Authors Posts by

ISO Update aims to provide information, resources, and updates around the Standards and Certification industry. We believe that organizational standards can help businesses of all shapes and sizes become more efficient and successful on a local, federal, or global scale.

by -
Improving Root Cause -

When analyzing a problem and determining its root cause, you need to apply logical and critical thinking, analytical skills and calculations to fit pieces together like a puzzle to present a picture that makes sense to the beholder. When fixing a problem, it shouldn’t be enough to just use a band-aid solution – if you fix the symptoms only, the problem is more likely to occur again. You should want to determine the root cause of the problem to ensure that it never happens again. Determining a root cause can be an easy few questions and answers, but here at ISO Update, we want to help you improve your ISO 9001 Root Cause Analysis to ensure your organization is performing at its best.

Read the full article here.

by -
ISO 14001 Explained -

ISO 14001 is the international standard for an effective environmental management system (EMS). It is a tool to assess organizational goals and performance and can be integrated with multiple other standards, such as ISO 9001. The standard focuses on optimizing an organization’s processes based on the international standard to ensure the organization is operating in a manner that will consistently produce products with no negative environmental impacts and strives for a positive impact on the environment. ISO 14001 was revised in 2015 and as of the ISO Survey Results released in 2018, ISO 14001 has been utilized by over 300,000 companies with over 440,000 physical sites certified around the world. These guidelines are all-inclusive and generic such that they can be applied to any industry and can be adopted by any organization regardless of its sector, location or size. 

2015 Revision

ISO 14001 was first established in 2004 and its most recent revision was released in 2015. The initial standard was confined to a narrow scope of environmental concerns and included only bigger enterprises. The revision brought about significant advancements including a high-level structure, expansion in the scope of environmental management services, expanded operational requirements and inclusivity of companies of all levels and sizes. Moreover, it also covers an extended array of domains concerning environmental management systems. It includes performance evaluation, improvement, support, operation, management, leadership, and support. 

Industrial Scope

ISO 14001 facilitates the environmental performance and operations of organizations and enables them to gain the trust of the stakeholders. The standard forms a basis for a continuous system of improvement and caters to stakeholder relevant environmental issues such as waste management, resource utilization and management, air and water pollution, and climate change alleviation. Properly utilizing ISO 14001 also works towards minimizing energy wastage and optimizing resource usage and efficiency, leading to decreased costs and increased operational savings. ISO 14001 aims to address the environmental concerns of organizations in a holistic pattern and provide companies with a competitive edge in the market. 

Benefits for Organizations

Companies have reported multi-faceted perks directly as a result of implementing ISO 14001 such as:

  • increased engagement of employees,
  • financial advantage,
  • better market image,
  • the confidence of stakeholders, and
  • competitive advantage

It was observed through research that SMEs are reluctant to adopt standards, with the most common reason being a lack of capital required for its adoption. ISO 4001 is specifically made to include both larger enterprises and SMEs on a similar set of regulations, meaning your larger competitors would be held to the same standards as you are if government entities were to move to mandate ISO 14001. Having a system in place before growth also sets your organization up for success as you grow, allowing your system to utilize best practices from the start without the costly need for external help after the fact. Preparing now will be a more cost-effective solution than fixing, evaluating, researching, and implementing a solution later on.

ISO 14001 is largely meant to enable your organization to minimize hazardous impacts to the environment. In this way, the companies abide by the environmental regulations alongside specific performance and operational indicators to ensure continual improvement. ISO 14001 also allows you to consider local, regional, and international regulations in an effective manner, to ensure your organization is compliant with all laws and regulations of every market you are present in, and any you wish to enter. Because of this, certification not only drives market compatibility but also brings about positive changes in the internal dynamics of your company.

Integrating ISO 14001

If you are interested in becoming certified to ISO 14001, you will need to first implement the system in your business effectively. This is done through properly understanding the standard, its requirements and an understanding of your organization and its capabilities. Proper implementation and certification to ISO 14001 is possible without certification to any other standard, or alongside other standards like ISO 9001:2015. It is our recommendation that any organization, no matter what industry can benefit from more than one standard certification. You may want to consider adopting both ISO 9001, the standard for quality management systems, and ISO 14001 and consider standards like ISO 45001, the health and safety management system, and ISO 27001, for information security management. At ISO Update, we believe strongly in the benefits that utilizing standards brings to companies.

The following approaches are effective for all ISO Standard management system implementations, just ensure the people you utilize have the correct credentials and experience.

Internal Implementation

Utilizing internal resources such as a quality management team or department is a great implementation method. Internal quality representatives with insider knowledge allow your management system to be truly unique and effective for your personal processes. It is also arguably easier to be held accountable to your EMS when it is internally developed and familiar.

Utilizing an internal quality team to develop your implementation plan, execute your new system, and monitor its effectiveness is encouraged within the requirements of ISO 14001 and most management systems for the purposes of demonstrating leadership and promoting the adoption of the standard and its best practices effectively. However, not all organizations have the capacity to dedicate personnel to this role or no personnel have the training or knowledge immediately to prepare a system well enough. Many Certification Bodies offer training for internal systems management, internal auditing, and informational sessions on each standard, so be sure to investigate what is available in your area.

Learn more about courses available in the ISOUpdate Training Directory.

