• Andrew Thornhill

How to Demonstrate Conformance in your External Audit (Video Blog Series Part 1)

Welcome to everyone, this is our first in our series of video blogs.


We’re going to start with a common question we get from our customers about ‘What do we actually show the external auditors to help demonstrate conformance?’


We’ll follow that up with a couple of blogs about a reasonably new standard, ISO 45001 - the safety management system standard and then we have a series of blogs around planning and conducting an effective audit within a business.



A common question we get from our customers, particularly if they’re new to the audit process (or external audit process) is “What do we actually show they auditors"?


They’re going to come into our business and for some staff, there can be a bit of nervousness about the process.


I do external audits - certification audits. The auditor’s role is they are going to audit you against whatever management system standard you are trying to meet. That might be food safety, quality or environmental.


They can audit you against the particular standard, as well as your system procedures that help (let’s stick with the quality example) your quality management system procedures and your related operational procedures.


For external auditors, it’s a process where they need to gather objective evidence. Facts essentially. In doing so, their four key sources of evidence are going to be records, by interviewing staff, by making observation of workplace activities, as well as some related documentation. It’s beneficial if you have a bit of understanding of the particular requirements they are going to audit you against (the standard, your own procedures, and the requirements in the standard).


They can only really determine a finding of conformance, or non-conformance based on objective evidence.


Now if we break that down a little bit more for your senior managers or leadership team, what are they likely to be audited against? I’ve drawn up the ISO management systems model, which has a focus for when the auditors need to interview senior management, they are going to be looking at the leadership clauses in the related standard.


We have functional responsibilities in a management capacity as well. So, if we have some operational management responsibilities (if we’re involved in HR & training, or even section 8 in engagement of contractors, or procurement), as a manager we can be audited against our functional responsibilities where there’s a related clause in the standard as well.


For operational staff, most of the auditing is going to be out in the workplace against operational processes and tasks staff perform. Coming back to that core question, “what do I actually show the auditor?” For operational staff, a really good approach is offer to demonstrate what you do, and how you do it. This way the auditor can observe what you’re doing. Very often that answers a lot of questions they would have.


You could show them records, where records are required within your process, but it’s pretty much going through your normal work activities, explaining what you do and how you do it to the auditor.


I would say for staff in that kind of role, it’s absolutely not a job assessment. The auditor’s role is to really look at how your work tasks or your processes are planned and managed and supported by your management system. It’s not a job assessment of you. You don’t need to be nervous.


There’s a couple of other common questions we get about the audit process. One of them is “What if I’m asked to demonstrate part of the process or one of the work activities I don’t actually perform?” That’s absolutely fine. Auditors are well trained. The advice is basically, let the auditor know. Communicate it to the auditor, or perhaps your compliance management personnel that “this particular step in the task, I don’t actually do” and get them redirected to the people who do perform that step. It’s not really worth trying to answer questions about part of the process that you’re not actually that aware of.


A second question/comment we get is “We’ve had the auditors out and I didn’t understand some of their questions”. I see auditors sell themselves a little bit short and if they’d understood the question better, they would be able to provide a lot more evidence.


Auditors are very open. If you don’t understand the question, let the auditor know! Ask them “can you rephrase that” or “can you give me an example of what you’re looking for”. Auditors are totally fine with that. We absolutely encourage that.

The other little tip as well, particularly for operational processes… yes, take them through the process, but deal with a current example. If we’ve got a current batch going through a manufacturing plant, walk them through how that’s been set up. Always work with a current example that works really well for the auditor.


There is a little bit of a takeaway out of today’s video. On our Resources page, we have a PowerPoint presentation. If you want to use this to coach your staff about the audit process and what they can expect, you’re welcome to download and use that.


Thanks for listening. In our next video, we’re going to be having a look at ‘How does the introduction of ISO 45001 affect our organisation if we are already certified or have management system built around the Australia New Zealand standard 4801’?


  • LinkedIn Social Icon
  • YouTube

© IRM Systems 2019