on auditing ‘PLAN’- & 1545 1630

3 &4 ‘Leadership’ - Clauses 4,5 & 6
6. Exercise 3 Auditing ‘DO’ - Clauses 7 & 8 1630 1715
7. Chapter 5 Recap on Auditing Plan and Leadership , 1715 1800

&6 Clause 7 & 8, Recap of the Day,
Questions and Answers – Home work

(Course ID:OHM-003)
Course Timetable Bureau Veritas Certification
COURSE TIMETABLE – DAY 2
Session Chapter Exercise Title Start Finish
Recap of Day 1 0900 0930
8. Exercise 4 Auditing ‘CHECK & ACT’ - Clauses 9 & 10 0930 1030
9. Chapter 7 & Recap on auditing ‘CHECK & ACT’- Clause 9 1045 1145
8 &10
10. Exercise 5 Quiz on ISO 45001 1145 1215
11. Exercise 6 Non Conformity reporting 1215 1300
Lunch break 1300 1345
12. Exercise 6 Non Conformity reporting (Contd/-) 1345 1415
13. Chapter 9 Performing, Managing an Internal Audit 1415 1500
14. Exercise 7 Auditing an operational Site 1500 1545
15. Written Examination 1600 1730
16. End of the course 1730 1745

(Course ID:OHM-003)
Internal Auditor Training on OHSMS ISO
45001:2018
(Course ID: OHM-003)
Chapter 1-Course Overview

Introduction - BVC
Bureau Veritas
 Established in 1828  Offices in 140 countries
 Turnover over 4.7 billion Euros  1400 offices incl laboratories
 Over 400 000 customers worldwide  Over 80 000 employees
Our Vision
Become the leader in our industry and a major player in each of our
market segments and key geographical markets.
Our Mission
Deliver economic value to customers through QHSESA management of
their assets, projects, products and systems, resulting in licence to
operate, risk reduction and performance improvement.
Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 2
Introduction-BVC
One of the most widely recognised certification bodies in the World

• Global Leadership in Management Systems Certification services
 6500+ auditors worldwide in 140 countries

 100,000+ companies certified
 World leader for Environmental Management System (ISO FDIS 45001)
certification
 World leader for ethical and social certification (SA 8000)
 Most widely accredited Certification Body
 Global market leader in accredited training
 Global reach with local expertise
 Common sense and pragmatic audits
8 GLOBAL BUSINESSES
MARINE INDUSTRY IN-SERVICE INSPECTION CONSTRUCTION
& VERIFICATION
Classification and certification Risk management, quality Periodic inspection of Conformity assessment of
of ships and offshore assurance, quality control and asset equipment & facilities in buildings and infrastructures
integrity management of facilities
floating units operation
and equipment
CERTIFICATION COMMODITIES CONSUMER GOODS GOVERNMENT SERVICES

& INTERNATIONAL TRADE
Certification of QHSE Commodities inspection and Testing, inspection and Trade facilitation services
management systems and testing: oil & petrochemicals, certification of consumer
second party auditing services metals & minerals, agriculture goods
WIDE SCOPE OF ACTIVITIES
 Management System  Sustainability and Corporate

Certification Social Responsibility
Quality (ISO 9001) / Environmental Assurance of CSR Reports
Health & Safety (ISO 45001) Organic food & sustainable agriculture
Social Responsibility (SA 8000, ISO 26000) Carbon footprint and Carbon credit verification (CDM / JI / VCS)
Energy management systems (ISO 50001)
Biomass and biofuel sustainability
 International Certification
Programs  Sector specific standards
Multi-sites / Multi-schemes Food Safety (HACCP, ISO 22000, BRC, IFS, etc.)
Security in IT and Logistics (ISO 27001, ISO 28000)
Auditing programs Forestry management (FSC, PEFC, etc.)
based on customer-specific standards for Aerospace (AS/EN 9100, etc.)
Suppliers Network, Internal Transportation (IATF 16949, IRIS,/ISO 22163 etc.)
ACCREDITED BY MORE THAN

50 NATIONAL AND INTERNATIONAL ACCREDITATION BODIES
OVER 6,500 HIGHLY SKILLED AUDITORS
Bureau Veritas is your historical trustful partner
MORE THAN 150 000 ACTIVE

VALID ISO 9001 & ISO FDIS
45001 CERTIFICATES
WORLDWIDE
Total Bureau Veritas Certification Offer
Food Safety Health & Safety

► BRC Global Food Standard ► BS OHSAS 18001
► IFS International Food Standard ► Compliance Audits
► EurepGAP
Social Accountability
► Dutch HACCP and Danish HACCP DS 3027
► SA8000
► GMP+ and QS and GMO
► Global Reporting Initiative (GRI)
► Fami-QS
► Bio-terrorism Sustainability Services
► Supply Chain Management / Confidence ► ISO 14064
► ISO 14046
Quality
► ISO 14067
► ISO 9001
► ISO 50001
► AS/EN-9100
► ISO 55001
► TL 9000
► IATF 16949 Others:
► ISO 20000 ► Second Party Audits
► Integrated Management Systems\
Environment
► School Safety Management Systems
► ISO FDIS 45001/EMAS
► Green Operation Theatres
► Forestry -PEFC, FSC
► ISO 39001
Security ► ISO 29990
► ISO 27001
► ISO 28000
• And Training services on all the above schemes……!!!
Course introduction
Course Timing
08:45 – 18:00
Lunch breaks: TBD each country

