Audit Related Terminologies:

Audit - A term used to describe the physical examination of actual practice, or the
results achieved, for an activity and the comparison with requirements detailing
what should be done and how it should be done, or the results that should have
been achieved.

Auditing - is primarily a feedback mechanism for the purpose of providing

confidence that a process or system is capable of providing acceptable outputs or
outcome

System/Process/Product Audit – Audit to verify the effective implementation of a

system/process or that a product complies with requirements.

Internal Audit – Audit undertaken by an organization on its own system, process

or product.

Audit client – Organization or person requesting an audit and requiring the audit
information

Audit Criteria – Set of policies, procedures or requirements that the auditor is

verifying conformity with

Audit findings – Facts obtained by the auditor indicating conformity or

nonconformity with the audit criteria.

Audit Scope – Those parts of the organization that are to be subject to audit
activity.

Auditee – The organization or person being audited

Auditor – A person with the authority to undertake an audit

Inspection – The true meaning relates to the physical inspection of a tangible item
for the purpose of verifying that it meets the specified requirements, and is suitable
for continued processing or delivery.

Nonconformity – Factual evidence that indicates that there is a situation that does
not meet specified requirements.

Objective evidence – Evidence that exists such as records, or other information

including observations

1. Requirements to become certified as an Internal auditor, Provisional

Auditor, Lead Auditor or Principal Auditor:
 • Educational and Professional Qualifications
• Work Experience
• Audit Experience
• OHSAS Auditor Training

2. What is Occupational Health and Safety?

Is defined within the International Standard OHSAS 18001:2007 as including

the conditions and factors that can affect the well-being of any persons within
the workplace

3. Continual Improvement – The process of enhancing the overall OH&S

Management System to achieve and improve the OH&S performance in line
with OH&S Policy.

4. What are the benefits of OH&S Management System

• Reduce incidents in the workplace

• To set measurable objectives
• Reduce financial loss
• Maximize the well being and productivity of all people working for an
organization
• Stop people from getting injured, ill or killed through work activities
• Improve the organization’s reputation in the eyes of customers,
competitors, suppliers, other stakeholders and the wider community
• Avoid damaging effects on turnover and profitability
• Encourage better relationships with contractors and more effective
contracted activities and
• Minimize the likelihood of prosecution and consequent penalties.

5. Client is requesting not to include in the audit legal requirements.

What should you do as an auditor?

• Be polite to convince the client to proceed with the audit

• Persuade to continue the audit.
• Explain to the client politely that the audit for legal requirements
cannot be deleted or removed.

6. During closing meeting top management is not around. As an

auditor, how you will handle the situation?

• Find out why nobody is there.

 • Find out how long it will take for them to be away for the closing
meeting.
• Find out any senior or Deputy Management Representative.
• Hand-over the report to the secretary and leave a message to be
brought to the top management that the findings and conclusion of the
audit will be discussed over phone.
• Should not get panic.

7. What is the difference between OHSAS 18001 and OHSAS 18002?

OHSAS 18001 is an assessment specification for Occupational Health and

Safety Management System. It provides guidelines for development of
companies OH&S Management System to meet their health and safety
obligations in an efficient manner. It is compatible with ISO 9001 and ISO
14001 and certification is possible.

OHSAS 18002 provides guidelines for implementation of OHSAS 18001. It

explains the requirements of this and how to work towards implementation
and registration. Certification is not possible.

8. List at least EIGHT (8) issues that an organization must consider

when implementing risk assessment method.

• A-J from the OHSAS 18001 Standard 4.3.1 clause

9. A construction company certified with OHSAS 18001 for more than a

year, two months ago one (1) incident fall from height occurred. As
an auditor how do you approach the surveillance audit? List 10
things

• Ask or verify for incident report.

• Check if the incident was communicated to the regulatory bodies.
• Verify if emergency procedure was effective or not.
• Check Hazard Identification and Risk Assessment record and verify if
the activity “working at height” was identified.
• Check if control measures have been identified and verify for
effectiveness.
• Check if legal requirements have been complied or not.
• Check for the root cause of the incident.
 • Check for training records.
• Check for performance monitoring.
• Check for corrective and preventive action.

10. Give two (2) reasons why hazard identification is important?

• Hazard identification is the foundation of OH&S Management system.
• To identify actual and any potential hazards and quantify associated
risks
• To identify actions necessary to control or reduce the hazards to a
tolerable level.
• To manage the risk
• To know relevant legal requirements
• Hazard identification is necessary for planning for emergencies.
11. How can an auditor verify for effectiveness of Hazard
Identification and Risk Assessment?

• Check for availability of Standard Operating Procedure for Hazard

Identification and Risk Assessment.
• Check if Hazard identification and Risk Assessment methodology
applies consistently in all processes.
• Verify the effectiveness of control measures on site.
• Verify statistics of repeated incidents.

12. Situation: Acid Spillage at XYZ Company. Identify or list

potential non-conformances.

• Emergency preparedness and response was not reviewed. A non-

conformance against 4.4.7 clause
• Effectiveness of corrective and preventive action was not reviewed. A
non-conformance against 4.5.3(e) clause
• Proposed actions not taken through a risk assessment.

13. Audit trail to check effectiveness of “Acid Production Process”.

List 12 questions to proceed with the audit trail.

