Are voluntary standards really a form of environmental governance?

I have been reading studies, articles and such for years that describe voluntary standard systems (VSS) as a form of environmental governance – and for just as long I have been wondering if that really is the case.

The term ‘governance’ is very broad can include governments (national, state, provincial, county, municipal, etc…) and civil society (businesses, not-for-profits, charities, unions, churches, universities, partnerships, informal collaborations, the girl scouts, etc…).

I am a bit biased, I guess... I think of 'governance' as a role that includes a measure of direct control. This is informed by my experience as a member of several boards of directors and having worked directly for boards. The governance role of a board is focused on setting a direction and making sure that it is the goal of the organization. (Boards also have a budget and legal compliance role but let's put that aside for now.)

Most of the time when we hear the term ‘governance’ we think of a decision-making body that can create and enforce a policy, rule or regulation. As a result, most people do not think of voluntary or optional systems a form of governance because it lacks the capacity to compel compliance.

Since I am not a lawyer, I will skip over any musings on how legislation and regulation come to be; I will just focus on the voluntary side.

Standards are not legislation or regulation (see my earlier post “Conformity vs. Compliance”) although they can be easily confused. 

Voluntary standards are normally developed to codify norms of practice, that is they are designed to create specific outcomes, whether it is a common screw thread for bolts and nuts or how to manage watersheds.

Once they are developed, voluntary standards are either become the common practice or they are ignored. Those that become common practice create a new norm and nuts of a certain size all fit bolts of the same size. (These are the ones that can 'feel' like they are mandatory.) Those that are not adopted, fall by the wayside or sit in limbo until they are needed, if ever. The ‘decision’ is made in the market, and competing standards are used by different players until one is the clear winner. As a result, VHS became the norm despite the obvious superiority of Betamax (I know, I am showing my age now….)

Voluntary standards establish the norm by competition in the market. Winners and losers are not often clear because the winner may be selected for reasons that are not clear at the start.

A new norm, widely accepted may have the effect of regulation because once it becomes the new norm it is hard to use some other option, and have it accepted. Sometimes these other options can arise and disrupt the accepted norm, and then things change.

Well, what does this mean for a new standard system? I would see this as an opportunity to look at competing standards in the past and really understand why some succeeded and some failed. Shelves are full of standards that were rarely used (I should know because I spent lots of time writing some of them). Also, for every successful standard there are many competing ideas that were discarded.

I have my own ideas about why some succeeded and others fail. But that may just have to wait for a future post.


A NOTE: Yes, I agree that some governments adopt standards as regulation, effectively making them law in some jurisdictions. I consider these standards to have become regulations since they then have the force of law – they are no longer voluntary, even thought they were originally developed outside of legislatures and government departments.

"White Label" Standards

A white label product is a product or service produced by one company (the producer) that other companies (the marketers) rebrand to make it appear as if they had made it.  ("White-label product" Wikipedia, 24 January 2018)

In the world of social and environmental certification many have noted a growing frustration by some large brand owners with the use of certification trademarks on their product packaging.

This frustration may be due to one or more issues:

  • loss of packaging 'real estate' to other peoples' logos,
  • having to pay a logo licence fee to display other peoples' logos,
  • fear that using other peoples' logos to assure their customers is also weakening their own brand,
  • frustration that multiple logos may be needed for packaging, sourcing of certain components, treatment of workers, and production aspects such as water use, CO2 emissions, energy consumption, waste management, recycling, etc...

Underneath these issues is the powerful desire by some brand owners for their customers to trust the brand as being responsible across a range of issues. These brand owners want you to see their product and to recognize the brand as providing the assurance that the environment is protected, workers are well treated, and all materials are sourced in the most responsible manner possible. 

It is possible that as the number and complexity of social and environmental standards grows, brands will be looking for ways to 'transfer' the assurance provided by third party certification logos to their own brands. This is important to the brands because they want to have their brand to be all the assurance that customers will want.

This can present a challenge to standards system owners. First, it can mean that all the effort that they have invested in growing their own brand may be diminished or lost altogether. 

Also, it can pose a significant challenge to the viability of a scheme owner. If its logo is its main source of revenue, then the loss of logo revenue may put at jeopardy the viability of the certification itself.

In the end, most brand owners will still need to monitor and evaluate their supply chains and their own production - and third-party certification is a fantastic way to do it. Just because the brand does not want to display your logo does not mean that they want to build their own audit and certification system.

