QUESTION BANK

OHSMS LEAD AUDITOR TRAINING

Question-1

Identify ISO 45001 clauses that support the aim of continual improvement.
solution
5.2e – Policy

6.2.1 – OH&S Objectives

9.2 – Internal audit

10.2 – Incident, Nonconformity and corrective action

8.1.2 – Eliminating hazards and reducing OH&S risks

9.3 – Management review

10.3 – Continual improvement

Question-2

Two reasons why it may be necessary to involve a contractor in OHSMS. ?

Solution
The contractor‟s activities and operations may impact on the OHSMS

The contractor‟s activities and operations may impact not only on the contractor‟s workers
but also on the organisation‟s own staff

The contractor‟s activities and operations may impact on interested parties involved in the
OHSMS

The procurement contract may place a requirement on the contractor to conform to specific
safety requirements
Question-3

Explain the difference between the terms “audit criteria‟ and “audit findings‟.

solution
Audit criteria are sets of policies, procedures or requirements that are used as a reference
against which audit evidence is compared for the purpose of determining conformance.
The Audit findings are the results of evaluation of the audit evidence when compared against
the audit criteria.

Question-4
Two items which an audit plan should include.?
solution
the audit objective(s)

the audit criteria

the audit scope including the functions, units and/or processes to be audited
 the audit methods to be employed

the expected time and duration for each function, unit and/or process to be audited

the roles and responsibilities of the audit team members

the names or job titles of the process owners in the auditee organisation

Opening meeting time

Closing meeting time

Break times

Periodic progress review meetings between the auditor/auditee

Question-5

Four items of objective evidence which an auditor might seek to verify conformance with the
requirements of clause 6.1.3 of ISO 45001?

solution
A process to identify legal requirements & maintain access

A list of legislative, regulatory & other requirements

Communications with employees are in place regarding legal or other issues

Identified responsible & competent people for maintaining legislative compliance

Reviews are in place to assess changing legislative or other requirements

Proof of implementation of legislative requirements

Question-6

what “competent” means ?

solution
Competence is having demonstrated ability to apply the knowledge, skills, education and / or
experience to perform safely in the workplace.

Question-7

Four ways in which an organisation can encourage worker participation in an OHSMS ?

Solution
 Consult workers on the content of the OHSMS

 Provide training on OH&S matters at no cost to the worker

 Involve workers in determining OH&S hazards and risks

 Communicate with workers on all aspects of the OHSMS

 Implement a formal process for worker representation in the OHSMS

 Question-8

Four benefits of an effective OH&S management system ?

solution
Gives a framework for having OH&S policies that contribute to safe working practices and
legal obligations are met.

Satisfies expectations of stakeholders

Reduces financial losses and liabilities

Helps preserve, retain and develop staff

Reduces accidents and incidents by providing a framework for assessing hazards and
managing risks

Provides a process for measuring performance against pre-determined standards and the
development of actions to improve

Provides confidence to customers and stakeholders

Management assurance/confidence

Can reduce insurance premiums and protect against legal action for injuries

Question-9

Four different ways an auditor may obtain objective evidence whilst performing an audit.

solution
Ask question and listen to answers
Observe activities
Examine documented information
Cross checking on information gained in one area with another

Question-10

Explain the difference between an ‟audit programme‟ and an „audit plan‟

solution
An audit programme sets out arrangements for a series of audits, such as a programme for
internal audits.
An audit plan details the arrangements within a specific audit.

Question-11

ISO 45001 requires organisations to determine methods for monitoring and measuring OH&S
performance. Give four examples of typical measures that could be used by an organisation.

solution
assessments of compliance with legal requirements and other requirements

the effective use of the results of workplace safety tours or inspections

 evaluation of the effectiveness of OH&S training

use of OH&S behaviour-based observations

use of perception surveys to evaluate OH&S culture and related employee satisfaction

the effective use of the results of internal and external audits

completion of legally required and other inspections as scheduled

the extent to which planned actions have been implemented

the effectiveness of the employee participation process

the use of health screening

work activity assessments

benchmarking against good OH&S practices

Question-12

Explain the difference between an Monitoring & Measurement

solution
Monitoring is determine status of a process like health monitoring
Measurement id determine a value like 20 degree C temperature

Question-13
During an audit of an insurance company an auditor noted that members of staff were using
portable ladders to reach shelves containing files. The highest shelf was 3 metres high. No
assessment of OH&S risks had been carried out for this activity and a non-conformance report
was raised.

Give at least four examples of evidence that could allow the auditor to consider closing out
this non-conformance.
solution
Risk register showing that relevant hazards have been identified, OH&S risks have now
been assessed and appropriate operational controls have been determined.

Training records showing that all appropriate staff have been made aware and had suitable
training on OH&S issues with respect to use of ladders and working at height and particularly,
the new operational controls in place.

Emails showing that the new operational controls had been communicated to workers‟
representatives and other interested parties.

Interviews from a follow up audit visit to the office to verify that all staff are working to the
new operational controls and they are effectively implemented.

Question-14

Give at least 4 reasons for an auditor preparing documented information for audit (or stage
one audit).

solution
 Establishing if the documented information requirements of ISO 45001 have been met.

Assessing an organisation‟s readiness for an ISO 45001 audit.

Aiding the planning of an on-site audit.

Allowing the Audit Team Leader to establish whether a topic specialist/expert needs to be
included onto the team.

Determine whether the scope of the audit aligns with the processes covered by the
documentation.

Determine logistics and/or to help with the Stage 2 Plan

Question-15

List four reasons why OH&S objectives are an important part of an OHSMS
Solution
to maintain and continually improve the OHSMS

to enhance the performance of the OHSMS

to promote a culture which supports the OHSMS

to promote worker participation in the OHSMS

to contribute to the documented information in a OHSMS

To encourage a systematic approach to improvement

Question-16
In an effective internal communication process in accordance with ISO 45001.