• Verify if hazard identification and risk assessment have been identified

or not.
• Verify if determination of control measures has been identified or not.
• Verify if any high risks are identified and steps or control measures are
implemented to eliminate or reduce the risk.
• Verify if objectives and key performance indicators have been
established or not.
 • Verify if maintenance issues has been considered when identifying
controls.
• Verify if legal and other requirements are identified or not.
• Verify whether legal and other requirements have been communicated
or not.
• Verify if training needs are identified and provided to people involved
in the process.
• Verify if roles, responsibilities, accountabilities, and authority have
been identified and communicated.
• Verify how training needs are identified after occurrences of any
incident.
• Verify how performance has been monitored.
• Verify if emergency preparedness and response plan is in place or not.
• Verify if document control procedure is in place or not.

14. What does the term “tolerable risk” mean?

• A risk that has been reduced to a level that can be tolerated by the
organization having regard to its legal obligations and its own OH&S
policy.

15. Define the terms ‘safety’ and ‘risk’.

• Safety – The state of being safe, free from danger, risk or injury.
• Risk – is the combination of the likelihood of an occurrence of hazardous
event or exposures and the severity of injury or ill-health that can be
caused by the event or exposure.

16. Describe two situations when it would be appropriate to add

further safety audits to the internal audit programme.

• If the size of organization is big.

 • Complexity of the site

• Areas that require more serious attention

17. Give four factors that should be considered when preparing

OH&S Management System internal audit programme.

• Preparation of the audit by notifying departments to be audited; scope,

date and time are agreed.

• Auditor Selection and Training

• Audit Scheduling – Audit plan

• Preparation of audit checklist and audit report form.

18. An experienced H&S auditor has been instructed to carry out

an audit of some contractors who have arrived on site to perform
some work. List 5 things that the auditor should review in such
audit. (5 marks)

• The contractor’s previous experience with the type of work.

• The content and quality of the contactor health and safety policy and
risk assessment.

• The level of training and qualification of staff.

• Accident enforcement history.

• Membership of accreditation or certification bodies.

• Equipment maintenance and statutory records.

• Detailed proposal e.g. method statements for the work to be carried

out.
19.While examining racking in a stores area you noticed that the
racking has been damaged. List four audit trails you would develop
specifically in relation to the damaged racking. (5 marks)

• Verify accident/incident investigation report.

• Check for the root cause of the damage.
• Check for corrective and preventive action.
• Check Hazard Identification and Risk Assessment record and verify if
the activity was identified.
• Check if legal requirements have been complied or not.
• Check for training records.
• Check for safety inspections carried out.

20. During day one of a third party audit scheduled for two days a
fire occur and you are asked to leave the building. What approach
would you take following this incident? (5 marks)

• Alert others by sounding the fire alarms.

• Should not panic.
• Proceed to the nearest exit by walking fast.
• Once outside, move directly to a safe area. Remain there until
directed otherwise.

21. Why must an auditor apply sampling techniques during an

OH&S audit and what issue should the auditor consider when
deciding the number of samples to assess in order to determine the
effectiveness of an organization’s operational controls’? (5 marks)

•
22. A construction company has been certified to OHSAS 18001 for
more than a year. Two months ago the company had an acid spill
during which an injury was sustained by an electrician working in
the area. This resulted in a hospital visit and a week off work. You
are the third party auditor preparing for the first surveillance audit
since the spillage.

Based on this information, outline your approach to the audit by

giving four (4) key issues you would follow, clearly stating what you
would look for. (10 marks)

• Verify if hazard identification and risk assessment have been identified

or not.
• Verify if determination of control measures has been identified or not.
• Verify if any high risks are identified and steps or control measures are
implemented to eliminate or reduce the risk.
• Verify if objectives and key performance indicators have been
established or not.
• Verify if maintenance issues has been considered when identifying
controls.
• Verify if legal and other requirements are identified or not.
• Verify whether legal and other requirements have been communicated
or not.
• Verify if training needs are identified and provided to people involved
in the process.
• Verify if roles, responsibilities, accountabilities, and authority have
been identified and communicated.
• Verify how training needs are identified after occurrences of any
incident.
• Verify how performance has been monitored.
 • Verify if emergency preparedness and response plan is in place or not.
• Verify if document control procedure is in place or not.

23.In reviewing the legislation that may affect the content of the
emergency response procedure, what sources of information might
you as the auditor expect to see being consulted by the
organization? (5 marks)

• Risk Assessment

• Inspection Reports

• Accident/Incident records

• Safety committee reports

• Medical records

• Maintenance reports

24. You are planning to undertake the stage 2 of a third party

audit of an organization wishing to gain ISO 18001 certification. As
the audit team leader what factor would you consider when
selecting your audit team? (5 marks)

The team leader will select the audit team by considering the following criteria:

a) Audit objectives, scope, criteria and estimated duration of the audit.

b) Whether it is a combined or joint audit.
c) Overall competence of audit team to achieve audit objectives.
d) Statutory, regulatory, contractual and accreditation/registration requirements, as
applicable.
e) Independence of the audit team and avoiding conflict of interest
f) Ability of audit team to interact with each other and with Auditee.
g) Language of the audit and an understanding of auditee’s social and cultural
characteristics.
h) The need for a technical expert.
i) Availability of competent audit team members.
25. What elements might an auditor expect to see that
demonstrate that an effective management review process is
established? Describe the typical issues that should be covered? (10
marks)

26. When assessing the Accident Investigation process:

State the four phases of an accident / incident investigation that you

would expect the organization to undertake? (4 marks)

List 8 issues that an auditor must consider when assessing an

accident investigation process.

27. OHSAS 18001 identifies ‘planning’ as an element of a safety

management system. Describe your understanding of what is meant
by planning and identify at least six clauses of OHSAS 18001 in your
explanation which support such an approach. (10 marks)