How to get a start in auditing

I often (and I mean OFTEN) get asked what is the best way to get a job as an auditor? I always give the same advice and it seems the advice works. Or at least it has worked for several people.

So, for what its worth, here it is.

The more useable and chargeable you are, the more attractive you’ll be

Auditors that can audit systems to multiple standards are always going to be more attractive to an employer than those with smaller and narrower niches. Certification Bodies need to make money and the more money you can make for them, the more interested they will be in you. The big three are obviously ISO 9001, 14001 and ISO 45001/OHSAS 18001. That’s where the volumes of chargeable days will be, so if you are suitably qualified and experienced in all three standards, the more chargeable days work they will think they will get out of you.

Present yourself as a low maintenance auditor

Certification Bodies can do without the hassle that a high maintenance auditor can bring to their door. They don’t want some opinionated ego-monster that is going to rub clients up the wrong way. They don’t want somebody they need to keep on a short leash, they don’t want somebody they have to constantly chase to get reports submitted, and they don’t want somebody whose report is such a dog’s dinner when it reaches the office they have to send it right back to get rewritten. They don’t want somebody too fond of late starts, long lunches and early finishes. They want a person they think will arrive on-time, after having a wash beforehand and not stinking of drink. Someone who will do the agreed job as per the agreed plan, and stay until its done. Somebody that will generate and retain the required records and behave themselves whilst on the client’s premises. Somebody that will submit a good standard of report to the office on time, and with a sufficient level of evidence and detail that could withstand an appeal and, potentially, a second look by UKAS. Low maintenance.

Don’t try to be flash. Flash Harry invariably requires a lot of managing. They absolutely want “Mr/Ms Dependable”. Believe me.

How to get a start with limited experience?

Again a question I get asked a lot. On the face of it, its a chicken and egg scenario. To get a job I need experience, but I can’t get experience without a job.

A tactic I’ve seen work for a couple of people in the past has been to concentrate initially on your training and qualifications. Become at least a qualified person. Anyone can do this although it does rely on putting some time and money into yourself as a project first. This shows an employer 3 things. First that you’ve got some useful qualifications (and you might well as a result be cheaper for them to train) and second that you’ve got some initiative, work ethic and determination, and third that you’ve taken a punt on yourself before you’ve asked them to take a punt on you.

The next step in this process is to be realistic about what your point of entry into employment is likely to be. The best jobs and best paid jobs will be the most sought after. Employers will be able to pick and choose and there are likely to be more attractive candidates then yourself.

However the job market sector I regularly suggest people looking for a start should target is short term and interim contracts. That could be coming into a company during a busy period, or covering a specific time limited project, or covering a staff absence such as maternity leave. These jobs crop up all the time and are generally less saturated with high calibre applications than full time permanent positions. Also, because they are fixed term, temporary, you’re much more likely to find an employer willing to give you a whirl. Short term contracts can also be quite well paid.

So to summarise, be qualified, be easy to manage, leave your ego at the door and be realistic.

Posted in Uncategorized | Tagged , , | 6 Comments

Why hasn’t ISO 50001 matched the global success of ISO 14001?

ISO 14001 has been a success. It would be difficult to deny the impact of the standard has had in improving general standards of environmental management, albeit not in all sectors, and in some countries more than others. It has undoubtedly changed the ethos of some organisations and their general environmental focus. The larger organisations have been the main cheer leaders however, you’d have to speculate, this is driven in part as a means to acquiesce public perception of their operations as a responsible and ethical operator.

Where these organisations have bought into the application of the standard, they have also involved their suppliers and subcontractors who, in order to comply with the terms of organisation’s tendering processes and contracts, may often themselves be required to become certified to ISO 14001, or as a minimum to have environmental policies and controls in place. Some of these subcontractors and suppliers may buy into the standard, whereas others may comply purely because of contractual obligations. Nonetheless, progress is progress.

An ultimate effect has hopefully been a general improvement within supply chains, leading to local, nationalised, and global Environmental Improvement.

