ISO-45001-Lead-Auditor PECB Certified OHSMS ISO 45001 Lead Auditor Exam Question and Answers

Worker participation is a fundamental principle of ISO 45001 (Clause 5.4). It ensures workers at all levels are involved in key activities to enhance the OH and S management system ' s effectiveness.

Analysis of Options:

A. Determining competence requirements: Incorrect. Determining competence is primarily the responsibility of management, though workers may provide input.

B. Establishing OHS objectives: Correct. Worker involvement ensures objectives are realistic and relevant to workplace conditions (Clause 6.2).

C. Managing internal audit programme: Incorrect. Managing audits is typically a managerial responsibility, though workers may participate in audits.

D. Determining actions to eliminate hazards: Correct. Workers’ insights are critical in identifying and implementing actions to eliminate hazards (Clause 8.1.2).

E. Determining what needs to be communicated: Incorrect. While communication strategies impact workers, their participation in determining communication needs is not explicitly required.

F. Establishing OHS policy: Correct. Workers should be involved in developing policies to ensure relevance and buy-in (Clause 5.2).

ISO References:

Clause 5.4: Worker participation.

Clause 6.2: OHS objectives.

Clause 8.1.2: Hierarchy of controls and hazard elimination.

The correct answers are D and F .

In audit interviewing practice, open questions are mainly used to get explanation, description, and insight, while closed questions are used to confirm specific facts or verify that the auditor’s understanding is correct. Guidance on audit interviews says auditors should rely mainly on open questions for expanded responses and use closed questions to confirm answers . ( The Auditor )

That is why D. To confirm conformity or a non-conformity finding is correct. Once the auditor has gathered evidence, a closed question can be used to verify a precise point, confirm whether a requirement has or has not been met, or make sure the factual basis of a conformity/nonconformity is accurate before recording the finding. ISO 19011 also states that nonconformities and supporting audit evidence should be reviewed with the auditee so the evidence is accurate and understood. ( Synersia Foundation )

F. To check that your understanding of a situation is correct is also correct. Closed questions are especially useful at the end of a discussion to confirm the auditor’s interpretation of what was said or observed. This is a standard interview technique in auditing. ( Designing Buildings )

Why the other options are not correct:

A. To obtain an overview of how a task is performed is better done with open questions , because the auditor needs explanation and sequence. ( The Auditor )

B. To establish communication with the auditee with a view to building trust is usually done through general conversation and open dialogue, not mainly through closed questioning. ( The Auditor )

C. To gain greater insight into the operation of a process also requires open questions . ( The Auditor )

E. To follow your audit trail generally needs probing and exploratory questions, which are typically open rather than closed. ( The Auditor )

Clause 5.1 of ISO 45001:2018 requires top management to demonstrate leadership and commitment to the OH and S management system. This includes awareness of the OH and S policy and its objectives.

Analysis of Options:

A. As a member of the management team, the Deputy College Principal is not aware of the OHSMS policy: Correct. A lack of awareness of the policy reflects poor leadership commitment, which violates Clause 5.1.

B. OH and S improvement is not possible due to the lack of awareness of the OHSMS: Incorrect. While improvement may be hindered, this is not the main issue in this scenario.

C. The Deputy College Principal is not competent to manage the OHSMS: Incorrect. The Deputy’s competence to manage the OHSMS is not in question; the issue is their lack of awareness of key elements.

D. The OH and S policy only exists as a document in the College Principal’s office: Incorrect. The policy may be accessible but not effectively communicated or understood by management.

ISO References:

Clause 5.1: Leadership and commitment.

Clause 5.2: OH and S policy.

A first-party audit is an internal audit . In ISO management system auditing terminology, first-party audits are performed by, or on behalf of, the organization itself to evaluate its own management system. Therefore, E. Internal audit is directly correct.

A first-party audit can also be carried out as a process audit when the organization audits one of its own processes to determine whether it is planned, implemented, maintained, and effective. Since internal audits under ISO 45001 are planned and conducted over processes, functions, and areas within the OH and S management system, D. Process audit also applies.

