ISO-45001-Lead-Auditor PECB Certified OHSMS ISO 45001 Lead Auditor Exam Questions and Answers

A first-party audit is an internal audit . ISO defines internal audits, or first-party audits, as audits conducted by, or on behalf of, the organization itself . That means the people participating can be the organization’s own auditors or external people acting on its behalf, such as a consultant. ( ISO )

Therefore:

A. An auditor certified by CQI and IRCA can participate in a first-party audit, provided the auditor is acting for the organization or on its behalf. Certification status does not prevent participation in an internal audit. This is consistent with the principle that first-party audits are defined by who the audit is for , not by the auditor’s credential. ( ISO )

D. An auditor from a consultant organisation can also participate, because first-party audits may be carried out on behalf of the organization by a qualified external consultant. ( ISO )

E. An auditor trained in the CQI and IRCA scheme can participate for the same reason: training route does not change the audit type; the audit remains first-party if it is conducted by or for the organization. ( ISO )

F. An auditor trained by the organisation clearly can participate, since internal audits are commonly performed by trained internal auditors from within the organization. ( ASQ )

The two that do not participate in a first-party audit are:

B. A certification body auditor

C. An auditor from an accreditation body

A certification body auditor performs a third-party audit , not a first-party audit. An accreditation body auditor/assessor evaluates certification bodies or similar conformity assessment bodies, not the organization’s own internal audit program. These are external oversight roles, not first-party audit roles. ( ISO )

So the correct answer is:

B, C

Corrections address immediate issues, such as errors or omissions, without addressing root causes. Clause 10.2 of ISO 45001:2018 allows for corrections alongside corrective actions.

Analysis of Options:

A. Adding a missing signature to a corrective action record: Correct. This is a correction addressing an administrative oversight.

B. Changing a process to reduce its inherent risk: Incorrect. This is a corrective action aimed at addressing root causes, not a correction.

C. Changing the name of a tutor that did not deliver a course to the name of the tutor that did: Correct. This corrects an error in records without addressing systemic issues.

D. Reviewing workers’ training records: Incorrect. This is part of ongoing monitoring or auditing, not a correction.

E. Updating the emergency preparedness plan as a result of carrying out a practical test: Incorrect. This is a corrective action resulting from performance evaluation, not a correction.

F. Using OHSMS induction training to address an identified lack of OHSMS awareness among workers: Incorrect. This is a preventive or corrective action, not a correction.

ISO References:

Clause 10.2: Nonconformity and corrective action.

Clause 7.5: Control of documented information

Clause 8.1.2 of ISO 45001 pertains to Eliminating Hazards and Reducing OH and S Risks. Organizations must implement appropriate controls to manage workplace hazards effectively.

Issue Identified: The kitchen environment at the audited site presents multiple hazards, including:

Oil spillage creating a slip hazard.

Open drums of waste material posing a chemical or hygiene hazard.

Unsecured knives and cleavers increasing the risk of cuts.

Boiling water left unattended, posing a risk of burns.

Lack of visible fire extinguishers or fire blankets, increasing fire risk.

Analysis of Options:

A. Failure to reduce risks associated with working in the kitchen. This option accurately captures the broader failure to implement effective measures to eliminate or reduce hazards across multiple areas in the kitchen.

B. Measures to prevent slippage in the kitchen from waste cooking oil were not taken. This is specific to one hazard (oil spillage) and does not address other significant risks observed, such as fire safety or sharp tools.

C. Staff are at risk of serious injury while working in the kitchen. While true, this is more of a general observation and does not address the root cause of the hazards or the failure of controls.

D. Training of the kitchen staff was not effective enough to prevent poor safety awareness in the kitchen area. Although training deficiencies may contribute to the issue, this option does not reflect the overarching systemic failure to manage hazards effectively.

Best Description of the Nonconformance: Failure to reduce risks associated with working in the kitchen (Option A) is the most comprehensive finding, reflecting the organization’s lack of adequate controls to mitigate hazards.

ISO References:

Clause 8.1.2: Organizations must establish controls to eliminate or minimize OH and S risks systematically.

Clause 7.2: Ensuring competency through training is important but must be coupled with hazard control measures.

Opportunities for improvement (OFIs) are suggestions provided during audits that do not indicate nonconformities but are aimed at enhancing the system’s performance.

Analysis of Options:

A. A quality control program could involve non-destructive testing of the welded handrails: While beneficial, this focuses on product quality rather than OH and S improvements.

B. Operational planning activities may benefit from an improved risk-based approach based on international standards for risk management: Correct. Enhancing risk-based thinking aligns with Clause 6.1.1.

C. A first aid station could be located next to the handrail polishing operation: While useful, first aid station placement is an operational matter, not directly related to OH and S management system improvement.

D. Additional internal audits of the OHS management system may reduce production problems: Internal audits should address system performance, not production problems.

F. The induction program for new employees could include an awareness training video on health and safety: Correct. Enhanced training for new employees addresses Clause 7.2 (competence).

G. The requirement for wearing protective gloves could be extended to shop floor workers across all operations: Correct. This improves hazard control in line with Clause 8.1.2.

H. The molding polishers should be disciplined for incompetency: Disciplinary actions are outside the scope of system improvement.

ISO References:

Clause 6.1.1: Risk management.

Clause 7.2: Competence.

Clause 8.1.2: Hierarchy of controls.

According to ISO 45001:2018, the PDCA cycle is explained in Clause 0.4. The Act phase is defined as: taking actions to improve continually the OH and S performance in order to achieve the intended outcomes . This clearly supports C. Making improvements as a correct answer.

Option D. Resetting objectives is also appropriate because ISO 45001 requires OH and S objectives to be reviewed and updated as appropriate . After checking performance results, the organization may revise or reset objectives as part of continual improvement and corrective action. This aligns with the Act stage, where changes are made to improve system effectiveness and performance.

The remaining options belong to other PDCA phases:

A. Verifying training relates more to evaluation of competence and effectiveness, which fits checking activities.

B. Measuring objectives belongs to the Check phase because ISO 45001 says Check includes monitoring and measurement against OH and S policy and objectives.

E. Providing infrastructure belongs to the Do phase because it is part of providing resources and operational support.

F. Auditing processes belongs to the Check phase because internal audits are part of performance evaluation under Clause 9.2.

Therefore, the correct answer is:

C, D

In a first-party audit (internal audit), the organization conducts the audit to determine whether its management system conforms to planned arrangements, to the organization’s own requirements, and to the requirements of ISO 45001, and whether it is effectively implemented and maintained. ISO 45001 Clause 9.2 requires internal audits to provide information on conformity and effectiveness.

E. Verify compliance with regulatory requirements is a valid audit objective because ISO 45001 requires the organization to determine its legal and other requirements and to evaluate compliance with them. Internal audits commonly include verification that these legal OH and S obligations are being met as part of checking the effectiveness and conformity of the OH and S management system. This aligns with Clause 6.1.3 and Clause 9.1.2 of ISO 45001.

B. Complete the audit on time is also an audit objective in practical first-party auditing because audit objectives are established for the audit and supported by planning, resources, timing, and reporting arrangements. While it is not a system conformance criterion, it is a valid objective for the audit assignment itself, ensuring the audit is performed as planned and efficiently managed. This fits normal lead auditor practice in planning and conducting internal audits.

Why the other options are not correct:

A. Apply international standards is too broad and is not itself an audit objective. Standards are the criteria or reference, not the objective.

C. Confirm the scope of the management system is accurate is not usually stated as a first-party audit objective; scope is established by the organization under Clause 4.3, though it may be reviewed during audits.

D. Prepare the audit report for the certification body does not apply to a first-party audit, because internal audits are not performed for a certification body.

F. Update the management policy is a management responsibility, not an audit objective. Audits may identify inputs for policy review, but updating the policy is not the purpose of the audit itself.

Therefore, the two correct options are:

B, E

ISO 45001 requires an organization to determine the external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended results of the OH and S management system. This is established in Clause 4.1 – Understanding the organization and its context . External issues are typically conditions arising outside the organization, such as market conditions, social conditions, legal environment, economic factors, and technological developments. Internal issues are those related to the organization’s people, structure, culture, ownership, competence, and operational arrangements.

D. New technology available on the market is an external issue because it exists in the external business and technological environment. It is not created inside the organization, but it can affect how the organization manages OH and S risks and opportunities, for example by introducing safer equipment, automation, or new control methods. ISO 45001 guidance in Annex A recognizes that technological environment can be part of context analysis.

F. Average salaries in the business sector is also an external issue because it relates to the wider economic and labor-market environment, not the organization’s own internal arrangements. This kind of issue can influence recruitment, retention, competence availability, and worker welfare conditions, all of which may indirectly affect OH and S performance. It is part of the external economic context.

Why the other options are not external:

A. Increased number of outsourced processes is mainly an internal organizational decision about how work is arranged and controlled. Although outsourced providers are external parties, the increase in outsourcing is part of the organization’s internal operating model.

B. New owners of the organisation is an internal issue because ownership and governance are part of the organization’s internal structure and direction.

C. Workers joined a trade union is generally treated as an internal workforce/industrial relations issue , because it directly concerns the organization’s workers and participation arrangements.

E. Recently hired workers with limited command of the local language is an internal issue because it concerns the competence, communication, and workforce characteristics within the organization.

Therefore, the two options related to external issues are:

D, F

Clause 4.4 of ISO 45001 requires organizations to establish, implement, maintain, and continually improve an OH and S management system. The corrective actions must address systemic issues, involve leadership commitment, and aim to foster a strong safety culture.

Analysis of Options:

A. Top management initiated a comprehensive review of internal and external issues: Correct. A review of internal and external issues aligns with Clause 4.1 and demonstrates leadership commitment.

B. Union representatives were invited to attend OH and S management meetings: Incorrect. While participation is valuable, it is not a systemic corrective action.

C. Top management developed and is leading a programme to promote an effective culture of support: Correct. Promoting a safety culture is a proactive measure and aligns with Clause 5.1 (Leadership).

D. Staff from departments with nonconformities received regular safety training during toolbox talks: Incorrect. While training addresses specific gaps, it does not address systemic issues.

E. External consultants conducted a gap analysis of the OHSMS: Incorrect. While helpful, this action does not demonstrate leadership or address systemic improvement.

F. OH and S champions were appointed in each department to report near misses and incidents: Incorrect. This is a good practice but does not directly address Clause 4.4’s requirement for systemic improvement.

ISO References:

Clause 4.4: Maintaining and improving the OH and S management system.

Clause 5.1: Leadership and commitment.

Clause 10.3: Continual improvement.

Clause 9.1.2 of ISO 45001:2018 outlines the need for organizations to evaluate compliance with applicable legal and other requirements as part of their OH and S management system.

Analysis of Options:

A. The organization must evaluate its compliance status at least once a year: The standard does not prescribe a specific frequency but states that evaluations must be conducted at planned intervals.

B. ' Other requirements ' include requirements that the organization has chosen to comply with: Correct. Other requirements may include voluntary standards, industry codes, or contractual obligations.

C. A management review is required in all instances where one or more legal requirements are not being met: This is not true. Management reviews address compliance but are not mandated for every noncompliance.

D. Every member of an audit team must have a detailed understanding of the legal requirements for the sector and type of organization they are auditing: Not true. Auditors must have general competency but can rely on subject-matter experts for legal specifics.

E. If the organization is failing to address a legal requirement relating to another discipline (e.g., Environmental management), this cannot be raised in the audit: Not true. If the legal noncompliance impacts OH and S, it can be raised.

F. The organization cannot outsource its process for evaluating compliance: The organization can outsource evaluation but retains accountability.

G. The organization is required to establish a process for evaluating compliance: Correct. Clause 9.1.2 requires a process for compliance evaluation.

H. The organization is required to evaluate its compliance status with OH and S legal and other requirements: Correct. Clause 9.1.2 explicitly states this requirement.

ISO References:

Clause 9.1.2: Evaluation of compliance.

Clause 7.5: Documented information requirements

A first-party audit is an internal audit . In ISO management system auditing terminology, first-party audits are performed by, or on behalf of, the organization itself to evaluate its own management system. Therefore, E. Internal audit is directly correct.

A first-party audit can also be carried out as a process audit when the organization audits one of its own processes to determine whether it is planned, implemented, maintained, and effective. Since internal audits under ISO 45001 are planned and conducted over processes, functions, and areas within the OH and S management system, D. Process audit also applies.

Why the other options are not correct:

A. Certification audit is a third-party audit , carried out by a certification body, not a first-party audit.

B. Surveillance audit is also a third-party certification body activity conducted after certification.

C. Regulatory audit is performed by a regulator or authority, not by the organization on itself.

F. External audit does not describe a first-party audit, because first-party audits are internal by definition.

Therefore, the two phrases that apply to a first-party audit are:

D, E

Clause 0.2 of ISO 45001 emphasizes the involvement of top management and alignment of OH and S objectives with the organization’s OH and S policy.

Nonconformities Identified:

The objectives were developed by an external consultant without involving top management, which undermines leadership accountability and commitment.

The objectives were based on a competitor’s framework, not aligned with the organization’s unique OH and S policy or context.

Analysis of Options:

A. Establishing OH and S objectives did not include top management. True. Clause 5.1 (Leadership) and Clause 6.2 (Objectives) emphasize that top management must be involved in defining and supporting OH and S objectives.

B. OH and S objectives are not being implemented by personnel. Implementation relates to operationalization, not the development phase, and is not relevant to Clause 0.2.

C. OH and S objectives are not maintained as documented information. While documentation is required, the absence of documented information is a separate issue under Clause 7.5, not Clause 0.2.

D. OH and S objectives were not established in alignment with the organization’s OH and S policy. True. Clause 6.2.1 requires objectives to align with the OH and S policy, which reflects the organization’s commitment to safety and health.

E. The consultant has not interpreted ISO 45001 correctly. While possibly true, the issue here is the organization’s failure to involve top management, not the consultant’s interpretation.

F. The organization cannot afford to undertake OH and S objectives all at once. Financial constraints are not relevant to Clause 0.2; objectives can be prioritized for phased implementation.

ISO References:

Clause 0.2: Leadership commitment and alignment with organizational policy.

Clause 5.1: Top management’s role in leadership and participation.

Clause 6.2.1: Establishing OH and S objectives aligned with the policy.

An audit trail for evaluating compliance with regulations should focus on the identification, communication, and monitoring of legal and other requirements. Clause 9.1.2 of ISO 45001:2018 requires organizations to evaluate compliance with applicable OH and S legal and other requirements.

Analysis of Options:

A. What is the cost of repairing the wall? Irrelevant to compliance evaluation, as cost considerations are not part of legal compliance.

B. What hazards have been identified as being associated with regulations? Correct. Identifying hazards is a critical step in understanding compliance obligations (Clause 6.1.2).

C. How are maintenance staff made aware of regulatory requirements? Correct. Communication and training are vital for compliance (Clause 7.3).

D. How are OH and S objectives verified? Not directly relevant to compliance evaluations, as objectives pertain to performance improvement.

E. How are OHSMS records of compliance evaluations controlled and managed? Correct. Proper documentation and record-keeping are essential for demonstrating compliance (Clause 7.5).

F. How are updates to OH and S regulations monitored? Correct. Monitoring regulatory changes is critical for maintaining compliance (Clause 6.1.3).

G. How is the cost of safety improvements calculated? Irrelevant to compliance, as cost analysis is not required by ISO 45001.

H. What are the qualifications of the OHS Manager and Maintenance Manager? While competence is important, this does not directly relate to compliance evaluations.

I. What input does the Maintenance Manager have in the determination of legal compliance? Correct. Understanding the roles and responsibilities of key personnel ensures effective compliance (Clause 5.3).

J. What knowledge does the OHS Manager have in relevant safety legislation? Correct. Awareness of applicable legislation is critical for effective compliance evaluation (Clause 7.2).

ISO References:

Clause 9.1.2: Evaluation of compliance.

Clause 6.1.2: Hazard identification and risk assessment.

Clause 7.5: Documented information.

The best answer is B .

Under ISO 45001, worker consultation and participation is required by Clause 5.4 , but the standard does not require a specific documented procedure for that clause. The organization must provide mechanisms, information, time, training, and resources for consultation and participation, but ISO 45001 does not say it must maintain a formal procedure specifically for this.

Also, ISO 45001 Clause 7.5.3 requires documented information to be controlled so that it is available and suitable for use, and adequately protected. An “obsolete” document is not automatically a nonconformity just because it exists. It may be retained for reference or historical reasons, provided the organization controls it properly and it is not being used unintentionally as current information. That is why the correct audit reaction is to note it and verify on site whether it is actually part of the current controlled documented information .

Why the other options are not the best:

A is weak because using an obsolete procedure to prepare the checklist risks relying on invalid information before confirming what the current controlled version is.

C is unnecessary as the first response. You already have enough evidence to note a potential document-control point and verify it during the audit.

D is incorrect because you should not raise a nonconformity before verifying the facts on site. An obsolete-marked document alone does not prove a breach of Clause 7.5.3. A nonconformity must be based on objective evidence gathered during the audit.

The correct answers are A and F .

A. The auditee should review the audit plan for agreement is true because, in certification auditing practice, the audit plan is communicated to the client/auditee in advance and should be agreed regarding the practical arrangements for the audit. ISO guidance on certification auditing includes preparation of the audit plan and communication of the audit plan and audit team as part of planning audits. ( ISO )

F. The audit team leader must define the responsibilities of team members and observers is also true. ISO/IEC 17021-1 states that the audit team leader , in consultation with the audit team, shall assign to each team member responsibility for auditing specific processes, functions, sites, areas or activities . This is a direct audit-planning responsibility of the team leader. Observers are also part of the audit arrangements that must be defined and managed during planning. ( IAS )

Why the other statements are false:

B. The audit team leader should plan to interview each employee is false. Certification audits are conducted using sampling , not by interviewing every employee. Audit evidence is gathered on a representative basis. ( ISO )

C. The organisation must provide hospitality for the audit team is false. Hospitality is not a certification requirement and can raise impartiality concerns.

D. The audit team leader should audit the Occupational Health and Safety Manager is not a mandatory requirement. The audit plan must cover relevant processes, functions, activities and responsibilities, but it does not require the team leader personally to audit one named individual. ( IAS )

E. The organisation should cancel all staff leave during the audit is false. The auditee should ensure availability of relevant personnel as needed, but cancelling all leave is not an audit requirement.

Therefore, the two true statements are:

A, F

The correct answers are E, F, and H .

This situation raises three serious concerns: impartiality , professional conduct , and the reliability of the audit conclusion . Third-party auditors are expected to act honestly and impartially, and accepting gifts from the auditee is inconsistent with that expectation. The IAF auditor code of conduct says auditors must be honest and impartial and must avoid conduct that discredits the profession. ( IAF )

E is correct because the audit team leader must first consider whether the alleged behavior could compromise the validity of the audit findings and conclusion . If that risk is significant, the matter should be escalated to the individual(s) managing the audit programme for direction, since certification audits must remain competent, consistent, and impartial. ( ISO )

F is correct because the team leader should gather specific facts and then give the auditor an opportunity to respond to the allegations before deciding the next step. That is the appropriate immediate management action and is consistent with fair handling of an issue that could affect audit integrity. The concern is too serious to ignore, but it should still be examined on evidence, not assumption. ( ISO )

H is also correct because, while the matter is being addressed, moving the auditor in training away from the auditor concerned is a sensible control to protect the trainee and the audit process. It helps reduce further disruption and prevents the trainee from being exposed to more inappropriate conduct during the remainder of the audit. This is a practical audit-management response flowing from the team leader’s responsibility to maintain control of the audit team and audit activities. ( ISO )

Why the other options are not correct:

A is too immediate and inappropriate. The auditor in training cannot simply replace a qualified auditor without proper competence and authorization being confirmed.

