The Stage 1 Audit

Given that things are changing in the world of 3rd party conformity assessment .. and I have some time on my hands .. and because I need to make some remote study material available for some of my students to keep them ticking over, I’ll be putting together a few new posts. This post outlines the value of the Stage 1 Review in conformity assessment. Given that things are changing, temporarily you’d hope. it looks like an increasing number of these will be conducted remotely. In principle I have no issue with this, provided the integrity of the activity can be maintained, and it continues to be fit for purpose.

The Purpose of the Stage 1 Audit

The Stage 1 Audit is often referred to as the readiness review. Once a 2nd or 3rd party body has determined how many days will be appropriate for the audit, they will invariably set aside 1 day for this readiness review, and program in the remaining days usually a week or so later, but conditional on the outcome of the Stage 1 Review.

Possible Outcomes?

The possible outcomes are to either proceed as planned with the Stage 2 Audit, or delay. The choice should actually be an easy one. Any major nonconformances will lead to a delay, minor nonconformances won’t. Major nonconformances suggest major weaknesses, significant corrective action and usually a period of implementation and further accumulation of evidence of conformity (records). Not the sort of thing that can be corrected within a few days. Effectively the auditor is telling the auditee that it would be a bad idea to proceed as planned as the outcome right now would not be a good one, however delaying the Stage 2 Audit for some weeks could meet with a more favourable result.

You Can’t Look At Everything

Stage 1 Audits are short preliminery reviews of general readiness. You simply haven’t got time to look at everything or to examine records in any detail. You are merely determining that a deep dive won’t be a waste of time, and when you ask for certain things, the auditee will be able to produce something worth looking at. So the auditor has to be selective and identify the documents that are the main building blocks of the QMS (for example significant Planning documentation), and also to identify the records that give the best indicator of a fully implemeted PDCA based QMS.

So Which Records?

You can’t look at all records because you don’t have time, so you need to be selective and focus on the elements of the QMS that will be the best barometer of whether the system is implemented and working, so what would that be?

Well, thinking logically, the PDCA cycle is both sequential and iterative. So which quarter would give the best indicator the loop had been closed? Well, the LAST loop of course, which maps onto Sections 9 and 10 of the standard. These are the records you really need to see. If there is a good body of “Check-ACT” records, we have a closed loop.

And Onto The Plan

You don’t need a Plan to conduct a Stage 1 Audit. You are invariably working only with one person (the system manager) with whom you need an appointment, but as you aren’t moving around and disrupting any work activities, you don’t need a plan. Stage 2, however, will need a plan, so one of the additional tasks for the auditor whilst conducting the Stage 1 Audit, is to gather any and all significant practical and logistical issues that will affect the Stage 2 Audit Plan. The first thing I ask is how long is induction? If my team will be expected to watch a mind numbing 40 minute video about walkways, sirens, smoking and skips, I need to know, otherewise we’ll be one hour behind in our plan before we start work on day 1.

The Future?

Many years ago, the old “Document Review”, where you’d be sent a load of hard copy documents in an envelope and you had to try to take a reading off the contents, it would be quite common for that readiness review to give a false positive. When you have boots on the ground and you can see things and people, clarify etc, its much more reliable. These days technology offers many additional ways to more reliably perform a readiness review without necessarily being “on site”, so I have no real issue with it.

Stage 2, on the other hand, where you need to establish conformity to all of your Section 7 and 8 requirements? Much, much less so …

Posted in 9001 Lead Auditor Study Group, Auditing | Tagged , , | Leave a comment

A Few Collected Wisdoms (updated for 2022)

A few things I’ve learned

I get asked regularly to give advice on setting up a new business, changing career and so on, having been through the process and, to all outward appearances, made a decent fist of it. I’ve survived for 14 years on my own now. You can get the basic advice on the mechanics (getting an accountant, bank account, registering at companies house etc) from anywhere, and I am the last person you’d go to for advice on personal admin – but that’s the easy part. The hard part is knowing what will work and what won’t, what will help and what will be a waste of time, how to keep thinking clearly and so on. So, to that end, I have decided to post a collection of my own personal experiences that are a product of 20 years trial, error and, in some cases, bitter experience. They are in no particular order.