Why the other options are not correct:

A. Certification audit is a third-party audit , carried out by a certification body, not a first-party audit.

B. Surveillance audit is also a third-party certification body activity conducted after certification.

C. Regulatory audit is performed by a regulator or authority, not by the organization on itself.

F. External audit does not describe a first-party audit, because first-party audits are internal by definition.

Therefore, the two phrases that apply to a first-party audit are:

D, E

Clause 8.1.2 of ISO 45001 pertains to Eliminating Hazards and Reducing OH and S Risks. Organizations must implement appropriate controls to manage workplace hazards effectively.

Issue Identified: The kitchen environment at the audited site presents multiple hazards, including:

Oil spillage creating a slip hazard.

Open drums of waste material posing a chemical or hygiene hazard.

Unsecured knives and cleavers increasing the risk of cuts.

Boiling water left unattended, posing a risk of burns.

Lack of visible fire extinguishers or fire blankets, increasing fire risk.

Analysis of Options:

A. Failure to reduce risks associated with working in the kitchen. This option accurately captures the broader failure to implement effective measures to eliminate or reduce hazards across multiple areas in the kitchen.

B. Measures to prevent slippage in the kitchen from waste cooking oil were not taken. This is specific to one hazard (oil spillage) and does not address other significant risks observed, such as fire safety or sharp tools.

C. Staff are at risk of serious injury while working in the kitchen. While true, this is more of a general observation and does not address the root cause of the hazards or the failure of controls.

D. Training of the kitchen staff was not effective enough to prevent poor safety awareness in the kitchen area. Although training deficiencies may contribute to the issue, this option does not reflect the overarching systemic failure to manage hazards effectively.

Best Description of the Nonconformance: Failure to reduce risks associated with working in the kitchen (Option A) is the most comprehensive finding, reflecting the organization’s lack of adequate controls to mitigate hazards.

ISO References:

Clause 8.1.2: Organizations must establish controls to eliminate or minimize OH and S risks systematically.

Clause 7.2: Ensuring competency through training is important but must be coupled with hazard control measures.

Hazard: A potential source of harm or adverse health effects.

Risk: The likelihood of harm occurring as a result of the hazard.

Danger: An immediate threat that requires urgent action.

Analysis of Options:

A. Conference room emergency sign directs people to an exit that is no longer available for use (Hazard): Correctly identified as a hazard since it poses a potential risk during emergencies.

B. The carpet on the main staircase is peeling off (Risk): This is a hazard, not a risk, as it represents a source of potential harm.

C. The emergency light in the gift shop did not work when checked (Risk): This is a hazard because it is a condition that could lead to a risk during emergencies.

D. The fire extinguishers in the Natural World area have not been serviced in the last five years (Risk): Correctly identified as a risk because the likelihood of fire-related harm increases without proper servicing.

E. The head of the dinosaur suspended over the main hall has become detached from the rest of the skeleton (Risk): This is a hazard, not a risk, as it represents a potential source of harm.

F. The non-slip mats have been removed from the restaurant (Risk): This is a hazard, not a risk.

G. There is a high possibility of unfit food being sold due to the failure of the oven temperature indicator in the visitors ' restaurant (Hazard): This is a risk because it specifies the likelihood of harm occurring (selling unfit food).

H. There is a water leak next to the electric heater in the admissions area (Danger): Correctly identified as a danger because it represents an immediate and critical threat.

ISO References:

Clause 6.1.2: Hazard identification and assessment of risks and opportunities.

ISO 45001:2018 requires a holistic approach to occupational health and safety. This means considering all aspects that could impact worker well-being, not just obvious physical hazards. The correct answer encompasses work activities (the tasks themselves), workplace design (the physical environment), and human factors (psychological and social aspects like working hours and harassment). It ' s the most comprehensive and aligned with the standard ' s philosophy

ISO 45001:2018, Clause 6.1.2, outlines requirements for hazard identification . Hazards to consider include work activities, workplace design, human factors, and social factors that may impact OH and S. These go beyond traditional physical risks and include psychosocial and organizational hazards.

