By Andy Nichols
The last three decades have seen a paradigm shift in the responsibilities for third-party auditors, from a focus on compliance to organizational governance.
In the early 1990s when ISO 9001 and third-party certification came to the UK marketplace, organizations were required to develop and implement their quality management system. This included a quality manual, documented procedures, and work instructions to complete it. Considered as a set of “design inputs” to the quality management system, the ISO requirements were a “one size fits all” solution for meeting multiple supplier quality manuals.
As a result, life as a certification body auditor was straightforward. First, the auditor verified that the organization’s quality management system complied with the ISO requirements and then, if everything looked in order, planned the audit of the implementation at the organization’s premises. This simple compliance approach to audits led to the rise of the expression that ISO 9001 certification was simply a case of, “say what you do; do what you say.”
To ensure that certification body auditors were competent to perform these audits, securing the professional qualification as a lead assessor was often a prerequisite. The qualification involved meeting education and work experience requirements, as well as attending a weeklong training course and passing an extensive written examination. Training providers were accredited through the International Register of Certificated Auditors (IRCA).
Changes to the auditing landscape
As the ISO 9001 standard has developed with market input—often under the influence of the automotive, aerospace, and medical device industries—the auditor’s role has experienced a paradigm shift from assessing (customer) quality assurance towards organizational quality management and, with the advent of ISO 9001:2015, alignment to the organization’s business operations, including strategic planning.
With the inclusion of industry-specific quality tools and an emphasis placed on the “flow down” of customer-specific requirements, the landscape of auditing looks less and less like it did in the early ’90s.
Indeed, as demands on the certification auditor increase, it might be seen that the auditor is now required to be less like an independent third party and more like a supplier quality assurance (SQA), with knowledge of specific customer requirements.
For example, data published by Recall Masters indicates that more than 47.2 million vehicles “were accounted for in recalls, mandated by the National Highway Traffic Safety Administration (NHTSA)” in the United States for the 2018 calendar year. This was at a time when third-party certification to ISO/TS 16949 requirements (ISO 9001 with automotive supplier additions) should have drastically reduced these in-field failures, increasing the burden on the certification auditor to check compliance for all related requirements.
It’s widely recognized that training alone doesn’t make someone competent to perform their work. Lead assessor courses that are currently available may be a foundation to address the basics of auditing, but can they truly address the required competencies of all the quality tools and techniques needed for auditors?
In 2019, we celebrated the journey of the quality profession from being an inspection profession to one that now manages business process effectiveness, including customer requirements and regulatory compliance. During the past 30 years, we’ve seen the increasing burden on auditors to “inspect” quality systems implementation against a set of design input requirements (ISO, et. al.). Are we seeing the undoing of 100 years of progress?
Lead assessor training/competencies should be a more extensive, even-phased approach to address the need for not only auditing practices, but also quality tools and business governance. It cannot simply be left to continual professional development (CPD) to keep auditor competencies current.
About the author
Andy Nichols is the quality program manager at the Michigan Manufacturing Technology Center.
This article first appeared on Jan. 31, 2020 on the CQI/IRCA website and is published here with permission.