By Craig D’Souza
When people ask what I do for work, they usually guess:
“Auditor?” “Advisor?” “Paperwork guy?” “ISO guy?”
Close… but not quite.
Here’s the simple version: I help organizations get ready, putting their house in order so they can grow, win new contracts, and pass audits without the stress.
Think of me as part detective, part mechanic, part team coach.
What people think I do:
Tick boxes. Write policies. Sit in meetings.
What I actually do:
I go inside a business and figure out:
- What could go wrong
- What’s messy or unclear
- How to fix it before it becomes expensive
Step 1: understand the big picture
First, I zoom out.
I use simple tools like PESTLE and SWOT to ask, “What outside forces affect this business (laws, tech, weather, economy)?”
- What are we good at?
- Where are the weak spots?
It’s like mapping the terrain before a hike.
Step 2: build structure
Next, we organize the chaos.
Together we create:
- Asset trackers (what do you own and who looks after it)
- Dynamic risk registers (what could hurt the business and how we control it)
- Complaints/feedback loops (what customers are telling you)
- Decision frameworks (clear steps for returns, errors, or service issues)
Instead of random spreadsheets, everything lives in one clear system.
You might ask, why is this important?
Well, it’s because most standards and compliance frameworks require clear evidence that you understand your risks, assets, and issues—and registers are the simplest way to prove you’re in control.
Step 3: verify the story (i.e., the evidence)
As an auditor, my job is to ensure that what a client says matches what they do. I help with the evidence-gathering process, teaching the techniques to prove claims. Compliance isn’t about your word; it’s about verification and validation. If you can’t prove it, it didn’t happen. We move from “trust me” to “here is the objective evidence.”
Step 4: build trust through records
High-quality record-keeping, especially virtual and cloud-based records, is the foundation of trust. Clear, accessible, and honest records aren’t just for the auditor; they are for your stakeholders, your customers, and your future growth. If your records are clear, your business is transparent and reliable.
Step 5: test real life
This is where I become the detective. I don’t just read documents. I ask: “Show me how you actually do this.” If the policy says one thing but reality says another, we fix it.
Step 6: make it stick
Finally, I make sure:
- Everyone knows their role
- Responsibilities are clear
- The system runs without me
Because good compliance isn’t paperwork. It’s clarity and ownership.
In one sentence?
I help businesses move from “We hope we’re compliant” to “We’re organized, confident, and ready for anything.”
About the author
Craig D’Souza is the managing director of E-Risk360 and a governance, risk management, and compliance professional with training across ISO management system assurance and certification. He is an Exemplar Global-certified lead auditor in management systems including ISO 9001, ISO 14001, and ISO 18001/AS 4801/ISO 45001.
A version of this article first appeared in the Audit Revealed newsletter and is published here with permission.

