ISO-45001-Lead-Auditor PECB Certified OHSMS ISO 45001 Lead Auditor Exam Questions and Answers

Explanation

Prepares the audit report → Audit Team Leader: The Audit Team Leader is responsible for compiling and preparing the final audit report, summarizing findings and conclusions.

Prepares audit checklists for use during the audit → Auditor: Auditors create checklists to ensure a thorough and systematic evaluation during the audit.

Participates under the direction and guidance of an auditor → Auditor in Training: An auditor in training works under supervision to gain experience and contribute to the audit process.

Follows up on audit findings within an agreed timeframe → Auditee: The auditee is responsible for addressing and resolving audit findings and providing evidence of corrective actions.

A person who accompanies the audit team but does not act as an auditor → Observer: Observers are typically external parties or internal personnel who watch the audit process but do not participate actively.

Escorts the auditors but does not participate in the audit → Guide: A guide facilitates the audit by helping auditors navigate the site and access relevant areas or documents.

References

ISO 19011:2018: Guidelines for auditing management systems.

ISO 45001 emphasizes worker participation and engagement at all levels of the organization to support continuous improvement (Clause 5.4 and Clause 10.3). Continuous improvement requires input from everyone, including workers who identify hazards, report incidents, and contribute to safety enhancements.

Analysis of Options:

A. Everyone, at all levels of the company: Correct. Clause 5.4 explicitly includes all levels of the organization in consultation and participation, fostering continuous improvement.

B. Top management and senior officers only: Incorrect. While top management plays a crucial role in leadership, ISO 45001 extends the responsibility for participation to all levels.

C. Top management, senior officers, and designated safety representatives only: Incorrect. Limiting participation to designated representatives excludes a significant portion of the workforce from the improvement process.

D. Top management only: Incorrect. While top management must lead and commit to continuous improvement, their involvement alone is insufficient under ISO 45001.

ISO References:

Clause 5.4: Worker consultation and participation.

Clause 10.3: Continual improvement.

Clause 5.1 of ISO 45001:2018 requires top management to demonstrate leadership and commitment to the OH and S management system. This includes awareness of the OH and S policy and its objectives.

Analysis of Options:

A. As a member of the management team, the Deputy College Principal is not aware of the OHSMS policy: Correct. A lack of awareness of the policy reflects poor leadership commitment, which violates Clause 5.1.

B. OH and S improvement is not possible due to the lack of awareness of the OHSMS: Incorrect. While improvement may be hindered, this is not the main issue in this scenario.

C. The Deputy College Principal is not competent to manage the OHSMS: Incorrect. The Deputy’s competence to manage the OHSMS is not in question; the issue is their lack of awareness of key elements.

D. The OH and S policy only exists as a document in the College Principal’s office: Incorrect. The policy may be accessible but not effectively communicated or understood by management.

ISO References:

Clause 5.1: Leadership and commitment.

Clause 5.2: OH and S policy.

In a first-party audit (internal audit), the organization conducts the audit to determine whether its management system conforms to planned arrangements, to the organization’s own requirements, and to the requirements of ISO 45001, and whether it is effectively implemented and maintained. ISO 45001 Clause 9.2 requires internal audits to provide information on conformity and effectiveness.

E. Verify compliance with regulatory requirements is a valid audit objective because ISO 45001 requires the organization to determine its legal and other requirements and to evaluate compliance with them. Internal audits commonly include verification that these legal OH and S obligations are being met as part of checking the effectiveness and conformity of the OH and S management system. This aligns with Clause 6.1.3 and Clause 9.1.2 of ISO 45001.

B. Complete the audit on time is also an audit objective in practical first-party auditing because audit objectives are established for the audit and supported by planning, resources, timing, and reporting arrangements. While it is not a system conformance criterion, it is a valid objective for the audit assignment itself, ensuring the audit is performed as planned and efficiently managed. This fits normal lead auditor practice in planning and conducting internal audits.

Why the other options are not correct:

A. Apply international standards is too broad and is not itself an audit objective. Standards are the criteria or reference, not the objective.

C. Confirm the scope of the management system is accurate is not usually stated as a first-party audit objective; scope is established by the organization under Clause 4.3, though it may be reviewed during audits.

