Deborah Taylor is the principal at DA Taylor Consulting Services. She works with organizations of various sizes to develop and implement HSEQ management systems, improving compliance and performance.
Taylor is an Exemplar Global-certified health and safety auditor with experience in the integration of ISO and ASNZ standards into other business functions. She also develops and audits integrated management systems (ISO 9001, ISO 14001, and ISO 45001) for her clients.
In this conversation, we chatted about how and when she started to audit, the challenges and opportunities inherent in integrated audits, and her advice for management system auditors just getting into the field.
EXEMPLAR GLOBAL: How did you find your way to management system auditing?
DEBORAH TAYLOR: I’m quite proud of my auditing achievements in that I don’t belong to a third-party certification company, so my audits are always a lot of fun and a learning experience for both the client and me on most occasions. I’ve been doing this work as an Exemplar Global-certified auditor for several years—I got my first auditing gig in 2012, so it’s been more than nine years.
EG: And what were you doing before that?
DT: I was working as a WHS manager. What I like about this sector of the industry is that I’m never out of work. Rain or shine, locked down, locked up, or locked out, I’m always needed. So that’s the benefits that auditors have, I think—in the background, the wheels are always turning somewhere. That’s where I get involved, identifying where my clients’ systems and processes could be fine-tuned to produce more efficient and positive outcomes.
I originally got into WHS, OHS, and auditing after some time spent in other industries. I met a partner who was a carpenter, and I thought, ‘Well, I’ll try this industry, the construction industry.’ I ended up doing a couple of years of office fit-outs for big organizations, often across several floors of the buildings. These big companies, around 20 years ago, started asking for more and more paperwork. You see, here in Australia, we had OHS legislation passed in 1983, and it was revised in 2001. And that’s where I saw an opportunity, when I realized that this was going to be very big. And blokes in construction back then were not very good at taking care of each other or themselves. They were not very woke in those days.
EG: No woke blokes?
DT: Exactly, no woke blokes at that point. So we had new legislation in 2001 and the corporations got involved with the regulators and started to enforce health and safety legislation. We could also see, I suppose, as a younger country of 27 million, with a younger manufacturing industry, that we could not send people out to work to not come home. And I think that put a lot of pressure on the industry to change their ways. So that’s where it all started for me.
I began writing safe work method statements and then safety management plans. After that I went back and did a year and got my certificate IV. It was part-time for a whole year. Now, you can do it online in five days. However, as an aside, I may not hire a WHS manager for an accredited construction company who has only done five days of health and safety training. In any event, from early on I saw the value in maintaining health and safety workplaces so that unwoke blokes could at least survive their workday.
EG: Were there people along the way who encouraged you to pursue a career in auditing?
DT: My first job as a WHS manager was for a medium-sized construction company. When I landed that job, I was the OHS manager, which was my first job in the field. At that point, as I mentioned, I had done a year, part-time, studying health and safety. As soon as I landed that WHS job, I then got another two hats—I also became the quality manager and the environmental manager. This company was accredited to all three standards with SAI Global. At that time many big employers were getting into certification and pre-approval of contractors as a way of limiting liability and limiting risk. SAI Global were reaching out to a lot of these big guys in those days, and if you had those three ticks (quality, health and safety, and environment) you were almost guaranteed that your tender would get a look. It’s much more competitive now, and the auditing industry is being driven by a lot of different platforms, which means there’s less emphasis on those bigger certification bodies.
This is why I’ve been lucky. You see, I wanted to work for those SAI Global blokes. During my first year wearing the three hats for that construction company, we had an audit. Everybody seemed to have left the building, and I got stuck with these three auditors, and I learned pretty quick about performance and standards and requirements. No one in my organization had realized the scope of their own management systems at that time. So anyway, by the second or third year of their accreditation, I was running a tight, robust system that I’d completely rebuilt and re-developed under the guidance of the SAI Global team. And I said to them, ‘I think one day I’ll be sitting where you are, in the auditor’s chair.’ You see, I didn’t want to be on the receiving end, as it were.
EG: I don’t blame you!
DT: Well, there was a lot of pressure on because my company’s entire business hung on maintaining those certifications. I was very green back then, but I learned as much as I could. The rigidity and the effectiveness of the SAI Global audits pushed me into being on the other end of the process. I’ve also done a lot of study with SAI Global. Every year I do another course, and that increases my capabilities.
Now I’m occupied mainly in the education system, working with clients who are preparing for third-party certification or recertification audits. In that role, I’ll do a five- or six-week internal audit, going from the top to the bottom using the standards, identifying gaps, providing a report, and then giving the organization an opportunity to make a decision about where they go, how hard they want to go, how much they want to invest, what support and resources they might need to continue, and what the benefits and risks might be of having the audit and finding out what they may not have known.
I’ve really been able to develop some very good investigative skills. I’ve been working for some private schools and a couple of institutes. I’ve also audited for the University of New South Wales for several years so that they could show the results to their board and other interested parties. They are also self-insurers for workers compensation, so it’s in their best interests to know the status of the management system and whether it’s doing the job.
For a school to remain licensed, they must be audited every three or four years by the Australian Department of Education, Skills and Employment. Some of the insurance companies might audit as well to find out if the organization is worth investing in. Back in 2006, when I was first audited by SAI Global, I thought there were only third-party auditors for certification companies, but now I find that an auditor is needed on many occasions
EG: Yes, the wonderful thing about the auditing career pathway is that as you get more experience and make more contacts, you see that those skills apply in many different scenarios.
DT: I’m very lucky. I have audited dozens of huge companies, and I’m always enlightened and surprised at the findings.
EG: That’s a great way to put it. Enlightened and surprised. Isn’t that really the definition of the auditor experience in many cases? Not always delighted, not always disappointed, but enlightened and surprised
DT: That’s probably about the most diplomatic way I could put it!
Look, I’ve got this thing that every auditor should have, which is that I can talk to anyone, with empathy. And that helps greatly in terms of getting to understand the organization during the audit period. I think the most valuable insights you can get is to by talking to people at each level of the organization, and it could be about the weather and what happens during the weather at an organizational level. People will tell you everything and anything.
That’s what I also like about getting involved with the organization—finding out things that other people don’t know and aren’t aware of. Most times, they’ve never even asked questions like, ‘How do you purchase things safely?’ And the person I’m talking to may say, ‘Well, I go to shop, I bring up the order, I do this, I do that.’ But no one’s actually asked those questions at the top of the organization. They just think they’ve got a procedure, so everybody’s read it and trained in it, and that’s how they purchase. Until something goes wrong. And then they worry about how they purchase, who purchased, why they purchased. I think that’s a skill that I’ve learned, but it takes a bit of confidence to have that skill to be able to approach all levels and functions of an organization to do the research and write an effective report. It’s not just what the organization wants to see, but what is there, what is actually happening.
EG: As we’re getting into the nuts and bolts of the auditing function, perhaps you can talk about some of the special skills that are needed to do what you do. Of course, an integrated audit is a very different animal, especially when you’re combining health and safety, environmental, and quality. Those are very different things. ISO has taken steps to address that through the high-level structure, but what do auditors need to know and do to enact that in the real world?
DT: Some the skills I have are to know each element of the standard, remembering that we had our own health and safety standard, AS/NZ 4801, until it was superseded by ISO 45001. The skill is in having almost a photographic memory for each of the elements of the standard, knowing those elements intimately, and how they interact with other elements of the standard. Also, you have to know how any the requirements of any relevant laws fit into those standards, because ultimately, I’m auditing against legislation, where the punitive damages of noncompliance can come in for the organization. I have come to know all the elements of the standard, knowing how they interact with each other. This has been one of the benefits of ISO 45001, which superseded 4801, which was so clunky. It also helped having that experience as a QA internal auditor and wearing those three hats as the start of my career in this field. I grew up in this business with ISO 9001 and had to become familiar with each of those elements, and how ISO 9001 applied to good business
There are no laws directly relating to quality, but the laws relating to health and safety and the environmental acts are what you need to memorize. Understanding the interactions of the standards and these various laws is where the benefit of putting the three come together in an integrated management system. I now find it quite difficult to pull those out and audit any of them individually, because I’m convinced that the three standards go hand-in-hand for any successful organization. For example, if I’m auditing against OHS criteria and I see overloaded garbage bins, or a waste problem, or things going down the drain, I advise that the organization has the risk of damage to the environment, damage to their reputation, and liability for punitive damages, such as fines from regulators. All of those involve some combination of quality, environmental, and health and safety. As an auditor, I would never leave my client exposed to a risk that was there that I didn’t verbalize, and it wouldn’t matter what standard or criteria lead me to identity those risks.
EG: Would it be correct to say that, with the high-level structure, elements like the context of the organization or risk-based thinking manifest themselves differently whether you are auditing ISO 9001, ISO 14001, or ISO 45001?
DT: That’s true but knowing how they interact and applying the three standards to business is where the value lies. Now, a quality system incorporates the need to comply with legal and other requirements. So naturally, ISO 90001 takes into account the other two standards because they are legal requirements. That was a light-bulb moment for me, probably just before I became an auditor, because I realized that an organization needed to fit the legislation into a continual improvement system. When you learn about legislation, you don’t learn about the system involved in maintaining compliance with the legislation, you just learn about applying acts and regulations. But the light-bulb moment come when you realize that it’s a system that enables you to achieve compliance with the legislation. You need to understand that first and foremost.
EG: Quality is kind of catch-all phrase that denotes a process-based approach to performance. Whether environmental performance, health and safety, what have you, it’s quality.
DT: Without quality, you haven’t got a business. Without a business you don’t have to worry about the legislation, it’s not going to affect you, and therefore, I wouldn’t be required. Every business, in my book, should maintain that quality system, because everything else fits, as you said, neatly underneath it, in a way to ensure that you improve and don’t go backwards.
My dad always told me, ‘Measure twice, cut once.’ I said that to a client recently and she said, ‘I wish I realized that when I was doing some house renovations!’ I apply a bit of a Plan, Do, Check, Act theory to my entire life. I try to never make the same mistake twice, and if I do, I kick myself for it. I find that most companies and organizations, even if they haven’t identified it or documented it, run a quality system.
EG: What advice would you give to those starting their careers in this field?
DT: Develop good listening and empathy skills. You need to have a certain amount of empathy to not just hear, but to listen, because listening will give you always the areas of concern. I find a lot of organizations would do better if they listened more and maybe talked less. So developing good listening skills and maintaining objective empathy, which means not giving particular empathy to any individual function, because you know that it’s a systematic problem, not an individual area of concern in terms of anything that’s not happening correctly or that has a negative effect on the organization. I’d say that 99% of people want to do the right thing; we just need to instruct them on what the right thing is to do at an organizational level. An auditor needs to have objective empathy to every level that you have contact or interaction with at the auditee organization. If you can just get them to talk to you about anything, to take notes and listen and have some empathy, that will tell you a lot.
The other thing is, know the audience, know who you are auditing and what the objective is. During my first interview, when I’m still at the point of planning the audit, I ask the client why they want to undertake this, what are their objectives for undertaking this audit, and what they want to obtain. Quite often, they may give you one rationale behind the audit, but by the time the audit is done, you know there was something else, there was another agenda there. That happens quite often with non-certification audits. So you need to know and understand the audience, ask the client why they are doing it, and what their objective is. Find out as much as you can about the company—do a Google search, check out their website, and learn about how they portray themselves to other people. That will give you some areas to start looking at them more closely.
And something I might add for new auditors: In the old days, we didn’t have opportunities, we only had risks. The value of these new standards is in identifying opportunities, which maintains a buzz about the audit, its outcome, and its objectives. Maintaining that buzz with a client will almost guarantee that something will be done at the end. It helps pump them up to see opportunities, not always talking about the negatives and the areas of concern. They come to understand that their company has lots of opportunities to grow and improve. They all want to make a successful business, otherwise they wouldn’t be going through the trouble.
EG: Auditing is obviously a very intellectual undertaking, but it really has as much to do with EQ as IQ. By which I mean, a good auditor needs to understand the psychology of people and what motivates them. I would think that developing the EQ is of high importance to being a good auditor.
DT: That’s right, but it is something that only comes with maturity. It’s something you learn along the way, possibly from dealing with so many organizations and from COOs to CEOS to owners to foreign ownership. Dealing with other cultures is another important one. If you’re going to do an audit, research the culture of the organization as much as you can. Always be mindful of your audience. You as an auditor shouldn’t be a distraction from the objective—you are just a vehicle to investigate areas and opportunities where the business could improve their outcomes. I think that’s really important, but as I said, that comes with maturity.
EG: There are so many things that go into forming a person who can do this work. You mentioned experience, and authority is another.
DT: Yes, authority, absolutely. You also have to be tenacious, but, coy, too. Because, again, you’re not the organization, you are just a vehicle for them. You’re there to find out what’s going on, and hopefully they don’t shoot the messenger! A lot of these companies that I’m auditing now, have asked me to come back every other month just to keep an eye on things.
The other advice I would give to young auditors would be to nail the plan and nail people into the plan. Look, it always goes awry. Someone is late, someone has to swap places in the morning or the afternoon, someone is not available. And all of those changes give an insight into how organized the organization is, but I’m trying to nail that plan as they can as best as I can. You know, companies with a lot to hide can take you right away from where you were. So don’t get sucked in, and also don’t get dragged into any ‘He said, she said’ stuff, which doesn’t add any value.
Finally, just know that there’s a lot of need for auditors out there today, so you’re doing important work. You’ve chosen a field where you can really make a difference.