Compass Assurance Services Helping you manage risks more effectively Thu, 21 Sep 2017 00:15:08 +0000 en-US hourly 1 A guide to ISO14001 Certification: Managing and accepting risk Mon, 28 Aug 2017 01:38:31 +0000 read more →]]> It’s time for the next instalment in our new blog series; Your Guide to ISO 140001 Certification. In the last post, we covered how to identify and control significant environmental risks within a business.


But what happens if you can’t manage a risk down to an acceptable level? Considering the requirements of ISO14001 your business can still operate with such risks, management just needs to be aware of the risk and accept it. The controls in place around the risk could follow a well-known concept, the Hierarchy of controls. For more on this read our blog post here. The first step in this process is trying to eliminate a risk entirely. Further up the hierarchy, it comes down to reducing the risk by finding an alternative method of doing a task that does not have the same level of risk associated with it.


What needs to be in place regarding high-level environmental risks is a procedure or steps on what actions to take if you do assess an environmental risk as high. One approach to this is when actions return a risk assessment finding as high risk seeking approval from supervisors or senior management for further on how to manage the process.


Now you’ve documented your risks and established controls around your environmental management system it is essential to manage these risks going forward. Keeping records is an essential part of getting and maintain our ISO14001 certification with many businesses adopting a register to manage these risks however you can adopt any document management process you wish.


Subscribe to keep up with our Guide to ISO14001 series to know when we will cover our next step in the certification process.

]]> 0
ISO 9001 Essential Training course Mon, 28 Aug 2017 01:35:01 +0000 read more →]]> Compass Assurance Training has upcoming classroom training dates for our ISO 9001 essentials training course all over the country.


What is it?

This course focuses on the areas that we as auditors most commonly see during the audit process. The ISO 9001 Essentials course is designed to provide a practical overview of the 2015 version of ISO9001. It covers each section of the standard with emphasis on practical application: we want you to understand how the standard will apply to your business.

ISO9001 Quality Essentials Quality Course covers the following Learning Outcomes:

  • Basic understanding of ISO 9001
  • How to write a policy document
  • Understanding objectives
  • How to start planning your audits
  • How to formulate a corrective action process


Who should take this course?

Entry Requirements? Great news there aren’t any. This course is designed to be suitable for all learners keen to develop their understanding of ISO 9001 and it’s practical application. Whether you’ve had some experience with certification or none at all this course is designed to build on that understanding.



Enrol in our upcoming courses by emailing training here. 



Date: Friday 8th September

Location: Suite 1A, Level 2, 802 Pacific Highway, Gordon NSW 2072.

Cost: $390 (ex-GST)



Date: Friday 22nd September

Location: Level 9, 120 Spencer Street, Melbourne, VIC 3000

Cost: $390 (ex-GST)



Date: Wednesday 27th September

Location: Level 1, 135 Queen Street, Cleveland QLD 4163

Cost: $390 (ex-GST)



Course: PECB ISO 9001 Certified QMS Foundation/Internal Auditor Course

Details: In this 2-day course participants develop the competence to master a model for implementing and conducting internal audits of a quality management system throughout their organisation using the ISO 9001:2015 standard as a reference framework.

Date: 21st – 22nd September

Location: Unit 4, 39 Denninup Way, Malaga, WA 6090

Cost: $995 (ex-GST)


To enrol or enquire get in touch by contacting us.

]]> 0
ISO 19600 Compliance Impact Ladder Fri, 18 Aug 2017 01:13:17 +0000 read more →]]> The compliance management system standard (ISO 19600) provides a governance and management framework for systemising the conformance efforts of businesses.  Whilst it provides hints as to what best practice looks like it does not provide the equivalence of the OHS hierarchy of controls. In collaboration with the experienced team from Spark Growth Solutions & Compass Assurance Services have developed the Compliance Impact Ladder.

Compliance of course, is very different to health and safety where avoidance is the primary control whereas with compliance it is the risk appetite of the business that determines control effectiveness. A business culture that values honesty, transparency and accountability is the most effective assurance of your compliance management system.  This means that there is clarity of the compliance risk appetite of the business, the means of control are clear to all and the risk ownership including accountability for outcomes is allocated appropriately.

The Spark Compass Compliance Impact Ladder is a rhetorical device that provides insights into the drivers of a successful management system.  Ultimately, compliance risk management outcomes depend on the human factor more than any other.  Hardwired controls can provide a level of assurance provided these are not easily circumvented however, in the end it will be informed behavioural markers of the business that will impact compliance outcomes most.  The cultural desire to “do the right thing”, to be open, honest and transparent are the keys to successful outcomes consistent with the risk appetite of the business.

For more information Compliance management and certification to ISO19600 see our web page here. 

To get in touch with our team on what Compass Assurance can do for your business in Compliance Management and ISO 19600 contact us here. 


]]> 0
ISO45001: The next steps Mon, 07 Aug 2017 06:58:27 +0000 read more →]]> ISO45001 is the new voluntary international safety standard currently under development by the International Organization for Standardization (ISO). ISO 45001 Occupational health and safety management systems – Requirements with guidance for use, will focus on developing and implementing management systems with a framework that reduces the risk of harm and ill health to employees. The standard has been under development for some time but is currently nearing publication.

Experienced Compass Auditor Mike Gray gave his thoughts on the new standard in earlier in the year in his ISO45001 presentation with the Safety Institute of Australia – read over the key points of that presentation here.

Following the approach taken regarding revision of ISO14001 and ISO9001 the standard is currently being developed by a committee of occupational health and safety experts taking into account the current OHSAS 18001 safety standard which ISO45001 aims to supersede. We took a look at some of the proposed changes in the draft version of the standard against OHSAS 18001 earlier this year in: ISO45001 and OHSAS18001: Updates and Key changes.

The next draft of ISO 45001 was published on 19 May 2017 with the ballot period will ending 13th of July 2017. This process enables ISO members to take an active role in the development of the standard. Members can vote on the current draft of the standard before it moves forward to publication. This is currently expected to be early 2018. Anyone interested in commenting on the second draft can do so through their national ISO, for Australia, this is Standards Australia.

Need to transition? Take our Training Course.

Compass Assurance will be offering ISO45001 training to all originations currently certified to OHSAS18001. These classroom courses will enable participants to understand the new requirements of ISO45001 and how their business needs to change to remain compliant.

Register your interest at for more information on upcoming training courses.

]]> 0
AS/NZS5377 – Collection & Storage Mon, 24 Jul 2017 05:31:36 +0000 read more →]]> Our last blog post there are the essential AS/NZS5377 elements to managing the almost 40 metrics tonnes of e-waste created each year. AS/NZS5377 is a management system standard developed by the Australian Government Department of the Environment and the New Zealand Ministry of Environment. The intent of the standard is to provide a uniform approach management of e-waste activities, mostly around safety and environmental concerns. AS/NZS5377 has 5 sections that relate to various “steps” in the e-waste processing progress.

Section 2 of the standard covers requirements for collection and storage facilities. This section applies to organisations who are positioning themselves in the market as a place where end-of-life electrical equipment will be collected and/or stored for the purpose of transport to a facility for material recovery or processing.

Considerations in this section of the standard include:

  • Signage and access
  • Security of the storage area
  • The ability to segregate waste
  • Processes for ensuring the storage area adequately protects waste (to prevent discharge, leakage or combustion)
  • Systems for handling electronic and electrical waste that is dumped at the facility.

Most operators fall into one of two categories: a business that collects e-waste using methods such as putting out bins at waste disposal locations or bins at electrical retailers and collects the waste directly from the community and then brings it back to a facility.

This competent of the e-waste collection process can be outsourced in some instances but is commonly seen to go hand in hand with storage of e-waste.

A wide arrange of businesses and functions could potentially exist in this space. Storage of e-waste is similar to a warehousing processes. This function often interacts hand in hand with the collection but can be isolated to storage only.

Section three on Storage and Collection has a lot of crossover with Safety & Environmental fundamentals that are shared in ISO14001 and AS/NZS4801. One key aspect of storage of e-waste address the environmental impacts of storing waste. Environmental impacts are a key concept of getting and maintaining ISO14001 which we cover in our Guide to ISO14001 series.

]]> 0
ISO9001 certification & risk-based thinking Sun, 25 Jun 2017 13:40:35 +0000 read more →]]> The 2015 version of ISO9001 Quality management systems the ISO introduced the concept of risk-based thinking. Although many who have experience with the standard will argue that it was always there in one form or another with preventative action. The updated version of the standard just articulates preventative action as risk-based thinking. This change has shifted the way both auditors and clients think about the standard.


The aim of risk-based thinking is to take advantage of opportunities and prevent undesirable outcomes having negative impacts on a business. Importantly nowhere in the standard does it say that you need a risk register or a risk matrix. The standard doesn’t specify that these types of records need to be kept. This goes back to a little mantra we have here at Compass, don’t create stuff because you think we want to see it. In some businesses, risk registers are an effective method of addressing business risk but if they don’t work for you, we don’t need to see them.


ISO 9001 does require you to be able to identify risk and opportunities that may affect your customer, products and services. You also need to put in place actions to address these risks and opportunities and this is what you must be able to demonstrate at your audit.


There are many ways you can demonstrate risk-based thinking apart from formal, traditional approaches. This may mean you have a business plan that addresses risks and opportunities, are the directors considering risk and opportunity in board meetings? Are senior management planning the business strategically and assessing what might go wrong and well in the business future operations?


These approaches take a different look at assessing risk and demonstrating risk-based thinking. Considering risk and opportunities and undertaking risk based thinking is intuitive to good business practice. Risk-based thinking is often something that business owners and leaders do inherently on a day to day basis. ISO 9001 has taken this concept and made it integral to maintain your quality management system to drive good business practice.

]]> 0
AS/NZS 5377: The Essentials Sun, 18 Jun 2017 13:30:02 +0000 read more →]]> AS/NZS 5377 is a management system standard developed by the Australian Government Department of the Environment and the New Zealand Ministry of Environment. The intent of the standard is to provide a uniform approach management of e-waste activities, mostly around safety and environmental concerns. AS/NZS 5377 has 5 sections that relate to various “steps” in the e-waste processing progress. Businesses can have multiple sections or just one apply to their business operations. However, there is one section of the standard that is compulsory for all those seeking AS/NZS 5377 E-waste certification Section one, nicknamed here, the head office section


Section 1 outlines the general requirements of the standard that are applicable to all organisations. This section provides a framework for identification of legal and other requirements to manage business functions as well as risks related to safety and environment. This section of the standard requires organisations to consider the following:

  • The requirement to identify relevant legislation and licensing requirements
  • Risk assessment processes and emergency response and identification of training needs
  • Records management and data security


Ensuring requirements for the refurbishment of equipment and disposal to landfill are met. The requirements of this section share element with other ISO management system standards such as ISO 9001 Quality, ISO14001 Environment and AS/NZS4801 safety management systems certification.


This is beneficial to those who are already certified to another ISO standard as these standard share elements around recording and licensing requirements. So good news if you’re already certified (to ISO14001 in particular) then there is a good chance you will have already covered off the majority of the requirements in this section.


There are of course a few requirements unique to AS/NZS 5377 regarding specific compliance. The standard generally is compliant focused, specific and have a narrow breath for interpretation, unlike other management systems certification that are more open and broad in the way an organisation can demonstrate compliance. Everybody has some form of head office, this could be a could be the main site of operations or another site dependent entirely on how each individual business runs its operations.

]]> 0
A guide to ISO14001 Certification: Significant Risk Sun, 11 Jun 2017 13:30:25 +0000 read more →]]> It’s time for the next instalment in our new blog series; Your Guide to ISO140001 Certification. In the last post, we covered how to establish environmental controls and identifying your environmental risks. After going through this processes you should now have a selection of environmental risks with adequate controls in place to address them. From here we move onto the concept of determining if these controls have reduced to risk to an acceptable level.


Have your controls reduced the level of risk down low enough for my business determines that it is acceptable? Well, how do you determine what is acceptable? This should be determined by management. This has been codified in the updated 2015 version of the ISO14001 standard which requires top management’s buy into businesses processes and risk. What management determines as acceptable will vary greatly from business to business and industry. Outside of what management decides is an acceptable risk all that is required is to be addressed by controls is what is legally required.


What is legally required for compliance is also very specific to each individual business and their operations. Make sure that you’ve done the adequate research to ensure what is legally required for your business. This is often location specific e.g. a construction company operating in the city will have different legal requirements to those even operating in rural areas. Business operating across states also need to be mindful of the differences between


Allocating responsibility is also an essential part of the risk assessment process. There needs to a person or teams dependent on the business structure who are responsible for managing the controls around the risk and that the level of risk is maintained as acceptable. Finally, all controls placed around your environmental risks need to be documented. This is one of the few required documents for ISO14001:2015 certification. We’ve seen this done a range of different ways such as using procedures and Job Safety and environmental Analysis (JSA’s), this is particularly useful for those who have or are thinking about safety certification.


]]> 0
ISO9001 & Quality Objectives Sun, 04 Jun 2017 13:30:31 +0000 read more →]]> Creating, establishing and recording quality objectives are an essential requirement of both getting and maintaining your ISO9001 Quality certification. Setting and working towards a set of quality objectives can also have benefits for your business strategy and will help drive continual improvement and growth.

Quality objectives are covered in section 6.2 of ISO9001:2015 Quality management systems standard. Objectives are also a common element to any of the management systems standards. This means that if you are working towards or thinking about adding ISO14001, AS/NZS4801 or ISO27001 later in the game you will be required to create objectives relevant for these standards as well. But when it comes ISO9001, quality objectives are one of the only three key pieces of documented information outside of required records you will be required to have. You are also required to have your quality system scope and policy to be documented along with your quality objectives.


Now here is where “the rubber hits the road.” The key thing is that most people discount the importance of setting clear, realistic and achievable quality objectives when beginning their certification journey. It is a key competent that some our of people even think it is the MOST IMPORTANT part of the standard that unfortunately a lot of people tend to get wrong at the start. If you don’t know where you are going – how on earth are you going to get there? Your quality objectives are your map – your guide to improving your business services or products.Your objectives should be key indicators of your businesses success, growth and goals. If your meeting your quality objectives your business is heading in the right direction. Some people may already have these concepts in place but call their quality objectives something else. They are seen in other forms such as a business vision or KPIs. These are all effective tools to help develop quality objectives, but they need to be measurable, and you need to be able to plan for them effectively. Each quality objective should have actionable components: you need to be able to articulate when something is going to be done, by who and with what resources.


Another important aspect of developing quality objectives is they need to be able to resonate with everyone within the organisation. There is little use having objectives that are relevant to specific roles in the business. If you have multiple operational roles, such as logistics or accounts, the person manning the warehouse is not going to resonate with that general goal to grow the business. This comes down to making your quality objectives realistic for everyone in the organisation to be contributing towards. There is nothing wrong with having general aspirations to grow your business but you also need to have other objectives that are relevant to all aspects of your business.


The key things to take away about quality objectives are;

  • Make sure you’ve got your objectives are written somewhere: It is common for clients to have their on their website as well.
  • Make sure they resonate with each role within your business: there needs to be something there for everyone.
  • Make sure you can measure them.
  • Ensure they are analysed and reviewed – such as during your management review – for more on management review, read the guide here. 
]]> 0
Economic Benefits of ISO14001 Sun, 28 May 2017 13:30:34 +0000 read more →]]> ISO 14001 environmental management system is the international standard for environmental management. The standard ensures effective environmental management systems minimise your environmental impacts, help you meet your obligations, licensing conditions and overall lead to improved environmental performance. Implementing a system compliant to ISO 14001 can bring a wide range of benefits to your business but we’ve picked decided to take a look at the economic benefits of ISO14001 certification can have for your business.


A study of four case histories has shown significant economic benefits have accrued by having an effective environmental management system to ISO14001:

  • One company avoided a $70,000 fine because it could demonstrate to the regulator (through it certified EMS) that their systems and processes ensured they had taken all necessary precautions, and their corrective action processes would minimise future occurrences;
  • Another company reduced its recycling rate by more than 95%, reduced or replaced packaging, introduce lead-free soldering and eliminated halogen from one of its manufacturing process;
  • A walk-through programme initiated under another company’s environmental management system identified ultimate savings of 40% on water treatment costs and has led to an energy monitoring system that has the potential to deliver a savings of over 10% on their substantial energy bill.
  • The implementation of an environmental management system for another company identified a 61% saving of electricity during non-operational times and they now sell a waste that was previously sent to landfill.


In addition to the readily measurable benefits, intangible benefits from improved business efficiency accrue simply because there are clearly defined process and procedures and roles and responsibilities: employees know what to do when, by whom and how to do it properly.If your company has an existing quality management system to ISO9001:2008 or a safety management system to AS/NZS 4801:2001, the logical extension to environmental management is easy.


The similarity of ISO 14001:2004 with the other Standards means that typical ‘system’ elements (such as document and records management, management review and internal audit) already implemented will meet the requirements of the environmental management system, thus providing further efficiency and operational dividends.However, one of the biggest benefits of developing and effectively implementing an environmental management system is the benefit to the environment – through reduced pollution, improved efficiencies reduced waste and improved overall awareness.

]]> 0