D. Prepare the audit report for the certification body does not apply to a first-party audit, because internal audits are not performed for a certification body.

F. Update the management policy is a management responsibility, not an audit objective. Audits may identify inputs for policy review, but updating the policy is not the purpose of the audit itself.

Therefore, the two correct options are:

B, E

Analysis of Options:

A. Results of management review: Correct. Clause 9.3 requires retention of management review results as documented information.

B. Risks and opportunities: Incorrect. Risks and opportunities must be considered and managed, but retaining this as documented information is not mandatory.

C. Results of compliance evaluation: Correct. Clause 9.1.2 requires retention of compliance evaluation results.

D. Workers ' current level of competency: Incorrect. Competency must be ensured, but retaining specific competency records is not explicitly required.

E. Assigned responsibilities and authorities: Incorrect. These must be defined and communicated but are not required to be retained as documented information.

F. The relevant requirements of workers: Incorrect. Relevant worker requirements must be considered but not retained as documented information.

G. Effectiveness of corrective actions: Correct. Clause 10.2 requires retention of evidence of corrective actions taken.

H. OH and S Policy: Correct. Clause 5.2 requires the OH and S policy to be maintained as documented information.

ISO References:

Clause 5.2: OH and S policy.

Clause 9.1.2: Compliance evaluation.

Clause 9.3: Management review.

Clause 10.2: Corrective actions.

Clause 10.2 requires organizations to investigate nonconformities, determine their causes, and take corrective actions to prevent recurrence. Clause 9.2.2 specifies the requirements for managing internal audit processes, while Clause 7.4.3 emphasizes the need to communicate relevant information effectively.

Analysis of Options:

A. 9.2.2.e - Management failed to take any action to deal with the audit nonconformity: Correct. Management must ensure that internal audit findings are addressed promptly. The lack of action violates Clause 9.2.2.e.

B. 9.2.2.d - Staff were not made aware that health and safety incidents were increasing: Incorrect. This clause pertains to the planning and conduct of audits, not the communication of findings.

C. 8.1.1 - Operations were not properly controlled to avoid health and safety incidents: Incorrect. While increased incidents may suggest operational issues, this option does not directly relate to the internal audit findings.

D. 9.2.2 - Report IA202 contained a poorly worded nonconformity (NC3): Incorrect. The clarity of the nonconformity wording is not directly relevant to Clause 9.2.2.

E. 10.2.b - The root cause of the increase in reported health and safety accidents was not investigated: Correct. Failure to investigate root causes violates Clause 10.2.b.

F. 7.4.3 - The results of the internal audit IA202 were not communicated to interested parties: Correct. Effective communication of audit results is required under Clause 7.4.3.

ISO References:

Clause 9.2.2: Internal audit process requirements.

Clause 10.2: Nonconformity and corrective action.

Clause 7.4.3: Communication requirements.

The three correct responses are A, B, and G .

A is correct because ISO 45001 Clause 5.3 requires top management to ensure that the responsibilities and authorities for relevant roles are assigned, communicated and understood at all levels within the organization , and that they are maintained as documented information . So if top management asks whether responsibilities and authorities for relevant roles have to be documented, the correct answer is yes .

B is correct because Clause 5.1 Leadership and commitment requires top management to ensure that the resources needed to establish, implement, maintain and improve the OH and S management system are available . Therefore, the auditor’s “Yes, you do” is correct.

G is correct because Clause 5.1 also requires top management to promote continual improvement . This is stated directly as part of top management leadership and commitment responsibilities under ISO 45001.

Why the others are not correct:

C is incorrect because top management does have to ensure that processes are established for consultation and participation of workers . Clause 5.4 makes this a requirement, so “No, you do not” is wrong.

D is incorrect as written. Top management must establish, implement and maintain the OH and S policy, but ISO 45001 does not state that top management personally has to “write” it. The wording in the option is too specific and not how the standard states the requirement.

E is incorrect because top management does have to ensure that the OH and S management system achieves its intended results. Clause 5.1 says this directly.

F is incorrect because top management must ensure OH and S objectives are established and compatible with the strategic direction, but ISO 45001 does not require top management personally to “write” the objectives.

H is incorrect because the organization must determine the scope under Clause 4.3 , and top management remains accountable for the OH and S management system. Saying “No, you do not” is not correct in this context.

