The organization shall conduct internal audits at planned intervals to provide information on whether the OH&S management system:
a) conforms to:
1) the organization’s own requirements for its OH&S management system, including the OH&S policy and OH&S objectives;
2) the requirements of this document;
b) is effectively implemented and maintained.
9.2.2 Internal audit programme
The organization shall:
a) plan, establish, implement and maintain an audit programme(s) including the frequency, methods, responsibilities, consultation, planning requirements and reporting, which shall take into consideration the importance of the processes concerned and the results of previous audits;
b) define the audit criteria and scope for each audit;
c) select auditors and conduct audits to ensure objectivity and the impartiality of the audit process;
d) ensure that the results of the audits are reported to relevant managers; ensure that relevant audit results are reported to workers, and, where they exist, workers’ representatives, and other relevant interested parties;
e) take action to address nonconformities and continually improve its OH&S performance
f) retain documented information as evidence of the implementation of the audit programme and the audit results.
As per Annex A (Guidance on the use of ISO 45001:2018 standard) of ISO 45001:2018 standard it further explains
The extent of the audit programme should be based on the complexity and level of maturity of the OH&S management system. An organization can establish objectivity and impartiality of the internal audit by creating a process(es) that separates auditors’ roles as internal auditors from their normal assigned duties, or the organization can also use external people for this function.
1) The organization shall conduct internal audits at planned intervals
Organizations should conduct internal audits of ISO 45001:2018 at planned intervals for several important reasons:
- Compliance Verification: Internal audits help organizations ensure that they are in compliance with the requirements of ISO 45001:2018. This includes verifying that the organization’s Occupational Health and Safety Management System (OHSMS) aligns with the standard’s criteria.
- Identification of Non-Conformities: Internal audits are a proactive way to identify non-conformities or deviations from the standard’s requirements before they become significant issues. This allows organizations to take corrective actions promptly.
- Continuous Improvement: ISO 45001:2018 places a strong emphasis on continuous improvement in occupational health and safety. Regular internal audits help organizations identify areas where improvements can be made, whether in processes, procedures, or safety practices.
- Risk Assessment and Mitigation: Audits provide an opportunity to assess risks related to occupational health and safety. Identifying potential hazards or weaknesses in the OHSMS allows for the implementation of mitigation strategies to prevent accidents or incidents.
- Evidence for Certification Bodies: When seeking ISO 45001 certification, organizations must demonstrate their compliance with the standard’s requirements. Internal audit records serve as valuable evidence during external audits conducted by certification bodies.
- Employee Engagement: Involving employees in the audit process can foster a culture of safety and engagement. Employees often have valuable insights into safety issues and can contribute to the audit process by identifying potential risks and improvements.
- Management Review: Internal audit findings provide important input for management reviews. They enable leadership to assess the effectiveness of the OHSMS and make informed decisions about its improvement and resource allocation.
- Legal and Regulatory Compliance: Compliance with ISO 45001:2018 can also help organizations meet legal and regulatory requirements related to occupational health and safety. Internal audits help ensure ongoing compliance with these obligations.
- Cost Savings: By identifying and addressing issues through internal audits, organizations can potentially reduce the costs associated with accidents, injuries, and non-compliance fines or penalties.
- Stakeholder Confidence: Demonstrating a commitment to occupational health and safety through regular internal audits can enhance the confidence of stakeholders, including employees, customers, suppliers, and the community.
In summary, conducting internal audits at planned intervals is a proactive and systematic approach to ensuring compliance with ISO 45001:2018, promoting occupational health and safety, and driving continuous improvement within an organization. It helps identify areas for enhancement, reduce risks, and contribute to the overall well-being of employees while demonstrating a commitment to safety to stakeholders. The decision on the interval for conducting internal audits should be based on various factors, including:
- OHSMS Maturity: Organizations with a well-established and mature OHSMS may require less frequent internal audits than those that are still in the early stages of implementation.
- Risk Factors: Consider the nature and complexity of your organization’s operations and the associated health and safety risks. High-risk industries or processes may warrant more frequent audits.
- Regulatory and Legal Requirements: Some industries or regions may have specific legal or regulatory requirements that dictate audit frequency.
- Previous Audit Results: The results of previous internal audits can also influence the decision on audit intervals. If recurring issues are identified, more frequent audits may be necessary until these issues are resolved.
- Organizational Changes: Significant changes within the organization, such as new processes, technologies, or expansions, may warrant more frequent audits to ensure that safety controls are still effective.
- Management Review: The outcomes of management reviews, which should consider audit results, can help determine whether the current audit frequency is adequate or needs adjustment.
- Resource Availability: Consider the availability of qualified auditors and resources to conduct audits effectively.
It is essential for organizations to establish their internal audit schedule based on a risk-based approach. This means assessing the risks and priorities related to occupational health and safety and using that assessment to determine the appropriate audit frequency. The key is to ensure that audits are conducted often enough to identify and address non-conformities and opportunities for improvement promptly.
2) Internal audits provide information on whether the OH&S management system conforms to the organization’s own requirements for its OH&S management system, including the OH&S policy and OH&S objectives
Internal audits play a crucial role in evaluating whether an Occupational Health and Safety (OH&S) management system conforms to an organization’s own requirements, including the OH&S policy and OH&S objectives. Here’s how internal audits provide this information:
- Assessing Conformance to OH&S Policy:
- Internal audits assess whether the organization’s OH&S policy is effectively implemented and whether it aligns with the organization’s own requirements.
- Auditors review the OH&S policy to ensure it reflects the organization’s commitment to safety and health and that it complies with relevant legal and regulatory requirements.
- They also check if the OH&S policy is communicated and understood throughout the organization.
- Evaluating Conformance to OH&S Objectives:
- OH&S objectives are specific goals set by the organization to improve its occupational health and safety performance.
- Internal audits examine whether the organization is actively working toward achieving these objectives.
- Auditors assess the effectiveness of the measures taken to meet the OH&S objectives and whether progress is being made.
- Reviewing Compliance with Own Requirements:
- Beyond the OH&S policy and objectives, internal audits review whether the entire OH&S management system conforms to the organization’s own requirements.
- This includes evaluating processes, procedures, documentation, and practices related to health and safety to ensure they align with the organization’s established standards and expectations.
- Identifying Non-Conformities:
- During the internal audit process, auditors identify non-conformities or deviations from the organization’s own requirements.
- Non-conformities can relate to any aspect of the OH&S management system, from processes and procedures to the implementation of controls.
- These non-conformities are documented and communicated to the relevant parties for corrective action.
- Providing Recommendations for Improvement:
- In addition to identifying non-conformities, internal audits offer an opportunity to provide recommendations for improvement.
- Auditors may suggest ways to enhance the effectiveness of the OH&S management system, align it better with organizational goals, or improve safety practices.
- Continuous Improvement:
- The information obtained from internal audits is valuable for driving continuous improvement in the organization’s OH&S management system.
- By addressing non-conformities and implementing recommended improvements, the organization can enhance its health and safety performance.
In summary, internal audits serve as a mechanism for evaluating whether the OH&S management system aligns with the organization’s own requirements, OH&S policy, and objectives. They provide valuable insights into conformity and non-conformities, helping the organization maintain a strong commitment to occupational health and safety and drive ongoing improvement in this crucial area.
3) Internal audits provide information on whether the OH&S management system conforms to requirements of ISO 45001:2018
Internal audits play a critical role in assessing whether an organization’s Occupational Health and Safety Management System (OH&S MS) conforms to the requirements of ISO 45001:2018, the international standard for occupational health and safety. Here’s how internal audits provide information on conformity to ISO 45001:2018 requirements:
- Assessment of Compliance: Internal audits involve a systematic and comprehensive review of the organization’s processes, procedures, and practices related to occupational health and safety. Auditors assess these elements to determine if they align with the specific requirements outlined in ISO 45001:2018.
- Identification of Non-Conformities: During internal audits, auditors look for any deviations or non-conformities between the organization’s OH&S MS and the ISO 45001:2018 standard. Non-conformities represent instances where the organization does not meet the specified ISO requirements.
- Documented Evidence: Auditors gather documented evidence during the audit process to support their findings. This evidence includes records, documentation, and observations that demonstrate whether the organization’s practices conform to ISO 45001:2018.
- Verification of Implementation: Internal audits assess the implementation of key ISO 45001:2018 requirements, such as the development of an OH&S policy, establishment of objectives, risk assessment, legal compliance, hazard identification, incident reporting, and emergency preparedness.
- Reporting and Documentation: Audit reports are generated to document the findings of the internal audit. These reports detail any non-conformities identified, as well as observations and opportunities for improvement. The reports provide a clear record of the organization’s compliance status.
