Qualified Environmental Professional (QEP)

Correct: According to ISO 45001:2018 Clause 9.2.2, the organization must plan and establish an audit program that takes into account the importance of the processes concerned, changes affecting the organization, and the results of previous audits. A risk-based approach necessitates adjusting the audit frequency or timing when evidence, such as near-misses or increased hazards, suggests that the current controls may be ineffective or that the risk profile has changed significantly.

Incorrect: Maintaining a fixed schedule regardless of risk fails to meet the requirement to consider process importance and performance. Delaying the response until the next scheduled audit is reactive and fails to address immediate risks to worker safety. Relying solely on a manager’s self-assessment does not fulfill the requirement for an independent and objective internal audit process as part of the management system’s monitoring and measurement.

Takeaway: Internal audit scheduling must be a dynamic, risk-based process that prioritizes activities based on incident data and the criticality of the processes to the OH&S management system.

Correct: According to ISO 45001:2018 Clause 6.1.2.1, the organization must establish a hazard identification process that is ongoing and proactive. This process must specifically account for changes in the organization, its processes, activities, and the OH&S management system. A significant hardware upgrade and power reconfiguration represent a change that could introduce new electrical hazards (such as circuit overloading or improper grounding), and the failure to update the risk assessment to reflect these changes is a direct violation of the standard’s requirement for proactive hazard identification.

Incorrect: Noting an opportunity for improvement is insufficient because the standard mandates the identification of hazards related to changes; a failure to do so is a clear nonconformity. Relying on a contractor’s documentation does not absolve the organization of its responsibility to integrate those changes into its own OH&S management system. Requiring the auditor to prove a load capacity breach is incorrect, as the nonconformity is based on the failure of the management process to assess the change, not the physical state of the equipment itself.

Takeaway: ISO 45001 requires organizations to proactively update their hazard identification and risk assessments whenever significant changes occur in the workplace or its processes.

Correct: According to ISO 45001 Clause 9.1.1, the organization must ensure that monitoring and measuring equipment is calibrated or verified as applicable and maintained. Furthermore, Clause 7.2 requires that personnel performing tasks that can impact OH&S performance are competent. In an audit scenario where data is inconsistent, the auditor must first ensure the reliability of the measurement process itself, which includes both the technical accuracy of the tools and the proficiency of the operators.

Incorrect: Lowering thresholds does not address the fundamental issue of data reliability or the root cause of the measurement variance. Focusing on disciplinary actions shifts the focus to worker behavior rather than the integrity of the monitoring system required by the standard. Updating insurance policies is a risk-transfer financial strategy but does not satisfy the requirement for an effective monitoring and measurement process under an OH&S management system.

Takeaway: Effective OH&S monitoring depends on the dual pillars of equipment calibration and personnel competence to ensure that data used for decision-making is reliable and valid.

Correct: Under ISO 45001:2018, specifically Clause 8.1 (Operational Planning and Control) and Clause 8.1.4 (Procurement/Contractors), the organization must ensure that processes are in place to manage risks. For temporary works, this involves a ‘Permit to Load’ system where a competent person (often a Temporary Works Coordinator) verifies that the physical installation matches the engineering design before the structure is subjected to weight. This provides objective evidence of hazard elimination and risk reduction.

Incorrect: Transferring liability through contract clauses (option b) does not satisfy the ISO 45001 requirement for the organization to manage its own OH&S risks and coordinate with contractors. Manufacturer certificates (option c) verify component quality but do not ensure the safety of the specific on-site assembly or design application. Verbal updates in project meetings (option d) lack the technical rigor and objective evidence required to verify that specific safety controls for high-risk temporary structures are being implemented.

Takeaway: Effective management of temporary works requires formal verification of the installation against design specifications by a competent person before the structure is put into use.

Correct: ISO 45001:2018 Clause 9.1.1 requires the organization to determine not only what needs to be monitored but also the criteria against which the organization will evaluate its OH&S performance. When an organization sets internal action levels, these become part of its performance criteria. Clause 9.1.2 further requires the organization to evaluate the OH&S performance and determine the effectiveness of the management system. Failing to take action or investigate when internal thresholds are exceeded indicates that the monitoring process is not being used to drive improvement or ensure control effectiveness, regardless of whether a legal limit was reached.