External Implementation

Many organizations benefit from external implementation or consultants. An ISO Consultant works as an extension of your organization to become your “internal auditor”, without being a full-time employee. Consultants are typically ISO Auditors who have been working within the standard for several years and are hired by organizations like yourself to evaluate, critique and help you implement a management system that is completely tailored to your organization. An effective consultant should understand your industry, have valid industry codes, and experience you trust. It is important to utilize your typical hiring methods when looking to hire an ISO Consultant, considering your corporate culture, its needs and how your new consultant will work within your organization. This auditor should be an extension of your company, just like any other employee, and should be a person you trust and respect.

Consultants have the bonus of personal experience with External Auditors, the auditors that will come into your organization once per calendar year to evaluate your systems for certification. Consultants often have years of experience working with or for Certification Bodies and understand how to navigate you and your system through an effective audit and prepare your organization for success.

Consider: Your organization can have it all. Consider adopting both implementation approaches for the most benefit to your organization. Having internal personnel or a team dedicated to your management system with insider knowledge and experience of your company and the added experience in ISO and Auditing of a consultant to aid them periodically is immensely beneficial to your system and your company. Consider contacting a few CB’s and Consultants in your area to determine their recommendations based on your current capabilities, resources, your current management systems, and size of your company.

by -
ISO Certifications Construction Industry -

Written by Aurion

ISO Certification is always beneficial for industries as it helps in achieving business productivity. It also helps organizations to enhance customer satisfaction and improve product quality

ISO Certification consists of certain guidelines, standard practices, and requirements. It will help to transform organizational culture.

The organization will embrace the process of :

  • Practising quality first business processes
  • Optimizing business operations to continue, and,
  • Achieve higher business productivity.

ISO Certifications ideal for the Construction Industry

The most beneficial ISO Certifications for the Construction Industry are:

  • ISO 9001:2015 Certification for Quality Management System
  • ISO 14001: 2015 Certification for Environmental Management System
  • ISO 45001: 2018 Occupational Health and Safety Management Standard

Implementing ISO 9001:2015 Standard in Construction Industry

SO 9001:2015 is the ISO Standard is a globally accepted certification. It insists on implementing a Quality Management System (QMS) to enhance operational efficiency.

The Quality Management System Certification focuses on 7 key areas:

  • Customer Focus
  • Leadership,
  • People Management,
  • Process Optimization,
  • Continuous Improvement,
  • Evidence-based Decisions, and,
  • Relationship Management.

ISO 9001:2015 Standard in the Construction industry helps in :

  • Improving Employee Training
  • Employee Development, and,
  • Overall Corporate Communication

It helps employees increase job satisfaction, streamline business operations and enhance productivity.

Learn more about ISO 9001 Certification from Aurion International

Key Areas where ISO 9001:2015 Certification will be beneficial for the Construction Industry

You can evaluate supplier performance by leveraging practices of relationship management.

The Quality Management System framework can be used to assess the suppliers. Also, it improves the overall supply chain performance.

Companies can pitch to more Public Sector and Large Private Sector Clients.  They can demonstrate the practices of continuous improvements and business process optimizations.

Practising quality in business proceedings will attract international clients.  ISO 9001 Certified supplier will be trusted by international companies. They will be more likely to establish a long term partnership

ISO 9001:2015 Certification helps you to easily comply with the legal regulations. The QMS requires the organization to follow and practice certain regulatory requirements.

ISO 9001:2015 certification also helps in managing the risk effectively. Especially in case the construction contracts, often the budgets go up due to lack of planning.

QMS system ensures proper measures are taken to ensure the project is managed well. It helps in flagging any deviation from the scope and budget.

Additional Benefits for Construction Industry by getting ISO 9001:2015 Standard

  • Continuous improvements and practice industry best practices
  • Reduce Construction cost significantly to both builder and customer
  • A pre-requisite for participation in tenders of large Multi-National & Government Projects
  • Gain higher client and stakeholder confidence by being ISO 9001 Certified
  • Higher customer satisfaction due to streamlining of business process and product/service quality

Implementation of ISO 14001:2015 Standard in Construction Industry

ISO 14001:2015 Environmental Management System (EMS) ensures environmental protection.   The organization at every stage of the construction operation follows environmentally-friendly measures.

The Environmental Management System Standard is vital to ensure the environment is protected.

The organization ensures that there are no harmful elements are discharged to nature. No activities hinder the environment is undertaken by the company.

ISO 14001:2015 Certification specifies the requirements for building an Environment Management System.

It is to protect the environment, inspect and test systems and comply with environmental protection.

The organization must meet the environmental expectations of customers and the government. They must incorporate environmental management elements into organizational business processes.

Key benefits from implementing ISO 14001:2015 Standard

  • Improve resource efficiency
  • Reduce waste and drive down costs
  • Measure environmental impacts and rectify
  • Transform supply chain design into an environment-friendly one
  • New business opportunities from large companies
  • Build stakeholder and customer trust

ISO 14001:2015 will help in reducing the organization’s role in impacting the environment. It helps in understanding the effect the environment will have on the progress of the business.

It will save the consumption of materials and energy during construction projects. It reduces the overall cost by efficient waste management

ISO 14001:2015 will Improve environmental performance over the years. It will reduce harmful impacts on the surroundings. A system for continuous environmental support will be developed and maintained.

