Kristin Keane is an Exemplar Global-certified lead auditor with more than 20 years of experience working on environment, quality, and safety management systems. She is also the co-founder of the consultancy Environment Pacific Pty Ltd.
Her auditing work had originally focused on regulatory compliance and best practice guidance related to environmental duty-of-care obligations; however, this scope has expanded considerably. Keane draws on her qualifications and professional experience in biological sciences and business management to provide support to organizations regarding continuity planning, environment and social governance obligations, and risk management. These services are provided to a variety of sectors such as tourism, energy, renewables, telecommunications, government, resources, transport, ports, and global development projects.
In this conversation, we discuss Keane’s background in ecology, some of the new concepts finding their way into ISO standards (and how to audit them), and her advice for those considering a career in auditing.
EXEMPLAR GLOBAL: Can you share with us a bit of your background and how you came into this part of your career?
KRISTIN KEANE: I’m an ecologist by trade, and I’ve undertaken environmental assessments in many areas of Australia and the Pacific. My work life is quite transient, as the two of us in my company travel throughout Australia and also in New Zealand and Papua New Guinea.
My roots with ecology started in local government, where I was the environmental officer. A lot of our work was compliance-driven, regarding community services, infrastructure, that kind of thing. During that time, I was fortunate enough to be put through my auditing course, after which I was certified through RABQSA, which is now Exemplar Global, of course. That was about 20 years ago. It’s been very useful for me because I’ve been able to use it in the different stages of my career. I’ve been able to perform audits required by regulators, which demand third-party oversight for permitting. It’s also helped my clients who want audits for voluntary reasons, just to track how they are performing and identify improvements they can make.
So, I’ve ended up doing quite a bit of auditing over time. Environmental assessments are actually audits to a degree, given all the desktop research, site visits, observations, and record-keeping that’s required.
Lately, I’ve been doing a lot of work on renewables, which involves wind-farm projects, solar, property development, and tourism. One of my main clients, which I’ve had for some time, is based in the Whitsunday Islands, which is a highly regulated environment in the Great Barrier Reef Marine Park. There are duplicative legislations there, with different regulatory authorities. It’s been a good opportunity to work in those environments, not only because they’re beautiful, highly biodiverse and recognized internationally owing to their world heritage values, but also because of the complexity of the legislation and opportunities to help clients meet their obligations and improve their environmental performance in these sensitive areas.
The Secretariat of the Pacific Regional Environment Program has begun to develop and administer environmental management tools to improve environmental management in the Pacific. I was contracted recently to help write an auditing guideline for tourism, which is the first of its kind within the Pacific region. This project has allowed me to leverage my ecology background, auditing, and consultancy experience in tourism as well.
EG: What are the specific standards and schemes that you audit against?
KK: I’m certified to audit ISO 14001 for environmental management systems, ISO 9001 for quality management systems, and ISO 45001 for occupational health and safety management systems. By 2018, I had acquired lead auditor certification in those three management systems. Quite often, my work and auditing have been undertaken with consideration of those, as well as the Australian standards to do with safe fuel and chemical storage and handling of hazardous goods. ISO 31000 is also particularly relevant with most of my projects as risk management is required to be considered. These are the main ISO standards that I use for auditing and assessments, as well as certain offshoots of those regarding, for example, tourism.
EG: There has been some discussion among industry stakeholders around recent language coming into ISO standards regarding climate change and other sustainability-oriented frameworks. As someone with your background in ecology and environmental concerns, how do you feel about, first, the fact that this language has been introduced, and second, the ability of someone to audit against these requirements, which are somewhat more amorphous than other clauses in ISO standards?
KK: The governance structures of organizations are increasingly focused on improved environmental and social outcomes. This has become even more obvious in the last five years, as organizations are not just working toward the bottom line, but also incorporating these other elements into the culture of their businesses. Shareholders are also a lot more vocal in terms of where and how their funds are to be invested, and the ethics and values of the organizations in which they invest.
I think that, even if the language in some of these ISO standards are still early in their development, they will develop over time. In some instances, it might be difficult to quantify or audit against certain requirements, but that could represent good opportunities for auditors to ask questions, determine audit criteria, and help organizations improve. For example, an organization might have policies on sustainability and climate change, which is a great place for an auditor to start. But even if they don’t have those elements in place, there may be other resources that can be used to assess how effective they are in terms of sustainability. I guess one thing that’s lacking is a quantified framework by some businesses about how they are going to achieve sustainability, and what it means in the context of their organization. I suppose all of this can be considered as work in progress, really, and an opportunity for auditors to contribute to improving the process.
EG: For some of these organizations, sustainability may be more “aspirational” in nature, where they know it’s something they want their management system to address, but they are struggling to nail down the specific inputs and outputs. That’s part of the role of the auditor, however, to help assess conformance to these new concepts.
KK: And it’s not just about what’s being done correctly and what’s not being done correctly—it’s also about looking for opportunities for improvement. Sure, the auditor’s role is to examine compliance with requirements, but in a broader sense, it’s to help foster improved outcomes.
EG: If you think about some of these newer concepts that are coming into the standards, it is somewhat analogous to what ISO did with risk-based thinking in 2015. At that time, there were auditors asking, “What does that mean? How do you audit a thought process?” But we’re beginning to imbue organizations with this idea that there should be a certain culture of quality and a culture of understanding risk and a culture of understanding what sustainability means.
KK: A lot of the work we do revolves around risk. If you’re talking about the environment, it’s fair to ask, “How do you audit nature?” Nature does its own thing and doesn’t have boxes to tick. With that said, you can make some informed calls while you’re completing an assessment or an audit to tease out whether or not the audited organization is embracing sustainability and grasps the risk in its operation.
EG: Can we switch gears a little and talk about your background regarding training? How did you learn what you needed to know for a career in management system auditing?
KK: Well, I’m still learning, to be honest! There wasn’t a specific point where I thought, “Oh, I’m going to be an auditor.” It’s just something that evolved over time, and it’s only one of my professional offerings. However, for me, I’m really interested in auditing, mainly because I know the outcome is about assisting organizations or communities who want to improve their practices, and helping them understand the impacts of those practices on the environment. Most of us in this space audit to some degree, anyway, even if we don’t technically acknowledge that what we’re doing is actually auditing. But if you’re doing an assessment, analyzing performance, or even looking at spreadsheets to understand how things are going, you’re taking on parts of that role.
That’s how it has evolved over time for me. The projects I’ve worked on have required that sort of assessment and insight.
EG: Do you remember where you were when you first heard about auditing or experienced an audit? Were you an auditee at some point and you began to ask, “Oh, what is this audit thing?”
KK: My first memory of being audited was as part of a team when I was working at University of New South Wales. There was a lot of auditing of our work there, and I well remember being audited. It was scary!
EG: I would imagine that remembering what it was like to be on that side of the table is very helpful. Understanding the natural fear that auditees may feel is valuable, yet it’s necessary to overcome that and get the answers to your questions.
KK: Yes, absolutely. There’s no doubt about it. I always try to press for the opportunity to present my findings. In certain organizations, it can be very well received, or there can be a lot of pressure put on staff internally in terms of performance. It’s about taking the opportunity to deliver the findings so that everyone can see some context to the audit. Because, at the end of the day, again, it’s all about helping organizations improve. Of course, part of it is about identifying faults in the system that can be improved. But it’s all about overall improvements. With that said, I recognize that from a regulatory perspective, an auditor’s job is to identify noncompliances. It really does come down to the purpose and scope of your audit.
EG: There’s no way to avoid it. Obviously, you’re there as an auditor to find out how the system is performing, and you need to ask some probing questions to do that. Being audited is going to be a somewhat uncomfortable experience for some people, but you want them to be open and share with you what’s really going on so that you can help them get to a better place.
KK: Establishing clear communication and relationships with the auditee is important because, as you mention, you can only audit as well as the information you’re given. You can include caveats and whatever else, but the more information you have, the better the outcome.
EG: Finally, what advice would you give to someone who has begun or is contemplating beginning their career journey as a management system auditor?
KK: I’d like to direct these comments not only to those who are actively investigating auditing careers, but to those who might not have thought about auditing as well, because it’s important to recognize that much of what people do in terms of study and/or day-to-day work probably falls under the guise of auditing to some degree.
First, there are some perceptions and misperceptions about auditing, and it’s probably worth dropping those and having an open mind about how you approach this kind of work. There are a lot of benefits from auditing for auditors as well as auditees. In terms of career development, networking without a doubt is key in terms of keeping up with industry. Unfortunately, I have not known that many certified auditors, I think in part because I’ve worked regionally quite a lot, and I guess being taken on a job as an auditor colleague is rare. You don’t work with other auditors much unless you’re in a team environment. So, I think, in that respect, it’s valuable to stay in communication with others in the industry. That could mean achieving certification as an auditor, taking training courses, or attending presentations and networking events. It just depends on what you’re most comfortable with, because different forums suit different people.
I’m a formal mentor, not necessarily for the auditing function specifically, but I would encourage people to explore that because mentoring is terrific. It can be formal, it can be informal, it might just be chatting during the year about questions or clarifications or to have a quick catch-up. It comes down to how much time and effort everyone wants to put into it, but I think that mentoring is valuable.
Also, be mindful of maintaining your objectivity as an auditor. When you establish relationships with clients, you become quite familiar with them and their processes, but it’s always important to stand back and appreciate that your role as an auditor is to be objective. That’s for your own benefit and for their benefit, because the more objective you are, the better the outcomes will be.
Finally, being aware of the requirements of the audit is very important. It’s potentially quite easy to get caught up in audit scope creep. You must be clear up front with all parties regarding what you’re trying to achieve. That makes the audit process a lot easier.