+ Sidebar

Security Expert Expects Rise in Security Certifications

Jeff Slotnick has been thinking…

Jeff Slotnick has been thinking about, analyzing, and predicting the future of the security industry for more than 30 years. In that time, he’s seen the industry shift into a significantly more important role; a change he saw coming while working as a senior enlisted person in the United States Army Engineer Corp.

“I’ve always been an evangelist for this community,” Slotnick observes. “The more people know about how risk assessment can help them, can help us run companies better and do things more safely, the more they become believers themselves.”

Slotnick, certified protection professional (CPP) and physical security professional (PSP), is the president of Setracon Inc. and chief security officer at OR3M, based in Washington state. He’s traveled the world consulting with organizations about their risk security profiles, and the predictions he made decades ago about the evolution of standardization in the risk assessment profession are fast becoming a reality. Compliance with ISO 31000 and ISO/PAS 28000 have become much more sought after in recent years. According to Slotnick, this is a change he saw coming years ago.

“It’s the influence of technology,” he says. “ISO 31000 and similar standards help organizations grasp an understanding of their culture, not just their data. It enables them to use all the data they collect and all the devices they have—which produce an immense amount of data—to protect themselves, their employees, customers, and businesses. It’s a very exciting time.”

The ISO 31000 family of standards includes ISO 3100:2009—Principles and Guidelines on Implementation, ISO/IEC 31010:2009—Risk Management—Risk Assessment Techniques, and ISO Guide 73:2009—Risk Management—Vocabulary. Although the standards weren’t developed with the intention for certification, Slotnick expects their popularity will increase significantly in coming years as more organizations recognize the potential of the standards to make them more secure.

“I find 60 percent of this job is education,” he says. “People don’t know what they don’t know. Simply capturing data in an audit, you’re creating a very clear value statement. I can show a company how identifying and managing risk helps them avoid problems in the future. Knowing what those dangers are and being able to create a plan to prevent or eliminate them is a very valuable skill and one that more people should learn.”

Teaching that skill is something that Slotnick is very familiar with. He serves as a faculty advisor with the University of Phoenix, where he also takes classes to continue his learning. In his roles as consultant, teacher, and student, he sees the risk assessment profession moving toward full enterprise security risk management (ESRM) and ultimately enterprise risk management (ERM). This is a shift that could have dramatic consequences to the way organizations staff their executive boards.

“This is an industry in transition,” he observes. “Traditionally, we’ve seen risk as a physical thing, something to address with physical means. Now, we’re seeing organizations meld their risk profile with their OHSAS, environmental, financial, customer and employee health, cyber, and physical risk efforts. All risk is shared. When there is risk to one part of an organization, there is going to be risk exposure to many other parts. That’s an exciting thing, and it’s been a long time coming.”

The post Security Expert Expects Rise in Security Certifications appeared first on The Auditor.

The Extraordinary Invisible World of Risk Type

figure-12-300x253.png
by Geoff Trickey  Think for…

by Geoff Trickey 

Think for a moment about the characteristics that set you apart and give you your unique identity. Is it your cautiousness, your careful planning, your ability to generate solutions, your openness to new experiences, your flexibility, your friendliness, your professionalism, your vigilance in following things through? Or, is it your independence or that you’re highly alert to signs that things may be going wrong?

All of the above are personality characteristics, or features that create a particular reputation for you among your friends, colleagues, and clients. They also define your risk disposition. Psychological Consultancy Ltd.’s research has found 23 different personality themes that affect risk taking and contribute to our taxonomy of eight distinctive risk types. It seems that these risk-related personality characteristics have a lot of influence on the way you come across to others, your public persona, and your reputation. They also affect the way people see eye to eye when making decisions and in the ease and comfort of relationships between colleagues. Individuals with opposite risk types are very different. When both people are extreme examples of their risk type, they may seem like aliens to each other, almost beyond belief, so it’s not likely that they will always see eye to eye or easily get along.

The interesting thing is that these distinct and defining features are invisible. In a crowded train, you would have no idea who would fit each of the eight risk types. Some will be highly anxious in these crowded conditions, some will be relaxed, unstressed, and oblivious to the circumstances. Some will be excited by being “one of the crowd” and find interest and fascination in the diversity of those around them. Others will be fretting about timetables, next appointments, or if they will miss their connection in this slow-moving crowd, but all that is inside their heads. You wouldn’t know it. You might not want to know it, but it’s real and it’s there. If you had a grasp of the key features of each risk type, you would be able to make a reasonable guess about the people you know well; certainly, you would recognize how they fit the description in their risk type report. Yet, these unseen individual differences play a huge part in influencing behavior across all areas of life: recreational preferences, the way you manage money, plan your career, or arrange your holidays. Their interpersonal consequences also create group dynamics in teams and affect group decision making. Organizational culture, board decisions, managerial relationships, and recruitment decisions are all influenced through the crucial overall balance achieved between opportunity and risk. Organizational survival depends on it. Yet risk dispositions are invisible and are likely to go unrecognized.

The Risk Type Compass is a psychometric personality questionnaire that focuses on these critical risk features. Like other personality characteristics, they have a persistent influence on our behavior and decisions.

A recent research study by eminent economists tracked senior bankers over a 15-year period as they moved from job to job. They found that the risk-taking policies of a bank were determined more by the personality of the bankers in charge than any other measurable factor, including bonuses (Financial Times, 2016). This has implications for auditors too. Auditing is more about probability than about certainty. It involves investigation, observation, and interpretation. The information gathered has to be pulled together and formulated to achieve coherent conclusions and recommendations. In all of this, personal judgments play a very significant part. The recommendations of one auditor may not be quite the same as another. Risk dispositions influence the perception of risk and the way we think about it and handle it, so there is always a degree of subjectivity and bias in the judgments we make.

The big picture is that auditors tend to be relatively risk averse by nature, although within this trend there is considerable variability. This is illustrated in figure 1, which shows how a large international sample of auditors were rated using the Risk Type Compass. This positions any individual within a 360 degree spectrum calibrated continuously through the eight risk types, which merge and blend into one another. Sixty-seven percent of auditors fall within a range defined by three neighboring risk types. Clearly, like any other professional, the approach and manner of an individual auditor will be influenced by their own risk disposition, and so will their judgments and decisions. You will probably know of auditor colleagues who are somewhat either more or less cautious than you are. Everyone falls somewhere on the Risk Type Compass, and this positioning will have implications. There are no good or bad risk types; each has its advantages and disadvantages. It’s important to be sufficiently self-aware of the bias that these differences in risk disposition imply. This allows the benefits to be exploited and the disadvantages to be managed in a professional way.