- Corrective Actions: When non-conformities are identified, internal audits trigger corrective actions. The organization is responsible for addressing these non-conformities promptly and effectively, bringing its OH&S MS into compliance with ISO 45001:2018.
- Continuous Improvement: Beyond identifying non-conformities, internal audits contribute to the continuous improvement of the OH&S MS. They help the organization identify areas where processes or procedures can be enhanced to better meet ISO requirements and improve overall health and safety performance.
- Management Review: The results of internal audits are typically presented during management review meetings, where top management can assess the effectiveness of the OH&S MS and make informed decisions about improvements.
In summary, internal audits serve as a mechanism to evaluate the organization’s conformity to the requirements of ISO 45001:2018. They provide valuable information on compliance status, highlight areas for improvement, and contribute to the organization’s ongoing commitment to occupational health and safety.
4) Internal audits provide information on whether the OH&S management system is effectively implemented and maintained.
Internal audits play a crucial role in providing information on whether an Occupational Health and Safety (OH&S) management system is effectively implemented and maintained within an organization. Here’s how internal audits serve this purpose:
- Assessment of Implementation: Internal audits involve a systematic review of the organization’s processes, procedures, and practices related to occupational health and safety. Auditors assess whether these components are implemented as intended and in accordance with the organization’s OH&S policies and objectives.
- Verification of Compliance: Auditors verify that the organization is in compliance with both its own internal requirements and the external requirements of standards such as ISO 45001:2018. This includes ensuring that legal and regulatory requirements related to health and safety are being met.
- Identification of Gaps and Non-Conformities: Internal audits aim to identify any gaps or non-conformities in the implementation of the OH&S management system. Non-conformities represent instances where the system is not effectively implemented or maintained, highlighting areas that require corrective action.
- Evidence Gathering: During the audit process, auditors collect evidence through documentation review, interviews, and observations to determine the effectiveness of the system. This evidence is used to assess the actual implementation and maintenance of the OH&S management system.
- Documentation Review: Auditors scrutinize documentation such as policies, procedures, records, incident reports, and training records to ensure that they are up-to-date, accurate, and reflective of the organization’s OH&S practices.
- Reporting and Corrective Action: Audit findings, including non-conformities and areas for improvement, are documented in audit reports. The organization is then responsible for taking corrective actions to address any identified issues and ensure the effective implementation and maintenance of the OH&S management system.
- Continuous Improvement: Beyond identifying issues, internal audits provide a foundation for continuous improvement. They help the organization pinpoint areas where the system can be enhanced, leading to better health and safety performance.
- Management Review: The results of internal audits are often presented during management review meetings, allowing top management to assess the effectiveness of the OH&S management system and make informed decisions about its maintenance and improvement.
In conclusion, internal audits are a valuable tool for assessing whether an organization’s OH&S management system is effectively implemented and maintained. They provide insights into compliance, uncover areas for improvement, and contribute to the ongoing commitment to occupational health and safety within the organization.
5) The organization shall plan, establish, implement and maintain an audit programme(s) including the frequency, methods, responsibilities, consultation, planning requirements and reporting, which shall take into consideration the importance of the processes concerned and the results of previous audits;
Planning, establishing, implementing, and maintaining an audit program in an organization, especially in the context of ISO 45001:2018 (Occupational Health and Safety Management Systems), involves a structured approach. Here are the steps to accomplish this:
- Determine Audit Objectives: Define the objectives of your audit program. Consider the purpose, scope, and goals you want to achieve. This should align with the requirements of ISO 45001:2018 and your organization’s specific needs.
- Identify Audit Scope: Determine the scope of the audit program. Decide which areas, processes, and aspects of your OHSMS you will audit. Consider the organization’s size, complexity, and risk factors.
- Appoint Competent Auditors: Select and appoint competent internal auditors or teams. Ensure that they have the necessary knowledge of ISO 45001:2018 and auditing skills.
- Develop Audit Procedures: Create documented audit procedures that outline the step-by-step process for conducting audits, from planning to reporting and follow-up. Ensure these procedures align with ISO 45001:2018 requirements.
- Schedule Audits: Establish a schedule for conducting internal audits. Consider the planned intervals mentioned in ISO 45001:2018 and any additional audits required based on risk or organizational changes.
- Plan Individual Audits: For each audit, develop a detailed audit plan. This should include objectives, scope, criteria, audit team, resources required, and the timeline.
