Learn what not to do as an auditor so you can become an awesome auditor!
First up I want to ask you a question.
I want to ask you - what sort of auditor are you?
What sort of or type of auditor do you want to be?
I ask this as I think it's something that I take for granted. We teach our auditors in a certain way here at ATOL and I presumed we had infiltrated the entire world!
But I was wrong, sadly.
Recently I came across an auditor that obviously hadn't completed one of our courses and wasn’t following at all the principles and processes that we share with you regarding personal behaviours and the process of conducting an audit.
As I mentioned earlier, I had taken it for granted that everyone out there just knew how it worked and they were being open, transparent, clear, trustworthy, genuine auditors. But no, there was one auditor that came across my path in the recent weeks that I was flabbergasted with. I'm going to share this with you.
Now we can learn what not to do as an auditor, and then we can see what we can do to help you to become an awesome auditor.
What frightened me about this auditor? A certification auditor also!
Firstly, it was the nonconformances that were being raised. It was an ISO 45001 system. A completely new system, so this was a certification audit. The nonconformances that were being raised were considered major by the auditor which made this even more frightening!
Of course, if issued a major nonconformance this means that the company cannot be recommended for certification until these are rectified. The scary thing was that these ‘major nonconformances’ were against things that weren't even in the standard, areas that weren't even in ISO 45001.
I’ll share just one with you so you can get an idea of why I was so horrified. This nonconformance was presented and written without referencing anything in ISO 45001 – it just seemed like their opinion.
It was worded something like this A register of critical suppliers is required to be developed and maintained.
I’m only too happy for you to check up on me and find where this is stated as a requirement in ISO 45001.
Go on, take a look.
I’m very confident that you won’t find anything of the sort.
I do know that Clause 8.1.4 is all about procurement, outsourcing, and contractors and there is a requirement to work with or coordinate with your suppliers or contractors regarding hazard identification and risk assessment. And obviously, the activities of higher risk might identify more critical suppliers, however, nowhere does it say that you need a list in a register of your critical suppliers.
You might be thinking, and I hope you are - why didn't the client challenge this? They did! They definitely challenged it.
The client and the consultant challenged the nonconformances. They pushed back and pushed throughout the audit. Right through and even at the closing meeting. These major nonconformances could be an observation at best!
However, the auditor would not budge. This leads me to the second area of this audit that horrifies me. During the closing meeting, the auditor did not explain the Appeals process, here they had a client and a consultant desperately disagreeing with the findings and the auditor did not even explain that they had a path to appeal and escalate their disagreement.
I wish I had been there!
At no point in the closing meeting did the auditor talk about the appeals process. This auditor had an unhappy client and an unhappy consultant that was challenging the findings.
If that's the case, you as the auditor need to sort that out. If you're being challenged, you need to sort that out and get them to understand why.
You do this by presenting objective evidence as well as the requirements from the standard to back this up. If they are still not happy with it, you do need to explain to them what the appeals process is. For me as a certification auditor, that is you will need to contact the certification body and discuss it. It’s just the escalation process.
On top of this, the auditor did not explain what the process and timeframes were for following up the major nonconformances. The auditor left and the client didn’t even know what the next steps were. Although I wasn’t there in person, it appears as though there was a huge gap in communication.
My concern also was it was a certification audit so I suggested to the consultant that they escalate this to JAS-ANZ. The trouble was that while they did want to do this it would delay certification even more for their client.
It was quicker to just do what was being asked (as ridiculous as it was) and get their client certified. So they were stuck in the middle. It was quicker to create that critical supplier register just to shut them up and get certified!
What have you learned from this? Do you now know what type of auditor you are or want to be?
If you want to be an awesome, personable auditor that's real-world and understands what's going on, and takes into account all situations - but most importantly follows the standards – let me know! I can help.
I can share some more stories. I can share some more tips with you because I've been there. I've seen it all. And I love sharing this with you.
Let me know your auditor or auditing stories too, good or bad. Let’s see what we can come up with together.
Note – this is an excerpt from the Auditor Training Online Facebook Live, view the video here