ISO 45001:2018

Internal Auditor Migration

Alcumus Academy

www.alcumusgroup.com
Session One

Course Requirements & Introductions

Domestics

Start and finish times

Breaks and lunch
Availability of the ISO 45001 Standard
Delegate manuals
Delegate feedback
Course Rules

Cameras and Mics

Screen breaks – Be punctual
If you do not understand a point – Ask
It is important to make clear notes
Join in and enjoy yourselves
IRCA – International Register of Certificated Auditors
Education – At least to secondary education level.
Work experience – Four years’ full-time experience, or two years with a degree or near degree. One
year’s full-time experience relevant to the auditor scheme.
Auditor training – A relevant IRCA-certified Foundation course and a relevant IRCA-certified Internal
Auditor training course or the relevant IRCA-certified Auditor/Lead Auditor training course.

Auditing experience – Four full management system audits as an auditor-in-training, totaling 20 days,
including a minimum of 15 days on site and three full management system audits as the leader of an
audit team that includes at least one other auditor, totaling 15 days, 10 of which must have been
spent on site.
Course Objectives:

The aim of this course is to provide delegates with the knowledge and skills required to perform first,
second and third-party audits of occupational health and safety management systems against
ISO 45001, in accordance with ISO 19011 and ISO/IEC 17021, as applicable.

Auditors' role:
To assess an organisation’s ability to provide a safe and healthy workplace, to prevent work related
injury and ill health and to proactively improve its occupational health and safety performance
 Course Overview

Team exercises

Presentation of exercise work

Group discussions and feedback

Continuous assessment

To Pass the Course:

Complete all elements of the course

Pass the continuous assessment, focused on participation

Involvement in activities and presentations

a copy of the standard will be provided

Introductions – Please say a few words about yourself

Name

Company and what it does

Position and what you do

Auditing experience

Hobbies/pastimes
Session Two
ISO 45001 Development and Purpose
ISO 45001 Series
The ISO 45001 standard addresses the Health & Safety management needs of all types of organisations

Current standards:

Management systems ISO 45001, which can be audited All areas need to be audited - No exclusions or ‘opt outs’ allowed
Management system guidance ISO 45002, guidance only and it cannot be audited:

BS 45002-0 Occupational health and safety management systems. General guidelines for the application of ISO 45001

BS 45002 Part 1: guidance on managing occupation health

BS 45002 Part 2: Risks and opportunities

BS 45002 Part 3: General guidelines for the application of ISO 45001 – guidance on incident investigation
Continuing Development of Standards

ISO TC 283 is responsible for review, update and new standards

Standards reviewed approximately every 5 years

All standards go through a defined drafting, review, consultation, approval and issue process

Released as ISO 45001 in March 2018 – Formerly OHSAS 18001

Registration with an accredited body

Purpose of a Health & Safety Management System

ISO 45001 is applicable to any organisation that wishes to establish, implement and maintain
an OH&S management system to improve occupational health and safety, eliminate hazards
and minimize OH&S risks (including system deficiencies), take advantage of OH&S
opportunities, and address OH&S management system nonconformities associated with its
activities.
Benefits of ISO 45001
Better working environment - Reduced risks

Reduced incidents and emergencies

Reduce legal and cost liabilities - Involvement of employees

Promotes improvement - Reduced insurance costs

Enhances company image - Compliance to legislation

Better Employee Relationship - Less lost time due to accidents

Better awareness of risks and liabilities - Better management control

Session Three
ISO 45001Structure and Implementation
Terminology
Interested party
Person or organisation that can affect, be affected by, or perceive itself to be affected by a decision or
activity

Worker
Person performing work or work-related activities that are under the control of the organisation

Participation
Involvement in decision-making

Consultation
Seeking views before making a decision

Workplace
Place under the control of the where a person needs to be or to go for work purposes
Structure of ISO 45001

4 Context 7 Support
Interested parties, Scope, Process Competence, Communication
5 Leadership Documentation
Policy, Roles, Consultation
6 Planning 8 Operational planning & control
Hazard identification Management of change
Plan Do Procurement
Legal requirements
Objectives Emergency preparedness

