by Denise Robitaille
It was the great W. Edwards Deming who first applied this tenet, “Drive out fear,” to quality management in his book Out of the Crisis (Massachusetts Institute of Technology, 1982). It’s one of his 14 Points for Management. Fear-driven systems cripple an organization’s ability to innovate, respond to change, deal with risk, and manage problems. People who are afraid of failure, retribution, punitive action, and job loss are reluctant to offer suggestions, try new techniques, speak up about risks, or admit errors. A company that fosters a culture of fear disables its employees’ ability to contribute to the long-term sustainable success of the business.
Let’s look at how fear drives some of the negative baggage surrounding auditing and how vanquishing this fear will allow us to experience more genuine benefit from this much maligned process.
We can start by examining the textbook definition of “audit” found in ISO 19011: “…systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled.” No mention of consequences for evil-doers and no suggestion of punitive action, not even a passing mention of findings of nonconformance. Auditing is about evaluating a system against defined criteria. What happens after the audit is up to us.
Now let’s consider the players: There are the auditees, the client (usually the management group of the organization), and the auditors. The auditees are the people who respond to the auditors questions. These individuals are afraid of auditors. It doesn’t matter if it’s a first-, second-, or third-party audit. Auditees don’t want to be the cause of a nonconformance. They don’t want to get dinged. They will go to great lengths to avoid the dreaded nonconformance. They will try to cast situations in the most favorable light; they’ll conceal problems; they might even lie. Because despite the fact that we say that it’s about finding opportunities to improve, our tone and our manner often suggest otherwise.
How far-reaching can the consequences of this kind of culture be? Several years ago, one of my clients went through an ISO 9001 implementation and certification process. During the course of the audit, one minor nonconformance was cited. The individual who had responsibility for the area where the nonconformance was discovered was devastated. In his mind, he was being blamed for the only mar on an otherwise perfect audit. He perceived the corrective action request that he was given as his punishment for having caused the nonconformance.
To alleviate his distress I explained to him that he had received the request because he was the person best qualified to address the problem and help fix it. The company was asking him for his assistance. To this he replied, “All right, then I will tell you the truth.” Up until that moment he was afraid of the consequences if it was learned that he’d modified machine settings—with the very laudable goal of increasing throughput, thereby increasing efficiency. He hadn’t considered the effect on the next process and he hadn’t told anyone what he had done. But, he’d had a very good idea.
Without encouragement three things would have happened:
- The problem would have persisted.
- We would’ve never gotten to the root cause because he would have done everything he could to conceal his culpability out of fear of losing his job.
- He would have stopped thinking of ways to improve his process.
It’s not just about morale or having a feel-good environment in which to work. It’s directly relevant to an organization’s ability to investigate problems thoroughly, to uncover the information that will allow it to improve, and to elicit innovative ideas from its workforce.
Of course, this is just a reflection of the fear that’s been impressed upon them by top management. Look at their attitude toward certification bodies (also known as registrars). I’ve observed audits where the auditor was wrong; and I told my client that he should challenge the finding. “Oh, no. We don’t want to upset the auditor. We don’t want to get dinged with any majors or minors.” This fear is communicated down to the rest of the organization.
This takes us to the second group of terrified players in the audit process: the managers.
We’ve all heard the expression from managers and supervisors about their desire for a “clean” audit. It usually refers to a registrar’s surveillance audit or some other third-party assessment, but it’s often applied to internal audits as well. A few days prior to the visit, managers gather the troops, give a pre-game pep talk, and end with a rousing exhortation to have a clean audit.
There’s little time spent telling people to be honest with the auditors. We don’t hear: “Don’t worry about this. Audits help us find problems that need to be fixed and opportunities to improve. Whatever the auditors find should help us to get better.” To the contrary, I’ve seen organizations who have set a quality objective of “zero audit findings.” There’s no such thing as a consistently perfect organization. If there are no audit findings over the course of several audits, the auditors aren’t doing their jobs and/or the auditees are hiding things.
Richard Bach wrote, “There is no such thing as a problem without a gift for you in its hands. You seek problems because you need their gifts.” How interesting it would be if we accepted audit findings in the same spirit. But this can’t happen if we are hiding things to ensure we have a “clean audit.”
If there are clean audits, is it also possible to have “dirty audits”? And, if so, what would characterize such audits? Would the auditors make a mess of the calibration area? Would there be disorganized files strewn across the sales manager’s desk? Would the production floor be awash in blood? Would the audit report be peppered with slanderous accusations, profane language, and naughty illustrations? Or, even more horrible, would the audit report include the dreaded and vile nonconformity?
