Download as pdf or txt
Download as pdf or txt
You are on page 1of 105

Internal Auditor Training Course on OHSMS

ISO 45001:2018
(Course ID:OHM-003))
Table of Contents Bureau Veritas Certification

This manual, any documentation related thereto (with the exception of any national or
international standards referred to herein) and the information disclosed therein, is
confidential and proprietary to Bureau Veritas (BV). The information may not be used
by or disclosed to others for any purpose except as specifically authorised in writing by
BV. The recipient, by accepting this document agrees that neither the document, the
information disclosed therein nor any part thereof shall be reproduced or transferred to
other documents nor used or disclosed to others for any other purpose except as
specifically authorised in writing by BV.

(Copyright) 2018 an unpublished work by BV - All rights reserved.

Internal Auditor Training course on: OHSMS ISO 45001:2018

(Course ID:OHM-003)


Apr’18 Internal Auditor Training Course on OHSMS ISO 45001:2018 Page 1 of 2

(Course ID:OHM-003)
Table of Contents Bureau Veritas Certification


Section Title: File:

Table of Contents Text
Course Timetable Text
Chapter 1 Course Overview Slides

Chapter 2 Auditing ISO 45001-Context of the Organisation Slides

Chapter 3 Auditing ISO 45001-Leadership & Commitment Slides
Chapter 4 Auditing ISO 45001-Planning Slides

Chapter 5 Auditing ISO 45001-Support Slides

Chapter 6 Auditing ISO 45001-Operation Slides

Chapter 7 Auditing ISO 45001-Performance Evaluation Slides

Chapter 8 Auditing ISO 45001-Improvement Slides

Chapter 9 Planning, performing and completing and Internal Slides


Apr’18 Internal Auditor Training Course on OHSMS ISO 45001:2018 Page 2 of 2

(Course ID:OHM-003)
Course Timetable Bureau Veritas Certification




Session Chapter Exercise Title Start Finish

Registration 0845 0900

1. Chapter 1 Course Introduction & Overview 0900 0930

2. Exercise 1 Refresher session on Auditing 0930 1030

Coffee break 1030 1045

3. Ex 1 Review of Pre Course assignment 1045 1300

Lunch break 1300 1400

4. Exercise 2 Auditing ‘PLAN’& Leadership- Clause 4, 1400 1530


Coffee break 1530 1545

5. Chapter 2, Recap on auditing ‘PLAN’- & 1545 1630

3 &4 ‘Leadership’ - Clauses 4,5 & 6

6. Exercise 3 Auditing ‘DO’ - Clauses 7 & 8 1630 1715

7. Chapter 5 Recap on Auditing Plan and Leadership , 1715 1800

&6 Clause 7 & 8, Recap of the Day,
Questions and Answers – Home work

Apr’18 Internal Auditor Training Course on OHSMS ISO 45001:2018 Page 1 of 2

(Course ID:OHM-003)
Course Timetable Bureau Veritas Certification

Session Chapter Exercise Title Start Finish

Recap of Day 1 0900 0930

8. Exercise 4 Auditing ‘CHECK & ACT’ - Clauses 9 & 10 0930 1030

Coffee break 1030 1045

9. Chapter 7 & Recap on auditing ‘CHECK & ACT’- Clause 9 1045 1145
8 &10

10. Exercise 5 Quiz on ISO 45001 1145 1215

11. Exercise 6 Non Conformity reporting 1215 1300

Lunch break 1300 1345

12. Exercise 6 Non Conformity reporting (Contd/-) 1345 1415

13. Chapter 9 Performing, Managing an Internal Audit 1415 1500

14. Exercise 7 Auditing an operational Site 1500 1545

Coffee break 1545 1600

15. Written Examination 1600 1730

16. End of the course 1730 1745

Apr’18 Internal Auditor Training Course on OHSMS ISO 45001:2018 Page 2 of 2

(Course ID:OHM-003)
Internal Auditor Training on OHSMS ISO
(Course ID: OHM-003)

Chapter 1-Course Overview

Introduction - BVC

Bureau Veritas
 Established in 1828  Offices in 140 countries
 Turnover over 4.7 billion Euros  1400 offices incl laboratories
 Over 400 000 customers worldwide  Over 80 000 employees

Our Vision
Become the leader in our industry and a major player in each of our
market segments and key geographical markets.

Our Mission
Deliver economic value to customers through QHSESA management of
their assets, projects, products and systems, resulting in licence to
operate, risk reduction and performance improvement.

