Auditing can be considered a dirty word in some circles.
I’ve been involved in auditing for over 15 years, on both sides of the fence. I’ve been audited dozens of times. When I worked for a major outsourcer we had ISO 27001 (Information Security), ISO 22301 (Business Continuity) and ISO 9001 (Quality Management) certifications for over 40,000 people and over 20 sites and I led the team which maintained these standards and consequently was on the receiving end of over 80 days a year of audits.
So, I suppose it was inevitable that I became an auditor at some point in my career. I’ve joined recently with an auditing company on a sub-contract basis and this has been an interesting experience.
It meant some in depth training courses, but because I’d been on the other side, I could see what the auditor should be looking for and what the auditee should expect. I think this gives me a different perspective as an auditor and some empathy with the client. I’ve been on the end of some over-zealous auditors and those who just couldn’t be bothered (including one whose first question at 9:00 am was “When’s lunch?”
There is a pragmatic approach to auditing which identifies improvement areas for the client and ensure adherence to the standards. I hope to achieve this balance when auditing. So far I’ve had good feedback from my clients and look forward to future assignments.
If you want to see my tips sheet on how to be audited. Go to the Resources Tab on my web site.
O-BC Business Continuity 