ISO 45001:2018 Standard in Construction Industry

Occupational Health and Safety Management System will take care of employee safety and health. Employee safety plays a significant role in the construction industry especially. It will prevent various incidents and accidents in the workplace that lead to serious injuries.

ISO 45001:2018 Standard is a globally recognized ISO Standard with external accreditation. It will help gain trust and get new business by showcasing to clients the compliance to ISO 45001:2018. It will ensure a safer workplace environment. Some of the large clients specify the ISO 45001:2018 Standard as a requirement for participating in the tendering.

ISO 45001:2018 helps organizations to reduce:

  • The overall occurrence of worksite incidents
  • Downtown and cost of disruptions due to health hazards
  • Cost of insurance premiums
  • Employee turnover rates

ISO Standard Certification helps organizations across industry verticals to achieve enhanced business productivity, boost product quality and achieve customer satisfaction.

About the Author

John Wick is an ISO Consultant working with Aurion ISO Consultants in Dubai. John likes to write on ISO Training, ISO Consulting, latest changes in ISO Standards, industry-wise benefits from getting ISO Certified. Reach out for expert consultation on any ISO related queries.

About Aurion

Aurion ISO Consultants, Dubai offers world-class ISO Services such as Training, Consulting, Certification, Implementation, and Audits in Dubai, UAE and Worldwide.

Aurion ISO Consultants is an Award-Winning Consultant firm in Dubai, UAE and one of the fastest-growing ISO Service provider in the UAE and GCC region. We have assisted 1800 clients across several countries globally.

We provide you with a Single-Window Solution with ISO Consulting, ISO Training, and ISO Implementation and ISO Audit Services. With our ISO Certification, you can transform your business into quality first one.

Contact Us: Aurion ISO Consultants | 0097142504150 | |#213&214,6E-A Dubai Airport Freezone, Dubai |

While you are planning to implement ISO Certification Standards for your organizations, to know more about the ISO Certification standards and all ISO related services from Aurion ISO Consultants, you call us right away!

by -
Developing an ISO 9001 Implementation Plan - ISO Update

Once companies have made the decision to implement a Quality Management System (QMS) like ISO 9001:2015, they are usually faced with a multitude of new considerations and issues to sort through. If you are currently running a successful business, chances are you are complying with a large percentage of the standard, it’s only a matter of being able to prove this to an auditor and document your processes effectively. By developing an implementation plan, you will give yourself goals and action points that will help you and your team efficiently tackle the objective of achieving certification. Working on a thorough implementation plan will not only help break the process down but will also give you a rough idea of the resources and time needed to start implementing the standard.

A bit of preplanning is also required. You will need to determine what your timeline and end goals are and whether they can reasonably be attained. Aim for realistic and practical goals and estimates and consider using generic checklists and “Gap Assessments” that will help you move in the right direction.

Want to learn more? Read the full article here.

by -
ISO Internal Audits Explained -

An ISO Audit is the systematic process of collecting and evaluating information about an organization’s processes to determine their level of compliance with the standard they are being audited against. Audits are completed to check the effectiveness of measures in place and to determine if the organization is operating at full capacity within the requirements to achieve certification and continue to grow. Within an audit cycle, which is typically 3 years, an organization will have both ‘internal’ and ‘external’ audits completed at least once per the calendar year, with the scope of the audit and the scale of the audit dependent on who is conducting it and its purpose. 

Internal auditing is carried out independently by an organization, utilizing internal personnel or an ISO Consultant with experience and knowledge of your organization and industry. It is an appraisal of the efficiency and effectiveness within certain departments or the organization. External Audits are done to evaluate your organization and recommend certification to the standard you are compliant with. External audits are performed by third-party auditors affiliated with a Certification Body. Internal audits are a requirement of ISO Standards, but cannot grant you an ISO Certificate.

Goals of Internal Audits:

The purpose of an ISO internal audit is to assess an organization’s efficiency as measured by the level of its quality and risk management systems and its overall business practices against one or more ISO Standards. Companies and organizations conduct internal audits to evaluate and improve the efficiency of their business practices capabilities by highlighting any existing flaws or shortcomings and ensuring plans are in place to properly address them.

While conducting regular and effective internal audits of your management system is a requirement of the standard, it’s also a requirement for a reason. Internal audits are a chance for your organization to truly see the progress you are making, and a chance for your employees to show off their skills and voice any concerns. Some of the major ways an organization can benefit from an internal audit:

  • To review and evaluate the reliability and soundness of its internal control system;
  • To ascertain the degree of compliance with established standards, policies and procedures;
  • To minimize losses and maximize profits;
  • To ascertain whether the information generated in an organization is accurate and reliable;
  • To ascertain the level of integrity of the data provided to management;
  • To provide informed advice and feedback to management on next steps and growth opportunities;
  • To seek opportunities for improvement in the existing systems.

Internal auditing is based on several guidelines that are dependent on the organization’s specific vision and strategy. To be beneficial, it should provide appropriate and unbiased information that the organization can utilize in the enhancement of its performance. This means that auditing should be undertaken while keeping in mind the specific requirements and criteria of the organization and the environment within which it operates. While you might be tempted to download and follow a checklist, don’t use these as a one-stop-shop for the perfect internal audit, utilize them as guidance and tailor them for your specific needs.

