From real audits
Audit practice
Reports from real audits and hands-on engagements, anonymised. No client names, no conclusions about anyone. What stays is the method: how you find what really matters on the shop floor, not on the glossy slide.
🇹🇷 Turkey · Metal fabrication
Supplier audit in Turkey, metal fabrication: quality and cybersecurity
A supplier audit at a Turkish metal fabricator, on behalf of the buyer. Focus: quality and information security, audited against ISO 9001, ISO 27001 and the buyer's own requirements.
First the paper, then the people
On the surface everything looks polished. The documented procedures are neatly in place. The honest test only comes when you ask the workers at the machine whether they even know these procedures. I greet people in Turkish. The fact that I get the pronunciation wrong breaks the ice, people laugh, the barrier drops. And then it shows: at the aluminium press nobody knows the procedure the production manager had quickly pulled together from the internet shortly before. The lesson is simple. An audit checks effectiveness, not gloss. Document, interview and observation have to match, otherwise the procedure is just paper.
With the books, the fun stops
I noticed that the final invoices arriving with the delivery looked different from the ones we received by email. In Turkey the E-Fatura is the official, tamper-proof invoice. That very invoice deviated here and there from what we had received. The reason was simple and a real finding: someone had quickly built their own invoice in Excel to get paid faster. With tamper-proof records there is no compromise. The official invoice and what reaches the customer have to be identical.
Takeaway
An audit is only worth something once you look behind the polished facade: talk to the people, cross-check the evidence, get to the bottom of the books.
🏴 Scotland · Plumbing wholesale
Quality complaint in Scotland, plumbing: the gloss that never matched
A quality complaint about the gloss level of drain covers for a specific drain assembly. The gloss kept deviating from the sample we had agreed. So I flew to Scotland and looked at our supplier's supplier on site.
Everyone polished by feel
On site it quickly became clear: every worker did it differently. A different grit of sandpaper each time, a different polishing paste, a different speed. Everyone went by feel. For a high-end product that has to look exactly the same every time, that is the worst case. So I rolled up my sleeves, tried things and brought in my experience. In the end we had a documented, clean process. From then on we never had a problem again.
Why a shop-floor background helped
Had I been a purely academic manager, I would have had no idea what happens at that machine. Instead I knew: we need high speed and fine grit for a high-finish result, and the rework of the covers has to be identical every time. Problem solved. Everyone happy, no more wasted money, no loss of reputation.
Takeaway
Consistent quality comes from a defined, documented process, not from the feel of individuals. And whoever knows the shop floor finds the root cause where it really sits.
🇩🇪 Germany · Software house
ISO 42001 gap analysis & internal audits, software house: from paper policy to a lived system
A software house asked me to run a gap analysis and further internal audits against ISO/IEC 42001. Talking to senior management, it quickly became clear how wide the gap between paper and practice was.
The AI policy came straight out of a language model
The AI policy was not lived at all. It had visibly come straight out of a language model. The management review that had supposedly taken place did not exist in reality either. I spoke confidentially with the leadership and, from my own role as a managing director, conveyed how important it is to really engage with the topic instead of simulating it.
From audit to change management
The leadership was afraid of its own workforce. So my engagement grew to include change management. I held conversations and broke down barriers, always close to practice. Wherever I went, I was welcomed with open arms. "Finally a practitioner among all the dusty suits," was how they greeted me.
Takeaway
After three months the result was in: the workforce was on board, everyone lived the AI policy they had built themselves and wanted to keep developing it. The productivity boost was around 22 percent, projects ran with roughly 18 percent time savings. So more projects than before, handled in a more structured and safer way.
🌍 Gulf region · AI-supported ERP
AI-ERP sparring, Gulf region: hands-on AI practice meets ISO 42001
From the Gulf region came a request for my hands-on expertise on an AI-supported ERP system, the kind I built and rolled out in my own company. We looked at the processes together, including the AI management system under ISO/IEC 42001.
Sparring, not slides
What they wanted was not a consultant with a deck, but someone who had actually built an AI ERP and run it day to day. That is exactly what I could bring: what works, where it gets stuck and which processes to tackle first. First-hand practice instead of a textbook.
ISO 42001 as the common thread
We structured the processes along ISO/IEC 42001 so it became clear how an AI management system is best set up in a German context. That way they got not just the technology, but the governance framework that makes AI reliable and auditable.
Takeaway
International companies want practice, not a textbook. Whoever has built an AI system themselves and also masters ISO/IEC 42001 combines both: AI that works and a governance framework that holds.
Your suppliers in Germany or Europe?
I audit your suppliers and sites on your behalf, against ISO 42001 / 27001 or your own requirements, on site or remote.