HOW TO CONDUCT OHS&MS AUDITS EFFECTIVELY...ISO 19011:2018- Guidelines for auditing management systems 20 1. Scope 2. Normative References 3. Terms and Definitions 4. Principles of

1

© 2018 3FOLD Education Centre . All rights reserved . [email protected] . www.3foldtraining.com . 800 3FOLD

ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

HOW TO CONDUCT

OHS&MS AUDITS EFFECTIVELYas per ISO 45001:2018 & ISO 19011:2018

PMI, PMP, PMBOK and the PMI Registered Education Provider logo are registered marks of the Project Management Institute, Inc.


ISO

45

00

1:2

01

8 INTRODUCTION

http://www.google.ae/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwiPh6zwqoLQAhUHORoKHeSrCygQjRwIBw&url=http://www.fotosearch.com/CSP204/k2047774/&bvm=bv.137132246,d.ZGg&psig=AFQjCNFCsC1cgQHi7ObcGRfuEyK_BADunA&ust=1477909648333493

2


ISO

45

00

1:2

01

8


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

At the end of the Seminar, please fill the Feedback Form! (Yellow sheet in your notebook)

Return the feedback form at the reception!

3


ISO

45

00

1:2

01

8

Objectives• Introduction to Audit of ISO 45001:2018

• Purpose & Benefits

• Key Terms & Definitions related to audit

• Overview of ISO 45001:2018


• Types & Stages of Audit

• Documented Information and managing Audit

Audit Programme, Audit Plan

Audit Checklist, Audit Methods

Opening Meeting, NCR, Closing Meeting

Audit Report , Audit closure and Audit Follow-Up

• Competence and Evaluation of auditors

• Golden Rules of Audit

• Critical Success Factors

• Clarifications / Questions


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Keeping workers healthy and safe at work

4


ISO

45

00

1:2

01

8

OH&S Management:

OH&S management controls the conditions and factors that affect, or could affect, the health and safety of workers (including temporary workers and contractor personnel), visitors, or any other person in the workplace, to avoid their ill health and/or injury

ISO 45001:2018: (March 2018)

• ISO 45001 defines the Requirements for OH&S management system including the Guidance on its use

• ISO 45001 management system provides a framework to establish OH&S management policies, objectives, processes and governance, and facilitates an organization's achievement of its strategic goals; Based on Annx SL

• ISO 45001 utilizes a structured, effective, and efficient process that drives continual improvement for an organization's OH&S performance


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Objectives & Benefits

9

• Developing and implementing an OH&S Policy and OH&S Objectives

• Establishing systematic processes which consider its “ context ” and which take into account its risks and opportunities, and its legal requirements and other requirements

• Determining the hazards and OH&S risks associated with its activities; seeking to eliminate them, or putting in controls to minimize their potential effects

• Establishing operational controls to manage its OH&S risks and its legal requirements and other requirements

• Increasing awareness of its OH&S risks• Evaluating its OH&S performance and seeking to improve it, through taking

appropriate actions• Ensuring workers take active role in OH&S matters

5


ISO

45

00

1:2

01

8

V 1.0

Annx SL: Advantages

Uniformity in documentation, implementation and audit efforts Enables accelerated focus Less conflicts Avoid duplication of Implementation efforts Prevent confusion/disorder Optimized efforts, time, resources Ease of management of multiple Management systems Enables seamless ONE-IMS

Annex SL, developed by ISO, is an underlying framework designed to provide a standardized and consistent approach to implementation, ongoing maintenance, and continual improvement of a management system.

11

AUDITABLE


ISO

45

00

1:2

01

8

V 1.0

Snapshot of BS OHSAS 18001:2007

1999: OHSAS Project group developed OHSAS 18000 series2007: OHSAS 18001 revised2007: BSI adopted it and published as “BS OHSAS 18001:2007”; Not an International Std2018: ISO adopted OHSAS 18001 and published ISO 45001:2018 as the first International Std on OH&S

NOTE: ISO 18000 exists, but for RFID

6


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Requirements of ISO 45001:2018 in brief

13

1. Scope2. Normative References

3. Terms and Definitions

4. Context of the Organization4.1 Understanding the Organization and its context 4.2 Understanding the needs and expectations of workers and other interested

parties4.3 Determining the Scope of OH&SMS4.4 OH&S Management system

5. Leadership and worker participation5.1 Leadership and commitment5.2 OH&S Policy5.3 Organizational Roles, Responsibilities and authorities5.4 Consultation and participation of workers

6. Planning 6.1 Actions to address risks & opportunities

6.1.1 General6.1.2 Hazard identification and assessment of risks & opportunities6.1.3 Determination of legal and other requirements6.1.4 Planning action

6.2 OH&S Objectives and planning to achieve them6.2.1 OH&S Objectives6.2.2 Planning to achieve OH&S Objectives

Continued…..