Principles of Internal Auditing:

Following are some of the basic principles of auditing that should be universally applicable regardless of the size, scope or industry.

Objectivity: An internal audit should be an objective activity. All internal auditors must maintain objectivity in their judgment. Consider if you are auditing your peers, to not hold previous judgement or past experiences against an individual or team, audit within your scope, do not audit with an objective of proving a point. Audit with the objective goals of bettering the organization and providing a value-added practice to the organization.

Ethics: Like all other business practices, internal audits should also be done within the confines of morals and an ethical code. (link)

Confidentiality: Auditors have access to sensitive information about the organization and its employees. It is very important to ensure the highest level of confidentiality to avoid possible misuse of such information.

Competence: Auditing is a complex procedure. It must be done by skilled, experienced and competent auditors. When selecting an auditing team, consider their questioning skills, and their listening skills. An auditor must be prepared to ask questions that will give them the information they need, without causing stress for the auditee. Consider offering employees ISO Training to help reduce stress and increase engagement.

Planning: The audit process should be thoroughly planned to avoid confusion at later stages. Once an audit plan is in place and dictated to the auditees, do not stray from the scope of the audit. This will avoid issues with timing and employee engagement.

Documentation: It is important to maintain proper documentation of the audit process. Internal audits conclude with a closing meeting where findings are shown to management and you must provide a detailed report promptly after the audit is completed. By ensuring you are documenting your findings effectively, you will have much more success in your closing meetings and when you create your report.

Integrity: The audit reports must accurately depict the facts discovered during the audit process. The integrity of the audit findings is essential.

Selection of Auditors:

Internal auditors should be carefully selected. An internal audit team must be adequately staffed in terms of both numbers and experience. They should also be properly trained to ensure that the needs of each audit task are fulfilled. The success of the internal audit largely depends on the quality of the audit team that is determined by the level of their training and expertise. 

Internal Audit Process:

The internal audit process should be planned well beforehand so that objectives are clearly defined, and priorities are established. You will need to provide the audit plan in advance to ensure you are able to talk with those you need to and can access the documents or processes needed to complete the audit on schedule. The planning process should include setting a schedule for each activity and setting deadlines. All tasks that need to be performed must be clearly defined. An audit plan should be made with a thorough understanding of the organization and its environment and presented clearly at the opening meeting. 

The internal audit process must be continuously supervised by a designated audit team leader. The Lead Auditor will ensure that the audit process is proceeding according to the plan. The performance of the audit team should also be reviewed just like that of other employees and members of the organization. A comprehensive report should be issued once the internal audit is complete with findings communicated promptly and concisely. These findings must be presented in a way that makes them helpful for management in deciding their course of action. 

The findings of the internal audit must be supported by ‘Audit Evidence’ which provides reasons for the conclusions of the internal audit team. This evidence must be easily understood and articulated in your reports to allow the external auditors to come to a similar conclusion during any third-party audit activities.

If done correctly, internal audits can have a very positive impact on the overall organizational performance of any company and be a value-added experience your company will benefit from.

by -
Climate Change & ISO Solutions -

The International Organization for Standardization (ISO) has a number of standards that work towards monitoring climate change, quantifying greenhouse gas emissions and promoting good practices in environmental management.

One such guide is ISO/DGuide 84, which sets guidelines for addressing climate change in standards. You can learn more about the guide here. ISO has also set goals for their contribution to the UN’s initiatives for sustainable development “By supporting our members to maximize the benefits of international standardization and ensure the uptake of ISO standards, we’re helping to meet the United Nations Sustainable Development Goals (SDGs).” – Source

In this article, we will focus on ISO’s goal of “Climate Action – Take urgent action to combat climate change and its impacts”, and on the ISO 14000 family of standards, which focus on environmental management systems (EMS).

First, to understand the need for standards, we should investigate the effects we have on the environment, and what we can do to change. Every one of us has an impact on the environment, but arguably, organizations have a larger, more reaching effect on the environment. Consider the footprint of each item you manufacture; where it came before you, where it will go after it leaves you, and the ripple effect that follows. Therefore, companies have a duty to consider each stage of their product or services journey, and its effect on the environment. This is also applicable to your suppliers and the processes they use to provide you with a product or service.

One major impact to consider from your organization, and the world-leading cause of climate change is greenhouse gases.

Greenhouse Gases

The United States Environmental Protection Agency defines Greenhouse Gases as “gases that trap heat in the atmosphere”. The name ‘greenhouse gases’ references the greenhouse effect. Greenhouse gases allow the sun’s light to shine onto Earth’s surface, and then the gases, such as ozone, trap the heat that reflects back from the surface inside the Earth’s atmosphere. The gases act like the glass walls of a greenhouse—thus the name, greenhouse gas. The more GHG’s present, the less heat that can leave the atmosphere, thereby increasing the overall temperature of the Earth and shifting the balance of the weather cycle, and global environmental patterns. –Source

Types of Greenhouse Gases

Carbon dioxide: Created by the burning of fossil fuels like coal, natural gas, oil, and biological materials like trees; the reaction of certain chemicals like the manufacture of cement.

Methane: Emitted during the production and transport of coal, natural gas and oil; the result of livestock and agricultural practices; decay of organic materials in landfills.

Nitrous oxide: Emitted during agricultural and industrial activities; combustion of fossil fuels and solid waste; during treatment of wastewater.