Coffee breaks: mid morning & mid afternoon
Course introduction
House rules
► Facilities
► Safety rules & evacuation routes
► Courtesy
(mobile phones, pagers, recording devices)
► Local arrangements
Course introduction
►Learning Methods
 Tutorials
 Discussions
 Exercises
 Direct Tutor- Delegate
Course introduction
 Learning Objectives (Knowledge):

► To understand the changes in OHSMS specific requirements arising as a result of
migrating from OHSAS 18001 to ISO 45001:2018
► Understand new and revised terms/ definitions
► Understand the changes arising as a result of the adoption of Annex SL structure in

relation to OHSMS specific requirements:
► Context of the Organization
► Leadership
► Planning
► Support
► Operation
► Performance evaluation
► Improvement
And their impact on auditing practices
Course introduction
 Learning Objectives (skills):

► Planning the audit
► Conducting the audit
► Auditing an Occupational Health & Safety MS
► Auditing the new requirements
► Generating audit findings
Course introduction Delegate assessment
 Written Exam
 Multiple Choise & Short Answer
Question
 Max Time : 30 Minutes
 Clean Copy of ISO 45001:2018 &

OHSAS 18001:2007 Documents are
Permitted for reference
Internal Auditor Training Course on : OHSMS
ISO 45001:2018
Chapter 2 : Auditing ‘Context of the Organisation’
Session Plan
► Objectives
► Understand auditing the requirements for “context of the organisation”, &
‘understanding the needs and expectations of interested parties for an OHSMS’
► Understand auditing the requirements for ‘scope of an Organisation’s OHSMS’
► Reinforce the learnings achieved through group tasks
► Methodology
► Delegate driven discussions with the help of overheads
4. Context of the Organisation
ISO 45001:2018 OHSAS 18001:2007
4.CONTEXT OF THE ORGANIZATION 4.OHSMS REQUIREMENTS

•4.1 Understanding the organization and its
context
•4.1 General requirements

• 4.2 Understanding the needs and
expectations of interested parties
• 4.3 Determining the scope of the OH&S

management system
• 4.4 OH&S management system
4. Context of the Organisation
4. Auditing Context of the Organisation
CHECK WHETHER….
The organization have determined internal and external issues related with,
 Issues, positive or negative and include conditions, characteristics or changing
circumstances that can affect the OH&S management system
 competitors, contractors, subcontractors, suppliers, partners and providers, new
technologies, new laws etc are considered
 Check whether internal issues, such as governance, organizational structure,
roles and accountabilities are considered
 WHAT ELSE…………..?????
Understanding the needs and expectations of workers and other interested
parties
 Check whether needs & expectations of workers and other interested parties
have been determined by the organization
 Check whether legal and regulatory authorities, parent organizations, suppliers,
contractors, workers’ organization are considered
 Check whether, owners, shareholders, clients, visitors, local community and
neighbors general public are considered
 WHAT ELSE………..????????
4. Auditing Context of the Organisation
CHECK :
Has the organization determined the scope of OH&SMS…?
 Check how the boundaries and applicability of the OH&S management system are
determined
 Check whether the issues and needs & expectations are considered while defining scope of
Its OH&SMS
 Check Whether the boundaries and applicability include the whole organization or specific
part(s) of the organization,
 Check the credibility of the organization’s OH&S management system with respect to the
scope determined
 Check any possible excluded activities, products and services that have or can impact the
organization’s OH&S performance, or to evade its legal requirements and other
requirements
 Verify how the organization has ensured that while determining the OH&S management
system boundaries and scope they have considered needs and expectations of the
interested parties
The organization shall establish, implement, maintain and continually improve an OH&S management
system, including the processes needed and their interactions, in accordance with the requirements of this
document.
Internal Auditor Training Course on : OHSMS ISO
45001:2018
Chapter 3 : Auditing ‘Leadership & Worker Participation’
Session Plan
► Objectives
►Understand auditing the new and enhanced requirements for Leadership covering
► Leadership and commitment
► OH&S Policy
► Organisational roles responsibilities and authorities
► Consultation & Participation of Workers
► Methodology
► Delegate driven discussions with the help of overhead projector
5. Leadership & Worker Participation
ISO 45001:2018 OHSAS 18001:2007
5 Leadership and worker participation

 5.1 Leadership and commitment
 5.2 OH&S policy  4.2 Occupational H&S Policy
 5.3 Organization roles,  4.4.1 Resources, roles,

responsibilities & authorities responsibility, authority &
Accountability
 5.4 Consultation and participation
of workers  4.4.3.2 Participation and
consultation
5. Leadership & Worker Participation
5. Auditing Leadership & Worker Participation
Interview Top Management:

 Interview top management to find out what are the strategic directions of the
Organization
 Check accountability for the effectiveness of the environmental management system
 Check whether the OHS Policy is adequately aligned with the strategic direction
 Check whether the OHS objectives are adequately aligned with the strategic direction
of policy
 Check through interviews of other personnel as to how the top management
encourages them to contribute to OHSMS
 Check how resources needed for OHSMS are made available
 Check evidence of communication , consultation & Participation
 Check how the top management promotes continual improvement of OHSMS
 Check how top management is supporting other relevant management roles to
demonstrate their leadership
 Check involvement of top management in monitoring example: observe top
management’s involvement during the audit – in opening/ closing meetings etc
 Check how top mgt is protecting workers from reprisals when reporting incidents,
hazards, risks and opportunities
OHS Policy
 Check whether the policy is documented and approved by Top Management
 Check whether the policy is appropriate to the purpose of the organization
 Check whether the OHS policy is adequately aligned with the strategic direction
 Check whether policy has a framework for setting objectives.
 Check whether the policy has a commitment to improve the OHSMS
 Check whether the policy has a commitment to eliminate hazards and reduce OH&S risks
 Check whether the policy has a commitment to consultation and participation of workers
 Check whether policy is communicated within the organization.
 Check the process of making the policy available to interested parties
 Check whether the policy is under document control example, is it reviewed/ approved for
adequacy, version controlled etc
Roles, Responsibilities and Authorities

 Check how responsibilities and authorities for relevant roles are assigned , documented
and communicated within the organization
 Has the Top management assigned the responsibility and authority to
 ensure the OHSMS conformities
 reporting the performance of the OHSMS,
Consultation and participation of workers
CHECK Whether …
 the organization has a process(es) for consultation and participation of workers
at all applicable levels and functions
 The organization have provided mechanisms, time, training and resources
necessary for Consultation & Participation
 access to clear, understandable and relevant information is provided
 are there any obstacles or barriers for Consultation & Participation
 Check whether emphasis is given for consultation & Participation of non-
managerial workers
 WHAT ELSE………??????
Internal Auditor Training Course on OHSMS ISO
45001:2018
Chapter 4 : Auditing ‘Planning’

Session Plan
► Objectives
► Understand Auditing the requirements of ‘planning the OHSMS’ taking into
consideration the Clause 4.1, 4.2 and 4.3 with requirements of Clause 6
► Understanding auditing the requirements for ‘determining and addressing risks

and opportunities’
► Understanding auditing the ‘Hazard Identification & Risk Assessment’
► Understanding auditing the ‘Objectives and Plan to achieve them ‘
► Understanding auditing the ‘Legal and Other Requirements and action plans’
► Methodology
► Delegate driven discussions with the help of overhead projector
6. Planning
ISO 45001:2018 OHSAS 18001:2007

6. PLANNING 4.3 PLANNING
6.1 Actions to address risks and
opportunities
► 6.1.1 General
•4.3.1 Hazard identification, risk
► 6.1.2 Hazard identification and
assessment of risks and opportunities assessment and determining controls
•4.3.2 Legal and Other requirements
► 6.1.3 Determination of legal
requirements and other requirements •4.3.3 Objectives and programme(s)
► 6.1.4 Planning action •
6.2 OH&S objectives and planning

to achieve them
► 6.2.1 OH&S objectives
► 6.2.2 Planning to achieve OH&S

objectives)
6. Planning
6. Auditing Planning
Action to Address risk and Opportunities

CHECK Whether…
 Issues, Needs & Expectation, scope of OHSMS are considered while determining risk & Opportunities
 Check whether Hazards OH&S risks and other risks are considered…..
 Check whether OH&S opportunities and other opportunities are considered ……
 Check whether legal requirements and other requirements are considered……..
 Check whether its been maintained as documented information.
Hazard identification and assessment of risks and opportunities

CHECK…..
 Is there a valid process(es) for hazard identification and assessment of risk & opportunities
 What are the various considerations for the determination and assessment of Hazards, Risk &
Opportunities
 Is the effectiveness of existing controls considered while assessing the risks
 What is the methodology & Criteria for Assessment of Risk.
 Is there a exploration for opportunities related with work environment,
 Is there a exploration for opportunities to eliminate hazards and reduce OH&S risks
 WHAT ELSE……??????
Legal & Other Requirements

 Check how the organisation have determined the Legal & Other Requirements that are applicable to its
hazards, OH&S risks and OHSMS, and how they apply to the organization
 Check for applicable requirements from ,
 governmental entities or other relevant authorities;
 international, national and local laws and regulations;
 requirements specified in permits, licenses or other forms of authorization;
 orders, rules or guidance from regulatory agencies;
 judgements of courts or administrative tribunals.
 Check for any requirements/ obligations from other interested party requirements related to its hazards,
OH&S risks and OHSMS
 Check for documented information of organisation’s compliance obligations
 Check how this information kept up-to-date
Planning action
 Check how the organization have planned to take action to
 address these risks and opportunities
 Legal & Other Requirements
 prepare for and respond to emergency situations
 Check How the Actions are integrated in OHSMS and other business operations
 Check whether the organisation has evaluated the effectiveness of these actions.
OH&S objectives
 Check whether they consistent with the OHS policy;
 Are they measurable (if practicable), monitored at planned intervals communicated at relevant levels and
updated as per need
 Have the OHS Requirements, risk & Opportunities, Workers consultation accounted while setting them.
 Are they documented
Actions to achieve environmental objectives
 Check for the Action Plan evidences about,
 what is been targeted to achieve, is it effective
 what resources will be required to achieve the set objective and targets, have they been ensured
 who is made responsible at various functions and levels to achieve the set objectives and targets
 What is the time frame set to achieve the desired targets
 How the progress is monitored and evaluated at planned intervals
 Check how the management have integrated these objectives with their business policies.
 Are the plans documented.
Internal Auditor Training Course on OHSMS ISO
45001:2018
Chapter 5 : Auditing ‘Support’