- Communicate Audit Details:Inform relevant personnel about upcoming audits. Provide clear instructions, including the purpose and expectations of the audit.
- Conduct Audits: Conduct internal audits according to the established schedule and plans. Auditors should follow the documented procedures, gather evidence, and assess conformity with ISO 45001:2018 requirements and organizational objectives.
- Document Audit Findings: Thoroughly document audit findings, including observations, non-conformities, opportunities for improvement, and positive aspects. Ensure that these findings are based on evidence.
- Report and Review: Prepare audit reports summarizing the findings, conclusions, and recommendations. Share these reports with relevant stakeholders and management.
- Corrective Actions:If non-conformities are identified, ensure that corrective actions are taken promptly to address the issues and bring the OHSMS into compliance with ISO 45001:2018.
- Follow-Up:Monitor and verify the effectiveness of corrective actions. Ensure that the identified non-conformities are resolved.
- Management Review:Present the results of internal audits during management review meetings. This allows top management to assess the effectiveness of the OHSMS and make informed decisions about improvements.
- Continuous Improvement:Use the lessons learned from internal audits to drive continuous improvement in the organization’s OHSMS. Adjust the audit program as needed to address changing circumstances.
- Document Everything: Keep comprehensive records of audit plans, reports, findings, corrective actions, and follow-up activities. Maintain these records for reference and external audits.
- Review and Update:Periodically review and update your audit program to ensure it remains effective, relevant, and aligned with ISO 45001:2018 and organizational goals.
Remember that the audit program should be an integral part of your organization’s commitment to occupational health and safety. It helps ensure compliance with ISO 45001:2018, identifies areas for improvement, and contributes to the overall well-being of employees and the organization’s stakeholders. An effective audit program should include a well-defined framework that encompasses various essential elements, as you’ve mentioned. Here’s a breakdown of what should be included in an audit program:
- Frequency: Specify the planned intervals or frequency at which internal audits will be conducted. This should align with the requirements of ISO 45001:2018 and consider organizational needs, risk factors, and the complexity of operations.
- Methods: Describe the audit methods and techniques that will be used during the audit process. This should include details on how audits will be conducted, such as document reviews, interviews, observations, and sampling.
- Responsibilities: Clearly define the roles and responsibilities of individuals involved in the audit program. This includes naming the audit team members, lead auditor, auditees, and other stakeholders. Assign responsibilities for audit planning, execution, reporting, and follow-up.
- Consultation: Specify if and how consultations with relevant parties will be conducted during the audit process. This might include engaging with employees, safety representatives, or other stakeholders who can provide valuable insights.
- Planning Requirements: Outline the specific planning requirements for each audit. This should cover details such as the audit scope, objectives, criteria, and the allocation of resources. Include guidance on how to develop audit plans for individual audits.
- Reporting: Describe the format and content of audit reports. Ensure that audit reports include a summary of findings, conclusions, recommendations, and a clear indication of non-conformities and opportunities for improvement. Define the distribution process for audit reports, including who receives them and when.
In addition to these elements, it’s crucial to maintain flexibility in the audit program to adapt to changing circumstances, organizational needs, and emerging risks. Regularly review and update the audit program to ensure it remains effective and aligned with ISO 45001:2018 requirements and organizational objectives. A well-structured audit program not only helps ensure the organization’s compliance with occupational health and safety standards but also contributes to the ongoing improvement of the Occupational Health and Safety Management System (OHSMS). It enhances safety practices, identifies areas for enhancement, and fosters a culture of safety within the organization.
Audit program should indeed take into consideration the importance of the processes being audited and the results of previous audits. ISO 45001 is the international standard for Occupational Health and Safety Management Systems (OH&S), and an effective audit program is a critical component of ensuring compliance and continual improvement within an organization’s OH&S management system.
Here’s how you can incorporate the importance of processes and previous audit results into your ISO 45001 audit program:
- Process Prioritization: Identify and prioritize the key processes within your organization’s OH&S management system that have the most significant impact on health and safety performance. These may include hazard identification and risk assessment, incident reporting and investigation, emergency preparedness, and others. Give more attention to high-risk processes.
- Risk-Based Approach: Use a risk-based approach to determine the frequency and depth of audits for each process. High-risk processes or areas with a history of safety issues should be audited more frequently and rigorously.
- Learn from Previous Audits:
- Review the findings and recommendations from previous audits. Identify areas where corrective actions were required and assess whether these actions have been effectively implemented.
- Analyze trends and patterns from previous audits to identify recurring issues or systemic problems. This information can help focus audit efforts on areas where improvements are needed.
- Continuous Improvement: The ISO 45001 standard emphasizes the importance of continual improvement. Ensure that the audit program includes a mechanism for capturing lessons learned from previous audits and using them to drive improvements in the OH&S management system.
- Documentation and Reporting: Document the audit program’s approach to process prioritization, risk assessment, and consideration of past audit results. Provide clear guidelines to auditors on how to incorporate these factors into their audit planning and execution.
- Audit Planning: During the audit planning phase, consider the historical performance and any changes that may have occurred since the last audit. Tailor the audit plan to address areas of concern or changes in processes.
- Audit Reporting: When reporting audit findings, make sure to reference the importance of the audited processes and whether there has been improvement or regression since the last audit. Highlight any actions taken as a result of previous audits.
- Feedback Loop: Establish a feedback loop between auditors, auditees, and management. Encourage open communication to address issues promptly and track progress in addressing audit findings.
By integrating the importance of processes and the results of previous audits into your ISO 45001 audit program, you can help ensure that the audit process is focused on areas of greatest concern, drive continual improvement, and contribute to a safer and healthier workplace.
6) The organization shall define the audit criteria and scope for each audit
Defining the audit criteria and scope for each ISO 45001:2018 audit is a critical step in the audit planning process. Here are the steps an organization can follow to define the audit criteria and scope effectively:
- Understand the Purpose of the Audit: Determine the primary objectives of the audit. Are you conducting a routine internal audit for compliance, or is it a special audit focused on a specific issue or process improvement?
- Review Relevant Documents: Familiarize yourself with the ISO 45001:2018 standard and any other relevant standards, regulations, policies, and procedures that apply to your organization’s occupational health and safety management system (OH&S MS).
- Identify Audit Criteria: Define the specific criteria against which the audit will be conducted. This includes identifying:
- ISO 45001:2018 requirements: List the relevant clauses of the standard that are applicable to the audit.
- Legal requirements: Identify relevant local, national, and international OH&S laws and regulations.
- Organizational policies and procedures: Consider your organization’s internal OH&S policies, processes, and practices.
- Industry best practices: Incorporate any relevant industry standards or best practices.
- Consider OH&S Risks and Objectives:
- Take into account the OH&S risks your organization has identified and its OH&S objectives. Prioritize auditing areas that pose the highest risks or areas critical to achieving objectives.
- Define the Audit Scope:
- Clearly define the boundaries and extent of the audit. Determine which processes, departments, locations, or activities will be included in the audit.
- Consider the time frame for the audit. Will it cover a specific period, or is it a general compliance audit?
- Engage Relevant Stakeholders:
- Consult with relevant personnel, including OH&S managers, process owners, and employees involved in the audited areas, to gather input and insights regarding the audit criteria and scope.
- Document the Audit Plan:
- Create a comprehensive audit plan that includes:
- Audit objectives: Clearly state what you aim to achieve with the audit.
- Criteria: List the specific criteria and standards to be assessed.
- Scope: Define the scope in detail, including the processes, departments, and locations to be audited.
- Audit methods: Outline the audit methods and techniques that will be used.
- Resources: Specify the personnel, tools, and equipment required for the audit.
- Schedule: Create a timeline for the audit, including start and end dates.
- Create a comprehensive audit plan that includes:
- Communicate the audit criteria and scope to both the audit team (auditors) and the auditee (the part of the organization being audited). Ensure everyone involved understands the audit’s purpose and expectations.
- Execute the Audit:
- Conduct the audit according to the defined criteria and scope, gathering evidence and information to assess compliance and effectiveness.
- Report and Follow-up:
- After the audit, report the findings, including any non-conformities or areas for improvement. Ensure corrective actions are taken and tracked to address identified issues.
- Continuous Improvement:
- Use the lessons learned from each audit to improve future audit processes and the organization’s OH&S MS.
By following these steps, an organization can systematically define the audit criteria and scope for ISO 45001:2018 audits, ensuring that audits are conducted with clarity and purpose to enhance the effectiveness of the OH&S management system.
7) The organization shall select auditors and conduct audits to ensure objectivity and the impartiality of the audit process
Selecting auditors and conducting audits in a way that ensures objectivity and impartiality is crucial for the effectiveness and credibility of the audit process within an organization’s Occupational Health and Safety Management System (OH&S MS), as outlined in ISO 45001:2018. Here are steps and considerations to help achieve this:
- Competence and Qualifications:
- Choose auditors with the necessary competence, knowledge, skills, and qualifications to perform audits effectively. Auditors should have a good understanding of ISO 45001 requirements and OH&S practices.
- Ensure that auditors are trained in auditing techniques and have relevant experience.
- Auditors should be independent from the processes, areas, or activities they are auditing. They should not have any direct responsibility for the audited areas.
- Consider using both internal and external auditors to enhance objectivity. External auditors can provide an impartial perspective.
- Ensure that auditors do not have any conflicts of interest related to the audit. They should not be biased or have personal or financial interests in the outcomes of the audit.
- Auditor Rotation:
- Implement a policy for auditor rotation to prevent any auditor from becoming too familiar with or biased toward the audited areas over time.
- Competency Assessment:
- Periodically assess the competence of auditors through performance reviews, continuing education, and proficiency evaluations.
- Audit Team Composition:
- Consider forming audit teams with a mix of skills and backgrounds to provide a well-rounded assessment. This may include OH&S specialists, process experts, and general auditors.
- Audit Planning:
- Develop a detailed audit plan that includes objectives, scope, criteria, methods, resources, and schedule.
- Ensure that the audit plan is reviewed and approved by relevant stakeholders, including top management.
- Objective Evidence:
- During the audit, auditors should rely on objective evidence to support their findings. This evidence may include documents, records, observations, and interviews.
- Interview Techniques:
- When conducting interviews, auditors should use open-ended questions and avoid leading or suggestive questions that could bias the responses.
- Avoiding Influence:
- Auditors should not attempt to influence the auditee’s actions or decisions during the audit. Their role is to assess compliance and effectiveness objectively.
- Record Keeping:
- Maintain clear and accurate records of audit activities, including findings, observations, and evidence gathered.
- Reporting and Non-Conformities:
- Report audit findings impartially, accurately, and objectively. Clearly distinguish between observations and non-conformities.
- Non-conformities should be based on evidence and linked to specific ISO 45001 requirements or criteria.
- Feedback and Follow-up:
- Provide feedback to the auditee, allowing them to respond to findings and non-conformities. Allow for corrective actions to be taken and verified.
- Ensure that audit records and findings are kept confidential to maintain the integrity of the audit process.
- Continuous Improvement:
- Use lessons learned from audits to improve the audit process itself and the organization’s OH&S MS.
By following these steps and considerations, organizations can select auditors and conduct audits in a way that promotes objectivity and impartiality, thereby enhancing the effectiveness of their OH&S management system and fostering trust in the audit process.
7) The organization shall ensure that the results of the audits are reported to relevant managers; ensure that relevant audit results are reported to workers, and, where they exist, workers’ representatives, and other relevant interested parties;
To ensure that the results of audits are effectively communicated to relevant managers, workers, workers’ representatives, and other relevant interested parties, organizations should establish a structured communication process as part of their Occupational Health and Safety Management System (OH&S MS) based on ISO 45001:2018 requirements. Here are steps to achieve this:
- Establish an Audit Reporting Procedure: Develop a clear procedure that outlines how audit results will be documented, reported, and communicated to various stakeholders. This procedure should define roles and responsibilities.
- Identify Relevant Stakeholders: Determine the relevant managers, workers, workers’ representatives, and other interested parties who need to receive audit results. This may include top management, department heads, safety committees, and external stakeholders such as regulators or customers.
- Audit Reporting to Management: After the audit is completed, prepare a comprehensive audit report that summarizes the findings, observations, and non-conformities. This report should include both quantitative and qualitative data on OH&S performance. Present the audit report to top management or relevant managers responsible for OH&S. Ensure that the report highlights areas of improvement and any corrective actions required.
- Worker and Workers’ Representative Communication: Hold meetings or briefings to communicate the audit results to workers and their representatives. These meetings should be organized in a way that allows for open and transparent discussions. Use plain and understandable language to communicate findings, making sure that workers and their representatives can easily grasp the information.
- Feedback and Engagement: Encourage workers and workers’ representatives to provide feedback and ask questions regarding the audit results. Engage them in the process of addressing non-conformities and improving OH&S performance. Ensure that workers and their representatives are informed about any corrective actions that will be taken to address identified issues.
- Document Communication: Keep records of all communications related to audit results. This documentation helps maintain transparency and accountability.
- Continuous Improvement: Use the feedback received from workers, workers’ representatives, and managers to drive continual improvement in the OH&S management system. Ensure that lessons learned from audits are integrated into the system.
- External Stakeholders: If there are external stakeholders (e.g., regulatory authorities) interested in the audit results, ensure that the relevant findings are shared with them in accordance with legal and regulatory requirements.
- Timely Reporting: Ensure that audit results are reported in a timely manner to allow for prompt corrective actions and improvements.
- Training and Awareness: Provide training and awareness programs for workers, managers, and workers’ representatives regarding the importance of audit results and their roles in addressing safety concerns.
- Review and Update: Periodically review and update the audit reporting procedure to align with changing organizational needs, regulatory requirements, and lessons learned from previous audits.
By implementing these steps and fostering a culture of open communication and collaboration, organizations can effectively report audit results to relevant stakeholders, promote safety awareness, and drive continuous improvement in their OH&S management system.
8) The organization shall take action to address nonconformities and continually improve its OH&S performance
Addressing nonconformities and continually improving Occupational Health and Safety (OH&S) performance are essential requirements of ISO 45001:2018, the international standard for OH&S Management Systems. This commitment to corrective actions and continual improvement is fundamental to creating a safe and healthy workplace. Here’s how organizations can fulfill these requirements:
- Identification of Nonconformities: Establish processes for identifying and documenting nonconformities. Nonconformities can result from internal audits, incident investigations, hazard assessments, regulatory inspections, or other forms of assessment.
- Root Cause Analysis: Conduct thorough root cause analyses to determine the underlying reasons for nonconformities. Understanding the root causes helps prevent recurrence.
- Corrective Actions: Develop and implement corrective actions to address identified nonconformities. Corrective actions should be specific, time-bound, and aimed at eliminating the root causes. Assign responsibilities for implementing corrective actions, and monitor progress to ensure timely completion.
- Preventive Actions: Implement preventive actions to address potential nonconformities and proactively mitigate OH&S risks. This proactive approach helps prevent incidents and nonconformities from occurring in the first place.
- Documentation: Document all nonconformities, corrective actions, and preventive actions, including the root cause analyses and the effectiveness of the implemented measures.
- Review by Management: Regularly review the status of corrective and preventive actions during management review meetings. Top management should actively participate in these reviews.
- Continual Improvement: Foster a culture of continual improvement within the organization. Encourage all employees to contribute ideas for enhancing safety and health. Use performance metrics and key performance indicators (KPIs) to measure progress and identify areas for improvement.
- Employee Involvement: Involve employees, including workers and their representatives, in the improvement process. They often have valuable insights and suggestions for enhancing safety.
- Training and Awareness: Provide training and awareness programs to ensure that employees are knowledgeable about OH&S policies, procedures, and best practices. This can improve their ability to identify and address nonconformities.
- Review and Update Policies and Procedures: Periodically review and update OH&S policies and procedures to reflect changing conditions, lessons learned, and evolving best practices.
- External Benchmarking: Consider benchmarking your organization’s OH&S performance against industry best practices or standards to identify opportunities for improvement.
- Compliance with Legal and Regulatory Requirements: Ensure that your organization stays updated on relevant OH&S laws and regulations and maintains compliance. Noncompliance can lead to nonconformities and should be promptly addressed.
- Communication: Communicate the results of improvement initiatives and the status of nonconformity resolution to relevant stakeholders, including workers and their representatives.
By taking these steps, organizations can not only address nonconformities effectively but also drive a culture of continuous improvement in OH&S performance, ultimately creating a safer and healthier work environment.
9) The organization shall retain documented information as evidence of the implementation of the audit programme and the audit results.
- Internal Audit Procedure:
- The organization should have a documented procedure for planning and conducting internal audits. This procedure outlines the steps, responsibilities, and methods for conducting internal audits.
- Audit Program:
- A documented audit program should be established, indicating the planned audit schedule, including which areas, processes, or functions will be audited, and the frequency of audits.
- Audit Criteria and Scope:
- Each internal audit should have defined audit criteria and scope. These criteria specify the standards, regulations, and organizational requirements against which the audit will be conducted, while the scope defines the boundaries and extent of the audit.
- Audit Plan:
- For each internal audit, an audit plan should be documented. The plan includes details such as objectives, schedule, audit team members, resources, and the methodology to be used during the audit.
- Audit Reports:
- After each internal audit, an audit report should be generated. This report summarizes the audit findings, observations, non-conformities, and opportunities for improvement. It should be documented and include recommendations.
- Non-conformity Reports:
- Non-conformities identified during internal audits should be documented in non-conformity reports. These reports detail the nature of the non-conformity, its location, the audit criteria it violates, and any evidence collected.
- Corrective and Preventive Action Records:
- Records of corrective actions taken to address identified non-conformities should be maintained. This includes documenting the actions taken, responsible parties, deadlines, and verification of effectiveness.
- Additionally, records of preventive actions aimed at proactively addressing potential non-conformities and improving OH&S performance should be documented.
- Audit Records:
- Records related to each internal audit, including checklists, interview notes, and any other evidence collected during the audit, should be retained. These records provide transparency and support the findings documented in the audit report.
- Management Review Records:
- Records of the management review process, which includes the review of internal audit results, should be maintained. These records demonstrate that top management has considered audit findings and taken appropriate actions.
- Audit Team Competency Records:
- Maintain records of the competence, training, and qualifications of internal auditors. This ensures that auditors have the necessary skills and knowledge to conduct effective audits.
- Records of Follow-up Actions:
- Document and retain records of actions taken in response to audit findings, including their status and effectiveness. This helps track progress in addressing non-conformities and implementing improvements.
- Communication Records:
- Records of communication regarding audit results, including feedback provided to auditees and any actions taken as a result of audit findings, should be documented.
- Records Retention Policy:
- Maintain a records retention policy that outlines how long audit-related documents and records should be retained and when they can be disposed of in accordance with legal and organizational requirements.
Example of Internal Audit Procedure
1. Purpose The purpose of this procedure is to establish a systematic approach for planning, conducting, reporting, and following up on internal audits of the Occupational Health and Safety Management System (OH&S MS) in accordance with ISO 45001:2018.
2. Scope: This procedure applies to all internal audits conducted within [Organization Name] to assess the effectiveness, conformity, and performance of the OH&S MS.
3.1 Management Representative/Lead Auditor:
- Appoint and train internal auditors.
- Coordinate and schedule internal audits.
- Review and approve audit plans.
- Ensure timely completion of corrective actions.
- Report audit results to top management during management review meetings.
3.2 Internal Auditors:
- Conduct internal audits in accordance with the audit plan.
- Gather objective evidence and document findings.
- Report non-conformities and observations.
- Assist in developing corrective and preventive action plans.
- Cooperate with auditors during the audit process.
- Provide access to relevant documentation and personnel.
- Participate in discussions and respond to findings.
4.1 Audit Planning:
- The Management Representative/Lead Auditor shall establish an annual audit schedule based on the organization’s risk assessment and objectives.
- Audit criteria and scope for each audit shall be defined, considering the OH&S MS requirements, legal obligations, and organizational objectives.
- Audit plans shall be developed, specifying objectives, scope, audit criteria, audit team members, audit methods, and a schedule.
4.2 Audit Execution:
- The internal audit team, led by the lead auditor, shall conduct audits according to the approved audit plan.
- Auditors shall gather objective evidence through interviews, document reviews, observations, and discussions.
- Non-conformities and observations shall be documented during the audit.
4.3 Audit Reporting:
- Auditors shall prepare audit reports detailing findings, including non-conformities, observations, and areas of conformity.
- Audit reports shall be submitted to the auditee for review and comments.
4.4 Corrective and Preventive Actions:
- Non-conformities shall be addressed with corrective actions that eliminate root causes.
- Preventive actions shall be taken to mitigate potential non-conformities.
- The Management Representative/Lead Auditor shall ensure timely completion of corrective and preventive actions.
4.5 Audit Follow-up:
- The lead auditor shall verify the effectiveness of corrective actions taken.
- Audit findings and actions shall be reviewed during management review meetings.
- Records of internal audits, including audit plans, reports, non-conformity reports, corrective actions, and preventive actions, shall be retained as per the organization’s records retention policy.
- Internal auditors shall receive training in auditing techniques, ISO 45001:2018, and relevant OH&S topics to ensure competence.
7. Review and Improvement
- This procedure shall be reviewed periodically to ensure its effectiveness and relevance.
- Lessons learned from internal audits shall be used to improve the OH&S MS.