INTERNAL AUDITOR

TRAINING
ISO 45001:2018
Engr. Mohammed Nadeem
COURSE OBJECTIVES
Interpret the requirements of ISO 14001: 2015 and ISO 45001 in the context of an audit
Understand the purpose and requirements of ISO 19011
Plan & conduct the internal audits effectively.
Report the audit findings and undertake the audit follow up activities, including evaluating
the effectiveness of the corrective actions taken
Handle the external audits (2nd party and 3rd Party audits) in a better way.
COURSE LAYOUT
Introduction to ISO 45001:2018
Auditing Introduction and Planning
Auditing Process
Non-Conformities and Corrective Actions
DELEGAT
ES
INTRO
TRAINER
INTRO
ENG. MOHAMMED NADEEM

• Director SFR Management Solutions Pvt. Ltd. But

• 19 years in Manufacturing / Consulting /Auditing and Training
• Conducted more than 600 Audits & Trainings.
• KSA companies audited: Sahara Petrochemicals/ Sipchem, Advanced
Petrochemical Company, Al Waha Petrochemicals, Obeikan Industries, King Abdul
Aziz City for Science & Technology - KACST, Saudi Food and Drug Authority, Saudi
Telecom Company (STC), AlMajal g4s, PepsiCo, AlJomaih, Tabuk Agricultural -
TADCO etc
OCCUPATIONAL HEALTH AND
SAFETY MANAGEMENT ISO 45001:2018
SYSTEM
WHAT IS ISO 45001:2018?
ISO 45001:2018 specifies requirements for an occupational health and safety
(OH&S) management system, and gives guidance for its use, to enable organizations
to provide safe and healthy workplaces by preventing work-related injury and ill
health, as well as by proactively improving its OH&S
First ISO standard on OH&S
BENEFITS OF ISO 45001:2018
Improving its ability to respond to regulatory compliance issues
Reducing the overall costs of incidents
Reducing downtime and the costs of disruption to operations
Reducing the cost of insurance premiums
Reducing absenteeism and employee turnover rates
Recognition for having achieved an international benchmark (which may in turn
influence customers who are concerned about their social responsibilities)
TERMS AND DEFINITIONS
Worker - person performing work or work-related activities that are under the control of the
organization
Participation - involvement in decision-making
Consultation - seeking views before making a decision
Workplace - place under the control of the organization where a person needs to be or to go for
work purposes
Contractor - external organization providing services to the organization in accordance with
agreed specifications, terms and conditions
Injury and ill health - adverse effect on the physical, mental or cognitive condition of a person
Hazard - source with a potential to cause injury and ill health
VERBAL WORDS
“shall” indicates a requirement
“should” indicates a recommendation
“may” indicates a permission
“can” indicates a possibility or capability
“Note” is guidance / clarification on requirements
“Note to entry” additional information that supplements the
terminology
 STRUCTURE OF ISO 14001:2015Chapter 4 (4.1 to 4.4)

Chapter 5 (5.1 to 5.3)

Chapter 6 (6.1 & 6.2)

Chapter 7 (7.1 to 7.5)

Chapter 10 (10.1 to 10.3) Chapter 8 (8.1 & 8.2)

Chapter 9 (9.1 to 9.3)

 CHAPTER 4 – CONTEXT OF
THE ORGANISATION
Understanding the Context of the Organisation Scope of the Environmental Management System
Internal issues Boundaries and applicability of OH&S MS
External issues Documented information and available to
interested parties
Understanding the needs and Expectations of
Workers and other interested parties
OH & S Management System
Relevant interested parties
Processes needed and their interaction
Needs and Expectations
Compliance Obligations
CHAPTER 5 – LEADERSHIP &
WORKER PARTICIPATION
Leadership and Commitment Organizational roles, responsibilities
Accountability and authorities
Policy and Objectives Assigned
Resources Provision Communicated
Integration of EMS into Business Consultation and participation of
Support workers
OH & S Policy
Appropriate & documented
Communicated
framework for Objectives
Include commitments
CHAPTER 6 - PLANNING
Actions to address risks and opportunities
Internal and External issues (Context of the Organization)
Hazard identification and assessment of risks and opportunities
Determination of legal requirements and other requirements
Planning Action

Environmental objectives and planning to achieve them

Environmental objectives
(Consistent with policy; measurable; monitored; communicated; updated as appropriate)
Planning actions to achieve environmental objectives
(what; who; when; how will be evaluated)
RISK ASSESSMENT EXAMPLE
CHAPTER 7 - SUPPORT
Resources
Competence
Education, training and/or experience
Training needs
Awareness
Policy
contribution to the effectiveness of the EMS
implications of non-conforming to the requirements
Communication
Internal Communication
External Communication
Documented information
CHAPTER 8 - OPERATIONS
Operational planning and control
Eliminating hazards and reducing OH&S risks
Management of change
Procurement – Contractors; Outsourcing
Emergency preparedness and response
Plan to respond to Impacts from Emergency situations
Respond to actual emergency situation
Actions to mitigate impacts of emergency situations
Periodically Test and review
Provide necessary information and training
CONTROLS HIERARCHY
eliminate the hazard;
substitute with less hazardous processes, operations, materials or
equipment;
use engineering controls and reorganization of work;
use administrative controls, including training;
use adequate personal protective equipment.
CHAPTER 9 – PERFORMANCE
EVALUATION
Monitoring, measurement, analysis and performance evaluation
Evaluation of compliance with legal requirements and other
requirements
Internal audit
Management review
CHAPTER 10 - IMPROVEMENT
Incident, Nonconformity and corrective action
Continual improvement
 ISO
19011
WHAT IS AUDIT
• Audit: Systematic & independent documented process for obtaining audit
evidence & evaluating it objectively to determine the extent to which the audit
criteria are fulfilled.
• Audit Scope: Extent and boundaries of an Audit.
• Audit Criteria: Sets of policies, procedures or requirements,
• Audit Evidence: records, statements of fact or other information, whic are relevant
to the audit criteria and verifiable.
• Audit Findings: Results of evaluation of the collected evidence against audit
criteria
TYPES OF AUDITS
• First Party Audits: Organisation audits itself with a focus on risk areas in their
processes for their internal purposes. Ex: Internal Audits
• Second-party Audits: Second-party audits are conducted by customers of the
organization or by other persons on behalf of the customer. E.g. Supplier Audits
• Third-party Audits: Third-party audits are conducted by external independent
organizations. Such organizations, usually accredited, provide certification or
registration of conformity with requirements such as those of ISO 22000. Ex: Third
party certification audits
AUDIT PRINCIPLES
• Ethical Conduct
• Fair Presentation
• Due Professional Care
• Independence
• Evidenced Based Approach
AUDITIN
G
TECHNIQ
AUDIT ACTIVITIES Initiating the Audit

Audit Preparation

Conducting the audit

Generating audit findings and preparing audit

conclusions

Preparing, Approving and distribution of

Audit Report

Completing the Audit

Conducting Audit Follow - Up

AUDITING ACTIVITIES
• Conducting the Audit.
• Appointing Audit team leader and audit team.
• Defining audit objectives, scope and criteria.
• Determining the feasibility of the audit.
• Establishing initial contact with the auditee.
• Reporting the Audit.
• Preparing the audit report.
• Approving and distributing the audit report.
AUDIT PLAN
• The audit team leader shall prepare an audit plan to provide the basis for the agreement
among the audit team and the auditee regarding the conduct of the audit. The plan should
facilitate scheduling and coordination of the audit activities.

• The audit plan shall cover the following:

• The audit objectives;
• The audit criteria and any reference documents;
• The audit scope, including identification of the organizational and functional units and
processes to be audited;
• The dates and places where the on-site audit activities are to be conducted;
• The expected time and duration of on-site audit activities, including audit team meetings;
• The roles and responsibilities of the audit team members and accompanying persons;
• The allocation of appropriate resources to critical areas of the audit.
AUDIT CHECKLIST
• Checklists are an aid to an effective audit.
• Checklists ensure issues are not forgotten.
• Checklists keep Auditors focused.
• Checklists aid consistency.
• Checklists assist in reporting.
• Checklists help in time keeping.
AUDIT CHECKLIST

AUDIT Checklist Date:

ISO 9001: 2015 CLAUSE

Checks Results Comment

EFFECTIVE AUDITING SKILLS
• A friendly but formal approach.
• Observation and understanding skills.
• Recording skills.
• Communication Skills.
• Diplomacy
AT THE TOP

Leadership involvement is critical to IMS. Always start Top-Down

Senior Executives are generally
• Looks at the larger picture.
• Understands things from strategic point of view.
LANGUAGES
• Executives talk Growth, KPIs.
• Middle Managers talk things, numbers, results and technology
• Supervisors talk things and targets.
• Operators talk about take aways and external interests.
MIXED CULTURE

Auditor must respect auditees culture and understand their auditees

• The courtesies (introductions etc.)
• The religious beliefs, practices and influences
• The face issues of their cultures
• Hospitality issues etc
AN TRICK

ASK LOOK

Mainly open ended Observe what

questions which provide is happening
information

RECORD CHECK

• Availability of procedures
The “objective • Awareness of auditees
evidence” - positive and • Conformance to the procedures
negative • consistency (over time)
HOW TO INTERVIEW AN AUDITEE
• Attitude of the auditor.
• Purpose of the interview.
• Types of questions; open, closed, leading, antagonistic, vague.
7 QUESTIONS TO ANY EMPLOYEE
1. What does the IMS policy say and what does it mean to you?
2. What is your familiarity with the IMS program’s?
3. What do you do in case of a procedural non-conformance?
4. What do you do in case of an emergency?
5. What kind of training have you received in last 2 years?
6. How do you communicate your IMS concerns or ideas?
7. What do you do if you receive IMS related communication from
external customers?
7 QUESTIONS TO AN OPERATIONS EMPLOYEE

1. What is your company’

2. What are the risks associated to your process?
3. How do you know what to do? (SOP operating criteria).
4. What specific training have you received in last 2 years?
5. What are the objectives and targets associated with your function?
6. What is your responsibility for monitoring and measurement activities?
7. What records do you keep?
ASK OPEN ENDED QUESTIONS
• “How do you . . . monitor the process?”
• “What do you do if . . . the supplier is not approved?”
• “When . . . do you control the feed input?
• “Where . . . is this in your procedures”
• “Who does . . . the internal audits?”
• “Why . . . is this not identified?”
TRACE BACK AUDITS

Reveals
• If the system is operated effectively.
• When short cuts are being taken.
• If there are “personal” systems (i.e. “little black books”) in existence.
• If the records are being properly produced.
• Inefficiencies in the system.
TYPES OF AUDIT FINDINGS

• Major NC / NC 1
• Minor NC / NC 2
• Area of Improvement / Suggestion.
NON CONFORMITY (NC) TO STANDARD

An NC is issued by an Auditor when

• A requirement of the Standard is not met by the Auditee.
• You have evidence to prove that requirement of the Standard is not met by the
Auditee.
ALWAYS
• You are auditing a system not person.
• Don't be an Inspector. Be the Auditee’s guide.
• Observe your auditee’s body language.
• If you disagree to any point, inform your auditee about your thoughts politely.
• Search and record your audit results by supporting evidence.
• Thank the subordinates and everyone who contributed to the Audit.
• Write Audit results after audit is completed by discussing with your audit team.
NEVER
• Point fingers.
• Display aggression.
• Use clipboard proactively.
SAMPLE SELECTION

SYSTEM DEVELOPING SYSTEM DEVELOPED

Select samples for examination so that:

• They represent the “whole” business process
• They cover sufficient time span.
• Beware of being offered samples by the auditee
AUDIT THE PROCESSES
People Products

Instructions Inspection Next process

Materials Process

Equipment Information
Monitoring (data)

Environment Analysis
Feedback
REMEMBER
• Let Auditee understand that you are there to improve his business process.
• Your Audit findings are based on facts.
• Make sure the guide agrees and acknowledges the facts.
• Discuss with your team before you raise Audit Findings (NCs, Areas of Improvement)
against a business process.
• Auditor shall inform Auditee that Auditing is a sampling process. All weakness and
Areas of improvements of Auditees business process cannot be checked.
AUDIT REPORT

AUDIT Report Date:

ISO 9001: 2015 CLAUSE

Audit Result Results Comment

CLOSI
NG
MEETI
NG
COURSE LAYOUT
Closing meeting is the focal point of the audit. Its main purposes are to :
• Summarise the findings of the audit.
• Make any recommendations.
• Highlight non-conformities.
• Identify the compliant features.
• Identify opportunities for improvement.
• Provide an opportunity for the company to respond.
• Agree time-scales for actions.
• Present the auditee with a written report.
CLOSING MEETING PREPARATION

• Any non-conformities found on the last day are discussed, factual and
documented.
• Area for improvement (AFI’s) are detailed.
• Categorisation of the non-conformities is finalised.
• A summary is prepared.
AUDIT SUMMARY

• Ranks the non-conformities into their order of significance.

• Generically group them into non-conformity types.
• Indicate who will be responsible from the team for discussing the detail of
specific issue.
• Identify particularly good points and AFI’s.
MEETING Restate the agreed
scope & audit criteria
Auditee proposes actions
& timescales

CLOSURE
Not OK
Resolve with
Present the Auditor
Auditee
overall findings Assess
OK

Auditor file the report

and the CA
Present the
recommendations

Present non-
conformities &
AFI’s (if any)
AUDIT RESULTS
• Result of failing in Audit will mostly lead to anger and disagreement of Auditee.
• If QMS is not implemented right, the company will not be included in customer’s
approved supplier lists, which will lead to decline in buyers and company revenue.
• Expect every non-conformity (and AFI) to be challenged by your Auditee.
HANDLING AUDITEE ARGUMENTS
• Ensure you can substantiate every nonconformity & OFI.
• Place all non-conformities & AFI’s in context and support it with evidence.
• Do not “nit pick”.
• Do not let your team to argue back.
• Practice Diplomacy and explain the system weakness and guide them ways to
improve, and set planned completion date to ensure subject closure.
• IMS Champion shall report all major non conformity to the Board.
AUDIT PROCEDURE
• Follow your companies Audit Procedure.
• Conduct minimum 2 internal Audits of your companies business
processes every year.
• Ensure every business process is has a procedure.
• Promote Risk Based Management and Fact Based Decision Making.
• Promote SMART communications at all levels.
THAN
K YOU