ISO 45001:2017 Internal Audit

  • Client / Site

  • Conducted on

  • Prepared by

  • Personnel

  • Summary

4 Context of the organization

4.1 Understanding the organization and its context

4.2 Understanding the needs and expectations of workers and other interested parties

  • Determine relevant interested parties to OH&S management system

  • Determine relevant needs and expectations of interested parties

  • Determine which of these needs and expectations are added to applicable legal and other requirements

4.3 Determining the scope of the environmental management system

  • The OH&S management system scope considers the following:

  • Physical boundaries and applicability

  • External and internal issues relevant to its purpose and objectives

  • Relevant needs and expectations of interested parties

  • Work related activities

  • OH&S MS scope is documented and available to interested parties

4.4 OH&S management system

5 Leadership

5.1 Leadership and commitment

  • Top management is identified

  • Top management demonstrates leadership and commitment

  • Taking accountability for OH&S management system effectiveness

  • Ensures OH&S nonconformities and opportunities are identified and action is taken

  • Ensures work related hazards and opportunities are systematically identified, OH&S risks and opportunities are evaluated and prioritized and action is taken to achieve risk reduction

  • Ensures OH&S management policy and objectives are established and are compatible with strategic direction and context of organization

  • Ensures OH&S management is integrated into organization's business processes

  • Ensures resources are available

  • Ensures that processes are established for the consultation and active participation of workers (and, as applicable, their representatives) in the establishment, implementation, maintenance and continual improvement of the OH&S MS, identifying and removing obstacles or barriers to participation

  • Communicates importance of effective OH&S management and of conforming to its requirements

  • Ensures intended outcomes

  • Directing and supporting persons to contribute to the effectiveness of the OH&S management system

  • Promotes continuous improvement

  • Supports other relevant management roles to demonstrate their leadership as it applies to their areas of respsonsibility

  • Promotes and leads a positive culture with regard to the OH&S management system

5.2 Policy

  • Establish, implement and maintain an OH&S management system policy

  • Appropriate to the purpose and context of the organization, including the nature of its OH&S risk and opportunities.

  • Provides a framework for setting OH&S objectives

  • Includes a commitment to satisfy applicable legal and other requirements

  • Includes a commitment to the control of OH&S risks through hierarchy of control

  • Includes a commitment to continual improvement of the OH&S management system

  • Includes a commitment to worker participation and consultation

  • OH&S Policy shall be maintained as documented information

  • OH&S Policy shall be communicated within organization

  • OH&S Policy is available to interested parties

  • OH&S Policy shall be reviewed periodically to ensure that it remains relevant and appropriate

5.3 Organizational roles, responsibilities, accountabilities and authorities

  • Responsibilities and authorities for relevant roles are assigned and communicated within the organization

  • Assign responsibility and authority to ensure OH&S MS conforms to the ISO 45001:2017 standard

  • Assign responsibility and authority for reporting to top management the performance of the OH&S

5.4 Participation, consultation and representation

  • Process has been established to ensure effective participation and consultation by workers at all levels and functions of the organization

  • With the mechanisms, time and resources to participate in, at a minimum, the processes of the OH&S MS

  • With the mechanisms, time, training and resources necessary to be consulted in, at a minimum, the process of developing policy

  • With timely access to clear, understandable and relevant information about the OH&S management system

  • Identifying and removing obstacles or barriers to participation and minimizing those that cannot be removed

  • Encouraging timely reporting and response to work-related hazards, OH&S risks, OH&S opportunities, incidents and nonconformities

  • Ensure that relevant external interested parties are consulted, when appropriate, about matters pertinent to the OH&S management system

6 Planning

6.1 Actions to address risks and opportunities

6.1.1 General

  • Determine if organization has established, implemented and maintains a process and that its OH&S management system can achieve its intended outcomes, prevent (or reduce) undesired effects and achieve continual improvement

  • Has the organization determined risks related to hazards and opportunities

  • Has the organization determined risks and opportunities related to applicable legal and other requirements

  • Has the organization determined and assessed risk and opportunities related to the operation of the OH&S management system that can affect the achievement of the intended outcomes