10 Improvement Act Check 9 Performance Evaluation

Incident, nonconformity Evaluation of compliance
and corrective action Internal audit
Continual improvement Management review
Clause 4 Context of the Organisation
Exercise 1
4.1 Understanding the organisation and its context
4.2 Understanding the needs and expectations of workers and other interested parties
4.3 Determining the Scope of the OHSMS
4.4 OH&S Management System

Working Individually:
What external and internal issues / threats, an organisation would need to determine were
in or out of scope of an OHSMS, if they had to manufacture and install a road traffic sign,
for the local council.
Determine which processes might mitigate or control these issues?
5 Leadership and worker participation

5.1 Leadership and commitment

Top management shall demonstrate leadership and commitment with respect to the OH&S
management system

Take overall responsibility

Promote a culture that supports the intended outcomes of the OH&S management system
5.2 OH&S policy
Top management shall establish, implement and maintain an OH&S policy that includes a commitment
to provide safe and healthy working conditions for the prevention of work related injury and ill health
and is appropriate to the purpose, size and context of the organisation and to the specific nature of its
OH&S risks and OH&S Opportunities.

Checklist Example:

Check that the policy includes the required elements (Commitments from Top Management)

How is it be communicated within the organisation?

How could it be made available to interested parties?

How would you ensure that interested parties were aware of it?
5.3 Organisational roles, responsibilities and authorities

Top management shall assign, document and communicate the responsibility and authority for:

Ensuring that the OH&S management system conforms to the requirements

Reporting on the performance of the OH&S management system to top management.

While responsibility and authority can be assigned, ultimately top management is still accountable for
the functioning
of the OH&S management system.
5.4 Consultation and participation of workers
Exercise 2

The organisation shall establish, implement and maintain a process(es) for consultation and
participation of workers at all applicable levels and functions, and, where they exist, workers’
representatives, in the development, planning, implementation, performance evaluation and actions for
improvement of the OH&S management system.

Working individually, compile a checklist that you could use to confirm that the organisation are meeting
the requirements of this clause of the standard.

Time frame – 20 minutes

6.1 Actions to Address Risks & Opportunity
6.1.1 General
When planning for the OH&S management system, the organisation shall consider the issues referred
to in 4.1 and the requirements referred to in 4.2 and 4.3

6.1.2 Hazard identification and assessment of risks and opportunities

Hazards can be physical, chemical, biological, psychosocial, mechanical, electrical or based on movement and
energy.

OH&S risks and other risks such as peaks in workflow - restructuring and reorganising the works to avoid this

OH&S opportunities and other opportunities - training on, or procurement of, new improved equipment or
supplies

Legal requirements and other requirements - legislation (national, regional or international), including statutes
and regulations
6.1.2 Hazard identification and assessment of risks and opportunities
Exercise 3

Identify potential hazards using the photographs in the following slides.

The photographs represent a site walk, carried out at the time of audit.

The tutor will discuss the delegate observations and responses.

Time guide 30 mins

KEY: Risk Rating (RR) = Severity (S) x Probability (P) – Score 1 - 5
Risk Level: Low Risk = 1 to 6, Medium Risk = 7 to 11, High Risk = 12 to 20
Without Controls Methods of With Controls
Hazard monitoring
Task Hazard Identification & Foreseeable Risks RR Control Measure RR
Ref.N0. S P control S P
SxP measure SxP

Stay in designated walkways.

Slips, trips and falls. Avoid area when lifting operations are in
Crushing, trapping by moving loads. progress or wear appropriate PPE.
Head injury and possible crushing by 4 4 16 Be aware of movement of Fork Lift Trucks 4 1 4
falling or swinging loads. and Pallet trucks.
Movement
Stay clear of cordoned off test areas and All
1 within
follow instruction from tester. staff
Workshop
Tinted curtain installed at access door to Fab
Injury to eyes from welding flash from shop to protect staff.
Fabrication shop Avoid direct view of welding process and
shield eyes if passing exposed welding
3 4 12 process. 3 1 3
Slips, trips and falls. Stay in designated walkways.
Crushing, trapping by moving loads. Avoid area when overhead lifting operations
Head injury and possible crushing by are in progress or wear appropriate PPE.
falling or swinging loads. Be aware of movement of Fork Lift Trucks
Movement
Compressor and air receiver operation. 4 3 12 and Pallet trucks. Goods in 4 1 4
2 within loading
Possible high noise levels from Ensure the compressor and air receiver are staff
bay
compressor. Failure of air receiver. maintained and inspected at designated
intervals in line with regulations.
3 2 6 3 1 3
Auditing Hazard Identification/Risk Assessments

