An Exciting and Evolving Audit Function With Patrick Koenig

Note: this article is the transcript of an interview conducted on March 3, 2021

I started working as a QC Officer in a global FMCG company’s plant in Belgium in 1990. It was soon decided to go for ISO 9001 certification, and we worked on this project with a consultancy company. The consultants helped develop the procedures and documentation and provided training for internal auditing as well, which is 1st party audits. At the same time, we got training on HACCP and food safety from the Corporate departments.

A few years later, I got promoted. We also received training for supplier auditing and approval at the Company’s Head Office in Holland. We created audit teams from different plants, which was very enriching.

In 1998 an exciting opportunity came along as a global certification body was looking for QMS and FSMS 3rd party auditors. I decided to become a full-time professional auditor. Naturally, the certification company provided further training, coaching and witnessed audits. For being qualified as Lead Auditor, there are strict criteria imposed by the accreditation bodies. We embarked on a big project to provide auditing services to a major global beverage manufacturer around 2001. Since this included conducting compliance audits towards internal technical standards, there was a significant effort put into training for this program by the Company’s Global Audit team. Every year there were follow up meetings to discuss the performance and also changes to the process moreover.

An exciting profession

What I really loved about the Auditor job was the variety it allowed. As an internal auditor, it widens your horizon by enabling you to observe what is going on in the organization’s other departments. As a supplier auditor, you can see the routines within similar companies within the same industry sector. By visiting different companies as Lead Auditor for certification audits, you get to explore so many new products, systems, and processes while getting to meet a huge number of people. I liked a lot the autonomy associated with this role as well.

Moreover, since the global certification body was involved in several international projects, I really enjoyed travelling. It was a perfect fit. Those years were extremely interesting and exciting.

After a few years, when some routine started to appear, I began delivering training courses. That way, I found myself in many exotic places such as Jordan, Iran, Singapore, Indonesia, and South Africa. To date, I have kept excellent memories and maintained several close contacts from those good old days, including one of my best friends in the UK.

When calibration matters

If you are working in a team of auditors, it is essential to ensure that the different individuals will deliver a similar output upon completing their assessment. Consistency is paramount to ensure the maximum effectiveness of the audit program. After all, auditing is also a process. In any process, it is critical to reducing the variability to increase reliability and, ultimately, credibility.

This starts with a thorough selection of the potential auditors to meet pre-determined criteria, initial training on audit principles and basics, and qualification after passing tests and shadow audits. I believe that training should also include practical cases like, e.g. pictures to show from which a number of non-compliances should be identified and quizzes.

Most certification bodies conduct periodic audits under the Technical or Product Manager’s supervision for each auditor, with feedback about the performance. With the global beverage manufacturer I mentioned earlier, this was done by the Audit Process Managers. This leads to closer alignment and more matching views and interpretations.

Periodic refresher meetings and calibration exercises are also being set up by different organizations, these are very beneficial for ensuring that similar ratings are applied to specific situations of non-compliances.

Exciting challenges and opportunities

While travel makes the job more exciting, some trips are quite challenging from a logistical point of view and can create serious issues even. Let’s not talk about stomach aches and diarrhoeas, which we can also experience at home, or the accessibility of more remote locations. Once I got stuck doing an audit in a far east country. There was an armed conflict between the neighbour countries’airforce at that time, and the entire airspace was closed as a consequence. My return flight was cancelled. I got very nervous and continuously monitored the situation because things could really escalate into a full-fledged war. I got transferred to the capital city with a bigger international airport and more foreign visitors there with the Embassy nearby. Really stressful, but luckily the conflict was contained after successful negotiations between the two governments. The travel agency managed to secure a seat on a flight to another major city where I could get another connection back home.

On another trip to another part of the world, the immigration at the airport had taken my passport for processing and returned the passport of another citizen back to me instead of my own document! Once I found out about this mistake, I rushed to the luggage delivery belt and tried to find the person whose passport I received by checking the picture. I spotted him in the crowd, and we swapped, so we each got our own travel document back. A big relief to both of us…

Fortunately, these were exceptions because most of the times warm hospitality was shown whenever visiting foreign places. And I was definitely more fortunate than some of my other colleagues who were once taken to prison in another country because they did not have the correct type of visa for their visit!

The main technical skills for auditors

From experience, I would say that the top 3 technical skills for auditors are:

  1. The ability to understand the process and the process approach: all the in- and outputs, which transformation steps and which factors influence the performance. I always try to perform a mini risk assessment in my mind when I do an audit of a certain function.
  2. Second are the analytical skills: being able to connect the dots and link different pieces of information. One of the core skills is to build a full and robust audit trail. Suppose you get an incomplete picture or ambiguous information. In that case, you need to get additional data to confirm that the proper level of control was applied at each stage.
  3. Finally, clear and concise report writing is critical. This means identifying and highlighting all potential concerns in the correct perspective. Stating only facts, clearly describing the issue at hand, not getting lost in details or detailed information or using complicated terminology or many acronyms.