  • Verify documented information

6.1.2 Hazard identification and assessment of OH&S risks

  • Verify process to determine and assess hazards and opportunities in the workplace and to workers that takes into account

  • Routine and non-routine activities and situations

  • Emergency situations

  • People (workers, contractors and visitors) who have access to or are in the vicinity of the workplace and their activities and for workers who perform work-related activities at a location not under direct control of the organization

  • Organization's operations and activities including the design of work areas, processes, etc., changes in knowledge of hazards, situations occurring in the vicinity of the workplace or not controlled by the organization

  • Actual or proposed changes in the organization, its operations, processes, activities and OH&S management system

  • Past incidents, internal or external to the organization, including emergencies, and their causes

  • Applicable legal and other requirements

  • Effectiveness of existing controls

  • Consideration of the hierarchy of controls

  • Opportunities to eliminate or reduce OH&S risks and to adapt work to workers

  • Verify documented information

6.1.3 Determination of legal and other requirements

  • Verify process to identify and have access to up-to-date legal and other requirements that are applicable to its OH&S risks and management system

  • Determine how to apply and meet these requirements

  • Verify maintained and retained documented information

  • Applicable legal and other requirements, ensuring this documented information is updated to reflect changes

  • To show how compliance with its applicable legal and other requirements is achieved

6.1.4 Planning to take action

  • Organization shall plan actions to address its risks and opportunities

  • Organization shall plan actions to address applicable legal and other requirements

  • Organization shall plan actions to prepare for, and respond to, emergency situations, how to integrate and implement the relevant actions, including the determination and application of controls, into the OH&S management system

  • Organization shall plan how to evaluate the effectiveness of these actions and respond accordingly

6.2 OH&S objectives and planning to achieve them

6.2.1 OH&S objectives

  • OH&S objectives determined at appropriate levels and take into account the organization's significant environmental aspects and associated compliance obligations

  • OH&S objectives shall be:

  • Consistent with the OH&S policy

  • Measurable (if practicable)

  • Take into account applicable legal and other requirements

  • Take into account the result of any consultation with workers

  • Monitored

  • Communicated

  • Updated as appropriate

  • Verify the organization considered best practices, technological options, financial, operational and business requirements

  • Verify the organization arranged for the participation of workers

  • Verify documented information

6.2.2 Planning actions to achieve OH&S objectives

  • Organization shall determine:

  • What will be done

  • What resources will be required

  • Who will be responsible

  • When it will be completed

  • How the results will be evaluated (including indicators for monitoring).

  • How the actions to achieve OH&S objectives will be integrated into the organization's business processes

  • Verify retained documented information on the OH&S objectives and plans to achieve them

7 Support

7.1 Resources

  • Organization determined and provide needed resources (resource review for continuous improvement).

7.2 Competence

  • Organization shall determine necessary competence of person(s) doing work under its control that affects its OH&S performance

  • Organization shall ensure that person(s) are competent on the basis of education, training, qualification or experience

  • Organization shall ensure that person(s) are competent on the basis of education, training, qualification or experience

  • Organization shall, where applicable, take actions necessary to acquire the necessary competence, and evaluate the effectiveness of the actions taken

  • Verify organization retains appropriate documented information as evidence of competence

7.3 Awareness

  • People doing work under the organization's control are aware of: (Note:- in addition to workers (especially temporary workers) contractors, visitors and any other parties should be aware of OH&S risks to which they are exposed).

  • the OH&S policy and its objectives.

  • their contribution to the effectiveness of the OH&S management system, including the benefits of improved OH&S performance

  • the implications of not conforming with the OH&S management system requirements, including the consequences, actual or potential, of their work activities

  • Incidents and outcomes of investigations that are relevant to them.

  • Hazards, OH&S risks and actions determined that are relevant to them.

  • The ability to remove themselves from work situations that they consider present an imminent and serious danger to their life or health, as well as the arrangements for protecting them from undue consequences for doing so.

7.4.1 Communication - The organisation shall establish, implement and maintain processes needed for the internal and external communications relevant to the OH&S management system including:

  • On what it will communicate.

