Objectivity: Auditors should gather fact based evidence that can be verified.

Impartiality: auditors should act without bias, including in the gathering of and
analysis of evidence. Or, those auditors are free from a conflict of interest.

Undiplomatic

Being undiplomatic could be seen as rude or disrespectful to the auditee and cause the
auditee to be offended and raise a complaint. It could also lead to a complete
withdrawal of co-operation.

It is likely that it will cause the auditee to be less willing to respond positively to
questions therefore limiting the effectiveness of the audit.

four examples of organization is managing its OH&S legal responsibilities in conformance

with ISO 45001.

• A process to determine & have access to up-to-date legal requirements

• A list of legislative, regulatory & other requirements
• A link between its OH&S hazards and the appropriate legislation
• A register of applicable legislation
• Access to a competent person, expertise or advice
• Evidence of compliance checking
• A process for periodic evaluation of legislative compliance and associated
retained documented information to evidence such evaluations
• Objectives have taken legal requirements into account
• Appropriate operational controls are in place
• Reviews are in place to assess changing legislative or other requirements

agreed corrective actions

• Acceptance of a written response.

• Evaluation of submitted evidence
• Verification of corrective action at the audit location
• Results of re-audit
• Photographic evidence (e.g. in the instance of an infrastructure issue)

All of which must demonstrate that the corrective action has worked as opposed
to simply being introduced.

Lead auditor responsibilities

 • Initial communication with the auditee
• Confirm the reason for the audit, its scope and the standard
• Pre-audit visit (or Stage 1 audit or document review)
• Confirm and agree date of audit
• Bring in audit team and any specialists
• Assign tasks as necessary
• Chair the opening meeting
• Managing the audit - keeping to the programme and timing
• Invite feedback from team at private auditors meeting(s)
• Chair the closing meeting
• Inform company of your findings and recommendations
• Allow questions from company
• Write report
• Review any corrective actions taken
• Arrange for a re-visit if necessary
• Closedown the audit
• Distribution of audit documentation in accordance with the client's
requirements
• Answering any queries the client may have post-audit

Critical safety hazard which has not been addressed

 Make a note of the details of the situation.

 Check with the relevant individual whether or not the hazard has been identified.
 Raise an NCR against 6.1.2.1 - j£ the hazard has not been identified or if the organisation has no
established process for hazard identification.
 Explain to the auditee the need to identify all hazards before assessing the OH&S risks they
present.
 Check the competence of the individual that completed the hazard identification in the area
in which the hazard was found
 Review any documented information relating to the area in which the hazard was identified
to determine whether there have been any other significant omissions.
 Check how long the hazard has been present. If this is a new hazard determine why the
hazard was not identified.

Gift of bag:

Thank the OHSMS manager very sincerely for the kind offer but state that such a generous gift
would be viewed by the certification body as an inducement to the auditor. Emphasize that
auditors must be seen to be impartial and independent at all times in accordance with
certification standards and auditors' professional code of conduct. Advise the OHSMS manager
that there is no intention to cause offence by refusing the gift but express the hope that the
company will understand the auditor's position. Underline the fact that the offer of the gift will
not affect your conduct of the audit in any way.
 Chemical Company Audit:

• Individual auditors should have no conflicts of interest such as

prior consultancy within recent years.
• Maturity as a currently experienced auditor - are they competent to
work alone or require supervision?
• Knowledge and experience of the chemicals sector and specifically the
manufacture of explosives and the associated processes.
• Occupational health and safety experience and technical competence in the
chemical/explosives sector.
• Auditors should be certified and/or have the approval of the certification body
- appropriate competence including education and training is required.
• Relevant personal skills and attributes to ensure a successful audit.
• Geographical proximity to the audit location may be a factor.
• Ideally should be fluent in the auditee's language.
• Knowledge of ISO 45001 and its interpretation in the chemical/explosive
manufacturing industry
• Knowledge of relevant local and national OH&S legislation
• Will technical expertise be required requiring specialist advice and guidance?
• Will the team as a whole possess the overall competencies required for
effective completion of the audit and is it likely they will work
effectively together?

Internal audit NCS in lab

• An external audit needs to cover all the processes associated with the scope
of the management system and the audit criteria.
• If laboratory is not included, it will not be possible to make
a recommendation on certification.
• An audit of laboratory now could confirm the accuracy of the recent
internal audit findings.
• The internal auditors may have been auditing to different criteria to the
one used in this audit
• All issues must be independently verified by the auditor
• The opening meeting is not the place to try to change the agreed parameters
of the audit plan
• An external audit of laboratory now may identify other findings that
may need to be addressed for system improvement.
• The audit can include a review of planned corrective action.
• The fact that internal audits have been carried out and corrective actions
identified may well provide positive evidence of system conformance,
rather than be seen to be a problem.

Construction company :

• Has the organization’s assessment of risk been reviewed post-accident?

{10.2.c)
 • If the organization’s assessment of risk has been changed, has the
new assessment been communicated? {10.2)
• Have new controls been implemented? (8.1.1.b)
• Have people been trained in the new controls? (7.2.b)
• Did the company follow due legal process for reporting the fatal
accident (6.1.4.a.2)
• Review the process for hazard identification and the assessment of OH&S
Risks (6.1.2.2.a)
• Confirm application of the appropriate process to verify if hazards
associated with confined space working have been identified and assessed
to be significant. (6.1.2.1)
• Look for process relating to eliminating hazards and reducing OH&S risks:
were they applied in this case? (8.1.2)
• Have these arrangements taken full consideration of legal requirements?
(6.1.3)
• Has the adequacy of the process been reviewed following the incident?
{10.2)
• Look at process to review the effectiveness of operational and other
controls: were they applied in this case? (8.1.1)
• Look at performance monitoring and measurement (9.1.1)
• Look at incident/hazard statistics, is there analysis & evaluation of
data? (9.1.1)
• Look at incident/hazard reports for establishment of root cause (10.2)
• Look at corrective actions based on incident investigation reports ( 10.2)
• Look at the process for evaluating the effectiveness of corrective actions (10.2)
• Confirm effective Emergency Preparedness and Response Plans are in place:
were the plans applied and effective for this incident? (8.2)

of clause 10.2 from ISO 45001

 Review the nonconformity - Auditee

 Determination of root cause - Auditee
 Evaluation of the need for actions to ensure that nonconformities do not recur-
Auditee
 Review existing assessments of OH&S risks and other risks as appropriate- Auditee
 A decision (after evaluation of the need or as part of the evaluation process) to take
action or not - Auditee
 Determine action needed - Auditee
 Assess OH&S risks that relate to new or changed hazards prior to taking action
 Agree proposed action, taking into account the assessment of OH&S risks. Not
mandatory but often part of audit process - Auditor
 Implement action needed in accordance with hierarchy of controls and the
management of change - Auditee
 Record results of action taken - Auditee
 Review effectiveness of action taken, check if results of action taken meet the
requirements - Auditee
  A decision is needed here on whether or not the action taken has brought about the
results needed. If yes, proceed and if no, go back - Auditee
 The Auditee must now decide whether it is necessary to make any other changes to
the OH&S system as a result of the identified nonconformity
 Verify effective corrective action has been taken by reviewing records and evidence
of root cause determination and that the action taken has achieved the desired
results - Auditor
 A decision is needed here on whether or not the corrective action process has been
implemented and on whether there is evidence that the results of the action taken
have been reviewed and demonstrate requirements are being met-
Auditor
 Record acceptance of results of the action taken and close the audit - Auditor

top management demonstrates leadership

• How do you ensure that workplaces deliver a safe working environment

for all personnel and interested parties? (5.1.a)
• How do you ensure that OH&S policies align with the strategic
objectives of the company? (5. 1.b)
• How do you ensure that the processes of the OHSMS are accepted as
an integral part of the business? (5.1.c)
• How do you determine the resources needed to ensure the
effective functioning of the OHSMS processes? (5.1.d)
• What steps are taken to communicate the importance of the OHSMS
throughout the company? (5.1.e)
• How do you determine whether the OHSMS is working effectively? (5.1.f)
• What support is given towards achieving ongoing improvement of
the OHSMS? (5.1.h)
• How are management personnel encouraged to take a lead in creating a
strong OHSMS? (5. 1.i)
• What steps are taken to sustain a positive safety culture in the company?
(5.1.j)
• How do you ensure that workers are not penalized for raising OH&S
issues? (5.1.k)
• How are workers encouraged to contribute to the OHSMS? (5. 1.1)
• Are OH&S committees established in the company? (5.1.m)

large old manor house that

Description of the nonconformity

The system failed to identify all the hazards or take into consideration the legal
requirements with regard to hazardous substances.
 Evidence
The clear purple coloured degreasing fluid is stored on the food shelf in an unmarked five Litre
plastic container. There is no assessment of risk relating to the identified hazard nor are there
any effective operational controls in place. Several staff interviewed was unaware of what it
was, how to use it or where it should be stored.

Requirement:
6.1.2.1 - The organization shall establish, implement and maintain a process for the
identification of hazards and non-conformance based on failure to comply with legal
requirements (6.1.3c) would be acceptable

lunch in the canteen during an audit in a computer manufacturer,

Answer is - No nonconformity

Questions asked:
• Establish if there has been a wider campaign to increase awareness of
the suggestion scheme and how to report concerns (5.4)
• Establish whether all staff has access to email during working hours (7 .1)

• Review the assessment of OH&S risks associated with the concerns

raised (6.1.2.2)
• Ask whether any other measures are taken to involve the workers in the
OHSMS (5.4.e)
• Review the methods of communicating processes and establish if staff
understand how to report incidents and safety issues (7.4.2)
• Determine how the manager sees her responsibilities in the OHSMS
and demonstrates a focus on continual improvement (10.3)
• Determine whether any other documentation exists in relation to the
concerns (7.5.1.b)

A metal fabrication company

Nonconformity:
The organization has failed to implement effective procedures that inform staff of OH&S issues
they need knowledge of to ensure their personal safety.

Evidence:
Several workers had not been informed of radiation work that was being carried out and
had entered a radiation controlled area.

Requirement:
 7.4.2 - the organization shall internally communicate information relevant to the OH&S
management system among the various levels and functions of the organization
7.3e - workers shall be made aware of hazards, OH&S risks and actions determined that
are relevant to them