Thursday, July 3, 2025

Climate change and bad audits

A while ago—six weeks, now that I check—I wrote about how to audit the recent Climate Amendment to ISO 9001. I based my advice on a guidance document issued by the ISO 9001 Auditing Practices Group, entitled (unimaginatively enough) ISO 9001 Auditing Practices Group Guidance on: Auditing Climate Change issues in ISO 9001. At the time, my basic conclusion was that the requirements were not heavy or onerous.

A couple of weeks later, Kyle Chambers and Caleb Adcock of Texas Quality Assurance released a podcast on the exact same topic. (See the YouTube link below.) I usually appreciate Kyle's pragmatic approach to the ISO standard, so I assumed he would see this guidance the same way I did; but it was a while before I had time to listen to his podcast. It turns out, though, that his take is almost the opposite of mine! He summarizes the APG document as "a whole guidance document of gotchas!"

How is this possible? After listening to the rest of Kyle's podcast, I think I see what happened. Like so much in the ISO world, it all comes down to context and interpretation. Also, it seems like some of Kyle's clients have been saddled with really poor auditors. I'll explain what I mean as we go on.

Agreements

Let me start with the parts where we agree. Kyle's basic advice to his clients (around 21:00) is that you shouldn't need to do anything you aren't already doing to manage your business. But you may have to document what you are doing, and wrap it up in the language of risk management. Caleb makes the same point in different words (around 22:10) by spelling out that if you have determined that climate change has a significant impact on your business, then naturally you are going to implement steps to manage that impact so that you can keep your doors open. You'll do this with or without ISO. So just document it.

If you believe that climate change has no impact to your business at all, Kyle suggests (24:48) that you should still keep an eye on the legal and regulatory aspects affecting you, in case they change.

And Caleb makes the critical point (13:53) that "The auditor is not the risk police." In other words, when a business makes this or that determination about the relevance of climate change to their operations, it is not up to the auditor to overrule them.

I agree with all of this. 

Bad audits

Where Kyle and I part company is over what to expect in your audits. When I read the guidance document, I approach it as an auditor and I think about what I would do. Practically speaking, an auditor is constrained by the clock: you've got to get through the whole organization, and you've got only a few hours to cover it all. So mostly you don't have time to add any new topics, because the old topics will already keep you busy enough. (I discuss some of the auditor's mindset in this post here.) Therefore, if I were the auditor, I would scan through the ten-page document to look for two or three extra questions I could ask. Then, depending on the answers, I'd see where the trails led from there. Obviously this guidance document includes a lot more than two or three questions—it's ten pages long, after all!—but there are lots of different companies out there to audit. Questions that work for one won't work for another. So the document includes a lot of examples to choose from. 

But some of Kyle's clients have had auditors who took a very different approach. He describes (at around 8:00 and following) having long arguments with auditors who insisted that the client organizations had to answer every single question in the document, or at least a couple of questions from every section—regard­less whether the questions made any sense for the business! Kyle kept saying, "The company doesn't do that," and the auditor kept insisting, "My Certification Body gave me a form to fill out and I have to put a piece of evidence in every blank. So I don't care if it's irrelevant. Give me an answer anyway!"

This argument went on for a long time.

In a sense I feel bad for the auditor. If the CB really did give him a form like that, and if they really did insist that he had to fill out every blank, then they set him up for failure. But whoever is ultimately responsible, this is bad auditing! How much time did the auditor waste arguing over these points? Whatever it was, he didn't get it back later. The more time he spent barking up the wrong tree on climate change, the less time he had to check calibration, operational controls, handling of noncon­forming material, documents and records, internal audits, or management review. In fact, if a company were unethical, they could use arguments over climate change evidence to run out the clock, so they never had to confront hard questions in other parts of the operation. And any auditor who lets himself be played like this isn't good at his job.

I wish I could say this will never happen, but obviously I'd be wrong because it has. All I can say is that no experienced auditor should let himself get tangled up like this, and I'm sorry that Kyle's clients got stuck with someone who did. 

Other topics

Podcasts are conversations, and conversations meander. In the course of this discussion, Kyle and Caleb raise a number of interesting or tantalizing side topics. 

  • At about 15:30, Caleb asks if there's a difference between addressing risks from climate change and addressing risks from natural disasters. (Answer: It depends.) 
  • At 18:50, Kyle asks how it is possible for a really big company to get certified to ISO 9001, because it has so many parts that they can't all play together. (Answer: I've worked for global companies that were committed to ISO 9001 certification, so it's possible. But you're right that it ain't easy.) 
  • And a little later, at 19:28, they ask, "What about the company who says 'We have only 100 employees, so how can we save the polar bears?'" (Answer: I've talked to small companies too, and yes, that's a concern. But some of the answers are interesting.) 

Each of these deserves a longer answer, along with plenty of other questions that they raise but don't have time to pursue. I won't take the time here. But if you'd like me to address one or another of them, leave a comment to let me know.

Meanwhile here is a link to their podcast on YouTube.



      

Five laws of administration

It's the last week of the year, so let's end on a light note. Here are five general principles that I've picked up from working ...