CO] BIRCA CONFIDENTIAL APPROVED TRAINING PARTNERS CQI and IRCA Solutions to Specimen Examination Paper Occupational Health and Safety Management Systems Auditor Training Courses (PR356 & PR357 ISO 45001) Note to markers Markers are expected to use their experience and judgement as professional auditors, bound by the CQI and IRCA code of conduct. Markers must give due consideration to logically argued solutions that might not conform precisely to the typical solution and other answers may be acceptable. This is especially relevant when marking sections three and four. Marker One, and Marker Two where applicable, shall annotate students’ examination papers clearly to show where each mark is given and shall record their justification for awarding marks outside of the typical solution. Markers should use the margins provided for this, ensuring that marks and justifications given by each marker are clearly discernible for review by the CQI and IRCA Training Assessor. QI and IRCA Solutions to Specimen examination paper OHS, January 2018. Amended for use on certified course 300K operated by ATP sexx, Page 4 of 16@aCOl BIRCA Section one - Five questions worth two marks each ~ maximum 10 marks Statements in italics are for reference only and are not part of the expected answer. 1.1 ISO 45001 requires that internal audits are objective and impartial. Describe the difference between objectivity and impartiality in this context. (2 marks) ‘Typical solution Objectivity: Auditors should gather fact based evidence that can be verified. (1 mark) Impartiality: auditors should act without bias, including in the gathering of and analysis of evidence. Or, that auditors are free from a conflict of interest (4 mark) Note to marker: Similar answers are acceptable, 1.2 Expl the likely consequences of undiplomatic behaviour by an auditor. (2 marks) Typical solution Being undiplomatic could be seen as rude or disrespectful to the auditee and cause the auditee to be offended and raise complaint. It could also lead to a complete withdrawal of co-operation. It is likely that it will cause the auditee to be less willing to respond positively to questions therefore limiting the effectiveness of the audit, Note to marker: Award 0.5 mark for each consequence up to a maximum of 2 marks, Similar answers are acceptable. 1.3. Give four examples of evidence which demonstrates that an organisation is managing its OH&S legal responsibilities in conformance with ISO 45001. (2 marks) Typical solution + A process to determine & have access to up-to-date legal requirements + Allist of legislative, regulatory & other requirements + Alink between its OH&S hazards and the appropriate legislation + A register of applicable legislation + Access to a competent person, expertise or advice + Evidence of compliance checking * A process for periodic evaluation of legislative compliance and associated retained documented information to evidence such evaluations + Objectives have taken legal requirements into account + Appropriate operational controls are in place + Reviews are in place to assess changing legislative or other requirements Note to marker: 0.5 mark per point up to 2 marks maximum. QI and IRCA Solutions to Specimen examination paper OHS, January 2018. Amended for use on certified course 300K operated by ATP sexx, Page 2 of 1614 1s @aCOl BIRCA Identify two ways in which an auditor can verify that agreed corrective actions have been effectively implemented. (2 marks) Typical solution * Acceptance of a written response. + Evaluation of submitted evidence + Verification of corrective action at the audit location + Results of re-audit * Photographic evidence (e.g. in the instance of an infrastructure issue) All of which must demonstrate that the corrective action has worked as opposed to simply being introduced Note to marker: 1 mark each for each correct answer. Identify whether each of the four statements below is TRUE (T) or FALSE (F) by ing the correct letter. (2 marks) a) Organisations must report fewer safety incidents year on year in order to demonstrate continual T F improvement of the OHSMS b) Workers must be represented in the management T F review process ©) Auditors must identify the root cause of any ; . nonconformities which they report d) The expectations of interested parties must be 1 F considered within the scope of the OHSMS. ‘Typical Solution A, B, Care false. D is true. Note to marker: 0.5 mark for each correct answer. No marks should be awarded if the selection is unclear. QI and IRCA Solutions to Specimen examination paper OHS, January 2018. Amended for use on certified course 300K operated by ATP sexx, Page 3 of 16@aCOl BIRCA Section two - Four questions worth five marks each - maximum 20 marks 21 a) t six responsibilities of the lead auditor when conducting an external audit (3 marks) Typical solution + Initial communication with the auditee + Confirm the reason for the audit, its scope and the standard + Pre-audit visit (or Stage 1 audit or document review) + Confirm and agree date of audit ‘+ Bring in audit team and any