Session Plan
► Objectives
► Understand auditing the requirements of ‘documented information’ and the
significant differences as compared to the earlier edition of the standard
► Understand auditing other changes in this edition of the standard with respect to
Resource management, Competence, Awareness and Communication
► Methodology
7. Support
ISO 45001:2018 OHSAS 18001:2007

•7. SUPPORT (new) •4.4 IMPLEMENTATION & OPERATION
► 7.1 Resources  4.4.1 Resources, roles, responsibility,

accountability & authority
► 7.2 Competence
 4.4.2 Competence, training & Awareness
► 7.3 Awareness
 4.4.3 Communication, participation and
► 7.4 Communication consultation
► 7.4.1 General  4.4.4 Documentation
► 7.4.2 Internal Communication  4.4.5 Control of Documents
► 7.4.3 External Communication  4.5.4 Control of records
► 7.5 Documented information
► 7.5.1 General
► 7.5.2 Creating and updating
► 7.5.3 Control of documented

information
•
7. Support
7. Auditing Support
Resource, Competency and Awareness

 Check how the resources are ensured for effective OHSMS
 Check what are necessary considered and how its been provided
 Check annual budget and investment plan with management
 Are the necessary competencies determined for specific job roles /
workers which that affects or can affect its OH&S performance
 Check the competency determination for people controlling
emergency situations, perform internal audits and OHS evaluations
 What Training on OHS management are planned
7. Auditing Support
Resource, Competency and Awareness

 How these trainings are been imparted to the identified people
 Is there any need felt for mentoring of people, or reassigning of tasks of
currently employed workers
 Check appropriate documented information of Education, Experience or
training or other actions as evidence of competence
 Talk to the Top Management, people at various functions and levels to check
their awareness
 Interview people to know what they understand about Policy, and OHS vision
of Top Management
 Are they aware about their specific job roles and associated responsibility
and authority if any
 What can happen if some thing goes wrong, OHS emergencies and what
response required
7. Auditing Support
Communication
 Check what information is required and is communicated
between whom
 What is the time and frequency of communication and
amongst who
 Who is responsible for the communication of OHS Information
 Have the organization identified what information needs to be communicated
externally
 What is the methodology of communication (example : through which media meetings,
emails, displays etc)
7. Auditing Support
Communication
 Check the above for both internal communication within
the organization and for external communication to other
interested parties
 Is the documented information maintained on communication
as evidence
 How the organization is responding to the external communication received
from external interested party (example feedback or complaints from suppliers, customers,
NGO , Legal Auth. etc.)
 How the organization is responding to the external communication with

respect to its Legal and other requirements
7. Auditing Support
Documented Information
 Check whether documented information is reviewed and
approved by authorized persons prior to issue
 Check that the distribution of documented information
is controlled. For example whether it is available where
required, is confidentiality/ integrity protected during distribution
 Check that the documented information is accessible and retrievable
appropriately
 Check that the documented information is stored and preserved in a manner
that it is adequately protected from unauthorized access, unauthorized
modifications, misuse etc
 Check that the documented information is legible
 Check that changes to documents are controlled. For example review and approval of
changes, identification of version number, ensuring that old versions are not inadvertently used etc
7. Auditing Support
Documented Information
 Check whether documented information is retained as per
needs of the organization or other interested parties.
For example : are there requirements of customers, legal
bodies that define retention periods of records?
 Check that documented information is disposed in controlled manner example
to protect confidentiality after disposal
 Check if documented information of external origin such as those received
from Interested parties, legal bodies etc are identified
 Check how the identified documented information of external origin are
available at points of use and adequately protected.
Internal Auditor Training Course on: OHSMS
ISO 45001:2018
Chapter 6 : Auditing ‘Operation’

Session Plan
► Objectives
► Understand auditing the ‘requirements of executing operational plans’,
‘processes controls’ and ‘emergency preparedness and response’ in OHSMS
► Understanding significant changes as compared to OHSAS 18001:2007

standard
► Methodology
8. Operation
ISO 45001:2018 OHSAS 18001:2007
► 8.OPERATION
► 8.1 Operational planning & control 4.4.6 Operational Control
► 8.1.1 General 4.4.7 Emergency preparedness and response
► 8.1.2 Eliminating hazards and reducing OH&S
risks
► 8.1.3 Management of change
► 8.1.4 Procurement
► 8.2 Emergency preparedness and response
8. Operation
8. Auditing Operation
Operations
 Check what are the control processes identified and implemented for various
process which are needed in OH&S management
 Have the company taken actions to control the risks and opportunities arise from
initial assessment
 What are the criteria of operation and control of processes from H&S
perspective
 What are the controlled actions to protect the environment, prevent the pollution
and to prevent any noncompliance to compliance obligations
 Is there any hierarchy followed for controls of processes (e.g. elimination,
substitution, engineering administrative)
 Are the controls mechanism adequate and effective
Operations
 Check how controls applied for contractors’ activities and operations that impact
the organization or organization’s activities and operations that impact the
contractors’ workers or contractors’ activities and operations that impact other
interested parties in the workplace.
 How the Management of changes in OHSMS is controlled
 Are the applied controls follow “hierarchy of control”
 How these information are documented in the system
 Go to the site and observe the practice as per defined system
 Interview people at site to understand the actual practices at site
 See the site posting of information for operation controls.
 Check Controls over outsourcing
Emergency preparedness and response

