Calm down, calm down

20 August 2018

This article was featured in the September 2018 issue of the magazine.

Jason Clark CMgr MCMI, CIPP training and consultancy manager, explains how he prepares CIPP colleagues for ISO audits, gets buy-in, and reduces stress levels

There are few things that are guaranteed to invoke fear into the hearts of the bravest of souls – such as babysitting your godchildren (mine are three and half year-old twins) and they have gone silent… and the threat of an impending audit.

I have always been bemused why someone would get nervous about an audit. To me an audit is the opportunity to improve rather than look for each tiny fault that could have happened. Let’s face it, if you’re like me no-one will be able to chastise you better than your inner monologue would.

But, of course, an audit can be stressful, and we behave differently under immense pressure and stress than we would normally. Work and life related stress is the norm, but it’s how we deal with it that is important. 

We can all feel – because stress is an emotional challenge that manifests itself in physical behaviours – that we are stressed due to heavy workloads or responsibilities, working longer hours not being in control. And an audit can be stressful.

Going from auditee to auditor changed my attitude when I began conducting internal audits for CIPP in accordance with ISO 9001 (ISO) which is the internationally recognised standard for quality management systems. The CIPP has held the ISO standard for years and in November 2017 transitioned to the 2015 standard eight months early.

The ISO standard changed significantly in 2015 moving from quality management (with a heavy lean on process and procedures) to risk based and leadership focussed quality while retaining quality processes, therefore changing the focus of internal and external audits.

At the heart of making the audit less stressful is communication; which of course is the answer to most issues. 

So how did I prepare CIPP for our internal ISO audits and our external audit in July 2018?

  • Senior management team (SMT) buy-in – In June last year I asked the SMT why we wanted to retain the ISO standard. It’s a simple and logical question, but I wanted to remind the team of the reasons for it. Without exception, the team explained why we need it and why we need to keep it. In that simple action, I achieved their buy-in.

At each external audit we are advised what the next audit schedule is, and I shared this right away (with a few reminders along the way of course).

  • Set an internal audit plan that is challenging but achievable – As an internal auditor it is important to cover each aspect of the standard and ensure that each department and their major actions are audited through the plan.

I created a plan, highlighting which area of the operation I will review and which of the standard clauses I will report against. I then asked when they wanted me to audit them. Again, simple, but I maintained their buy-in by helping them to take ownership of it.

  • Obtain buy-in from the rest of the staff – Now that is the harder one. So, what did I do? I made it fun and applied some e-learning techniques.

I gate-crashed a knowledge session in the business. Clearly in payroll you don’t want staff using their personal phones at their desk for all sorts of reasons, but I caused a bit of a stir by asking them to take their phones out.

I created a series of ten questions about ISO which they had to answer via their mobile phone using Kahoot! (which is a game-based learning and trivia platform). 

The questions are projected, and results shown in realtime for them all to see. It became very competitive and a lot of fun.

The real result of this activity was to test their knowledge of ISO and then provide them with accurate answers and dispel myths as well as inform the staff about the impending external audit. 

  • Prepare the staff for internal and external audit – A month in advance of the impending audit, I contacted the team with a copy of the standard, provided them with the document I complete and asked them in advance if they have any queries.

  • Put them at ease and build a rapport – I remind the staff about why I am there, explain what exactly I will do, and the implications of any non-conformance that I find. I talk to them about their role in what I am auditing and let the conversation and evidence flow from there.

Once the audit has completed, I issue the audit report and ask them to read it before I finalise it. My report will be explicit by providing details of opportunities to improve and details of any non-conformities. I then agree a date for any revisions to my report (just in case I have missed the point) and to their processes or how they will update any non-conformities to close the audit. If I have found any non-conformities, I then contextualise the issue to help them understand what the issue is.

Simple? Not always but my approach helps.

So, did the ISO external auditor do the same with me at our audit in July? Actually, a bit of both. But we have already built up a rapport at previous audits and she knows the business.

What she did was:

  • provide guidance at the previous audit

  • create a new schedule so I knew what she was auditing

  • worked through the evidence provided methodically

  • treated the staff with dignity and considered they were nervous.

We had a positive audit that gave us the result we expected. ISO is very much embedded in all of our processes. Like every other company in the world, we don’t always get it right, but we work hard at doing so, and it shows in the fact that we have won awards and accreditations like the ISO standard.

Of course, not all auditors will do the same. I would recommend that no matter the subject of the audit take advantage to learn from the auditor. These few simple tips would help you to prepare:

  • The auditor might not be your friend or colleague, they are there to do a job; but they are not out to get you and make you look foolish or bad at your job. I liken an audit to a vehicle MOT, we are providing a snap shot of the day.

  • Take the time to read through everything that the auditor has provided you, as they have done it for a purpose.

  • If you are offered pre-audit support, take them up on it.

  • Don’t drag out an audit by not completing your actions, it will reduce your stress immensely.

My final thought…Did you hear the joke about the interesting internal auditor? No? Me neither.