Fluorinated gases: Hydrofluorocarbons, perfluorocarbons, sulfur hexafluoride, and nitrogen trifluoride are synthetic, powerful greenhouse gases that are emitted from a variety of industrial processes. Fluorinated gases are sometimes used as substitutes for stratospheric ozone-depleting substances (e.g., chlorofluorocarbons, hydrochlorofluorocarbons, and halons). These gases are typically emitted in smaller quantities, but because they are potent greenhouse gases, they are sometimes referred to as High Global Warming Potential gases (“High GWP gases”).

Learn more from the United States Environmental Protection Agency about GHG Greenhouse Gases

Depending on your industry, you may not have a direct reaction to these gases, nor how they relate to how you change. However, relating back to your environmental footprint, consider how you receive the raw goods you utilize to create your end product, how are they manufactured? Do you ship products across the globe – how are you ensuring the organization you hire to ship these goods is not dumping their garbage in the ocean or polluting the air with toxic chemicals?

ISO Solutions

This is where utilizing industry best practices and international standards is essential. By putting in the work to comply with an international standard, you can be sure your management system will not allow you to hire a supplier who harms the environment. While this is just a small example, it illustrates just how ISO Standards and proper utilization can help.

ISO 14001 is the standard for environmental management systems (EMS) which you as an organization can become certified to. This standard was developed as a guideline for organizations to follow to ensure their business processes are conducted in a way that is sustainable and environmentally conscious.

ISO 14001 was developed as guidance for organizations to better their processes from the inside out with their environmental impact at the core of each decision made. Compliance with ISO 14001 provides a systematic and strategic approach to dealing with your company’s effect on the environment and its solutions to decrease your impact.

Organizations with certification to ISO 14001 benefit from industry best practices for sustainability, internal and external audits and validation, constant feedback and improvement measures, and confidence in your measurements of effectiveness. Because of the lifecycle of ISO Certification, your processes will be evaluated internally and externally over a three-year cycle, with certain major and critical processes being evaluated yearly. With this cycle, you can be assured that your organization is operating at its best potential with regards to environmental management systems, and processes that are not effective will be evaluated, altered, and monitored on a consistent basis to ensure their improvement and success.

With the new revision to the standard, ISO 14001:2015, like ISO 9001:2015, an emphasis has been placed on Leadership commitment. In previous versions of the standards, management commitment was not a requirement. With the new revision, there is no such thing as a management representative, now everyone is required to commit to the promotion of the EMS. Also, in previous versions of the standard, ISO 14001 required a commitment to reducing negative environmental impacts. Now, organizations much also commit to having a positive impact and improving environmental conditions.

If all organizations and corporations utilized these ISO requirements and best practices, imagine the positive effect on the environment!

Part of the ISO 14000 family of standards includes guides and requirement documents that help organizations with proper protocol and standard best practices for audits, communications, labelling and life cycle analysis, as well as environmental challenges such as climate change. ISO 14064 is one guide with a specific focus on quantification and reporting of greenhouses emissions and their removal. ISO has a full list of standards created to help with the climate crisis, you can learn more about the ISO 14000 Family here.

by -
Align Your Audits -

Written by: My Audit Spot

Over the past year, My Audit Spot has been uploading a variety of templates covering all aspects of the audit process. The templates are a way to share audit knowledge, skills, and templates; whilst also providing an opportunity to help other auditors become more diligent and efficient while meeting the requirements of the IIA’s International Standards for the Professional Practice of Internal Auditing (Standards).

It is important to note, that without an independent assessment, My Audit Spot cannot say that these templates conform to the Standards. Similarly, anyone using these templates in a review cannot state in their final report that the audit has been conducted in accordance with the Standards without an independent assessment. However, the templates have been built off best practice from across the industry, with particular attention paid to requirements of both the Internal Audit standards and Auditing Standard – ASA 230 – Audit Documentation.

The My Audit Spot audit overview shows how each template can be linked to the audit standards. Snippets of our audit process and how it links to the audit standards are included below.

The Standards

The Global Institute of Internal Auditors (IIA) has put together standards aimed at guiding adherence with the mandatory components of the International Professional Practices Framework (IPPF) for performing audits, establishing a basis for evaluation and, encouraging improved business processes and operations.

As the IIA states, “The Standards are a set of principles-based mandatory requirements…”. These should form the minimum of all your workpapers.


Your audit will only be as good as your planning. Failure to appropriately plan and scope the review could result in risks not appropriately reviewed, or business improvement opportunities not identified.

The Standards reflect how important the planning phase is, with the Standards considering everything from current risks and governance processes, through to current control frameworks within the business, and even the objectives of the review. The templates My Audit Spot has developed will help guide you throughout the planning process and help your organization consider parts of the Standards.

Be sure to consult the Standards yourself to ensure you’ve considered all the minimum components.

My Audit Spot planning templates can be accessed here.


This is the guts of it. By now, you have done all the planning, worked out what your risk areas are, and now built a Work Program around how you are going to test and address each of the identified risks.

Throughout the fieldwork phase, it’s important to ensure your work is appropriately documented. If it’s not documented, it’s not done. At a minimum, each workpaper should include:

  • Scope area being addressed
  • Purpose/objective of the workpaper
  • Methodology – how we have performed the work
  • Tests
  • Outcome / conclusion

My Audit Spot fieldwork templates can be accessed here.