specialists + Assign tasks as necessary * Chair the opening meeting + Managing the audit ~ keeping to the programme and timing + Invite feedback from team at private auditors meeting(s) + Chair the closing meeting + Inform company of your findings and recommendations + Allow questions from company + Write report + Review any corrective actions taken + Arrange for a re-visit if necessary + Closedown the audit * Distribution of audit documentation in accordance with the client's requirements + Answering any queries the client may have post-audit Note to marker: 0.5 mark for each answer up to 3 marks maximum (b) An auditor conducting a third party audit finds a critical safety hazard which has not been addressed in the OHSMS. State how the auditor should respond. (2 marks) Typical answer + Make a note of the details of the situation. * Check with the relevant individual whether or not the hazard has been identified. + Raise an NCR against 6.1.2.1 - if the hazard has not been identified or if the organisation has no established process for hazard identification, + Explain to the auditee the need to identify all hazards before assessing the OHS risks they present. + Check the competence of the individual that completed the hazard identification in the area in which the hazard was found + Review any documented information relating to the area in which the hazard was identified to determine whether there have been any other significant omissions. * Check how long the hazard has been present. If this is a new hazard determine why the hazard was not identified. Note to marker: 1 mark for each point up to 2 marks maximum QI and IRCA Solutions to Specimen examination paper OHS, January 2018. Amended for use on certified course 300K operated by ATP sexx, Page 4 of 162.2 23 @aCOl BIRCA You are the audit team leader conducting an OHSMS stage one certification audit on site by yourself in an organisation. At the initial meeting, you are presented with a luxury leather laptop case containing the company's OHSMS manual and procedure documents. The OHSMS manager indicates that the case is a gift for you to use during the audit and retain afterwards. Describe how you would respond to this situation. (5 marks) Typical Solution Thank the OHSMS manager very sincerely for the kind offer but state that such a generous gift would be viewed by the certification body as an inducement to the auditor. Emphasise that auditors must be seen to be impartial and independent at all times in accordance with certification standards such as ISO 17021 and auditors’ professional code of conduct. Advise the OHSMS manager that there is no intention to cause offence by refusing the gift but express the hope that the company will understand the auditor's position. Underline the fact that the offer of the gift will not affect your conduct of the audit in any way. Note to marker: The essence of this question is the need for the auditor to act with integrity, recognise and manage cultural and social issues and maintain an effective but independent relationship with the client, 1 mark for each underlined issue to. a maximum of 5 marks. Award 0 marks if the gift is to be accepted. You are the team leader allocated to a stage 2 OH&S certification audit of a large chemical company producing explosives for industrial use wishing to gain ISO 45001 certification. You have been asked to form the audit team, list five factors you would consider when selecting individual members of that team. (S marks) Typical solution + Individual auditors should have no conflicts of interest such as prior consultancy within recent years. + Maturity as a currently experienced auditor ~ are they competent to work alone or require supervision? + Knowledge and experience of the chemicals sector and specifically the manufacture of explosives and the associated processes. + Occupational health and safety experience and technical competence in the chemical/explosives sector. + Auditors should be certified and/or have the approval of the certification body ~ appropriate competence including education and training is required. + Relevant personal skills and attributes to ensure a successful audit. + Geographical proximity to the audit location may be a factor. + Ideally should be fluent in the auditee’s language. + Knowledge of ISO 45001 and its interpretation in the chemical/explosive manufacturing industry + Knowledge of relevant local and national OH8S legislation + Will technical expertise be required requiring specialist advice and guidance’ + Will the team as a whole possess the overall competencies required for effective completion of the audit and is it likely they will work effectively together? QI and IRCA Solutions to Specimen examination paper OHS, January 2018. Amended for use on certified course 300K operated by ATP sexx, Page 5 of 1624 @aCOl BIRCA Note to marker: 1 mark for each of the above or alternative acceptable answer to a maximum of 5 marks At the opening meeting of the stage 2 certification audit, the Health & Safety manager informs you that a recent internal audit