Identify two topics that ISO 45001 requires to be communicated internally.

solution
OH&S Policy

OH&S Objectives

Responsibilities and authorities for relevant roles within the OHSMS

OH&S hazards, OH&S risks and actions that are relevant to workers

Operational controls

emergency preparedness and response

the nature of incidents or nonconformities and subsequent actions to address

them the results of any action and corrective actions, including their effectiveness
 Question-17

List three methods an organisation could use for effective internal communication.

solution
Team briefings

Notice boards

Electronic – emails, intranet

Suggestion schemes

Induction training

Safety committees or teams

Tool box talks

Question-18

Three reasons for using an evidence-based approach to auditing.?

solution
Evidence of conformance or nonconformity is objective

Evidence is subject to a degree of verification at the time or at a later date

Use of evidence demonstrates a rational approach

Evidence can be sampled as a basis for evaluation

Question-19

Two methods which an auditor may use to gather evidence. ?

solution
Interviewing people

Sampling documented information

Observing processes and activities

Question-20

Give one reason for conducting an OHSMS stage 1 audit as part of a third party certification
audit.
Solution
To review the documented system for conformance to ISO 45001

To evaluate the state of implementation of the OHSMS

To determine readiness for the stage 2 audit

To assess logistical arrangements and requirements for the Stage 2 audit

 Question-21

At the closing meeting, a representative of the top management of the auditee organisation
informs the auditor that they have now implemented a process to correct a serious
nonconformity that the auditor found on the first day of a two-day Stage 2 audit. The
representative of top management proposes that the auditor examine the process during the
meeting and then withdraw the nonconformity report.
How should the auditor respond?

solution
I cannot withdraw it as it represents the situation at the time of the audit.

I will note that a process has now been implemented.

I need to obtain evidence of effective implementation.

I will check the operation of the process later (next time).

The closing meeting is not an appropriate time to:

- assess a new process

- close out a nonconformity without verifying the effectiveness of implementation of

the corrective action

Question-22

Give one example of documented information for audit an auditor would prepare before an
audit.

solution
A checklist, marked-up process diagram, or similar document that acts as a prompt and
which is based on the requirements of the Standard and the organisation‟s own
arrangements.

or

Audit plan which establishes the audit arrangements and activities

b) Briefly describe how you would use it during the audit. Include at least 4 benefits of its
use in your description.

Typical solution
A checklist will be used to guide the auditor through the audit in a
 structured way,
 ensure coverage of all necessary requirements
 as a memory to make sure the requirements of the standard are being covered.

Or

An audit plan
 tells the team and the client the sequence and timings for the audit activities including
opening and closing meetings.
 It identifies resources and auditee attendees.
  It will be used to communicate arrangements and to maintain focus on the time
available. It can be used to prioritise and can be changed as appropriate to
accommodate unexpected events.
 It is used by the auditee to ensure key people know when they are needed during the
audit so that they may plan their work around their audit commitment

Question-23
List five subjects to include in a closing meeting and describe the purpose of each.
solution
Sampling disclaimer
Purpose – To advise the management that the evidence was collected based on a sampling
process and to communicate that although no findings were raised in some areas they could
still exist.

Reporting methodology or grading system

Purpose – To ensure the auditee understands the significance of findings and consequences
on the outcome and can prioritise corrective actions.

How the audit findings should be addressed based on the agreed process
Purpose – to explain the action(s) the audit client should take to respond to the audit finding

Possible consequences of not adequately addressing the audit findings

Purpose – to communicate the consequences of failing to address the findings in a timely
manner. This could result in withdrawal of certification (for third-party audits) contractual
problems (for second-party audits) and escalated to senior management (for internal audits)

Presentation of the findings and conclusions

Purpose – To ensure they are understood and acknowledged by the auditee.

Related post-audit activities

Purpose – To communicate the process for the implementation and review of corrective
actions, for addressing audit complaints and for making an appeal.

Question-24
List in the correct sequence the four typical main phases involved in an OHSMS stage 2 audit
and briefly describe the audit team leader‟s role during each of these.
Solution
P E R C
Plan
Contacts the client, agrees date, prepares an audit plan, creates checklists, prepares
documented information for audit, arranges logistics etc.
Execute
Leads opening meeting. Conducts briefing/review meeting with team members. Uses
checklists to ask questions, examines documented information, observes activity, follows
audit trails. Makes notes and records objective evidence, confirms facts with the
representative, grades findings, chairs closing meeting, makes a recommendation at closing
meeting.
Report
Formalises any findings requiring corrective action as well as positive points. Writes and
issues a summary report. This would be in addition to the verbal summary given at the
closing meeting.
Close out
Considers the corrective action proposals and evidence submitted by the auditee. Assesses
adequacy of root cause analysis. Accept or rejects these

Question-25

In your own words, explain how an auditor might demonstrate being open minded.
Typical solution
Being receptive to other people‟s points of view and willing to accept their ideas and
opinions.

Not having fixed or pre-conceived ideas of how something must be done, being receptive to
new and different ways of meeting the requirements.

Not interpreting one‟s own prior experience of how something is done as the only way;
listening to and being receptive to different views and being able to accept that others may be
correct.

Question-26
Give two specific examples of a close-minded auditor.

solution
An auditor who accepts only hard copy documentation

An auditor who refuses to accept auditee requests for minor changes to the audit plan
schedule

An auditor who always over-rides the opinions of audit team members

Question-27

Describe the purpose of the closing meeting

solution
The purpose of the closing meeting is for the audit team leader to present the audit findings
and conclusion. For third party audits it relates the recommendation that will be made to the
Certification Body/Registrar as to whether certification should be granted and any conditions
that may pertain.

Question-28

List three items to be included in a closing meeting.

solution
Advise that the audit was based on sampling of information available at the time

Comment of positive features of the OHSMS

Discussion on findings that require corrective action to be taken

The method of reporting that will be used

The process for handling corrective action responses

Highlight the possible consequences of not adequately addressing the audit findings
 Recommendation for certification or otherwise if a third-party audit

Confirm the confidentiality of the audit process and resultant report

Resolution of any differences of opinion on the findings and audit conclusion

Describe the right to appeal and complaints handling

Question-29

In your own words and using examples as appropriate, briefly explain the difference between
„preventive measures‟, „correction‟ and „corrective action‟.
solution
Preventive measures are actions taken to address the potential for a nonconformity to occur.
For example, assessment of OH&S risks at the start of a new project, or preventive
maintenance of plant and equipment.
Correction is action taken to put right what is wrong. An example would be removing a trip
hazard such as a spill of fluid on the floor.
Corrective action is reactive action taken to address the root cause of a problem to stop it
happening again. For example, using covered or sealed containers to prevent spillage when
being moved.
.
Question-30

Describe the purpose of the opening meeting

solution
a) The purpose of the opening meeting is to confirm the audit plan, introduce the audit team
and ensure that all planned audit activities can be performed.

Question-31

List three items to be considered at the meeting

solution
b) The following items should be considered in an opening meeting as appropriate:

Introduction of the participants, including guides, observers and interpreters

An outline of the participants roles

Explanation of the audit methods that will be employed to manage risks to the auditee
arising from the presence of audit team members

Confirmation of the audit objectives, scope and criteria

Confirmation of the audit plan and other relevant arrangements with the auditees, such as
date and time for the closing meeting and interim meetings, and any required changes to
programme

Confirmation of formal communication channels between the auditee and the audit team

Confirmation of the language to be used during the audit

Confirmation that during the audit the auditee will be kept informed of progress
 Confirmation of the availability of resources and facilities required by the audit team

Confirmation of matters relating to confidentiality and information security

Confirmation of relevant access, health and safety, security, emergency and any other
arrangements for the audit team

Confirmation of any activities on site that could impact the conduct of the audit

Confirmation of the methods of reporting audit findings including any criteria to be used

for
grading

Question-32

Outline five items that an audit plan should include.

solution
Audit scope and objectives – what the audit includes/excludes and the purpose of the audit.

Audit criteria and reference documents – the requirements conformity is to be determined

against

Audit methods – how the audit is going to be undertaken.

Audit timetable – Start and finish times, day, dates etc. for the overall audit.

Audit activities – Location, dates, sequence and expected times and duration of each audit
activity.

Meetings with auditee – Timings for opening and closing meetings with the auditee. Also,
timings for daily review meetings with the auditee.

Meetings with Audit Team – Scheduled auditors‟ meetings and methods for team
communication.

Allocation of resources – including the name of the auditor, guides and observers scheduled
to audit each activity.

Reporting – reporting methods, confidentiality, security and reporting language.

Question-33

Briefly describe why it is important to contact the auditee prior to an audit. (This might be
the process owner for an internal audit or relevant management for an external audit).
solution
To confirm arrangements and provide the auditee with an opportunity to ask questions
about the audit process.
To establish the viability of the audit, ensure there are no practical obstacles to the audit
(e.g. factory shutdowns or regulator inspections)
To ensure it is safe to perform the audit and ascertain any site access requirements (e.g.
ID, security clearances etc.)
To ensure a common understanding exists of the purpose and arrangements for the audit,
including its scope and criteria.
To build rapport, introduce yourself and set the scene for the audit.
 Question-34

Three topics you would want to discuss when contacting the auditee prior to the audit.?
solution
Any significant changes to the planned arrangements

General arrangements, contacts and guides, working hours

Site rules and access – for occupational health and safety arrangements and any personal
protective equipment needed.

Arrangements for opening and closing meeting

The audit plan, timings and duration

Issues from previous audits and corrective action taken

Questions related to concepts in

OHSMS Question-1

a) List four key aspects you would need to consider when auditing top management
involvement as required by ISO 45001.
Solution
OH&S Policy
Resource Availability
System
Improvement
Management Review

b) List six checkpoints based on these key aspects. State the relevant clause number.

solution
OH&S policy
Has the OH&S policy been established and implemented by top management and is it being
maintained? 5.2

Does the policy contain top management commitment to:

- the provision of safe and healthy working conditions for the prevention of work-related
injury? 5.2a

- the elimination of hazards and the reduction of OH&S risks? 5.2d

- to continual improvement of the OHSMS? 5.2e

- to comply with applicable legislation? 5.2c

- to consultation and participation of workers, and where they exist, worker‟s

representatives? 5.2f
Has the policy been communicated? 5.2

Resource availability
Has top management made available resources essential for establishing, implementing,
maintaining and improving the OHSMS? 5.1d
 Has top management ensured that the responsibilities and authorities for relevant roles
within the OHSMS have been assigned and communicated? 5.3

Has top management assigned responsibility and authority for reporting on the performance
of the OHSMS to top management? 5.3b

Have specialist skills and knowledge requirements been identified? 7.2a and catered for?
7.2c
Improvement
Does the OH&S policy commit to continual improvement? 5.2e

Have objectives at been set at relevant functions and levels? 6.2.1

Are objectives measurable? 6.2.1b

When planning to achieve its OH&S objectives have timeframes and responsibilities been
defined? 6.2.2

Is planned action to achieve OH&S objectives monitored? 6.6.2e

Are key characteristics of operations regularly monitored 9.1.1

Management Review
Do top management chair a review at planned intervals? 9.3

Is there an agenda for the meeting? 9.3

Does the review consider the outcome of internal auditing? 9.3.d.4

Is the extent to which the OH&S policy and OH&S objectives have been met reviewed? 9.3c

Is the outcome from compliance monitoring reviewed? 9.3.d.3

Are the results from consultation and participation activities and communications for
external interested parties considered? 9.3.d.5, 9.3f

Are opportunities for continual improvement considered? 9.3g

Are changes to context considered including changes in legal requirements? 9.3.b.1, 9.3.b.2

Question-2

You are conducting an external audit with ISO 45001 as the audit criteria. The next item is a
meeting with top management to audit the OH&S policy, OH&S objectives and planning to
achieve OH&S objectives.
Develop a checklist that would help you perform this audit. It must contain a series of five
audit checkpoints/questions which cover these three issues. For each checkpoint, identify
examples of the audit evidence you would want to gather and state the appropriate ISO
45001 reference.

solution
OH&S Policy – 5.2a through 5.2f
- How is the Policy developed? Evidence of management involvement, e.g. directing
development, reviewing drafts, authorising the Policy.
- Is the Policy appropriate to the business? Evidence that the Policy reflects the scale and
nature of the organisation‟s OH&S risks and opportunities.

- Does the Policy include commitment? Evidence that the Policy commits to the provision of
safe and healthy working conditions, the prevention of injury and ill health, to consultation
and participation with workers, to eliminate hazards and reduce OH&S risks, to ensure
compliance with legal requirements and to continually improve OH&S performance.

- Does the Policy provide a framework for setting and reviewing objectives? Evidence that the
Policy and objectives are aligned and are consistent with each other.

- How is the Policy communicated? Evidence that there is a process for communicating the
Policy and evidence of awareness of the Policy within the organisation and is available to
interested parties, as appropriate.

- Has the Policy been reviewed? Evidence of the Policy being reviewed, e.g. at
management review.

OH&S Objectives – 6.2.1

- How are OH&S objectives established? Evidence top management involvement in ensuring
objectives are established, e.g. authorising objectives.

- How are objectives chosen? Evidence that objectives are linked to policy and take into
account legal requirements, OH&S risks and opportunities and OH&S performance and
that they have also taken into account the results of consultation with workers and, where
they exist, workers‟ representatives.

- Are objectives established at relevant functions and levels? Evidence that OH&S objectives
have been communicated appropriately within the organisation.
- Are objectives measurable or capable of performance evaluation? Evidence that targets
have been established and progress towards the achievement of objectives is being
monitored.

Planning to achieve OH&S objectives – 6.2.2

- When planning how to achieve its OH&S objectives, has the organisation identified what will
be done, what resources will be required, who will be responsible, when it will be completed,
how the results will be evaluated (including indicators for monitoring), how the actions to
achieve OH&S objectives will be integrated into the organisation‟s business processes?

- Is the organisation maintaining and retaining documented information on its OH&S

objectives and its plans to achieve them?

Question-3

a) In your own words, state your understanding of the phrase „context of an organization‟ in
relation to its OHSMS.

Solution
The context of an organization comprises of the internal and external issues which can affect
its OHSMS. These may include the conditions, characteristics or changing circumstances
which can impact the OHSMS.
b) Give four examples of interested parties who may need to be taken into account in the
OHSMS of an organisation operating heavy lifting equipment. Identify one item of objective
evidence to be sought for each example and briefly state why it is relevant.

(Example – evidence – relevance)

Regulatory authority – Inspection Certificates – Evidence of regulatory compliance

Subcontractors on site – OH&S briefing records – Awareness of OHSMS practices

Workers representatives – OH&S meeting minutes – Proof of involvement

Site visitors – Safety leaflet – Awareness of OHSMS policies

Clients – Sales orders – Specified requirements on OH&S

Suppliers – Purchase orders/Test certificates – Proof of safe working loads

Question-4

As part of an on-site OH&S audit to ISO 45001 you have been assigned by the audit team
leader to verify that the continual improvement of the OH&S management system (as
required by clauses 4.4 and 10.3) is effectively implemented. Your objective is to seek
evidence of a planned and systematic approach to OHSMS improvement throughout the
organisation, taking into account applicable requirements from ISO 45001.

Outline in a checklist how you will perform this part of the audit by developing a series of ten
audit checkpoints that you could use to guide you through the audit in a structured and
systematic way.
State the applicable requirement of ISO 45001 in each case.
solution

Policy
The OH&S policy is available as documented information and includes a commitment to
continual improvement of the OHSMS. (5.2 & 5.2e)
Effectiveness of the OHSMS is monitored and measured?
Evidence of records of results from performance monitoring, operational controls and
conformity with OH&S objectives (9.1.1) and consideration of improvement recommendations
at management review. (9.3g)

Objectives
There is a process for establishing OH&S objectives, at relevant functions and levels. Evidence
that objectives are set and deployed throughout the organisation. (6.2.1)
Objectives are measurable and are consistent with OH&S policy aim to achieve continual
improvement. (6.2.1)

Documented information to evidence planning to achieve the OH&S objectives which identifies
what will be done, what resources will be required, who will be responsible, when it will be
completed, how the results will be evaluated, and how the actions to achieve OH&S objectives
will be integrated into the organisation‟s business activities. (6.2.2)

Resources
Evidence that resources are made available to enable improvement of the OH&S MS. (people,
equipment, investment). (7.1)
Action to address OH&S risks
Assessment of OH&S risks and other risks to the OHSMS. Documented information showing
the pro-active identification of potential non-conformance. (6.1.2.2)
Effectiveness of actions taken. Documented information showing evaluation when non-
conformance occurs to determine whether it could have been foreseen (10.2)

Emergency preparedness and response

Potential emergencies and accident situations are identified. Evidence that response
processes are planned and implemented and results available. (8.2)
Revising the emergency response. Documented information relating to any accident and
emergency situations that have occurred to see if lessons were learnt and improvement
opportunities identified. (8.2)
Periodic test. Evidence of records of any rehearsal of accident and emergency situations that
to identify improvement opportunities. (8.2)

Evaluation of compliance
Periodic evaluation of compliance. Documented information which shows that positive
evidence is obtained by audits to identify that all legal requirements are being met or if not
what opportunities to improve the OHSMS exist. (9.1.2)

Internal audit
Audits identify opportunities to improve the OHSMS. Evidence of audit reports showing
nonconformities identified. (9.2)

Corrective action
Effective corrective action is taken. Evidence of records showing root cause analysis is
undertaken and that nonconformities do not recur. (10.2)

Management review
Review assesses opportunities for improvement. Documented information evidencing that
review inputs are used to evaluate performance and achievement of legal compliance, OH&S
objectives and policy. (9.3)

Recommendations for improvement

Documented information to evidence improvement recommendations. (10.3)
Review outputs include improvement actions and decisions
Documented information showing what actions and decisions relating to improvement
opportunities identified and recommendations have been made. (9.3)

Question-5

Explain the difference between the terms “correction” and “corrective action”
Solution
“Correction” is the action taken to eliminate a detected nonconformity in order to deal with
the consequences of the nonconformity.
“Corrective action” is the action taken to eliminate the cause of the nonconformity in order
to prevent its recurrence.

b) A major nonconformity was raised by a certification auditor during a site audit of a

construction company when a worker was found working on his own in a 4-metre-deep
manhole with no safety precautions being taken.
Give two examples of “correction” and two examples of “corrective action” which could apply
to this situation. State the relevant clause of ISO 45001 for each example.
Solution
Correction
Assist the worker to safely leave the manhole immediately (10.1.a)

Physically restrict access to the manhole until the necessary safety measures are in place
(8.2)

Train the worker in confined space safety procedures (7.3.e and f)

Provide the worker with any necessary personal protective equipment (PPE) e.g. a safety
harness (7.1)

Ensure that site management is aware of its legal obligations relating to confined space
working (6.1.3)

Raise an incident/non-conformance report to document the situation (10.2)

Corrective Action
Determine whether all the hazards associated with working in a manhole have been
identified and correctly assessed for risks to safety (6.1.2.1 and 6.1.2.2)

Ensure that compliance with legal requirements is up to date and communicated to all
parties (6.1.3)

Review OHSMS objectives and action plans to ensure that confined space working
procedures are improved (6.2)

Ensure that both managerial and non-managerial workers are competent to manage or
conduct work processes safely in confined spaces (7.2)

Question-6

Risk management is an essential discipline if an organisation wishes to prevent losses

resulting from incidents and near misses.
If you were an auditor examining whether or not an organisation had implemented a robust
approach to managing its risks, identify ten relevant topics to consider when gathering
evidence on this subject.
Solution
The system should identify hazards and identify who is at risk from the hazard – workers,
members of the public, contractors, visitors

Assess that the process to determine the applicability of legislation and its implementation
is in place and robust

The system should then evaluate the OH&S risk and provide for a means to classify the
risks in a manner appropriate to the levels of risk

An assessment of OH&S risk should be undertaken before a planned activity or

development of a new process or facility

The results of the assessment of OH&S risk should then be retained as documented
information which should examine how the risk can be reduced taking into account the
hierarchy of controls. The documented information should seek to address the classified risks
in order of priority with appropriate objectives and targets and operational controls

Planned action can then be implemented with control measures put in place – purchase,
modifications to the system and communication of the planned action

The planned action must be monitored and measured, and any deviation managed

Control measures should be regularly reviewed to ensure that they are adequate

Personnel should be trained appropriately to be aware of requirements and any deviations

from acceptable practises.

Hazard identification should be regularly reviewed in the light of regular site inspections and
audits

OH&S risks should be regularly reviewed for currency from internal monitoring of non-
conformances, near misses and incidents, internal or external accidents, accident statistics for
the type of industry, sector specific journals, government etc.

Employees should be able to communicate hazards and risk through formal means such as
meetings and employee representatives

Question-7

During a Stage 1 visit to an organisation you note that a construction company, contracted to
repair and maintain the site drainage system, is currently working in the main production
area. The organisation informs you that production is continuing, and the production
personnel have to work around the contractor‟s activities (which involves removing and
replacing many of the existing drains).
Next month is the Stage 2 audit and you are the lead auditor carrying out the audit.

Explain what you would wish to examine by listing at least 10 issues or audit checkpoints for
investigation making reference to relevant clauses of ISO 45001.
Solution
Adoption of a logical and systematic approach to considering the assessment of OH&S
risk‟s, planned actions and controls relating to the construction company‟s activities, the
production area, and how the construction is affecting the OH&S related issues of the
production activities. (8.1.4.2)

Has the contracting company been inducted on the OH&S policy and the Occupational
Health and Safety arrangements of the organization? (7.3a, 7.4.3)

Is the construction company working within the organization‟s OH&S management system?
(8.1.4.2)

Has the organisation established that the contractors working on the drains are suitably
competent? (7.2b)

Are adequate communication arrangements in place? (7.4.3)

Review the process for the assessment of OH&S risks. Have OH&S risks been reviewed and
revised as appropriate to take into account the effect of the construction company‟s activities.
(6.1.2.2)
 Has the organisation taken into account relevant legislation/regulations when determining
the controls required? (6.1.4)

Confirm the application of an appropriate process to verify if hazards associated with this
type of construction have been identified (6.1.2.1)

Verify that process(es) for the elimination of hazards and reduction of OH&S risks have
being applied on the work being carried out to date (8.1.1)

Review the arrangements for performance monitoring and measurement. Do these address
the contractor‟s activities? (9.1.1a)

Review the accident/incident statistics. Is there any documented information to confirm that
they have been analysed? (10.2)

Is there any evidence that the risk/operational controls are not effective? (10.2)

If so, do the accident/incident reports for establish of root cause? (10.2)

Examine corrective actions based on investigation reports (10.2)

Question-8

You are conducting a third-party, ISO 45001 audit of a food processing company, focussing
on their internal audit process.
You determine that the organisation‟s occupational health and safety system internal audit
programme has been the same for the past four years. Each department is audited once
every year and audit objectives have been limited to checking that the operational controls
are carried out as described in documented information.
a) There are two requirements of ISO 45001 clause 9.2 that are unlikely to be met based
on what you have determined so far.

Describe these two requirements.

b) List three topics that you would want to discuss with the audit programme manager during
your audit. For each topic, briefly outline what you would want to discuss and why. State the
applicable clauses of ISO 45001 as appropriate.

solution

a) The two ISO 45001 requirements that are unlikely to be met are:
1. The audit programme appears not to take into consideration the importance of the
processes concerned and the results of previous audits (9.2.2.a).
2. Audits appear to focus on conformity (9.2.1a) and do not appear to determine whether the
OH&S Management system is properly implemented and maintained (9.2.1b).
Agenda topics

Criteria for developing the audit programme (9.2.2). To assess the basis for deciding on the
current programme and whether the importance of the processes concerned, and the results
of previous audits are a consideration.

Results of previous audits (9.2.2). To determine if planned audits have been completed.
Has there been any analysis of the results? Are there any poorly performing areas,
departments or processes?
 Results of performance measurement and monitoring (9.1.1). To assess whether the
information would suggest that auditing of certain processes and areas should be more
frequent than others.

Incident investigation (10.2). To assess if the investigations indicates areas of weakness or

opportunities for improvement that should be considered when planning and conducting
internal audits.

Corrective actions resulting from audit findings (9.2 and 10.2). Have these been effectively
addressed and verified as effectively implemented with no evidence of recurrence?

Management review (9.3). Are audit results discussed at the management review? What
actions have resulted from review?

Auditor Competence and training (7.2). To determine if competence requirements have

been determined for the audit programme manager and auditors and if the necessary training
has been given.

Question-9
a) Explain, in your own words, the difference between a “hazard” and an “OH&S risk” .
Solution
A hazard in a OHSMS is a situation which could or does result in unintended injury or ill
health in an organisation.

An OH&S risk in a OHSMS is the degree to which a hazard is likely to cause injury or ill
health associated with the level of its severity.

b) You are conducting a OHSMS audit in the warehouse of a large distribution company
working mainly in the online market for books and other publications. From an overhead
gantry, you observe that there are a number of diesel powered fork lift trucks moving around
the floor area which has pallet storage racks four levels high. A number of people are pushing
trolleys along the passageways. You have noted that more safety incidents took place in this
area in the last year than in any other area.
Describe four hazards and their potential consequences in the warehouse which you would
expect to have been identified as part of their risk management process.

Solution
Moving vehicles (hazard) may collide with workers (consequence)

Diesel emissions (hazard) can cause respiratory problems for workers (consequence)
Noise (hazard) from the trucks which can cause hearing problems for workers
(consequence)

Poorly located pallets (hazard) which may fall from their racks and cause injury
(consequence)

Over extended forks (hazard) which may cause the truck or its load to imbalance especially
at height and cause injury (consequence)

Vehicles being driven too fast (hazard) which can cause loads to fall off and cause injury
(consequence)

Exceeding the safe load of racking/shelving (hazard) – this could lead to collapse, and
falling objects injuring personnel (consequence)
 Manual handling operations (hazard) – can lead to strain injuries (consequence)

Spillage of liquid or debris on the floor (hazard) - could lead to slips and trip injuries
(consequence)

c) Outline four opportunities for OH&S improvement which might eliminate these hazards
and reduce OH&S risks.

Solution
Replace fork lift trucks with automated materials control systems

Replace diesel trucks with battery powered vehicles with no exhaust emissions

Reduce noise by employing quieter electric vehicles

Install a warning system for detecting incorrectly located pallets

Fit a limiter to prevent over-extending of loads and forks

Fit speed limiters to the truck engines

Introduce mechanical lifting equipment

Implementation of regular housekeeping inspections

Better safety signage

Separation of vehicle and pedestrian traffic, clearly marked walkways, barriers

SECTION-4

Audit situation
During an audit of a company that refurbishes computers, you notice a new Spray Booth has
been built for use when painting small parts. It uses Aerosol Spray Cans. This activity used to
be sub-contracted overseas but has now been brought „in house‟.
You observe the spraying being carried out and note that there is a strong smell of solvent
even though the fans in the spray booths are operating. You note from the paint material
safety data sheet that the paint fumes are harmful and ask if an assessment of OH&S risks
has been carried out for this activity. The Manager replies stating that was not necessary as
the aerosol spray paint and the booths are similar to those used by the overseas sub-
contractor so the hazards are well established. The operators have access to face masks.
Your audit trail leads you to the accident and incident records and you note that there have
been recent reports of personnel complaining about „stinging‟ eyes and slight difficulties in
breathing. The action taken was to instruct operators not to put their heads too far into the
spray booth when spraying.

Solution

It is a Non conformity
Failure
The recent implementation of spraying small components has not been subject to an
assessment of OH&S risks. Harmful fumes from the paint process are not being extracted
away from workers effectively, causing health issues.
Evidence (3 marks for identifying the evidence)
Accident and incident records indicate that the health of workers is being harmed by the
vapours generated by the spraying activities. No assessment of OH&S risks has been
conducted. Operational control of the process in the spray booth is not suitably effective to
prevent harm.
Requirement
6.1.2.2 – “The organization shall establish, implement and maintain a process(es) to a)
assess OH&S risks from identified hazards while taking into account the effectiveness
of existing controls”

Audit situation
During a site visit for a stage 2 certification audit of a facility management company, you
notice that a window cleaner is stretching from a long ladder to clean a window pane on the
second floor. The ladder is resting on loose chippings. There is no indication that the ladder is
secured and the cleaner is unaccompanied. He is not wearing a safety harness and is working
with a bucket perched on the top rung of the ladder.
You discuss this situation with the OH&S Manager who states that the operator works for a subcontractor,
EasyClean. He adds that they have also used this subcontractor for many years to service their own clients. He tells
you that he has visited the contractor‟s offices to discuss OH&S issues and was satisfied with their level of awareness
of their responsibilities. He mentions that he will have a word with the operator about safety practices when using
ladders.

Solution
This is a non conformity
Failure
A contractor‟s operator working on site did not demonstrate awareness of the hazards and
risks associated with the work being undertaken by failing to take the necessary safety
precautions.
Evidence
The window cleaner‟s ladder was not anchored at the top or bottom, representing an unsafe
platform. The operator was not using personal protective equipment (PPE), e.g. a harness,
which could prevent a fall from height. The operator was over-reaching, thereby risking
overbalancing. There was no person guarding the foot of the ladder to direct people around it.
Requirement
7.3. – “Workers shall be made aware of hazards, OH&S risks and actions determined that are
relevant to them”.

Audit situation
You are auditing an organisation that delivers sandwiches to offices by a fleet of small vans
on a daily basis. You note that, over the past twelve months, there has been a twenty-five
percent increase in „near misses‟ for road traffic accidents recorded by the six employees.
You are provided with a verbal explanation as to how the incident reporting process operates.
The auditee further advises you that although this process is not maintained as documented
information, all six employees know how to report and record incidents, including any near
misses, as it is covered in the induction training.
You ask about the cause of the increase in near misses and are told “there are no special reasons; we can go for a
while without any and then we get quite a few in a short period”.

Solution
There is no sufficient evidence for a nonconformity.
Whilst an increase in near miss reporting may indicate an increase in near misses, it may just
indicate a better awareness of near misses and/or when to report them. There is no
requirement to maintain documented information which details the process for reporting
incidents.
Investigation points are-

Establish if there has been a campaign to increase awareness of near misses and how to
report them (6.2.1).

Review the assessment of OH&S risks for driving (6.1.2.2).

Ask if the driver‟s routes/work load have changed that may account for an increase in
near misses and assess whether any changes have been made to the assessment of OH&S
risks or operational controls (6.1.2.1) or (8.1.1).

Review the methods of communicating processes and establish if staff do understand how
to report incidents and near misses (7.4.2).

Establish if there is a process in place for gathering, recording, analysing and acting upon
near miss data (9.1.1).

Audit situation
You are in the production area of a food processing factory that employs 30 people and are
being given a tour by the Supervisor of the area. Due to the machines in operation, the area
is noisy so you have to go into his office so you can hear each other. Your preparation notes
for the audit record that, on a previous audit six months ago, you noticed two people were
not wearing hearing protection and raised it as an observation in your report. At the time the
Supervisor said he would remind the staff to wear hearing protection to stop it happening
again.
On this audit, you notice at least half of the workforce is not wearing their hearing protection
and there are signs in the area stating that hearing protection is mandatory. The Supervisor
says this is an ongoing problem, especially with the agency/temporary workers and he
reminds them during the monthly briefing sessions. He says he will take action and remind
the staff again to wear their hearing protection.
You confirm that the operational activities, conditions and the controls in place have not
changed since your previous audit and the current risk assessment is still valid.

Solution:
It is a Non conformity
Failure
The Supervisor is not taking appropriate action to ensure the safety of personnel working in
the area i.e. he is not addressing the problem
Evidence- fifty percent of staff not wearing hearing protection in an area where hearing
protection was mandatory and the Supervisor said he was aware that it was an ongoing
problem.
Requirement
5.3 – Workers at each level of the organization shall assume responsibility for those aspects
of the OHSMS over which they have control.

OR

Failure & Evidence

The staff are not implementing the controls necessary in the area i.e. they should be wearing
hearing protection
Requirement
8.1.1 – The organization shall plan, implement, control and maintain processes needed to
meet the requirements of the OHSMS by:
b) implementing control of the processes in accordance with criteria”

Audit situation
You are auditing an organisation that supplies offshore oil rigs with provisions and supplies
such as food, water, fuel and tooling. You are in an office that overlooks the quay side where
you can see a ship being off loaded with empty containers from an oil rig. The containers are
being lifted off the ship using a mobile crane and deposited onto a truck.
You witness a worker walk under a suspended load, crawl under the truck to get to the other
side and then secure the load from that side of the truck.
You establish that OH&S risks associated with the loading and off-loading of trucks have been
determined and appropriate documented operational controls are in place that forbid standing
beneath suspended loads. All staff are also trained in the use of these controls during their
induction training, which you had audited earlier and found to be well recorded and
administered.
The manager who was with you also witnessed this and said this was an “unusual” practice.
You later find that the worker was a full time/permanent employee who has worked for the
company for 3 years and he has been formally warned on several occasions before for similar
practices.

Solution
It is a Non conformity
Failure
The organisation has failed to ensure that all employees take responsibility for their own
safety by working to prescribed methods.
Evidence
Employee was witnessed walking under a suspended load, crawl under the truck to get to the
other side and then secure the load from that side of the truck.
Records show that this employee has been formally warned before for similar practices.
Requirement
5.3 – Workers at each level of the organization shall assume responsibility for those aspects
of the OHSMS over which they have control.

Audit situation
You are in a call centre which is staffed twenty-four hours and employs two hundred and fifty
people. You have just completed your interview with the OH&S Manager who explained to you
the main hazards and risks in the centre‟s activities. You now proceed to the operations room
of the centre. And note that some operators are not wearing phone headsets and are cradling
the phone on their shoulder for several minutes at a time whilst talking and typing on their
computer terminal. You have confirmed that the assessment of OH&S risk for this activity
states that neck injuries and strokes can be caused by prolonged (over one minute) and
frequent cradling of a phone on the shoulder, and that the planned action introduced by the
organisation to address this risk was to make the use of headsets mandatory.
You raise this observation with the Operations Room Manager and he states that it was
difficult to ensure that the staff always used the headsets. Following protests from many of
the staff who did not want to wear them, he downgraded the headset use from mandatory to
advisable because it seemed a reasonable request. He was not aware of anyone having a
neck injury or being off ill because of telephone use. He said that this has made the staff
happier and easier to manage.
You try to establish if this change had been recorded anywhere but can find no objective
evidence to support this.
You also establish with the OHS Manager that the original assessment of OH&S risk and the
planned action to reduce it is still current.

Solution
It is a Non conformity

Failure
The organisation has failed to implement a planned action to address the OH&S risk to call
centre staff from holding telephone handsets incorrectly. As a result, staff are being placed at
risk of injury or ill health.

Evidence
It has been confirmed that a planned action mandates all call centre staff to wear a headset.
Not all staff wore headsets and the Manager has downgraded the use of headsets from
mandatory to advisory, without re-assessing the risk.
Requirement
8.1.1 – The organization shall plan, establish, implement and maintain the processes needed
to meet requirements of the OHSMS and to implement the actions determined in risk &
opportunity

OR
Failure
The Operations manager has informally changed the operational controls for the use of the
telephone without reassessing the OH&S risks in the light of this change.
Evidence
The Operations Manager has confirmed that he downgraded the use of headsets from
mandatory to advisory at the request of staff members, despite the organisation having
previously determined that the use of headsets would be mandatory. He has also confirmed
that that there has been no reassessment of the O&HS risk following the change in control –
“the original assessment of OH&S risk and the planned action to reduce it is still current‟
Requirement
10.2 – “The organization shall assess OH&S risks that relate to new or changed hazards, prior
to taking action”

Audit situation
When asking the OH&S Manager of a pharmaceutical manufacturer about the management
review process and how it relates to improvement of the OHSMS, the auditor learns that she
prepares a slide presentation every year for a meeting of the management board. She shows
the latest presentation to the auditor who observes that it is made up of historical data from
incidents, internal audits, legal compliance checks, external audits and improvement action
results. The auditor recognises selected slides from the presentation which he has seen
displayed on notice boards.
On enquiring about improvement decisions by the board, she advises that she has been
authorised to initiate any OH&S improvement objectives of her choosing as long as no
additional expenditure is involved. She explains that the company is severely constrained
financially at the moment. The auditor checks the minutes of the management review and
finds that this authorisation is documented but there is no mention of financial matters. The
auditor notes that the OH&S Manager has signed off the minutes of the management review
meeting.
Solution
There is no nonconformity

Further investigation is needed to

Determine the extent of involvement of top management in deciding on opportunities for

improvement (9.3)
Investigate whether the necessary resources are provided for the maintenance of the
OHSMS (5.1.d)
Check whether the necessary criteria are considered in the management review (9.3.a-g)
Check whether the outputs from the management review cover the required range of issues
(9.3)
Determine whether top management reviews the meeting minutes (9.3)
Enquire whether the OH&S Manager is part of top management (5.3)

Audit situation:
At the Burger Packing Machine station of a food processing organisation, you ask an
experienced operator if things ever go wrong with the machine that automatically folds up the
cardboard to form the box that contains the burgers.
The operator replies “Yes, the machine often stops because cardboard jams in the rollers”.
You ask if there is a formal procedure or instruction for unjamming the machine and the
operator says “yes, we were all required to watch an instructional video as part of our
induction training. This showed how cardboard jams could be safely cleared”.
You continue to observe the burger packing process and during the time you are present the
machine jams a further three times. In each case the jam is attended to by a different
operator who unjams the machine using a method which is different from that used by the
other two.
You later raise this with the production line supervisor who assures you that this is „not a
problem‟.

Solution:
It is not a non conformity because it may be that the instructional video outlines several
acceptable methods for clearing jams. Alternatively, the inconsistency could be due to
operators failing to follow a single, approved method

Following to be investigated-

Review the instructional video to confirm it establishes acceptable methods for clearing
machine jams 8.1.1
Determine whether the three methods observed were all acceptable according to the criteria
set out in the video 8.1.1
Examine the training records of the three operators to confirm that they had all seen the
video as part of their machine induction 7.2
Verify that the instructional video was in a language/format that was appropriate for the
operators 7.5.2
If the operators were not conforming to the accepted process, determine whether they
had been made aware of the implications and potential consequences of not following the
correct process 7.3
 Audit situation:
You are conducting a OHSMS audit in the production area of an engineering factory
that operates heavy presses, large drilling machines and Computer Numerical Control
(CNC) machines.
You notice an electrical switch with a large red button on the wall with the nearby inscription
“Emergency Stop”. A line of pallets containing the raw materials for the machine shop is
situated in front of the switch, preventing access to it. When you enquire about the switch,
the shop foreman states that it cuts the electricity supply to the machines but has never been
used as far as he knows. He says that the pallets will be moved shortly and were only located
in that position due to a busy period of work orders.
Earlier in the audit, you noted from the minutes of the Health and Safety Committee meeting
three months previously that the workers‟ representative raised the issue of access to
emergency switches in the machine shop. You ask to speak to this person but find out that he
left two months ago. Nobody has replaced him as the workers‟ representative.

Solution:
It is a Non conformity
Failure
The organisation has failed to implement control of the process for operating the emergency
stop switch in the machine shop.
Evidence
Access to the emergency stop button in the machine shop was seen to be prevented by the
location of raw material pallets in front of it. Records show that this issue was previously
reported to the H&S Committee.
Requirement
8.1.1.b - “implementing control of the processes in accordance with the criteria”.