I do this so you don’t have to

  1. Don’t sound like a snake oil salesman

Be careful with the copy on your website and in your other communications. Try to avoid corny cliches and general boasts about your expertise. Anybody can say things like “our consultants are seasoned industry experts with unrivaled experience” or whatever. ANYBODY can make that same boast.  They’ll say if if it’s true, and also if it isn’t true. That’s why it’s a waste of space on your website. It could do more harm than good and at best will just get tuned out by visitors as white noise. Try to say things that other people can’t say and qualify them with specific examples. Why do you think I write these blogs, and the occasional article for the CQI and IOSH? It builds trust, hopefully adds some value to the reader (free of charge) and gives specific examples. I use case studies and (where I have permission) name names. The bottom line with that being “judge me by the company that I keep”.

Oh, and always (try to) tell the truth. It’s always better in the long run. A good liar also needs a good memory.

2. Writing in your own voice

People that have met me sometimes say that when they read my blogs, emails and even my training course notes, they can hear the words coming out of my mouth. I’ve somehow learned to write the way that I speak. It’s a way of writing that is consistent with the way I am in person. There are a couple of advantages in doing this. First, it stops your material reading like you’ve copied and pasted it. Second, people like consistency, people trust consistency. I’m not a natural writer and it took me a while to find a style of writing that I could actually make work. I don’t use a lot of adjectives and my writing isn’t stylish or flashy, I’m just not good enough with vocabulary to do that. I write in short sentences and I try NEVER to use a word I wouldn’t use in everyday speech.

Ask somebody else to read something back before you post it to your website.

3. Never underestimate the value in being taught a harsh lesson

You will make mistakes. Sometimes painful, embarrassing and expensive ones. I would never be so patronising as to suggest that whatever doesn’t kill you makes you stronger –  that is patently not true – but there is usually something to salvage from a wreck. Don’t dwell too long on the damage because it’s already done. Try to work out what the lesson is and learn from it. There is usually something you can take away from it.

I once wasted 4 days of my life and also some money on a an ultimately futile fishing expedition to Doha, but I did learn a couple of things and acquired a couple of anecdotes for my lectures. So, every cloud …

I really do wish I could have gone through life learning lessons without all the collateral damge that spectacular cock ups bring with them, but I do learn, and I tend not to make the same mistake twice.

If your mistakes hurt, that’s a good thing. It means you actually care

4. Do favours freely, with some limits …

There are massive advantages to be gained from being the good guy – it’s a useful reputation to earn (and you do have to EARN it). Putting some goodwill in the bank is like any investment, values can go up as well as down. Actually its quite not as bad as that, I can’t remember actually being harmed by trying to do someone a favour. Some people return the favour, but some don’t. Some people don’t return the favour just because they don’t ever get the opportunity to. Don’t use the occasional apparent lack of gratitude as a reason to stop doing favours. It is rare to encounter ingratitude, but odd times you might get taken advantage of. I just see that as acceptable collateral damage and no reason to stop being kind. Sometimes people will ask a lot of you, and ask then ask again. But most people will realise when they are asking a lot and will be a bit embarrassed about it, so they’ll only do it as a last resort. Genuine people will tend not to ask then ask and ask again. People that do that are invariably going to take a lot more than they are ever going to give, and don’t care one bit that they are asking a lot of you. So put some limits on your goodwill. There has to be a limit, because sooner or later you’ll have to get back to doing some work that gets you paid.

5. You get more work from people you know than from people you don’t

I used to put a lot of time, effort and money into search engine optimisation (SEO). Whilst being high on google rankings is an advantage, it isn’t everything. Remember that customers that use google will usually be relatively uninformed and often price sensitive. There are customers for whom confidence that you can do a good job is more important than price. Think about what you need to do to develop that trust and customer confidence (see point 1 above). The last 2 years, for example, I think I have worked exclusively on referrals. It’s a slow burn and it takes some time to get there, though. Linkedin is a very useful tool and resource IF YOU USE IT PROPERLY. Don’t use it like Facebook and mute any of your connections that do. There’s some good quality intel gets passed around on that platform, but you might well miss it if you allow your timeline to get polluted with white noise such as word puzzles and people encouraging you to “like if you agree” with some shite or other.

