John Nolan As part of your organization’s journey towards ISO 45001:2018 certification, you will need to undergo an audit by a third-party certification body to ensure that your OHSMS (Operational Health and Safety Management System) and its processes comply with the clauses of the standard itself. Preparation for the audit and the actual audit itself can be a very nervous time for people within the organization, especially if they are not used to dealing with external audit bodies. The good news is that your auditor will certainly take all that into account, so there is no real need to worry.
However, having some sort of idea in terms of the questions the auditor may ask can help reassure the team and provide an extra level of focus at the time it will be needed most. In fact, our article The brain of an ISO auditor – what to expect at a certification audit can help you understand how the auditor will be thinking in terms of what he needs to ask at your audit. So, what questions is the auditor most likely to ask?
What evidence will the auditor require?
As stated above, the auditor’s main function is to ensure that your documentation, processes, and actions comply with the ISO 45001 standard, and that evidence can be produced to prove this. So, if we think from that point of view there are some questions he/she is almost certain to ask:
- Are all the clauses in the standard met? From the moment the auditor enters your organization’s premises, this will be what he/she is tasked to find out. It is normal that the auditor will break the clauses and requirements down an element at a time, but the final requirement will be to ensure that compliance versus the standard is there. For example, can you ensure that all of your mandatory documentation is covered? For more details on this, please see the article List of mandatory documents for ISO 145001. Ensure that you have a copy of the standard, know it well, and have carefully worked through it to be sure your organization complies.
- Have you held a management review? This is the critical starting point for your OHSMS in terms of ensuring that there is top management input and that objectives are established correctly, as well as having the ability to ensure that the cycle of review and improvement exists when your OHSMS is running. You can read more in the article How to perform management review in ISO 45001.
- Have you recorded incidents, accidents, and near misses? And, if so, do you have evidence to show that you have undertaken the correct processes after an accident, and have a process whereby action is taken to prevent near misses from being repeated and becoming accidents in the future?
- Are your processes consistent? You will need to prove that your processes – whether documented or not – are consistent internally in the way they are used, and that they meet the terms of the standard. This also leads to the question regarding whether the effectiveness of processes has been reviewed, which will encourage continual improvement – the element that underpins the standard itself.
- Have you completed the critical functions of the OHSMS? Have you assessed risks and hazards correctly? Have you performed corrective action in the cases where something has gone wrong? Have you completed internal audits with satisfactory outcomes and actions to guarantee improvement to your OHSMS? Have you documented these accurately as evidence? These elements are all central to running a successful OHSMS, you can be sure the auditor will focus on these to a large extent; therefore, it is wise to prepare. Also, be sure to remember that while these elements are critical, they only make up part of the clauses you will be audited against!
- Can you demonstrate competence, awareness, and evidence of training? Especially in matters of health and safety, it is critical that your team can demonstrate that they are aware of processes, communications that may have taken place, and are generally aware enough to operate safely within your organization. Ensure that your employees realize that it is very likely that the auditor will come and speak to them, and instruct them on how to react. There is no need to be nervous, but being articulate, truthful, and honest will help greatly.
- Can you demonstrate improvement? As stated previously, this is necessary to demonstrate your organization’s compliance with ISO 45001. It is therefore certain that the auditor will ask a member of the team about how this is obtained and evidenced. Be prepared for this.
How you can make the audit smoother for your organization and people
It is wise to remember that the auditor is trying to help you pass, not trying to make you fail. Anticipating the questions he will ask will undoubtedly help you to prepare your employees and ensure that they are less nervous, as well as helping you to ensure that you have all your respective boxes ticked in terms of meeting the clauses of the standard. Remember that the auditor is trying to help you make sure your organization remains a safe place to work, not trying to trip you up. Lastly, should the auditor have any observations or recommendations during the audit, be sure that you take them on board and use them to help you improve your OHSMS. Good luck!
For more on what the certification audit will look like, see the whitepaper: What to expect at the ISO certification audit: What the auditor can and cannot do