Based on the reaction a nonconformity generally generates, you’d almost expect a dictionary definition to read something like this: “An event of putrefying and soul-sucking proportion, purported to end careers and cause ISO 9001 certificates to spontaneously combust.”
What is it with people and nonconformances? Bosses look upon them as a personal indictment of their managerial competence, the president of the company views them as some kind of barometer of organizational stability, and individuals perceive them as the report card from hell that will get them fired. Nonconformances are just observations that things aren’t being done the way they should and that there’s a risk to the organization if there’s no action taken to change the situation.
Let’s recap just what it means to receive an audit report that includes a finding of nonconformity—even a major nonconformity.
The auditor has identified that there has been the “nonfulfillment of a requirement.” That’s the definition of a nonconformity as found in ISO 9000:2005 Quality management systems—Fundamentals and vocabulary. Either a product was not made in conformance to specifications or some other requirement has not been met. For example, it may be that a procedure states that appointments for auto glass replacement must be confirmed between 8:00 a.m. and 8:30 a.m. on the day of the technician’s visit. The auditor observed that the customer service representative was doing the confirmation calls in the late afternoon on the day prior to the appointment. There’s obviously a nonconformance. However, it may be that the company figured out that confirming the appointment the day before made a lot more sense and modified the process without revising the documented procedure.
The genuine concern here, and the real reason that this should be addressed, is that the organization must ensure that individuals aren’t changing processes without revising the corresponding documentation. It’s a bad habit that can lead to a proliferation of uncontrolled documents and processes. Eventually, no one knows what the right thing is supposed to be and mistakes are inevitable—some with more dire consequences than a missed appointment.
Errors and degradations in process control evolve over time. They mostly result from change. Individuals retire, get promoted, or leave. Their replacements aren’t as knowledgeable in the details of the process, and the older documentation isn’t very helpful. Customers’ requirements change. What used to be acceptable is now rejected because they’ve tightened up dimensional tolerances or some other product attributes. New equipment is purchased that eliminates the need for tedious steps that had been laboriously described in wordy work instructions that never got updated. Tooling wears. Then, there are the actual cases where someone simply failed to do the right thing. There was an operator error.
In so many instances things change and we’re just not paying attention. So, isn’t it a great idea to have audits that catch process nonconformities before they result in product defects? Isn’t it more advantageous to address problems before they become catastrophes?
Upon being “dinged”—another questionable expression that has crept into our quality management system (QMS) lexicon—with a nonconformity, we proceed to investigate the root cause and figure out how to address it. We revise the process, fix the documents, do some training, and end up with an improved practice and a more enlightened workforce. Overall, not a bad outcome from a process steeped in fear and loathing—a process that is supposed to be objective, nonconfrontational, and intended to drive improvement.
The final players in this process are the auditors. They fear alienation from co-workers, aggravation from the boss who wanted a “clean audit,” and, in the case of third-party assessments, the fear that too many findings will result in an unhappy registrar who, in turn, fears losing a paying client to a more lenient certification body.
The certification bodies are afraid of losing clients; organizations are afraid of getting nonconformances; bosses are afraid of poor performance ratings; auditors are afraid of getting fired; and the person on the manufacturing floor just wants to run for cover. This is almost laughable.
The result of a fear-laden audit process is that we end up devaluing a key component of our organization’s QMS. Internal audits provide the information that drives the improvements that perpetuate an organization’s ability to continue to serve its customers. Supplier audits strengthen the supply chain. For third-party audits (such as an ISO 9001 certification audit), the audits provide objective assessments that increase customers’ confidence in the suppliers’ ability to meet their needs. Fear actually imperils the integrity of the conformity assessment industry. This is unfortunate because in this global economy that loss of integrity reflects poorly on the organizations that have implemented and are maintaining an internationally recognized effective QMS. A robust audit program is a very desirable thing.
The other factor that feeds the fear permeating the audit process is our attitude toward evidence—the fodder of detective stories, the bane of criminals, the undoing of fiends. From Sherlock Holmes to Perry Mason, evidence lights the fuse for the climactic “Aha!” that illuminates the denouement where all is finally revealed. The current offering of criminal investigation shows perpetuate the image of dogged investigators chasing down the clues that will lead to the eventual arrest of the villain.
Evidence is the stuff in “whodunits” that proves the bad guy did it. In our judicial system the burden of proof is on the prosecution. Evidence is more commonly associated with indictment of the guilty party rather than exoneration of the innocent, despite the obvious fact that it can be used to substantiate either. Is it any wonder that auditees ascribe such a negative connotation to the whole concept of evidence gathering? Or that they cringe at the mere arrival of the dreaded auditor? It’s not very often you’ll hear an individual say, “I’m dying for the auditor to show up so I can show her all the cool things we’re doing.”
