Internal Audit Checklist
ISO45001 Toolkit: Version 1 ©CertiKit
Implementation guidance The header page and this section, up to and including Disclaimer, must be removed from the final version of the document. For more details on replacing the logo, yellow highlighted text, and certain generic terms, see the Completion Instructions document.
Purpose of this document This is a checklist to be used as a prompter for questions during an internal audit.
Areas of the standard addressed The main areas of the ISO45001 standard addressed by this document are: •
9 Performance evaluation o 9.2 Internal audit
General guidance When conducting an internal audit, it can be useful to have a list of standard questions to ask, organized according to the sections of the ISO45001 standard. This makes the audit more interesting than simply reading the requirements from a spreadsheet. It’s possible that any one audit will not cover all parts of the standard, so you may need to edit this checklist to cover the areas you need. You may also like to add further questions to the lists, depending on the type of organization you are auditing. At each stage, it is important that evidence is reviewed and recorded to prove that procedures etc. are in place.
Review frequency We would recommend that this document is reviewed annually.
Document fields This document may contain fields which need to be updated with your own information, including a field for Organization Name that is linked to the custom document property “Organization Name”.
OHS-FORM-09-4 Version 1
Page 2 of 21
[Insert date]
To update this field (and any others that may exist in this document): 1. Update the custom document property “Organization Name” by clicking File > Info > Properties > Advanced Properties > Custom > Organization Name. 2. Press Ctrl A on the keyboard to select all text in the document (or use Select, Select All via the Editing header on the Home tab). 3. Press F9 on the keyboard to update all fields. 4. When prompted, choose the option to just update TOC page numbers. If you wish to permanently convert the fields in this document to text, for instance, so that they are no longer updateable, you will need to click into each occurrence of the field and press Ctrl Shift F9. If you would like to make all fields in the document visible, go to File > Options > Advanced > Show document content > Field shading and set this to “Always”. This can be useful to check you have updated all fields correctly. Further detail on the above procedure can be found in the toolkit Completion Instructions. This document also contains guidance on working with the toolkit documents with an Apple Mac, and in Google Docs/Sheets.
Copyright notice Except for any specifically identified third-party works included, this document has been authored by CertiKit, and is ©CertiKit except as stated below. CertiKit is a company registered in England and Wales with company number 6432088.
Licence terms This document is licensed on and subject to the standard licence terms of CertiKit, available on request, or by download from our website. All other rights are reserved. Unless you have purchased this product you only have an evaluation licence. If this product was purchased, a full licence is granted to the person identified as the licensee in the relevant purchase order. The standard licence terms include special terms relating to any third-party copyright included in this document.
Disclaimer Please Note: Your use of and reliance on this document template is at your sole risk. Document templates are intended to be used as a starting point only from which you will create your own document and to which you will apply all reasonable quality checks before use. OHS-FORM-09-4 Version 1
Page 3 of 21
[Insert date]
Therefore, please note that it is your responsibility to ensure that the content of any document you create that is based on our templates is correct and appropriate for your needs and complies with relevant laws in your country. You should take all reasonable and proper legal and other professional advice before using this document. CertiKit makes no claims, promises, or guarantees about the accuracy, completeness or adequacy of our document templates; assumes no duty of care to any person with respect its document templates or their contents; and expressly excludes and disclaims liability for any cost, expense, loss or damage suffered or incurred in reliance on our document templates, or in expectation of our document templates meeting your needs, including (without limitation) as a result of misstatements, errors and omissions in their contents.
OHS-FORM-09-4 Version 1
Page 4 of 21
[Insert date]
Internal Audit Checklist
Audit details Audit: Audit scope: Auditor(s): Date of audit:
4 Context of the organization 4.1 Understanding the organization and its context REF
RECOMMENDED QUESTIONS
1.
What are the internal and external issues that are relevant to the organization’s purpose and to the OH&S management system?
2.
How do they affect its ability to achieve its intended outcomes?
3.
What does the organization do and (in broad terms) how might errors, nonconformities and incidents affect its activities in terms of occupational health and safety?
4.
What is the purpose of the OH&S management system?
OHS-FORM-09-4 Version 1
AUDIT FINDINGS
Page 5 of 21
EVIDENCE REVIEWED
[Insert date]
4.2 Understanding the needs and expectations of workers and other interested parties REF
RECOMMENDED QUESTIONS
1.
Who are the interested parties?
2.
What are their requirements?
3.
How have their requirements been established?
4.
What are the main legal and regulatory requirements that the organization must meet?
5.
How is the understanding of these requirements kept up to date?
6.
Is worker participation happening and to what level?
7.
Are workers’ needs and expectations adequately addressed?
OHS-FORM-09-4 Version 1
AUDIT FINDINGS
Page 6 of 21
EVIDENCE REVIEWED
[Insert date]
4.3 Determining the scope of the OH&S management system REF
RECOMMENDED QUESTIONS
1.
What is the scope of the OH&S management system?
2.
How is it defined?
3.
Does it consider the relevant issues, requirements and work-related activities?
4.
Is the scope documented?
5.
How is it made available to interested parties/workers?
AUDIT FINDINGS
EVIDENCE REVIEWED
AUDIT FINDINGS
EVIDENCE REVIEWED
4.4 OH&S management system REF
RECOMMENDED QUESTIONS
1.
How established is the OH&S management system?
2.
How long has it been running for?
3.
How much evidence has been collected so far, for example, records?
4.
What are the processes of the OH&S management system?
5.
How are the processes documented?
6.
How much detail is given for each process?
OHS-FORM-09-4 Version 1
Page 7 of 21
[Insert date]
5 Leadership and worker participation 5.1 Leadership and commitment REF
RECOMMENDED QUESTIONS
1.
Who is defined as top management within the scope of the OH&S management system?
2.
How does top management demonstrate leadership and commitment, in practical terms?
3.
How well is the OH&S management system integrated into the business?
4.
Are the resources provided for the OH&S management system adequate?
5.
How do top management communicate and engage with workers?
6.
Are workers supported by top management when it comes to reprisals when reporting incidents, hazards and risks?
7.
Do top management support the health and safety meetings by supplying them with adequate resources?
AUDIT FINDINGS
EVIDENCE REVIEWED
AUDIT FINDINGS
EVIDENCE REVIEWED
5.2 OH&S policy REF
RECOMMENDED QUESTIONS
1.
Can I review the OH&S policy?
2.
Is it appropriate and does it cover the required areas?
OHS-FORM-09-4 Version 1
Page 8 of 21
[Insert date]
3.
How are OH&S objectives set?
4.
Does it include the required commitments?
5.
How has it been communicated and distributed - and to whom?
6.
When was it last reviewed?
5.3 Organizational roles, responsibilities and authorities REF
RECOMMENDED QUESTIONS
AUDIT FINDINGS
1.
What are the roles within the OH&S management system?
2.
Does everyone understand what their responsibilities and authorities are?
3.
Who has the responsibility and authority for conformance and reporting?
4.
Have workers been communicated with over these roles?
EVIDENCE REVIEWED
5.4 Consultation and participation of workers REF
RECOMMENDED QUESTIONS
1.
Are the relevant mechanisms supplied to workers for consultation and participation? For example, time and training.
2.
Are workers given timely access to review the relevant information on the OH&S management system?
OHS-FORM-09-4 Version 1
AUDIT FINDINGS
Page 9 of 21
EVIDENCE REVIEWED
[Insert date]
3.
Have barriers to worker consultation/participation been identified and removed?
4.
What areas are non-managerial workers consulted on and participate in?
5.
Are the relevant workers involved in incident investigation/risk assessment creation?
OHS-FORM-09-4 Version 1
Page 10 of 21
[Insert date]
6 Planning 6.1 Actions to address risks and opportunities REF
RECOMMENDED QUESTIONS
1.
What are the main risks to the OH&S management system?
2.
What actions are or have been taken to address them?
3.
How effective have these actions been?
4.
What potential emergency situations have been identified?
5.
What opportunities are there?
6.
Have the OH&S hazards and risks of the organization’s activities, products and services been adequately identified?
7.
Which hazards or risks are judged to have a significant real or potential OH&S impact?
8.
What criteria is used to decide whether a hazard or risk is significant?
9.
What are the main legal requirements that apply to the organization?
10.
How are these determined and documented?
11.
Is there a plan to address the areas required?
OHS-FORM-09-4 Version 1
AUDIT FINDINGS
Page 11 of 21
EVIDENCE REVIEWED
[Insert date]
6.2 OH&S objectives and planning to achieve them REF
RECOMMENDED QUESTIONS
1.
Are there documented OH&S objectives?
2.
Do the objectives comply with section 6.2.1 a) to f) of the standard?
3.
Is there a plan to achieve the objectives?
4.
Does the plan include the who, what, when and how?
5.
Are workers involved in this plan and, if so, how?
OHS-FORM-09-4 Version 1
AUDIT FINDINGS
Page 12 of 21
EVIDENCE REVIEWED
[Insert date]
7 Support 7.1 Resources REF
RECOMMENDED QUESTIONS
1.
How are the resources needed for the OH&S management system determined?
2.
Are the required resources provided?
3.
What external resources are used?
4.
Is there a sub-contractor procedure? If so, how are sub-contractors monitored?
AUDIT FINDINGS
EVIDENCE REVIEWED
AUDIT FINDINGS
EVIDENCE REVIEWED
7.2 Competence REF
RECOMMENDED QUESTIONS
1.
Have the necessary competences been determined?
2.
How has the competence of the people involved in the OH&S management system been established?
3.
What actions have been identified to acquire the necessary competence?
4.
Have they been completed, and is there evidence of this?
OHS-FORM-09-4 Version 1
Page 13 of 21
[Insert date]
7.3 Awareness REF
RECOMMENDED QUESTIONS
1.
What approach has been taken to providing awareness of the OH&S policy, contribution to the OH&S management system and implications of not conforming?
2.
Has everyone been covered?
3.
Is this awareness continuous?
4.
Do workers participate in the rollout of awareness programmes and initiatives?
5.
Are incidents and nonconformities discussed with workers, and are they involved in the investigation of this?
6.
Do workers understand that they can remove themselves from work situations which they believe place them in imminent and serious danger?
AUDIT FINDINGS
EVIDENCE REVIEWED
AUDIT FINDINGS
EVIDENCE REVIEWED
7.4 Communication REF
RECOMMENDED QUESTIONS
1.
How has the need for communication been established?
2.
What regular methods are used for internal communication?
3.
What external communication takes place, and how?
OHS-FORM-09-4 Version 1
Page 14 of 21
[Insert date]
4.
Are workers engaged with, for example, joint risk assessments, initiatives and meetings?
7.5 Documented information REF
RECOMMENDED QUESTIONS
1.
Is all of the documented information required by the standard in place?
2.
Is the level of other documentation reasonable for the size of OH&S management system?
3.
Are appropriate documentation standards, for example, identification and format standards, in place?
4.
Are the standards applied in a uniform way?
5.
Are appropriate controls in place to address the activities listed in 7.5.3 of the standard?
6.
How are documents of external origin handled?
7.
How is the documentation protected?
OHS-FORM-09-4 Version 1
AUDIT FINDINGS
Page 15 of 21
EVIDENCE REVIEWED
[Insert date]
8 Operation 8.1 Operational planning and control REF
RECOMMENDED QUESTIONS
AUDIT FINDINGS
1.
What processes are used to meet OH&S management system requirements?
2.
Can you give me an example of the operating criteria and controls for a process?
3.
What planned changes have taken place recently, and how were they controlled from an OH&S viewpoint?
4.
Which processes are outsourced?
5.
How are they controlled?
6.
How are OH&S requirements addressed in product or service design and development?
7.
During procurement and use of external providers, how are OH&S requirements communicated?
8.
Is a Pre-Qualification Questionnaire in place for sub-contractors, and is there an approved list?
EVIDENCE REVIEWED
8.2 Emergency preparedness and response REF
RECOMMENDED QUESTIONS
1.
For which potential emergency situations are there plans?
2.
Describe one plan as an example.
OHS-FORM-09-4 Version 1
AUDIT FINDINGS
Page 16 of 21
EVIDENCE REVIEWED
[Insert date]
3.
How often are plans tested?
4.
When was the most recent real incident, and what happened?
5.
Has training been given in response?
6.
Have these plans been communicated with staff?
OHS-FORM-09-4 Version 1
Page 17 of 21
[Insert date]
9 Performance evaluation 9.1 Monitoring, measurement, analysis and evaluation REF
RECOMMENDED QUESTIONS
1.
How is it determined what should be monitored and measured?
2.
May I review evidence of monitoring and measurement?
3.
How are results reported?
4.
What have been the recent conclusions from analysis of monitoring and measurement information?
5.
What information is required to be communicated as part of compliance obligations?
6.
When was compliance last evaluated and what were the results?
AUDIT FINDINGS
EVIDENCE REVIEWED
AUDIT FINDINGS
EVIDENCE REVIEWED
9.2 Internal audit REF
RECOMMENDED QUESTIONS
1.
How often are internal audits carried out?
2.
Who carries them out?
3.
Are the auditors objective and impartial?
4.
May I review the most recent internal audit report?
OHS-FORM-09-4 Version 1
Page 18 of 21
[Insert date]
5.
Have any nonconformities resulting from previous audits been addressed?
6.
Does the audit programme cover the complete scope of the OH&S management system?
9.3 Management review REF
RECOMMENDED QUESTIONS
1.
How often are management reviews carried out?
2.
Who attends them?
3.
Are minutes created?
4.
Are all areas in 9.3 a) to g) of the standard covered at management reviews?
5.
May I review the results of the most recent one?
6.
What outputs resulted from it?
7.
Does the management review represent a reasonable assessment of the health of the OH&S management system?
8.
Are workers adequately involved in the management review?
OHS-FORM-09-4 Version 1
AUDIT FINDINGS
Page 19 of 21
EVIDENCE REVIEWED
[Insert date]
10 Improvement 10.1 General REF
RECOMMENDED QUESTIONS
1.
How are opportunities for improvement identified?
2.
What improvement actions have been completed recently?
3.
What effect have these improvements had on the OH&S management system?
AUDIT FINDINGS
EVIDENCE REVIEWED
10.2 Incident, nonconformity and corrective action REF
RECOMMENDED QUESTIONS
1.
How are incidents and nonconformities identified?
2.
How are they recorded?
3.
May I review the records of a recent nonconformity?
4.
Was appropriate action taken to correct it and address the underlying causes?
5.
Was the effectiveness of the corrective action reviewed?
6.
Are the hierarchy of controls followed?
7.
Are risk assessments reviewed post incident in conjunction with the relevant workers?
OHS-FORM-09-4 Version 1
AUDIT FINDINGS
Page 20 of 21
EVIDENCE REVIEWED
[Insert date]
8.
Are these results communicated to the workforce, and how?
10.3 Continual improvement REF
RECOMMENDED QUESTIONS
1.
What evidence of continual improvement can be demonstrated?
2.
What are the main sources of improvements?
3.
Are workers involved in these improvements?
OHS-FORM-09-4 Version 1
AUDIT FINDINGS
Page 21 of 21
EVIDENCE REVIEWED
[Insert date]