Not only is the audit report phase one major output of your work, but it is also a direct reflection of the effort and attention to detail which has been undertaken during the audit.

An audit report also has the potential to value add by identifying opportunities or future considerations which may not have otherwise been surfaced.

It is important that reports are communicated to the relevant stakeholders and appropriate management. Additionally, reports should be clear and concise as they will be constantly referred to for the action tracking/audit follow up process.

My Audit Spot reporting templates can be accessed here.

About My Audit Spot

My Audit Spot Logo ISO Update

My Audit Spot is a space to share audit tools, knowledge and resources. Our mission is to encourage collaboration across internal auditors through the sharing of tools, knowledge and resources; ensuring audit remains a trusted and respected profession.

Follow My Audit Spot on Facebook, Twitter, and LinkedIn.

by -
Ethics in Auditing -

Ethics and Integrity is the choice between what’s convenient and what’s right. Reinforcing good execution and behavior of any organization relies on an auditor to confront poor execution and behavior and endorse proper and conforming behavior, and not simply “look the other way” when pressured from above or by budget. If you wish to perform a value-added service with your audits and report, you have a duty to utilize ethical practices in your audits, for the good of your own reputation, and the good of the company paying you to audit their work.

Ethics is a personal choice, it’s a personal compass that dictates right from wrong but unfortunately, it’s not always common sense. Being an auditor, you may face scenarios where you can’t always tell which choice is right, which choice is easy, and which choice will let you keep your clients happy. The issue stems from a bias in the industry that is hard to avoid. The people you audit are paying you, and therefore hold power over you as an auditor or a Certification Body to produce favorable results or they will jump ship to another provider. While this is an industry norm, it still produces scenarios where the potential for “letting something slide” is easily allowed. This, however, is not ethical and tarnishes the whole perceived image of certified entities.

Auditors can understand different business needs, the requirements of the standard, and the best possible person to rely on to ensure a company is running an effective business according to the standard. To fill these criteria, an auditor must be honest and have integrity. They must be fair and trustworthy, and willing to be “the bad guy”. They must have the ability to push through difficult situations and then work with people in a constructive manner.

Qualities of an Ethical Auditor


Being honest should be any professional’s main building block. Being honest is the foundation of any working professional that will help foster trust between you and a client, supplier, or in any relationship, professional, or not. Consider the consumer pipeline, and you as an auditor are the “product” to be sold to a customer. A customer must first learn of you and an option to “purchase”, they have a need of an auditor. Perhaps they learn about you from an online directory like ISOUpdate, or from a Google search and find your website or referral. They must first trust that what you say is true, i.e., your experience level, your industry codes, etc. This is where your honesty as a business professional will shine. What is said about you in customer referrals, testimonials, and word of mouth statements is often out of your control. But honesty is in your control. By providing a service that is honest – from what you charge, to what you provide, and if you follow through on the claims you make – you will cause customers to be delighted by your services and offer your praises to others.

To elaborate on a point above, to ensure you are honest is to follow through on the claims you make. Following through on promises is an essential way to prove your honesty. The cliché to consider here is “under-promise, over-deliver”. While we do not encourage using this approach every time, as it can set unreasonable expectations in the long run, we do encourage you to be mindful of your capabilities. Be honest with your clients, and they will have more respect and trust in you.


A good auditor will always look thoroughly into the matter before forming any opinion, clearing any biases and not allowing experience to cloud judgment. While all bias cannot be removed due to the transactional relationship between auditor and auditee, it can be neutralized. If you are an internal auditor, that is an auditor who works within the organization and with your peers on a daily basis, consider how you can make the audit process easier and less stressful. Leading up to the audit, inform your peers of the dates that they will be audited, and inform them of what to expect. You are preparing them for the certification audit, which will be conducted by a third-party auditor who won’t be you, so tell them what to expect, and most importantly, not to worry or hide information. By alleviating some of the stress of being audited, and having everyone prepared, you will be able to audit more successfully and without resistance, allowing for an accurate picture of the organization, its shortcomings, and its successes.

This is where companies will truly see the value-add to the audit and certification process. If the organization isn’t showcasing the true nature of their shortcomings, you are not going to be able to get to the root of their system, and they will continue to falter. Here is where it is also helpful to have a relationship built on trust and honesty, allowing you to do your job to the best of your abilities.


As an auditor, you have been commissioned to evaluate a company’s systems against a specific standard. You only have a limited time to sample the largest picture possible and evaluate if the organization is successfully following the requirements of the standard, is aware of and working towards improving aspects of their system that aren’t compliant, and is striving towards improvement. You might be a single auditor or part of a team of auditors, but regardless, it is not possible to see the whole system in one day. This is where pre-planning your audit objectives and sticking to those objectives is essential. Each audit will start with the scope of the audit being set and reviewed in the opening meeting. Do not stray from these objectives unless unforeseen circumstances arise. Sticking to your plan will help foster trust and create a much-needed sense of security between you and the organization.


Timeliness also falls within the qualities of honesty and objectivity. Promptness, punctuality, and professionalism are the 3 major ”Ps” that perfectly encapsulate the qualities of a good auditor.  Set your objectives, be mindful of the time you have available, be prompt and punctual with the time you promised, and be professional with every interaction you have. You are being paid to conduct an audit and provide an accurate report; follow through with your objectives and return your report within a reasonable time so the organization can begin to make changes based on it.