6. Never bet more than you can afford to lose

Trial and error is an unavoidable part of life for start ups. Differentiating yourself will involve an element of risk taking. It irritates me when I hear people describing a failure in a trial and error process as a “mistake”. These people clearly have never been through the process, but it’s 2020 and everyone is suddenly an expert in risk management. The most useful tip I can pass on in this regard is the above. Know what your worst case scenario is, and work out if it is tolerable. If it isn’t, then think very, very carefully. Not being able to afford anything going wrong is a bad place to be.

7. “Never Give Up” …. and other business cliches to avoid

This has to be the worst piece of advice I see paraded around Linkedin, often accepted unchallenged as sage wisdom. IT IS REALLY BAD ADVICE. Knowing when to cut your losses, stop throwing good money after bad and how to jump off a one-way train to oblivion are a far better set of principles to adopt. You WILL make bad decisions and choices, and stubbornly trying to get a good outcome from a bad decision rarely ends well. Ignore the smug (and usually completely made up) rags to riches parables that get posted up on Linkedin, where some soppy minded sociopath claims to have “followed his dream” to eventually become a squillionaire or something. For every one of those, there are twenty tales that are never written about people that bankrupt themselves for not knowing when or how to get out.

When I first set up Capable People and needed a bank account, the bank asked for a business plan. At the time I didn’t see a lot of point because it was based around so many unknowns, but I cobbled one up anyway and they seemed happy with it. It is only recently I’ve started to understand their point. The bank was just trying to establish whether I knew what I was getting into. Did I really understand my start up and running costs? Did I understand my revenue streams? Did I appreciate how much time, money and effort was needed to generate enough sales to even cover my costs? Did I understand the likely lag between doing work and getting paid?

I can remember a couple of times in the past when I’ve had conversations with acquaintances and they’ve talked with some enthusiasm about setting up some business or other, and all the while I’ve been thinking “Don’t. Don’t. Mate, don’t. FOR THE SAKE OF YOUR FAMILY PLEASE DO NOT DO THIS”. Usually because they’ve underestimated costs and overetimated sales, or the ease with which sales can be achieved. Their whole business model is based on an entirely improbable Field of Dreams premise. If you build it they generally won’t just come.

8. and finally, a bit more about costs …

Start ups can be very fragile entities. Chances are you will spend money before you will make money, and you want to get into self sufficiency as quickly as you can. The problem is that there will be costs, so be careful not to live like a millionaire before you are one. In year one, some things are more important than others, so prioritise.

If you have any of your own to add, please post them as a comment. If you disagree, feel free to comment, after all this is written purely from my own perspective, but I do hope it will have some value to some people.

Have a Happy 2022. I see opportunities in them thar hills …

Shaun Sayers

Posted in Uncategorized | 3 Comments

How to get a start in auditing

I often (and I mean OFTEN) get asked what is the best way to get a job as an auditor? I always give the same advice and it seems the advice works. Or at least it has worked for several people.

So, for what its worth, here it is.

The more useable and chargeable you are, the more attractive you’ll be

Auditors that can audit systems to multiple standards are always going to be more attractive to an employer than those with smaller and narrower niches. Certification Bodies need to make money and the more money you can make for them, the more interested they will be in you. The big three are obviously ISO 9001, 14001 and ISO 45001/OHSAS 18001. That’s where the volumes of chargeable days will be, so if you are suitably qualified and experienced in all three standards, the more chargeable days work they will think they will get out of you.

Present yourself as a low maintenance auditor

Certification Bodies can do without the hassle that a high maintenance auditor can bring to their door. They don’t want some opinionated ego-monster that is going to rub clients up the wrong way. They don’t want somebody they need to keep on a short leash, they don’t want somebody they have to constantly chase to get reports submitted, and they don’t want somebody whose report is such a dog’s dinner when it reaches the office they have to send it right back to get rewritten. They don’t want somebody too fond of late starts, long lunches and early finishes. They want a person they think will arrive on-time, after having a wash beforehand and not stinking of drink. Someone who will do the agreed job as per the agreed plan, and stay until its done. Somebody that will generate and retain the required records and behave themselves whilst on the client’s premises. Somebody that will submit a good standard of report to the office on time, and with a sufficient level of evidence and detail that could withstand an appeal and, potentially, a second look by UKAS. Low maintenance.

Don’t try to be flash. Flash Harry invariably requires a lot of managing. They absolutely want “Mr/Ms Dependable”. Believe me.

How to get a start with limited experience?

Again a question I get asked a lot. On the face of it, its a chicken and egg scenario. To get a job I need experience, but I can’t get experience without a job.

A tactic I’ve seen work for a couple of people in the past has been to concentrate initially on your training and qualifications. Become at least a qualified person. Anyone can do this although it does rely on putting some time and money into yourself as a project first. This shows an employer 3 things. First that you’ve got some useful qualifications (and you might well as a result be cheaper for them to train) and second that you’ve got some initiative, work ethic and determination, and third that you’ve taken a punt on yourself before you’ve asked them to take a punt on you.

The next step in this process is to be realistic about what your point of entry into employment is likely to be. The best jobs and best paid jobs will be the most sought after. Employers will be able to pick and choose and there are likely to be more attractive candidates then yourself.

However the job market sector I regularly suggest people looking for a start should target is short term and interim contracts. That could be coming into a company during a busy period, or covering a specific time limited project, or covering a staff absence such as maternity leave. These jobs crop up all the time and are generally less saturated with high calibre applications than full time permanent positions. Also, because they are fixed term, temporary, you’re much more likely to find an employer willing to give you a whirl. Short term contracts can also be quite well paid.

So to summarise, be qualified, be easy to manage, leave your ego at the door and be realistic.

Posted in Auditing, Uncategorized | Tagged , , | 11 Comments

Why hasn’t ISO 50001 matched the global success of ISO 14001?

ISO 14001 has been a success. It would be difficult to deny the impact of the standard has had in improving general standards of environmental management, albeit not in all sectors, and in some countries more than others. It has undoubtedly changed the ethos of some organisations and their general environmental focus. The larger organisations have been the main cheer leaders however, you’d have to speculate, this is driven in part as a means to acquiesce public perception of their operations as a responsible and ethical operator.

Where these organisations have bought into the application of the standard, they have also involved their suppliers and subcontractors who, in order to comply with the terms of organisation’s tendering processes and contracts, may often themselves be required to become certified to ISO 14001, or as a minimum to have environmental policies and controls in place. Some of these subcontractors and suppliers may buy into the standard, whereas others may comply purely because of contractual obligations. Nonetheless, progress is progress.

An ultimate effect has hopefully been a general improvement within supply chains, leading to local, nationalised, and global Environmental Improvement.

ISO 50001 was introduced in 2011. Its fair to say it probably hasn’t quite had the same global impact as has the ISO 14000 series. In my personal view that there have been a number of reasons for this;

  1. A company already proves it doing as much as it can so within its financial constraints by committing itself to ISO 14001. So, it any additional financial benefit with ISO 50001 is marginal. I’ve yet to come across any tender document that has specifically asked any organisation to commit to ISO 50001 (that doesn’t mean there aren’t any). So, without major organisational buy in from major players that viral spread hasn’t occurred.
  2. ISO 50001 is a standard for Energy Management, but “Energy Use” would always be a major aspect of any Environmental Management system anyway and realistically is already covered within any substantive EMS focussed on ISO 14001. On top of that Energy technology and improvements have a finite point of development. As in, given the technology that is available and even with a budget without zero constraints, there is only so much an organisation can realistically do. Once they have done all they can, there’s no further room for development and once the low hanging fruit has been picked, residual benefits are again marginal.
  3. Finally, and crucially, although EnMs (Energy Management Systems) are compatible with other standards, it must stand as its own management system baring all its own resource costs. My view is that had it made itself an additional certification that compliments ISO 14001, or an extension of it, and not a stand-alone certification, we would have seen more buy in.

Given the most recent revision of the standard was in 2018 I don’t see much changing any time soon. I personally have an interest in ISO 50001 and do wish to for a broader buy in. I want to learn more about efficient use of energy and even enjoy working with the standard but given the cost, as Duncan B*nn*tyne would say “I’m out”*

Dan Wilkinson is a Quality, Environmental and Occupational Health & Safety Management Consultant and Auditor. We thank him for this contribution. If you have any observations or comments to make on Dan’s post, we’d love to receive them.

*just in case he’s still got his google alerts switched on

Posted in Uncategorized | Tagged , , , | Leave a comment

Taking Control of the Facts

Do it right and auditing changes the way you think. Do it wrong and it changes the way people think of you.

What it’s not

For some,  their perception of “the audit” is that it has to be something of a diagnostic partnership. And you can forgive people for thinking that way, because they probably see a lot of that sort of thing. A self indulgent quasi-consulting exercise masquerading as a “management system audit”, where the actual audit criteria and the requirement for a clean impartial process fly right out of the window. This usually results in a report full of superficial and irrelevant “Opportunities for Improvement” that have little practical use in the management assurance process. A good audit is not about that at all.

What it is

The actual role of the auditor is to get to the bottom of things.  Once you’ve done that, you put those facts, be they good, bad or indifferent, in a report and give that report to whomever has requested it. You then trust that they find it useful, but that is up to them. Your work, for now, is done. That is how the auditor “adds value”, by doing what s/he is paid to do.

Changing the way you think

So why does systems auditing change the way you think? Well, getting to the bottom of things is reaching that point where everything makes sense. When that’s not happening, you’ve not got to the bottom of things, so keep going.

Eventually everything adds up

What you learn is that real idiots are rare, and the reason for a decision not being the right one or not making sense to you is rarely idiocy. When something doesn’t add up, there’s nearly always something you don’t know. Eventually all things add up. This might make you start to look at life events through a different prism. Political decisions that make no sense, for example. You can safely assume there’s something you haven’t been told. When things seem to good to be true, assume things aren’t what they seem – look for the catch. There’s no such thing as a free lunch. Know, for example, that cheap food is cheap for a reason and expertise is expensive for a reason. In the words of Red Adair, if you think experts are expensive, try hiring an amateur.

Why are systems inefficient?

Systems are all inefficient for the same reason – because they can be. You want to eliminate inefficiency? Start by removing the option of inefficiency. It is no coincidence that there is an almost perfect correlation between the more efficient systems and the lowest margins. A system that works to low margins simply can’t be inefficient, so guess what? It won’t be. Efficiency means hard work and nobody volunteers for a hard life, that’s human nature, so efficiency needs sustained pressure of one form or another, otherwise it won’t happen.

Causation, correlation and coincidence

Another thing you learn is to differentiate between the three C’s. Causation, Correlation and Coincidence. To get an appreciation of that, I can give no higher recommendation than to go back through a few Radio 4 More or Less podcasts. It’s a radio program that takes a look back at statistics that have been quoted over the past week, usually by politicians, and puts them through the test of careful analysis. A year or so ago, for example, the program looked at the apparent causal link between weekend admissions to hospital and a higher level of fatality. News reports and some politicians had seized upon the statistic, concluding that this was OBVIOUSLY as a result of poorer care provision at weekends – and that played well to a certain political narrative. But why would that be? What is the causal factor? Why would the quality of care provision plummet over a weekend? Money? The thing is, that’s not the only thing going on. Another factor is that there tends not to be any routine admissions at weekends (that is, for the type of condition where you have a very very high chance of surviving your stay). You’ll never be admitted on a weekend for an ingrowing toenail. Weekend admissions are nearly all emergency admissions and, naturally, the survival rates on emergency admissions are lower than they are for routine admissions. So, correlation and causation. Eventually it makes sense.

Personally I think getting to the bottom of things can be quite a satisfying and rewarding thing. A good auditor will simply take control of the facts, report them in an impartial way, and hope that the recipient can make good use of them in their decision making processes.

Posted in 45001 Lead Auditor Study Group, 9001 Lead Auditor Study Group, Auditing | Tagged , , , , , | 3 Comments