A first step is to understand what the brands that rely on your certification want and need. Paying close attention, really listening and engaging in discussions with brands is crucial. The last thing you want is to be surprised by an announcement that one of the brands using your logo will be dropping it from all its packaging.

Your business model may need to be re-thought – this can include a range of questions such as:

  • How can you continue to finance your operations, keep your standard current and maintain high quality assurance?
  • Can you provide a ‘white-label’ service to brands that want it?
  • How will you address concerns of smaller brands that want to continue using your certification mark?
  • Can you deliver the market change that you are committed to?



Do we develop standards and certification to change the world?

This may seem a bit grandiose, but to some degree it must be true. Social and environmental standards have been driven by individuals and groups that want to save natural ecosystems, preserve endangered species, make the lives of workers and small producers better, make trade fair, save indigenous cultures, protect the oceans, save the forest….well you get the picture.

To create an international standard and go to the trouble of turning it into a global enterprise requires dedication, hard work and a belief that we can make change happen, even reform an entire industry sector.

While this undying belief that we can effect change must be present, it should be tempered with humility.

By humility, I mean a sense that a much as we believe in what we are doing we must also be aware that we may make mistakes. These mistakes can help us to realize that there are better ways to do our work and make the difference we are driven to deliver.

That is, errors CAN help us - but they may not if we do not have the humility to recognize that our system is not flawless and that we can change the way we work.

To be blunt, errors to not happen just because of the failure of others. 

We should be looking at our own work with an eye to seeing our own weakness and failures. More than that, we should be looking to make changes, even hard changes, to better deliver on our objectives.

The Growing Importance of Social and Environmental Certification

NOTE: I am sorry that I have been remiss in maintaining this blog, events over the last year took over my life and demanded attention. I am hopeful that a new normal has been established so that my work-life-chaos balance has stabilized. I will endeavour to post regularly to this blog.


For many years some folks have been predicting the demise of social and environmental certification. The reasons for these predictions are many and include:

  • Market confusion caused by too many schemes;
  • Brand owners resistance to having 3rd party logos on their packaging;
  • Failure of 3rd party certification to solve the worlds problems;
  • High cost of certification for primary producers;
  • Failure of a price premium to support improved performance;
  • Failure of 3rd party schemes to really deal with the weakest players;
  • Large northern companies benefiting over smaller and southern producers;
  • etc....

Yes, social and environmental certification has many issues that need to be addressed and is not (and never has been) the silver bullet that will fix all problems.

But there are benefits.

First let's consider the principle strength of 3td party standards. They function within markets and as a result can only effectively be regulated by goverments using tools that regulate trade.

Why does this matter?  Some national goverments have been taking actions to restrict the ability of civil society players to drive change. These actions have included:

  • Restrictions on civil socitey organization raising funds.
  • Restricions on travel by NGO reseachers.
  • Punative audits by governments of charities they do not like.
  • Austerity budgets by governments that undermine social and environmental progress.
  • Active promotion by goverments of projects that undermine rights of individuals and groups as well as those that subsidize environmentally dangerous industrial practices.
  • Restrictions on travel and investment by academic and business professionals from developing countries.
  • Restrictions on students' travel and study in other countries.
  • etc...

These and other actions are designed to weaken the capacity of civil society to challenge inequity, injustice, environmetal degredation and undermine efforts to increase the capacity of civil society to challenge governments, militaries or the ultra-rich.

What can social and enviromental certification bring to the table?

First of all, because social and environmental certification is a commercial practice, any efforts designed to restrict it by necessity will also apply to all other forms of certification. Most governments (othe than absolute dictatorships) cannot target one company and ignore all others - the rules that apply to one certification system apply to all. A country cannot, for example outlaw MSC or Fairtrade certiifcation, it would have to ban the use of all foreign standards in their country and that would have a massive impact on their ability to trade internationally. 

The same principle applies to the use of trademarks. If a country outlawed the use of the FSC logo on products all other owners of international brands would become nervous about protecting the value of their brands in that country. Again, international trade could be negatively impacted as international brands would likely reduce investment in the offending country. Why would a brand owner invest in a country that has just oulawed the use of a brand logo?

The close integration of social and environmental standards, certification and labelling with business mean that actions to restrict its use by definition stray into regulation of trade, business and industry.

3rd party social and environmental certification is not the panacea that will solve the worlds problems, but it is a useful tool that can support social change by encouraging business to adapt to a market demand for responsible products and services.