ISO 50001 was introduced in 2011. Its fair to say it probably hasn’t quite had the same global impact as has the ISO 14000 series. In my personal view that there have been a number of reasons for this;

  1. A company already proves it doing as much as it can so within its financial constraints by committing itself to ISO 14001. So, it any additional financial benefit with ISO 50001 is marginal. I’ve yet to come across any tender document that has specifically asked any organisation to commit to ISO 50001 (that doesn’t mean there aren’t any). So, without major organisational buy in from major players that viral spread hasn’t occurred.
  2. ISO 50001 is a standard for Energy Management, but “Energy Use” would always be a major aspect of any Environmental Management system anyway and realistically is already covered within any substantive EMS focussed on ISO 14001. On top of that Energy technology and improvements have a finite point of development. As in, given the technology that is available and even with a budget without zero constraints, there is only so much an organisation can realistically do. Once they have done all they can, there’s no further room for development and once the low hanging fruit has been picked, residual benefits are again marginal.
  3. Finally, and crucially, although EnMs (Energy Management Systems) are compatible with other standards, it must stand as its own management system baring all its own resource costs. My view is that had it made itself an additional certification that compliments ISO 14001, or an extension of it, and not a stand-alone certification, we would have seen more buy in.

Given the most recent revision of the standard was in 2018 I don’t see much changing any time soon. I personally have an interest in ISO 50001 and do wish to for a broader buy in. I want to learn more about efficient use of energy and even enjoy working with the standard but given the cost, as Duncan B*nn*tyne would say “I’m out”*

Dan Wilkinson is a Quality, Environmental and Occupational Health & Safety Management Consultant and Auditor. We thank him for this contribution. If you have any observations or comments to make on Dan’s post, we’d love to receive them.

*just in case he’s still got his google alerts switched on

Posted in Uncategorized | Tagged , , , | Leave a comment

Taking Control of the Facts

Do it right and auditing changes the way you think. Do it wrong and it changes the way people think of you.

What it’s not

For some,  their perception of “the audit” is that it has to be something of a diagnostic partnership. And you can forgive people for thinking that way, because they probably see a lot of that sort of thing. A self indulgent quasi-consulting exercise masquerading as a “management system audit”, where the actual audit criteria and the requirement for a clean impartial process fly right out of the window. This usually results in a report full of superficial and irrelevant “Opportunities for Improvement” that have little practical use in the management assurance process. A good audit is not about that at all.

What it is

The actual role of the auditor is to get to the bottom of things.  Once you’ve done that, you put those facts, be they good, bad or indifferent, in a report and give that report to whomever has requested it. You then trust that they find it useful, but that is up to them. Your work, for now, is done. That is how the auditor “adds value”, by doing what s/he is paid to do.

Changing the way you think

So why does systems auditing change the way you think? Well, getting to the bottom of things is reaching that point where everything makes sense. When that’s not happening, you’ve not got to the bottom of things, so keep going.

Eventually everything adds up

What you learn is that real idiots are rare, and the reason for a decision not being the right one or not making sense to you is rarely idiocy. When something doesn’t add up, there’s nearly always something you don’t know. Eventually all things add up. This might make you start to look at life events through a different prism. Political decisions that make no sense, for example. You can safely assume there’s something you haven’t been told. When things seem to good to be true, assume things aren’t what they seem – look for the catch. There’s no such thing as a free lunch. Know, for example, that cheap food is cheap for a reason and expertise is expensive for a reason. In the words of Red Adair, if you think experts are expensive, try hiring an amateur.

Why are systems inefficient?

Systems are all inefficient for the same reason – because they can be. You want to eliminate inefficiency? Start by removing the option of inefficiency. It is no coincidence that there is an almost perfect correlation between the more efficient systems and the lowest margins. A system that works to low margins simply can’t be inefficient, so guess what? It won’t be. Efficiency means hard work and nobody volunteers for a hard life, that’s human nature, so efficiency needs sustained pressure of one form or another, otherwise it won’t happen.