has found many nonconformities relating to issues in the laboratory. Corrective action has already been planned. The manager therefore suggests that to audit the laboratory again would add no value and asks if you could delete thi department from the audit plan and spend more time in the production area as there has been an increase in minor accidents recently and he is concerned that there may be serious problems. Outline five issues you would include in the response which you would give to this request. (S marks) Typical solution + An external audit needs to cover all the processes associated with the scope of the management system and the audit criteria. (2 marks) If laboratory is not included, it will not be possible to make a recommendation on certification. ‘An audit of laboratory now could confirm the accuracy of the recent internal audit findings. The internal auditors may have been auditing to different criteria to the one used in this audit All issues must be independently verified by the auditor The opening meeting is not the place to try to change the agreed parameters of the audit plan An external audit of laboratory now may identify other findings that may need to be addressed for system improvement. The audit can include a review of planned corrective action. The fact that internal audits have been carried out and corrective actions identified may well provide positive evidence of system conformance, rather than be seen to be a problem. Note to marker: Except where shown, award 1 mark for each issue to a maximum of 5 marks. An answer that states ‘delete from the plan’ must result in 0 marks unless the answer specifies acceptable special circumstances. QI and IRCA Solutions to Specimen examination paper OHS, January 2018. Amended for use on certified course 300K operated by ATP sexx, Page 6 of 16@aCOl BIRCA Section three - three questions worth ten marks each - maximum 30 marks Note to markers: Marks should be given for alternative answers that are logically presented and comply with the requirements of ISO 45001. 34 A construction company has been certified to ISO 45001 for more than a year. Two months ago, the company had a fatal accident involving someone working in a confined space. Next week is the surveillance audit and you are the sole auditor conducting the audit. Explain what you would wish to examine by listing at least 10 issues for investigation making reference to relevant clauses of ISO 45001. (10 marks) Typical solution + Has the organisation’s assessment of risk been reviewed post-accident? (10.2.c) + If the organisation’s assessment of risk has been changed, has the new assessment been communicated? (10.2) + Have new controls been implemented? (8.1.1.b) + Have people been trained in the new controls? (7.2.b) + Did the company follow due legal process for reporting the fatal accident (6.1.4.2.2) + Review the process(es) for hazard identification and the assessment of OH&S risks (6.1.2.2.a) + Confirm application of the appropriate process(es) to verify if hazards associated with confined space working have been identified and assessed to be significant. (6.1.2.1) + Look for process(es) relating to eliminating hazards and reducing OH&S risks: were they applied in this case? (8.1.2) + Have these arrangements taken full consideration of legal requirements? (6.1.3) + Has the adequacy of the process(es) been reviewed following the incident? (10.2) + Look at process(es) to review the effectiveness of operational and other controls: were they applied in this case? (8.1.1) * Look at performance monitoring and measurement (9.1.1) + Look at incident/hazard statistics, is there analysis & evaluation of data? (9.1.1) + Look at incident/hazard reports for establishment of root cause (10.2) + Look at corrective actions based on incident investigation reports (10.2) + Look at the process for evaluating the effectiveness of corrective actions (10.2) + Confirm effective Emergency Preparedness and Response Plans are in place: were the plans applied and effective for this incident? (8.2) Note to marker: 1 mark per point up to 10 marks maximum QI and IRCA Solutions to Specimen examination paper OHS, January 2018. Amended for use on certified course 300K operated by ATP sexx, Page 7 of 16@aCOl BIRCA 3.2. Taking into account the requirements of clause 10.2 from ISO 45001, describe, in terms of a sequence or illustrate using a diagram, the corrective action process starting from a non-conformance being raised by an auditor through to close out of the finding. Identify whether the auditee or auditor is responsible for each element of the process and identify at what point in the corrective action process decisions need to be taken and by whom (10 marks) Typical solution Description: * Review the nonconformity - Auditee (0.5 mark) * Determination of root cause(s) ~Auditee (0.5 mark) + Evaluation of the need for actions to ensure that nonconformities do not recur ~ Auditee (0.5 mark) + Review existing assessments of OH&S risks and other risks as appropriate (0.5 mark) * A decision (after evaluation of