As governments retrench and seek to silence dissenting voices, tools that can bypass these efforts are needed. Social and environmental certification is one of those tools.

As a result we will see more reliance on independent standards in international supply chains to meet the growing consumer demand for responsible products and services. 

Using risk as a way to improve assurance

Risk is a wildly misunderstood concept. First of all most people do not understand what is meant by the term 'risk' and secondly many folks think of it as a way to make certification easier for big, rich clients and harder for small, poor ones.

When used properly, neither of these are true.

What is risk?

Risk is the relationship between the impact, and the frequency of a threat; that is the likelihood that the threat will occur and the consequences if it does. I'll try to break it down further....

A threat is a negative event. It is something that can happen and have a negative impact. An asteroid hitting Earth is a threat.

The impact of a threat is what happens when the threat occurs. Space rocks can vary in size from bits of dust to planet size rock and everything in between. The impact of dust, sand and rocks that are smaller than a car is usually nill. A really big rock can be catastrophic (just ask the dinosaurs...)

Frequency is how often the threat occurs. Thousands of bits of stuff from space hits Earth every year and almost all of it burns up before it hits the planet surface. A few survive being incinerated in the atmosphere and hit the surface; they usually do so in the oceans or in places where there are few humans. Once every few million years something really big hits Earth and causes major problems. The last really big one was 65 million years ago.

So in terms of risk, there is a very high chance that the Earth will be hit by stuff from space and an extremely small chance that the impact will disrupt our lives. The risk to my life from space rocks hitting earth is very, very low.

Risk and certification

First of all, let's be really clear; certification is about risk. 

At its most basic, certification is a way to provide assurance that a particular set of specifications are found in a product, service, process or production method. It provides assurance that you are getting what you are paying for - as such it helps to manage the risk that you will receive a product that does not conform to your needs. 

Risk can occur at many levels - within the certification world risk can be found in a number of places, including:

  • the audit and certification process
  • the client who is certified
  • the chain of custody
  • and the certification scheme itself

A well designed certification scheme has identified the threats that may occur at each step and determined which pose significant risks. 

Once the risks are known, the certification scheme should consider each risk and, where practicable, put in place steps to eliminate, mitigate or otherwise manage those risks so that the frequency of occurrence is reduced, the impacts are minimized or both. In some cases a risk can be completely eliminated (but this is rare).

Pitfalls in the process

The biggest problem that can occur in this whole process is bias. Sometimes folks will assume that other people will make mistakes while somehow they themselves are immune to error. Sometimes we will decide before hand where the problems are and completely ignore other areas.

A teacher may decide that the risk of failure by their students are due to the school, the student's families, the school administration, the government but not due to their own failing. A school board may decide the teacher is the biggest risk and that board policy or curriculum is never an issue.

A certification scheme may assume that problems are due to bad auditors or lying clients but never consider that their own standard and certification requirements are vague and unclear.

A note on reputation and risk

One of the fundamentals of business is that a risk to your reputation can be one of the biggest risks that a company can face. The risk that your customers loose trust in you can be devastating to a product line or an entire company.

A consequence of this is that certification schemes must pay close attention to risks to their own reputation; but that is not all. Certification schemes must recognize that all of the players in the system, including the accreditation bodies, certification bodies, certified clients, processors who use certified products, and retailers that sell the final product all are relying on your certification as a way to manage or mitigate risks to their own reputations.

As with other types of risk the certification scheme should identify risks to players at each stage in the value chain and consider how their scheme can best manage or mitigate the risks that their users may face. 

There are many other ways that risk can be used to better manage a certification scheme; but for certification schemes whose currency is assurance, managing the aspects of reputational risk is a significant priority.

Before Certification: Comments on “Beyond Certification” by Scott Poynton

The recent publication “Beyond Certification” by Scott Poynton (Dō Sustainability, Oxford, UK, 2015) has a number of valuable insights; however I think that he starts his analysis in the middle of the story and proposes a solution that almost exactly describes the world before FSC certification.

Before I get to the options that Poynton’s book presents, I will start with the bigger picture – not to be negative but as a way to frame the issues that I think are most important.

Lost in the mist of time

I would like to start way back to the before the 1992 Earth Summit and consider the vast amount of effort that was being invested by a host of organizations in the creation of a global code of conduct to govern the behaviour of trans-national corporations. This code of practice was to be a center piece at the upcoming Earth Summit. The code of practice was being prepared under the auspices of the UN Centre for Trans-National Corporations and would govern the conduct of global operations of major corporations. It was based on a broad definition of sustainability – environmental, social, cultural, and economic. Most of us now have never heard of this effort because it died before Rio.