Self-awareness is just one side of the coin. There is a second way in which auditors encounter risk type. Auditors work in many different sectors and professions. Just as there is a characteristic distribution of risk types amongst auditors, this is also the case with other professions. Police officers do not, in general, have the same risk dispositions as recruiters or air traffic controllers. Not all professions are so distinctive in this respect. Some have a very even distribution of the eight risk types but in others—air traffic controllers are an extreme example—the influence on the culture within that industry or profession will be palpable. Walk into the tax department of an accountancy firm and the likely reaction is no more than a peek over the top of a pair of spectacles. However, walk into a PR firm and they will probably be climbing over the desks to grab your hand and introduce themselves.

In moving between organizations, or departments in a large organization, these differences in organizational culture will create two challenges for the auditor. First, to engage with those that need to be engaged with auditors may need to adapt their approach and mindset. Second, to establish working relationships, carry out their enquiries, communicate, define their requirements, and see the project through they negotiate the potential pitfalls of dealing with people whose risk disposition may be very different from their own. Organizations are characterized by different risk dispositions (see figures 2 to 6), and within any organization the finance function will be very different in this respect to the sales department, and HR will be different to research and development. When the risk culture of an organization is distinctive and different to the risk disposition of the auditor, basic assumptions about acceptable levels of risk and uncertainty, about vigilance in dealing with a task, or maintaining records or completing formalities may threaten the successful completion of the audit or its effectiveness. An awareness of the possible implications of risk type in the individuals you are working with, as well as self-awareness about the inevitable bias inherent in your own risk disposition, will improve your ability to navigate successfully within a world where these individual differences can be quite extreme.

From our database of more than 7,000 administrations of the Risk Type Compass assessment, we have generated the following illustrations of the varied patterns of risk type in different work settings:

The Extraordinary Invisible World of Risk Type    The Extraordinary Invisible World of Risk Type

The Extraordinary Invisible World of Risk Type       The Extraordinary Invisible World of Risk Type

The Extraordinary Invisible World of Risk TypeThe Extraordinary Invisible World of Risk Type

Looking at the total sample graphic, it’s clear that risk types are evenly distributed. Your next encounter is no more likely to be any one than any other. Surely, this even distribution must reflect the importance of all the risk types in contributing to survival for our own species? We clearly need those who are “on edge” about risk who will draw attention to pending disasters and help to protect us. Species survival also needs those who will challenge everything in search of better solutions or who are prepared to face the danger and act to overcome it. I refer to this even distribution of risk types as “Team Homo Sapiens.” No football game is won with a team made up solely of defenders or solely of attackers, you need a balance between the two. There are no “good” or “bad” risk types; all have an important contribution to make. Once you can measure it, you can begin to manage it effectively. Team building of all kinds and at all levels can make use of it. The challenge is to find the right combinations of risk types to ensure success.

Individuals will improve their effectiveness, decision making, and performance by taking their own risk type dispositions into account.

These findings are already influencing policy decisions and working practices in a wide range of occupations in different countries. The research is robust, and the possibilities and opportunities are becoming ever more apparent. In auditing, too, these human factors are an unavoidable feature of the terrain.

What risk type are you?

Contact Edward Balfour at ebalfour@exemplarglobal.org to take the Risk Type Compass assessment.

About the author

The Extraordinary Invisible World of Risk TypeGeoff Trickey is a passionate advocate of applied psychology. Through roles such as honorary research fellow at UCL, European manager for The Psychological Corporation, and a long association with Hogan Assessment Systems, he has been privileged to work with an influential pool of talent, which laid the basis for an informed global perspective on psychological practices.

Founding PCL in 1992, Trickey has overseen its continuous growth to establish a global presence. He developed the Risk Type Compass which is now distributed in the United States and Canada by Multi-Health Systems.

Trickey is a chartered psychologist, a fellow of the Royal Society of Arts, and an associate fellow of the British Psychological Society.

The post The Extraordinary Invisible World of Risk Type appeared first on The Auditor.

Establishing Audit Program Objectives

by J.P. Russell To most,…

by J.P. Russell

To most, establishing program or department objectives seems like the normal thing to do. However, that isn’t always the case. Sometimes managers of programs or departments only focus on the purpose of their program or department. For example, the purpose of the audit program is to conduct audits. Therefore, all resources go into conducting as many audits as possible. Another example might be the shipping department where incoming material must be shipped ASAP. Establishing objectives or desirable outcomes goes beyond the purpose of a function. The aim is more about how the purpose is carried out and improved upon.

ISO 19011, Guidelines for auditing management systems, states that it is top management’s responsibility to ensure that audit program objectives are established. That doesn’t mean audit program managers should wait to hear from their boss before they establish objectives. On the contrary, audit program managers need to be proactive.

The audit program manager can start by determining the organization’s objectives and policies. An organization should have objectives to achieve their performance goals and obligations. Not all, but many policies may affect the audit department. Examples include safety, stewardship, ethics, and confidential information. A good starting point is to ensure audit program objectives are consistent with, and support, management system policies and objectives.

Next, audit program objectives can be established. There may be objectives for the entire function or specific audit program activities such as program management, plans, and performing audit services. Audit program objectives should relate to organizational objectives.

The program and individual audit objectives should also align with the needs and expectations of interested parties. For example, interested parties may include regulatory agencies, customers, suppliers, purchasing, and operations.

Audit program objectives direct program planning (department policy, procedures, guidelines, etc.). Plan what you do and do what you plan. Plans should align with objectives as well as the purpose of the function. One might ask, “Is this plan consistent with our objectives?” and “Is there anything we should change that would enhance our effectiveness to achieve our objectives?”

There should also be objectives for conducting audits. Providing an audit service is the purpose of the audit program. These objectives may relate to efficiency, safety, professionalism, and the code of conduct, and they should be consistent with audit program objectives. Perhaps an example objective would be to incorporate the seven lean wastes thinking when conducting the audit process to improve efficiency.

Audit program objectives can consider the following:

  • Management priorities
  • Commercial and other business intentions
  • Characteristics of processes, products, and projects and any changes to them
  • Management system requirements
  • Legal and contractual requirements and other requirements to which the organization is committed
  • Need for supplier evaluation
  • Needs and expectations of interested parties, including customers
  • Auditee’s level of performance, as reflected in the occurrence of failures, incidents or customer complaints
  • Risks to the auditee
  • Results of previous audits
  • Level of maturity of the management system being audited
  • Auditing organization risks

Examples of audit program objectives include:

  • To contribute to the improvement of a management system and its performance
  • To fulfill external requirements, e.g., certification to a management system standard
  • To verify conformity with contractual requirements
  • To obtain and maintain confidence in the capability of a supplier
  • To determine the effectiveness of the management system
  • To contribute to the identification of risks to the organization and verification of risk treatment actions
  • To implement an eAudit program to reduce costs
  • To evaluate the compatibility and alignment of the management system objectives with the management system policy, strategic direction, and overall organizational objectives

The objectives should be measurable. The idea here is to avoid vague generalizations such as “We will only use top-notch auditors or achieve performance excellence.” Plans for monitoring the achievement of program objectives will need to include determining the appropriate metrics. Some metrics will be obvious such as continued certification of the management system. Determining the metrics for other objectives such as the effectiveness of the management system may be more challenging. There may be some thought about appropriate metrics now or later as part of the monitoring performance process.

Plans should include how objectives are communicated. Objectives should be shared (note that there could be security exceptions). Informing people that need to know will only help the achievement of objectives. Communication of objectives could be done using several media options. For example, posters, intranet, emails, and virtual or face-to-face meetings.

Plans should take into account the need to update, delete, or replace certain objectives. Objectives need to be monitored and periodically evaluated and updated. For example, they may need to be updated due to changing organizational objectives or strategic direction or the results of monitoring the achievement of objectives. Typically, objectives are reviewed annually, but circumstances may require the objectives to be assessed more frequently.

When appropriate, objectives should consider the type of audit. For example, on-site versus remote and internal versus external. The audit function of an organization may provide many different audit services beyond management system audits. Process audits are becoming increasingly popular due to the value they add to the organization. An ever-expanding supply chain has stressed the need for greater supplier accountability.

About the author

J.P. Russell is the founder and managing director of eLearning provider QualityWBT Center for Education (www.qualitywbt.com). He is also an ASQ fellow, ASQ-certified quality auditor, member of the U.S. Technical Advisory Group (TAG) 302 for management system auditing, member of the U.S. TAG for ISO technical committee 176. Russell is a recipient of the Paul Gauthier Award from the ASQ Audit Division and author of several ASQ Quality Press books about auditing, standards, and quality improvement.

The post Establishing Audit Program Objectives appeared first on The Auditor.

Risky Business: Why Auditors Need Liability Insurance

As an auditor you make…

As an auditor you make a living by providing your professional opinion. No matter what industry you audit, it is your responsibility to evaluate businesses and determine if they follow the applicable standards. Regardless of what you decide, there may be long-term consequences for the business.

Let’s outline a couple of scenarios to illustrate how some of these consequences could affect your legal liability.

Example 1: They Pass the Audit

In the first scenario, your findings indicate that the business you are auditing is compliant with the laws and industry standards you are reviewing. Great! Except, down the line, it’s discovered that the business isn’t compliant, and they get hit with fines and fees.

In this situation, the business may feel that you missed something during the audit. They may claim you were negligent in your duties, and if you had performed your duties fully, they would have had time to fix the situation before being fined.

Whether you were or were not negligent is irrelevant in this situation. If the client feels you were, they may bring a lawsuit against you. As an independent auditor, paying your legal expenses alone can cost tens of thousands of dollars.

Example 2: They Don’t Pass Your Audit

In this scenario, the business you have audited will need to fix the issues you identified—a process that will take time, money, and manpower to implement.

If the business disputes your findings, or if they spend the money to fix the issues, only to find out later that your recommendations were unnecessary or done in error, they may sue you as a way to recover costs.

Again, the lawsuit itself is expensive, even if you aren’t found liable. However, if you are found liable, then you will also have to pay damages and other settlement costs, which may include the court costs of the business. As an independent auditor, you likely don’t have this kind of money on hand. Even if you do, can your business afford that kind of loss?

Beyond Professional Liability: The Insurance Coverages You Need

The above scenarios illustrate your need for a specific type of coverage—professional liability coverage. As an auditor, this type of coverage needs to be the backbone of any insurance policy you choose. It protects you against the cost of damages and claims that occur because of errors or omissions made while providing your professional services, as well as any negligent acts in this same capacity.

Although professional liability needs to be the foundation of your policy, there are additional coverages you should have. These are outlined below.

General Liability Coverage

Next to professional liability coverage, general liability is one of the foundational coverages you need for your insurance policy. This coverage protects you in the event of bodily injury or property damage claims.

For example, while performing an audit, you spill a chemical or other liquid. If someone were to slip and become injured on that spill, you could be held liable. Or you may accidentally damage an expensive piece of equipment, and the company wants you to pay for its repair or replacement.

One accident could even result in both types of claims. If you bumped into a piece of equipment and it knocked into or fell on an employee, injuring them and damaging the item. This single mistake could lead to both medical costs and property damage.

On their own, medical care (which may last for months) and property repairs are expensive, especially if a lawsuit becomes part of the equation. Together, they could be enough to lead you to bankruptcy.

However, having an insurance policy with enough general liability coverage could save you from paying these expenses out of your own pocket.

Personal and Advertising Injury Coverage

This type of coverage is usually a subset under general liability coverage, but for many policies, the “per offense” limits are separate from general liability “per occurrence” limits. The reason for this separation is the difference in how “injury” is defined for each coverage.

Injury, under personal and advertising coverage, requires intentional acts rather than simple negligence. Personal and advertising injury coverage protects you against seven specifically defined acts, including slander, libel, defamation, right to privacy violations, false arrest, copyright infringement, etc.

Because each of the covered acts have specific legal meanings, it’s difficult to illustrate how this coverage may be applied in a claim. However, if you would like more information, including examples, this article about personal and advertising injury coverage from online insurance resource IMRI is highly informative.

Damage to Rented Premises Coverage

This coverage is a necessity if you rent office space. It protects you from the cost of property damages sustained if you accidentally cause a fire.

Although you may not think you are likely to start a fire, legal liability can apply in more situations than you might first assume.

For example, you probably own a smartphone. You’ve probably seen recent news reports about a certain model exploding and causing fires. Even if you don’t own this specific smartphone, it’s only the most recent incident to capture the media’s attention. The truth is, any smartphone could overheat and explode. If yours does so while in your rented space, as the phone’s owner, you could be held liable.

Or, maybe you smoke, and while on a break, you don’t realize your cigarette isn’t fully extinguished. Or your laptop short circuits. Or you forget to extinguish a candle you were burning.

There are a lot of ways you may unknowingly cause a fire. Because the cost of repairing a building from fire damage is expensive, you’ll want this protection.

Computer Network Security Coverage

Since much of your work is done on location for the business you are auditing, you most likely use a computer or other technology to perform your duties. While computers are useful, they are also vulnerable to cyber threats.

If your computer becomes a weak point through which the business’s network or security is compromised or infected by malicious software, this coverage is a necessity. Depending on the specific circumstances of the event, it can protect you against claims where electronic data is destroyed, deleted, corrupted, or stolen.

Don’t Spend a Fortune for the Coverage You Need

Assuming liability risk is an inherent part of your work as an auditor. However, you don’t have to risk your business to do your job. Getting the right insurance coverage, like those outlined in this article, is the first step. Getting them for an affordable price is the next.

If you’re interested in an insurance policy that offers competitive limits for all of these coverages at a price well below market value, check out the policy provided by Exemplar Global’s insurance partners:
Australia: Envirosure at www.envirosure.com.au
United States: Veracity Insurance Solutions at www.paceinsure.com

The post Risky Business: Why Auditors Need Liability Insurance appeared first on The Auditor.

Let’s Get Back to Basics: The Challenges of Being an Auditor

With more than 25 years…

With more than 25 years of audit experience, director of successful auditing and training business Global Quality Assurance, David Purslow has seen it all. In a no-holds-barred interview with The Auditor, Purslow gives insight into some key issues facing auditors and offers a simple solution for improvement.

Purslow enjoys the diversity of auditing and the process of assisting businesses improve. However, not everyone shares the same experience of auditing. In this fast-paced environment, auditors can face pressures from many sources, including auditees who want the job complete within tight deadlines or certification bodies pushing auditors to take on more than they can handle. According to Purslow, challenges such as these can easily pile up, leaving the auditor with a backlog of work or pushed to the point of burnout—particularly for contract auditors.

“In Australia, we work with a lot of contract-based auditors,” Purslow says. “This can breed the type of auditor who has a money focus, so they will take on every job that is available to them. That is where the issue of burnout can arise. They are trying to grow their business, but at what cost?

“All of a sudden we see people getting burnt out because they are doing too much.

“There are also a lot of young auditors who think they are invincible. They try to get as many audit scopes as they can and try to do as much as they can. You may have auditors who are quite happy working at a certain level within a certain scope. There is nothing wrong with that. There is always going to be a variance of auditor skills and knowledge across the industry.

“As an auditor you sometimes need to step back and have a good look at yourself and say there is only so much you can do, and be comfortable with what you do well.

“You need to manage yourself as an auditor, and as a business you need to manage your auditors to prevent those things from happening.”

Purslow postulates the current financial climate and varying audit standards to be an underlying cause of this pressure. When organizations tighten their budgets, the hunt is on to find the lowest-priced audit. As we all know, the cheapest price doesn’t always guarantee the best product or service, which raises the concern of ineffective auditing.

“If you start looking at the quality of the jobs being done, there is a big divide between the quality of the job and the actual meaningfulness of the reports that are generated,” Purslow says. “We don’t want an industry full of ‘tick and flick’ audits; we want people who write meaningful outcomes in their reports. We don’t want auditors to be subjective and negative in their approach to auditing where they forget to look at the process or become document focused. These aren’t good attributes of an auditor.

“For an auditor to do the job properly, he or she needs the time to actually do the job to the scope that has been issued. Sometimes that doesn’t happen because you have organizations that are so keen to keep clients, they cut the cost. Therefore, the expectation on the auditor to complete this body of work is increased.”

The notion of auditor competence is intertwined with these issues, which Purslow believes isn’t always the fault of the auditor.

“We talk a lot about auditor competence; the industry has been commenting on it,” he explains. “It always seems to be the auditors who are targeted for the inconsistency of auditing. But when we drill down to the root causes, you have to look at organizational cultures—the people who are running the scheme, the business, or the certification body and the auditors themselves.

“In particular, [you need to look at] issues like audit duration, number of standards being audited, expectations, audit cost, auditee, audit tools, audit team (if available), and location. All elements should be addressed by good audit planning.

“It’s about having the time and resources to put in to developing staff.”

Purslow offers the following tips to improve the standard of auditing:

  • Allow enough time. The extent to which a service will be provided when promised and how long it takes to consistently perform the service each and every time. You need to be able to complete the project or audit assignment in the time you have been given. If you don’t feel the timeframe is adequate, you need to be upfront and say it’s not going to meet the scope and objective of the audit. If you have a very heavy audit schedule, you need to make time to produce your reports and deliver your outcomes on time, in full.
  • Consistency. The extent to which audits are delivered in the same fashion for every client, every standard every time, relevant to the scope. You can’t have a bad day.
  • Honesty and integrity. The belief that things that are worth doing are worth doing well is a strong value that we should all aim to project. Integrity of the process and trust underpin the core philosophy of auditing. We choose this career path!
  • Accuracy. The extent to which the audit is performed right the first time and fully compliant to the standard we audit. Good audit planning should ensure that competency is held prior to audit delivery and enough time to complete the audit fully.
  • Competence. The relevant skills, knowledge, and expertise of auditors to complete the audits to the correct standard required. Auditing is a profession; it requires dedication, commitment, and the ability to keep learning and improving your skills and knowledge. Make time to do this!

So what is the solution to all of these challenges? Purslow suggests going back to the fundamentals.

“We need more consistency so we can get some traction and growth in the industry,” he says. “We need to go back to the fundamentals about why auditing is important and why process-based auditing is effective.

“We don’t want auditors to be checklist auditors. Ending up with 60 percent of an audit based on documentation doesn’t add value. We want auditors to be in processes, watching processes, understanding processes, and determining if they are meeting requirements.

“We choose to work in this sector, we choose to be auditors—we should all look at improving our industry, including standard owners, regulators, influencers, CABs, auditors, and clients alike. We should not accept substandard practices and planning, but agree on meaningful, achievable outcomes. To this end we all have a part to play, so let’s begin.

“Please do not perceive my passion for our industry with arrogance, as this was never the intent!”

The post Let’s Get Back to Basics: The Challenges of Being an Auditor appeared first on The Auditor.

A Look at the Evolution of Auditing in North America

bware-150x150.png
Robert T. Ware has been…

Robert T. Ware has been in the auditing profession since 1974—before the term “audit” existed and when MIL-Q-9858 military standard audits were the norm. Speaking to The Auditor, Ware shares his opinions on the changes and challenges of completing manufacturing audits in North America, and the value of internal audit teams.

“Back when I started they called it an assessment, they didn’t like the punishing word of audit,” Ware reflects. “The word ‘audit’ came out in 1987 when ISO 9000 came into effect, and they called it internal audits.

“I remember a lot of people were upset about that word because it means pass/fail, where assessment means continual improvement.”

Ware spent the first 13 years of his career working in reliability, before making the transition to quality assurance. In his current role, Ware works for Zoll Medical looking after quality assurance and regulatory affairs/reliability for the resuscitation division.

“I lead a team of engineers that investigates all failures, return goods authorizations, and returned material,” Ware explains. “I am responsible for design and development, through to manufacturing, distribution, and post market surveillance.”

Having worked in the manufacturing industry for most of his auditing career, Ware is saddened to see a lot of businesses move their manufacturing offshore.

“In the 1960s, manufacturing was booming,” he says. “Forty-three years later, I have to look hard to find a company that manufactures here. Even Zoll, we do assembly and testing, and China makes all of our boards. Big manufacturing firms like Intel, Texas Instruments, Digital Equipment Corporation, and J&J, they all do the same thing.”

These changes present challenges for auditors who have to work on an international scale to get the information they need.

“We just have to keep coping,” Ware says. “We do audits over the phone. I have spreadsheets and word files that I send out. The auditee will send me back the information and then we look at the information and evaluate it, analyze it, and get results.

“We do a lot of virtual audits. We can do an audit over the telephone or by Skype. It has evolved because everything is global.”

Throughout his career, Ware has worked with standards such as TL 9000, ISO/TS 16949, and ISO 14000. Ware also served on the U.S. TAG to ISO/TC 176 from 1987 to 2006, and he worked to revise ISO 9001 in 1987, 1994, and 2000. Through his experiences, Ware has learned how industries and standards work, and has noticed some key similarities.

“Once you audit [different industries], the basic processes and products are the same in terms of how you would manufacture them,” Ware explains. “You just have to understand the process and audits to help you break it down.”

Having worked in internal audit teams for most of his career, Ware sees great benefit in the internal audit function. However, he fears young executives today don’t see the same value.

“Back in the 1970s and 1980s we had big audit teams,” Ware says. “Now I see a lot of companies outsource their audit teams. In reality, if I didn’t know anything about an operation and went in and did an audit versus working there—working there you are more of a Tasmanian devil. You can do some really good digging. It’s not like it used to be, but you have to make the best of it.”

However, Ware uses management review as an opportunity to reinforce of the value of an internal audit team.

“When I do a management review and they start discussing issues and problems, I love to bring them back to people and products,” Ware says. “These are the main parts of the business.

“I think the people who work in a company would find more value and would feel empowered. Why not take someone from the manufacturing line and make them an auditor? Especially women; they do a great job because of their intuitive nature. I think it’s a lost art.”


Ware’s Tips for Auditors to Improve Their Craft:

  • Do your preparation. Never do anything blind. The more information you know, the better you can question.
  • Keep your eyes open. Just like Yogi Bear said: You can always find something if you look. Just by observing you could not even audit and see is that how they do it? Are they sure they want to do that?
  • Just listen. The only time I talk during an audit is to ask a question. You have to let the person you are auditing do all the talking.

The post A Look at the Evolution of Auditing in North America appeared first on The Auditor.

Certificate vs. Certification: What’s the Difference, and Why Does It Matter?

by Anjali Weber There are…

by Anjali Weber

There are many types of credentials in the marketplace, and sorting through the various options can be confusing to the potential applicant or participant. Even greater confusion exists for employers, regulators, and especially the public as a myriad of “certifications” and designations are continually added to emerging and existing professions. But what are the differences between various credentials, and why does it matter?

First, the term “credential” can be broadly applied as the big umbrella under which certificate, certification, qualification, academic degrees, licensure, and registration all have a unique purpose. Second, there is a significant distinction between certificates and certification, and the right type of program will effectively satisfy stakeholder needs and accomplish desired business outcomes.

In this article, we will distinguish between certificates of attendance or participation, where there is no validation of learning, and an assessment-based certificate program, where intended learning outcomes are directly aligned to assessment. Our focus will be on a comparison between assessment-based certificates and personnel certification, as each serves a very different purpose, produces a different outcome, and fulfills different needs.

The differences can be critical to your business. Each type of program plays a role in closing skills gaps—a matter of international importance in today’s competitive business environment. Certification and certificate programs are part of a larger qualifications framework and help to address one of the biggest challenges the workforce faces today: providing the necessary skills and competencies to create qualified job candidates and successful employees. A 2009 annual talent shortage survey by Manpower of 39,000 employers in 33 countries found that 30 percent of employers worldwide are struggling to find qualified job candidates.

The traditional education system does not provide the necessary competencies for employees to succeed in the workplace. Many new college graduates fail to learn the knowledge, skills, and attributes that are most essential for success in their chosen careers. There is often a significant gap in knowledge and skills that must be addressed to make an employee workforce ready. But, the good news is that qualifications can play a major role in closing the gap.

So, what makes certificate and certification programs different? In short, a certificate program is a learning event. A certification program provides validation that learning has occurred and typically results in an awarded credential.

Primary focus

The primary focus of a certificate program is to provide instruction and training to aid learners in acquiring specific knowledge, skills, and competencies associated with intended learning outcomes. The primary purpose of a certification program is to confirm that an individual has already acquired (prior to applying for certification) a set of knowledge, skills, and competencies critical to the competent performance of a professional role or specific work-related tasks. Certification programs are independent of a specific learning event, class, course, or training program.

Purpose and scope of assessment

Both certificate and certification programs assess knowledge, skills, and competencies. However, the purpose and often the scope of these assessments are quite different. Certificate programs use formative and summative assessments to evaluate the effectiveness of instruction or training, monitor learners’ progress, and determine whether learners have achieved intended learning outcomes. Certification program assessments aren’t intended to evaluate mastery of the intended learning outcomes of a specific class, course, or training program. Rather, these are designed to verify that an individual possesses the level of knowledge, skill, or ability necessary for competent performance of a specific professional role. As such, the scope of the certification assessment also is often considerably broader than that of a certificate program assessment.

Duration of program

A certificate program typically ends when the intended learning outcomes have been achieved and the certificate is awarded. This differs markedly from certification, which is an ongoing process that requires individuals to engage in continuing education or re-examination on a periodic basis to maintain their certification.

For a detailed comparison of certificate vs. certification, the Institute for Credentialing Excellence, a premier non-profit organization serving the global credentialing community, has published a white paper that has been extensively peer-reviewed and compares and contrasts each of the major components of both programs. This Defining Features paper can be downloaded at no charge from the ICE website.

Which option is best?

It’s a matter of intention. Is there a need to acquire education and training to fill a gap or to validate that the knowledge and skills required of a particular job role or profession have already been acquired?

Certificate programs address ongoing learning gaps and may be very limited in scope or broad-based. High-impact job functions that require mastery of technical skills that may not already exist can be addressed with well-developed education and training programs. These programs can provide an organizing framework for the learning process, encouraging the alignment of all the learning components and assessments and help to synthesize the learning.

Certification programs validate existing competencies. The primary goal is to confirm that an individual possesses a desired set of knowledge, skills, or competencies previously acquired through academic or other formal education, internal or external training programs, or prior work experience. A well designed certification program begins with a comprehensive job analysis that validates the essential knowledge, skills, abilities, and characteristics needed to competently fulfil a job role. Also, if mastery of the baseline knowledge, skills, or competencies is confirmed through certification, then future training does not need to include these basics. Rather, it can focus on what is unique to the industry or the employing organization (for example, products, services, and processes). In so doing, resources will be used more efficiently. Certification also provides independent validation that equals credibility, as it is offered through a third party and is not directly connected to a specific education or training program. Recognition of an individual’s knowledge, skills, or competencies through an external certification process enhances credibility and defensibility, and this benefit is valuable to the recipient and the employer. Because the intent is not to “teach to the test,” the outcome may carry more weight in many circumstances.

In summary, certification and certificate programs serve very different purposes and are not equivalent. Well-developed programs for either that follow best practices and accreditation guidelines provide good but unique value. It’s up to the customer, the employer that hires them, and the public they serve to determine whether they have a skills gap that needs to be filled or whether personnel certification would provide better confirmation that they have attained the knowledge and skills that have been independently verified.

About the author

Anjali Weber is vice president of strategy for Exemplar Global. She was previously director of the Institute for Credentialing Excellence.

The post Certificate vs. Certification: What’s the Difference, and Why Does It Matter? appeared first on The Auditor.

Techniques for Gathering Audit Evidence

craig_cochran-e1424572076847.jpg
By Craig Cochran Gathering evidence…

By Craig Cochran

Gathering evidence as part of an audit involves a mix of techniques that are used interchangeably: visual observation, examination of records, and employee interviews.

Gathering audit evidence as part of an audit involves a mix of techniques that are used interchangeably: visual observation, examination of records, and employee interviews. One moment you will be looking around the work area, and the very next you’ll ask an employee a question. The audit is a fabric that is skillfully woven of these techniques. Let’s take a deeper look at each major technique used for gathering audit evidence.

Visual observation

This is the most basic ways to gather evidence during an audit. Simply looking around is a very powerful way to understand how an organization works. Is the place organized or cluttered? Is communication formal or informal? Smart auditors immerse themselves in the organization they are auditing and look at it from every angle. Here are some especially powerful pieces of audit evidence you can look for:

  • Uncontrolled documents. Look around for “bandit documents” posted on walls, machines, and desks. These are often informal specs or procedures that are not controlled in any way. Bandit documents often take the form of Post-It notes, marker settings written on machines, old memos, printed emails, and photocopies of external documents. If the document provides information on product requirements, process control guidelines, or decision making criteria, you need to inquire how the information is supposed to be controlled.
  • Product outside the normal flow. Look for large piles of product that appear to be outside the normal flow of production. These are often nonconforming products, moved to the side so they can be addressed. If you find nonconforming products, make sure they are being handled in accordance with the company’s process for controlling nonconforming products.
  • Measuring instruments. The presence of measuring instruments usually means that there are important characteristics that must be verified. When you see measuring instruments, you need to find out what they’re used for. If we’re using them to check product, verify service, or control a process, then the organization should have a process for ensuring the fitness of the instruments. These range from complex measurement devices to include very simple gauges (such as templates, patterns, jigs, rulers, tape measures, and limit samples), and everything in between.
  • Housekeeping and organization. It doesn’t take an expert to identify a mess. That’s really what you’re looking for. Problems with housekeeping and clutter are symptoms of larger issues. Delve deeper into these conditions and try to find out what is happening. Lack of housekeeping often points to issues with product preservation, defects, identification, and traceability.
  • Product identification. Look to see that all product has some sort of identification. Identification could be achieved through a variety of methods such as stickers, tags, bar codes, paint dabs, assigned location, special bins, boxes, or bags. If you’re not clear what the identification is, ask someone in the area.
  • Improvised fixes and repairs. Look for evidence that employees have had to make improvised fixes and repairs. Amateur repairs often use duct tape, rope, shims, and other crude methods. If employees have improvised repairs, then it could be evidence that the maintenance program is not being carried out or that adequate resources are not being provided by management.
  • Informal record keeping. Look for informal record keeping in notebooks, logbooks, scratch sheets of paper, etc. If the records relate to anything that ISO 9001 or the company’s system addresses, then the records should be handled in a formal manner.

Examination of records

Records are historical artifacts. They tell what has happened in the past. Auditors generally accept records as statements of fact. If we have a credible record that indicates something happened, then we can usually conclude the action happened. Of course, records are not required of everything that happens in an organization. If a company procedure or the applicable standard (such as ISO 9001) requires a record, then obviously we need a record.

I mentioned the need for “credible” records. What exactly is a credible record? It is one that we can have faith in as being an accurate representation of the activities it vouches for. These are some characteristics that help make a record credible:

  • Completely filled out. If the record starts as a blank form, then we would expect all spaces to be completed. Any blanks should have clear explanations for the omission.
  • Dates. Records need verifiable dates in order to have any credibility.
  • Participants. If the record was a meeting, then a listing of participants would help tell the story of what happened. If the record was simply proof of something happening, then who carried out the action would need to be recorded.
  • Actual results. What actions took place? If the record was proof inspection, then the inspection results would be needed. If the record was taken from a meeting, what was decided?
  • Subsequent actions. Many records will include action items or follow-ups. If the activity being recorded includes these types of actions, the record should clearly indicate it.

Employee interviews

An interview is a structured discussion. Unlike a normal discussion that can meander over a wide variety of topics, an interview has a specific objective. Your objective is to capture factual information about the process being audited. The interviewer must plan and control the discussion so the required facts are gathered in the most efficient manner possible. In general, certain cues help an auditor know if the interview they’re leading can be considered objective evidence:

  • The employee makes statements relating to things they personally saw or took part in.
  • The employee’s statements relate directly to their responsibilities and authorities.
  • The employee’s statements can be corroborated by records or supporting statements from other personnel.
  • The employee makes statements that are specific and which include credible details (as opposed to blanket statements that are vague on specifics).

In cases where there are requirements for records, a statement alone would not suffice.


Related Article: Objective Evidence: An Auditor’s Secret Weapon

Techniques for Gathering Audit Evidence

Objective evidence is the proof that the organization did or did not meet its requirements. One of the primary objectives of an audit is to collect objective evidence. Not just random objective evidence, but evidence specific to the requirements in the audit. The auditor selects requirements to verify, and then looks for objective evidence that the organization met the requirements.
Click Here to Read


 

Sampling of evidence

Audits are never 100 percent inspections. There is simply not enough time to examine everything that is happening within the organization. Instead, audits sample evidence. The sample does not need to be statistically based, but it does need to be representative. If a population of evidence includes thousands of records, then a representative sample would certainly be more than one. Just take a reasonable sample of evidence given the evidence available. Think about how you might subdivide the overall population of evidence into rational sub-groups. For instance, if you’re auditing training, you might sub-divide employees into top management, hourly, employees less than 90 days old. Employees with more than 10 years of experience. Then you’ll take your samples from the sub-groups, instead of just blindly selecting samples from the overall population.

Recording notes

Note taking is an important part of the audit process. Evidence gathered must be fully traceable and highly detailed. This means that auditors must develop efficient means for capturing their notes. If you’re the type of person that takes notes during an interview, make sure to tell your auditee that you’ll be writing down details. Also remember that you likely have one chance to capture the details of evidence. Slow down, take your time, and write the required details and evidence traceability while you’re in the department. The one thing you would never do is ask an auditee to speak into an audio recorder. This makes the audit seem too much like a police interrogation.

Examples of evidence

The best way to understand good versus bad evidence is to study some examples. Here’s what appears to be a detailed statement of facts. Read it carefully and decide what you don’t like about it:

“Returned goods were missing the nonconforming materials tags, which greatly increases the chance of accidentally shipping bad material.”

This evidence has a number of problems. In summary, it’s highly opinionated and not traceable. Here are the specifics:

  • Where was this found? The area or department should be indicated.
  • What returned goods are we talking about? We need to identify them to enable traceability. Part numbers or descriptions should be adequate.
  • How many returned goods were missing the tags? The quantity helps put the situation in perspective.
  • The auditor has included his opinion at the end. This adds subjectivity to the evidence and will only inflame the auditee.

Let’s rework the evidence. Here are the same facts, expressed in much more complete and correct terms:

“Three out of 10 returned desk kits (product code 675) in the warehouse hold area were missing the nonconforming materials tags.”

The first thing that strikes you is how much more specific this evidence is. It is the epitome of “just the facts, ma’am.” Here is why it is better:

  • The area where the returned goods were located is clearly indicated (i.e., warehouse hold area)
  • The identity of the returned goods is provided (i.e., desk kits, product code 675)
  • The sample size is shown, helping the audited organization understand the magnitude of the situation (i.e., three out of 10)
  • Only facts are stated. No auditor opinions about impacts or ramifications of the nonconformity are included.

Seeking evidence of positives

Smart auditors always ask themselves, “Am I actively looking for positives during the audit?” The audit should be a balanced snapshot of the organization. Balanced means the identification of positive practices, as well as nonconformities. Any organization that is still in business in these tough economic times is doing a lot of things right. Too often, audits become an obsessive exercise in finding the organization’s flaws. As you can imagine, audits of this type are rarely welcomed or requested.

You have to continually remind yourself to be on the lookout for positives during the audit. Ask yourself these questions during the audit, to keep the topic fresh on your mind:

  • What sets this organization apart?
  • What do they do especially well?
  • What practices create competitive advantage?
  • Where are the isolated pockets of excellence?
  • Who are the innovators of new methods and tools?

If you are leading an audit, remind the other auditors under your supervision to also be on the lookout for positives and best practices.

It’s important to note that in mature management systems, identification of positives is one of the most important purposes of an audit. That’s because the discipline of the management system is well established. Audits have already picked the low-hanging fruit, so auditors can turn their attention to finding the isolated pockets of excellence. These pockets of excellence are often obscured and hidden from view, so an important purpose of the audit is to root these out. Once identified, these best practices can be widely adapted and turned into the new standard. This motivates people to embrace the audit process, while driving improvement throughout the organization.

Here are some examples of positive findings:

  • Clean and well-organized receiving area
  • Management of the lab is fully engaged in the management system
  • Effective corrective actions generated by production
  • Detailed action plans for achieving objectives in the purchasing department.

Try to write positives that are highly individualized and specific to the areas they relate to. We have no use for “boiler plate positives” that are generic and generalized. Remember, we’re looking for best practices that the rest of the organization can learn from. Keep your eyes open for positives, and you’ll find that you produce better results and are always welcomed as an auditor.

About the author

Craig Cochran is the North Metro Regional Manager with Georgia Tech’s Economic Development Institute. He has assisted more than 5,000 companies since 1999 in QMS implementation, problem solving, auditing, and performance improvement. Cochran is a Certified Quality Manager, Certified Quality Engineer, and Certified Quality Auditor through the American Society for Quality. He is certified as a QMS Lead Auditor through Exemplar Global.

He is the author of numerous books, including ISO 9001:2015 in Plain English, published by Paton Professional. His next book, Auditing in Plain English, from which this article was excerpted, will be released in late 2016.

The post Techniques for Gathering Audit Evidence appeared first on The Auditor.

Objective Evidence: An Auditor’s Secret Weapon

craig_cochran-e1424572076847.jpg
One of the primary objectives…

One of the primary objectives of an audit is to collect objective evidence. Not just random objective evidence, but evidence specific to the requirements in the audit.

By Craig Cochran

Objective evidence is the proof that the organization did or did not meet its requirements. One of the primary objectives of an audit is to collect objective evidence. Not just random objective evidence, but evidence specific to the requirements in the audit. The auditor selects requirements to verify, and then looks for objective evidence that the organization met the requirements.

Objective evidence has a couple of specific purposes. First, it provides credibility to the audit process. By keeping evidence of facts gathered during the audit, we can be confident that an audit actually took place. The auditor didn’t just go through the motions. Real people were interviewed, actual records were examined, and current processes were analyzed. Anybody can review the evidence that was gathered and feel confident that the audit was effective.

Second, the evidence forms the raw material for any nonconformities that result. We’re not seeking nonconformities, of course—we’re seeking conformity. Despite this goal, nonconformities are a common outcome of audits. If we collect detailed evidence during the audit, we’ll be able to write clear and defensible nonconformities. Objective evidence also helps to write meaningful positive findings. Both of these outputs—nonconformities and positive findings—rely on accurate and objective evidence gathered by the auditor.

Characteristics of objective evidence

The term objective evidence sounds rather complicated, but it is actually very simple. Here are the characteristics of objective evidence:

  • Unbiased: Objective evidence is unbiased. That means it is not clouded by emotions or feelings. The evidence is gathered in a completely neutral way. Bias often arises when the auditor has a personal relationship with the person they are interviewing during the audit. Auditors have to always be aware of how their personal relationships influence the way they view evidence. If an auditor believes they’re becoming biased, it is their responsibility to approach the lead auditor or quality manager and make this known.
  • Factual: Objective evidence is factual. That means it is real, not made up or imagined. Very few auditors intentionally create non-factual evidence. It sometimes happens accidentally when evidence is misinterpreted. This is one of the benefits of auditing in pairs. When you are with somebody else, you can always ask for their opinion of the evidence you’re examining. This should keep you in the realm of factual evidence.
  • First hand: Objective evidence is first-hand. That means the auditor gets evidence directly from the source. The evidence is seen, heard, read, or experienced by the auditor. A good auditor never relies on second or third-hand information, as it is often distorted. The more hand offs in an information chain, the more distortion exists and the less the information can be trusted.
  • Traceable: Objective evidence is traceable. That means you include all the identifiers about the evidence. Identifiers could include the date, time, part number, department name, and anything else that lets the organization know where the evidence came from. In theory, audit evidence should be traceable enough that anybody could see the same thing that you saw during the audit.
  • Impersonal: Objective evidence is impersonal. The evidence is written to reinforce a focus on systems and processes, instead of people. Names are omitted from evidence and job titles are used instead. No opinions about the severity or possible impacts of evidence are includedjust the facts are given. The evidence is written in a neutral, non-accusing manner.

Just because your evidence is subjective doesn’t mean that’s the end of the line. You can often turn subjective evidence into objective evidence by doing some additional digging. That’s what is referred to as following an audit trail. You might start out with biased or second-hand information, and then convert it to objective evidence by asking a few more questions.

Evidence gathering

Evidence gathering is the heart of auditing. Effective auditors are naturally curious and enter every audit in a learning state of mind. When you want to learn, your mind will crave information and your senses will be especially sharp. Very little will escape your detection. Armed with the desire to expand my own knowledge, I ask probing questions and pursue unique and important lines of inquiry. You can’t fake the desire to learn. It exists solely inside your head. There are certain truths that can help put you in this state of mind:

  • This company is doing a lot of things RIGHT. In today’s extremely competitive economy, bad companies don’t survive. They dry up and blow away very quickly. If the company you’re auditing is still in existence, then it must be doing at least a few things correctly.
  • The people here are interesting and have some fascinating stories to tell me. I have found this to be true 100 percent of the time. No matter how banal and commonplace an organization seems, it will include some people who absolutely fascinate me. They will have interesting things to tell me and I’ll have a hard time pulling myself away from them.
  • I will learn a lot during this audit. There are processes, technologies, and products here that I’ve never seen before. Yes, I’m here to do an audit, but the benefits of the audit will flow in both directions. If I’m perceptive, I will learn as much from them as they will learn from me.
  • I am a partner of the organization, not an adversary. You’re not looking for nonconformities; you’re looking for ways that the organization can improve. This is a subtle but important difference. At no time should an auditor portray the audit as a sport in which the objective is to rack up nonconformities. The number of nonconformities is inconsequential. What matters is that the company knows what they need to focus on.
  • The evidence I gather should focus on the big picture. Auditing is definitely a process of details. My task is to accumulate the details into trends that will help the organization improve. I need to probe beneath the surface and uncover the true strengths and weaknesses of the organization. I will only be able to do this once the organization trusts me and understands that I am truly there to help them.

The overall impression that you should give the organization is trust. Every word and mannerism that you evoke as an auditor should reinforce the idea that you can be trusted. People who are trying to learn can usually be trusted because learning is a cooperative process that requires a two-way exchange of information. Be a learner and you will also be an effective auditor.

About the author

Craig Cochran is the North Metro Regional Manager with Georgia Tech’s Economic Development Institute. He has assisted more than 5,000 companies since 1999 in QMS implementation, problem solving, auditing, and performance improvement. Cochran is a Certified Quality Manager, Certified Quality Engineer, and Certified Quality Auditor through the American Society for Quality. He is certified as a QMS Lead Auditor through Exemplar Global.

He is the author of numerous books, including ISO 9001:2015 in Plain English, published by Paton Professional. His next book, Auditing in Plain English, from which this article was excerpted, will be released in late 2016.

The post Objective Evidence: An Auditor’s Secret Weapon appeared first on The Auditor.

The Influential Auditor

Holtmann-Small.jpg
Influence is an attribute that…

Influence is an attribute that can be developed once you know the formula. Knowing how to be influential in your daily pursuits can be the difference between a value-added experience for the auditee and just another audit.

Influence is an attribute that can be developed once you know the formula. Knowing how to be influential in your daily pursuits can be the difference between a value-added experience for the auditee and just another audit.

We all know at least one auditor of great influence and watch as they command an audit outcome, network event, or technical committee. They may not have the highest competence, the most experience, or the greatest technical skills, yet colleagues choose to listen, follow, and accept the advice or arguments voiced by these individuals.

This influence comes from within the individual and it is a series of traits that they have developed or learned to intuitively master. The traits I am speaking of are: confidence, courage, commitment, passion, empowerment, trustworthiness, and likeability. Not all of these traits come in an equal concoction of awesomeness—the mix will talk to how influential you really are.

If we were benchmark ourselves against highly influential people, we would likely pick some religious icon, business mogul, or academic. The choices are endless. Let’s take a brief look at the attributes of influence.

Confidence is how much you rely on and believe in yourself and your abilities. You may have a strong sense of personal judgment that lets you know when you are right, especially when the outcome of a situation is unknown. People could relate this to vision or the art of seeing the unseen.

Commitment is your will to achieve an outcome. Those with high commitment will overcome almost any adversity and power through to the finish line. Commitment and purpose are intertwined. Knowing what you are striving for will be a strong driver for you.

Courage is where you draw your inner strength from. It’s how you face barriers to success or challenges to outcome. Having courage can move you through a confronting situation in the workplace, to a balanced, peaceful, or fruitful outcome. Courage and commitment make great bed fellows.

Passion—one of my favorites—is your eagerness to complete the job and engage others on your progress. Those with high passion can very clearly communicate their vision to others and demonstrate the value of having them join you.

Empowerment is the ability to share the effort and rewards that follow. Those who are comfortable sharing power attract others to their work or vision. Being empowered means that you build the competence of others around you and enjoy the fruits of your labor.

Trustworthiness. A big one here for us all is having others place their trust in you without being let down, betrayed, or taken advantage of. Trust and responsibility show others that when you commit to something, you finish the task, are reliable, and in turn they will support you. Trustworthiness is probably the hardest attribute to attain, and the easiest to lose.

Likeability is how you demonstrate your positivity to others. Having a positive mindset and allowing others to feel positive can be an empowering experience for both parties. Likeable people tend to be heard more, trusted more easily, believed more often, and given the benefit of the doubt. Being likeable does not mean that you are a push over or are overly optimistic. Rather, it means you can overcome the barriers to success by believing work matters, and that you can only be successful when you have the support of others.

These traits underpin the best leaders, influencers, popular icons, and community elders.

When we consider ourselves against these seven traits, what do we see in ourselves? We may be committed and passionate about our cause, but does our likeability and empowerment let us down causing people to trust us less?

Let’s turn this into a positive statement. When we are clear about our purpose and have the determination to deliver a great outcome that benefits others as well as ourselves, then we are more likely to be trusted and supported.

Focusing on auditing—knowing your key competencies and how they can positively influence the outcome of an audit—will greatly improve your presence on site. Your confidence builds a level of trust in your capabilities and a commitment by the client to achieve a successful outcome.

What we know about auditing is that people are drawn to the profession by the nature of their personal attributes. These individuals have an innate sense of passion and pride in their work and know their efforts contribute to a safer, secure, consistent way of life for all that meet or exceed consumer expectations.

Influence can be measured and is able to be enhanced through your daily pursuits and reflections on your work. Your mix of traits can be identified, measured, and reported on, and you can become a more influential auditor.

If you have a story about a moment of influence you have achieved, participated in, or witnessed, please share it with us. If you would like to know more about how to measure your influence rating and how to build upon your traits, please get in touch.

About the author

Peter Holtmann is the president and CEO of Exemplar Global Inc., the premium provider of personnel certification and credential management and independent certification for training outcomes.

Peter has been passionately dedicated to the conformity assessment profession for 20 years, spending the last 10 years building Exemplar Global into a world-class certification organization. As the industry has changed so has Peter’s role, from a scientific professional to trainer and risk consultant, from auditor to business developer, and now as a strategist and leader of a global non-profit organization.

Peter sees his role as an advocate for credentialing that helps drive career pathways to international recognition. He believes unilateral acceptance of a person’s capabilities across cultures, countries, and continents builds world trade and fosters global growth of human capital.

The post The Influential Auditor appeared first on The Auditor.