B is premature. The audit should not be terminated immediately without first assessing the facts and the impact on the audit.

C is clearly wrong because the issue could affect the integrity of the current audit and cannot wait until later.

D is wrong and unethical; the tickets should not be accepted by anyone on the audit team. ( IAF )

G is wrong because experience does not excuse unethical or unprofessional behavior.

This statement is True .

ISO 45001:2018 requires the organization to determine, access, and comply with its legal requirements and other requirements related to occupational health and safety. It also requires the organization to evaluate compliance with those legal and other requirements as part of performance evaluation. This is clearly addressed in Clause 6.1.3 Determination of legal requirements and other requirements and Clause 9.1.2 Evaluation of compliance . Therefore, when an audit team conducts a certification renewal assessment, it is part of the audit responsibility to verify that the organization has established, implemented, and maintained processes to meet and evaluate compliance with applicable legal OH and S requirements.

In a renewal audit, the audit team is not limited to checking documents only. It must assess whether the management system continues to be effective and whether the organization fulfills the requirements of ISO 45001, including compliance obligations relevant to worker health and safety. Since legal compliance is a core expected outcome of the OH and S management system, checking this area is an essential audit activity before certification is renewed.

So the correct answer is:

A. True

The correct answers are E, F .

ISO 45001 Clause 8.1.4.2 Contractors requires the organization to coordinate its procurement processes with its contractors, in order to identify hazards and to assess and control the OH and S risks arising from the contractors’ activities and operations that impact the organization, the organization’s activities and operations that impact the contractors’ workers, and the contractors’ activities and operations that impact other interested parties in the workplace . It also requires the organization to ensure that contractors and their workers meet the organization’s OH and S management system requirements.

In this case, the objective evidence already found during the audit supports the nonconformity:

the hazards list did not include contractor-related hazards;

the Purchase Manager relied on trust rather than controlled OH and S coordination;

the OH and S team said chemical safety had never been a problem, which is not evidence of hazard identification, risk assessment, or control.

The email shown at the closing meeting only states that contractors carry out a site risk assessment . That does not automatically demonstrate that Shelf-Fit itself has met Clause 8.1.4.2 requirements for coordinated procurement control, hazard identification, and control of contractor OH and S risks within its own management system. Therefore, the nonconformity should not simply be withdrawn on the spot.

E. Advise management that the information provided will be reviewed at the audit follow-up stage is acceptable because the auditee can submit corrective-action evidence after the audit. The certification decision and close-out process can consider additional evidence later, but that does not erase the nonconformity already supported by audit evidence gathered during the audit.

F. Note the OHS Manager ' s comments but indicate that there is evidence of a nonconformity that needs to be addressed is also acceptable because this is exactly what the audit team leader should do at the closing meeting: acknowledge the auditee’s response, but maintain the finding where objective evidence supports it.

Why the other options are not acceptable:

A is not appropriate at the closing meeting. The audit team should base findings on evidence gathered within the audit scope and timing, not start a new off-line investigation with contractors at that point.

B is weak audit management. The audit team leader should control the discussion and decision, not hand it over informally.

C is incorrect because the information is not irrelevant; it is relevant, but not sufficient to invalidate the nonconformity.

D is not acceptable because the email does not remove the original evidence of failure in Shelf-Fit’s contractor control process.

Ethical – C

Diplomatic – F

Open to improvement – B

Perceptive – E

These behaviours are standard auditor personal attributes used in lead auditor training and are aligned with audit competence guidance.

