ISO 45001:2017 Internal Audit

  • Client / Site

  • Conducted on

  • Prepared by

  • Location
  • Personnel

  • Summary

4 Context of the organization

4.1 Understanding the organization and its context

4.2 Understanding the needs and expectations of workers and other interested parties

  • Determine relevant interested parties to OH&S management system

  • Determine relevant needs and expectations of interested parties

  • Determine which of these needs and expectations are added to applicable legal and other requirements

4.3 Determining the scope of the OH&S management system

  • The OH&S management system scope considers the following:

  • Physical boundaries and applicability

  • External and internal issues relevant to its purpose and objectives

  • Relevant needs and expectations of interested parties

  • Work related activities

  • OH&S MS scope is documented and available to interested parties

4.4 OH&S management system

5 Leadership

5.1 Leadership and commitment

  • Top management shall demonstrate leadership and commitment with respect to the OHS management system. Interview the highest role in the business to get a feel for his leadership style and how he drives OHS into the business. Also review leadership team feelings and look for examples of positive leadership to improve culture and ensure OHS is on the agenda.

  • Top management demonstrates leadership and commitment

  • Taking overall responsibility and accountability for OH&S management system effectiveness

  • Ensures OH&S objectives are established

  • Ensure that the OHS systems is part of business processes

  • Promotes use of EHS commitees

  • Ensures resources are available

  • Ensures that processes are established for the consultation and active participation of workers (and, as applicable, their representatives) in the establishment, implementation, maintenance and continual improvement of the OH&S MS, identifying and removing obstacles or barriers to participation

  • Communicates importance of effective OH&S management and of conforming to its requirements

  • Ensures intended outcomes

  • Directing and supporting persons to contribute to the effectiveness of the OH&S management system

  • Promotes continuous improvement

  • Supports other relevant management roles to demonstrate their leadership as it applies to their areas of respsonsibility

  • Promotes and leads a positive culture with regard to the OH&S management system

5.2 Policy

  • Establish, implement and maintain an OH&S management system policy

  • Policy is available and includes the wording consultation, participation, prevention, and it is displayed for people to see

  • Provides a framework for setting OH&S objectives

  • Includes a commitment to satisfy applicable legal and other requirements

  • Includes a commitment to the control of OH&S risks through hierarchy of control

  • Includes a commitment to continual improvement of the OH&S management system

  • Includes a commitment to worker participation and consultation

  • OH&S Policy shall be maintained as documented information

  • OH&S Policy shall be communicated within organization

  • OH&S Policy is available to interested parties

  • OH&S Policy shall be reviewed periodically to ensure that it remains relevant and appropriate

5.3 Organizational roles, responsibilities, accountabilities and authorities

  • Responsibilities and authorities for relevant roles are assigned and communicated within the organization

  • Assign responsibility and authority to ensure OH&S MS conforms to the ISO 45001:2018 standard

  • Assign responsibility and authority for reporting to top management the performance of the OH&S

5.4 Participation, consultation and representation

  • Process has been established to ensure effective participation and consultation by workers at all levels and functions of the organization

  • Has the organisation established, implemented and maintained a process for consultation and participation of workers?

  • Provide, time, training and resources necessary to be consulted in, at a minimum, the process of developing policy, consulting on OHS matters & objectives

  • With timely access to clear, understandable and relevant information about the OH&S management system

  • Identifying and removing obstacles or barriers to participation and minimizing those that cannot be removed

  • Encouraging timely reporting and response to work-related hazards, OH&S risks, OH&S opportunities, incidents and nonconformities

  • For NON MANAGERIAL employees verify they are consulted on <br>Needs and expectations of interested parties<br>OHS policy<br>Roles and responsibilities<br>Legal and other requirements<br>OHS objectives<br>Controls for outsourcing, procurement and contractors<br>Monitoring needs<br>Audit programmes<br>Continual improvement<br><br><br>

  • For NON MANAGERIAL employees verify they are consulted on

  • Needs and expectations of interested parties

  • OHS policy

  • Roles and responsibilities

  • Legal and other requirements

  • OHS objectives

  • Controls for outsourcing, procurement and contractors

  • Monitoring needs

  • Audit programmes

  • Continual improvement

  • How do workers participate?

  • The mechanisms for participation

  • Identifying hazards and risks / opportunities (Risk assessment and control identification)

  • Action planning for improving risk ratings

  • Competency & Training

  • What needs to be communicated

  • Control measures introduced

6 Planning

6.1 Actions to address risks and opportunities

6.1.1 General

  • Determine if organization has established, implemented and maintains a OH&S management system can achieve its intended outcomes, prevent (or reduce) undesired effects and achieve continual improvement based on identified criteria in clause 4 context of the organisation.

  • Has the organization determined risks related to hazards and opportunities as part of their planning and risk assessment processes

  • Has the organization determined risks and opportunities related to applicable legal and other requirements

  • Has the organization determined and assessed risk and opportunities related to the operation of the OH&S management system that can affect the achievement of the intended outcomes

  • Verify documented information on the process for risk management and risks and actions identified.

6.1.2 Hazard identification and assessment of OH&S risks

  • Verify documented process to assess and manage risks covering; -

  • Is there a process for hazard identification to assess how the work is organised, social factors including workload, working hours, victimisation, harassment, bullying , leadership and culture

  • Routine and non-routine activities and situations covering ; Emergency situations

  • People (workers, contractors and visitors) who have access to or are in the vicinity of the workplace and their activities and for workers who perform work-related activities at a location not under direct control of the organization

  • Organization's operations and activities including the design of work areas, processes, etc., changes in knowledge of hazards, situations occurring in the vicinity of the workplace or not controlled by the organization

  • Actual or proposed changes in the organization, its operations, processes, activities and OH&S management system

  • Past incidents, internal or external to the organization, including emergencies, and their causes

  • Applicable legal and other requirements

  • Effectiveness of existing controls

  • Consideration of the hierarchy of controls

  • Opportunities to eliminate or reduce OH&S risks and to adapt work to workers

  • Routine and non routine activities and situations including hazards that arise from

  • Infrastructure , equipment, materials, substances. physical conditions

  • Product and service design, testing, production, assembly, construction, services given , maintenance, disposal

  • Human factors

  • How work is carried out

  • Other issues such as; -<br>Persons with access to the workplace including visitors, contractors, trespassers<br>Those in the vicinity that may be affected by the operations such as neighbours or passers by<br>Workers not under the direct control of the organisation (e.g Shared site people)<br>Design of work areas, process installations, machinery, procedures, adaption to needs and capabilities of workers<br>Change management<br>Situations occurring in the vicinity of the workplace caused by work related activities <br>

6.1.3 Determination of legal and other requirements

  • Verify process to identify and have access to up-to-date legal and other requirements that are applicable to its OH&S risks and management system

  • Determine how to apply and meet these requirements

  • Verify maintained and retained documented information

  • Applicable legal and other requirements, ensuring this documented information is updated to reflect changes

  • To show how compliance with its applicable legal and other requirements is achieved

6.1.5 Planning to take action

  • Organization shall plan actions to address its risks and opportunities

  • Organization shall plan actions to address applicable legal and other requirements

  • Organization shall plan actions to prepare for, and respond to, emergency situations, how to integrate and implement the relevant actions, including the determination and application of controls, into the OH&S management system

  • Organization shall plan how to evaluate the effectiveness of these actions and respond accordingly

6.2 OH&S objectives and planning to achieve them

6.2.1 OH&S objectives

  • OH&S objectives determined at appropriate levels and take into account the organization's significant environmental aspects and associated compliance obligations

  • OH&S objectives shall be:

  • Consistent with the OH&S policy

  • Measurable (if practicable)

  • Take into account applicable legal and other requirements

  • Take into account the result of any consultation with workers

  • Monitored

  • Communicated

  • Updated as appropriate

  • Verify the organization considered best practices, technological options, financial, operational and business requirements

  • Verify the organization arranged for the participation of workers

  • Verify documented information

6.2.2 Planning actions to achieve OH&S objectives

  • Organization shall determine:

  • What will be done

  • What resources will be required

  • Who will be responsible

  • When it will be completed

  • How the results will be evaluated

  • How the actions to achieve OH&S objectives will be integrated into the organization's business processes

  • Verify retained documented information on the OH&S objectives and plans to achieve them

7 Support

7.1 Resources

  • Organization determined and provide needed resources

7.2 Competence

  • Organization shall determine necessary competence of person(s) doing work under its control that affects its OH&S performance

  • Organization shall ensure that person(s) are competent on the basis of education, training, qualification or experience

  • Organization shall, where applicable, take actions necessary to acquire the necessary competence, and evaluate the effectiveness of the actions taken

  • Verify organization retains appropriate documented information as evidence of competence

7.3 Awareness

  • People doing work under the organization's control are aware of

  • the OH&S policy

  • their contribution to the effectiveness of the OH&S management system, including the benefits of improved OH&S performance

  • the implications of not conforming with the OH&S management system requirements, including the consequences, actual or potential, of their work activities

  • information and lessons learned concerning relevant incidents

7.4 Information and communication

  • Verify internal and external communication process (what, when, with whom and how to communicate)

  • Verify how organization defines the intent to be achieved by informing and communicating, and shall evaluate whether the objectives have been met

  • Verify how the organization takes into account diversity (i.e language, culture, literacy, disability), where they exist, when considering its information and communication needs

  • Verify how it receives, maintains documented information on and responds to relevant communications

7.5 Documented information

  • Verify documented information is identified and described

  • Verify appropriate format (i.e language, software version, graphics) and media (i.e. paper, electronic)

  • Verify documented information is reviewed and approved

  • Verify documented information is available, suitable for use and is adequately protected

  • Verify documented information's distribution, access, retrieval and use

  • Verify documented information's storage and preservation

  • Verify retention and disposition

  • Verify access for workers

  • Verify control of changes

  • Verify documented information of external origin is identified and controlled

8 Operation

8.1 Operational planning and control

  • Determine organization has established operating criteria for the process(es)

  • Determine process controls that have been implemented

  • Verify processes to verify effective implementation of controls

  • Verify documented information about controls to have confidence that the processes have been carried out as planned

  • Verify covering situations where the absence of documented information could lead to deviations from the OH&S policy and the OH&S objectives

  • Verify process for achieving reduction in OH&S risk using the following Hierarchy of Controls

  • Elimination of hazard

  • Substitute with less hazardous material, process, operations or equipment

  • Use engineering controls

  • Use administrative controls including safety signs, markings, warning devices and safe system of work

  • Use personal protective equipment

8.2 Management of change

  • Plan and manage temporary or permanent changes to the OH&S management system do not have a negative impact by

  • Verifying the resolution of incidents and nonconformities

  • Verifying new products, processes or services at the design stage or re-design stage

  • Verifying changes in knowledge or information about hazards

  • Verifying changes to work processes, procedures, equipment, organizational structure, staffing, products, services, contractors or suppliers

  • Verifying developments in knowledge and technology

  • Verifying changes to applicable legal and other requirements

  • Verify process for implementation and control of planned changes.

  • Verify responsibilities and authorities for managing changes and their associated OH&S risks are identified

  • Verify the organization reviews the consequences of unintended changes and takes action to mitigate any adverse effects, if necessary

8.3 Outsourcing

  • Verify outsourced processes affecting its OH&S management system are controlled

8.4 Procurement

  • Verify controls for procurement, i.e. products, hazardous materials or substances, raw materials, equipment or services, conform to its OH&S management system

8.5 Contractors

  • Verify the organization's process to identify and communicate on the hazards, and to evaluate and control the OH&S risks, arising from the:

  • contractor's activities and operations to the organization's workers

  • organization's activities and operations to the contractor's workers

  • contractor's activities and operations to other interested parties in the workplace

  • Verify process where the requirements of the OH&S management system, or at least the equivalent, are met by the contractors and their workers (including criteria for selection of contractors)

  • Verify process for coordinating relevant portions of the OH&S management system with other organizations for multi-employer workplaces

8.6 Emergency preparedness and response

  • Verify the organization has established, implemented and maintained a process(es) for potential emergency situations

  • Verify the organization

  • identifies and plans for potential emergency situations

  • the preparation of a planned response to emergency situations

  • periodic testing and exercise of emergency response capability

  • periodically reviews and revises the process(es) and planned response actions, in particular after the occurrence of an emergency situation or test

  • provision of relevant information to all members of the organization, at all levels, on their duties and responsibilities

  • provision of training for emergency prevention, preparedness and response

  • communication of information to contractors, visitors, relevant emergency response services, government authorities and the local community

  • Organization shall take into account at all stages of the process the needs and capabilities of relevant interested parties and ensure their involvement

  • Verify documented information

9 Performance evaluation

9.1 Monitoring, measurement, analysis and evaluation

  • Verify organization is monitoring and measuring its operations with identified hazards and OH&S risks and opportunities, operational controls and progress towards meeting OH&S objectives

  • Verify that calibrated or verified monitoring and measurement equipment is used and maintained, as appropriate

  • Determine what criteria against which the organization evaluates its OH&S performance

  • Verify how the organization analyzes, evaluates and communicates results

  • Verify when the monitoring and measuring shall be performed

  • Verify workers participate in these activities

  • Verify organization evaluates OH&S performance, determines the effectiveness of the OH&S management system and uses information during its evaluations

  • Verify process for evaluating compliance with applicable legal requirements and other requirements to which the organization subscribes

  • Verify how the organization determines frequency and method(s) by which compliance will be evaluated, evaluates compliance and takes action, if necessary, and how it maintains knowledge and understanding of its status of conforming with legal and other requirements

  • Review retained appropriate documented information

9.2 Internal audit

  • Verify audits are conducted at planned intervals

  • Verify organization has established, implemented, and maintains an internal audit program

  • Verify the importance of the environmental process, changes affecting the organization and the results of previous audits are considered

  • Verify audit criteria and scope are created for each audit

  • Auditors are objective and impartial

  • Audit results reported to relevant management

  • Review retained documented information

9.3 Management review

  • Verify management reviews EMS at planned intervals

  • Verify management review includes:

  • status of actions from previous management reviews

  • changes in external and internal issues relevant to the OH&S management system

  • changes in applicable legal and other requirements

  • changes in the organization's OH&S risks, risks and opportunities

  • the extent to which OH&S policy and objectives have been met

  • information on the organization's OH&S performance, including trends in

  • incidents, nonconformities, continual improvement and corrective actions

  • worker participation and consultation

  • monitoring and measurement results

  • audit results

  • results of evaluation of compliance

  • OH&S risks, risks and opportunities

  • relevant communication(s) from interested parties

  • opportunities for continual improvement

  • adequacy of resources

  • Outputs of management review shall include:

  • conclusions on the continuing suitability, adequacy and effectiveness of the OH&S management system

  • decisions related to continual improvement opportunities

  • decisions related to any need for changes to the OH&S management system, including resources needs

  • actions, if needed, when OH&S objectives have not been achieved

  • any implications for the strategic direction of the organization

  • Verify outputs of management review are communicated to its workers

  • Verify retained documented information

10 Improvement

10.1 Incident, nonconformity and corrective action

  • Verify how organization reacts to and incident or nonconformity by evaluating actions taken to control and correct it and how the organization deals with the consequences

  • Determine what actions are taken to prevent nonconformity from recurring

  • Verify participation of workers in the determination of root causes

  • Verify implemented actions and their effectiveness

  • Verify retained documented information that provides evidence of the nature of the nonconformity and any subsequent actions taken and the results of any corrective actions

  • Verify documented information communicated to relevant workers and relevant interested parties

10.2 Continual improvement

  • Verify process of how the organization continually improves

  • Verify workers are consulted in continual improvement process

  • Verify results of continual improvement is communicated to its workers

  • Verify retained documented information

The templates available in our Public Library have been created by our customers and employees to help get you started using SafetyCulture's solutions. The templates are intended to be used as hypothetical examples only and should not be used as a substitute for professional advice. You should seek your own professional advice to determine if the use of a template is permissible in your workplace or jurisdiction. You should independently determine whether the template is suitable for your circumstances.