Prior to the Earth Summit a deal, brokered by the Swiss billionaire Stephan Schmidheiny was reached with the support of major governments and corporations: it was proposed that the code of conduct be taken off the agenda for the Rio Earth Summit. Instead of addressing trans-national corporations in an intergovernmental forum there would be the creation of an international standard for how corporations addressed environmental issues. The result was the creation of the ISO 14000 system, a set of standards and guidance documents that form an ‘environmental management system’ based on the model of the ISO’s 9000 quality management system standard. It is no accident that in 1992, the same year that saw the Earth Summit in Rio, BSI published an environmental management system standard for the UK which became the model for ISO 14000.

To most of the organizations that worked so hard on the code of conduct for transnational corporations, this development was a large step backwards. Rather than having a code of conduct that could be used to hold corporations to account a voluntary management system standard was proposed. This new standard would contain no minimum performance levels, the first approved version of this standard did not even include the requirement that certified companies comply with environmental legislation.

At the same time as the preparation for Rio was growing a global concern with deforestation. Astronomical rates of deforestation were occurring worldwide with growing impacts in the developing world and on indigenous peoples. One response was undertaken by a small group that formed to create a standard to would allow consumers of forest products to purchase those products that were certified to be harvested from well managed forests and would not contribute to deforestation and the destruction of local and indigenous communities. This group grew to launch the Forest Stewardship Council in 1993. It was a new tool that could apply market pressure to forest companies for global practices, even when nations were powerless to do so. It is a tool that has seen success far beyond the expectations of many of the founders.

I see a direct connection between the abdication by governments of the responsibility to set enforceable limits on the behaviour of transnational companies and the efforts to foster the growth of a market tool that could have some of the same effect.

An FSC vision

The goal of the FSC was to create specific, measurable performance requirements that, while adapted to different forest types in different social circumstances would all conform to a global set of principles and criteria. Nowhere in this vision is the flexibility for a company to be certified for meeting only those parts of the standard that it chooses. It’s and all or nothing proposition.

FSC, as with many other global certifications schemes, strives to set a benchmark that is either conformed to, in which case the products could be certified, or not, in which case the products cannot be certified. No one, I would expect even FSC itself, would say that it has succeeded on all counts and in all circumstances. It is important to note that certification is a positive statement; it does not mean that products that are not certified are from badly managed forests. The pedigree of uncertified products is simply unknown.

Poynton’s proposal

Poynton proposes moving beyond certification to a model in which corporation define their values, that is clearly state ‘who we are’ and then implement transparent, transformative and verified steps to bring their actions in line with their values. To me, this sounds very much like the process described in the ISO 14000 system. Companies define their environmental objectives and then put in place a management system to deliver on their own objectives.

In just about every case presented by Poynton, the prompt for companies to begin to enter into this process is as a result of being targeted by a large campaigning NGO. His central case is that of Nestlé after it had been a target of Greenpeace’s campaigning efforts to stop Indonesian deforestation for the production of palm oil. In almost none of the cases presented did a company change course without significant outside pressure.

Somehow this process of companies coming to learn that their values are out of sync with their practices is once again the responsibility of NGOs; not-for-profit organizations and charities funded by individual donors and foundations. It is hard to imagine that there are enough well-funded NGOs with the resources to launch enough campaigns against offending corporations large and small. It is also worth noting that a number of governments including those of Russia, India, Canada, Egypt, and some US states to name a few that are taking or have recently taken legal and regulatory actions against these same NGOs for challenging corporate practices while major corporations file SLAPP suits against these same NGOs for challenging their practices.

Without certification we are back in a world that resembles the 1980s with campaigning NGOs challenging destructive and abusive corporate practices and calling for action by governments that refuse to take responsibility for environmental protection and safeguarding the lives of their citizens.

This situation is exacerbated by WTO rules that only allow on a limited basis for countries to discriminate based on ‘process and production methods’. As a result countries cannot prohibit importation of products that destroy critical habitat of endangered or at risk species, are produced by workers that are exploited or where indigenous cultures are destroyed. Non-governmental standards offer the opportunity for purchasers to select those products that conform to their values and those of their customers.