If you bring clarity to a situation, you help people see what really happened by clearing up misunderstandings and providing explanations. You may hear this a lot, but use plain language whenever possible. You may be speaking to veterans in the standards industry or you may be speaking with someone who’s never heard of ISO before, regardless, you should be treating every room with the same expectations. Speak to be understood, not to seem superior or knowledgeable. There is no harm in asking the people you audit their knowledge level if you do it with respect.

Expanding on the above qualities, be clear about your objectives and provide an Audit Plan that is clear and transparent about your audit goals and your expectations. You may also want to start off each new relationship within an organization with a meeting that states your auditing style, reviews the audit process, outlines when they can expect reports and final documents, and how you will present findings. By clearing up any initial questions or concerns a client or auditee may have from the beginning of the process, you can foster a relationship of trust and respect.


Keep your word…. it takes a strong character to keep your word, even more so when someone treats you poorly.  Do not let biases or circumstances outside of the client’s control affect what you promised. If the need occurs, be honest and ask for their understanding, but deliver what you promised within a reasonable timeframe. Delivering on what you promised shows integrity and trustworthiness. Not delivering on promises showcases a lack of organization, time management skills, and a personal lack of ethics. Keeping your word is one of the smallest yet most impactful things you can do to build trust in your audit. If you want to establish a solid reputation you must deliver on your promises.

Keep Commitments

When you make a commitment you create hope, and when you keep it you create trust. An ethical auditor stays loyal to what they promise to deliver. Nothing in the world says more about your work ethic than your commitment to your work. Stay true to your objectives, your schedule, and your timelines and you will reap the benefits of happy customers.

Pay Attention the Environment

To be at the top of your game you must be vigilant and observant and must have a tight grip on your environment. Sometimes the answer is right there in front of your eyes, all you must do is pay attention and heed what you perceive. As an auditor, this may be second nature within an audit, but this also applies to auditing yourself, your shortcomings, and your ethical practices within your own work. Hold yourself to the same standard you audit against, evaluate your processes, your review processes, and your improvement needs and objectives. You may have been doing this for years, and you may have found the perfect way to do things, but change is the only constant, and there is always room to grow, even within yourself.

by -
7 Steps to Quality Excellence -

ISO Certifications are always in demand due to its relevance in the competitive business world. The ISO Standards gets their periodic revisions once in every 5 years. Each revision is in line with the latest market trends, and have changes in policies and processes that are apt to the modern business scenario.

The ISO certification process might seem like a tiresome and lengthy process in the first go. Choosing the right consultant is the key to success.

To know more, you can read our blog on How to Choose the right ISO Consultant here.

The ISO Certification journey follows 6 basic steps that are:

1. Choosing the right Standard

The ISO 9001 Quality Management System is the most popular one to start with. It helps in building a consistent level of quality and customer satisfaction. Based on the industry and business requirements, there are various ISO Standards to choose from.

Aurion ISO Consultants will help you choose the right Standard based on your business activity and guide you through the implementation and certification works.

Other popular Standards include ISO 27001 (Information Security), ISO 14001 (Environmental) and the ISO 45001 (Occupational Health and Safety).

2. Choose the right Consultant for your business

Ensure the Consultant works in alignment with your organizational goals. The success of the ISO Certification depends on your Consultant.

Ensure the ISO Consultants are knowledgeable about the recent revisions of ISO Standards, policies & compliance requirements, documentation support, etc. Also, building a good rapport with the consultant from the beginning is essential.

For checking the authenticity of the Certification Body and the Consultant’s accreditation, you can visit the concerned ISO Authorization body’s website and request for sample Certifications from the Consultants.

3. Onboarding and Conduct Gap Analysis

Once you finalize a Consultant, the next step is onboarding the Consultant to your team. Fix up a meeting to discuss the Certification journey. The Consultant will conduct a Gap Analysis to identify the current business operations, processes followed and suggest process improvements.

Onboarding and conducting a Gap Analysis is a critical step in the ISO Certification process. As it is the starting phase, and the action plan is drawn out from the initial meeting and business process assessments. The required process improvements are to be initiated to develop a Quality Management System that is compliant with ISO 9001:2015 requirements.

4. Document Preparation

The new ISO 9001 Standard is focused on process optimization and less on documentation. Still, the documentation of the process improvements and related policies must be maintained for streamlined implementation of the ISO 9001:2015 Standard.

The ISO Standard indicates that the documentation needs to be created at instances where it adds value to the work process. The main aim of ISO 9001:2015 Standard is to maintain quality first process/services and enhance customer satisfaction.

5. Developing the Quality Management System

Develop a Quality Management System based on the recommendations from the Gap analysis. A Management System is a set of documents that outlines your business processes. The Quality Management System Implementation is a vital step in the ISO Certification process.

The Quality Management System consists of industry best practices, quality principles, methodologies to implement effective business processes to enhance product quality, deliver positive customer experience, etc. The Quality Management System must be in place before the inspection by the third party (Accredited Certification Body) is conducted.

Once the implementation of the Quality Management System is complete, organizations can undergo an internal audit to ensure all the process implementations are in compliant with the ISO Standard.

