You are an audit team leader conducting a Stage 2 audit of a Financial Services Provider. You are currently interviewing the organisation's Risk and Compliance Officer, who appears very competent when it comes to the management of business risks. As the Risk and Compliance Officer, she is also identified as having lead responsibility for the management of OH&S risk, and you are now seeking evidence that she understands the requirements relating to risk that are contained within ISO 45001. During your conversation, she makes the following six statements about risk within an ISO 45001-based OHSMS. Which four of his statements are correct?
Correct Answer: B,C,E,F
Analysis of Options: A . The organisation must attempt to identify and address every risk it faces: Incorrect. ISO 45001 focuses on OH&S risks and not every risk faced by the organization. B . The effect of uncertainty (i.e. risk) can result in positive outcomes as well as negative ones: Correct. Clause 3.20 defines risk as the "effect of uncertainty," which may result in positive or negative outcomes. C . Although organisations are required to carry out risk management, the method by which they do so is up to them: Correct. ISO 45001 does not prescribe specific risk management methods, leaving the organization to choose the approach that best suits its context (Clause 6.1.2). D . Risk assessment is an activity that must be carried out by top management: Incorrect. Risk assessment can involve workers and other personnel; it is not limited to top management. E . The organisation is required to assess risks arising from OH&S hazards: Correct. Clause 6.1.2.2 requires organizations to assess OH&S risks associated with hazards. F . Risk is often expressed as a combination of likelihood and impact: Correct. This is a common way to express risk, aligned with Clause 6.1.2. ISO Reference: Clause 3.20: Definition of risk. Clause 6.1.2: Hazard identification and risk assessment
Question 7
What does ISO 45001 say are the hazards that have to be considered when planning a health and safety management system? Select the ONE best answer.
Correct Answer: A
ISO 45001:2018 requires a holistic approach to occupational health and safety. This means considering all aspects that could impact worker well-being, not just obvious physical hazards. The correct answer encompasses work activities (the tasks themselves), workplace design (the physical environment), and human factors (psychological and social aspects like working hours and harassment). It's the most comprehensive and aligned with the standard's philosophy ISO 45001:2018, Clause 6.1.2, outlines requirements for hazard identification. Hazards to consider include work activities, workplace design, human factors, and social factors that may impact OH&S. These go beyond traditional physical risks and include psychosocial and organizational hazards. Analysis of Options: * A. Work activities, workplace design, and human factors such as hours of work and bullying and harassment:Correct. This comprehensively addresses hazard categories outlined in ISO 45001, Clause 6.1.2. * B. Work activities where there is the possibility of danger:Too general. ISO 45001 includes broader categories of hazards, including those related to organizational and social factors. * C. Hot-work, working at height, enclosed space entry, and work on electrical equipment:Too narrow. These are specific hazards but do not encompass the full range outlined in ISO 45001. * D. Work hazards and environmental factors such as bad weather:Incomplete. While environmental factors are relevant, ISO 45001 also includes workplace design, human factors, and psychosocial hazards. ISO References: * Clause 6.1.2.1: Hazard identification. * Annex A.6.1.2: Examples of hazard categories, including workplace design and human factors.
Question 8
You have been assigned by the audit team leader to evaluate the process of complying with application legislation. Which three of the following statements about the evaluation of compliance are true?
Correct Answer: B,G,H
Comprehensive Detailed Explanation along with All ISO 45001 Audit References Clause 9.1.2 of ISO 45001:2018 outlines the need for organizations to evaluate compliance with applicable legal and other requirements as part of their OH&S management system. Analysis of Options: * A. The organization must evaluate its compliance status at least once a year:The standard does not prescribe a specific frequency but states that evaluations must be conducted at planned intervals. * B. 'Other requirements' include requirements that the organization has chosen to comply with: Correct. Other requirements may include voluntary standards, industry codes, or contractual obligations. * C. A management review is required in all instances where one or more legal requirements are not being met:This is not true. Management reviews address compliance but are not mandated for every noncompliance. * D. Every member of an audit team must have a detailed understanding of the legal requirements for the sector and type of organization they are auditing:Not true. Auditors must have general competency but can rely on subject-matter experts for legal specifics. * E. If the organization is failing to address a legal requirement relating to another discipline (e.g., Environmental management), this cannot be raised in the audit:Not true. If the legal noncompliance impacts OH&S, it can be raised. * F. The organization cannot outsource its process for evaluating compliance:The organization can outsource evaluation but retains accountability. * G. The organization is required to establish a process for evaluating compliance:Correct. Clause 9.1.2 requires a process for compliance evaluation. * H. The organization is required to evaluate its compliance status with OH&S legal and other requirements:Correct. Clause 9.1.2 explicitly states this requirement. ISO References: * Clause 9.1.2: Evaluation of compliance. * Clause 7.5: Documented information requirements
Question 9
You are in the closing meeting of a second-party audit to ISO 45001. Which three of the following topics are most likely to come for discussion?
Correct Answer: C,D,E
The closing meeting of a second-party audit focuses on the findings, conformance to agreed requirements, and areas for improvement. ISO 19011:2018 provides guidance on closing meetings, stating that the results of the audit, including conformity with criteria, must be reviewed and agreed upon. Analysis of Options: A: The names and email addresses of attendees at the closing meeting: Irrelevant. Attendance details are not part of the audit discussion. B: The extent of the auditee's documented information system: While relevant during the audit, it is not typically a focus in the closing meeting. C: The extent to which the auditee is conforming to OH&S requirements in supply contracts: Correct. Second-party audits often assess compliance with contractual requirements. D: The extent to which the auditee conforms to ISO 45001 requirements: Correct. The core purpose of the audit is to evaluate conformity to ISO 45001. E: The nature of the trading relationship between the organizations: Correct. The trading relationship often shapes the scope and context of second-party audits. F: Whether the audit has correctly performed in current contracts with other customers: Irrelevant. The focus is on the specific audit, not contracts with other customers. G: Whether the work instructions for a specific OH&S process are focused on efficiency: Irrelevant. Efficiency is not the primary focus of an OH&S audit. ISO Reference: ISO 19011:2018, Clause 6.6.1: Conducting the closing meeting. ISO 45001:2018, Clause 9.2: Internal audit requirements.
Question 10
A well-known fast-food organisation (ISO 45001 certified) contracts young people to deliver orders; last week one of them died in a street accident riding for the first time a new motorbike provided by the organisation. You will lead the recertification audit in two weeks, and you plan to prepare a checklist to investigate this incident. The following are potential questions you might ask; match them to the related ISO 45001 clause/subclause.