Options to move beyond the current practice of certification

Notwithstanding my critique of Poynter’s book above, there are a number of things that certification schemes and their supporters can do to better respond to the problems with certification as it occurs now.

These include (but are not limited to):

  • Not offering certification. Some groups who wish to step up their advocacy and directly impact markets think that if certification works for forests or fair trade then it can work for their sector. Sometimes the best methods available include not becoming a certification scheme. This could mean becoming something like a consulting firm or as a partner to existing companies with a role of offering assurance about the products and services being offered.
  • Don’t go it alone. If you do decide to offer certification there is no rule that says you have to do everything by yourself. If all the big schemes now in operation got together and designed chain of custody rules that can apply to forest products, coffee, chocolate, fish, diamonds, clothing, etc. then there is a chance that chain of custody procedures would be more robust. It is not necessary for experts in each sector to develop and run a unique chain of custody scheme. They could do the same for components that are common to multiple schemes such as worker rights, discharge of wastes, use of pesticides and herbicides, etc.
  • Start with the market, not the producers. When looking at how to transform a market, start by ignoring the producers and start with the companies that process, market and retail products that use raw material in one sector. Often primary producers operate at the thinnest margin. They will respond to their customers but not to efforts to get them to change their practices without some benefit to them.
  • Design a way for the poorest performers to improve. In many cases the causes of environmental destruction and socially exploitive practices are because of extreme poverty and complicit governments. If you focus your efforts on the getting improvements from the bottom 20% of an industry sector by working with them you may get more improvement than by certifying the top 20%.
  • Add value. Spend time with creative entrepreneurs in your sector and find methods and approaches that are being used now by really inventive people. Take those practices and bring them to a wider audience to improve performance across an entire sector.
  • Focus on the workers. Business is always telling us that their real value is their workers. What can you bring to improve the lives of the workers that drives greater value for the company while bringing benefits to workers and their families.

Recognize emerging trends. This includes the growth of south-south trade, the explosion of technology that allows information to be gathered by remote sensors, real-time monitoring and humans that carry cell phones in their pockets.

Final thoughts

The use of certification as a means to transform markets is still evolving. While it is important to critique the use of this tool, it is important to understand that we need to consider both the past (why certification became so important) and the future (emerging trends that are shaping our world).



Normative vs. Informative

Certification documentation schemes can contain two types of information; normative and informative. 

Normative elements are those that are prescriptive, that is they are to be followed in order to comply with scheme requirements.

Informative elements are those that are descriptive, that is they are designed to help the reader understand the concepts presented in the normative elements.

Normative elements

Normative elements apply to the organization, or individual to whom they are addressed. For example, normative elements in the standard apply to the certificate holder or applicant for certification. Other normative elements may apply to the certification body, accreditation body or scheme owner.

Normative elements are normally phrased using one of the three terms: shall, should or may.

  • Shall:  indicates a requirement
  • Should: indicated as recommendation
  • May: indicates a permission

All normative elements that are requirements (shall) are to be followed in all cases in order to be in conformity. Elements that are recommended (should) are ones that any organization that wants to be in conformity are encouraged to follow. Finally, elements that grant permission (may) have the option of following if they choose to and if they do then they must follow the requirements as described.

Each of these elements can be a single requirement (i.e. ...all letters shall be written on pink paper) or an entire document (i.e. ...the factory shall conform to ISO 19001).

For the sake of clarity, it is best when all scheme documents use these three keywords. When you mean it as a requirement; say 'shall' and not use other terms such as 'will', 'must' or 'need'. Using these terms consistently means that the reader is not left to figure out what you mean when you say 'the certificate holder will...' --- is that a requirement, an option or a recommendation?

Informative Elements

Informative elements are illustrations, examples or suggestions that explain the meaning and implications of the requirements as well as giving suggestions, examples and case studies on the application of the requirements.

Nothing in the informative elements is or can be mandatory; that includes the accreditation body, the certification body, the certificate holder or the applicant for certification. If guidance is mandatory, that is if it includes a shall, should or may statement, it is not informative, it is normative.

What this means for a scheme

The best certification schemes are clearly written and are easily understood by each user and each type of user. An applicant for certification should be able to understand what is required of them, and by implication what is not required for them to be certified.

One of the best ways to make sure your scheme is easily understood is to use the discipline of writing your requirements as clearly as possible. All users should know what is required and should never be surprised to find that a requirement was not clearly presented to them.

