ISO-45001-Lead-Auditor Practice Questions

2. Prepare the audit checklist, 3. Obtain objective evidence, 4. Review audit evidence, 5. Document findings

For a first-party audit, the sequence follows the normal audit flow described in ISO auditing guidance: first the audit is initiated and leadership is assigned, then audit activities are prepared, then evidence is collected during the audit, then that evidence is evaluated, then findings are recorded, and finally the audit report is issued. ISO 19011 describes the audit flow as initiating the audit, preparing audit activities, conducting audit activities, and preparing and distributing the audit report. ( ISO )

That is why, after 1. Appoint an audit team leader , the next correct step is 2. Prepare the audit checklist . The checklist is part of preparing for the audit and helps the auditor plan questions, clauses, process interactions, and sampling points before going on to collect evidence. ( WEDEAQ | Official VDA QMC Partner )

After preparation, the auditor moves to 3. Obtain objective evidence . Audit evidence is gathered through interviews, observation, and review of documented information during the audit. This is a core activity of conducting the audit. ( DNV )

Once evidence is collected, the auditor must 4. Review audit evidence . ISO audit practice requires the evidence to be evaluated against the audit criteria to determine whether conformity or nonconformity exists. Evidence is not simply collected and reported immediately; it is first reviewed and assessed. ( PRETESH BISWAS )

After reviewing the evidence, the auditor can 5. Document findings . Findings are the result of evaluating the evidence against criteria, so they logically come after evidence review. Recorded findings can include conformity, nonconformity, and opportunities for improvement, depending on the audit plan and method. ( PRETESH BISWAS )

The final step is 6. Issue the report , because the report is prepared only after the audit evidence has been reviewed and the findings have been determined and documented. ( ISO )

So, the correct full order is:

1. Appoint an audit team leader

2. Prepare the audit checklist

3. Obtain objective evidence

4. Review audit evidence

5. Document findings

6. Issue the report

ISO 45001 Clause 5.2 OH and S policy requires top management to establish, implement and maintain an OH and S policy that includes a commitment to provide safe and healthy working conditions, fulfill legal and other requirements, and achieve continual improvement of the OH and S management system. It also requires the policy to be communicated within the organization and to be available to interested parties, as appropriate .

B.  

C.  

G.  

Why the other options are not supported by the policy statement:

A is not correct because the policy expresses intent to work in accordance with regulations, but it does not prove the organization meets all statutory requirements in practice.

D is not correct because the policy does not provide evidence of reputation.

E is not correct because the policy does not prove that processes actually deliver improvement; it only states commitment.

F is not correct because the policy mentions contractors, but it does not prove that contractors themselves are committed to health and safety.

H is not correct because the policy mentions safe experiences and customers, but it does not prove that customer health and safety requirements are satisfied.

Therefore, the three options for which the organization is meeting ISO 45001 policy requirements are:

B, C, G

According to ISO 45001:2018, the PDCA cycle is explained in Clause 0.4. The Act phase is defined as: taking actions to improve continually the OH and S performance in order to achieve the intended outcomes . This clearly supports

C.  

Option

D.  

The remaining options belong to other PDCA phases:

A.  

Verifying training relates more to evaluation of competence and effectiveness, which fits checking activities.

B.  

Measuring objectives belongs to the Check phase because ISO 45001 says Check includes monitoring and measurement against OH and S policy and objectives.

E.  

Providing infrastructure belongs to the Do phase because it is part of providing resources and operational support.

F.  

Auditing processes belongs to the Check phase because internal audits are part of performance evaluation under Clause 9.2.

Therefore, the correct answer is:

C, D

Activities following the closure of a third-party audit are generally related to improving the audit process and addressing any unresolved issues.

Analysis of Options:

A.  

Addressing any audit complaints: Correct. Post-audit, complaints or concerns from stakeholders are addressed to improve the audit process and maintain credibility.

B.  

Conducting a closing meeting: Incorrect. The closing meeting occurs before the audit is closed.

C.  

Conducting a review of opportunities for improvement: Correct. Reviewing opportunities for improvement post-audit helps in refining processes and aligning them with organizational goals.

D.  

Revising the audit ' s objectives: Incorrect. Audit objectives are established during the planning phase, not after the audit has been closed.

E.  

Updating risks and opportunities to the audit programme: Incorrect. Updates to risks and opportunities occur during ongoing audits, not specifically post-audit.

F.  

Writing the audit report: Incorrect. The audit report is prepared before the audit is officially closed.

ISO References:

Clause 9.2.2: Audit process review.

ISO 19011:2018, Clause 6.7: Managing complaints and follow-up.

Ethical – C

Diplomatic – F

Open to improvement – B

Perceptive – E

These behaviours are standard auditor personal attributes used in lead auditor training and are aligned with audit competence guidance.

Ethical –

C.  

An ethical auditor acts with integrity. This includes honesty, truthfulness, sincerity, fairness, and discretion when handling audit evidence, findings, and confidential information. Ethical behaviour is essential because audit conclusions must be trusted and based on professional conduct.

Diplomatic –

F.  

A diplomatic auditor interacts with people carefully and respectfully. During audits, questions may be sensitive, findings may be difficult to communicate, and interviewees may feel pressure. Being tactful helps maintain cooperation and supports effective evidence gathering.

Open to improvement –

B.  

An auditor who is open to improvement learns from audit experience, changing conditions, and new information. This behaviour supports continual development and better audit effectiveness over time.

Perceptive –

E.  

A perceptive auditor recognizes what is happening in the audit environment and understands the significance of what is seen, heard, and observed. This helps the auditor detect inconsistencies, identify risks, and understand process realities beyond prepared answers.

Why the other options are not used here:

A.  

Persistent and focused on objectives describes tenacious behaviour.

D.  

Actively observing surroundings/activities describes observant behaviour.

So the correct matching is:

Ethical – C

Diplomatic – F

Open to improvement – B

Perceptive – E

Audit reports should provide a clear summary of the audit process, findings, and conclusions based on the defined scope, objectives, and criteria. They do not include administrative details (e.g., invoices) or operational aspects (e.g., corrective action plans).

Analysis of Options:

A.  

A copy of the certification body invoice for the audit: Incorrect. Invoices are unrelated to the content of audit reports and are handled separately.

B.  

A reference to the audit criteria used: Correct. Audit criteria (e.g., ISO 45001 standards) must be included in the report to define the basis for the audit.

C.  

A statement of the audit objectives: Correct. The report must outline the objectives to ensure clarity on the purpose of the audit.

D.  

Audit findings and any related evidence: Correct. Findings and evidence are essential to support conclusions and recommendations.

E.  

Confirmation of the audit scope: Correct. The scope defines the boundaries of the audit and must be documented in the report.

F.  

Contact details for all members of the audit team: Incorrect. Personal contact details are unnecessary and not typically included in reports.

G.  

The audit conclusions reached: Correct. Conclusions summarize the outcomes of the audit, such as conformity, nonconformities, or recommendations.

H. A corrective action plan that addresses the identified nonconformities: Incorrect. Corrective action plans are the auditee ' s responsibility and not included in the audit report.

ISO References:

ISO 19011:2018, Clause 6.7.3: Content of audit reports.

The correct answers are E, F, and H .

This situation raises three serious concerns: impartiality , professional conduct , and the reliability of the audit conclusion . Third-party auditors are expected to act honestly and impartially, and accepting gifts from the auditee is inconsistent with that expectation. The IAF auditor code of conduct says auditors must be honest and impartial and must avoid conduct that discredits the profession. ( IAF )

E is correct because the audit team leader must first consider whether the alleged behavior could compromise the validity of the audit findings and conclusion . If that risk is significant, the matter should be escalated to the individual(s) managing the audit programme for direction, since certification audits must remain competent, consistent, and impartial. ( ISO )

F is correct because the team leader should gather specific facts and then give the auditor an opportunity to respond to the allegations before deciding the next step. That is the appropriate immediate management action and is consistent with fair handling of an issue that could affect audit integrity. The concern is too serious to ignore, but it should still be examined on evidence, not assumption. ( ISO )

H is also correct because, while the matter is being addressed, moving the auditor in training away from the auditor concerned is a sensible control to protect the trainee and the audit process. It helps reduce further disruption and prevents the trainee from being exposed to more inappropriate conduct during the remainder of the audit. This is a practical audit-management response flowing from the team leader’s responsibility to maintain control of the audit team and audit activities. ( ISO )

Why the other options are not correct:

A is too immediate and inappropriate. The auditor in training cannot simply replace a qualified auditor without proper competence and authorization being confirmed.

B is premature. The audit should not be terminated immediately without first assessing the facts and the impact on the audit.

C is clearly wrong because the issue could affect the integrity of the current audit and cannot wait until later.

D is wrong and unethical; the tickets should not be accepted by anyone on the audit team. ( IAF )

G is wrong because experience does not excuse unethical or unprofessional behavior.

Clause 0.2 of ISO 45001 emphasizes the involvement of top management and alignment of OH and S objectives with the organization’s OH and S policy.

Nonconformities Identified:

The objectives were developed by an external consultant without involving top management, which undermines leadership accountability and commitment.

The objectives were based on a competitor’s framework, not aligned with the organization’s unique OH and S policy or context.

Analysis of Options:

A.  

Establishing OH and S objectives did not include top management. True. Clause 5.1 (Leadership) and Clause 6.2 (Objectives) emphasize that top management must be involved in defining and supporting OH and S objectives.

B.  

OH and S objectives are not being implemented by personnel. Implementation relates to operationalization, not the development phase, and is not relevant to Clause 0.2.

C.  

OH and S objectives are not maintained as documented information. While documentation is required, the absence of documented information is a separate issue under Clause 7.5, not Clause 0.2.

D.  

OH and S objectives were not established in alignment with the organization’s OH and S policy. True. Clause 6.2.1 requires objectives to align with the OH and S policy, which reflects the organization’s commitment to safety and health.

E.  

The consultant has not interpreted ISO 45001 correctly. While possibly true, the issue here is the organization’s failure to involve top management, not the consultant’s interpretation.

F.  

The organization cannot afford to undertake OH and S objectives all at once. Financial constraints are not relevant to Clause 0.2; objectives can be prioritized for phased implementation.

ISO References:

Clause 0.2: Leadership commitment and alignment with organizational policy.

Clause 5.1: Top management’s role in leadership and participation.

Clause 6.2.1: Establishing OH and S objectives aligned with the policy.