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 2

One of the most widely recognised certification bodies in the World

• Global Leadership in Management Systems Certification services

 6500+ auditors worldwide in 140 countries

 100,000+ companies certified
 World leader for Environmental Management System (ISO FDIS 45001)
 World leader for ethical and social certification (SA 8000)
 Most widely accredited Certification Body
 Global market leader in accredited training
 Global reach with local expertise
 Common sense and pragmatic audits

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 3

Classification and certification Risk management, quality Periodic inspection of Conformity assessment of
of ships and offshore assurance, quality control and asset equipment & facilities in buildings and infrastructures
integrity management of facilities
floating units operation
and equipment



Certification of QHSE Commodities inspection and Testing, inspection and Trade facilitation services
management systems and testing: oil & petrochemicals, certification of consumer
second party auditing services metals & minerals, agriculture goods

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 4

 Management System  Sustainability and Corporate

Certification Social Responsibility
Quality (ISO 9001) / Environmental Assurance of CSR Reports
Health & Safety (ISO 45001) Organic food & sustainable agriculture
Social Responsibility (SA 8000, ISO 26000) Carbon footprint and Carbon credit verification (CDM / JI / VCS)
Energy management systems (ISO 50001)
Biomass and biofuel sustainability

 International Certification
Programs  Sector specific standards
Multi-sites / Multi-schemes Food Safety (HACCP, ISO 22000, BRC, IFS, etc.)
Security in IT and Logistics (ISO 27001, ISO 28000)
Auditing programs Forestry management (FSC, PEFC, etc.)
based on customer-specific standards for Aerospace (AS/EN 9100, etc.)
Suppliers Network, Internal Transportation (IATF 16949, IRIS,/ISO 22163 etc.)




Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 5
Bureau Veritas is your historical trustful partner



Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 6
Total Bureau Veritas Certification Offer

Food Safety Health & Safety

► BRC Global Food Standard ► BS OHSAS 18001
► IFS International Food Standard ► Compliance Audits
► EurepGAP
Social Accountability
► Dutch HACCP and Danish HACCP DS 3027
► SA8000
► GMP+ and QS and GMO
► Global Reporting Initiative (GRI)
► Fami-QS
► Bio-terrorism Sustainability Services
► Supply Chain Management / Confidence ► ISO 14064
► ISO 14046
► ISO 14067
► ISO 9001
► ISO 50001
► AS/EN-9100
► ISO 55001
► TL 9000
► IATF 16949 Others:
► ISO 20000 ► Second Party Audits
► Integrated Management Systems\
► School Safety Management Systems
► Green Operation Theatres
► Forestry -PEFC, FSC
► ISO 39001
Security ► ISO 29990
► ISO 27001
► ISO 28000
• And Training services on all the above schemes……!!!
Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 7
Course introduction

Course Timing

08:45 – 18:00

Lunch breaks: TBD each country

Coffee breaks: mid morning & mid afternoon

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 8
Course introduction

House rules

► Facilities

► Safety rules & evacuation routes

► Courtesy
(mobile phones, pagers, recording devices)
► Local arrangements

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 9
Course introduction

►Learning Methods
 Tutorials
 Discussions
 Exercises
 Direct Tutor- Delegate

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 10
Course introduction

 Learning Objectives (Knowledge):

► To understand the changes in OHSMS specific requirements arising as a result of
migrating from OHSAS 18001 to ISO 45001:2018
► Understand new and revised terms/ definitions

► Understand the changes arising as a result of the adoption of Annex SL structure in

relation to OHSMS specific requirements:
► Context of the Organization
► Leadership
► Planning
► Support
► Operation
► Performance evaluation
► Improvement

And their impact on auditing practices

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 11
Course introduction

 Learning Objectives (skills):

► Planning the audit

► Conducting the audit

► Auditing an Occupational Health & Safety MS

► Auditing the new requirements

► Generating audit findings

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 12
Course introduction Delegate assessment

 Written Exam
 Multiple Choise & Short Answer
 Max Time : 30 Minutes

 Clean Copy of ISO 45001:2018 &

OHSAS 18001:2007 Documents are
Permitted for reference

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 13
Internal Auditor Training Course on : OHSMS
ISO 45001:2018
Chapter 2 : Auditing ‘Context of the Organisation’
Session Plan

► Objectives
► Understand auditing the requirements for “context of the organisation”, &
‘understanding the needs and expectations of interested parties for an OHSMS’

► Understand auditing the requirements for ‘scope of an Organisation’s OHSMS’

► Reinforce the learnings achieved through group tasks

► Methodology
► Delegate driven discussions with the help of overheads

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 15
4. Context of the Organisation

ISO 45001:2018 OHSAS 18001:2007


•4.1 Understanding the organization and its

•4.1 General requirements

• 4.2 Understanding the needs and
expectations of interested parties

• 4.3 Determining the scope of the OH&S

management system

• 4.4 OH&S management system

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 16
4. Context of the Organisation

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 17
4. Auditing Context of the Organisation
The organization have determined internal and external issues related with,
 Issues, positive or negative and include conditions, characteristics or changing
circumstances that can affect the OH&S management system
 competitors, contractors, subcontractors, suppliers, partners and providers, new
technologies, new laws etc are considered
 Check whether internal issues, such as governance, organizational structure,
roles and accountabilities are considered
 WHAT ELSE…………..?????
Understanding the needs and expectations of workers and other interested
 Check whether needs & expectations of workers and other interested parties
have been determined by the organization
 Check whether legal and regulatory authorities, parent organizations, suppliers,
contractors, workers’ organization are considered
 Check whether, owners, shareholders, clients, visitors, local community and
neighbors general public are considered
 WHAT ELSE………..????????