New

New

New

New

New

New

‘New’: with reference to BS OHSAS 18001


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Requirements of ISO 45001:2018 in brief

14

7. Support7.1 Resources7.2 Competence7.3 Awareness7.4 Communication

7.4.1 General7.4.2 Internal Communication7.4.3 External Communication

7.5 Documented Information7.5.1 General7.5.2 Creating and updating7.5.3 Control of documented information

8. Operation8.1 Operational Planning and control

8.1.1 General8.1.2 Eliminating hazards and reducing risks8.1.3 Management of Change 8.1.4 Procurement

8.2 Emergency Preparedness and Response

Continued…..

9. Performance Evaluation9.1. Monitoring, measurement , analysis and performance

evaluation9.1.1 General9.1.2 Evaluation of Compliance

9.2 Internal audit9.2.1 General9.2.2 Internal audit programme

9.3 Management Review

10. Improvement10.1 General 10.2 Incident, nonconformity and corrective action10.3 Continual Improvement

Annex A: Informative – Guide to use ISO 45001:2018

Continued…..

NewNew

New

7


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Management system cycle

• ISO 45001:2018

Audit Criteria

• Procedures

• W.I

• SOPs

Documented information maintained • Monitor

• Control

• Review

Implement

• Records

• Results

• Outputs

Documented information retained

• Continual Improvement

Improvement

• Internal

• External

• ISO 19011

Audit


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

[1] ISO 9000:2015, Quality management systems — Fundamentals and vocabulary[2] ISO 9001:2015, Quality management systems — Requirements[3] ISO 14001:2015, Environmental management systems — Requirements with guidance for use[4] ISO 19011:2018, Guidelines for auditing management systems[5] ISO 20400, Sustainable procurement — Guidance[6] ISO 26000, Guidance on social responsibility[7] ISO 31000, Risk management — Guidelines[8] ISO 37500, Guidance on outsourcing[9] ISO Guide 73:2009, Risk management — Vocabulary[10] IEC 31010, Risk management — Risk assessment techniques[11] ILO. Guidelines on occupational safety and health management systems, ILO-OSH 2001.[12] ILO. International Labour Standards (including those on occupational safety and health).[13] OHSAS 18001:2007 Occupational health and safety management systems — Requirements [14] OHSAS 18002. Occupational health and safety management systems — Guidelines for theimplementation of OHSAS 18001:2007[15] ISO 17021-10 Conformity assessment -- Requirements for bodies providing audit and certification of occupational health and safety management systems was published in March 2018; it highlights the competence requirements for auditing and certification of OH&S management

ISO 14001:2015- EMS Family of/related standards

8


ISO

45

00

1:2

01

8

V 1.0

Approach to Audit Management(based on ISO 19011:2018)

Process based Risk based thinking Audit Programme Audit Plan Audit Checklist Opening Meeting Conducting audits, Audit Methods NCRs Closing Meeting, Audit Report Closure and Follow Up Competency of auditors

1-day Workshop in Auditing IMS 17


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Key Terms & Definitions related to audit:

18

• Audit: Systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled

• Audit programme: Arrangements for a set of one or more audits planned for a specific time frame and directed towards a specific purpose

• Audit Scope: Extent and boundaries of an audit

• Audit Plan: Description of the activities and arrangements for an audit

• Audit Criteria: set of requirements used as a reference against which objective evidence is compared

• Objective evidence: Data supporting the existence or verity of something

• Risk: Effect of uncertainty

• Conformity: Fulfillment of a requirement

• Nonconformity: Non-fulfillment of a requirement

• Competence: Ability to apply knowledge and skills to achieve intended results

9


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

19

ISO 19011:2018


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

ISO 19011:2018- Guidelines for auditing management systems

20

1. Scope

2. Normative References


4. Principles of auditing

5. Managing an audit programme

5.1 General

5.2 Establishing the audit programme objectives

5.3 Determining and evaluating audit programme risks and opportunities

5.4 Establishing the audit programme

5.5 Implementing the audit programme

5.6 Monitoring audit programme

5.7 Reviewing and improving the audit programme

Integrity, Fair presentation, Due professional care, Confidentiality, Independence, Evidence-based approach and Risk based approach

Audit programme: Arrangements for a set of one or more audits planned for a specific time frame and directed towards a specific purpose

10


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18


21

1. Scope

2. Normative References


4. Principles of auditing

5. Managing an audit programme

5.1 General

5.2 Establishing the audit programme objectives

5.3 Determining and evaluating audit programme risks and opportunities

5.4 Establishing the audit programme

5.5 Implementing the audit programme

5.6 Monitoring audit programme

5.7 Reviewing and improving the audit programme

6. Conducting an audit

6.1 General

6.2 Initiating the audit

6.3 Preparing audit activities

6.4 Conducting the audit activities

6.5 Preparing and distributing the audit report

6.6 Completing the audit

6.7 Conducting the audit follow-up


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18


22

7.Competence and evaluation of auditors

7.1 General

7.2 Determining auditor competence

7.3 Establishing auditor evaluation criteria

7.4 Selecting the appropriate auditor evaluation method

7.5 Conducting auditor evaluation

7.6 Maintaining and improving auditor competence

7 Competence and evaluation of auditors7.1 General7.2 Determining auditor competence

7.2.1 General7.2.2 Personal behavior7.2.3 Knowledge and skills

7.2.3.1 General7.2.3.2 Generic knowledge and skills of MS auditors7.2.3.3 Discipline and sector-specific competence of auditors7.2.3.4 Generic competence of audit team leader7.2.3.5 Knowledge and skills for auditing multiple disciplines

7.2.4 Achieving auditor competence7.2.5 Achieving audit team leader competence

7.3 Establishing auditor evaluation criteria7.4 Selecting appropriate auditor evaluation method7.5 Conducting auditor evaluation7.6 Maintaining and improving auditor competence

11


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Types & Stages of Audit

Check lists

Audit Team Briefing

AuditorTraining / Qual

Audit Team

Decision

Training Materials

Roles & Resp.

Preparation

Audit Plan

Opening Meet

Conduct

Auditing

Closing Meet

Individual Reporting

Consolidated Reporting

Communicate the Report

Follow up

Corrective Actions

Follow Up

Input to MRM

Audit

Preliminary

Pre-Audit Post-Audit

Scope & Criteria

Actions & Improvements

Types: 1st party, 2nd party and 3rd party audits

Stages of audit


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

AUDITOR SKILLS & ATTRIBUTES

Attributes• Ethical

• Open-minded

• Diplomatic

• Punctual

• Professional

• Versatile

• Tenacious

• Un-biased

AUDIT SKILLS• Planning

• Listening

• Observing

• Interview

• Analyzing

• Reporting

• Reviewing

• Judgment

KNOWLEDGE • Process / Function

• Compliance Requirements

• Audit Criteria

12


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18


Determining auditor competence to fulfil the needs of the audit programme

Auditor is required to have appropriate knowledge and skills in

— the size, nature and complexity of the organization to be audited— the management system disciplines to be audited— the objectives and extent of the audit programme— other requirements, such as those imposed by external bodies— the role of the audit process in the management system of the auditee— the complexity of the management system to be audited— the uncertainty in achieving audit objectives

Ref: ISO 19011:2018 > Clause 7.2.1


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18


Personal behaviour of auditor

Ref: ISO 19011:2018 > Clause 7.2.2

Auditors should exhibit professional behaviour during the performance of audit activities, including being

— ethical, i.e. fair, truthful, sincere, honest and discreet— open-minded, i.e. willing to consider alternative ideas or points of view— diplomatic, i.e. tactful in dealing with people— observant, i.e. actively observing physical surroundings and activities— perceptive, i.e. aware of and able to understand situations— versatile, i.e. able to readily adapt to different situations— tenacious, i.e. persistent and focused on achieving objectives— decisive, i.e. able to reach timely conclusions based on logical reasoning and analysis— acting with fortitude, i.e. able to act responsibly and ethically— decisive, self-reliant, open to improvement, culturally sensitive, collaborative

13


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Documented Information

27

Documented information to be

…maintained …retained

by the auditee and the auditor organizations


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Documented Information

28

Audit Check-List

• What is a Checklist

• Contents

• Advantages

Audit Programme

• What is an Audit Programme

• Contents

• Advantages

Audit Plan

• What is an Audit Plan

• Contents

• Advantages

Nonconformity Report

• What is Nonconformity Report

• Contents

• Advantages & Closure

Audit Report

14


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

OH&SMS Audit Programme


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

OH&SMS Audit Plan

15


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Sampling: Specimen Standards

ISO 2859-5:2005 (confirmed in 2014): The sampling schemes defined are applicable, but not limited, to the inspection of end items, components and raw materials, operations, materials in process, supplies in storage, maintenance operations, data or records, and administrative procedures

ISO 2859-3:2005 : The skip-lot sampling procedures specified are applicable to, but not limited to, inspection of end items, such as complete products or sub-assemblies, components and raw materials, and materials in process.

ISO 1920-X: Specifies procedures for the sampling of fresh concrete. The samples are used for the testing of properties of fresh concrete, or for making test specimens to determine the properties of hardened concrete.

ISO 3165:1976 (confirmed in 2018): Sampling of chemical products for industrial use -- Safety in sampling:Gives general recommendations applicable to all operations whatever the nature of the material being sampled is. Relates to safe access to and from the place where the sample is taken from and a safe working place with adequate safety regulations. Contains specific recommendations for hazardous products. The physical and chemical properties may be such that they can have a direct physiological effect or that fire or explosion risks are present during handling


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Audit Checklist-1

16


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Audit Checklist-2


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Audit Checklist-3

To be updated by the Auditor while ‘Conducting the Audit’ .

With this, ‘Preparation for Audit’ is complete.

17


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Opening Meeting

The purpose of the Opening Meeting is to:

1. Confirm the agreement of all participants (e.g. auditee, audit team) to the Audit Plan

2. Introduce the audit team and their roles

3. Ensure that all planned audit activities can be performed

Ref: ISO 19011:2018 > Clause 6.4.3 Conducting opening meeting

• Formal in 2nd party and 3rd party audits

• Less formal in 1st party/Internal audits


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

18


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Ref: ISO 19011:2018 > Annx B > Table B.1


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

19


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18



ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18


20


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18



ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18


21


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18



ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

22


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Audit Report

continued……


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Audit Report

continued……

23


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18


ISO

45

00

1:2

01

8

Follow Up

Agreed Corrective Action Plans are planned and

followed up by the Certification Body usually in a

scheduled visit/audit

In some cases, the Follow Up action for

verification/review of CAP may take place during

next Surveillance visit

24


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18


ISO

45

00

1:2

01

8

Surveillance/Re –Certification Audits

The 3rd party certifications are valid for 3 years

Surveillance Audits are required every year to

monitor the certification

Re-certification Audits are held before the

expiry of current certification

25


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Auditor Competence Development

53

• Risk based approach

• Auditors shall be competent

• Criteria for competence to be defined

• Competence development programs & Refresher

• Avoid “One Man Army” approach

• Auditor independence to be ensured


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Golden Rules of Audit

54

• Check for conformity & effectiveness

• ‘Improvement’ is important

• Balanced observation, listening, interviewing

• Be diplomatic as well as Professional

• Communication, Coordination & Follow up shall be effective

26


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Critical Success Factors - Leadership

55

• Leadership Commitment

• Empowerment for the Audit Team

• Enforcement within organization

• Top Management shall set an example to respect the Audit

• Communication and Support for the audit


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Critical Success Factors : Audit Team

57

• Competence development (Cross functional)

• Audit beyond checklist

• Communication, Coordination & Follow up shall be effective

• Focus value addition than completing the task

27


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Critical Success Factors : Process Owners

58

• Transparency during audit

• Corrective Actions – Effective / Timely

• Pro-active feedback till close-out

• Seek value addition rather than saving faces


ISO

45

00

1:2

01

8

Objectives Achieved?• Introduction to Audit of ISO 45001:2018

• Purpose & Benefits

• Key Terms & Definitions related to audit



• Types & Stages of Audit

• Documented Information and managing Audit

Audit Programme, Audit Plan

Audit Checklist, Audit Methods

Opening Meeting, NCR, Closing Meeting

Audit Report, Audit closure and Audit Follow-Up

• Closing Meeting

• Golden Rules of Audit and Closure

• Clarifications / Questions

28


ISO

45

00

1:2

01

8IS

O 4

50

01

:20

18

Clarification… If any?

01/09/2016 60


ISO

45

00

1:2

01

8

END OF THE SESSIONPlease return the feedback form at the reception!

Documents

HOW TO CONDUCT OHS&MS AUDITS EFFECTIVELY...ISO 19011:2018- Guidelines for auditing management systems 20 1. Scope 2. Normative References 3. Terms and Definitions 4. Principles of