Incorrect: The claim that no nonconformity exists because legal limits were met is incorrect because ISO 45001 requires organizations to meet their own stated objectives and criteria, not just the bare minimum of the law. Suggesting an increase in action levels to reduce administrative burden is inappropriate for an auditor and contradicts the principle of risk reduction. Finally, while internal levels are important, exceeding them is a failure of the management system’s internal performance criteria rather than a direct breach of statutory law, unless the local jurisdiction specifically codifies those internal levels as legally binding.

Takeaway: Auditors must ensure that organizations evaluate and respond to deviations from their own established internal performance criteria to maintain the integrity of the PDCA cycle.

Correct: Under ISO 45001, specifically Clause 8.1.3 (Management of Change), the organization must establish a process for the implementation and control of planned temporary and permanent changes that impact OH&S performance. The fact that the SOPs were not updated following the installation of new sensors, leading to workers bypassing guards, indicates a failure in integrating change management with operational controls. The auditor must prioritize evaluating how changes to machinery are assessed for risk and how those assessments are translated into updated operating procedures.

Incorrect: Recommending disciplinary action focuses on individual behavior rather than the systemic failure of the management of change process. Verifying the timing of a third-party audit is a high-level administrative check that does not address the immediate operational risk or the root cause of the outdated SOPs. Focusing on the lack of a digital repository addresses a potential administrative improvement but ignores the fundamental requirement to ensure that operational controls are technically accurate and safe for the current equipment configuration.

Takeaway: Effective OH&S management requires that Safe Operating Procedures are dynamically updated through a robust management of change process whenever equipment or physical hazards are modified.

Correct: According to ISO 45001:2018 Clause 7.2, the organization must not only provide training but also evaluate the effectiveness of the actions taken to acquire competence. The fact that operators attended training (evidenced by logs) but could not demonstrate the required knowledge indicates that the organization failed to verify if the training actually resulted in the necessary competence to perform the task safely.

Incorrect: Maintaining documented information on dates and durations is a record-keeping requirement but does not ensure the quality or impact of the training. Identifying external providers is a resource management step that does not guarantee the specific competency of the internal workforce. Communicating the OH&S policy is a general requirement for awareness under Clause 7.3 but is not a specific control for technical operator competency regarding specialized equipment.

Takeaway: Effective competency management requires a verification step to ensure that training has successfully transferred the necessary knowledge and skills to the worker.

Correct: Under ISO 45001:2018 Clause 8.1 (Operational Planning and Control), the organization must ensure that its processes are carried out as planned. When a critical safety control—such as a Permit to Load for temporary works—is bypassed, the immediate priority is to ensure that the organization follows its own non-conformity and emergency protocols. This involves stopping work to verify that the structural integrity has not been compromised, thereby protecting workers from the risk of collapse. The auditor’s role is to see if the management system effectively responds to this breach of control.

Incorrect: Retroactively signing a permit is a violation of both safety protocols and audit integrity, as it masks a failure in the control process. While checking competency records is a valid part of an audit, it does not address the immediate physical hazard created by the unapproved loading. Increasing the frequency of internal audits is a potential long-term corrective action but fails to address the immediate non-conformity and the potential risk to life currently present on the site.

Takeaway: Operational control over high-risk activities like temporary works requires strict adherence to approval sequences to ensure structural integrity and worker safety.

Correct: ISO 45001 Clause 8.1.3 (Management of Change) requires organizations to establish a process for the implementation and control of planned temporary and permanent changes that impact OH&S performance. Temporary works, such as the cooling gantry, are high-risk activities where structural integrity is paramount. Any modification to an approved design constitutes a change that must be assessed and approved by competent persons (the TWC or designer) to ensure that the risk of collapse or failure is mitigated. Suspending work is the only safe response to an unverified structural change.

Incorrect: Retrospective reviews are insufficient because they allow a potentially fatal hazard to persist until the next audit cycle, violating the proactive nature of ISO 45001. Relying on a site supervisor’s experience for structural design changes is inappropriate as it bypasses the formal competency requirements for temporary works design. Updating the risk register without first verifying the structural integrity of the modification fails to address the immediate physical risk to workers and the facility.

Takeaway: Under ISO 45001, any modification to temporary works must be treated as a formal change requiring engineering re-validation to ensure operational controls remain effective.