Bill Aston has been the managing director of Aston Technical Consulting Services since 2004. He has also been the owner of Petro Quality Systems Auditors, an audit company that has been providing audit services to manufacturers and services companies in the oil and gas industry since 2014.
As a quality professional, Aston has more than 50 years of experience in the oil and gas and petrochemical industry. His extensive background includes QA/QC, quality management, nondestructive testing, plant operations, inspection, supervision, NDT/weld inspection training, management, engineering support, QMS auditing, risk management, and consulting. He is an Exemplar Global-certified master auditor who has maintained that certification with Exemplar Global for more than 15 years. His other auditor certifications include ASQ certified quality auditor and PECB lead QMS auditor. As a trainer, Aston is approved, recognized, and certified by the API, Exemplar Global, and PECB, respectively. He is also an active member of the API’s quality subcommittee 18, API subcommittee 20 on supply chain management, and the U.S. TAG to ISO/TC 176.
In this conversation, we discuss his extensive and interesting career journey, what kind of professionals make successful auditors, and why risk has changed the game for management system auditors of today.
EXEMPLAR GLOBAL: Could you tell us a little bit about your education, your professional background, and how you came to this part of your career?
BILL ASTON: I’ve been in the oil and gas industry as a quality profession for 50 years now. As far as my educational background, I attended Lakeland Community College and I also did some additional work with the Metals Engineering Institute for nondestructive testing and weld metallurgy. I picked up a few certifications along the way, including as a certified welding inspector through the American Welding Society. That’s where my career started—with welding, welding inspection, and radiographic film interpretation.
From there, my career expanded out. I was in supervision for quite a few years within the fabrication space. In 1976, I moved from Ohio to Texas, where I live now. I came down here with a petrochemical company by the name of Diamond Shamrock, where I did cross-country pipeline inspection under the American Petroleum Institute standard 1104, which covers welding for pipelines and related facilities. From there I went over to another company by the name of ARAMCO Services Company, where I worked for about 10 years. For part of that time, I was also with Exxon USA before they became ExxonMobil. I was part of their headquarters engineering and purchasing team.
Next, I moved over to Saudi Arabia and worked there for a total of 16 years at Saudi Aramco, mostly as an Inspection Unit field supervisor at the Shedgum gas plant, and Project Coordinator, VP Staff in Southern Area Gas Operations. I did quite a bit of classroom training as well as one-on-one training while there, helping develop their mechanical and welding inspectors and nondestructive test technicians. This was for liquid penetrant magnetic particle inspection, radiographic film interpretation, and welding inspection. One of my responsibilities was to take some of Saudi Aramco’s folks and turn them into certified, qualified inspectors. I did a lot of in-plant quality assurance and quality control at the Shedgum gas plant.
I worked in Saudi Arabia during both Gulf Wars. Iraq was launching Scud missiles during the first, so you can imagine what it was like working in a gas plant seeing missiles flying overhead. The U.S. military was heavily involved in that, of course, and it was all quite an experience.
Around age 55, I took early retirement and came back to the United States, where I experienced a little bit of culture shock after being overseas for 16 years. It was a culture shock to go to Saudi Arabia initially, in 1987, and then a culture shock to come back in 2003.
I took off for one year, and in 2004 I started Aston Technical Consulting Services, where we do not only consulting, but auditing and training, too. The training is pretty much limited to auditor training as well as risk management training. I also have another company, called Petro Quality System Auditors, and we provide auditors to the API. PQSA has been an API audit company since 2014.
EG: ATCS is the company that works closely with Exemplar Global as a recognized training provider. On which specific schemes and standards do you and your team at ATCS train?
BA: ISO 9001, API Q1, and API Q2 are our main charges, as well as ISO 29001, which used to be a carbon copy of API Q1 because it is specifically designed for the oil and gas industry. We also do auditor and lead auditor training, much of which is done through Exemplar Global. That’s been a good fit for us.
EG: Do most of your students come from the energy field?
BA: Actually, it’s kind of broad. The manufacturing sector is big, for example. And one of the largest classes we’ve ever had was with MD Anderson, a huge cancer treatment hospital right here in Houston, covering introduction to risk management within healthcare.
EG: Would it be fair to say that the information you provide and the tools you give people cut across sectors? It seems that what you are teaching applies to auditing any kind of management system—things like asking good questions, investigating conformation to written specifications, confirming records, etc.
BA: Yes, that’s exactly right. Take the ISO 9001 lead auditor course that we do with Exemplar Global. The basis of that course is ISO 19011, which covers quality management systems, environmental management systems, and health and safety management systems. We provide our students with the tools they need to be capable and qualified auditors no matter what the management system is, because at the end of the day, the bottom line is that there are some basic principles that cut across all management systems. As far as specific expertise, whether it’s oil and gas involving AP1 Q1, or quality through ISO 9001, or environmental via ISO 14001, or health and safety with ISO 45001, or aerospace with AS9100, all auditing practices work off the base of ISO 19011. From there you get into the specific requirements against which you are going to audit, which will cover your expertise and/or the scope of the audit itself.
EG: Listening to your career journey, and all the areas that you’ve worked in, from technical positions to purchasing to management to training, it strikes me that good auditing should encompass everything from a systems perspective, and it really does help to have a lot of these different experiences. Given that, and the need to bring people into these careers, do you feel like people can come into auditing from anywhere, or are there specific roles that help prepare people to become auditors?
BA: I’ve had these discussions with folks who want to get into auditing, and I encourage people with valuable skills like NDT, welding, fabrication, engineering, or even experience in machine shops to get into auditing. They are familiar with specific processes and how those processes yield products that maintain quality. One of the things I’m pretty keen about is that in order for someone to be an effective auditor, they need to understand the industry and/or the processes being audited. You also need to be familiar with the specific and potential risks found in the organization. For instance, for me to try to audit some process related to electrical motors, which I don’t have a clue about it, wouldn’t be effective because I don’t know that product line. Because of that, I won’t know what to look for during the audit.
What happens in that instance is people try to audit something they are not familiar with, either a process or a product or a system, and they end up doing a fail-safe back to the things that they know. When that happens, you end up with someone going into the audit with blinders on, and the only things they see are those things they’re familiar with. They lose the big picture of everything else because of a lack of familiarity. They don’t know where to look because they don’t understand the risks associated with that product, process, or system.
EG: That leads to another question. As we begin to emerge from Covid and we can do fully on-site audits again, do you think that remote auditing is going to stick around? It would seem that those blind spots you mention might be exacerbated by not being on site.
BA: I think remote auditing has been a good approach given the situation we’ve been in with Covid. Ultimately though, I think the best audits are still going to be those on-site audits when you are face-to-face with people, and you are there in the facility or the location. I think remote audits are necessary for some situations, though. Say that you are doing an API Q2 audit for offshore facilities. As an auditor, you may be limited to the service facility that’s on shore. In other words, you can drive your car there, you can walk into the facility service shop, and you see what they’re doing. But as far as getting offshore, getting onto the platform, that might be a pretty tall order because now they have to try to make arrangements for a helicopter or a boat or something to get you out there. So, in some cases, you may end up having to do a remote audit regardless to see what’s going on.
But to get back to your question, I think the best and the most thorough audit is still going to be the on-site audit. For instance, when you’re walking through someone’s facility, you can just kind of look around and notice how they are managing things. Are they doing pressure testing out on the shop floor? Do you see work instructions and copies of procedures? Overall, do you notice anything that might not pass the smell test? Everything should look neat and orderly, not helter-skelter with materials all over the place.
EG: On a related note, it’s amazing how psychology plays into this, because people are terrified of audits and auditors. I would imagine that you have to break that down and interact as human beings with some chemistry and a little rapport before you start getting into the meat and potatoes of the audit.
BA: That’s true, and that’s another part of the beauty of face-to-face audits. You don’t really have a chance to do that in the same way over Zoom. Sitting across the table from one other provides an added dimension to the personal interaction.
I should also mention that there’s some additional risk with remote audits. As an example, if you’re using an iPhone to see what’s going on in a shop, you are dependent on whoever is managing that iPhone to show you what you want to see. But even if they are showing you what you want to see, they’re also not telling you some of the things that you don’t see. That’s just one more little risk that’s associated with remote audits.
EG: You’ve mentioned the term “risk” a few times in different contexts during this conversation. If we were chatting 10 or 15 years ago, we probably wouldn’t mention risk once. ISO in particular has really brought that to the fore. I don’t know if the API has that same focus on risk-based thinking, but it has certainly changed the way auditors think about their work, and it has changed the way people like yourself train auditors. Do you think this emphasis on risk is going to continue and just proliferate more and more, or have we reached its peak?
BA: No, I think we’ve already let that the genie out of the bottle, and there’s no getting it back in. If we once again think about ISO 19011, the last time that standard was updated prior to 2018 was in 2011, and in 2011, it included one line about risk-based thinking. But that was it.
And then all of the sudden came ISO 9001:2015, which really got into risk-based thinking. Everybody was running around with their hair on fire, saying, “What the heck does that mean?” or “This is just another buzzword!” Well, the bottom line is, we’ve been doing risk-based thinking for years.
EG: Sure, it was implicit, but as you mention, it wasn’t in the language of the standards explicitly like it is now.
BA: If I could go back in my career to when I was first talking about risk-based thinking, I would have to go back to 1989, 1990, 1991, somewhere in there, when I was overseas working at the gas plant in Saudi Arabia. At that time, we were doing what was referred to as risk-based inspection, when we would do periodic shutdowns of the plant to inspect process equipment. The idea was that we would perform thorough inspections during these planned shutdowns to identify weaknesses that might interfere with normal operations to make sure the equipment didn’t break during operations.
Something else that we also did was to look at piping, specifically as it regarded under-insulation corrosion. In some cases, we had issues with that, not just on the piping, but also external services of pressure vessels, which were covered by the insulation and weren’t easily seen. So, we would cut off some sections to inspect them. Those pieces of equipment as well as the piping would tend to sweat because of cycling temperatures underneath, which caused condensation. And that condensation would cause those pressure vessels and some sections of piping to corrode. We would take measurements using a D-meter, which is a form of ultrasonics, to do thickness checks, and use a pit gauge to determine the amount of pitting. From there, we ran calculations to determine the remaining life expectancy of the vessel or the piece of pipe before we needed to replace it ahead of a failure in service, which of course we didn’t want to see happen. That’s what we considered risk-based inspection (RBI) 30 years ago.
Now fast-forward to the last decade or so, and we’re getting more involved in the concept of risk within quality management systems. But as I mentioned, we’ve been involved in risk all along; it was frequently referred to as “fit for service” inspections and calculations. API Q1, section 5.3, specifically addresses risk assessment and risk management, as does API Q2, which is for offshore facilities. ISO 9001:2015 did away with the idea of preventive actions, which is now classed as RBT. Other quality management systems are now adopting this approach; everything will be either a corrective action or it will be classified under risk assessment or risk management.
EG: Risk is certainly very present in our lives today, especially when you think about supply chains and the manufacturing space. Between Covid, war, weather disruptions, what have you, there have been so many disruptive events in recent years that every business really needs an understanding of what to do when those things that we don’t think can happen actually happen.
BA: You’re right. If you look at where we are as a world these days, companies, especially manufacturers, darn well better have a risk assessment as well as contingency plans.
EG: Fukushima was the perfect example. The tsunami happened 10 years ago, and that event really woke a lot of these people up to this idea of supply chain disruption. That little area of Japan had a lot of suppliers for key industries, and that really messed up manufacturers for many months. It hits home when something like that happens.
BA: For the QMS auditor, this is really a wake-up call. In the past, we could pretty much be comfortable in going to a facility and examining an auditee’s quality procedures, quality manual, and other records. Excluding product audits, that was pretty much it on the QMS side. That’s not so much the issue now. Those are still key things you look at, but you also need to have your headlights on as auditor to make sure that you’re familiar with risk assessment, risk management, contingency planning, management of change, and even training competency for personnel. As an auditor, you even need to think about the risk associated with auditing itself. There’s certainly a lot for auditors to consider these days.