Causation, correlation and coincidence

Another thing you learn is to differentiate between the three C’s. Causation, Correlation and Coincidence. To get an appreciation of that, I can give no higher recommendation than to go back through a few Radio 4 More or Less podcasts. It’s a radio program that takes a look back at statistics that have been quoted over the past week, usually by politicians, and puts them through the test of careful analysis. A year or so ago, for example, the program looked at the apparent causal link between weekend admissions to hospital and a higher level of fatality. News reports and some politicians had seized upon the statistic, concluding that this was OBVIOUSLY as a result of poorer care provision at weekends – and that played well to a certain political narrative. But why would that be? What is the causal factor? Why would the quality of care provision plummet over a weekend? Money? The thing is, that’s not the only thing going on. Another factor is that there tends not to be any routine admissions at weekends (that is, for the type of condition where you have a very very high chance of surviving your stay). You’ll never be admitted on a weekend for an ingrowing toenail. Weekend admissions are nearly all emergency admissions and, naturally, the survival rates on emergency admissions are lower than they are for routine admissions. So, correlation and causation. Eventually it makes sense.

Personally I think getting to the bottom of things can be quite a satisfying and rewarding thing. A good auditor will simply take control of the facts, report them in an impartial way, and hope that the recipient can make good use of them in their decision making processes.

Posted in Auditing | Tagged , , , , , | 3 Comments

The Curious Case of the Inverted Hierarchy

It’s been a while since I’ve written a new post. I’ve been busy. For that I apologise, but I’m sure you will understand. Baby needs shoes.

Anyway, here I am sitting watching some poor folk sit a Lead Auditor exam, with time on my hands. In this post I’m going to describe a rather unusual circumstance I encountered last year which presented its own almost unique set of management challenges. For fairly obvious reasons I won’t identify the client. Again, I hope you will understand.

Sometime last year I found myself working with a rather well known organisation. Part of my work involved understanding their operational risks and how they were mitigated. For that I needed to spend some time at the coal face. Now “coal face”, in this case, perhaps isn’t the most appropriate term to describe their point of service delivery. The “workers” were highly paid specialists, performing very complex tasks in a high hygiene environment. To some extent being able to witness the task felt like a bit of a privilege.

Part way through my time at their coal face I became aware that some of the controls in the “sterile environment” did not seem to be as stringent as I was used to in some other high hygiene environments, such as in food production. There were mobile phones in the work environment, documents, folders, pens that came apart and some of the staff were wearing earrings. You’d not normally get any of that anywhere near the food production area of a factory. It was explained to me that the sterile area was limited to the immediate vicinity of the task and the area just a few feet outside of the immediate vicinity didn’t need to be sterile. This still seemed a bit odd to me as, whilst that might have been true, it was possible, at no extra cost, to reduce the risk of contamination just that little bit more by excluding certain none critical objects from the adjacent areas. Later on I asked about frequency of hygiene checks and was very surprised to find the frequency of formal checks was “never”. This only added to my confusion as to why the hygiene controls for making sausages or fish fingers is generally higher than in this “sterile” work area.

I had to get to the bottom of it.

One thing you learn as an auditor is that when something doesn’t add up, there is usually something you don’t know. There was definitely something I didn’t yet know. So I pressed about the absence of formal hygiene checks. Eventually the answer came back that the coal face worker (the specialist) wouldn’t allow it. Then things started to make sense. In a factory (for example) it isn’t the worker that dictates procedures or management controls. They are expected to simply comply, and if they don’t they can expect to get into trouble, but this work area was different. In this case the “worker” was the most senior and the best paid person in the mix. They were also a very talented and a scarce commodity and very, very difficult to replace. In this case it was they that decided what would and would not happen on their patch. They decided what was necessary and what checks on them they would allow to take place. Anything they didn’t like didn’t happen. Going to war with the specialists was something their management just couldn’t afford to do. Consequently the system was “managed” to a large extent bottom up rather than top down. It seemed to “gravitate” to a set of controls and behaviours that were mutually acceptable, rather than by a top down risk based process of design, implementation and management.

It was then that I felt I had got to the bottom of things, which was scant consolation as there was effectively nothing that could be done about the hanging risks within the system. For a while I was wondering if this was unique. The only close parallel I could think of was a tier 1 football club that employed a number of galacticos. It may be that you can manage the superstars up to a point, but there is always a limit as to how much you can get them to do if they don’t want to do it, short of beg or cajole, and in the case where the two sides go to war with one another, it is always the manager that comes off worst in the end.

The interesting thing, apart from all the above, about the organisation in question, was that it spent a lot of money on quality improvement, but none of it ever went anywhere near what, to me at least, seemed to be a pretty obvious root of many of their problems. Again probably with good reason, once you have the facts ….

Shaun Sayers

Posted in Auditing, Leadership & Management, Quality Improvement | 4 Comments

ISO 45001:2018: Some Early Observations

The history

This standard has been several years in development, and reaching agreement on content hasn’t been easy, but finally, in March 2018, we have our first OHSMS ISO standard. Previous drafts have all been kicked back for a number of reasons. It has proven difficult, given the very significant variation in the level of national OH&S legislation worldwide, to develop an OHSMS standard that is robust and progressive and yet still attainable for organisations that operate in the developing world.

Some early observations

ISO 45001 replaces OHSAS 18001 as the certifiable management system standard of choice within accredited third party certification processes. OHSAS 18001 registered organisations have three years from now (March 2018) to manage their transition to ISO 45001. I was intrigued to see BSI hailing their first set of ISO 45001 certifications this week, literally TWO DAYS after ISO 45001 was issued. Generally it takes certification bodies a few weeks to develop their own systems to certify to a new standard and also upskill their auditors in the new standard, and gain UKAS accreditation, so it was a bit odd. I assume that over the past few weeks a pilot program has been running. My guess is that those certification bodies not part of the pilot will take some time to have their internal verification processes and competences approved by their Accreditation Body, and won’t be offering accredited certification until the summer.

The ISO 45001 standard itself adopts the Annex SL clause structure around which ISO 9001 and ISO 14001 are already based. That means the PDCA sequenced clause 4-10 framework. As OHSAS 18001 was already PDCA sequenced, this is not a major uplift. There are a few issues that organisations will need to look closely at and, for me, at first sight at least, the most significant relates to Top Management involvement in the OHSMS. There is an interesting and significant addition – Worker Participation.

Communication and consultation has always formed part of OHSAS 18001 so, on the face of it, there’s no big change, but the positioning of the requirement within Section 5, and also the addition of some quite specific elements, make it potentially a bit of a game changer (if the certification bodies choose to apply it as written, obviously, which they may not). It is now the specific responsibility of TOP MANAGEMENT to ENABLE worker participation, and that enabling function specifically includes REMOVING BARRIERS TO PARTICIPATION.

Barriers to Participation?

So what are barriers to participation? Well, there are certain structural matters that might make it difficult for workers to participate. They may work remotely for instance, without regular access to the organisation’s communication systems. They may not have high levels of literacy and they may not speak the same language as the one used by the management system. Issues like this will require special measures and processes to enable effective participation. Then there are more tricky cultural issues. The organisation may have an oppressive blame culture for instance. A worker might not see it as a good idea to raise a concern if the first thing that happens is a spotlight being turned on him or her. Blame cultures are unfortunately common, and personally I see it as a very progressive step that an OHSMS standard has chosen to grasp the nettle. It will be very interesting to see how well this gets enforced. It will be a great shame if it gets watered down or ignored.

A word on our training

At the time of writing (16/03/18) our revised Lead Auditor Course is with the IRCA for review. We are hoping to have it approved and running from mid-April. The transition module will be along a couple of months later.

Posted in ISO 45001, Occupational Health & Safety | Tagged | 2 Comments