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 18
4. Auditing Context of the Organisation
Has the organization determined the scope of OH&SMS…?
 Check how the boundaries and applicability of the OH&S management system are
 Check whether the issues and needs & expectations are considered while defining scope of
 Check Whether the boundaries and applicability include the whole organization or specific
part(s) of the organization,
 Check the credibility of the organization’s OH&S management system with respect to the
scope determined
 Check any possible excluded activities, products and services that have or can impact the
organization’s OH&S performance, or to evade its legal requirements and other
 Verify how the organization has ensured that while determining the OH&S management
system boundaries and scope they have considered needs and expectations of the
interested parties
The organization shall establish, implement, maintain and continually improve an OH&S management
system, including the processes needed and their interactions, in accordance with the requirements of this
Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 19
Internal Auditor Training Course on : OHSMS ISO
Chapter 3 : Auditing ‘Leadership & Worker Participation’
Session Plan

► Objectives
►Understand auditing the new and enhanced requirements for Leadership covering

► Leadership and commitment

► OH&S Policy

► Organisational roles responsibilities and authorities

► Consultation & Participation of Workers

► Reinforce the learnings achieved through group tasks

► Methodology
► Delegate driven discussions with the help of overhead projector

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 21
5. Leadership & Worker Participation

ISO 45001:2018 OHSAS 18001:2007

5 Leadership and worker participation

 5.1 Leadership and commitment

 5.2 OH&S policy  4.2 Occupational H&S Policy

 5.3 Organization roles,  4.4.1 Resources, roles,

responsibilities & authorities responsibility, authority &
 5.4 Consultation and participation
of workers  Participation and

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 22
5. Leadership & Worker Participation

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 23
5. Auditing Leadership & Worker Participation

Interview Top Management:

 Interview top management to find out what are the strategic directions of the
 Check accountability for the effectiveness of the environmental management system
 Check whether the OHS Policy is adequately aligned with the strategic direction
 Check whether the OHS objectives are adequately aligned with the strategic direction
of policy
 Check through interviews of other personnel as to how the top management
encourages them to contribute to OHSMS
 Check how resources needed for OHSMS are made available
 Check evidence of communication , consultation & Participation
 Check how the top management promotes continual improvement of OHSMS
 Check how top management is supporting other relevant management roles to
demonstrate their leadership
 Check involvement of top management in monitoring example: observe top
management’s involvement during the audit – in opening/ closing meetings etc
 Check how top mgt is protecting workers from reprisals when reporting incidents,
hazards, risks and opportunities

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 24
5. Auditing Leadership & Worker Participation

OHS Policy
 Check whether the policy is documented and approved by Top Management
 Check whether the policy is appropriate to the purpose of the organization
 Check whether the OHS policy is adequately aligned with the strategic direction
 Check whether policy has a framework for setting objectives.
 Check whether the policy has a commitment to improve the OHSMS
 Check whether the policy has a commitment to eliminate hazards and reduce OH&S risks
 Check whether the policy has a commitment to consultation and participation of workers
 Check whether policy is communicated within the organization.
 Check the process of making the policy available to interested parties
 Check whether the policy is under document control example, is it reviewed/ approved for
adequacy, version controlled etc

Roles, Responsibilities and Authorities

 Check how responsibilities and authorities for relevant roles are assigned , documented
and communicated within the organization
 Has the Top management assigned the responsibility and authority to
 ensure the OHSMS conformities
 reporting the performance of the OHSMS,

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 25
5. Auditing Leadership & Worker Participation

Consultation and participation of workers

CHECK Whether …
 the organization has a process(es) for consultation and participation of workers
at all applicable levels and functions
 The organization have provided mechanisms, time, training and resources
necessary for Consultation & Participation
 access to clear, understandable and relevant information is provided
 are there any obstacles or barriers for Consultation & Participation
 Check whether emphasis is given for consultation & Participation of non-
managerial workers
 WHAT ELSE………??????

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 26
Internal Auditor Training Course on OHSMS ISO

Chapter 4 : Auditing ‘Planning’

Session Plan

► Objectives
► Understand Auditing the requirements of ‘planning the OHSMS’ taking into
consideration the Clause 4.1, 4.2 and 4.3 with requirements of Clause 6

► Understanding auditing the requirements for ‘determining and addressing risks

and opportunities’

► Understanding auditing the ‘Hazard Identification & Risk Assessment’

► Understanding auditing the ‘Objectives and Plan to achieve them ‘

► Understanding auditing the ‘Legal and Other Requirements and action plans’

► Reinforce the learnings achieved through group tasks

► Methodology
► Delegate driven discussions with the help of overhead projector

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 28
6. Planning

ISO 45001:2018 OHSAS 18001:2007

6.1 Actions to address risks and
► 6.1.1 General
•4.3.1 Hazard identification, risk
► 6.1.2 Hazard identification and
assessment of risks and opportunities assessment and determining controls
•4.3.2 Legal and Other requirements
► 6.1.3 Determination of legal
requirements and other requirements •4.3.3 Objectives and programme(s)
► 6.1.4 Planning action •

6.2 OH&S objectives and planning

to achieve them
► 6.2.1 OH&S objectives

► 6.2.2 Planning to achieve OH&S


Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 29
6. Planning

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 30
6. Auditing Planning

Action to Address risk and Opportunities

CHECK Whether…
 Issues, Needs & Expectation, scope of OHSMS are considered while determining risk & Opportunities
 Check whether Hazards OH&S risks and other risks are considered…..
 Check whether OH&S opportunities and other opportunities are considered ……
 Check whether legal requirements and other requirements are considered……..
 Check whether its been maintained as documented information.

Hazard identification and assessment of risks and opportunities

 Is there a valid process(es) for hazard identification and assessment of risk & opportunities
 What are the various considerations for the determination and assessment of Hazards, Risk &
 Is the effectiveness of existing controls considered while assessing the risks
 What is the methodology & Criteria for Assessment of Risk.
 Is there a exploration for opportunities related with work environment,
 Is there a exploration for opportunities to eliminate hazards and reduce OH&S risks
 WHAT ELSE……??????

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 31
6. Auditing Planning

Legal & Other Requirements

 Check how the organisation have determined the Legal & Other Requirements that are applicable to its
hazards, OH&S risks and OHSMS, and how they apply to the organization
 Check for applicable requirements from ,
 governmental entities or other relevant authorities;
 international, national and local laws and regulations;
 requirements specified in permits, licenses or other forms of authorization;
 orders, rules or guidance from regulatory agencies;
 judgements of courts or administrative tribunals.
 Check for any requirements/ obligations from other interested party requirements related to its hazards,
OH&S risks and OHSMS

 Check for documented information of organisation’s compliance obligations

 Check how this information kept up-to-date

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 32
6. Auditing Planning
Planning action
 Check how the organization have planned to take action to
 address these risks and opportunities
 Legal & Other Requirements
 prepare for and respond to emergency situations
 Check How the Actions are integrated in OHSMS and other business operations
 Check whether the organisation has evaluated the effectiveness of these actions.

OH&S objectives
 Check whether they consistent with the OHS policy;
 Are they measurable (if practicable), monitored at planned intervals communicated at relevant levels and
updated as per need
 Have the OHS Requirements, risk & Opportunities, Workers consultation accounted while setting them.
 Are they documented
Actions to achieve environmental objectives
 Check for the Action Plan evidences about,
 what is been targeted to achieve, is it effective
 what resources will be required to achieve the set objective and targets, have they been ensured
 who is made responsible at various functions and levels to achieve the set objectives and targets
 What is the time frame set to achieve the desired targets
 How the progress is monitored and evaluated at planned intervals
 Check how the management have integrated these objectives with their business policies.
 Are the plans documented.

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 33
Internal Auditor Training Course on OHSMS ISO

Chapter 5 : Auditing ‘Support’

Session Plan

► Objectives
► Understand auditing the requirements of ‘documented information’ and the
significant differences as compared to the earlier edition of the standard

► Understand auditing other changes in this edition of the standard with respect to
Resource management, Competence, Awareness and Communication

► Reinforce the learnings achieved through group tasks

► Methodology
► Delegate driven discussions with the help of overheads

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 35
7. Support

ISO 45001:2018 OHSAS 18001:2007


► 7.1 Resources  4.4.1 Resources, roles, responsibility,

accountability & authority
► 7.2 Competence
 4.4.2 Competence, training & Awareness
► 7.3 Awareness
 4.4.3 Communication, participation and
► 7.4 Communication consultation
► 7.4.1 General  4.4.4 Documentation

► 7.4.2 Internal Communication  4.4.5 Control of Documents

► 7.4.3 External Communication  4.5.4 Control of records

► 7.5 Documented information

► 7.5.1 General

► 7.5.2 Creating and updating

► 7.5.3 Control of documented


Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 36
7. Support

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 37
7. Auditing Support

Resource, Competency and Awareness

 Check how the resources are ensured for effective OHSMS
 Check what are necessary considered and how its been provided
 Check annual budget and investment plan with management
 Are the necessary competencies determined for specific job roles /
workers which that affects or can affect its OH&S performance
 Check the competency determination for people controlling
emergency situations, perform internal audits and OHS evaluations
 What Training on OHS management are planned

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 38
7. Auditing Support

Resource, Competency and Awareness

 How these trainings are been imparted to the identified people
 Is there any need felt for mentoring of people, or reassigning of tasks of
currently employed workers
 Check appropriate documented information of Education, Experience or
training or other actions as evidence of competence
 Talk to the Top Management, people at various functions and levels to check
their awareness
 Interview people to know what they understand about Policy, and OHS vision
of Top Management
 Are they aware about their specific job roles and associated responsibility
and authority if any
 What can happen if some thing goes wrong, OHS emergencies and what
response required

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 39
7. Auditing Support

 Check what information is required and is communicated
between whom
 What is the time and frequency of communication and
amongst who
 Who is responsible for the communication of OHS Information
 Have the organization identified what information needs to be communicated
 What is the methodology of communication (example : through which media meetings,
emails, displays etc)

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 40
7. Auditing Support

 Check the above for both internal communication within
the organization and for external communication to other
interested parties
 Is the documented information maintained on communication
as evidence
 How the organization is responding to the external communication received
from external interested party (example feedback or complaints from suppliers, customers,
NGO , Legal Auth. etc.)

 How the organization is responding to the external communication with

respect to its Legal and other requirements

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 41
7. Auditing Support

Documented Information
 Check whether documented information is reviewed and
approved by authorized persons prior to issue
 Check that the distribution of documented information
is controlled. For example whether it is available where
required, is confidentiality/ integrity protected during distribution
 Check that the documented information is accessible and retrievable
 Check that the documented information is stored and preserved in a manner
that it is adequately protected from unauthorized access, unauthorized
modifications, misuse etc
 Check that the documented information is legible
 Check that changes to documents are controlled. For example review and approval of
changes, identification of version number, ensuring that old versions are not inadvertently used etc

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 42
7. Auditing Support

Documented Information
 Check whether documented information is retained as per
needs of the organization or other interested parties.
For example : are there requirements of customers, legal
bodies that define retention periods of records?
 Check that documented information is disposed in controlled manner example
to protect confidentiality after disposal
 Check if documented information of external origin such as those received
from Interested parties, legal bodies etc are identified
 Check how the identified documented information of external origin are
available at points of use and adequately protected.

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 43
Internal Auditor Training Course on: OHSMS
ISO 45001:2018

Chapter 6 : Auditing ‘Operation’

Session Plan

► Objectives
► Understand auditing the ‘requirements of executing operational plans’,
‘processes controls’ and ‘emergency preparedness and response’ in OHSMS

► Understanding significant changes as compared to OHSAS 18001:2007


► Reinforce the learnings achieved through group tasks

► Methodology
► Delegate driven discussions with the help of overheads

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 45
8. Operation

ISO 45001:2018 OHSAS 18001:2007

► 8.1 Operational planning & control 4.4.6 Operational Control
► 8.1.1 General 4.4.7 Emergency preparedness and response
► 8.1.2 Eliminating hazards and reducing OH&S
► 8.1.3 Management of change

► 8.1.4 Procurement

► 8.2 Emergency preparedness and response

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 46
8. Operation

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 47
8. Auditing Operation

 Check what are the control processes identified and implemented for various
process which are needed in OH&S management
 Have the company taken actions to control the risks and opportunities arise from
initial assessment
 What are the criteria of operation and control of processes from H&S
 What are the controlled actions to protect the environment, prevent the pollution
and to prevent any noncompliance to compliance obligations
 Is there any hierarchy followed for controls of processes (e.g. elimination,
substitution, engineering administrative)
 Are the controls mechanism adequate and effective

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 48
8. Auditing Operation

 Check how controls applied for contractors’ activities and operations that impact
the organization or organization’s activities and operations that impact the
contractors’ workers or contractors’ activities and operations that impact other
interested parties in the workplace.
 How the Management of changes in OHSMS is controlled
 Are the applied controls follow “hierarchy of control”
 How these information are documented in the system
 Go to the site and observe the practice as per defined system
 Interview people at site to understand the actual practices at site
 See the site posting of information for operation controls.
 Check Controls over outsourcing

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 49
8. Auditing Operation

Emergency preparedness and response

 Check the process, how the organization has planned to
respond to potential emergencies such as Fire.
 Check the procedure to handle these potential accident and those which
may have catastrophic impact
 Check how the organization has responded to the emergencies and or accidents
if any in past
 If any accident or emergency happened, then what actions
have been taken to mitigate the adverse impacts and
 Are these action adequate and appropriate as per the magnitude of the situation
 How the organisation is periodically checking their preparedness to encounter

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 50
8. Auditing Operation

Emergency preparedness and response

 Has the organization periodically reviewed the procedure
for emergencies
 Is there any procedures amendment or revisions, check why…….
 If not revised check the history whether any accident occurred
in past and if yes, whether the organization have revised
the test procedures.
 Check the communication protocols for the above
 Has the information on above points documented as to as evidence of

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 51
CQI-IRCA certified :
PT 251:OHSMS ISO 45001:2018 Auditor
Migration Training Course (Module 2)

Chapter 7 : Auditing ‘Performance Evaluation’

Session Plan

► Objectives
► Understand auditing the requirements of ‘monitoring, measurement, analysis
and evaluation’ of an OH&SMS performance and effectiveness

► Understand auditing the requirements of other changes in this edition of the

standard with respect to Internal audits and management reviews

► Reinforce the learnings achieved through group tasks

► Methodology
► Delegate driven discussions with the help of overheads

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 53
9.Performance evaluation

ISO 45001:2018 OHSAS 18001:2007

► 9.1 Monitoring, measurement analysis and 4.5.1 Monitoring & measurement
► 9.1.1General 4.5.2 Evaluation of Compliance
► 9.1.2 Evaluation of compliance

4.5.5 Internal Audit

► 9.2 Internal Audit

► 9.2.1 Purpose of internal audits 4.6 Management Review

► 9.2.2 methods for internal audits

► 9.3 Management Review

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 54
9.Performance evaluation

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 55
9.Auditing Performance evaluation

Monitoring Measurement Analysis and evaluation

 Check if the organisation has determined process related
to monitoring, measurement, analysis and performance
 Check whether the methods for monitoring, measurement,
analysis and evaluation are able to produce comparable and
reproducible results. For example : check whether the process
is such that it does not lead to different interpretations.
 Check that the tools used for monitoring, measurement,
analysis and evaluation are checked for accuracy
(eg calibration of monitoring devices, testing of software used for analysis etc)
 Check that persons involved in monitoring, measure, analysis and evaluation are
adequately trained to produce correct and consistent results
 Check if the integrity of results of monitoring, measurement, analysis and in
order to ensure consistent and valid results

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 56
9.Auditing Performance evaluation

Monitoring Measurement Analysis and evaluation

 Check whether the frequency at which monitoring and measurement is done is
per plan
 Check whether the monitoring and measurement is performed by those who are
assigned this responsibility.
 Check if the analysis and evaluation is performed at the planned frequency and
by those who are assigned this responsibility
 Check if the results of analysis are evaluated against any criteria and what are
the results of such evaluation
 Check what actions are been taken on the outcome of monitoring
measurements analysis and evaluations
 Check how the information is documented.

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 57
9.Auditing Performance evaluation

Auditing the ‘INTERNAL AUDIT’ Process

 What are planned Intervals..?  Whether OHS importance of the

processes considered in planning
 Are the objectives well defined..?
 Whether results of previous audits
 How it is planned to verify the entire are considered
 How Audit Team is selected
 What methods Adopted..?
 How are results reported to
 Who are Responsible..? relevant parties

 How planning is done..?  What actions on NCRs

 How results are reported..?  Check documentation

 Auditor Competence management.?

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 58
9.Auditing Performance evaluation

Management Reviews
 Check whether management reviews are conducted as
per plan
 Check organization’s process for identifying changes to
the internal and external issues relevant to its OHSMS
 Check how these are collated and reported for consideration
during management reviews.
 Check what decisions are taken by the top management
based on the review of these changes. For example : Due to
changes in internal and external issues, are changes to OHS
policy, objectives,
OHS scope, risk assessment, OHS policies and procedures
 Check whether trends in audit results, nonconformities and corrective actions are
reviewed. Are corrective actions effective? Are there areas/ processes where NCR trend is
 Check what the trends indicate, in case results are not positive, verify whether the top
management has taken any decisions on continual improvement

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 59
9.Auditing Performance evaluation

Management Reviews
 Check whether H&S performance evaluation results are reported in the management reviews. What do
the trends indicate? What decisions has the top management taken for OHSMS processes and controls
for which the trends are performance results are not positive?
 Check whether trends in fulfillment of OHS objectives are reviewed. what the trends indicate. Are
objectives met?
 Check what decisions the top management has taken based on review of the objectives Are the
objectives still suitable or need to be changed? Do targets need to be revised? Are resources required
to enhance ability to fulfill the objectives?
 Check what mechanisms have been put in place to collect and report feedback from interested parties.
Is the mechanism proactive? Are responsibilities for this assigned? Is it comprehensive and timely?
 WHAT ELSE……….???????

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 60
CQI-IRCA certified :
PT 251: OHSMS ISO 45001:2018
Auditor Migration Training Course (Module 2)

Chapter 8 : Auditing ‘Improvement’

Session Plan

► Objectives
► Understand auditing the requirements of ‘Improvement’ of OHSMS performance
and effectiveness

► Understand other changes as compared with OHSAS 18001:2007 with respect

to ‘Improvement’

► Reinforce the learning achieved through group tasks

► Methodology
► Delegate driven discussions with the help of overheads

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 62
10. Improvement

ISO 45001:2018 OHSAS 18001:2007

10.IMPROVEMENT 4.1 General Requirement

► 10.1 General
► 10.2 Incident, nonconformity and  4.5.3 Incident investigation, nonconformity,
corrective action corrective action and preventive action
► 10.3 Continual Improvement
 Incident investigation
 Nonconformity, corrective action
preventive action

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 63
10. Improvement

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 64
10.Auditing Improvement

 Check what actions are being taken on results of OHS monitoring and measurement
 Check what actions are taken on the outcome of internal audit. Any actions taken on NCs , OFIs or
 Verify the documented information on the improvement actions recommended during management
 Check, how the nonconformance and noncompliances are identified in the system
 Are the immediate actions taken to correct the nonconformities and to control the situation
 What are the mitigation actions from management to deal with the consequences of nonconformity
 Is there any Pragmatic approach to identify the proper root cause(s)
 Check whether management have explored the possibility of similar potential nonconformity in other
process or part of management system
 What are the corrective actions taken to eliminate the defect.
 Is there any undue delay or deliberate delay from management to take further actions
 Is there a system exist to review the effectiveness of actions taken
 Check whether the corrective actions are appropriate to the nature of nonconformity
 Is there any change resulted in OHSMS due to the actions taken (example: change in risk assessments,
analysis, OHS policy, processes)
 Check the documentation of this entire process
 Verify the overall system of achieving continual improvements through this process.

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 65
10.Auditing Improvement

10.3 Continual improvement

Is there a continual Improvement ……brought in by
 enhancing OH&S performance;
 promoting a culture that supports an OH&S management
 promoting the participation of workers in implementing
actions for the continual improvement of the OH&S
management system;
 communicating the relevant results of continual
improvement to workers, and, where they exist, workers’
 maintaining and retaining documented information as
evidence of continual improvement.

The organization shall retain documented information

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 66
Internal Auditor Training on OHSMS ISO 45001:2018
(Course ID:OHM-003)

Chapter 10 Managing, performing and completion of

an audit
Session Plan

► Objectives
► Understand the requirements of Planning to achieve the intended objectives of
an audit

► Understand how to effectively conduct, conclude and complete an audit process

and event

► Methodology
► Delegate driven self Study with the help of slides

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 68
Who manages the audit?

►The audit team leader has overall responsibility for the

audit. Audit team members assist the team leader.
►Good audit management requires:
 Planning and Preparation
 Communications (Client, Auditees and Auditors)
 Accurate and Objective Fact Finding

Audits MUST be well managed

to provide good VALUE.

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 69
Parties involved in an audit

Auditee Provides
Organisation information

Audit Client

Party Auditor
1st., (includes Audit
Auditing (includesauditors,
auditors, Audit
Auditing technical performance
Organisation technical expertsand
experts and performance
Organisation auditors in-training)
auditors in-training)

Lead Auditor

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 70
From collecting information to audit conclusions

Collecting information by
appropriate sampling

Audit Evidence

Evaluating against
audit criteria

Audit Finding
picture taken from the Article „Electromagnetism for brain disorders”
written by Michael Webb, July 29, 2008,


Audit Conclusion

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 71
How do auditors find evidence ?

► Reviewing Documents
► Reviewing Records
►Observing practices and physical environment

► Interviewing People at all levels

Can/should the auditor cover all people,

documents and records during the audit?

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 72
Visit the field – SEE the “real world”

► production line, or wherever ► talk to people on the field - if you

Occupational Hazards are can hear them!;
► wear proper clothes and safety
► People working at Height equipments - be prepared
► People working in areas nears ► Look for Hazards and risks,
Electrical transformers, high operational controls, potential
voltage supply points emergencies,
► Working in extreme conditions ► Ask what the dials and meters
(Such as steel melting, Coke ovens, are indicating about operational
Mines, Blast furnaces, Projects under control and measures.
commissioning, Working in confined
spaces etc)

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 73

Keep observing the physical evidence: What to look for?

 Hazards, Airpollution affecting workers ► Posted Procedures

 equipment, instruments ► Actual Operations

 conditions, upkeep, ► Operating Logs
operational controls
► Instruments with Process
► Alarms

► Communications Postings

► Awareness Reminders

► Calibration Tags

► Warning Signs

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 74
Interviewing People

General rules Typical steps of an audit interview

► Be polite and full of respect ► Warming up

► Explain what you are doing ► Introduction (why you are here)

► Choose appropriate language ► Collecting Information

► Listen carefully ► Decision (report major findings)

► Focus on facts! ► Closing

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 75
Follow Audit Trails

► As you audit
you will find interesting opportunities for follow-up (= audit trails).
► Pick promising audit trails:

► Follow it through

► Interact with team

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 76
Always take notes

► Explain the need to take notes to auditee…?

► Make your notes:

 Comprehensive
 Accurate
 Precise
 Legible

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 77
Time management

► Time is always short

► Plan well

► Do not allow your audit to get side-tracked

► Do not dig too much

(root cause analysis is not the auditor’s task)
► Do not focus on trivia

► Remember an audit is a sampling

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 78
Audit Programme in ISO 19011 –
more than just an audit plan!
►ISO 19011 Section 3.11 – Definition of audit programme
 Set of one or more audits,
 Planned for a specific timeframe and
 Directed towards a specific purpose.
Note: it includes all activities necessary for planning, organizing and conducting the audits.

►ISO 19011 Section 5 Managing an audit programme

 It covers all steps like a computer programme.

►ISO 19011 Section 6 – Performing an audit

 Includes planning and conducting specific audit activities as a part of an
audit program

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 79
The different phases of an audit

6.2 Initiating the audit

Stage 1 Audit 6.3 Preparing audit activities

6.4 Conducting the audit activities ?

6.5 Preparing the Audit report ?

6.6 Competing the audit

ISO 19011 ?
Section 6 6.7 Conducting audit follow up

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 80
Initiating the Audit

► Appointing the audit team leader

 The auditing organization (your company) appoints the Lead Auditor of the team
► Define audit objectives, scope and criteria
Lead auditor check scope and criteria. Objective as defined by the Audit Manager.
► Determine feasibility of the audit
 Are information and estimates of time and resources adequate?
► Select the audit team
 Needed competences to fulfill audit objectives.
► Establish initial contact with the auditee
 communication channels (phone, email, fax)
 Information on timing and audit team
 Request of access to relevant documents
 Arrangements of the audit including site safety rules

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 81
Initiating the Audit – criteria and scope

Audit Criteria Audit Scope

► Reference against which ► Extent and boundaries
conformity is determined of the audit including:
 Standards  Locations
 Contractual Specification  Organisational units
 OH&SMS Documentation  Activities and processes covered
(including the time period)
 Legislation or other requirements

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 82
Initiating the Audit –
Considerations in Selection of Team
►Independence ►OH&SMS knowledge

►Team cohesion ►Technical knowledge

►Training needs ►Legal knowledge

►Career development ►Experience in the sector

►Acceptability to auditee ►Knowledge of ISO 45001

►Availability ►Audit skills

►Language ►Team management skills

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 83
Conducting Document Review

►Document review is part of Stage 1 (Initial) Audit

(May not be always applicable in case of internal audits)

 Assess readiness for full systems audit (at times not applicable for
Internal audits)
 Focus on planning for Stage 2 (main) audit
 Establish personal contact and rapport with auditee
 Validates scope, purpose, methods
 Gather additional information
 Identify potential problems

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 84
Preparing for the ‘On-site Audit’ Activities

►Prepare plan

►Prepare working documents

►Assigning work to the team

 Dates and duration, individual task

 travel, accommodation, office space, ..

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 85
The audit plan and working documents

Audit Plan Working Documents

►Audit type / objective ►?
►Audit criteria ►?
►Dates & Times & Places

►Areas / Processes

►Auditees (if known)


►Reference clauses / topic

►Consider shifts,
meetings and breaks

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 86
Conducting on-site Audit Activities

►Conducting the opening Meeting

►Communication during the audit

►Roles and responsibilities of guides and observers

 May accompany the audit team, but are not part of it

►Collecting and verifying information

►Generating audit findings

►Preparing audit conclusions

►Conducting the closing meeting

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 87
Conducting On-site Audit Activities
Meetings and Communications
►Opening and Closing meetings
 Formally required

►Intermediate meetings with auditee representatives

 report ongoing status, findings and progress.

►Team liaison meetings

 help coordinate and focus the audit team.

►Regular feedback to auditees

 provides ongoing communication

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 88
Nonconformity Report

►No set rules; however all have these two parts:

 The evidence (what actually is or is not )
 The requirement (what was supposed to be)

►Different organizations have different formats

 Use the format chosen by your client or firm

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 89
A Nonconformance Must Also Be...






Will someone else be able to trace back and find the

same evidence you found, based on what you wrote?

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 90
Example 1

►Maintenance department, morning shift

 Acetylene gas cylinders delivered, but left in unsecured
 WI4-01, clause 6, requires that on delivery all flammable
gases must be immediately stored in secure storage area.

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 91
NCR for Example 1
OHSMS AUDITS Incident Number …....................
Company under Audit: XYZ plc Note Number SW/01
Area under review: ISO 45001 Clause Number
………………………………………. MAINTENANCE ………………………… 8.1
► Area
Category MAJOR* MINOR* * delete one

► Clause Non Conformity

The process of controls on Operations is not effective
► Grading
► Problem ACETYLENE GAS cylinders were was left in a non-
secure area
► Requirement
Requirements :
► Signature WI4-01, clause 6 requires that all gases after delivery
must be stored in secured area
Clause 8.1.1 of ISO 45001 requires that the
Organization shall .. Implement ,control and maintain
the processes….

Auditor A. U. Ditor

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 92
Good Meeting Practice



Manage the time!

Key consideration –
What is this meeting intended to accomplish?

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 93
Opening & Closing Meetings

►Be on time

►Entire audit team participates

►Auditee senior management

(minimum Management Rep.)
►Team Leader chairs these meetings

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 94
Opening meeting agenda

►Introduce the team ►Grading of NCR’s

►Reason, scope & criteria ►Confirm staff is

aware & available
►Review audit plan and
methods ►Confirm logistics

►Explain about sampling ►Confirm guides

►Confidentiality ►Safety requirements

►Method of reporting ►Questions

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 95
Team Liaison Meetings

► To ensure smooth and effective

progress of the audit
► To ensure audit scope is covered

► To review nonconformance

► To collate the findings

►Final Team Liaison Meeting

 Prepare for the closing meeting
 Review & collate the findings
 Discuss recommendation
 Prepare final reports
 At least the NC reports

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 96
Closing Meeting

►No surprises!

►Don’t have discussion of corrective actions

at the closing meeting
►Be diplomatic

►Acknowledge achievements

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 97
Closing Meeting Agenda

► Thank the auditee and ► Specific additional topics

reintroduce the team at a (Re-) Certification Audit
► Recap reason, scope & criteria  Recap the scope of
► Review audit plan and methods
 Certificate validity
► Report the observations,
positive & negative (NCs and OFIs)  Surveillance audit
► Explain about sampling  Re-certification
► Overall summary  Use of logo
► Questions & answers

► Either
Recommendation for Certification/ Re Certification/ Continuation of Certification
► Or
Corrective actions & time-scale & Follow-up

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 98
Preparing, approving and distributing the audit report

Audit Reports including Non Conformity Report

► Information of the auditee ► Form provided by CB

► Space for
► Audit findings and conclusion
 Audit finding (by Lead auditor)
► Audit summary reports (Matrices)  Corrective Action (by organisation)
► Audit notes  Verification of corrective action
(by Lead auditor)
► Attachment of or reference to

“The audit is completed when all planned audit

activities have been carried out and the approved audit
report has been distributed.” (ISO 19011 6.6)

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 99
Follow-up action

► At agreed time

► Review of documentary evidence ► Documentary Evidence

 Records
► Re-audit on the site
 Training certificates
 Only review of corrective actions
 Amended procedures
 Don’t start it all over again
 Photographs
 Videos

Apr18 Internal Auditor Training course on OHSMS ISO 45001:2018 (Course ID:OHM-003)) 100

You might also like