Clause 9.1.2 of ISO 45001:2018 outlines the need for organizations to evaluate compliance with applicable legal and other requirements as part of their OH and S management system.

Analysis of Options:

A. The organization must evaluate its compliance status at least once a year: The standard does not prescribe a specific frequency but states that evaluations must be conducted at planned intervals.

B. ' Other requirements ' include requirements that the organization has chosen to comply with: Correct. Other requirements may include voluntary standards, industry codes, or contractual obligations.

C. A management review is required in all instances where one or more legal requirements are not being met: This is not true. Management reviews address compliance but are not mandated for every noncompliance.

D. Every member of an audit team must have a detailed understanding of the legal requirements for the sector and type of organization they are auditing: Not true. Auditors must have general competency but can rely on subject-matter experts for legal specifics.

E. If the organization is failing to address a legal requirement relating to another discipline (e.g., Environmental management), this cannot be raised in the audit: Not true. If the legal noncompliance impacts OH and S, it can be raised.

F. The organization cannot outsource its process for evaluating compliance: The organization can outsource evaluation but retains accountability.

G. The organization is required to establish a process for evaluating compliance: Correct. Clause 9.1.2 requires a process for compliance evaluation.

H. The organization is required to evaluate its compliance status with OH and S legal and other requirements: Correct. Clause 9.1.2 explicitly states this requirement.

ISO References:

Clause 9.1.2: Evaluation of compliance.

Clause 7.5: Documented information requirements

The correct answers are D and F .

In audit interviewing practice, open questions are mainly used to get explanation, description, and insight, while closed questions are used to confirm specific facts or verify that the auditor’s understanding is correct. Guidance on audit interviews says auditors should rely mainly on open questions for expanded responses and use closed questions to confirm answers . ( The Auditor )

That is why D. To confirm conformity or a non-conformity finding is correct. Once the auditor has gathered evidence, a closed question can be used to verify a precise point, confirm whether a requirement has or has not been met, or make sure the factual basis of a conformity/nonconformity is accurate before recording the finding. ISO 19011 also states that nonconformities and supporting audit evidence should be reviewed with the auditee so the evidence is accurate and understood. ( Synersia Foundation )

F. To check that your understanding of a situation is correct is also correct. Closed questions are especially useful at the end of a discussion to confirm the auditor’s interpretation of what was said or observed. This is a standard interview technique in auditing. ( Designing Buildings )

Why the other options are not correct:

A. To obtain an overview of how a task is performed is better done with open questions , because the auditor needs explanation and sequence. ( The Auditor )

B. To establish communication with the auditee with a view to building trust is usually done through general conversation and open dialogue, not mainly through closed questioning. ( The Auditor )

C. To gain greater insight into the operation of a process also requires open questions . ( The Auditor )

E. To follow your audit trail generally needs probing and exploratory questions, which are typically open rather than closed. ( The Auditor )

The correct answer is D .

ABC states that it has implemented one single OH and S management system for both plants . Once a single management system covers both sites, the certification body has to determine and audit the scope of the management system being operated , not an artificially narrowed commercial scope. IAF MD 1 says a multi-site organization has a single management system , and the certification body must confirm that a single management system is deployed and determine the scope of the management system being operated . It also says the certification document must reflect the scope of certification and the sites/legal entities covered by that multi-site certification. ( IAF )

The argument that XYZ is “just a supplier” does not solve the problem. IAF MD 5 makes an important distinction: where an external provider is only a supplier, the certification body audits the organization’s control of the supplied activity, not the performance of the activity itself . But here, XYZ is not outside the management system; ABC has already said both plants are inside one single OHSMS . So XYZ cannot simply be treated as an external supplier for certification-scoping purposes. ( IAF )

This is also consistent with the multi-site certification rules that do not allow an organization to exclude covered sites just to avoid certification consequences. IAF MD 1 explicitly says it is not admissible to exclude a problematic site from scope during certification, and the certification documents must show the sites covered by the certified system. While this example is about a “problematic” site, the principle is the same: once the site is part of the single management system, it cannot be carved out simply for convenience or marketing. ( IAF )

Therefore, as a third-party auditor, you should not agree to audit only the food plant while ignoring the packaging plant if both are included in the same ISO 45001 management system.

The correct answers are B, E, and G .

G is true because ISO 19011 states that a closing meeting should be held to present the audit findings and conclusions . This applies to audits generally, not only third-party audits. ( Oshisis )

E is true because ISO 19011 guidance says that for some audit situations the closing meeting may be formal, but in other instances, such as internal audits, the closing meeting can be less formal and may simply consist of communicating the findings and conclusions. That means a first-party closing meeting is commonly less formal than a third-party certification closing meeting. ( Synersia Foundation )

B is also true . ISO 19011 and related guidance allow the use of remote methods / ICT in audit activities, and remote audit methods may be combined with on-site methods. From that, it follows that the audit team leader may arrange for audit team members to join activities such as the closing meeting virtually , where appropriate and controlled. This is an inference from the permitted use of ICT in audits. ( ISO )

Why the others are false:

A is false because the closing meeting is for presenting findings and conclusions, not for changing findings simply because the auditee is unhappy. Findings can be clarified, but not changed without objective evidence. ( Oshisis )

C is false because there is no rule that the audit team must meet formally immediately after the closing meeting to consider recommendations.

D is false because ISO 19011 says some closing meetings may be formal and recorded, but internal audits can be less formal, so they do not always have to be documented in that way. ( Synersia Foundation )

F is false because the audit team leader is responsible for managing the audit team and assigning roles.

H is false because the closing meeting should be chaired by the audit team leader , not by the audit client. ( Oshisis )

Clause 10.2 of ISO 45001 requires organizations to investigate incidents, determine root causes, and implement corrective actions to prevent recurrence.

Analysis of Options:

A. Check whether corrective actions were taken. This directly relates to the requirement to implement corrective actions to address the identified risks and hazards. Failure to do so would indicate nonconformity.

B. Determine whether the Health and Safety Authority was notified. Notification is a legal requirement in certain jurisdictions, but it is not explicitly required under ISO 45001 unless the legal context demands it.

C. Establish whether the root cause was determined. Root cause analysis is fundamental for effective corrective action. Without this, corrective measures may not address the underlying problem.

D. Find out when the operator ' s machine was last subject to maintenance. While maintenance is important, it does not directly address the incident ' s nonconformity.

E. Find out whether the operator was sent to the hospital. Sending the operator to the hospital is a reactive step and not relevant to compliance with Clause 10.2.

F. Interview the operator about PPE usage. This is relevant but insufficient for determining compliance with Clause 10.2.

ISO References:

Clause 10.2: Investigation of incidents, determination of causes, and implementation of corrective actions.

Clause 8.1.2: Hierarchy of controls and risk reduction.

According to ISO 45001:2018, the PDCA cycle is explained in Clause 0.4. The Act phase is defined as: taking actions to improve continually the OH and S performance in order to achieve the intended outcomes . This clearly supports C. Making improvements as a correct answer.

Option D. Resetting objectives is also appropriate because ISO 45001 requires OH and S objectives to be reviewed and updated as appropriate . After checking performance results, the organization may revise or reset objectives as part of continual improvement and corrective action. This aligns with the Act stage, where changes are made to improve system effectiveness and performance.

The remaining options belong to other PDCA phases:

A. Verifying training relates more to evaluation of competence and effectiveness, which fits checking activities.

B. Measuring objectives belongs to the Check phase because ISO 45001 says Check includes monitoring and measurement against OH and S policy and objectives.

E. Providing infrastructure belongs to the Do phase because it is part of providing resources and operational support.

F. Auditing processes belongs to the Check phase because internal audits are part of performance evaluation under Clause 9.2.

Therefore, the correct answer is:

C, D

The correct answers are E, F, and H .

This situation raises three serious concerns: impartiality , professional conduct , and the reliability of the audit conclusion . Third-party auditors are expected to act honestly and impartially, and accepting gifts from the auditee is inconsistent with that expectation. The IAF auditor code of conduct says auditors must be honest and impartial and must avoid conduct that discredits the profession. ( IAF )

E is correct because the audit team leader must first consider whether the alleged behavior could compromise the validity of the audit findings and conclusion . If that risk is significant, the matter should be escalated to the individual(s) managing the audit programme for direction, since certification audits must remain competent, consistent, and impartial. ( ISO )

F is correct because the team leader should gather specific facts and then give the auditor an opportunity to respond to the allegations before deciding the next step. That is the appropriate immediate management action and is consistent with fair handling of an issue that could affect audit integrity. The concern is too serious to ignore, but it should still be examined on evidence, not assumption. ( ISO )

H is also correct because, while the matter is being addressed, moving the auditor in training away from the auditor concerned is a sensible control to protect the trainee and the audit process. It helps reduce further disruption and prevents the trainee from being exposed to more inappropriate conduct during the remainder of the audit. This is a practical audit-management response flowing from the team leader’s responsibility to maintain control of the audit team and audit activities. ( ISO )

Why the other options are not correct:

A is too immediate and inappropriate. The auditor in training cannot simply replace a qualified auditor without proper competence and authorization being confirmed.

B is premature. The audit should not be terminated immediately without first assessing the facts and the impact on the audit.

C is clearly wrong because the issue could affect the integrity of the current audit and cannot wait until later.

D is wrong and unethical; the tickets should not be accepted by anyone on the audit team. ( IAF )

G is wrong because experience does not excuse unethical or unprofessional behavior.

A first-party audit is an internal audit . ISO defines internal audits, or first-party audits, as audits conducted by, or on behalf of, the organization itself . That means the people participating can be the organization’s own auditors or external people acting on its behalf, such as a consultant. ( ISO )

Therefore:

A. An auditor certified by CQI and IRCA can participate in a first-party audit, provided the auditor is acting for the organization or on its behalf. Certification status does not prevent participation in an internal audit. This is consistent with the principle that first-party audits are defined by who the audit is for , not by the auditor’s credential. ( ISO )

D. An auditor from a consultant organisation can also participate, because first-party audits may be carried out on behalf of the organization by a qualified external consultant. ( ISO )

E. An auditor trained in the CQI and IRCA scheme can participate for the same reason: training route does not change the audit type; the audit remains first-party if it is conducted by or for the organization. ( ISO )

F. An auditor trained by the organisation clearly can participate, since internal audits are commonly performed by trained internal auditors from within the organization. ( ASQ )

The two that do not participate in a first-party audit are:

B. A certification body auditor

C. An auditor from an accreditation body

A certification body auditor performs a third-party audit , not a first-party audit. An accreditation body auditor/assessor evaluates certification bodies or similar conformity assessment bodies, not the organization’s own internal audit program. These are external oversight roles, not first-party audit roles. ( ISO )

So the correct answer is:

B, C

ISO 45001 emphasizes the importance of worker participation , particularly non-managerial workers, in developing and improving the OH and S management system. Clause 5.4 outlines specific areas where their involvement is crucial.

Analysis of Options:

A. Determining competence requirements: Incorrect. Competence requirements are primarily determined by management but may involve feedback from workers.

B. Determining how to fulfil legal requirements: Incorrect. Management typically handles compliance with legal requirements.

C. Determining controls on outsourced processes: Incorrect. This is a management responsibility.

D. Managing the internal audit programme: Incorrect. Workers participate in audits, but managing the program is a management task.

E. Determining what needs to be communicated: Incorrect. Communication strategies are usually set by management.

F. Determining actions to eliminate hazards: Correct. Non-managerial workers ' input is vital in identifying and eliminating workplace hazards (Clause 8.1.2).

G. Establishing the OHS policy: Correct. Workers’ participation in policy development ensures it is relevant and inclusive (Clause 5.2).

H. Establishing OHS objectives: Correct. Workers’ participation ensures that objectives are practical and aligned with workplace realities (Clause 6.2).

Analysis of Options:

A. Integrated Management System: Correct. An Integrated Management System (IMS) combines multiple standards like ISO 45001, ISO 14001, and ISO 9001, addressing environment management as part of the integration.

B. ISO 14501: Incorrect. ISO 14501 pertains to milk and milk products, not environmental management.

C. ISO 45001: Incorrect. ISO 45001 focuses on Occupational Health and Safety, not environmental management.

D. ISO 14001: Correct. ISO 14001 is the primary standard for Environmental Management Systems.

ISO References:

ISO 14001: Environment Management Systems.

Integrated Management Systems: Combines standards like ISO 14001 and ISO 45001.

2. Prepare the audit checklist, 3. Obtain objective evidence, 4. Review audit evidence, 5. Document findings

For a first-party audit, the sequence follows the normal audit flow described in ISO auditing guidance: first the audit is initiated and leadership is assigned, then audit activities are prepared, then evidence is collected during the audit, then that evidence is evaluated, then findings are recorded, and finally the audit report is issued. ISO 19011 describes the audit flow as initiating the audit, preparing audit activities, conducting audit activities, and preparing and distributing the audit report. ( ISO )

That is why, after 1. Appoint an audit team leader , the next correct step is 2. Prepare the audit checklist . The checklist is part of preparing for the audit and helps the auditor plan questions, clauses, process interactions, and sampling points before going on to collect evidence. ( WEDEAQ | Official VDA QMC Partner )

After preparation, the auditor moves to 3. Obtain objective evidence . Audit evidence is gathered through interviews, observation, and review of documented information during the audit. This is a core activity of conducting the audit. ( DNV )

Once evidence is collected, the auditor must 4. Review audit evidence . ISO audit practice requires the evidence to be evaluated against the audit criteria to determine whether conformity or nonconformity exists. Evidence is not simply collected and reported immediately; it is first reviewed and assessed. ( PRETESH BISWAS )

After reviewing the evidence, the auditor can 5. Document findings . Findings are the result of evaluating the evidence against criteria, so they logically come after evidence review. Recorded findings can include conformity, nonconformity, and opportunities for improvement, depending on the audit plan and method. ( PRETESH BISWAS )

The final step is 6. Issue the report , because the report is prepared only after the audit evidence has been reviewed and the findings have been determined and documented. ( ISO )

So, the correct full order is:

1. Appoint an audit team leader

2. Prepare the audit checklist

3. Obtain objective evidence

4. Review audit evidence

5. Document findings

6. Issue the report

Clause 4.4 of ISO 45001 requires organizations to establish, implement, maintain, and continually improve an OH and S management system. The corrective actions must address systemic issues, involve leadership commitment, and aim to foster a strong safety culture.

Analysis of Options:

A. Top management initiated a comprehensive review of internal and external issues: Correct. A review of internal and external issues aligns with Clause 4.1 and demonstrates leadership commitment.

B. Union representatives were invited to attend OH and S management meetings: Incorrect. While participation is valuable, it is not a systemic corrective action.

C. Top management developed and is leading a programme to promote an effective culture of support: Correct. Promoting a safety culture is a proactive measure and aligns with Clause 5.1 (Leadership).

D. Staff from departments with nonconformities received regular safety training during toolbox talks: Incorrect. While training addresses specific gaps, it does not address systemic issues.

E. External consultants conducted a gap analysis of the OHSMS: Incorrect. While helpful, this action does not demonstrate leadership or address systemic improvement.

F. OH and S champions were appointed in each department to report near misses and incidents: Incorrect. This is a good practice but does not directly address Clause 4.4’s requirement for systemic improvement.

ISO References:

Clause 4.4: Maintaining and improving the OH and S management system.

Clause 5.1: Leadership and commitment.

Clause 10.3: Continual improvement.

Was he made aware of the hazards related to this work? → Clause 6.1.2.1: Clause 6.1.2.1 focuses on hazard identification. Organizations must identify hazards associated with work activities, such as operating a motorbike, and ensure workers are aware of these hazards.

Was he trained to use the new motorbike? → Clause 7.2: Clause 7.2 requires organizations to ensure that workers are competent to perform their assigned tasks, including providing necessary training for new equipment like a motorbike.

Was he asked to deliver too many orders in a short period of time? → Clause 8.2: Clause 8.2 relates to managing operational controls and ensuring that work processes do not impose undue risks, such as excessive workloads or time pressure.

Was he carrying any contact details in case of an accident? → Clause 7.3: Clause 7.3 requires effective communication of information relevant to OH and S, including emergency contact details or procedures for accidents.

ISO References:

Clause 6.1.2.1: Hazard identification.

Clause 7.2: Competence.

Clause 7.3: Awareness and communication.

Clause 8.2: Operational control.