 Check the process, how the organization has planned to
respond to potential emergencies such as Fire.
 Check the procedure to handle these potential accident and those which
may have catastrophic impact
 Check how the organization has responded to the emergencies and or accidents
if any in past
 If any accident or emergency happened, then what actions
have been taken to mitigate the adverse impacts and
consequences
 Are these action adequate and appropriate as per the magnitude of the situation
 How the organisation is periodically checking their preparedness to encounter
emergencies
Emergency preparedness and response

 Has the organization periodically reviewed the procedure
for emergencies
 Is there any procedures amendment or revisions, check why…….
 If not revised check the history whether any accident occurred
in past and if yes, whether the organization have revised
the test procedures.
 Check the communication protocols for the above
 Has the information on above points documented as to as evidence of
conformity.
CQI-IRCA certified :
PT 251:OHSMS ISO 45001:2018 Auditor
Migration Training Course (Module 2)
Chapter 7 : Auditing ‘Performance Evaluation’

Session Plan
► Objectives
► Understand auditing the requirements of ‘monitoring, measurement, analysis
and evaluation’ of an OH&SMS performance and effectiveness
► Understand auditing the requirements of other changes in this edition of the

standard with respect to Internal audits and management reviews
► Methodology
9.Performance evaluation
ISO 45001:2018 OHSAS 18001:2007

• 9.PERFORMANCE EVALUATION 4.5 CHECKING
► 9.1 Monitoring, measurement analysis and 4.5.1 Monitoring & measurement
evaluation
► 9.1.1General 4.5.2 Evaluation of Compliance
► 9.1.2 Evaluation of compliance
4.5.5 Internal Audit

► 9.2 Internal Audit
► 9.2.1 Purpose of internal audits 4.6 Management Review

► 9.2.2 methods for internal audits
► 9.3 Management Review
9.Performance evaluation
9.Auditing Performance evaluation
Monitoring Measurement Analysis and evaluation

 Check if the organisation has determined process related
to monitoring, measurement, analysis and performance
evaluation
 Check whether the methods for monitoring, measurement,
analysis and evaluation are able to produce comparable and
reproducible results. For example : check whether the process
is such that it does not lead to different interpretations.
 Check that the tools used for monitoring, measurement,
analysis and evaluation are checked for accuracy
(eg calibration of monitoring devices, testing of software used for analysis etc)
 Check that persons involved in monitoring, measure, analysis and evaluation are
adequately trained to produce correct and consistent results
 Check if the integrity of results of monitoring, measurement, analysis and in
order to ensure consistent and valid results
Monitoring Measurement Analysis and evaluation

 Check whether the frequency at which monitoring and measurement is done is
per plan
 Check whether the monitoring and measurement is performed by those who are
assigned this responsibility.
 Check if the analysis and evaluation is performed at the planned frequency and
by those who are assigned this responsibility
 Check if the results of analysis are evaluated against any criteria and what are
the results of such evaluation
 Check what actions are been taken on the outcome of monitoring
measurements analysis and evaluations
 Check how the information is documented.
Auditing the ‘INTERNAL AUDIT’ Process
 What are planned Intervals..?  Whether OHS importance of the

processes considered in planning
 Are the objectives well defined..?
 Whether results of previous audits
 How it is planned to verify the entire are considered
OHSMS..?
 How Audit Team is selected
 What methods Adopted..?
 How are results reported to
 Who are Responsible..? relevant parties
 How planning is done..?  What actions on NCRs
 How results are reported..?  Check documentation
 Auditor Competence management.?
Management Reviews
 Check whether management reviews are conducted as
per plan
 Check organization’s process for identifying changes to
the internal and external issues relevant to its OHSMS
 Check how these are collated and reported for consideration
during management reviews.
 Check what decisions are taken by the top management
based on the review of these changes. For example : Due to
changes in internal and external issues, are changes to OHS
policy, objectives,
OHS scope, risk assessment, OHS policies and procedures
considered?
 Check whether trends in audit results, nonconformities and corrective actions are
reviewed. Are corrective actions effective? Are there areas/ processes where NCR trend is
increasing?
 Check what the trends indicate, in case results are not positive, verify whether the top
management has taken any decisions on continual improvement
Management Reviews
 Check whether H&S performance evaluation results are reported in the management reviews. What do
the trends indicate? What decisions has the top management taken for OHSMS processes and controls
for which the trends are performance results are not positive?
 Check whether trends in fulfillment of OHS objectives are reviewed. what the trends indicate. Are
objectives met?
 Check what decisions the top management has taken based on review of the objectives Are the
objectives still suitable or need to be changed? Do targets need to be revised? Are resources required
to enhance ability to fulfill the objectives?
 Check what mechanisms have been put in place to collect and report feedback from interested parties.
Is the mechanism proactive? Are responsibilities for this assigned? Is it comprehensive and timely?
 WHAT ELSE……….???????
CQI-IRCA certified :
PT 251: OHSMS ISO 45001:2018
Auditor Migration Training Course (Module 2)
Chapter 8 : Auditing ‘Improvement’

Session Plan
► Objectives
► Understand auditing the requirements of ‘Improvement’ of OHSMS performance
and effectiveness
► Understand other changes as compared with OHSAS 18001:2007 with respect

to ‘Improvement’
► Reinforce the learning achieved through group tasks
► Methodology
10. Improvement
ISO 45001:2018 OHSAS 18001:2007
10.IMPROVEMENT 4.1 General Requirement