the need or as part of the evaluation process) to take action or not - Auditee (2 mark) * Determine action needed - Auditee (0.5 mark) + Assess OH&S risks that relate to new or changed hazards prior to taking action (0.5 mark) * Agree proposed action, taking into account the assessment of OH&S risks. Not mandatory but often part of audit process - Auditor (0.5 mark) + Implement action needed in accordance with hierarchy of controls and the management of change - Auditee (0.5 mark) * Record results of action taken - Auditee (0.5 mark) * Review effectiveness of action taken, i.e. check if results of action taken meet requirements - Auditee (0.5 mark) + A decision is needed here on whether or not the action taken has brought about the results needed. If yes, proceed and if no, go back - Auditee (0.5 mark) + The Auditee must now decide whether it is necessary to make any other changes to the OH&S system as a result of the identified nonconformity (0.5 mark) + Verify effective corrective action has been taken by reviewing records and evidence of root cause determination and that the action taken has achieved the desired results - Auditor (1 mark) + A decision is needed here on whether or not the corrective action process has been implemented and on whether there is evidence that the results of the action taken have been reviewed and demonstrate requirements are being met = Auditor (1 mark) * Record acceptance of results of the action taken and close the audit - Auditor (a mark) QI and IRCA Solutions to Specimen examination paper OHS, January 2018. Amended for use on certified course 300K operated by ATP sexx, Page 8 of 16@aCOl BIRCA Typical Solution - Diagram Note to marker: The fundamental requirement for this question is that students can demonstrate a comprehensive and accurate understanding of the corrective action process described in clause 10.2 from ISO 45001, and how this works within the audit process. Auditor raises nonconformity Auditee reviews/agrees nonconformity Auditee determines root cause Auditee evaluates the need for action to prevent recurrence Auditee reviews existing assessment of OH&S and other risks as appropriate No action «—— Auditee decides whether action is needed Record facts and decision Auditee determines corrective action. <——— Auditee assesses OH&S risks that relate to new or changed hazards Auditor agrees proposal (not mandatory) ———> Auditee implements CA <————— Auditee records set taken and results Auditee reviews effectiveness of action taken, decides if results of action taken meet requirements. Auditee decides if corrective action has been effective —> Auditee makes changes to the OH&S management system, if necessary < Auditor verifies effective corrective action has been taken by reviewing records and evidence of root cause determination and that the action taken has achieved the desired results. Auditor decides if corrective action requirements have been met ——> Auditor records acceptance of results of action taken and closes the audit QI and IRCA Solutions to Specimen examination paper OHS, January 2018. Amended for use on certified course 300K operated by ATP sexx, Page 9 of 16@aCOl BIRCA 3.3 Arequirement of ISO 45001 (5.1) is that top management demonstrates leadership in support of the OHSMS. Prepare a checklist of at least ten checkpoints which would help you, when interviewing the head of an airline services company, to determine whether the organisation conforms to this, requirement, State the applicable clause of ISO 45001. (10 marks) Typical Solution How do you ensure that workplaces deliver a safe working environment for all personnel and interested parties? (5.1.2) How do you ensure that OH&S policies align with the strategic objectives of the company? (5.1.b) How do you ensure that the processes of the OHSMS are accepted as an integral part of the business? (5.1.c) How do you determine the resources needed to ensure the effective functioning of the OHSMS processes? (5.1.d) What steps are taken to communicate the importance of the OHSMS throughout the company? (5.1.e) How do you determine whether the OHSMS is working effectively? (5.1.f) What support is given towards achieving ongoing improvement of the OHSMS? (5.1.h) How are management personnel encouraged to take a lead in creating a strong OHSMS? (5.1.1) What steps are taken to sustain 2 positive safety culture in the company? (8.1.3) How do you ensure that workers are not penalised for raising OH&S issues? (5.1.k) How are workers encouraged to contribute to the OHSMS? (5.1.1) ‘Are OH&S committees established in the company? (5.1.m) Note to marker: 1 mark for each relevant checkpoint up to 10 marks maximum. Deduct 0.5 mark if the correct clause is not given. QI and IRCA Solutions to Specimen examination paper OHS, January 2018. Amended for use on certified course 300K operated by ATP sexx, Page 10 of 16@aCOl BIRCA Section four - three questions worth 10 marks each - maximum 30 marks Questions in this section are designed to test the delegate’s ability to analyse audit situations, evaluate audit evidence