Prior to establishing his own company, inghamHSEQ, David Ingham was the Western Australia state manager of BSI, one of the world’s largest certification and training bodies. Prior to that he was a corporate HSEQ manager at Woodside and in 1990 was the inaugural Western Australia state manager of SAI Global.
He has been involved in line management positions since the 1970s with employers such as Westinghouse, British Aerospace, Pilkington Optronics, Western Power, and Standards Australia. Ingham has helped develop various types of management systems for more than 400 Australian companies from a wide spectrum of business and has extensive third-party audit experience. He has a passionate conviction that success in the implementation of quality, safety, or risk-based management systems can only be achieved through culture change and employee involvement, not merely written manuals.
In this conversation, we chatted about his (mostly) self-taught auditing journey, the similarities and differences of various types of management system audits, and the power of mentorship for mentors as well as mentees.
EXEMPLAR GLOBAL: How and when did you first encounter auditing in your career?
DAVID INGHAM: I migrated from the UK to Australia in 1988, and the first job I got was as a quality engineer working for the Electricity Generation and Transmission Board. They’ve changed their name a few times and are called Western Power now. I got involved with procurement and inventory and quickly realized that the quality of some of the products and services that they were receiving was terrible. I had a bunch of strategies and initiatives, but I hadn’t been trained to be an auditor and in fact I had never been involved in an audit up to that time. There was a key project management contractor who had a multi-million dollar contract and I was asked to audit them.
In those days, Standards Australia had a similar standard to ISO 9001, but specific for projects. It’s a defunct standard now—when ISO 9001 came in, it disappeared. I produced a checklist using that standard, turned the requirements into questions, and went off to do the audit. There was a very experienced engineer there, and he said, ‘That is the best and most thorough audit we have ever had.’ And I remember thinking, ‘Well that’s good to hear, since I’ve never done one before!’
After a couple of years, I followed-up an advertisement for an opportunity to become an auditor for Standards Australia (now known as SAI Global), and I was fortunate enough to get that job. This was in the early days of ISO 9001 certification when there were only about 20 ISO 9001-certified organizations in Australia and New Zealand (there are more than 35,000 now). When I did my first ISO 9001 certification audits, we didn’t have a national accreditation body and we didn’t have an auditor qualification body. I did a couple of years of auditing before any of those came in. In fact, we were able to influence what the rules and regulations might be for certification audits. I think it’s great that for 30 years now, we have had a proper system for achieving a suitable level of competency for auditors.
From that time forward I’ve been auditing, working for different certification bodies, and doing internal audits. I also worked for an oil and gas company for 10 years; in fact, the job I had there for the first four years was as their HSEQ audit manager, so I went around Australia and around the world, auditing their processes.
EG: As you began to work in auditing in the late 1980s, ISO 9001 was really in its infancy. Who trained you to be an auditor? Who was even out there that knew how to audit to that very new standard at the time?
DI: The first few audits I did, no one had trained me at all… I just did what I thought should be done.
EG: You read the standard, interpreted it, and applied it to the audit as you saw fit.
DI: Yes. Now, when I joined Standards Australia in 1990 (which was before we had a Quality Society of Australasia), the training was robust. You had to participate in a minimum of three audits as an observer, very much like the rules are now. You also had to participate in another three audits as an auditor before you could become a lead auditor. And then if the senior people that were working with felt that you were competent, you could then take on the responsibility of being a lead auditor under the guidance of an already-qualified lead auditor. There was also a documentation review capability that you had to achieve, so you were reviewing quality manuals and procedures. As it happened, I was able to meet all the requirements. Thereafter, with ISO 9001 certification growing so quickly, after three months as a lead auditor I became state manager and started hiring other auditors. I was there for three years and hired eight auditors before I left to go into consultancy.
EG: You’ve mentioned auditing in the realms of health and safety, environmental management systems, and quality, which of course are very different types of audits. How would you explain the difference and similarities when you audit against those different standards?
