The PECB Certified ISO 45001 Lead Auditor Exam (ISO-45001-Lead-Auditor)

The two options that give the strongest cause for concern are E and F .

E. The oil on the floor might spread to other areas of the kitchen is a clear OH and S concern because the spilled oil already presents a slip hazard in the work area and could increase the risk further if it spreads. ISO 45001 requires the organization to eliminate hazards and reduce OH and S risks through operational control. A spreading oil spill shows inadequate control of a workplace hazard and poor housekeeping in an active kitchen environment.

F. Fire protection may be inadequate without adjacent safety equipment is also a strong concern. In a kitchen with hot oil, boiling water, and multiple ignition sources, the absence of visible fire extinguishers or fire blankets raises concern about the adequacy of emergency preparedness and operational control. ISO 45001 requires organizations to establish processes for emergency preparedness and response , including provision for relevant emergency equipment where needed.

Why the other options are weaker:

A is speculative and refers to the storeroom, even though the immediate issue is the unsafe condition in the kitchen.

B is an assumption about workload, not objective evidence of a system failure.

C may be true, but impurities in waste oil are not the key OH and S issue identified here.

D focuses on whether cleaning arrangements are documented, but ISO 45001 does not require every control to be a documented procedure; the stronger evidence is the unsafe condition itself.

ISO 45001 requires the organization to adapt the work to workers as part of operational planning and control. Clause 8.1.1(d) states that the organization shall plan, implement, control and maintain the necessary processes, including adapting the work to workers . Annex A.8.1.1 then gives examples, including: redefining how work is organized , redefining processes and work environments , and using ergonomic approaches in the design or modification of workplaces and equipment .

Based on that, D. Providing those who spend the majority of their working days on their computers with frequent breaks is a valid example because it adapts the organization of work to human needs and helps reduce strain and fatigue. This matches the Annex guidance about redefining how work is organized and using ergonomic approaches.

F. Amending a control station to facilitate handicapped workers is also a clear example. ISO 45001 specifically refers to using ergonomic approaches in the design of new workplaces/equipment or in modifying workplaces/equipment . Changing a control station to suit disabled workers is exactly the kind of ergonomic and workplace adaptation the standard is referring to.

G. Amending the start and finish times of processes to accommodate cultural practices is the third valid example, because Annex A.8.1.1 includes the definition or redefinition of how work is organized . Adjusting working times to suit workers’ needs is a direct way of adapting work organization to workers.

Why the others are not the best examples:

A is about competence, which relates more to Clause 7.2 Competence , not adapting work to workers.

B is not appropriate because if workers speak different languages and there are no subtitles , the communication is not being made understandable; ISO 45001 expects information to be comprehensible and identifies language barriers as participation barriers.

C relates to worker participation and consultation, not adapting work to workers.

E is good housekeeping/welfare, but not specifically an example of adapting work to workers in the sense used by ISO 45001 Annex A.8.1.1.

H relates to planning under Clause 6.1, not adapting work to workers.

Therefore, the three actual examples of adapting work to workers are:

D, F, G

Audit objectives for the audit team focus on ensuring the audit process is executed effectively, efficiently, and without causing undue disruption to the organization being audited. ISO 19011:2018 provides guidance on setting audit objectives.

Analysis of Options:

A. To reduce instances of injury and ill health: Incorrect. This is an objective of the OH and S management system, not of the audit itself.

B. To minimise risk resulting from the audit process: Correct. ISO 19011 emphasizes managing risks to the auditee and the audit process during audits (Clause 5.4).

C. To improve overall health and safety performance: Incorrect. Improving health and safety performance is an outcome of the OH and S management system, not the audit team ' s objective.

D. To complete the audit on time: Correct. Ensuring timely completion of the audit aligns with effective audit management.

E. To implement any necessary corrective action: Incorrect. Implementing corrective actions is the auditee’s responsibility, not the audit team’s.

The correct answers are E, F .

ISO 45001 Clause 8.1.4.2 Contractors requires the organization to coordinate its procurement processes with its contractors, in order to identify hazards and to assess and control the OH and S risks arising from the contractors’ activities and operations that impact the organization, the organization’s activities and operations that impact the contractors’ workers, and the contractors’ activities and operations that impact other interested parties in the workplace . It also requires the organization to ensure that contractors and their workers meet the organization’s OH and S management system requirements.