► 10.1 General
4.5 CHECKING
► 10.2 Incident, nonconformity and  4.5.3 Incident investigation, nonconformity,
corrective action corrective action and preventive action
► 10.3 Continual Improvement
 4.5.3.1 Incident investigation
 4.5.3.2 Nonconformity, corrective action
preventive action
10. Improvement
10.Auditing Improvement
Improvement
 Check what actions are being taken on results of OHS monitoring and measurement
 Check what actions are taken on the outcome of internal audit. Any actions taken on NCs , OFIs or
observation
 Verify the documented information on the improvement actions recommended during management
review
 Check, how the nonconformance and noncompliances are identified in the system
 Are the immediate actions taken to correct the nonconformities and to control the situation
 What are the mitigation actions from management to deal with the consequences of nonconformity
 Is there any Pragmatic approach to identify the proper root cause(s)
 Check whether management have explored the possibility of similar potential nonconformity in other
process or part of management system
 What are the corrective actions taken to eliminate the defect.
 Is there any undue delay or deliberate delay from management to take further actions
 Is there a system exist to review the effectiveness of actions taken
 Check whether the corrective actions are appropriate to the nature of nonconformity
 Is there any change resulted in OHSMS due to the actions taken (example: change in risk assessments,
analysis, OHS policy, processes)
 Check the documentation of this entire process
 Verify the overall system of achieving continual improvements through this process.
10.Auditing Improvement
10.3 Continual improvement

CHECK……
Is there a continual Improvement ……brought in by
 enhancing OH&S performance;
 promoting a culture that supports an OH&S management
system;
 promoting the participation of workers in implementing
actions for the continual improvement of the OH&S
management system;
 communicating the relevant results of continual
improvement to workers, and, where they exist, workers’
representatives;
 maintaining and retaining documented information as
evidence of continual improvement.
The organization shall retain documented information

Internal Auditor Training on OHSMS ISO 45001:2018
(Course ID:OHM-003)
Chapter 10 Managing, performing and completion of

an audit
Session Plan
► Objectives
► Understand the requirements of Planning to achieve the intended objectives of
an audit
► Understand how to effectively conduct, conclude and complete an audit process

and event
► Methodology
► Delegate driven self Study with the help of slides
Who manages the audit?
►The audit team leader has overall responsibility for the

audit. Audit team members assist the team leader.
►Good audit management requires:
 Planning and Preparation
 Communications (Client, Auditees and Auditors)
 Accurate and Objective Fact Finding
Audits MUST be well managed

to provide good VALUE.
Parties involved in an audit
Auditee
Auditee Provides
Providesaccess,
access,data,
data,
Organisation
Organisation information
information
Determines
Determinesobjectives,
objectives,
AuditClient
Audit Client
scope,
scope,criteria
criteria
1st.,2nd.,
2nd.,3rd
3rdParty
Party Auditor
AuditorTeam
Team
1st., (includes Audit
Auditing (includesauditors,
auditors, Audit
Auditing technical performance
Organisation technical expertsand
experts and performance
Organisation auditors in-training)
auditors in-training)
Audit
Auditreport
report
LeadAuditor
Lead Auditor
From collecting information to audit conclusions
Collecting information by
appropriate sampling
Audit Evidence
Evaluating against
audit criteria
Audit Finding
picture taken from the Article „Electromagnetism for brain disorders”
written by Michael Webb, July 29, 2008, blog.log.sciseek.com
Reviewing
Audit Conclusion
How do auditors find evidence ?
► Reviewing Documents
► Reviewing Records
►Observing practices and physical environment
► Interviewing People at all levels
Can/should the auditor cover all people,

documents and records during the audit?
Visit the field – SEE the “real world”
► production line, or wherever ► talk to people on the field - if you

Occupational Hazards are can hear them!;
generated;
► wear proper clothes and safety
► People working at Height equipments - be prepared
► People working in areas nears ► Look for Hazards and risks,
Electrical transformers, high operational controls, potential
voltage supply points emergencies,
► Working in extreme conditions ► Ask what the dials and meters
(Such as steel melting, Coke ovens, are indicating about operational
Mines, Blast furnaces, Projects under control and measures.
commissioning, Working in confined
spaces etc)
Observations
Keep observing the physical evidence: What to look for?

 Hazards, Airpollution affecting workers ► Posted Procedures
 equipment, instruments ► Actual Operations

 conditions, upkeep, ► Operating Logs
operational controls
► Instruments with Process
Measurements
► Alarms
► Communications Postings
► Awareness Reminders
► Calibration Tags
► Warning Signs
Interviewing People
General rules Typical steps of an audit interview

► Be polite and full of respect ► Warming up
► Explain what you are doing ► Introduction (why you are here)
► Choose appropriate language ► Collecting Information
► Listen carefully ► Decision (report major findings)
► Focus on facts! ► Closing
Follow Audit Trails
► As you audit
you will find interesting opportunities for follow-up (= audit trails).
► Pick promising audit trails:
► Follow it through
► Interact with team
Always take notes
► Explain the need to take notes to auditee…?
► Make your notes:
 Comprehensive
 Accurate
 Precise
 Legible
Time management
► Time is always short
► Plan well
► Do not allow your audit to get side-tracked
► Do not dig too much

(root cause analysis is not the auditor’s task)
► Do not focus on trivia
► Remember an audit is a sampling
Audit Programme in ISO 19011 –
more than just an audit plan!
►ISO 19011 Section 3.11 – Definition of audit programme
 Set of one or more audits,
 Planned for a specific timeframe and
 Directed towards a specific purpose.
Note: it includes all activities necessary for planning, organizing and conducting the audits.
►ISO 19011 Section 5 Managing an audit programme

 It covers all steps like a computer programme.
►ISO 19011 Section 6 – Performing an audit

 Includes planning and conducting specific audit activities as a part of an
audit program
The different phases of an audit
Time
6.2 Initiating the audit
?
Stage 1 Audit 6.3 Preparing audit activities
6.4 Conducting the audit activities ?
6.5 Preparing the Audit report ?
6.6 Competing the audit

Reference:
ISO 19011 ?
Section 6 6.7 Conducting audit follow up
Initiating the Audit
► Appointing the audit team leader

 The auditing organization (your company) appoints the Lead Auditor of the team
► Define audit objectives, scope and criteria
Lead auditor check scope and criteria. Objective as defined by the Audit Manager.
► Determine feasibility of the audit
 Are information and estimates of time and resources adequate?
► Select the audit team
 Needed competences to fulfill audit objectives.
► Establish initial contact with the auditee
 communication channels (phone, email, fax)
 Information on timing and audit team
 Request of access to relevant documents
 Arrangements of the audit including site safety rules
Initiating the Audit – criteria and scope
Audit Criteria Audit Scope

► Reference against which ► Extent and boundaries
conformity is determined of the audit including:
 Standards  Locations
 Contractual Specification  Organisational units
 OH&SMS Documentation  Activities and processes covered
(including the time period)
 Legislation or other requirements
Initiating the Audit –
Considerations in Selection of Team
►Independence ►OH&SMS knowledge
►Team cohesion ►Technical knowledge
►Training needs ►Legal knowledge
►Career development ►Experience in the sector
►Acceptability to auditee ►Knowledge of ISO 45001
►Availability ►Audit skills
►Language ►Team management skills
Conducting Document Review
►Document review is part of Stage 1 (Initial) Audit

(May not be always applicable in case of internal audits)
►Addition
 Assess readiness for full systems audit (at times not applicable for
Internal audits)
 Focus on planning for Stage 2 (main) audit
 Establish personal contact and rapport with auditee
 Validates scope, purpose, methods
 Gather additional information
 Identify potential problems
Preparing for the ‘On-site Audit’ Activities
►Prepare plan
►Prepare working documents
►Assigning work to the team

 Dates and duration, individual task
►Logistics
 travel, accommodation, office space, ..
The audit plan and working documents
Audit Plan Working Documents

►Audit type / objective ►?
►Audit criteria ►?
►Dates & Times & Places
►Areas / Processes
►Auditees (if known)
►Auditors
►Reference clauses / topic
►Consider shifts,
meetings and breaks
Conducting on-site Audit Activities
►Conducting the opening Meeting
►Communication during the audit
►Roles and responsibilities of guides and observers

 May accompany the audit team, but are not part of it
►Collecting and verifying information
►Generating audit findings
►Preparing audit conclusions
►Conducting the closing meeting
Conducting On-site Audit Activities
Meetings and Communications
►Opening and Closing meetings
 Formally required
►Intermediate meetings with auditee representatives

 report ongoing status, findings and progress.
►Team liaison meetings

 help coordinate and focus the audit team.
►Regular feedback to auditees

 provides ongoing communication
Nonconformity Report
►No set rules; however all have these two parts:

 The evidence (what actually is or is not )
 The requirement (what was supposed to be)
►Different organizations have different formats

 Use the format chosen by your client or firm
A Nonconformance Must Also Be...
►Factual
►Precise
►Objective
►Traceable
►Concise
Will someone else be able to trace back and find the

same evidence you found, based on what you wrote?
Example 1
►Maintenance department, morning shift

 Acetylene gas cylinders delivered, but left in unsecured
area.
 WI4-01, clause 6, requires that on delivery all flammable
gases must be immediately stored in secure storage area.
NCR for Example 1
OHSMS AUDITS Incident Number …....................
NONCONFORMITY REPORT
Company under Audit: XYZ plc Note Number SW/01
.............................
Area under review: ISO 45001 Clause Number
………………………………………. MAINTENANCE ………………………… 8.1
► Area
Category MAJOR* MINOR* * delete one
► Clause Non Conformity

The process of controls on Operations is not effective
► Grading
Evidences:
► Problem ACETYLENE GAS cylinders were was left in a non-
secure area
► Requirement
Requirements :
► Signature WI4-01, clause 6 requires that all gases after delivery
must be stored in secured area
Clause 8.1.1 of ISO 45001 requires that the
Organization shall .. Implement ,control and maintain
the processes….
Auditor A. U. Ditor
Good Meeting Practice
►?
►?
Manage the time!
Key consideration –
What is this meeting intended to accomplish?
Opening & Closing Meetings
►Be on time
►Entire audit team participates
►Auditee senior management

(minimum Management Rep.)
►Team Leader chairs these meetings
Opening meeting agenda
►Introduce the team ►Grading of NCR’s
►Reason, scope & criteria ►Confirm staff is

aware & available
►Review audit plan and
methods ►Confirm logistics
►Explain about sampling ►Confirm guides
►Confidentiality ►Safety requirements
►Method of reporting ►Questions
Team Liaison Meetings
► To ensure smooth and effective

progress of the audit
► To ensure audit scope is covered
► To review nonconformance
► To collate the findings
►Final Team Liaison Meeting

 Prepare for the closing meeting
 Review & collate the findings
 Discuss recommendation
 Prepare final reports
 At least the NC reports
Closing Meeting
►No surprises!
►Don’t have discussion of corrective actions

at the closing meeting
►Be diplomatic
►Acknowledge achievements
Closing Meeting Agenda
► Thank the auditee and ► Specific additional topics

reintroduce the team at a (Re-) Certification Audit
► Recap reason, scope & criteria  Recap the scope of
certificate
► Review audit plan and methods
 Certificate validity
► Report the observations,
positive & negative (NCs and OFIs)  Surveillance audit
► Explain about sampling  Re-certification
► Overall summary  Use of logo
► Questions & answers
► Either
Recommendation for Certification/ Re Certification/ Continuation of Certification
► Or
Corrective actions & time-scale & Follow-up
Preparing, approving and distributing the audit report
Audit Reports including Non Conformity Report
► Information of the auditee ► Form provided by CB

organisation
► Space for
► Audit findings and conclusion
 Audit finding (by Lead auditor)
► Audit summary reports (Matrices)  Corrective Action (by organisation)
► Audit notes  Verification of corrective action
(by Lead auditor)
► Attachment of or reference to
NCRs
“The audit is completed when all planned audit

activities have been carried out and the approved audit
report has been distributed.” (ISO 19011 6.6)
Follow-up action
► At agreed time
► Review of documentary evidence ► Documentary Evidence
 Records
► Re-audit on the site
 Training certificates
 Only review of corrective actions
 Amended procedures
 Don’t start it all over again
 Photographs
 Videos

Delegate Manual

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Delegate Manual

Uploaded by

Copyright:

Available Formats

Internal Auditor Training Course on OHSMS

(Copyright) 2018 an unpublished work by BV - All rights reserved.

Internal Auditor Training course on: OHSMS ISO 45001:2018

Apr’18 Internal Auditor Training Course on OHSMS ISO 45001:2018 Page 1 of 2

Section Title: File:

Chapter 2 Auditing ISO 45001-Context of the Organisation Slides

Chapter 5 Auditing ISO 45001-Support Slides

Chapter 6 Auditing ISO 45001-Operation Slides

Chapter 7 Auditing ISO 45001-Performance Evaluation Slides

Chapter 8 Auditing ISO 45001-Improvement Slides

Chapter 9 Planning, performing and completing and Internal Slides

Apr’18 Internal Auditor Training Course on OHSMS ISO 45001:2018 Page 2 of 2

INTERNAL AUDITOR TRAINING COURSE ON: OHSMS ISO 45001:2018

COURSE TIME TABLE – DAY 1

Session Chapter Exercise Title Start Finish

Registration 0845 0900

1. Chapter 1 Course Introduction & Overview 0900 0930

2. Exercise 1 Refresher session on Auditing 0930 1030

Coffee break 1030 1045

3. Ex 1 Review of Pre Course assignment 1045 1300

Lunch break 1300 1400

4. Exercise 2 Auditing ‘PLAN’& Leadership- Clause 4, 1400 1530

Coffee break 1530 1545

5. Chapter 2, Recap on auditing ‘PLAN’- & 1545 1630

6. Exercise 3 Auditing ‘DO’ - Clauses 7 & 8 1630 1715

7. Chapter 5 Recap on Auditing Plan and Leadership , 1715 1800

Apr’18 Internal Auditor Training Course on OHSMS ISO 45001:2018 Page 1 of 2

Session Chapter Exercise Title Start Finish

Recap of Day 1 0900 0930

8. Exercise 4 Auditing ‘CHECK & ACT’ - Clauses 9 & 10 0930 1030

Coffee break 1030 1045

10. Exercise 5 Quiz on ISO 45001 1145 1215

11. Exercise 6 Non Conformity reporting 1215 1300

Lunch break 1300 1345

12. Exercise 6 Non Conformity reporting (Contd/-) 1345 1415

13. Chapter 9 Performing, Managing an Internal Audit 1415 1500

14. Exercise 7 Auditing an operational Site 1500 1545

Coffee break 1545 1600

15. Written Examination 1600 1730

16. End of the course 1730 1745

Apr’18 Internal Auditor Training Course on OHSMS ISO 45001:2018 Page 2 of 2

Chapter 1-Course Overview

One of the most widely recognised certification bodies in the World

 6500+ auditors worldwide in 140 countries

CERTIFICATION COMMODITIES CONSUMER GOODS GOVERNMENT SERVICES

 Management System  Sustainability and Corporate

ACCREDITED BY MORE THAN

OVER 6,500 HIGHLY SKILLED AUDITORS

MORE THAN 150 000 ACTIVE

Food Safety Health & Safety

Lunch breaks: TBD each country

► Safety rules & evacuation routes

 Learning Objectives (Knowledge):

► Understand the changes arising as a result of the adoption of Annex SL structure in

And their impact on auditing practices

 Learning Objectives (skills):

► Conducting the audit

► Auditing an Occupational Health & Safety MS

► Auditing the new requirements

► Generating audit findings

 Clean Copy of ISO 45001:2018 &

► Understand auditing the requirements for ‘scope of an Organisation’s OHSMS’

► Reinforce the learnings achieved through group tasks

ISO 45001:2018 OHSAS 18001:2007