DI: Well, the mechanism for auditing is the same, and fortunately ISO has done a lot of work in the last five or 10 years in integrating and aligning their management system standards. Therefore, the content of each of the major management system standards are all the same, with the same 10 elements. These days, that makes auditing much more efficient and effective because, for example, you only need one document control system, one training and competency system, one internal audit system, and so on. Whereas, 25 years ago you would have three separate departments with three separate heads, all of whom had their own systems, and never the twain shall meet. But what we’ve been able to do in more recent years is integrate those systems.
I got into health and safety purely from a commercial point of view. At the time I was running a consultancy and we had been very successful helping our clients achieve ISO 9001 certification. But it was beginning to plateau, and consultancy work to help organizations with their quality management systems were getting harder and harder to find. So, with the team that I had around me then, we decided to branch out and work in health and safety as well as environmental audits.
In a sense, I once again became self-taught in health and safety. I looked at that standard and thought, ‘Well, it’s not that much different.’ Working as a consultant helping organization understand how to address the requirements of the standard, I learned an awful lot about health and safety. I also did some studies and got a diploma in health and safety. In fact, 10 or 15 years later, I became a health and safety manager at a leading oil and gas company. I learned by experience along the way.
When it comes to environmental management, I’ve helped lots of organizations achieve ISO 14001 certification. Indeed, for many years, I was an Exemplar Global environmental management system lead auditor. In fact, I believe I was the first person in Australia who gained lead auditor triple certification in quality, safety, and environmental management. I got my quality management system certification in 1990, health and safety certification in the year 2000, and my environmental certification a couple of years later, in 2002. Lots of people have all three lead auditor certifications now, but it was a quite valuable asset at the time, because certification bodies could just hire one person—me—and go off and do a triple certification audit instead of sending two or three people. That presented lots of efficiencies and cost savings for the client.
EG: But as you mention, without the high-level structure in place at that point in time, it was much more complex, especially regarding documented management systems.
DI: Fairly often these days I find myself at odds with certification bodies who still seem to want to charge three times the price for auditing three management system standards. They calculate how many auditing days are needed for a company that’s got, say, 50 employees, and the CBs calculate that the audit duration for a single standard (e.g., ISO 9001) is, for example, seven audit days.
It should be another seven-plus days or so for each other management system standard (e.g., ISO 45001 or ISO 14001), which could mean up to 30 days to do a triple certification audit. That could be more that 20 audit days to cover three separate standards, but with a considerable overlap of requirements. The International Accreditation Forum does have rules that provide for reductions in audit days for multiple management system standard audits but the CBs do not appear to take notice of these. I’m really not convinced that auditors can effectively use all this extra time.
EG: And now, remote auditing has changed it even more.
DI: Yes, absolutely. I’ve seen it from working on both sides of the certification profession, as an auditor and as a consultant.
EG: For auditors that are early in their careers, what would you say are some of the benefits of seeking out training? Of course, we know you can get certified, but besides just the certification itself, what are some of the benefits of auditor training?
DI: I’ve been running lead auditor training courses for nearly 30 years. The consultancy practice I had for 15 years was an Exemplar Global-certified training provider. These days, I work for another organization, BSI, which of course has their own international reputation. Over the years, I’ve run more than 100 lead auditor training courses. This last year has been an interesting challenge because the training has been online, which makes it more difficult to engage with students and hold their interest.
I’ve come across many auditors who understand the mechanics of the audit process—they’ve learned the standard, and they’ve learned how to prepare a checklist. But there’s something between the head and the heart as well, and experience as well as human-relation skills are important. Too many auditors lack confidence. As I said, they understand the mechanics but they’re not able to understand the process or the big picture, and therefore, they focus on the minutiae. And because they feel that they have to write up some nonconformances, they write stuff that isn’t adding any value. When I’m training people or working alongside people, I try to encourage them to think about whether a particular issue is going to make any difference in the grand scheme of things. Is it going to make the auditee better? Is it going to improve their business or make their customers happier? If not, just make a note if you want to, but focus on the biggest stuff.
I’ll tell you about a recent experience I had where I trained some internal auditors. Now, you must remember that an internal audit is a different kettle of fish than an external audit because internal auditors are work colleagues and friends, whereas external auditors are essentially strangers. What was happening in this case was that these internal auditors were carrying around lots of emotional baggage rather than looking at the organization’s process. We had to completely review that.
As I mentioned, I’ve been running public training courses, and I nearly always ask the students, ‘OK, there’s 10 of you here today. Let me ask you right up front: Did you jump or were you pushed?’ Generally, half of them were told that they had to come, which is a completely different mindset. When people are being told they’ve got to come it means that the boss has got a vacancy that needs to be filled. They need an auditor because they’ve got these certification audits coming up and they haven’t even done their internal audits, so they look around for somebody who doesn’t seem to be too busy, and they send that person off to the training course. But that’s just a disaster. What we need are switched-on people with business process in their heart, in their core being. Then we can simply help them learn the tools to achieve organizational improvement.
Of course, as a trainer, I don’t have any influence on that because my audience is my audience. If they’ve been told they just need to come to the training, then my challenge becomes to try to make it interesting and relevant. Fortunately, a lot of times students will say, ‘Well, I really wasn’t looking forward to coming to this, but I just wanted you to know it’s been great.’ Hopefully we’ve had a few successes.
EG: It seems that trainers tend to get very proficient at the technical aspects of going through a standard and making sure that auditor students understand what it means and how that language translates into processes that an organization is undergoing in their facility. But we must keep the human element in sight as well, because improving an organization starts with the people who work there. As Peter Drucker famously said, ‘Culture eats strategy for breakfast.’
DI: That’s absolutely right.
EG: I’d like to close by talking to you about mentorship. Obviously, you’ve worked with a lot of people in your career, and I’m sure there are many, many successful people out there who would consider you as one of their mentors. Of course, that brings a lot of benefits for the mentee, but how about for the mentor? Do you learn as much from young people starting out as they learn from you?
DI: These days, I’m a fellow of the Chartered Quality Institute, and I’ve been a member for 40 years. Not that long ago, maybe two years ago, they came up with a formal mentor role, and that’s a role that I’ve taken on and which I like to promote. Look, I’m at the end of my career, which I have thoroughly enjoyed. I’ve been an engineer, I’ve been a health and safety person, and I’ve been a quality professional. For me, work is no longer about money… it’s about satisfaction and transferring my knowledge and experience into current and future colleagues.
I meet with loads of people for coffee almost every week, just to have a chat. They ring me up and say, ‘I’ve got this issue, I have to implement this, and I don’t even know where to start.’ So, we have a coffee and I talk about the basics. There are probably about half a dozen people who will call or send me an email every three months or so and say, ‘I’m struggling’ or ‘I don’t know how to do this.’ And I’ll either send them some information or we’ll talk it through. Many times, it comes down to helping them figure out what battles they need to fight.
When I started doing this work 30-odd years ago, I really wished I could have had a mentor. Arguably, I had a mentor for the technical aspects of the job: the paperwork, the mechanisms, but I don’t think I had many mentors on the human side of things. At that time, the auditors were just policemen, they weren’t business improvement specialist. But I think there’s a tremendous benefit to having a mentor.
I do play that role now with a few mentees. Now, as I’m in my 60s, I’ve tried to stay relevant and current with all the latest technology and trends and so on. Of course, in working with younger people, I always look over their shoulder at what they’re doing on their computer or their iPhone. It’s important to keep current with new trends and new culture as well. It’s good just to learn how people think and how they behave. I hope to continue learning until the day I’m done.
EG: This can be a great career choice, and there are some real benefits to getting into this auditing early. Over time, people can have their own businesses as auditors, trainers, or consultants. There are many great advantages that young people should understand.
DI: Absolutely. Looking back, I have thoroughly enjoyed my career, nearly 50 years of it. Sometimes in the middle of it, for very short periods of time, I wasn’t always happy, but overall, it’s been marvelous. During these last 30 years, in this industry, the work has been a tremendous blessing for me. I’ve prospered, I’ve enjoyed, I’ve done different things, I’ve had my own company, and I’ve worked for others. These days, I’m kind of a semi-retired, consultant/coach/auditor-type dude, and it’s just been tremendous. I’ve loved it.