Ethical – C. Fair, truthful, sincere, honest, discreet

An ethical auditor acts with integrity. This includes honesty, truthfulness, sincerity, fairness, and discretion when handling audit evidence, findings, and confidential information. Ethical behaviour is essential because audit conclusions must be trusted and based on professional conduct.

Diplomatic – F. Tactful in dealing with individuals

A diplomatic auditor interacts with people carefully and respectfully. During audits, questions may be sensitive, findings may be difficult to communicate, and interviewees may feel pressure. Being tactful helps maintain cooperation and supports effective evidence gathering.

Open to improvement – B. Willing to learn from situations

An auditor who is open to improvement learns from audit experience, changing conditions, and new information. This behaviour supports continual development and better audit effectiveness over time.

Perceptive – E. Aware of and able to understand situations

A perceptive auditor recognizes what is happening in the audit environment and understands the significance of what is seen, heard, and observed. This helps the auditor detect inconsistencies, identify risks, and understand process realities beyond prepared answers.

Why the other options are not used here:

A. Persistent and focused on objectives describes tenacious behaviour.

D. Actively observing surroundings/activities describes observant behaviour.

So the correct matching is:

Ethical – C

Diplomatic – F

Open to improvement – B

Perceptive – E

2. Prepare the audit checklist, 3. Obtain objective evidence, 4. Review audit evidence, 5. Document findings

For a first-party audit, the sequence follows the normal audit flow described in ISO auditing guidance: first the audit is initiated and leadership is assigned, then audit activities are prepared, then evidence is collected during the audit, then that evidence is evaluated, then findings are recorded, and finally the audit report is issued. ISO 19011 describes the audit flow as initiating the audit, preparing audit activities, conducting audit activities, and preparing and distributing the audit report. ( ISO )

That is why, after 1. Appoint an audit team leader , the next correct step is 2. Prepare the audit checklist . The checklist is part of preparing for the audit and helps the auditor plan questions, clauses, process interactions, and sampling points before going on to collect evidence. ( WEDEAQ | Official VDA QMC Partner )

After preparation, the auditor moves to 3. Obtain objective evidence . Audit evidence is gathered through interviews, observation, and review of documented information during the audit. This is a core activity of conducting the audit. ( DNV )

Once evidence is collected, the auditor must 4. Review audit evidence . ISO audit practice requires the evidence to be evaluated against the audit criteria to determine whether conformity or nonconformity exists. Evidence is not simply collected and reported immediately; it is first reviewed and assessed. ( PRETESH BISWAS )

After reviewing the evidence, the auditor can 5. Document findings . Findings are the result of evaluating the evidence against criteria, so they logically come after evidence review. Recorded findings can include conformity, nonconformity, and opportunities for improvement, depending on the audit plan and method. ( PRETESH BISWAS )

The final step is 6. Issue the report , because the report is prepared only after the audit evidence has been reviewed and the findings have been determined and documented. ( ISO )

So, the correct full order is:

1. Appoint an audit team leader

2. Prepare the audit checklist

3. Obtain objective evidence

4. Review audit evidence

5. Document findings

6. Issue the report

Explanation

Prepares the audit report → Audit Team Leader: The Audit Team Leader is responsible for compiling and preparing the final audit report, summarizing findings and conclusions.

Prepares audit checklists for use during the audit → Auditor: Auditors create checklists to ensure a thorough and systematic evaluation during the audit.

Participates under the direction and guidance of an auditor → Auditor in Training: An auditor in training works under supervision to gain experience and contribute to the audit process.

Follows up on audit findings within an agreed timeframe → Auditee: The auditee is responsible for addressing and resolving audit findings and providing evidence of corrective actions.

A person who accompanies the audit team but does not act as an auditor → Observer: Observers are typically external parties or internal personnel who watch the audit process but do not participate actively.

Escorts the auditors but does not participate in the audit → Guide: A guide facilitates the audit by helping auditors navigate the site and access relevant areas or documents.

References

ISO 19011:2018: Guidelines for auditing management systems.

Analysis of Each Option: