ISO-45001-Lead-Auditor Exam Dumps - PECB Certified OHSMS ISO 45001 Lead Auditor Exam

A first-party audit is an internal audit . In ISO management system auditing terminology, first-party audits are performed by, or on behalf of, the organization itself to evaluate its own management system. Therefore, E. Internal audit is directly correct.

A first-party audit can also be carried out as a process audit when the organization audits one of its own processes to determine whether it is planned, implemented, maintained, and effective. Since internal audits under ISO 45001 are planned and conducted over processes, functions, and areas within the OH and S management system, D. Process audit also applies.

Why the other options are not correct:

A. Certification audit is a third-party audit , carried out by a certification body, not a first-party audit.

B. Surveillance audit is also a third-party certification body activity conducted after certification.

C. Regulatory audit is performed by a regulator or authority, not by the organization on itself.

F. External audit does not describe a first-party audit, because first-party audits are internal by definition.

Therefore, the two phrases that apply to a first-party audit are:

D, E

Analysis of Options:

A. The organisation must attempt to identify and address every risk it faces: Incorrect. ISO 45001 focuses on OH and S risks and not every risk faced by the organization.

B. The effect of uncertainty (i.e. risk) can result in positive outcomes as well as negative ones: Correct. Clause 3.20 defines risk as the " effect of uncertainty, " which may result in positive or negative outcomes.

C. Although organisations are required to carry out risk management, the method by which they do so is up to them: Correct. ISO 45001 does not prescribe specific risk management methods, leaving the organization to choose the approach that best suits its context (Clause 6.1.2).

D. Risk assessment is an activity that must be carried out by top management: Incorrect. Risk assessment can involve workers and other personnel; it is not limited to top management.

E. The organisation is required to assess risks arising from OH and S hazards: Correct. Clause 6.1.2.2 requires organizations to assess OH and S risks associated with hazards.

F. Risk is often expressed as a combination of likelihood and impact: Correct. This is a common way to express risk, aligned with Clause 6.1.2.

ISO References:

Clause 3.20: Definition of risk.

Clause 6.1.2: Hazard identification and risk assessment

The three correct responses are A, B, and G .

A is correct because ISO 45001 Clause 5.3 requires top management to ensure that the responsibilities and authorities for relevant roles are assigned, communicated and understood at all levels within the organization , and that they are maintained as documented information . So if top management asks whether responsibilities and authorities for relevant roles have to be documented, the correct answer is yes .

B is correct because Clause 5.1 Leadership and commitment requires top management to ensure that the resources needed to establish, implement, maintain and improve the OH and S management system are available . Therefore, the auditor’s “Yes, you do” is correct.

G is correct because Clause 5.1 also requires top management to promote continual improvement . This is stated directly as part of top management leadership and commitment responsibilities under ISO 45001.

Why the others are not correct:

C is incorrect because top management does have to ensure that processes are established for consultation and participation of workers . Clause 5.4 makes this a requirement, so “No, you do not” is wrong.

D is incorrect as written. Top management must establish, implement and maintain the OH and S policy, but ISO 45001 does not state that top management personally has to “write” it. The wording in the option is too specific and not how the standard states the requirement.

E is incorrect because top management does have to ensure that the OH and S management system achieves its intended results. Clause 5.1 says this directly.

F is incorrect because top management must ensure OH and S objectives are established and compatible with the strategic direction, but ISO 45001 does not require top management personally to “write” the objectives.

H is incorrect because the organization must determine the scope under Clause 4.3 , and top management remains accountable for the OH and S management system. Saying “No, you do not” is not correct in this context.

Clause 10.2 requires organizations to investigate nonconformities, determine their causes, and take corrective actions to prevent recurrence. Clause 9.2.2 specifies the requirements for managing internal audit processes, while Clause 7.4.3 emphasizes the need to communicate relevant information effectively.

Analysis of Options:

A. 9.2.2.e - Management failed to take any action to deal with the audit nonconformity: Correct. Management must ensure that internal audit findings are addressed promptly. The lack of action violates Clause 9.2.2.e.

B. 9.2.2.d - Staff were not made aware that health and safety incidents were increasing: Incorrect. This clause pertains to the planning and conduct of audits, not the communication of findings.

C. 8.1.1 - Operations were not properly controlled to avoid health and safety incidents: Incorrect. While increased incidents may suggest operational issues, this option does not directly relate to the internal audit findings.

D. 9.2.2 - Report IA202 contained a poorly worded nonconformity (NC3): Incorrect. The clarity of the nonconformity wording is not directly relevant to Clause 9.2.2.

E. 10.2.b - The root cause of the increase in reported health and safety accidents was not investigated: Correct. Failure to investigate root causes violates Clause 10.2.b.

F. 7.4.3 - The results of the internal audit IA202 were not communicated to interested parties: Correct. Effective communication of audit results is required under Clause 7.4.3.

ISO References:

Clause 9.2.2: Internal audit process requirements.

Clause 10.2: Nonconformity and corrective action.

Clause 7.4.3: Communication requirements.

Corrections address immediate issues, such as errors or omissions, without addressing root causes. Clause 10.2 of ISO 45001:2018 allows for corrections alongside corrective actions.

Analysis of Options:

A. Adding a missing signature to a corrective action record: Correct. This is a correction addressing an administrative oversight.

B. Changing a process to reduce its inherent risk: Incorrect. This is a corrective action aimed at addressing root causes, not a correction.

C. Changing the name of a tutor that did not deliver a course to the name of the tutor that did: Correct. This corrects an error in records without addressing systemic issues.

D. Reviewing workers’ training records: Incorrect. This is part of ongoing monitoring or auditing, not a correction.

E. Updating the emergency preparedness plan as a result of carrying out a practical test: Incorrect. This is a corrective action resulting from performance evaluation, not a correction.

F. Using OHSMS induction training to address an identified lack of OHSMS awareness among workers: Incorrect. This is a preventive or corrective action, not a correction.

ISO References:

Clause 10.2: Nonconformity and corrective action.

Clause 7.5: Control of documented information

The correct answers are B. Boundaries of the OHSMS and C. Processes and functions .

In audit terminology, the audit scope describes the extent and boundaries of the audit . This includes matters such as the physical locations, organizational units, activities, processes , and functions being audited. In ISO 45001, the organization is also required to determine the boundaries and applicability of its OH and S management system when establishing its scope under Clause 4.3. Therefore, the boundaries of the OHSMS and the relevant processes and functions are part of audit scope.

Why the other options are not part of the audit scope:

A. Trade union communications may be relevant audit evidence or an issue within worker participation and consultation, but it is not itself a standard way to define the audit scope.

D. Audit checklists are audit preparation tools, not part of the scope.

E. Organisation procedures are usually part of the audit criteria , because auditors compare actual practice against documented procedures.

F. ISO 45001 requirements are also part of the audit criteria , since they are the requirements against which conformity is assessed.

So, the two issues that are part of the audit scope are:

B, C