Nino Capogreco is an Exemplar Global-certified lead auditor for ISO 9001, ISO 14001, and ISO 45001; a consultant; an accredited trainer; and a registered legal practitioner in the state of Victoria, Australia.
He has audited projects in a variety of fields and sectors, including healthcare, civil engineering, transportation, manufacturing, power generation, and more. In addition, he has written five books as well as industry articles.
In this conversation, we discuss the importance of integrated audits, the sometimes-unexpected benefits of training, and how remote auditing helps yield better outcomes for auditors and auditees alike.
EXEMPLAR GLOBAL: Tell me a little bit about your background and how you found your way into auditing as a career.
NINO CAPOGRECO: As you probably gather from my surname, I’m not Anglo-Saxon. I’m what’s called, in Australia, a 10-pound migrant. You see, in the 1950s and 1960s, the Australian government offered immigration into the country for a fee of 10 pounds. My father paid 10 pounds each for myself and my brothers and my mother, and we came to Australia in the 1960s. My parents believed in education very strongly and so it was always a given that I would go to university, where I studied law. I graduated in 1978, and then became a registered as a practicing lawyer a year later. I’m quite proud to say that I’ve kept my registration ever since. However, a few years after starting my legal career, I found that the antagonism that was part of the job didn’t suit my personality. I decided to look elsewhere for an alternative career. At that stage I had gotten married, and my first child had been born. All of this just coincided with the publication of the first standard in quality management in the 1980s, which interested me.
To make a long story short, by 1995, I registered with the company that’s now Exemplar Global as a lead auditor in quality. I built up a clientele and started doing audits, and I haven’t stopped! I’m 68, and auditing has been a godsend because it gave me an alternative career. The more I got into it, the more I realized how much auditing suited my personality, I very much cherish the ability to meet people, and my job offers me the ability to meet people just about every day, from one section of industry to the other. I find it very fulfilling to support and help people. It’s been a worthwhile career.
EG: Definitely. You were talking about how adversarial relationships, which are inherent in the law, didn’t really suit your personality type in terms of a career in the legal profession. What are some of the things that you took from your training in law that you have been able to apply to your auditing career?
NC: To answer that question, let me step back and tell you why I first got interested in quality and standards back in the 1980s. Being trained in jurisprudence and setting up rules, regulations, and systems, really, comes down to governing behavior. With the advent of the first management system standard, I thought, ‘Oh, that’s very interesting,’ because it’s all about how you manage your business. I guess it felt right into my lap in a way, because I was always interested in the foundations for how to govern an organization or a particular project and formulating the rules that apply to it. That’s how my career first diverged into quality auditing.
EG: What are some of the types of audits in which you specialize?
NC: I audit quality, safety, and environmental management systems. As mentioned, I became a lead auditor for quality management in 1995, and I became certified as a lead auditor for safety and environmental in 2001. These days, a lot of the businesses go for the triple certification covering all these standards. It is quite an interesting mix because now we talk a lot about integrating management system auditing. I would say about 80 percent of my audits today are integrated audits.
EG: ISO obviously has helped push that along by developing the high-level structure to allow auditors and auditees to have a unified system in which to look at their management through an integrated framework.
NC: That’s correct. If you integrate quality, safety, and environmental, you can avoid duplicating or even triplicating things. For example, you might have an auditing procedure that covers all three, or a training procedure that covers all three, and considering them together in a single audit makes very good sense. Over the last 10 years, I’ve seen the development of this integration, which been a good thing, especially for small businesses. One of the things that held back small businesses in achieving quality, safety, and environment certification was the scary thought of needing three systems. One is bad enough! What they have now is a single system under which they can manage quality, safety, and environmental.
EG: There are a lot of efficiencies there, not only from the perspective of cost savings, but also efficiencies in terms of just being able to create better results. There just aren’t as many silos to go through to understand things like suppliers or purchasing or shipping or any of the other various inputs or outputs. Those efficiencies, over the course of time, really do add up to better performance for the organization.
NC: One of the good things I have found in integration, especially for medium to small businesses, is that they can actually hype the word ‘synergize,’ for example, in training. If I am going to assess an employee in terms of what training they need for 2022, why not talk about quality, why not talk about safety, why not talk about the environmental considerations they should be trained in? This makes the management of the training much, much easier and provides some concrete benefits as well. One example I had recently was of a manufacturing company whose review of training is now integrated. The chap that manages it said to me, ‘You know, now that we are integrating these systems, we’re offering a lot more training with better results, and I spend less time doing it.’ It’s paradoxical, but it’s true! When I sit down with them now, I can just integrate all the checklists into one.
EG: How about the trainers themselves? Have they done a better job of integrating the systems, or do they still take a silo approach to the training?
NC: Smaller companies don’t have dedicated trainers, although the larger companies might. A lot of it is on-the-job training as opposed to a formal, external course. Integrating that learning, especially on the environmental side of it, is a good, productive approach. Returning to the example of the manufacturer I just mentioned, because they’re now training their employees in environmental management, and because the environmental management system focuses on things like recycling, reuse, and so forth, they’re saving a lot of money. The employees now recycle and reuse a lot more, so running these training sessions is profitable for them.
EG: One of the things about training and workforce development in general is that you don’t always know going in what the savings and the efficiencies are going to be. You just assume that having people be better at their jobs and knowing more is a good thing, and it is, but sometimes it’s hard to know exactly what the benefits will be at the start.
NC: Yes. What I’ve found in the last few years, especially within environmental and a little bit more in safety, is that when you do the training, it becomes a consultative forum for the exchange of ideas. In the feedback I get from the trainers, I hear things like, ‘I did the session, we communicated the information successfully, but I also got a lot of ideas back from the students.’ Good training is a win-win situation.
EG: That’s a great point because training need not be just a one-directional thing with the students just sitting there passively absorbing the words coming from the trainer. An exchange of ideas is better because ultimately that’s going to be much more beneficial for everyone.
NC: Over the years, to break up my auditing projects, I became a qualified trainer. I taught auditing to young engineers, other professionals, and managers. One of the first things I used to say to them was, ‘When you do your training, do you ask for and provide feedback?’ Because I certainly encouraged them to give that feedback to me.
EG: You mentioned working with some of these younger professionals throughout your career, and it makes me think that we all need to be out there looking for skilled people to take up the mantle of auditing as a career. How do you do that?
NC: In the last few years, I have been trying to encourage a lot of people to take up the profession. Some have, let’s say, a rather dark view of auditing.
EG: Tell us about that. What does that mean?
NC: Well, they might say, ‘I don’t want to be a police officer.’
EG: Sure.
NC: When I started teaching auditing, one of the first things I said in my introduction was, if you want to be a police officer, this is the wrong course for you, because auditing is not about telling people what to do and throwing your weight around. First and foremost, it’s a human interaction, where you go into an organization—really into a system—to assist and support them in continual improvement. A lot of students, I must say, didn’t find that comfortable. They might have come to the course because they thought that auditing was something they could do to stay on top of people and tell them what to do.
I think, in retrospect, the reason why I’ve been in this career for so long, and why my clients still like me, is due to my personal approach and interaction. I have never said in my 30-odd years in this profession, ‘I’m here to tell you what to do’ or throw my weight around.
Also, there is an element of the profession that doesn’t stick to what I consider the golden rule of auditing, which is that if you are auditing against a set of requirements, you must not add your personal additional requirements on top of it. Whatever the requirement is in the standard applies and you’re not free, even if you think you should be, to add to it. You must never create your own requirements.
I do have some clients who have said to me, ‘When we were audited by so and so, they asked for this or that or the other.’ This doesn’t happen very often, but sometimes the requirements that are asked for are outside the standard. It’s a golden rule that I’ve always stuck by. People would ask me, ‘Should I do this or that? Am I required to do it?’ And I say, ‘Look at the standard and see what it says.’
EG: It’s there in black and white. Also, ISO does a pretty good job of bringing forth changes that allow the standards to improve and evolve. A good example that was risk and risk-based thinking, which increasingly became a concern of management systems over the course of time. Eventually, of course, it found its way into ISO 9001 as a way of allowing organizations to put into place processes to at least think about risk.
NC: I have to tell you a story about that one. About two years ago I was auditing a company and I was conversing with the manager. We were just outside the office in a large carpark space with some old machinery and tanks and so forth. From the corner of my eye, I see a guy with a fairly long extension ladder walking towards a tank. And he puts the ladder against the tank, and he’s about to go up. I asked, ‘What’s going on there?’ The manager said, ‘I think he’s going to go in and clean up the tank.’ And I said, ‘Hang on, what’s the risk?’ He said, ‘The risk? Well, he’s got to do a job.’ I said, ‘No, no, no, no… what’s the risk?’ He thought for a minute. ‘You mean, what can go wrong?’ ‘Yes, what can go wrong?’ Now, by this stage, the worker was nearly at the top of the tank, so I said, ‘Look, if he goes in there, he might never come out… that’s the risk.’
In any event, we stopped him. Afterwards, we dropped a detector into the tank, and it was full of methane. It’s one of those things that happen in auditing sometimes where you come across something and think to yourself, “OK, today has been a worthwhile day. We saved someone’s life.’
EG: Exactly. You also have to think about the risk of not doing something. Does the risk of not doing the job or the process outweigh the risk of having to go up on that ladder? Maybe it does, maybe it doesn’t—it’s all contextual. But you do have to consider both the negative and the positive risks.
NC: And as you know, in the middle of this pandemic, we also have to consider the risk for the auditor in doing the audit itself. Can it be done online, or does it have to be done on site?
EG: Considering that you’re doing health and safety audits, you might say to yourself, ‘Well, if I don’t go to the site itself, I might miss something.’ So, maybe the risk of not going, in the larger scheme of things, is greater than the risk of exposure to Covid. It’s never going to be perfect. As much as we all want to be scientific and precise in this work, ultimately, it’s a human endeavor and perfection is impossible. You just have to make processes better.
NC: I often say, ‘I don’t expect you to be perfect because I’m certainly not!’
EG: In your time in doing this work, what would you say are some of the things you’ve seen that have changed? That could mean changes in the language of standards, or in the advent of risk-based thinking, or in the prevalence of integrated audits, or anything. And have those changes been for the better or worse?
NC: I think the standards being updated, introducing principles and ideas such as risk, have created a better environment for management systems. In fact, integration, I think, has been very beneficial as we discussed earlier.
The other thing about management systems that I’ve seen, especially in Australia, is an increased focus on environmental issues, even for smaller companies. They are discovering more and more that good environmental management is a moneymaker. If you invest so much, you get a greater return for it—whether that’s in terms of electricity consumption, or fuel, or water, whatever it may.
Let me give you an example. I did an environmental audit on a company that manufactures aluminum parts. They use a lot of water because aluminum heats up to about 400 degrees and it must be cooled down. I asked the auditee, ‘What is your water consumption?’ And they said, ‘Oh, it’s always been high—we probably use the equivalent of several Olympic swimming pools a year.’ I probed a little further. I asked, ‘Is that due to evaporation when the product goes in?’ They didn’t know.
It turned out that most of the water that was being lost was because of leakage, not because of evaporation. By merely looking at that aspect of their production process and addressing the issue, they saved thousands of dollars a year. When you talk about financial savings like that, even the CEO becomes interested.
EG: It’s important to ascertain the cost of quality, specifically how much poor quality can cost an organization. What’s needed is someone who has the discipline to apply the standards to find the waste. That’s really the end goal.
NC: The other thing I’ve found in the last 10 years that has been very, very good is the advent of computerization at all levels of the business. A lot of the headaches that were caused by document control, for instance, are now well-managed by computerization. Who can edit, change, or just read documents—all those permissions can now be easily controlled by login.
Then there is what we in Australia call ‘the tyranny of distance,’ which has been pretty much wiped out. Now I can have somebody in Sydney or Perth or Darwin completing a form and I know whether it’s been done it or not, irrespective of where they are. And it’s in real time, which is a great benefit.
EG: All of these changes have been brought into sharp relief through Covid. I’ve talked to plenty of auditors who said what works best with remote auditing is the document control piece because it’s so convenient to have the documents in hand before the audit even starts. There are certain things with remote auditing that you can’t replicate quite so well, where you need or want to be on-site, but when you’re reviewing the documentation, remote works great.
NC: I remember in the late 1980s and early 1990s, a major part of the audit was a document control because you had all these papers, folders, binders, and so forth. It brings to mind another quick story, from the days when I was training to be an auditor. I recall one situation where the lead auditor raised a non-conformance because the quality manual was written in the wrong font. The quality manual was so specific about what font to use that it was a non-conformance when another one was used. I’m glad we’re not working in those days anymore.