  • What, when, with whom and how to communicate.

7.5 Documented information

  • Verify documented information is identified and described

  • Verify appropriate format (i.e language, software version, graphics) and media (i.e. paper, electronic)

  • Verify documented information is reviewed and approved

  • Verify documented information is available, suitable for use and is adequately protected

  • Verify documented information's distribution, access, retrieval and use

  • Verify documented information's storage and preservation

  • Verify retention and disposition

  • Verify access for workers

  • Verify control of changes

  • Verify documented information of external origin is identified and controlled

8 Operation

8.1.1 Operational planning and control

  • Verify the specifications for the procurement of goods & services

  • Determine process controls (Procedures & systems of work) have been implemented

  • Does the organisation ensure the competence of workers?

  • Does the organisation ensure the competence of workers?

  • Verify documented information to determine that preventative and predictive maintenance programmes & inspection programmes are in place.

  • Verify the specifications for the procurement of goods & services

  • Verify the application of legal requirements and other requirements or manufacturers instructions for plant & equipment are available and used.

  • Verify process for achieving reduction in OH&S risk using the following Hierarchy of Controls (engineering & administrative controls).

  • Elimination of hazard

  • Substitute with less hazardous material, process, operations or equipment

  • Use engineering controls

  • Use administrative controls including safety signs, markings, warning devices and safe system of work

  • Use personal protective equipment

  • Verify that work is adapted to workers by - defining how the work is organised, the induction of new workers, defining or re-defining processes & working environments, using ergonomic approaches when designing new or modifying workplaces/equipment etc.

8.1.3 Management of change

  • Plan and manage temporary or permanent changes to the OH&S management system do not have a negative impact by

  • Verifying the resolution of incidents and nonconformities

  • Verifying new products, processes or services at the design stage or re-design stage

  • Verifying changes in knowledge or information about hazards

  • Verifying changes to work processes, procedures, equipment, organizational structure, staffing, products, services, contractors or suppliers

  • Verifying developments in knowledge and technology

  • Verifying changes to applicable legal and other requirements

  • Verify process for implementation and control of planned changes.

  • Verify responsibilities and authorities for managing changes and their associated OH&S risks are identified

  • Verify the organization reviews the consequences of unintended changes and takes action to mitigate any adverse effects, if necessary Procurement - General. The organisation shall establish implement & maintain processes/procedures to control the procurement of products & services in order to ensure their conformity to its OH&S management system. Contractors - The organisation shall co-ordinate its procurement processes/procedures with its contractors, in order to identify hazards and to assess and control the OH&S risks arising from

  • Verify he contractors activities and operations that impact the organisation (including occupational health).

  • Verify the organisations activities and operations that impact the contractors workers (including occupational health). .

  • Verify the organisations activities and operations that impact the contractors workers (including occupational health). .

  • Verify the contractors activities and operations that impact other interested parties in the workplace (including occupational health). Outsourcing

  • Verify outsourced processes/procedures affecting the OH&S management system are controlled :

8.2 Emergency preparedness and response

  • Verify the organization has established, implemented and maintained a process(es) for potential emergency situations

  • Verify the organization

  • identifies and plans for potential emergency situations

  • the preparation of a planned response to emergency situations

  • periodic testing and exercise of emergency response capability

  • periodically reviews and revises the process(es) and planned response actions, in particular after the occurrence of an emergency situation or test

  • provision of relevant information to all members of the organization, at all levels, on their duties and responsibilities

  • provision of training for emergency prevention, preparedness and response

  • communication of information to contractors, visitors, relevant emergency response services, government authorities and the local community

  • The organisation shall take into account at all stages of the process, the needs and capabilities of relevant interested parties and ensure their involvement, as appropriate, in the development of the planned response.

  • Verify documented information is maintained and retained relating to the above

9 Performance evaluation

9.1.1 Monitoring, measurement, analysis and performance evaluation

  • Verify what needs to be monitored & measured including:<br>The extent to which legal requirements and other requirements are fulfilled.

  • Verify that its activities & operations related to identified hazards, risks & opportunities.

  • Verify progress towards achievement of the organisations OH&S objectives.

  • Verify the effectiveness of operational & other controls.

  • Verify the methods for monitoring, measurement, analysis and performance evaluation, as applicable, to ensure valid results.

  • Verify the criteria against which the organisation will evaluate its OH&S performance.

  • Verify when the monitoring & measuring shall be performed.

  • Verify when the results from monitoring & measuring shall be analysed, evaluated and communicated.

  • Verify evidences of the results of monitoring, measurement, analysis & performance evaluation.

  • Review retained appropriate documented information with regards to maintenance ,calibration or verification or measuring equipment.

9.1.2 Evaluation of compliance - the organisation shall:

  • Determine the frequency and methods for the evaluation of compliance.

  • Evaluate compliance and take action if needed.

  • Maintain knowledge & understanding of its compliance status with legal requirements & other requirements (company standards/policies/procedures).

  • Retain documented information of the compliance evaluation results.

9.2.1 Internal audit - General. The organisation shall conduct internal audits at planned intervals to provide information on whether the OH&S management system conforms to:

  • The organisations own requirements for its OH&S management systems, including the OH&S policy & OH&S objectives.

  • The requirements of ISO 45001.

  • Is effectively implemented & maintained.

9.2.2 - Internal audit programme

  • Verify audits are conducted at planned intervals

  • Verify organization has established, implemented, and maintains an internal audit program

  • Verify the importance of the environmental process, changes affecting the organization and the results of previous audits are considered

  • Verify audit criteria and scope are created for each audit

  • Auditors are objective and impartial

  • Audit results reported to relevant management

  • Review retained documented information

9.3 Management review

  • Verify management reviews EMS at planned intervals

  • Verify management review includes:

  • status of actions from previous management reviews

  • changes in external and internal issues relevant to the OH&S management system

  • changes in applicable legal and other requirements

  • changes in the organization's OH&S risks, risks and opportunities

  • the extent to which OH&S policy and objectives have been met

  • information on the organization's OH&S performance, including trends in

  • incidents, nonconformities, continual improvement and corrective actions

  • worker participation and consultation

  • monitoring and measurement results

  • audit results

  • results of evaluation of compliance

  • OH&S risks, risks and opportunities

  • relevant communication(s) from interested parties

  • opportunities for continual improvement

  • adequacy of resources

  • Outputs of management review shall include:

  • conclusions on the continuing suitability, adequacy and effectiveness of the OH&S management system

  • decisions related to continual improvement opportunities

  • decisions related to any need for changes to the OH&S management system, including resources needs

  • actions, if needed, when OH&S objectives have not been achieved

  • any implications for the strategic direction of the organization

  • Verify outputs of management review are communicated to its workers

  • Verify retained documented information

10 Improvement

10.1 Incident, nonconformity and corrective action

  • Verify how organization reacts to and incident or nonconformity by evaluating actions taken to control and correct it and how the organization deals with the consequences

  • Determine what actions are taken to prevent nonconformity from recurring

  • Verify participation of workers in the determination of root causes

  • Verify implemented actions and their effectiveness

  • Verify retained documented information that provides evidence of the nature of the nonconformity and any subsequent actions taken and the results of any corrective actions

  • Verify documented information communicated to relevant workers and relevant interested parties

10.2 Continual improvement

  • Verify process of how the organization continually improves

  • Verify workers are consulted in continual improvement process

  • Verify results of continual improvement is communicated to its workers

  • Verify retained documented information

The templates available in our Public Library have been created by our customers and employees to help get you started using SafetyCulture's solutions. The templates are intended to be used as hypothetical examples only and should not be used as a substitute for professional advice. You should seek your own professional advice to determine if the use of a template is permissible in your workplace or jurisdiction. Any ratings or scores displayed in our Public Library have not been verified by SafetyCulture for accuracy. Users of our platform may provide a rating or score that is incorrect or misleading. You should independently determine whether the template is suitable for your circumstances. You can use our Public Library to search based on criteria such as industry and subject matter. Search results are based on their relevance to your search and other criteria. We may feature checklists based on subject matters we think may be of interest to our customers.