Published: 15 Sep 2017

John Feltham, CQP FCQI, has been on the receiving end of audits for decades. Find out why having the right auditor, identifying risks and understanding organisational context, have been crucial for successful audits at Portsmouth International Port.

Portsmouth International Port has been approved to ISO 9001:2015, ISO 14001:2015, ISO 27001, ISO 22301 and OHAS 18001. But to get the most from each of these standards it was crucial that the auditor assigned by the assessment body possessed industry knowledge to understand how the organisation interpreted the standards for its needs and benefits. “That was the key thing for us; an auditor’s knowledge and understanding and how it interrelated with how we interpreted the standards for our needs,” says John Feltham, CQP FCQI, compliance manager at Portsmouth International Port.

Selecting an assessment body that understands your business and strategic aims results in a positive process because it can allocate an auditor who can grasp your overall strategic direction. It’s important to consider the body’s reputation, UKAS accreditation, the scope of your registration criteria and whether they can assess your industry sector, says Feltham. 

Auditor behaviour 

Some employees become very nervous when being questioned, so an auditor must have the ability to put people at ease. The auditor should ask questions such as, “Talk me through your role and how it fits with the organisation’s strategic plans,” and, “Tell me about your responsibilities and explain how what you do adds value.”

Being a good auditor means more than possessing technical knowledge; it’s also about having the interpersonal skills to give people a sense of accomplishment at the end of the day. Ending up with a list of non-conformities doesn’t add value to an organisation.

Selecting an assessment body that understands your business and strategic aims results in a positive process

“We’ve had some bad experiences with auditors who were clearly out of their depth,” Feltham tells QW. “But we’ve had positive experiences with the majority of the auditors we’ve had, where synergies could be found between the auditor’s knowledge of the standards, their sector background, and our business processes and interpretation of the standards.”

The organisation has built a good relationship with BSI, which has been their assessment body for three decades. 

Risk assessment

Organisations must be diligent about identifying risk and its effect on the business if processes fail.

“One little process could fail and it could have a major impact on everything else so we have to identify all that,” Feltham says. At Portsmouth International Port, emergency planning is a key business aspect. It means that the organisation needs to consider the risk of failure if evacuation during a potential crisis doesn’t work. The port mitigates risk by exercising and testing evacuation plans. Other key areas to consider at the port include health safety and environmental risk, marine risk (ship operations) and information security risk. 

Adapting to change 

One of the major changes in ISO 9001 and ISO 14001 is clause 4, Context and Organization. Considering how it relates to interested parties helps organisations to enhance their understanding of internal and external influences. This was the biggest change to impact the port. It was able to restructure its management system and understand the needs of various interested parties.

“As part of our corporate governance and social responsibility here at Portsmouth International Port, we have to ensure that we have a clear understanding and are able to deliver on not just our customers’ needs but also the needs of the local authority, who own us, the local community and statutory bodies such as border force and emergency services,” Feltham says. “This new context of the organization is the biggest change and best change for us.”

The port’s annual business plan outlines 10 objectives, which range from investments to achievements to standards. Team meetings, individual objectives, appraisals and KPIs to measure the success of critical factors are among the ways leadership integrates strategies in the organisation. 

Today’s practice of auditors interviewing top and lower management is another recent change that benefits the auditor and the organisation. Speaking to both levels of management gives an auditor a clear picture of the business plan and how individual roles contribute to the organisation’s strategic objectives. Conversely, this is an opportunity for the organisation to demonstrate the strength of their leadership and how their strategies cascade across the whole organisation.

Feltham describes this as an excellent process – one that was never done before. “The auditors got a good understanding of what our port director’s objectives were.”