Heather Turner is a self-employed safety auditor. Her role consists of offering auditing and advice to self-insured companies to ensure that their OHS systems meet the requirements for the regulator, WorkSafe Victoria.
Previously, she was a senior consultant for WSP Environment & Energy, a management system specialist for WorkSafe Victoria, an OHS consultant for Noel Arnold and Associates, and a safety coordinator for the Victoria Department of Agriculture. She is also certified as an ISO 45001 lead auditor through Exemplar Global.
In this conversation, we discuss her work experiences leading up to the founding of her consultancy, the importance of lifelong learning, and her thoughts about the future of the auditing profession.
EXEMPLAR GLOBAL: It’s always interesting to hear about people’s career pathways and how they arrived at this time and place in their careers. Can you tell us your story and how you came to discover management system auditing?
HEATHER TURNER: I was very fortunate as I progressed through my career. My first major employment was at Melbourne University in the chemistry department, which I held for 11 years while obtaining my bachelor’s degree in chemistry. I then transitioned to a position with the state chemistry laboratory here in Melbourne as their safety coordinator, which was a bit of a change in my career trajectory. Being a government institute, they encouraged people to continue learning, so I went on to study for my master’s degree in science and technology, with a focus in occupational health and safety. Because of my prior interest and experience, I majored in chemical safety. The lab also encouraged me to become a member of Australian standards committees, and I was on four subcommittees for safety and laboratories. I met some wonderful people through that process who were quite willing to share their experiences.
During my time with the lab, I also helped support the quality assurance program, and I was acting human resources manager for six months. These experiences, of course, helped me build my knowledge.
EG: There are so many factors that contribute to an auditor’s success, but I would have to imagine that broad experience like yours, which provides the ability to understand people’s place within the organization and what they do, is quite helpful.
HT: Oh, very much so. You learn so much from just talking to other people and finding out what they do. I eventually came to realize that safety was what I most enjoyed and where I wanted to be. Hence, after 11 years with the state chemistry lab, I obtained a position with WorkSafe Victoria, which is the regulator for the state of Victoria in Australia. That was where I first started with serious auditing. The position was in the management systems branch, where we were the auditors for safety systems in businesses that were self-insured for worker’s compensation.
To provide a little context, here in Australia, small businesses generally work with an insurer who takes on the workers’ compensation. Larger businesses that have the resources and the systems in place, however, can apply to be self-insured, and so they manage all their compensation plans. At that time these companies were audited every three to four years by WorkSafe. The audits were to ensure that these companies’ safety systems met the required standard. When I started, the standard was a system called SafetyMAP, which WorkSafe Victoria itself had developed. Initially it had 58 criteria that we were auditing against. We also developed the National Audit Tool for self-insurers, which expanded with further versions. These systems were certified by JAS-ANZ, so they were certified standards.
As would follow, these were large organizations with the resources to manage being self-insured, so you could imagine that I worked on some very interesting audits. One particularly exciting one was on an oil and gas rig out in the Bass Strait just north of Tasmania. We took a helicopter flight over and were there for two days. Fortunately, I didn’t have to do the survival training for helicopter failures over water!
I stayed with WorkSafe for 10 years and acted for several months as the manager of the branch. I decided that I was better suited to being on the ground auditing as opposed to office-based activities, so I joined a consultancy for a while, which was very interesting. I was able to conduct AS/NZS 4801 audits—that standard was the local precursor to ISO 45001 for occupational health and safety management systems. When I joined the consultancy, I also had the opportunity to audit in many states within Australia.
After about three years with the organization, I decided to step away and explore other opportunities. Almost immediately, I started getting phone calls from friends who expressed that working directly with me to conduct audits might be a more efficient collaboration than through a larger company.
EG: Are those pre-certification audits? Where exactly are most of your clients in the certification lifecycle?
HT: To provide certification for a company, you must either be a certification body or work for a certification body. None of the companies I have worked for in my career were certification bodies, so I didn’t conduct certification audits. My own clients would get me in to undertake internal audits before the regulator, WorkSafe, conducted their external/formal audit to highlight what was missing and prepare appropriately. So, I finally got to be the good guy!
Also, the regulator had reporting requirements for self-insured companies, and this required audits to be undertaken by an independent certified lead auditor. The company had to submit these reports to the regulator to demonstrate that their safety system still performed to the required standard.
EG: You get to wear the white hat now! And that’s extremely valuable because you’ve been on the other side of the table, so you can help your clients better understand the process from all angles. As an auditor, of course, you can’t consult, but in your role now you can offer advice.
HT: Correct. As an auditor, you make a judgment over whether something is in conformance, or you find nonconformances, or you make observations. But you’re not allowed to consult at all.
An auditor is not generally an expert in the auditee’s business. So, the auditor might say, “This process really needs to be done. Now, we could talk about ways you could do it, but you know your business best.” I don’t think auditors should be telling people how to do something.