In this case, the objective evidence already found during the audit supports the nonconformity:

the hazards list did not include contractor-related hazards;

the Purchase Manager relied on trust rather than controlled OH and S coordination;

the OH and S team said chemical safety had never been a problem, which is not evidence of hazard identification, risk assessment, or control.

The email shown at the closing meeting only states that contractors carry out a site risk assessment . That does not automatically demonstrate that Shelf-Fit itself has met Clause 8.1.4.2 requirements for coordinated procurement control, hazard identification, and control of contractor OH and S risks within its own management system. Therefore, the nonconformity should not simply be withdrawn on the spot.

E. Advise management that the information provided will be reviewed at the audit follow-up stage is acceptable because the auditee can submit corrective-action evidence after the audit. The certification decision and close-out process can consider additional evidence later, but that does not erase the nonconformity already supported by audit evidence gathered during the audit.

F. Note the OHS Manager ' s comments but indicate that there is evidence of a nonconformity that needs to be addressed is also acceptable because this is exactly what the audit team leader should do at the closing meeting: acknowledge the auditee’s response, but maintain the finding where objective evidence supports it.

Why the other options are not acceptable:

A is not appropriate at the closing meeting. The audit team should base findings on evidence gathered within the audit scope and timing, not start a new off-line investigation with contractors at that point.

B is weak audit management. The audit team leader should control the discussion and decision, not hand it over informally.

C is incorrect because the information is not irrelevant; it is relevant, but not sufficient to invalidate the nonconformity.

D is not acceptable because the email does not remove the original evidence of failure in Shelf-Fit’s contractor control process.

The correct answers are A and F .

A. The auditee should review the audit plan for agreement is true because, in certification auditing practice, the audit plan is communicated to the client/auditee in advance and should be agreed regarding the practical arrangements for the audit. ISO guidance on certification auditing includes preparation of the audit plan and communication of the audit plan and audit team as part of planning audits. ( ISO )

F. The audit team leader must define the responsibilities of team members and observers is also true. ISO/IEC 17021-1 states that the audit team leader , in consultation with the audit team, shall assign to each team member responsibility for auditing specific processes, functions, sites, areas or activities . This is a direct audit-planning responsibility of the team leader. Observers are also part of the audit arrangements that must be defined and managed during planning. ( IAS )

Why the other statements are false:

B. The audit team leader should plan to interview each employee is false. Certification audits are conducted using sampling , not by interviewing every employee. Audit evidence is gathered on a representative basis. ( ISO )

C. The organisation must provide hospitality for the audit team is false. Hospitality is not a certification requirement and can raise impartiality concerns.

D. The audit team leader should audit the Occupational Health and Safety Manager is not a mandatory requirement. The audit plan must cover relevant processes, functions, activities and responsibilities, but it does not require the team leader personally to audit one named individual. ( IAS )

E. The organisation should cancel all staff leave during the audit is false. The auditee should ensure availability of relevant personnel as needed, but cancelling all leave is not an audit requirement.

Therefore, the two true statements are:

A, F

Clause 9.3 of ISO 45001:2018 outlines the requirements for management reviews. These reviews must evaluate the performance of the OHSMS and identify opportunities for improvement. Outputs of management reviews typically include decisions and actions that align with strategic and operational priorities.

Analysis of Options:

A. Decisions related to continual improvement opportunities: This is a valid output, as continual improvement is a key objective of management reviews under Clause 10.3.

B. Allocation of a bigger budget for the OHS department: Resource allocation is a common output of management reviews to address identified needs.

C. Improvements in the OHSMS: Improvements reflect the organization’s commitment to enhancing safety performance.

D. Minutes of previous management reviews: While minutes provide context, they are not an output of the current management review.

E. Opportunities to integrate the OHS management system with other business processes: Integration opportunities are valid outputs, as they enhance the system ' s effectiveness.

F. Plan to prioritize health and safety issues as a business strategy: Strategic alignment of health and safety with business objectives is an expected output.

G. Procurement of new safety harnesses for workers: This is an operational action, not a direct output of the management review process.

H. Report showing the trend of an increase in safety incidents: This is an input to the management review, not an output.

I. Updates to the risk register: Risk register updates reflect changes in identified hazards and risks, making this a valid output.

J. Worker feedback of positive and negative comments: Worker feedback is an input to the management review, not an output.

ISO References:

Clause 9.3: Management review inputs and outputs.

Clause 10.3: Continual improvement actions.

The correct answers are E, F, and H .

This situation raises three serious concerns: impartiality , professional conduct , and the reliability of the audit conclusion . Third-party auditors are expected to act honestly and impartially, and accepting gifts from the auditee is inconsistent with that expectation. The IAF auditor code of conduct says auditors must be honest and impartial and must avoid conduct that discredits the profession. ( IAF )

E is correct because the audit team leader must first consider whether the alleged behavior could compromise the validity of the audit findings and conclusion . If that risk is significant, the matter should be escalated to the individual(s) managing the audit programme for direction, since certification audits must remain competent, consistent, and impartial. ( ISO )

F is correct because the team leader should gather specific facts and then give the auditor an opportunity to respond to the allegations before deciding the next step. That is the appropriate immediate management action and is consistent with fair handling of an issue that could affect audit integrity. The concern is too serious to ignore, but it should still be examined on evidence, not assumption. ( ISO )

H is also correct because, while the matter is being addressed, moving the auditor in training away from the auditor concerned is a sensible control to protect the trainee and the audit process. It helps reduce further disruption and prevents the trainee from being exposed to more inappropriate conduct during the remainder of the audit. This is a practical audit-management response flowing from the team leader’s responsibility to maintain control of the audit team and audit activities. ( ISO )

Why the other options are not correct:

A is too immediate and inappropriate. The auditor in training cannot simply replace a qualified auditor without proper competence and authorization being confirmed.

B is premature. The audit should not be terminated immediately without first assessing the facts and the impact on the audit.

C is clearly wrong because the issue could affect the integrity of the current audit and cannot wait until later.

D is wrong and unethical; the tickets should not be accepted by anyone on the audit team. ( IAF )

G is wrong because experience does not excuse unethical or unprofessional behavior.

Clause 6.1.2 of ISO 45001:2018 emphasizes the identification of hazards and assessment of risks, and Clause 5.4 highlights the importance of consultation and communication among roles. The auditor ' s role includes verifying conformity to these clauses through evidence gathering and observation.

Analysis of Options:

A. The auditor should advise the organization to get rid of the walled area. This is outside the scope of an auditor’s role, which is to observe and report findings, not to dictate specific actions.

B. The auditor should ask the Maintenance Manager to conduct a safety survey. While safety surveys are useful, asking the Maintenance Manager to conduct one is not the auditor’s responsibility.

C. The auditor should check the lines of communication between the OHS Manager and Maintenance Manager. This aligns with ISO 45001:2018, Clause 5.4, as communication gaps may have contributed to the situation.

D. The auditor should check whether the organization has identified the safety hazards associated with the walled area. Clause 6.1.2 requires hazard identification. The auditor must determine whether this has been done.

E. The auditor should consider surveying more areas of the site for other potentially unsafe situations. Broadening the audit scope to identify additional risks is a good practice in line with Clause 9.2.2.

F. The auditor should demand that the Maintenance Manager deals with the wall. Demanding action is not within the auditor’s authority. The auditor should raise findings instead.

G. The auditor should raise a nonconformity against ISO 45001. While this may be appropriate depending on evidence, raising a nonconformity is not a replacement for good audit practices.

H. The auditor should refer the organization to health and safety authorities. This step is extreme and should only occur if there is an imminent danger and no action is being taken.

ISO References:

Clause 6.1.2: Hazard identification and risk assessment.

Clause 5.4: Worker consultation and participation.

Clause 9.2.2: Internal audit program and execution.

A first-party audit is an internal audit . In ISO management system auditing terminology, first-party audits are performed by, or on behalf of, the organization itself to evaluate its own management system. Therefore, E. Internal audit is directly correct.

A first-party audit can also be carried out as a process audit when the organization audits one of its own processes to determine whether it is planned, implemented, maintained, and effective. Since internal audits under ISO 45001 are planned and conducted over processes, functions, and areas within the OH and S management system, D. Process audit also applies.

Why the other options are not correct:

A. Certification audit is a third-party audit , carried out by a certification body, not a first-party audit.

B. Surveillance audit is also a third-party certification body activity conducted after certification.

C. Regulatory audit is performed by a regulator or authority, not by the organization on itself.

F. External audit does not describe a first-party audit, because first-party audits are internal by definition.

Therefore, the two phrases that apply to a first-party audit are:

D, E