‘OHSLA ANSWERS TO QUESTIONS IN SPECIMEN EXAM PAPER 14 ISO 45001 requires that internal audits are objective and impartial Describe the difference between objectivity and impartiality in this context Typical solution Objectivity: Auditors should gather fact based evidence that can be subject to some degree of verification. Impartiality: auditors should act without bias, including in the gathering of and analysis of evidence. Or, that auditors are free from a conflict of interest 4.2 Explain the likely consequences of undiplomatic behaviour by an auditor. Typical solution Being undiplomatic could be seen as rude or disrespectful to the auditee and cause the auditee to be offended and raise a complaint. It could also lead to a complete withdrawal of co-operation. It is likely that it will cause the auditee to be less willing to respond Positively to questions therefore limiting the effectiveness of the audit. 1.3 Give four examples of evidence which demonstrates that an organisation is managing its OH&S legal responsibilities in conformance with ISO 45001 Typical solution + A process to determine & have access to up-to-date legal requirements + Alist of legislative, regulatory & other requirements + Alink between its OH&S hazards and the appropriate legislation + A register of applicable legislation + Access to a competent person, expertise or advice + Evidence of compliance checking + A process for periodic evaluation of legislative compliance and associated retained documented information to evidence such evaluations + Objectives have taken legal requirements into account * Appropriate operational controls are in place + Reviews are in place to assess changing legislative or other requirements 14 Identify two ways in which an auditor can verify that agreed corrective actions have been effectively implemented. Typical solution 1 Acceptance of a written response. ') Evaluation of submitted evidence ( Verification of corrective action at the audit location |) Results of re-audit "1 Photographic evidence (e.g. in the instance of an infrastructure issue) All of which must demonstrate that the corrective action has worked as opposed to simply being introduced. 1.5, Identify whether each of the four statements below is TRUE (T) or FALSE (F) by circling the correct letter Typical Solution a) Organisations must report fewer safety incidents year on year in order to demonstrate continual improvement of the OHSMS-—--~---F b) Workers must be represented in the management review process—- F ) Auditors must identify the root cause of any nonconformities which they report d) The expectations of interested parties must be considered within the scope of the OHSMS T F Section two ~ 24 a) List six responsibilities of the lead auditor when conducting an external audit Typical solution U Initial communication with the auditee1 Confirm the reason for the audit, its objectives, scope, methods and the audit criteria that will be used Pre-audit visit (or Stage 1 audit or review of documented information) Confirm and agree date of audit 1D Bring in audit team and any specialists LU Assign tasks as necessary Assign decision making authority 1 Chair the opening meeting 1 Managing the audit - keeping to the programme and timing 1 Invite feedback from team at private auditors meeting(s) 1 Chair the closing meeting (U Inform company of your findings and recommendations 1) Allow questions from company ( Write report |) Review any corrective actions taken LD Arrange for a re-visit if necessary 1D Closedown the audit 1D Distribution of audit documentation in accordance with the client's requirements. Answering any queries the client may have post-audit (b) An auditor conducting a third party audit finds a critical safety hazard which has not been addressed in the OHSMS. State how the auditor should respond Typical answer + Make a note of the details of the situation. + Check with the relevant individual whether or not the hazard has been identified. + Raise an NCR against 6.1.2.1 - if the hazard has not been identified or if the organisation has no established process for hazard identification + Explain to the auditee the need to identify all hazards before assessing the OH&S risks they present + Check the competence of the individual that completed the hazard identification in the area in which the hazard was found + Review any documented information relating to the area in which the hazard was identified to determine whether there have been any other significant omissions, + Check how long the hazard has been present. If this is a new hazard determine why the hazard was not identified 22 You are the audit team leader conducting an OHSMS stage one certification audit on site by yourself in an organisation. At the initial meeting, you are presented with a luxury leather laptop case containing the company’s OHSMS manual and procedure documents. The OHSMS manager indicates that the case is a gift for you to use during the audit and retain afterwards. Describe how you would respond to this situation. Typical Solution Thank the OHSMS manager very sincerely for the kind offer but state that such a generous gift would be viewed by the certification body as an inducement to the auditor. Emphasise that auditors must be seen to be impartial and objective at all times in accordance with certification standards such as ISO 17021 and auditors" professional code of conduct. Advise the OHSMS manager that there is no intention to cause offence by refusing the gift but express the hope that the company will understand the auditor's position. Underline the fact that the offer of the gift will not affect your conduct of the audit in any way. 23 You are the team leader allocated to a stage 2 OH&S certification audit of a large chemical company producing explosives for industrial use wishing to gain ISO 45001 certification. Youhave been asked to form the audit team, list five factors you would consider when selecting individual members of that team Typical solution + Individual auditors should have no conflicts of interest such as prior consultancy within recent years. * Maturity as a currently experienced auditor — are they competent to work alone or require supervision? + Knowledge and experience of the chemicals sector and specifically the manufacture of explosives and the associated processes. + Occupational health and safety experience and technical competence in the chemical/explosives sector. + Auditors should be certified and/or have the approval of the certification body — appropriate competence including education and training is required + Relevant personal skills and attributes to ensure a successful audit + Geographical proximity to the audit location may be a factor. + Ideally should be fluent in the auditee’s language. + Knowledge of ISO 45001 and its interpretation in the chemical/explosive manufacturing industry + Knowledge of relevant local and national OH&S legislation + Will technical expertise be required requiring specialist advice and guidance? + Will the team as a whole possess the overall competencies required for effective completion of the audit and is it likely they will work effectively together? 24 At the opening meeting of the stage 2 certification audit, the Health & Safety manager informs you that a recent internal audit has found many nonconformities relating to issues in the laboratory. Corrective action has already been planned. The manager therefore suggests that to audit the laboratory again would add no value and asks if you could delete this department from the audit plan and spend more time in the production area as there has been an increase in minor accidents recently and he is concerned that there may be serious problems. Outline five issues you would include in the response which you would give to this request. Typical solution An external audit needs to cover all the processes associated with the scope of the management system and the audit criteria 10 If laboratory is not included, it will not be possible to make a recommendation on certification An audit of laboratory now could confirm the accuracy of the recent internal auc findings. 1 The internal auditors may have been auditing to different criteria to the one used in this audit CU Allissues must be independently verified by the auditor L The opening meeting is not the place to try to change the agreed parameters of the audit plan (0 An external audit of laboratory now may identify other findings that may need to be addressed for system improvement (0 The audit can include a review of planned corrective action. 1D The fact that internal audits have been carried out and corrective actions identified may well provide positive evidence of system conformance, rather than be seen to be a problem. Section three ~ 34 A construction company has been certified to ISO 45001 for more than a year. Two months ago, the company had a fatal accident involving someone working in a confined space. Next week is the surveillance audit and you are the sole auditor conducting the audit. Explain what you wouldwish to examine by listing at least 10 issues for investigation making reference to relevant clauses of ISO 45001 Typical solution © Has the organisation’s assessment of risk been reviewed post-accident? (10.2.0) LU If the organisation’s assessment of risk has been changed, has the new assessment been communicated? (10.2) [) Have new controls been implemented? (8. 1.1.b) 1D Have people been trained in the new controls? (7.2.b) 1 Did the company follow due legal process for reporting the fatal accident (6.1.4.2) Review the process(es) for hazard identification and the assessment of OH&S risks (6.1.2.2.a) 0 Confirm application of the appropriate process(es) to verify if hazards associated with confined space working have been identified and assessed to be significant. (6.1.2.1) 1D Look for process(es) relating to eliminating hazards and reducing OH&S risks: were they applied in this case? (8.1.2) 1 Have these arrangements taken full consideration of legal requirements? (6.1.3) 1D Has the adequacy of the process(es) been reviewed following the incident? (10.2) L Look at process(es) to review the effectiveness of operational and other controls: were they applied in this case? (8.1.1) () Look at performance monitoring and measurement (9.1.1) (Look at incidenthhazard statistics, is there analysis & evaluation of data? (9.1.1) 1D Look at incidentihazard reports for establishment of root cause (10.2) 1 Look at corrective actions based on incident investigation reports (10.2) LU Look at the process for evaluating the effectiveness of corrective actions (10.2) 1 Confirm effective Emergency Preparedness and Response Plans are in place: were the plans. applied and effective for this incident? (8.2) 32 ‘Taking into account the requirements of clause 10.2 from ISO 45001, describe, in terms of a sequence oF illustrate using a diagram, the corrective action process starting from a non- conformance being raised by an auditor through to close out of the finding. Identify whether the auditee or auditor is responsible for each element of the process and identify at what point in the corrective action process decisions need to be taken and by whom. Typical solution Description 1 Review the nonconformity — Auditee 1 Determination of root cause(s) — Auditee 0 Evaluation of the need for actions to ensure that nonconformities do not recur — Auditee 1D Review existing assessments of OH&S risks and other risks as appropriate 1D A decision (after evaluation of the need or as part of the evaluation process) to take action or not - Augitee LU Determine action needed — Auditee 1 Assess OH&S risks that relate to new or changed hazards prior to taking action 1D) Agree proposed action, taking into account the assessment of OH&S risks. Not mandatory but often part of audit process ~ Auditor 1D Implement action needed in accordance with hierarchy of controls and the management of change - Auditee 1 Record results of action taken - Auditee 1D Review effectiveness of action taken, i.e. check if results of action taken meet requirements — Auditee [A decision is needed here on whether or not the action taken has brought about the results needed. If yes, proceed and if no, go back — Auditee 1D The Auditee must now decide whether it is necessary to make any other changes to the OH8S system as a result of the identified nonconformity1D Verify effective corrective action has been taken by reviewing records and evidence of root cause determination and that the action taken has achieved the desired results — Auditor A decision is needed here on whether or not the corrective action process has been implemented and on whether there is evidence that the results of the action taken have been reviewed and demonstrate requirements are being met — Auditor 1 Record acceptance of results of the action taken and close the audit - Auditor Typical Solution - Diagram Auditor raises nonconformity Auditee reviews/agrees nonconformity Auditee determines root cause Auditee evaluates the need for action to prevent recurrence Auditee reviews existing assessment of OH&S and other risks as appropriate Auditee assesses OH&S risks that relate to new or changed hazards Auditor agrees proposal (not mandatory) Auditee implements CA Auditee records action taken and results Auditee reviews effectiveness of action taken, i.e. decides if results of action taken meet requirements, Auditee decides if corrective action has been effective Auditee makes changes to the OH&S management system, if necessary Auditor verifies effective corrective action has been taken by reviewing records and evidence of root cause determination and that the action taken has achieved the desired results. Auditor decides if corrective action requirements have been met Auditor records acceptance of results of action taken and closes the audit 33 A requirement of ISO 45001 (5.1) is that top management demonstrates leadership in support of the OHSMS. Prepare a checklist of at least ten checkpoints which would help you, when interviewing the head of an airline services company, to determine whether the organisation conforms to this requirement. State the applicable clause of ISO 45001 Typical Solution ( How do you ensure that workplaces deliver a safe working environment for all personnel and interested parties? (5.1.a) ( How do you ensure that OH&S policies align with the strategic objectives of the company? (.1.b) 1D How do you ensure that the processes of the OHSMS are accepted as an integral part of the business? (5.1.¢ ) 1 How do you determine the resources needed to ensure the effective functioning of the OHSMS processes? (5.1.4) (D What steps are taken to communicate the importance of the OHSMS throughout the company? (5.1.e) 1 How do you determine whether the OHSMS is working effectively? (5.1.f) © What stipport is given towards achieving ongoing improvement of the OHSMS? (5. 1.h) 0 How are management personnel encouraged to take a lead in creating a strong OHSMS? (5.1.1) UU What steps are taken to sustain a positive safety culture in the company? (5.1,)) 1D How do you ensure that workers are not penalised for raising OH&S issues? (5.1.k) LD How are workers encouraged to contribute to the OHSMS? (5.1.!) 1 Are OH&S committees established in the company? (5.1.m)Section four — Delegates are required to either: 0 Complete the nonconformity report template. Marking scheme for a nonconformity: 0 For correctly identifying the scenario as a nonconformity (2 marks) U For a clear description of the nonconformity (3 marks) U For correctly quoting relevant evidence (3 marks) 1D For correctly identifying the relevant ISO 45001 requirement (1 mark) 1 Overall clarity of the nonconformity report (1 mark) Note to marker: if delegates raise a nonconformity report when there is no nonconformity, 0 (zero) marks will be awarded. oR 1 Complete the audit investigation template, clearly stating: LU Their reason(s) for thinking there is not yet sufficient evidence to report their findings as a nonconformity (2 marks) |) How they would investigate to determine conformity or nonconformity, including audit trails 44- Audit situation one: You are in a large old manor house that is used by an organisation as their National Corporate Centre for Training. The house has a kitchen that prepares meals for the training delegates. In the kitchen area, you notice that a clear purple coloured fiuid is stored on a shelf alongside food items in an unmarked five litre plastic container. You ask the kitchen supervisor what the liquid is and are told it is a chemical for degreasing the drains because they regularly block. When you ask why it is kept on the food shelf you are told that it is not normally kept there but itis not a problem as “everyone knows what it is used for’. You interview several members of the kitchen staff and their replies do not convince you that they do know what it is for or how to use it. The training records in the kitchen show that temporary workers are employed in the kitchen for only a few days at a time on a regular basis. The Supervisor states that “there are no written instructions or assessments of risk relating to the use of the degreasing fluid as everyone knows how to use it”. You know that using chemicals or other hazardous substances at work can put people's health at risk and that the law requires employers to control exposure to hazardous substances to prevent il health. Solution - Nonconformity NONCONFORMITY REPORT 1 Nonconformity Description of the nonconformity The system failed to identify all the hazards or take into consideration the legal requirements with regard to hazardous substances. Evidence - The clear purple coloured degreasing fluid is stored on the food shelf in an unmarked five Litre plastic container. There is no assessment of risk relating to the identified hazard nor are there any effective operational controls in place. Several staff interviewed were unaware of what it was, how to use it or where it should be stored. ISO 45001 clause and requirement: 6.1.2.1 - The organization shall establish, implement and maintain a process(es) for the identification of hazards. ‘OR A non-conformance based on failure to comply with legal requirements (6.1.3c) OR A non-conformance based on operation control (8.1.1.b) would be acceptable OR A non-conformance based on worker awareness (7.3.e) would be acceptable.) 42-Audit situation two: When having lunch in the canteen during an audit in a computer manufacturer, you see a sign next to a noticeboard which states “Please place safety suggestions in the box below” but the box is missing. On resuming the audit, you ask about the missing box and are told that the system has changed and that safety suggestions are now invited by email to the OH&S manager. When interviewing the OH&S manager later, you ask about the emails and are told that only two have been received in the past six months. One relates to loose tiles at the factory entrance and the other relates to people smoking outside the front door. The manager says that she forwarded the emails to the maintenance department manager with a copy sent to the originator. When questioned about the effectiveness of the new practice, the manager stated that the box was removed because many people never visited the canteen. She added that emails were introduced to encourage more suggestions and meet the consultation requirements of the OHSMS. Solution — No nonconformity Audit investigation: There is insufficient evidence for a nonconformity. Whilst the change in process has not been particularly effective, it does depend on people responding. There is also cause to further investigate the OH&S manager's response to the emails and whether any follow up took place. More evidence is required. Points of investigation and evidence sought: 1D Establish if there has been a wider campaign to increase awareness of the suggestion scheme and how to report concerns (5.4) LU Establish whether all staff has access to email during working hours (7.1) Review the assessment of OH&S risks associated with the concerns raised (6.1.2.2) 1D Ask whether any other measures are taken to involve the workers in the OHSMS (5.4.e) 1 Review the methods of communicating processes and establish if staff understand how to report incidents and safety issues (7.4.2) U Determine how the manager sees her responsibilities in the OHSMS and demonstrates a focus on continual improvement (10.3) 1 Determine whether any other documentation exists in relation to the concerns (7.5.1.b) 43 Audit situation three: During your audit of a metal fabrication company you review the incident reporting records and note that there were several incidents reported where workers had entered a restricted area, segregated by temporary barriers, where radiography work was being carried out on some welded fabrications. The records stated that the workers were unaware that this activity was taking place. You ask a representative of top management how the workers are informed of any OH&S issues relevant to their safety. She replies stating that all OH&S issues are addressed in weekly .tool box’ talks. These talks are held every Monday morning and all members of staff must attend. You ask to see the agenda for these talks and the examples you see cover the typical topics you would expect including the arrangements for the radiography. You ask how the organisation ensures all members of staff attend and are told that it's unnecessary for any records to be kept as it has been standard practice for many years for all staff to attend. When asked how they ensure those members of staff who are unable to attend these talks because of other duties, illness or holidays etc, she states that .we do not have any formal arrangements, but we expect area managers to update anyone who missed a talk when they return to work’. Solution - Nonconformity OH&S AUDIT - NONCONFORMITY REPORT 3 Nonconformity Description of the nonconformity‘The organisation has failed to implement effective procedures that inform staff of OH&S issues they need knowledge of to ensure their personal safety Evidence ‘Several workers had not been informed of radiation work that was being carried out and had entered a radiation controlled area. ISO 45001 clause and requirement: 7.4.2 - the organization shall internally communicate information relevant to the OH&S management system among the various levels and functions of the organization OR 7.3e — workers shall be made aware of hazards, OH&S risks and actions determined that are relevant to them. END