The Internal Audit is conducted by the ISO Consultants and they interview the employees, look at sample work reports, observe the business operations and suggest corrective actions as required.

6.  Conduct the ISO Certification Audit

Along with your ISO consultants, select the certification body for the external certification and submit your Quality Management System documentation for review to the external body. The external body will be an accredited Certification body that will issue the ISO Certification based on the compliance requirements after conducting an audit.

The external audit will be conducted by the accredited certification body on your premises by reviewing the business operations. Any non- conformance to the ISO requirements will result in an extension of the certification issuance. On mutual agreements, a revised timeline will be given to incorporate the changes so that the processes comply with the ISO Standard requirements, and results in successful issuance of ISO Certificate.

7. Certification

Once all the requirements are in place; the certification will be issued by the certification body. The ISO Certifications are valid for 3 years. Re-audit will be conducted for the new certificate issuance to ensure that the policies are in place and the business processes are ISO compliant.

Aurion ISO Consultants are one of the pioneers in ISO Consultation, Training, Implementation, and Audit services in the UAE and globally. For all your queries on ISO Standards related Services, feel free to reach out to us!

About the Author

John Wick is an ISO Consultant working with Aurion ISO Consultants in Dubai. John likes to write on ISO Training, ISO Consulting, latest changes in ISO Standards, industry-wise benefits from getting ISO Certified. Reach out for expert consultation on any ISO related queries.

About Aurion

Aurion ISO Consultants, Dubai offers world-class ISO Services such as Training, Consulting, Certification, Implementation, and Audits in Dubai, UAE and Worldwide.

Aurion ISO Consultants is an Award-Winning Consultant firm in Dubai, UAE and one of the fastest-growing ISO Service provider in the UAE and GCC region. We have assisted 1800 clients across several countries globally.

We provide you with a Single-Window Solution with ISO Consulting, ISO Training, and ISO Implementation and ISO Audit Services. With our ISO Certification, you can transform your business into quality first one.

Contact Us: Aurion ISO Consultants | 0097142504150 | |#213&214,6E-A Dubai Airport Freezone, Dubai |

While you are planning to implement ISO Certification Standards for your organizations, to know more about the ISO Certification standards and all ISO related services from Aurion ISO Consultants, you call us right away!

by -
What is ISO Certification -

What does it mean to be ISO Certified?

Even if you’re relatively new to the quality business, you might have heard of “ISO” being frequently namedropped especially in the context of quality management. Far from a simple buzzword, it’s quite a big deal in the marketplace and as an aspiring new business, a business person looking to grow your business, or even an entrepreneur looking to set your business up for long-term success, you need to be informed about ISO Standards and standardization.

ISO Certification

ISO is the International Organization for Standardization – It’s an independent, international organization that produces various standards spanning throughout the business sector that help improve and ensure quality, efficiency, consistency, and safety of operations and their consequent products and services.

Relevant business sectors include health and safety, information security, energy management, environmental management, aerospace and defense, medical devices, and many more. The standards are deliberately made to be both comprehensive yet generic enough to be incorporated into any business regardless of size, sector or context.

It is important to note here that ISO cannot certify you themselves. ISO develops the standards, but the certification process is performed by external certification bodies and ISO cannot certify a company or organization directly.  Despite this, their committee on conformity assessment (CASCO) has produced a set of guidelines and standards that these external certification bodies are expected to use as a reference to help adequately measure conformance and quality during the certification process.

ISO 9001 is an internationally recognized and trusted quality management system that has been adopted by companies all over the world to help achieve standardization and quality assurance. The first step to ISO 9001 Certification is to understand the standard. You will want to download the standard document first to get familiar with the requirements of certification. The ISO 9001 standard is basically a rule book stating what you need to have or do. The standard is generic in nature, allowing any organization in any industry to benefit from it. ISO 9001:2015 is currently the most recent version of the standard and is the version you should be using to develop your quality management system.

By following these requirements you are “compliant with the ISO 9001 Standard and therefore can be recommended for certification by your Certification Body.

Purchase the ISO 9001:2015 Standard Here

When choosing a Certification Body (CB) to provide certification and auditing services to your company, verify that they are accredited. This simply means the CB is compliant with their own set of standards for being a CB, specifically ISO 17021. Check out our video on “requirements for certification bodies” to learn more.

Complying to ISO 17021 means the demands of the standard are assessed by an external agency called an Accreditation Body that is a member of the IAF-MLA in the CB’s region. Consider this a license to issue certificates or a degree to do a certain job, without which you are not qualified. To issue a certification of compliance to ISO 9001:2015, your CB should be accredited to ISO 17021.

What does it mean to be ISO Certified?

Being ISO 9001 Certified means your organization has a quality management system in place that utilizes international best practices to standardize your processes and system using the ISO 9001:2015 standard to ensure you consistently produce products and services that meet and exceed your customer’s expectations.

Since the guidelines of ISO 9001 are quite comprehensive and the process of implementing a system, having multiple audits, and maintaining compliance is quite stringent, achieving certification is recognized as an impressive feat and speaks volumes about your company’s commitment to providing your customers with high-quality service.

What Next?

If you are considering ISO 9001 certification, but do not have relevant experience, check out these resources to help you get started:

What is ISO 9001?

Tips for Implementing the Standard

Choosing a Certification Body – Choosing the best Certification Body for your Business

Tips for Audits: