Integrating Covid-19 Internal Audits with an ISO 45001 OHSMS

June 4, 2020

1:00 PM – 1:30 PM – Central Time

The purpose of this brief webinar is to discuss the advantages of using internal audits and corrective actions to check that an organizations Covid-19 program is effective.   The webinar explores how organizations can use ISO 45001 management system tools to respond to new challenges from the Covid -19 pandemic.

As the economy reopens organizations are being required to establish new programs and controls to minimize the spread of the virus among employees.  Internal audits combined with corrective action programs help organizations establish and operate effective Covid-19 programs rapidly.

The webinar covers the following topics:

  • Identifying Covid-19 compliance obligations
  • Risk assessment methods for determining which Covid-19 Risk to addressed
  • Establish operational controls for Covid-19 risks to employees
  • When and how often to audit the Covid-19 program
  • How to safely conduct Covid-19 audits
  • How to effectively address Covid-19 internal audit findings through corrective action.
  • Report the results of Covid-19 audits and corrective action to leadership

About the presenter

Kevin Lehner is a member of the US Technical Advisory Group (US-TAG) to ISO 45001: He is an expert and represents the US-TAG at international meetings. He recently traveled to Kigali, Rwanda to attend the 9th international meeting of TC 283 (interview with Martin Cottam in Kigali). Kevin is a certified lead auditor conducting ISO 45001 audits for clients including accredited ISO 45001 certification bodies.

Register for this Webinar

Auditing ISO 45001:2018 – 5.4 Consultation and participation of workers

Note. I want to be clear upfront that my intention is not to discredit the contribution organized labor made to the development of ISO 45001:2018.  The point I make here is that they had a significant impact on the requirements in certain sections of ISO 45001:2018.  This fact may help inform users about the intent of the requirements for purposes of implementation and conformity assessment. 

Clause 5.4 of ISO 45001:2018 discusses requirements for consultation and participation of workers and is the result of an interest groups desire to ensure their constituents were give certain rights to have influence over the organizations OHSMS.   Organized labor got a symbolic win here for their constituents but does this additional language add value to the standard or simply create unnecessary complexity and confusion for users of the standard?

As an auditor my approach would be to check if the workers themselves believe that their opinions about the OHSMS have been considered in its development and implementation.  The best way to do this is to ask them directly. Here is a line of questioning I would use to get objective evidence of conformity to the participation and consultation requirements in 5,4 of ISO 45001:2018.

My first question would be something like “Have you heard about the OHSMS here?”.  The answer to this question helps me get a sense of the organizations general awareness of the existence of an OHSMS.  You might have to rephrase the question to get them to understand what you are asking.

The next questions would be something like… Can you tell me about what you do as your job here and what you do to keep yourself safe from injury or ill health?  A good answer would be something like… My job is to load railcars.  I need to stand on top of the railcar and inspect it after it is loaded.  I need to wear this fall protection harness when I am on the railcar in case I accidently fell off.  The harness would break my fall and prevent or reduce my chances of injury.

The next question would go directly to participation and consultation and would be something like this.  Did you participate in any of the planning part of the OHSMS giving leadership your opinion of your comfort level with safely performing you job.  Another good answer would be something like…Yes, our entire crew participated in a hazard identification and risk assessment meeting where we went over all the job tasks and risks.  We were asked if we felt safe doing these tasks given the safety procedures and equipment that was in place.  One of the areas we raised as potentially unsafe was the absence of fall protection.  Based on that, our leadership has provided us with these ladders, harnesses and showed us how to use them.  I feel much safer now with this enhanced risk control.

Based on the results of this interview I would have good objective evidence that the intent of 5.4 had been achieved.  If most other worker interviewed had a similar tale to tell I would feel comfortable in concluding that the organizations had meet the requirements of clause 5.4 of the standard.

Of course, this line if questioning could have gone in many other directions and the answers given may not have supported a finding of conformity to varying degrees.  Auditors are certified and calibrated to make decisions during audits while considering all the evidence presented much like a judge does in a legal case.  Auditors who focus on too much detail like expecting the auditee to produce evidence of each of the 21 individual requirements of 5.4 are missing the point and need to step back and look at the bigger picture.

A True Story – Why ISO 14001 Works


It has been over seven years since we first began helping a medium sized automotive equipment manufacturer in the midwest implement a company wide ISO 14001 EMS. They were getting pressure from their customers to prove they were good environmental performers and an ISO 14001 certificate was the best solution. We helped them with environmental aspects, setting up the EMS and identifying regulatory compliance requirements. As we were completing the project we performed a round of internal audits to check that each facility was complying with the applicable  legal requirements.

The Audit Finding

One of the findings of our compliance audit was that at one location, the company was operating unpermitted production painting equipment. The audit team could find no records of correspondence with the State permitting authority about this new equipment. It had been commissioned sometime after an initial Title V permit application had been prepared for the facility. The paint operation was an important part of the manufacturing process and it was not possible to simply shut the process down. Doing so would have resulted in delayed shipment of product and dissatisfied customers.

The Response

Although the discovery of this potential noncompliance was uncomfortable news for the organization, at least they now had a better picture of the potential risks they were facing. They examined the process closely and decided that it was time to upgrade. They worked it out with the state permitting authority to replace the old system with a new more efficient paint system.

Fast Forward

Over the last several years we have continued to perform periodic EH&S compliance, ISO 14001, and OHSAS 18001 internal audits to support their continued certification to these standards.. During a recent compliance audit at one of the facilities we were delighted to see a new process being installed. It means the company continues to grow but, from an auditors perspective, the stack ducting through the roof becomes a great opportunity to check the EMS effectiveness to control noncompliance risk. As we walked by the new process I could see the auditee cracking a half smile as I asked a few questions about the new equipment and construction underway. He knew where this audit was going.

The audit was actually a combined one-day environmental and OSHA compliance audit so we had a lot of ground to cover in 8 hours. When the audit schedule called for review of compliance with state air emission permits, I asked what they knew about the potential emission from the new process. The audtee said “the process had the potential to emit a hazardous air pollutant at levels requiring permitting before installation of the equipment”.  The auditee then produced the construction permit they had been issued by the state?  The EMS had worked to help the organization identify the need to obtain a permit, well in advance of beginning construction on the new process.

Results Matter

Discovery of unpermitted emission sources during internal and compliance audits is not uncommon for us even today. Helping organizations identify and manage risks of noncompliance in the short term provides some satisfaction in our work. But having the opportunity to see the results of an effective EMS that we helped implement and, how that EMS has helped manage risks long term, is particularly gratifying.

Skepticism of the benefits of ISO 14001 will continue to linger especially with the uniformed. However, organizations interested in managing environmental risk and becoming more sustainable need to understand how the audit processes, embedded in ISO 14001, can be used to support an organizations sustainability efforts, promote successful outcomes and provide confidence by other stakeholder that environmentally, things are as they should be.

Disappointing News from ANAB

In late spring we meet with ANAB at their headquarters in Milwaukee to kick off the process of becoming an ANAB accredited registrar. Our hope was to issue ISO 14001, OHSAS 18001 and ISO 50001 accredited certificates to business in the upper Midwest.  To our surprise during that meeting ANAB made it clear that consultancies are prohibited from accreditation as certification bodies.  In ANABs eyes consultancies and anyone involved in governance of a consultancy is incapable of impartiality when performing ISO certification assessments.

We continue to believe that consultants make good auditors and vice versa.  The financial audit sector (accounts) has operated successfully for many decades using the model to ensure competency of both auditors and consultants.  We believe that ANAB, IAF and ISO’s conclusion that the threats to impartiality by consultancies are irreconcilable is not based in fact.  We also believe that the threats of financial self-interest by ANAB accredited certification bodies are at least as potent as any threat to impartiality from a consultancy performing certification activities.  This is because accredited CBs can (or should) only be allowed to generate revenue from one source, their certification activities.

We remain committed to trying to work with ANAB to find a way to offer ISO certification services in the upper Midwest but for the time being have placed this lower on our priority list of objectives.

Here Come the Bean Counters!

Having lead hundreds of sustainability performance assurance engagements over the last several decades I admit bias but have seen first hand evidence that organizations exaggerate and in some cases misrepresent their sustainability performance. This is especially true when the marketing departments are tasked with the job of turning an organization green.

As non-financial sustainability performance information is relied upon to make important decisions about investment and other business relationships, assurance of organizations sustainability performance assertions will become more common. An important question is who will do this assurance work? Recognizing opportunity the financial accounting profession is hard at work tooling up to fill this emerging niche

The confidences stakeholders can place in the results of an assurance engagement are directly proportional to the competence of those performing the audits. It will be interesting to see how the bean counters do at assessing environmental, health, safety and social performance as they endeavor to to learn the practice in this market.

Gap Assessment and Internal Audits

If you are doing a Gap Assessment I would start at the top of the standard and march right through it clause by clause. Use the EMS manual as a reference and make sure all elements of the standard have been addressed.

If you are planning an internal audit I would consider using a process approach where you audit many of the clauses almost simultaneously in each department or functional area of the organization. The following is an example of a line of questioning you might consider when you are interviewing employees in a Maintenance Department (MD).

Auditor: What are some important environmental aspects of the maintenance department?
MD: We clean and paint equipment used in the mine so we generate solvent waste and we have air emissions from the spray paint operations.

Comment: If the aspects match those on the record required by 4.3.1 you have some evidence of conformance to 4.3.1 and 4.4.2. If you see parts cleaning operations and painting operations being performed but these have not been identified as environmental aspects you may have nonconformity to 4.3.1. If these aspects have been identified but the MD representative you interview has no idea about what an aspect is or any of the impacts from parts cleaning or painting you may have nonconformity to 4.4.2.

Auditor: How do you make sure that waste solvents are handled properly?
MD: There are some important laws we must comply with for these waste solvents and we follow our Waste Solvent work instruction.

Comment: You now have some evidence that they have identified the legal requirements 4.3.2 and have established operational controls of significant aspects 4.4.6.

Auditor: This section of the Waste Solvent work instruction says the waste solvent storage area will be inspected weekly and the results recorded on the inspection sheet. Can you show me a record of the inspection that was performed 2 weeks ago?
MD: Sure here it is.

Comment: With this question you are looking for evidence of Operational Control 4.4.6, Monitoring and Measurement 4.5.1, Internal Audit 4.5.5 and Record 4.5.4. You could even get Corrective Action 4.5.3 if problems are found during the inspections which were corrected.

Auditor: Can you tell me about what you do if you see a fire somewhere in the facility
MD: We have been trained in proper use of fire extinguishes so if I think I can put the fire out I will try. No matter what, I will call the designated emergency coordinator who will follow-up and I will evacuate to my designated assembly area in the parking lot across the street.

Comment: Here is evidence of 4.4.7 and 4.4.2 and maybe 4.4.3.

The potential audit trails you can follow in a department are almost endless and each trail should be able to give you evidence for one or more clauses of the standard.

Audits and the Good news – Bad News – No News Comparison – My opinion based on 30 years of EHS audit experience.

Good news from audits is really no news for management. Good news from audits means that things are going as planned and there is no need for management intervention. System effectiveness has been confirmed through the audit process.

Bad news from audits is actually good news for management! The audit findings give management the opportunity to act (create incentive for change). Hopefully that change will correct the bad news situation discovered during the audit.

No News is Bad News. Organizations not performing audits have no means to assess the effectiveness of the management system. They are not getting information feedback about the organizations EH&S performance.

I encourage organizations to continue to audit even if they struggle to correct all the problems discovered. At some point the light bulb will turn on and the organization will recognize they have a problem with the corrective action process and hopefully figure out a fix.

The Future of ISO as a Measure of EH&S and Sustainability Performance

Over the past few years I have been watching the development of various corporate sustainability reporting initiatives such as GRI (Global Reporting Initiative) and financial industry indexes such as Dow Jones Sustainability Indexes. Recently the Prince of Wales has weighed in on the issue with the development of an initiative to promote something call Integrated Reporting.

I have been trying to assess whether the criteria used in these newer measures of performance are on a path to eclipse the ISO standards or if the ISO standards will become an important part of these reporting and indexing products especially the assurance parts. I sometimes wonder if a parallel assessment process with its own set of performance criteria is coming that will make the ISO standards obsolete and with it the certification body accreditation process IAF and ISO certification business.

What are your thoughts? Is ISO gaining credibility as a measure of an organizations performance or are the common myths we hear about ISO so deeply entrenched and stakeholder confidence eroded to the point that the world is likely to seek other methods to assess organizations performance rather than ISO and IAF.

Internal Audit Teams

Many organizations greatly underestimate the investment of resources needed to perform effective EHSMS internal audits.  The result is almost always a confused audit team which conveys a confused implementation effort to the rest of the organization.  The organization, including top management then looses respect for the EMS which can take years to overcome.  Don’t make this common mistake. 


If you are a team leader invest in your own competence by taking a certified EMS-LA course which includes an evaluation of your competence to lead audit teams.  Then invest in training a team of internal auditors in the requirements of ISO 14001 and ensure they understand the relationship between audit criteria, audit evidence and audit findings,  Lastly, make sure all the auditors poses the important personal attributes like being able to discuss without arguing, being able to listen effectively, good note taking and being perceptive.  Once you have covered those bases you are ready to lead a good internal audit that can provide important information upon which top management can act.