AAA1My client, a leader in innovative rail friction management, was recently preparing for an integrated ISO 14001/OHSAS 18001 audit and I was asked to provide onsite training to prepare their employees. The company and its staff are well versed in audits, having been registered under ISO 9001 for several years. In addition to the required EHS awareness training, I was also asked to provide my thoughts on what to expect during the upcoming audit.

As a certification auditor, I have noticed companies that experience a smooth audit tend to approach audits with a different mentality than those that have a less than ideal experience. I’m not just talking about whether or not a company achieves certification, but rather what it ends up with in terms of meaningful results that actually help improve its management system.

It’s evident to an experienced auditor when a company owns its management system. Findings are not feared, nor are they accepted as gospel, they are seen as an opening to a meaningful and sometimes even lively, but productive discussion. The ability to welcome these discussions comes from the company’s level of confidence, which in turn is a byproduct of a) having a good management system, and b) knowing what to expect during an audit. The former is something Newhelm is dedicated to helping our clients achieve every day, the latter can generally be obtained by understanding the following five points.


This is one of the basic principals of management systems auditing. Most auditors will typically mention this during the opening meeting as it’s a good way to put the client’s mind at ease. The objective for the auditor is to gather enough evidence to support a recommendation for certification, while making you aware of any nonconforming situations as they arise. Of course, any nonconformities will need to be addressed as required by the Certification Body. The point of this concept, however, is to establish the right attitude of the auditors and auditees heading into the audit.

Note the difference between conformity/nonconformity and compliance/noncompliance. The language of conformity is specific to a company’s performance against a set of standards to which they are being audited, while the language of compliance is specific to a company’s adherence to regulatory requirements. While it is important for auditors to notify you when they believe you may be noncompliant with a legal requirement, the primary objective of the auditor is to determine the level of conformity of your management system to the standard. The auditor may still issue a nonconformity in this situation, however, the nonconformity should be written against the standard.


I have seen companies pursuing certification for the first time implementing an out-of-the-box management system, with an emphasis on making it easy to audit, at the expense of their own efficiency and sanity. Companies who have been certified for a longer period of time often express frustration with each new auditor coming into their facility trying to get them to do things a little differently. In either case, it is important to remember what the point of establishing the management system was in the first place (and please don’t say “to get certified”). Your management system was established to help you continually improve, for the benefit of your company, employees, customers and stakeholders, not the auditor. The auditor is there to provide independent verification that continual improvement is actually taking place.

I once had a client say, “we have two management systems, one for when the auditor is here and one for when they leave.” If you find your company drifting towards this path, you need to really evaluate what it is you’re doing for the sake of the audit versus good business practice. In my opinion, there is nothing in any noteworthy management system standard that would require you to implement sub-optimal business practice just for the sake of becoming certified. Remember, it’s your company and your process, don’t be afraid to get a little “mother bear” once in a while.


As an auditor, there’s nothing better than feverishly taking notes while the individual you are auditing is passionately explaining what their role is within the management system. Part of this comes from a genuine interest in what the individual does at the company and the other part is anticipating the type of information that is of interest to an auditor. Pretend you’re the host of the TV show “How It’s Made”, or failing that, consider the following questions you could expect from an auditor:

  • What do you do at the company?
  • What training do you need to do that?
  • On a bad day, what could go wrong around here that could hurt you, the environment, equipment or product?
  • What prevents this from happening?
  • How do you know if those controls are actually working?
  • Do you record that information anywhere and do you have to report it to anyone?
  • Does your company have a policy (Quality, Environmental, OHS)?
  • Where is it?
  • What sort of things is your company trying to improve?
  • Are any of these “improvements” working?
  • What’s for lunch?


A perfect audit should be like throwing a no-hitter in major league baseball. Companies that strive for perfect audits, perhaps going as far as penalizing employees for findings, are missing the point of audits. Rather than trying to get through the audit without any findings, open yourselves to receiving good, value-adding findings. Aside from obtaining a certificate, perhaps a requirement of a key customer or the trigger for a year-end bonus, audits are an important feedback mechanism for your management system. Auditors get to see a lot of companies of various size, from a wide range of industries, and while they can’t consult during the audit, observations are made from a unique vantage point with the intention of improving your management system.

Auditors have been know to throw out some pretty cheesy findings, like “your paper towel dispenses paper at a much faster rate in one bathroom than in the other”. I know I’ve lobbed a stinker or two at a client in the past, although nothing relating to paper towel dispensers. Whether good or bad, It’s important to think of findings as the beginning of a discussion. Your will want to make sure you understand everything about the finding so you can identify the root cause, or offer additional information to support your objection if you disagree with the auditor. You should note however, the objection of “this has never been raised as an issue in the past”, is not a good objection to a finding. Auditing is a sampling process and despite the standardization of the audit process (ISO 19011), different auditors may focus on different areas of your management system depending on their background.

In the event you can’t come to an agreement during the audit, keep calm and carry on, you always have other channels to raise your objection. You can appeal to the Certification Body, and failing that, you can appeal to the Standard owner, or in the case of ISO, the National Member Body (e.g. ANAB in USA and SCC in Canada). Many companies aren’t aware of the latter option, but I have used it on behalf of a client to get clarity for both my client and the Certification Body on a particularly grey area of a standard. The National Member Body has direct influence over your Certification Body so their decision will have an impact.


You might be surprised how often I get questioned by employees about the purpose of the auditor being on site. Some employees think its a “regulatory thing”, while others suspect it has something to do with evaluating employee productivity. As a result of this confusion, there’s always a few employees that seem somewhat apprehensive about participating in the audit and may even get defensive with the auditor.

Prior to your auditor coming onsite, take the opportunity to explain to your employees why the audit is taking place and that the auditor has been retained by the company to help identify ways to improve the management system and hopefully recommend certification. Highlight that the audit is process-focussed, not people-focused, and that your employees’ participation as process experts will help ensure the auditor gets a the most complete and accurate view of the organization during their limited time onsite. It’s also a good idea to briefly remind employees of this when introducing the auditor to employees during interviews.

You’ve invested a considerable amount of time, you’ve even hired an expert to help get your management system up and running. Your internal audits have produced a whack of meaningful observations and findings, which you know you’ve dealt with and you can already see the improvements. You and your employees are ready for the audit. So take a moment to regroup with your team to set the right expectations and get into the auditing mood. Challenge yourselves to expect more from the audit than just a certificate. Write down these expectations and certainly don’t hesitate to share them with your auditor. Finally, after the audit, take a moment to debrief and to reflect back on the expectations you’ve established, adjust as necessary, and move forward.


Will Huggett works with organizations to develop, implement and certify management systems that deliver Exceptional Environmental Performance.


  1. I fully agree. Only yesterday I conducted an audit. All the records were fudged. The company was otherwise doing well, all it’s customers were happy as could be seen from their continued and increased orders.

    I had to tell the owner and the key personnel that instead of working for the auditor, they should instead concentrate on finding better means to put, the requirements of the standard to better use- for their own improvement!

Leave a Reply

Your email address will not be published. Required fields are marked *