By Craig Cochran
Being a third-party auditor is challenging. You walk into somebody else’s company and try to make sense of processes that you may have never seen before. The atmosphere is often tense, and you never have enough time to do the kind of job you’d like to. Then you jump into your car and roar off to the next job. So, third-party auditors can be forgiven for saying dumb things every now and then. Here are my top five dumb things auditors say:
“You need to get a better grasp of ISO 9001 terminology.”
Does anybody in the world think ISO 9001 terminology is simpler than their own wording? If so, I pity the organization that person works for. The organization should use whatever terminology it deems fit, and sometimes this has little connection to the vernacular of ISO 9001. It’s the auditor’s job to adapt to the local terminology, not the other way around. Part of the auditor’s preparation for the audit should include getting up to speed on the organization’s terms, definitions, and vocabulary. The old saw, “When in Rome, do as the Romans do,” applies very well to the audit process.
“Six months is way too long for any corrective action to remain open.”
Ideally, corrective actions are opened, investigated, acted on, and closed as quickly as possible. There’s no benefit to stretching out the process. Implement the improvement and move on to the next opportunity. In the real world, however, corrective actions can take a lot longer. Depending on the nature of the improvement, the corrective action could involve construction, acquisition of capital equipment, culture change, or development of new processes and products. In all of these cases, it could take many months to fully implement the action. The corrective action remains open during this time, but the organization updates the status and can demonstrate forward progress. You have to consider the nature of the corrective action when you evaluate how long it’s been open.
“I won’t write you up this time, but if the issue isn’t fixed by the next audit, I’ll write a major nonconformity.”
This suggests that auditors are godlike creatures who can ignore or escalate issues at their whim. That’s not really the way an audit works, though. An audit is a factual and balanced evaluation of the organization. Failing to identify nonconformities helps nobody. The auditor should simply report what he or she finds—positive or negative. If the finding happens to be a nonconformity, it should be used as an opportunity to improve the process not as a police citation that can be avoided if you promise to do better.
“If you fix these nonconformities before the closing meeting, I won’t put them in the audit report.”
How effective are fixes that are implemented in a hurry? Not very. In fact, they tend to be very narrow and superficial actions that are mainly focused on problem symptoms. When auditors say they won’t make an issue an official nonconformity if you “fix” it in a hurry, they’re really just encouraging the worst kind of corrective action: the Band-Aid. When taking corrective action on audit findings, organizations should take a step backward and take a fresh look at the process. Part of this is identifying the full range of possible causes that exist throughout the process—from start to finish—and thinking about where else the nonconformity might exist. This is impossible to do in a rush before the closing audit meeting.
“You should separate your ISO 9001 management review from your leadership team meeting. It’s hard for me to see the required inputs and outputs in these records.”
In other words, you should do everything possible to make it easier to audit. Never mind what makes sense for your own organization. The cruel reality of auditing is that it’s challenging. Auditors have to seek out the evidence and ask the right questions, and facts are rarely served up in neat little packages. In cases where the audit evidence is pre-packaged for the convenience of the auditor, it should be suspected as possibly manufactured. Organizations must design their quality management systems in a way that helps them improve. Yes, you may have to eventually pass an audit, but that’s not the primary objective, despite the way everybody acts. A good auditor will see much more virtue in a system that drives long-term improvement versus a system that’s just easy to audit.
About the Author
Craig Cochran is the North Metro Regional Manager with Georgia Tech’s Economic Development Institute. He has an MBA from the University of Tennessee and a bachelor’s degree in industrial management from the Georgia Institute of Technology. Cochran is a Certified Quality Manager, Certified Quality Engineer, and Certified Quality Auditor through the American Society for Quality. He is certified as a QMS Lead Auditor through Exemplar Global.
He is the author of numerous books, including the newly released ISO 9001:2015 in Plain English, published by Paton Professional.
Nicely written article. I feel it would be of value to any auditor who is tempted to say any of these things to think along the line of turning Craig’s response into part of your statement, e.g. “You could fix these nonconformities before the closing meeting, and I won’t put them in the audit report; however these fixes may not be effective; and by raising this issue as a corrective action it will give your business the opportunity to have a fresh look at the requirements and systems you have in place and develop and implement some more workable improvements.”
Has worked well in the past and the client sees the value in conducting an investigation, not the penalty of a corrective action.
Having been on the receiving end of some of these quick fix offers I know how tempting it can be to act on them and have the issue hidden from those higher up the chain. As you say a quick fix doesn’t necessarily fix the problem only the symptom. As an auditee I always viewed an audit as an opportunity for improvement now as an auditor I view the audit as my opportunity to add value to my clients business – I can truthfully say that to date I have never offered a quick fix opportunity in exchange for a non mention in my report.
I agree with your comment Gwendoline and would like to add that the rules for some standards (e.g. TS16949) specifically prohibit the closure of any such nonconformities during the audit. This is to ensure that a proper root cause is conducted. But a further reason I have found is that the company, in its haste to show you their corrective action, are taking time out from your audit schedule and compromising your audit of other processes.
Here’s another dumb line: ” The audit adds value to your business”, now a tag line for some certification body. Having being on two sides of the fence (auditee and auditor), I would cringe when an auditor spout this type of nonsense. Let’s take stock of things. How could any one add value when the audit is once or twice a year.? Isn’t “adding value” equals some sort of advisory equals consulting?
Good article. indeed, these are real dumb things very often stated by auditors in a cert or surveillance audits. Normally, when it occurs main purposes of a third auditing process is lost. I mean audit is performed just to merely comply with a protocol that does not provide value proposition to the audited Organization. Audits ought be focused on real findings and if a non compliance is there; it has to be recorded as it is and leave the alternative to Organization players to address it up by performing a real root cause analysis as well as pertinent countermeasures to be implemented and follow up it effectiveness and deploy them if needed.
In response to Robin K’s comment regarding adding value, if an audit does not add value, then why are we doing them? It is only an exercise in confirming conformance to the Standard? As companies tighten their belts and customers no longer “require” a vendor to be certified, we need to be sure our clients are receiving more than just a checklist review or confirmation they meet the Standard. If we don’t, it will be increasingly difficult to convince senior management that the external assessment process helps to improve business processes, and thereby improve business perfomance
I fully agree to Michael’s comment, it is an Interesting topic when talking about the value added, in the past, once a new organisation work hard to be certified for the first time, it seem like getting the management system installed in meeting the requirement is a great achievement, and it need knowledgeable and experience auditor’s input to verify and pinpoint the non-conformance, and improvement was like a value added to achieve a change of culture to team work and way of problem solving. Now we are in the globalization competitive environment, the context of the organisation and the internal and external issues of the organisation become more critical by looking into the competitive advantage both in local market and export market. So auditor must also go through a process of upgrading the knowledge and get expose to the business environment and get ready to meet the changing world.