and apply knowledge of the audit criteria correctly. Delegates are required to either: + Complete the nonconformity report template. Marking scheme for a nonconformity: * For correctly identifying the scenario as a nonconformity (2 marks) * For a clear description of the nonconformity (3 marks) * For correctly quoting relevant evidence (3 marks) * For correctly identifying the relevant ISO 45001 requirement (1 mark) + Overall clarity of the nonconformity report (1 mark) Note to marker: if delegates raise a nonconformity report when there is no nonconformity, 0 (zero) marks will be awarded. n template, clearly stating: * Their reason(s) for thinking there is not yet sufficient evidence to report their findings as a nonconformity (2 marks) + How they would investigate to determine conformity or nonconformity, including audit trails they would follow and specific examples of audit evidence they would seek and for what purpose. (8 marks) Note to marker: If delegates complete the audit investigation template for a situation where there is evidence that a nonconformity exists, @ maximum of 7 marks may be awarded as follows: * Providing a valid reason why there is insufficient evidence for a nonconformity (2 marks) * Providing relevant audit trails as above, (5 marks) Note to marker: Marks should only be awarded where the audit investigation trails are relevant to the situation and would provide further evidence of conformance or non-conformance. QI and IRCA Solutions to Specimen examination paper OHS, January 2018. Amended for use on certified course 300K operated by ATP sexx, Page 11 of 16@aCOl BIRCA 4.1 - Audit situation one: You are in a large old manor house that is used by an organisation as their National Corporate Centre for Training. The house has a kitchen that prepares meals for the training delegates. In the kitchen area, you notice that a clear purple coloured fluid is stored on a shelf alongside food items in an unmarked five litre plastic container. You ask the kitchen supervisor what the liquid is and are told itis a chemical for degreasing the drains because they regularly block. When you ask why it is kept on the food shelf you are told that it is not normally kept there but it is not a problem as “everyone knows what it is used for”. You interview several members of the kitchen staff and their replies do not convince you that they do know what it is for or how to use it. The training records in the kitchen show that temporary workers are employed in the kitchen for only a few days at a time on a regular basis. The Supervisor states that "there are no written instructions or assessments of risk relating to the use of the degreasing fluid as everyone knows how to use it”. You know that using chemicals or other hazardous substances at work can put people's health at risk and that the law requires employers to control exposure to hazardous substances to prevent ill health, Solution - Nonconformity OH&S AUDIT - NONCONFORMITY REPORT 1 Nonconformity (2 marks for identifying the scenario as a nonconformity) Description of the nonconformity (3 marks for identifying the failure) The system failed to identify all the hazards or take into consideration the legal requirements with regard to hazardous substances. Evidence (3 marks for identifying the evidence) The clear purple coloured degreasing fluid is stored on the food shelf in an unmarked five Litre plastic container. There is no assessment of risk relating to the identified hazard nor are there any effective operational controls in place. Several staff interviewed were unaware of what it was, how to use it or where it should be stored. ISO 45001 clause and requirement: 6.1.2.1 - The organization shall establish, implement and maintain a process(es) for the identification of hazards. OR ‘A non-conformance based on failure to comply with legal requirements (6.1.3¢) would be acceptable QI and IRCA Solutions to Specimen examination paper OHS, January 2018. Amended for use on certified course 300K operated by ATP sexx, Page 12 of 16@aCOl BIRCA oR Anon-conformance based on operation control (8.1.1.b) would be acceptable oR ‘Anon-conformance based on worker awareness (7.3.e) would be acceptable.) Note to marker: 1 mark for clause and requirement plus 1 mark for clarity of answer Note to marker: Whilst this is clearly a nonconformity of UK legislation (e.g. COSHH regulations), it is written so that students outside the UK can still recognise the problem. QI and IRCA Solutions to Specimen examination paper OHS, January 2018. Amended for use on certified course 300K operated by ATP sexx, Page 13 of 16@aCOl BIRCA 4.2 - Audit situation two: When having lunch in the canteen during an audit in a computer manufacturer, you see a sign next to a noticeboard which states "Please place safety suggestions in the box below" but the box is missing. On resuming the audit, you ask about the missing box and are told that the system has changed and that safety suggestions are now invited by email to the OH&S manager. When interviewing the OH&S manager later, you ask about the emails and are told that only two have been received in the past six months. One relates to loose tiles at the factory entrance and the other relates to people smoking outside the front door. The manager says that she forwarded the emails to the maintenance department manager with a copy sent to the originator. When questioned about the effectiveness of the new practice, the manager stated that the box was removed because many people never visited the canteen. She added that emails were introduced to encourage more suggestions and meet the consultation requirements of the OHSMS. Solution — No nonconformity Audit investigation: 2 There is insufficient evidence for a nonconformity. Whilst the change in process has not been particularly effective, it does depend on people responding. There is also cause to further investigate the OH&S manager's response to the emails and whether any follow up took place. More evidence is required. (2 marks) Points of investigation and evidence sought: + Establish if there has been a wider campaign to increase awareness of the suggestion scheme and how to report concerns (5.4) (2 marks) + Establish whether all staff has access to email during working hours (7.1) (2 marks) + Review the assessment of OH&S risks associated with the concerns raised (6.1.2.2) (2 marks) + Ask whether any other measures are taken to involve the workers in the OHSMS (5.4.2) (2 marks) + Review the methods of communicating processes and establish if staff understand how to report incidents and safety issues (7.4.2) (2 marks) + Determine how the manager sees her responsibilities in the OHSMS and demonstrates a focus on continual improvement (10.3) (2 marks) + Determine whether any other documentation exists in relation to the concerns (7.5.1.b) (2 marks) Note to marker: Other relevant points of investigation along with stated evidence may be accepted. Maximum of 8 marks. Deduct 0.5 mark for each point if the clause reference is missing. If a nonconformity is raised, 0 marks should be awarded. QI and IRCA Solutions to Specimen examination paper OHS, January 2018. Amended for use on certified course 300K operated by ATP sexx, Page 14 of 16CO] BIRCA 4.3 Audit situation three: During your audit of a metal fabrication company you review the incident reporting records and note that there were several incidents reported where workers had entered a restricted area, segregated by temporary barriers, where radiography work was being carried out on some welded fabrications, The records stated that the workers were unaware that this activity was taking place. You ask a representative of top management how the workers are informed of any OH&S issues relevant to their safety. She replies stating that all OH&S issues are addressed in weekly ‘tool box’ talks. These talks are held every Monday morning and all members of staff must attend. You ask to see the agenda for these talks and the examples you see cover the typical topics you would expect including the arrangements for the radiography. You ask how the organisation ensures all members of staff attend and are told that it’s unnecessary for any records to be Kept as it has been standard practice for many years for all staff to attend, When asked how they ensure those members of staff who are unable to attend these talks because of other duties, illness or holidays etc. she states that ‘we do not have any formal arrangements, but we expect area managers to update anyone who missed a talk when they return to work’. Solution - Nonconformity OH&S AUDIT - NONCONFORMITY REPORT 3 Nonconformity (2 marks for identifying the scenario as a nonconformity) Description of the nonconformity (3 marks for identifying the failure) The organisation has failed to implement effective procedures that inform staff of OH&S issues they need knowledge of to ensure their personal safety. Evidence (3 marks for identifying the evidence) Several workers had not been informed of radiation work that was being carried out and had entered a radiation controlled area ISO 45001 clause and requirement: 7.4.2 - the organization shall internally communicate information relevant to the OH&S management system among the various levels and functions of the organization oR 7.3e - workers shall be made aware of hazards, OH&S risks and actions determined that are relevant to them. Note to marker: 1 mark for either clause and requirement plus 1 mark for clarity of answer QI and IRCA Solutions to Specimen examination paper OHS, January 2018. Amended for use on certified course 300K operated by ATP sexx, Page 15 of 16@aCOl BIRCA Notes to marker: A NC on the failure to keep or retain documented information relating to training, education etc. (i.e. attendance records of the tool box talks as per 7.2.d) would also be acceptable, A NC based on operation control (i.e. workers entering a clearly restricted area as per 8.1.1.b) would be acceptable. END OF SPECIMEN EXAM PAPER QI and IRCA Solutions to Specimen examination paper OHS, January 2018. Amended for use on certified course 300K operated by ATP sexx, Page 16 of 16