Joe Friday, the poker-faced gumshoe from “Dragnet,” was probably the only character who got it right: “Just the facts, ma’am.” In that one simple sentence he conveyed the essence of evidence gathering. It’s about assembling a selection of facts—generally found in records—in order to find out about something. In the case of an audit, it’s to find out if the defined requirements have been met.
Auditors bandy the term “evidence” about a lot. They need evidence to substantiate their conclusion as to the organization’s conformance to requirements. Unfortunately, when auditors are asked why they need the evidence, their demeanor supports the auditees’ impressions that the auditors are looking to see if the auditees are screwing up. Auditors are perceived as being in fault-finding mode instead of fact-finding mode.
Too many auditors have a “Aha! gotcha!” attitude when they find a nonconformance. It’s important to remain objective and unperturbed. The conversation with the auditee should basically convey, “This is the documented requirement and this is the record; they don’t match.” No accusatory tone; no suggestion of wrongdoing. The input and the output don’t match. Period.
Auditors don’t do a particularly stellar job of pointing out all the bits of evidence that are harbingers of good news. Audit reports are skewed toward the findings of nonconformity and the opportunities for improvement (which are really articulations of perceived risk that should be addressed before something does go wrong). Auditors don’t spend nearly as much ink—or bytes—on the positive stuff. They aren’t as diligent in mentioning the processes that have improved since the last audit, the goals that have been achieved, the decrease in errors, the success stories coming out of a well-implemented corrective action. What the auditee hears in the closing meeting is a litany of everything bad, with only the sparsest of nods to any positive observations. Even if the audit report does convey laudatory comments for improvements and innovations, the kind words rarely reach the individuals who trembled through their audit interviews.
Auditors begin with the somewhat adversarial premise that until something is proven to be compliant, there is no justification to presume that it is indeed compliant. That’s the “show me” approach. The opposite tactic would have the auditor presuming that everything is great until evidence is presented to the contrary. That approach carries its own risk. Auditors make reasonable conclusions based upon assessment of an adequate sampling of evidence. Failing to find fault does not necessarily mean that everything is perfect.
And, lack of evidence is not always indicative of noncompliance. In a recent “Nova” episode on PBS a physicist was talking about a new and as yet unproven hypothesis about the nature and origin of our universe. He said, “You can choose to believe whatever you wish, because we haven’t yet been able to prove these things.” Sometimes there just isn’t any evidence available at the time of the audit. If the company has a robust process for controlling customer-owned property, but there doesn’t happen to be any in the plant on the day of the audit, it doesn’t mean that—in the absence of evidence—the process is uncontrolled. Documentation presented and anecdotal evidence of what would happen if there was customer property to be handled is all that the auditor has to go on. Without further proof the only conclusion based on what’s available is that the established process provides adequate control to handle the contingency.
Which brings us back to Joe Friday. Auditors should begin with a clean slate—no presumptions. “Just the facts.” And, then see where the trail of evidence leads.
Auditors probably can’t completely alleviate auditee fears when they hear the word evidence, but auditors should try to communicate the fact that evidence, in and of itself, is neither positive nor negative. Until it is assessed against requirements and in consideration of application, a piece of evidence is just a factoid. It’s simply a vehicle to get us where we need to go—an objective and meaningful audit report. And, it’s definitely not about finding the bad guy.
What can we do to dispel fear around auditing?
- Management must communicate that audits are welcome opportunities to improve the organization.
- The organization needs to stop using zero findings as a meaningful quality objective.
- Management must ensure that no punitive action is taken for audit findings.
- Auditees must be encouraged to be truthful, open, and thorough with auditors.
- Auditors need to subdue the negative body language and tone around evidence and findings of nonconformance.
- Everybody needs to relax.
About the author
Denise Robitaille is a member of the U.S. TAG to ISO/TC 176, the committee responsible for updating the ISO 9000 family of standards. She is committed to making your quality system meaningful. Through training, Robitaille helps you turn audits, corrective actions, management reviews, and processes of implementing ISO 9001 into value-added features of your company. She’s an Exemplar Global-certified lead assessor, ASQ-certified quality auditor, and ASQ Fellow. She’s the author of numerous articles and several books, including The Corrective Action Handbook, The Preventive Action Handbook, and her latest book, 9 Keys to Successful Audits, all published by Paton Professional.