EG: It’s also not optimal because then the auditee comes to rely on the auditor as an authority when that auditor may not actually be an authority. As you say, the stakeholders in that business know it best, and they are the ones who must understand the context of their organization and what they need to do to fulfill the language of standard. I would imagine it is very nice for you to be able to say, “In looking at your business, here’s what I think should be done, because this is what the auditor will say about this particular issue.” And then you can work together to achieve success.
HT: One of the things that I really enjoy doing is going out and learning about the different businesses. I believe an important part of auditing is talking to the shop floor associates. They are the ones who work every day in that area, and they know the hazards. Sometimes management teams think they know the hazards but are sometimes not fully aware of all that is occurring on a daily basis. There are times when I’ve said, “OK, here’s the procedure for this, how does it go here in your shop?” And the shop floor associates might say they don’t use that procedure anymore.
EG: So, are you saying that the people on the floor know the procedures that are currently being used and they can describe them to you, but the “official” procedures in a binder somewhere, which management thinks are being followed, aren’t really being followed?
HT: Yes, exactly that. I’ve come across the little white folder sitting on a shelf that someone developed once but which never gets updated and doesn’t reflect what the organization is actually doing. When I worked for the consultancy, I once had to audit a mom-and-pop business against AS/NZS 4801, which was a comprehensive standard. And I thought, “Why? Why am I auditing this small business against this standard?” Anyway, they produced their system, and as I’m going through it, I start saying things like, “You’ve got a procedure here on such and such, but you don’t do that work.” Or, reading on further, “Now, here you’re talking about the position of Safety Coordinator, but there’s only you!” Later, the auditee admitted that they obtained the system from someone else.
EG: It seems that what happens many times is that the auditee often cares less about improving their systems and more about getting the auditor off their back. Not enough of them understand the critical importance of safety. Those processes help protect people’s lives—employees as well as customers. There’s a lot of risk in failure to conform to health and safety requirements.
HT: When I was at WorkSafe, we were always concerned about auditing an organization, and then seeing them have an accident the week after we leave. As an auditor, you are always conscious of making sure that the auditee’s systems work and meet the requirements.
EG: I would imagine there is a lot of pressure. Obviously, you want to do a good job, you want to be rigorous, and ultimately you want to help protect people. Sometimes you’re trying to protect people from themselves, which can be difficult.
I wanted to get back to this idea of the different things you’ve done in your career. It’s clear that you have a very strong technical background. Is that type of training necessary to become a good auditor? What, in your opinion, is the best way to get more people into this profession?
HT: Auditors come from a variety of backgrounds. Even within the WorkSafe team, we had an ex-manager from the police force, and we had someone from the healthcare arena. These people had different skills. For someone who wants to get into auditing, I would recommend that you talk to a wide range of people and learn what you can from all of them.
When I worked for one consultancy, we audited schools in the state of Victoria. One of my fellow consultants came from a fitter and turner background and another was an ex-teacher of material sciences, metals and wood. I learned so much from them about those areas, when we would go to schools and see cut-off switches that were so far away the operator couldn’t reach them if the operator got into trouble. So, I would encourage people to learn as many industries as possible.
Another point is that companies in Victoria can elect a health and safety representative, which is an employee. It’s part of the union process that they have elected health and safety representatives (HSRs) for their work group. That is another great entry point toward becoming an auditor, because once you become an HSR, you’re allowed to request five days of training. There, you are going to meet many other people that come from many different backgrounds, so it’s not just the training that you’re getting that cover the topics, it’s meeting with other people and discussing problems and solutions. That’s a great stepping stone. Then you can start on actual courses and earn certificates and diplomas. I fully believe we should never stop learning. Keep taking all the opportunities you can to learn, and then take a position in the safety department of a company and go on from there, taking the opportunities that present themselves to you.
EG: Do you think there is a certain rigor to a technical or engineering mindset that makes somebody a better auditor than say, somebody who comes out of general management, finance, or other business-oriented fields?
HT: Not necessarily. Those in finance, for example, must be very rigorous in their procedures. I audited banks and they understand auditing because that’s what they do, but it’s just in a different area. I don’t know that you need to be an engineer or a scientist to be a good auditor—you can be from any background as long as you’re rigorous in verifying all the aspects you’re looking at. If you are auditing an organization that has a good procedure that meets all the requirements of a standard, you just need to verify that it’s working, is up-to-date, and that the operators know and have been trained in it. Those are the steps that you learn when you complete your auditor training.
EG: Excellent segue. What did your training look like? We chatted earlier about how you first became exposed to this field, but I’m curious if you’ve taken in-person courses, online training, or some combination?
HT: It was so good to be with WorkSafe. When I first was appointed, a decision was made that we also had to be inspectors, so we needed to complete the required training. This involved three months of training in the Victorian safety legislation and hazards involved in the various industry sectors from scaffolding to manual handling injuries. In addition to this training, we had to learn the requirements for auditing to WorkSafe standards. My first audit was in 2001, which was shortly after I joined WorkSafe. I went out as an observer, watching the other two auditors, who were lead auditors. We also had a system of mentoring new auditors within WorkSafe, so you’d watch, then you’d be assigned a few criteria that you were comfortable with, and you would do those under their watch, then you just progress through doing more and more.
Of the six members of our WorkSafe branch, three of them were already certified lead auditor when I was initially employed. All WorkSafe OHSMS auditors were required to be certified as lead auditors through the Quality Society of Australia (QSA). Eventually I obtained all my auditing requirements for the Quality Society of Australia and become a lead auditor, and then I went through the Exemplar Global requirements as well.
EG: I’m glad you brought up mentorship because it’s so important in developing the next generation of auditing professionals. As you mention, WorkSafe had mentors built into their system, and you worked with them over the course of many months to gain practical experience. Do you now return the favor and act as a mentor yourself?
HT: When I was at the last consultancy, yes, I would mentor the junior members of the team, and I would go through the same sort of process with them. Come and watch, come and do. One of the skills that they really had to master was the ability to deliver bad news. I would say to them, “OK, we’ve looked at these criteria and you need to tell the auditee what you found, because we decided that it was going to be a nonconformance.” And they initially would say, “No, I can’t do it!” To be a good auditor, you’ve got to deliver bad news in a positive way. Personally, I’ll first talk about the company’s strengths, those things that they’ve done well, before I tell them the observations or nonconformances that they may still need to work on. This is another thing that I’m really keen on: You must clearly communicate what you believe they are doing wrong, or not doing. Until they can accept that their process is not meeting the requirements of the standard, and will therefore result in a nonconformance, they just aren’t going to do anything about it. So, you must convince them of your findings and why they are not meeting the requirements, and you’ve got to do it in a nice way. I might say, “Look, the requirement is this, this, and this. But you don’t have that. Can you see that you don’t have that?” Once they understand and accept the deficiency, then they can do something about it.
EG: Many times, people just don’t know, and that’s the value of the audit, where you get a vigorous review of the documentation and the processes. As an auditor, you get the chance to show what you’ve seen vs. what the standard says and point out the gaps. If everyone approaches it properly, a nonconformance can offer a great opportunity for an organization to look deeply at what they’re doing and improve. That means efficiencies not only in health and safety, which can save lives and prevent injury, but also increased revenue due to driving out inefficiencies. Yes, it’s hard to hear bad news. Nobody wants to hear that their baby is ugly! But sometimes the auditee needs that tough love because that will often spur growth.
HT: I’ll give you an example of a facility that I audited. One of the criteria that I was auditing against stated that the auditee needed to have a maintenance system for their equipment. As auditors in that case, basically we’re looking for a preventive maintenance system. So, I’m going through the facility looking at all their equipment. I asked one of the operators, “What’s your preventive maintenance program for this piece of machinery?” And he said, “We fix it when it breaks down.” Well, that’s not a preventive maintenance program. Would you do that to your car?
EG: Actually, many people do! But of course, the risks here are higher than for a single car. If you don’t care for your car, you could find yourself stranded, but an equipment breakdown can really do a lot of damage to the organization.
HT: Again, if we’re talking about savings for the business, if you don’t do preventive maintenance, the equipment could break down at it the wrong time and the costs could be greater than the cost of maintenance.
EG: What do you foresee for the future of the profession? Remote auditing is on everyone’s mind right now, but are there other technologies, perhaps with regard to online training, that you think will become prevalent as well?
HT: This profession has grown so much since when I first started in 2001, and I think it’s going to continue to grow. Technology will change, completely. You mentioned online learning and online auditing, and I can’t say that I’m a real fan of those, probably because of my regulatory background. Unfortunately, some people are not honest in a virtual environment, and some people find other means to avoid completing online training (e.g., they get someone else to complete the training and competency tests). However, I think remote auditing and training is here to stay, mostly because of efficiencies.
EG: By which you mean cost efficiencies. For sure, it’s cheaper and easier not to fly into a location and audit on site for a few days.
HT: But we must remember that it’s very easy for the auditee to turn a camera toward what they want you to see and away from what they don’t want you to see. And if you’re not there in person, you sometimes don’t know to say, “Can we just have a look at this or that?”
Before an on-site audit, we walk around the site to have a look at things. As consultant, one of the things I’ve told my clients is that if they are going through your factory with an auditor, don’t say, “Oh, here’s a new piece of equipment that we just got.” Because you can bet your bottom dollar that that inspector is going to say, “Oh good, let’s have a look at the risk assessment.” If you haven’t done it, that’s going to be an issue.
I should say that during this time as an independent consultant, I did get a call from WorkSafe when they were short of resources, and so I’ve conducted bit of contract auditing (where there was no conflict of interest) as well. So, I guess you could say I sometimes put on the black hat again from time to time!