Whenever possible guidance should be provided to help the user understand the implications of your scheme requirements. Informative material should only help the user to understand the thinking behind a requirement or maybe how or why a requirement was set. 

This sounds simple until you try to do it. Clear documentation is only possible when you and everyone involved in designing and writing up the scheme clearly understand and agree on the implications of the requirements.

Guest post by Mike Read: Can you be 100% confident that everything is perfect?

I am happy to add this post from my colleague Mike Read to The Kitbag. Mike and I have worked together on several project and his experience has added much to this work. This post started out as a response to my earlier post "Statistics, sampling and other mysteries of the universe" that I posted on 18 May 2015. Mike can be reached directly through his website:


Can we be 100% confident that everything is perfect? Although we might all like to think so, the answer - especially when it comes to certification - is almost certainly not! Can we check every auditor and every system on every occasion? Are auditors going to check every site, every day? And will they look at everything? Of course not. That would make certification so expensive no one would buy it. There is an inevitable trade-off between cost and certainty.  But how do we get the best value for money, and what is the minimum level of certainty that is acceptable?  And while we’re at it: ‘certainty of what, exactly?’ These questions are vital to the credibility of certification, and what is certified, but the truth is that answers are routinely fudged.

Most systems mix some kind of sampling into their fudge recipes. But before we get to the joys of how to choose a wise sample, there’s another question that is even more rarely asked. Whose opinion matters?


It’s unlikely to be just your certification scheme that bases its reputation on the quality of the assurance you offer.  Maybe a big supermarket or chain of cafés insists that your logo appears on products it sells to ensure its brand retains a good image, and to avoid any nasty surprises and exposés of bad practice. Whether you like it or not, you’re in the business of selling them risk management. And perhaps their customers depend on it too for their own sense of well-being, and would switch to a different supplier if something went wrong.

Maybe you would happily put your logo on products coming from a source where one in 20 of your certification criteria are not being met, if corrective action is in place to remedy any failings. Do you share this tolerance level with your client? Do you know that they find it acceptable? What if they would only accept one in 100? Or maybe you accept that your chain of custody scheme can only ensure that 995 out of every 1,000 labelled products are from properly certified sources, Perhaps your customers expect 999 or even 1,000?

Without knowing your value chain partners’ acceptance of risk as well as their acceptance of cost, how can you properly design your assurance system?  Surely it’s far better to engage them in conversation before something goes wrong, rather than after. But how many schemes are scared of doing so?


And so, now, to sampling. We may be familiar with the idea of sampling giving a certain confidence in the overall result. But when a statistical test provides 95% or 99% ‘confidence’, beware! You need to be sure you can answer ‘confident of what?’ You might be 95% confident that you have identified 100% of non-conformities, or 100% confident that you have identified 95% of non-conformities. Think about it for a moment: these are different things with different potential implications. More realistically you might aim to be 95% confident that you have identified somewhere between 90 and 100% of non-conformities. In other words we need to properly understand the difference between confidence levels and confidence intervals (or limits).

Like any established branch of science, statistics and sampling can be incredibly complicated. Yet almost all of it is based on ‘laboratory conditions’ and ‘probability theory’ and almost none of it works very well in the real world of natural product certification. And in passing, the all-too-familiar ‘square root rule’ has no foundation even in lab conditions, but still hangs around like a bad smell.

Statistics and sampling should only ever be used as guidance rather than direction. This is very much a place for informed common sense.  And be sure you know exactly what you’re trying to find out, as a carefully phrased question is already well on the way to being answered.


An approach being adopted by a number of certification schemes sees sampling based in part on assessment of where problems are most likely to occur. In other words you check more often or more intensely in regions, or products, or with suppliers where a comprehensive and dispassionate risk analysis tells you problems are more likely to arise. This can keep costs down and really strengthen your assurance processes. You might also want to combine this with cyclical sampling, making sure that over a set period as many as possible – or even all – elements of the system are checked. How to do this well is perhaps the subject for another blog. 


Look at the patterns in your own data, perhaps the way, the number and the location of problems that you find out about. This can tell you a lot about how well your assurance system is working and any sampling that you might be doing. But beware those ‘unknown unknowns’. Maybe your data reveals no problems because you’re not looking in the right place at the right time with the right eyes! As Carl Sagan neatly reminded us ‘absence of evidence is not evidence of absence’.


Mike Read Associates would be very happy to help with your risk assessment, risk management, and sampling strategies. So you can deliver assurance that you and your partners’ clients and customers can rely on, and can afford.