Analysis of Options:

A. Work activities, workplace design, and human factors such as hours of work and bullying and harassment: Correct. This comprehensively addresses hazard categories outlined in ISO 45001, Clause 6.1.2.

B. Work activities where there is the possibility of danger: Too general. ISO 45001 includes broader categories of hazards, including those related to organizational and social factors.

C. Hot-work, working at height, enclosed space entry, and work on electrical equipment: Too narrow. These are specific hazards but do not encompass the full range outlined in ISO 45001.

D. Work hazards and environmental factors such as bad weather: Incomplete. While environmental factors are relevant, ISO 45001 also includes workplace design, human factors, and psychosocial hazards.

ISO References:

Clause 6.1.2.1: Hazard identification.

Annex A.6.1.2: Examples of hazard categories, including workplace design and human factors.

Clause 10.2 of ISO 45001 pertains to Nonconformity and Corrective Action . Organizations are required to evaluate incidents, investigate their causes, and implement effective corrective actions to prevent recurrence.

Issue Identified: The incidents in the five old shops are related to VOC emissions from outdated equipment, leading to staff and customer health concerns. This indicates inadequate risk management and failure to act on known safety issues.

Analysis of Options:

A. Display an emergency phone number. This is a reactive approach and does not address the root cause of the issue, i.e., VOC emissions. It also does not align with ISO 45001’s emphasis on preventive measures.

B. Evaluate and update the PPE requirements. While PPE is important, relying solely on PPE without addressing the root cause (emission of VOCs) is insufficient. PPE is considered the last line of defense under the hierarchy of controls.

C. Reassess the OH and S risks associated with the laundry process in the five old shops. This option aligns with ISO 45001, Clause 8.1.2, and Clause 10.2, as it emphasizes reassessing risks and taking steps to mitigate them. A thorough risk assessment could lead to interim measures such as process improvements or administrative controls until the equipment is replaced.

D. Review the current safety procedures. While reviewing safety procedures is useful, it does not address the specific nonconformity related to the equipment’s inability to operate safely.

Best Action: Reassessing the risks in the five shops (Option C) ensures a comprehensive review of the hazards posed by outdated equipment, leading to appropriate preventive and corrective actions.

ISO References:

Clause 10.2: Requires identifying and addressing nonconformities to prevent recurrence.

Clause 8.1.2: Emphasizes the hierarchy of controls and risk assessment as a foundation for mitigating hazards.

2. Prepare the audit checklist, 3. Obtain objective evidence, 4. Review audit evidence, 5. Document findings

For a first-party audit, the sequence follows the normal audit flow described in ISO auditing guidance: first the audit is initiated and leadership is assigned, then audit activities are prepared, then evidence is collected during the audit, then that evidence is evaluated, then findings are recorded, and finally the audit report is issued. ISO 19011 describes the audit flow as initiating the audit, preparing audit activities, conducting audit activities, and preparing and distributing the audit report. ( ISO )

That is why, after 1. Appoint an audit team leader , the next correct step is 2. Prepare the audit checklist . The checklist is part of preparing for the audit and helps the auditor plan questions, clauses, process interactions, and sampling points before going on to collect evidence. ( WEDEAQ | Official VDA QMC Partner )

After preparation, the auditor moves to 3. Obtain objective evidence . Audit evidence is gathered through interviews, observation, and review of documented information during the audit. This is a core activity of conducting the audit. ( DNV )

Once evidence is collected, the auditor must 4. Review audit evidence . ISO audit practice requires the evidence to be evaluated against the audit criteria to determine whether conformity or nonconformity exists. Evidence is not simply collected and reported immediately; it is first reviewed and assessed. ( PRETESH BISWAS )

After reviewing the evidence, the auditor can 5. Document findings . Findings are the result of evaluating the evidence against criteria, so they logically come after evidence review. Recorded findings can include conformity, nonconformity, and opportunities for improvement, depending on the audit plan and method. ( PRETESH BISWAS )

The final step is 6. Issue the report , because the report is prepared only after the audit evidence has been reviewed and the findings have been determined and documented. ( ISO )

So, the correct full order is:

1. Appoint an audit team leader

2. Prepare the audit checklist

3. Obtain objective evidence

4. Review audit evidence

5. Document findings

6. Issue the report

Explanation

Prepares the audit report → Audit Team Leader: The Audit Team Leader is responsible for compiling and preparing the final audit report, summarizing findings and conclusions.

Prepares audit checklists for use during the audit → Auditor: Auditors create checklists to ensure a thorough and systematic evaluation during the audit.

Participates under the direction and guidance of an auditor → Auditor in Training: An auditor in training works under supervision to gain experience and contribute to the audit process.

Follows up on audit findings within an agreed timeframe → Auditee: The auditee is responsible for addressing and resolving audit findings and providing evidence of corrective actions.

A person who accompanies the audit team but does not act as an auditor → Observer: Observers are typically external parties or internal personnel who watch the audit process but do not participate actively.

Escorts the auditors but does not participate in the audit → Guide: A guide facilitates the audit by helping auditors navigate the site and access relevant areas or documents.

References

ISO 19011:2018: Guidelines for auditing management systems.

Was he made aware of the hazards related to this work? → Clause 6.1.2.1: Clause 6.1.2.1 focuses on hazard identification. Organizations must identify hazards associated with work activities, such as operating a motorbike, and ensure workers are aware of these hazards.

Was he trained to use the new motorbike? → Clause 7.2: Clause 7.2 requires organizations to ensure that workers are competent to perform their assigned tasks, including providing necessary training for new equipment like a motorbike.

Was he asked to deliver too many orders in a short period of time? → Clause 8.2: Clause 8.2 relates to managing operational controls and ensuring that work processes do not impose undue risks, such as excessive workloads or time pressure.

Was he carrying any contact details in case of an accident? → Clause 7.3: Clause 7.3 requires effective communication of information relevant to OH and S, including emergency contact details or procedures for accidents.

ISO References:

Clause 6.1.2.1: Hazard identification.

Clause 7.2: Competence.

Clause 7.3: Awareness and communication.

Clause 8.2: Operational control.

The correct responses are C and D .

Certification bodies are required to have documented procedures for determining audit time and to determine the time needed to plan and accomplish a complete and effective audit . Audit duration is not something that can simply be shortened because the client asks for less disruption. ISO/IEC 17021-1 requires the certification body to determine audit time through its documented process, and the justification for the duration must be recorded. ( IAS )

IAF MD 5 also states that certification bodies shall identify the audit time for each client and that this framework is used within the certification body’s processes to determine the appropriate audit time , taking into account the specifics of the client organization. That means the request may be considered , but it does not have to be accepted. ( IAF )

Therefore:

C. Advise that his request will be considered but may not be taken up is correct, because the certification body can review the request, but the final decision must still comply with its audit-time rules and adequacy requirements. ( IAF )

D. Advise the OHS Manager that the audit duration and team make-up will be decided in line with the internal procedures of the certification body is correct, because ISO/IEC 17021-1 requires the certification body to use documented procedures for audit time and team decisions. ( IAS )

Why the other options are incorrect:

A is inappropriate because the request is not automatically a reason to tell the client to choose another certification body.

B is incorrect because the request cannot simply be accepted without following the certification body’s rules. ( IAS )

E is too absolute; the request should be considered against the certification body’s requirements, not rejected automatically. ( IAF )

F is unnecessary because the people managing the audit programme already have the responsibility to handle such matters through the certification body’s procedures. ( IAS )

The PDCA (Plan-Do-Check-Act) cycle is a core principle of ISO 45001 and many other management systems. It does not include environmental management, as ISO 45001 focuses on Occupational Health and Safety (OH and S), while environmental aspects are covered by ISO 14001.

Analysis of Options:

A. Treatment of Risks: Correct. Risk assessment and control are part of the Plan phase.

B. OHSMS Policy: Correct. The OH and S policy is established in the Plan phase.

C. Environment Management Program: Incorrect. This is outside the scope of ISO 45001 and pertains to ISO 14001.

D. Analyzing OHSMS Performance: Correct. Performance analysis occurs in the Check phase of the PDCA cycle.

ISO Reference:

Clause 0.3: PDCA model in ISO 45001.

Activities following the closure of a third-party audit are generally related to improving the audit process and addressing any unresolved issues.

Analysis of Options:

A. Addressing any audit complaints: Correct. Post-audit, complaints or concerns from stakeholders are addressed to improve the audit process and maintain credibility.

B. Conducting a closing meeting: Incorrect. The closing meeting occurs before the audit is closed.

C. Conducting a review of opportunities for improvement: Correct. Reviewing opportunities for improvement post-audit helps in refining processes and aligning them with organizational goals.

D. Revising the audit ' s objectives: Incorrect. Audit objectives are established during the planning phase, not after the audit has been closed.

E. Updating risks and opportunities to the audit programme: Incorrect. Updates to risks and opportunities occur during ongoing audits, not specifically post-audit.

F. Writing the audit report: Incorrect. The audit report is prepared before the audit is officially closed.

ISO References:

Clause 9.2.2: Audit process review.

ISO 19011:2018, Clause 6.7: Managing complaints and follow-up.

The closing meeting of a second-party audit focuses on the findings, conformance to agreed requirements, and areas for improvement. ISO 19011:2018 provides guidance on closing meetings, stating that the results of the audit, including conformity with criteria, must be reviewed and agreed upon.

Analysis of Options:

A. The names and email addresses of attendees at the closing meeting: Irrelevant. Attendance details are not part of the audit discussion.

B. The extent of the auditee’s documented information system: While relevant during the audit, it is not typically a focus in the closing meeting.

C. The extent to which the auditee is conforming to OH and S requirements in supply contracts: Correct. Second-party audits often assess compliance with contractual requirements.

D. The extent to which the auditee conforms to ISO 45001 requirements: Correct. The core purpose of the audit is to evaluate conformity to ISO 45001.

E. The nature of the trading relationship between the organizations: Correct. The trading relationship often shapes the scope and context of second-party audits.

F. Whether the audit has correctly performed in current contracts with other customers: Irrelevant. The focus is on the specific audit, not contracts with other customers.

G. Whether the work instructions for a specific OH and S process are focused on efficiency: Irrelevant. Efficiency is not the primary focus of an OH and S audit.

ISO References:

ISO 19011:2018, Clause 6.6.1: Conducting the closing meeting.

ISO 45001:2018, Clause 9.2: Internal audit requirements.

Analysis of Options:

A. The organisation must attempt to identify and address every risk it faces: Incorrect. ISO 45001 focuses on OH and S risks and not every risk faced by the organization.

B. The effect of uncertainty (i.e. risk) can result in positive outcomes as well as negative ones: Correct. Clause 3.20 defines risk as the " effect of uncertainty, " which may result in positive or negative outcomes.

C. Although organisations are required to carry out risk management, the method by which they do so is up to them: Correct. ISO 45001 does not prescribe specific risk management methods, leaving the organization to choose the approach that best suits its context (Clause 6.1.2).

D. Risk assessment is an activity that must be carried out by top management: Incorrect. Risk assessment can involve workers and other personnel; it is not limited to top management.

E. The organisation is required to assess risks arising from OH and S hazards: Correct. Clause 6.1.2.2 requires organizations to assess OH and S risks associated with hazards.

F. Risk is often expressed as a combination of likelihood and impact: Correct. This is a common way to express risk, aligned with Clause 6.1.2.

ISO References:

Clause 3.20: Definition of risk.

Clause 6.1.2: Hazard identification and risk assessment

Audit reports should provide a clear summary of the audit process, findings, and conclusions based on the defined scope, objectives, and criteria. They do not include administrative details (e.g., invoices) or operational aspects (e.g., corrective action plans).

Analysis of Options:

A. A copy of the certification body invoice for the audit: Incorrect. Invoices are unrelated to the content of audit reports and are handled separately.

B. A reference to the audit criteria used: Correct. Audit criteria (e.g., ISO 45001 standards) must be included in the report to define the basis for the audit.

C. A statement of the audit objectives: Correct. The report must outline the objectives to ensure clarity on the purpose of the audit.

D. Audit findings and any related evidence: Correct. Findings and evidence are essential to support conclusions and recommendations.

E. Confirmation of the audit scope: Correct. The scope defines the boundaries of the audit and must be documented in the report.

F. Contact details for all members of the audit team: Incorrect. Personal contact details are unnecessary and not typically included in reports.

G. The audit conclusions reached: Correct. Conclusions summarize the outcomes of the audit, such as conformity, nonconformities, or recommendations.

H. A corrective action plan that addresses the identified nonconformities: Incorrect. Corrective action plans are the auditee ' s responsibility and not included in the audit report.

ISO References:

ISO 19011:2018, Clause 6.7.3: Content of audit reports.

According to Clause 3.32 of ISO 45001:2018 , an audit is defined as a systematic, independent, and documented process for obtaining objective evidence and evaluating it to determine the extent to which audit criteria are fulfilled.

This involves assessing the effectiveness of health and safety measures implemented in the organization ' s OH and S management system.

Analysis of Options:

A. A systematic process to assess the risks in a workplace: Incorrect. While audits may include risk assessments, the purpose is broader and involves evaluating the entire OH and S management system.

B. An evaluation of the effectiveness of health and safety measures: Correct. This aligns with the definition of an audit as per ISO 45001:2018.

C. A legal requirement to comply with health and safety standards: Incorrect. An audit is not necessarily a legal requirement but a process to assess conformity.

D. A document that outlines safety procedures and guidelines: Incorrect. An audit is a process, not a document.

ISO Reference:

Clause 3.32: Audit definition.

An audit trail for evaluating compliance with regulations should focus on the identification, communication, and monitoring of legal and other requirements. Clause 9.1.2 of ISO 45001:2018 requires organizations to evaluate compliance with applicable OH and S legal and other requirements.

Analysis of Options:

A. What is the cost of repairing the wall? Irrelevant to compliance evaluation, as cost considerations are not part of legal compliance.

B. What hazards have been identified as being associated with regulations? Correct. Identifying hazards is a critical step in understanding compliance obligations (Clause 6.1.2).

C. How are maintenance staff made aware of regulatory requirements? Correct. Communication and training are vital for compliance (Clause 7.3).

D. How are OH and S objectives verified? Not directly relevant to compliance evaluations, as objectives pertain to performance improvement.

E. How are OHSMS records of compliance evaluations controlled and managed? Correct. Proper documentation and record-keeping are essential for demonstrating compliance (Clause 7.5).

F. How are updates to OH and S regulations monitored? Correct. Monitoring regulatory changes is critical for maintaining compliance (Clause 6.1.3).

G. How is the cost of safety improvements calculated? Irrelevant to compliance, as cost analysis is not required by ISO 45001.

H. What are the qualifications of the OHS Manager and Maintenance Manager? While competence is important, this does not directly relate to compliance evaluations.

I. What input does the Maintenance Manager have in the determination of legal compliance? Correct. Understanding the roles and responsibilities of key personnel ensures effective compliance (Clause 5.3).

J. What knowledge does the OHS Manager have in relevant safety legislation? Correct. Awareness of applicable legislation is critical for effective compliance evaluation (Clause 7.2).

ISO References:

Clause 9.1.2: Evaluation of compliance.

Clause 6.1.2: Hazard identification and risk assessment.

Clause 7.5: Documented information.

The auditor should assess whether the organization ' s planned action (using masks in case of dust extraction failure) is both implemented and effective. This aligns with ISO 45001 requirements to ensure that control measures are functional and meet the intended objectives.

Clause 8.1.2 (Hierarchy of Controls): The use of PPE, such as masks, is considered a last resort in the hierarchy of controls. The organization must demonstrate that the measure is:

Implemented (e.g., PPE is available and workers are trained to use it).

Effective (e.g., masks provide adequate protection against dust).

Analysis of Options:

A. Advise that the factory should cease operations if the dust extraction equipment malfunctioned. While ceasing operations may be a necessary control in extreme situations, it is not a practical or realistic recommendation unless a high-risk scenario cannot be otherwise managed.

B. Ask the OHSMS Manager to confirm regulatory compliance. Regulatory compliance is important but does not fully address the requirement to ensure the action is effective.

C. Seek evidence that the response action is both implemented and effective. This is the most appropriate response. The auditor must verify implementation and effectiveness to determine conformity.

D. Suggest increasing maintenance checks. Maintenance is important for preventing equipment breakdowns, but this option does not address the immediate audit finding about the adequacy of response actions.

ISO References:

Clause 8.1.2: Emphasizes applying the hierarchy of controls effectively.

Clause 9.1.1: Requires monitoring and measuring controls to ensure effectiveness.

The correct answers are D, F, H .

ISO 19011 guidance on generating audit findings says that nonconformities can be graded depending on the context of the organization and its risks . That directly supports D , because any grading should reflect the risk the nonconformity presents to the organization. The same guidance also says this grading can be quantitative (for example 1 to 5) or qualitative (for example minor/major) , which makes F correct. Because the wording is “can be graded” , grading is optional rather than mandatory, so H is also true. ( Synersia Foundation )

Why the other options are not true:

A is not a requirement in ISO 19011. An organization may define grading rules in its audit programme or procedure, but there is no rule that grading must be agreed with the individual(s) managing the audit programme. ( ISO )

B is false. ISO 19011 does not recommend that top management grade nonconformities. Audit findings are generated by auditors based on objective evidence and audit criteria. ( ISO )

C is false. A second-party audit team does not have to adopt the auditee’s grading system. The grading approach can follow the auditing organization’s own rules and purpose for the audit. ( ISO )

E is false. Additional documented information at the closing meeting does not mean the grading must be changed. The evidence should be reviewed, but unresolved issues may simply remain recorded in the audit report. ( Synersia Foundation )

G is false. There is no requirement that extra grading categories must be agreed with the auditee before the closing meeting. The auditee should understand the findings, but the grading framework is not something ISO 19011 requires to be negotiated at that point. ( ISO )

ISO 45001 requires an organization to determine the external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended results of the OH and S management system. This is established in Clause 4.1 – Understanding the organization and its context . External issues are typically conditions arising outside the organization, such as market conditions, social conditions, legal environment, economic factors, and technological developments. Internal issues are those related to the organization’s people, structure, culture, ownership, competence, and operational arrangements.

D. New technology available on the market is an external issue because it exists in the external business and technological environment. It is not created inside the organization, but it can affect how the organization manages OH and S risks and opportunities, for example by introducing safer equipment, automation, or new control methods. ISO 45001 guidance in Annex A recognizes that technological environment can be part of context analysis.

F. Average salaries in the business sector is also an external issue because it relates to the wider economic and labor-market environment, not the organization’s own internal arrangements. This kind of issue can influence recruitment, retention, competence availability, and worker welfare conditions, all of which may indirectly affect OH and S performance. It is part of the external economic context.

Why the other options are not external:

A. Increased number of outsourced processes is mainly an internal organizational decision about how work is arranged and controlled. Although outsourced providers are external parties, the increase in outsourcing is part of the organization’s internal operating model.

B. New owners of the organisation is an internal issue because ownership and governance are part of the organization’s internal structure and direction.

C. Workers joined a trade union is generally treated as an internal workforce/industrial relations issue , because it directly concerns the organization’s workers and participation arrangements.

E. Recently hired workers with limited command of the local language is an internal issue because it concerns the competence, communication, and workforce characteristics within the organization.

Therefore, the two options related to external issues are:

D, F