 Auditing and the audited organization

When I was doing QMS and FSMS certification audits, I encountered many different organizations, from small family-run units through medium-sized companies up to multinational organizations and conglomerates. The response you get is also very different. For small companies that need to maintain ISO 9001 as a vendor approval requirement, it can be challenging to keep up with all standard clauses. They often lack competence and formalization or documentation. These people typically consider the audits to be quite stressful and challenging. For this type of organization the auditor should adjust the techniques slightly and accept simple ways for showing compliance to the main principles of the QMS requirements and follow the spirit of continuous improvement.

Of course, in bigger structures, people will feel pressure and some resistance when there is an audit taking place, even more so in unannounced audits. Most people do not really enjoy being interviewed and sometimes challenged. Some are trying to portray the ideal situation and hide away or fail to mention issues. I always try to create an open atmosphere and reduce the tensions first to get more openness and more information to see the full picture.

The most enjoyable audits to me are the ones in mature and more advanced companies with an established mindset in place. They are typically open book and totally transparent. They welcome any recommendations for improvement and enjoy being benchmarked with other organizations. They are eager to learn and do not spare any efforts to become Best in Class.

Value adding through audits and auditor’s experience

As with any other skill, the more you have practice and experience, the more proficient you become. After conducting more audits in different organizations, it will become easier to interact with auditees, recognize real situations instead of polished conditions, go faster into understanding the processes and changes and the factors that might influence the performance.

Experienced auditors will be able to do a more robust investigation and interpretation and have a wider exposure for benchmarking. This will allow to go beyond compliance and focus way more on improvement of the effectiveness. A lot more recommendations can be given, and Best Practices highlighted. In case the auditor is also involved in the Corrective Action Plan review, this will generally be more comprehensive as well.

Of course, in the case of 3rd party auditing, there are certain restrictions in place. It is not allowed to impose or even suggest any specific solutions (in a formal manner). For internal and 2nd party audits, this rule, luckily, does not apply because I like helping people get better at what they do. I enjoy this part of the role. I believe that this is one of the areas for which companies are welcoming inputs from outsiders. My approach is to always praise the achievements made if applicable, point out the weak areas, and finally make recommendations for increasing the performance. When an “external” expert has comments to make, these are quite often taken more seriously by top management than when an internal associate brings up a topic.

The evolution of the audit function

Audits are becoming more and more commonplace and significant in business practices, in my opinion. Governance and risk assessments have gained importance in different domains. Moreover, audit organizations are generally quite fast to adapt to new situations. A great example is the current Covid-19 pandemic, which triggered movement and travel restrictions in most countries. This has led to different approaches being implemented, such as virtual or remote audits. I have conducted several of these audits already using conference calls and mobile phone cameras. More and more tools are being developed to facilitate this, e.g. augmented reality headsets. Still, there are several limitations related to this approach. Whereas this technique is suitable for document and record review and even conducting interviews, it is not ideal for checking, for example, GMP or hygiene conditions or behaviours for safety at work.

Another example of the function evolving is a shift in focus. Several certification standards have started including the company culture as part of the criteria. It is meant to gauge the awareness and level of involvement and participation throughout the entire structure and not just with the specific QSE department or direct stakeholders. It also looks at which mechanisms and initiatives have been put in place to support and promote this awareness. The emphasis will be more on Human Resources and other management processes to positively influence the associates’ mindset and engagement. Specific training modules and assessment checklists are being rolled out currently by different consultancy companies and internally by multinational organizations, so I believe that this topic will continue to gain importance.

On the future of audits

The more mature companies are becoming, the more autonomous the employees will operate, and the level of self-checks should increase accordingly. In many cases, there will also be more and more automation and switching to electronic portals and applications, especially in the tertiary sector (services industry). You can clearly see this happening in the banking sector already. Here in the UAE, most government services are moving to electronic services at a very fast pace.

As long as the human factor remains in place, and there is still some variability in processes, some oversight level will remain critical to maintaining the effectiveness. So many of the portals and Apps are showing defects and generate errors; this can sometimes be very frustrating for the users. And good luck to you trying to reach out to the customer service, explain your problem, and get a prompt resolution!

On the other hand, we can notice a steady increase in the number of standards and requirements. I recently saw a Standardization Institute presentation. The number of specifications they were showing for different types of the industry was staggering.

I believe that there will be more and more specialization happening in the future, and the auditing function will follow suit. It will also start to look more and more on business enhancement practices and End to End assessments.

Obviously, efficiencies and synergies will be looked into as much as possible for setting up the auditing process. It will prove quite hard to capture all of these disciplines in a single person, so most likely multi-disciplinary audit teams will fulfil this challenge. These teams will, in my opinion, also be more active in formulating new proposals and different approaches and act as a type of consultant to the senior management and business leaders.

Patrick, thanks so much for sharing with us some of your stories and perspectives. It’s been a real honor and pleasure to have you with us. I also want to make sure people can learn more about you and contact you for further discussion if they wish to do so. I believe the best place to start would be on LinkedIn at Patrick Koenig

Again, thanks so much for sharing!

Share This Post

Leave a Reply