Checklist Example:

Have all hazards been identified? (6.1.2.1)

Have risk assessments been carried out? (6.1.2.2)
Have they determined and implemented the necessary controls? (8.1.1)
Are they monitoring effectiveness of controls? (9.1.1)
Have the risk assessments and procedures reviewed? (6.1.2)
Has any training been carried out? (7.2)
Are the organisation communicated the findings? (7.4)
Have workers participated in the process? (5.4)
6.1.3 Determination of legal and other requirements

Checklist Example:

Is there a process required to identify applicable legal and other requirements?

Have they determined how these requirements apply to the organisation and the applicable
hazard?

Documentation information required. Company will normally have in place, a ‘Legal and Other
Register’ (LOR)

May contain methods of compliance to be used. Should be communicated effectively.

Discuss the Methods of Compliance Column for CoSHH
Acme Engineering
Legal Register

Legislation Relevance to company Methods of compliance

LOLER We have overhead cranes and fork lift trucks. Internal maintenance/checking of the FLT’s
These need to be subject to a regular ‘Thorough External LOLER Examinations of FLT’s and cranes
Examination’ Equipment to have unique identification
Employee training/awareness
Risk assessments to be carried out
COSHH Regs Our manufacturing processes use a number of
paints and oils
These need to be assessed before being used in
our processes.

Control of Asbestos Regs Our factory roof is made from Asbestos External survey to be regularly carried out
It needs to be maintained in a safe condition Employee awareness training to be carried out
Regular internal site inspections to be carried out
Roof replacement to be reviewed
Actions for possible disposal to be formulated
Signage to be put in place
6.1.3 Legal Requirements
The auditor needs to be prepared before the audit regarding his / her knowledge of the possible
applicable legislation:

Do some research

Visit the company web site

Be aware of the company scope of activities

Look at previous reports if available

Seek previous auditors advice (Expert if required)

The site walk on the day of the audit will also help to identify areas that are subject to legal
requirements – EG: Use of substances, lifting equipment, noisy environment.
Legal Requirements
Exercise 4

Working individually:

Refer to the list of legislation and the workshop hand-out.

The hand-out describes conditions in a ‘Dyeing and Bleaching works’. The year is ‘1958’

The task is to identify any Required Legislation if the works were still operating today

Time guide 20 mins

.
6.2 OH&S objectives and planning to achieve them
Take into account:

Legal requirements

Results of risk assessments

Consultation with workers

Be measurable?

Planning shall include:

What will be done – Resources required – Who will be responsible – When it will be completed – How results
will how evaluated (Indicators) – Integration into the business processes
7 Support
7.1 Resources – Examples of resources include human, natural, infrastructure, technology and
financial.

7.2 Competence – Appropriate documented information required – What is appropriate?

7.3 Awareness – Contribution - Incidents – Risk assessments - Removal from dangerous work
situations (Refer to the standard)

7.4 Communication – Internal and external – What and when?

7.5 Documented information – Controlled and available. Where?

8 Operation
The organisation shall plan, implement, control and maintain the processes needed to meet requirements of
the OH&S management system, and to implement the actions determined in Clause 6.

Examples of operational control of the processes include:

• The use of procedures and systems of work

• Ensuring the competence of workers
• Establishing preventive or predictive maintenance and inspection programs
• Specifications for the procurement of goods and services
• Application of legal requirements and other requirements, or manufacturers’ instructions for equipment
• Engineering and administrative controls
• Adapting work to workers
8.2 Emergency Preparedness and Response
The organisation shall establish, implement and maintain a process(es) needed to prepare for and
respond to potential emergency situations, as identified in 6.1.2.1, including testing (where practical) at
an appropriate frequency

Emergency preparedness plans can include natural, technical and man-made events that occur inside and
outside normal working hours.

Communicating and providing relevant information to all workers on their duties and Responsibilities

Communicating relevant information to contractors, visitors, emergency response services, government

authorities and, as appropriate, the local community
9.1 Monitoring, measurement, analysis and performance evaluation
Areas to be considered:

Objectives – Risk reduction – Legal compliance

Effective Controls

Health and Wellbeing of Workers

Incidents – Near misses

Calibration/Maintenance
9.1.2 Evaluation of Compliance
The organisation shall establish, implement and maintain a process(es) to:

Determine and have access to up-to-date legal requirements and other requirements that are applicable to
its hazards, OH&S risks and OH&S management system

Determine how these legal requirements and other requirements apply, and what needs to be
communicated

Take these legal requirements and other requirements into account when establishing, implementing,
maintaining and continually improving its OH&S management system

The organisation shall maintain and retain documented information on its legal requirements and other
requirements and shall ensure that it is updated to reflect any changes.
9.2 Internal Audit

The organisation shall ensure that internal audits of the OH&S management system are conducted at
planned intervals

Audit Programme(s) shall be planned, established, implemented and maintained by the organisation, based
on the results of risk assessments of the organisation’s activities, and the results of previous audits.

Selection of auditors and conduct of audits shall ensure objectivity and the impartiality of the audit process.
9.3 Management Review
Top management shall review the organisation's OH&S management system, at planned intervals, to
ensure its continuing suitability, adequacy and effectiveness.

To include consideration of any changes regarding:

External and internal issues

The needs and expectations of interested parties

Risks and opportunities

Trends in:
Incidents – Nonconformities – Evaluation of compliance – Audit results – Consultation and participation of
workers – Risks and opportunities
10.2 Incident, nonconformity and corrective action
The organisation shall establish, implement and maintain a process(es), including reporting, investigating
and taking action, to determine and manage incidents and nonconformities.

Checklist Example:

Did the organisation react in a timely manner?

Did the organisation take action and deal with the consequences?
Is the participation of workers evident?
Investigation – Any similar incidents?
Determine root cause – Implement corrective action?
Documented?
Communicated – How?
Checking that organisations are effectively planning and implementing
planned improvements – Checklist Example:
Changes in external and internal issues and identified opportunities to improve

Policy – Includes commitment to continually improve

Objectives – Programme is established and maintained

Preventive action – Pro active measures – Actions arising from consultation

Emergency preparedness and response – Potential emergencies

Evaluation of compliance – Periodic checks/audits/actions

Internal audit – Opportunities for improvement identified

Incident/Corrective action – Root cause analysis

Management review – Analysis resulting in improvements

Session Four

Role Play
Role Play
Step 1
All teams will be shown photographs to represent a site walk of Dicey Engineering company premises. The tutor
will act as company H&S Manager and respond to any arising questions from the teams. (Team members are to
take appropriate notes)

Step 2
Each Delegate will be given a specific photograph showing an issue viewed during the site walk of the company
premises/activities.

Using the photographs supplied by the tutor, select a photo to write up in the next exercise
Example Nonconformity Report
IRCA ISO 45001 AUDIT - NONCONFORMITY REPORT
Description of the nonconformity

During the audit there was evidence that identified any changes to Operational Controls resulting from previous
audit findings & resulting corrective actions (for the sub-contractors carrying out the cleaning activities), were not
effective and did not prevent recurrence

Relevant evidence

The corrective actions for incident reports numbers 57, 58, 59 and 60, for reported near misses

Statements from workers and managers

45001 Clause 10.2
The organisation shall establish, implement and maintain a process(es), including reporting,
investigating and taking action, to determine and manage incidents and nonconformities.
Exercise 5 Non-Conformance Writing

Non-conformances

Each team member is to write out a non-conformance on the hand-out and present it to
the tutor

The tutor, acting as the company representative, has to agree with the findings and
accept the non-conformance

Also, team members can assist one another, by referencing each others notes.
End of course

Course objectives

You now have the knowledge and skills required to perform first and second party
internal audits of
occupational health and safety management systems against ISO 45001 in
accordance with ISO 19011
and ISO/IEC 17021, as applicable.
 Thank you

www.alcumusgroup.com