By Steven Severt
When it comes to ongoing certification of your quality management system (QMS), whether it’s certified to ISO 9001, ISO 13485, IATF 16949, or AS9100, how many times have you found yourself “preparing for an external audit?”
Picture the scene: You’ve got the dates set on the calendar months in advance for when the certifying body (CB) auditor will be on site. For several weeks, you’ve been communicating in company memos and meetings about the upcoming visit. You’ve started to lay out Gantt charts and action-item lists for things that you need various departments and individuals to check up on and clean up as you inch closer to the arrival day. You’ve developed a carefully curated path to lead the auditor so that they see only the things that you want them to see. You’ve trained personnel in that area on the proper responses to auditor questions. You must make sure that everything appears to be in order when the auditor arrives.
Notice the statement, “Everything appears to be in order.”
ISO 9001:2015 Clause 5.1.1 c) states simply that it’s top management’s responsibility to “…demonstrate leadership and commitment with respect to the quality management system by… ensuring the integration of the quality management system requirements into the organization’s business processes.”
Manager, if you’re going to such great lengths to keep up appearances ahead of a third-party audit, have you truly met the requirement of ensuring that the QMS requirements are integrated into your business processes? Are the requirements of the QMS standard truly representative of how you are conducting business?
Obviously, the answer here is “no.”
With a long career in quality engineering and an active consulting business that offers QMS implementation and auditing, I can attest to the frequency with which this clause in ISO 9001 is glossed over without the organization giving a second thought to how well the standard and its requirements are truly understood and integrated into the business. Companies of all sizes are often going about their daily business activities in one way, then scrambling to understand their QMS requirements ahead of audits to clean things up well enough to appease the auditor on audit day. Or worse, they’re scrambling during the audit itself to keep the auditor’s attention focused on the right areas and people rather than all the known problem areas that will cause them to doubt the QMS requirements have been properly implemented.
If you’ve ever found yourself texting a colleague during the audit to warn that the auditor was heading their way, you may know a bit about what I’m saying.
If any of this is bringing up flashbacks of audit preparations you’ve recently had, you might want to think about whether you have truly met the requirements to integrate QMS requirements into your business practices.
But let’s consider an alternative: Don’t prepare for third-party audits. When your team asks you, as manager, what to do to be ready for the third-party auditor, simply state, “Nothing.”
Instead of preparing months in advance for an external audit, carefully curating paths you want the auditor to see, and training shop-floor personnel on what to say in response to certain questions, start to understand the audit as it is intended to be: a snapshot of your QMS in its current state. Start to see the auditor as they are intended to be: a partner to help you understand areas where your system is weak, or where quality system requirements are not fully implemented so that these items can be improved.
It doesn’t do anyone any good not to have all the cards on the table when the quality system is being assessed. You might pass the audit and gain or retain your certification, but you’re not challenging yourself to improve your QMS and, thus, are not going to truly benefit from the requirements so they can help you improve your business processes.
Manager, if you truly want your QMS to add value to your organization—which a properly implemented QMS inevitably will—then you need to make sure you understand the requirements of the QMS standard that you’re certified or certifying against.
The clauses of popular quality management standards, such as ISO 9001, are built based on decades of defined best practices, and they’re intended to be integrated with one another as well as the business practice. You, as top management, have a requirement to own and support the QMS, and to ensure that it’s truly integrated into your business. Throwing some buzzwords in your quality policy from the documentation template package that you purchased online or were handed from a consultant isn’t going to make you truly compliant to the requirements of ISO 9001.
Even if you can successfully trick an auditor with a superficial QMS implementation and blitz efforts ahead of the audit to put on a good show, doing so will rob you of the opportunities to improve your business processes, customer satisfaction, and the overall increased profitability that would come from truly embracing the precepts outlined in your QMS.
Implementing ISO 9001 or similar standard will add incredible value to your business, but only if you let it.
About the author
Steven Severt, who writes for isoTracker QMS, is a quality management professional with nearly two decades of experience in the automotive and medical device industries. He has extensive experience launching and supporting manufacturing processes to supply automotive OEMs as well as developing, supporting, and auditing quality management systems that adhere to the requirements of ISO 9001, IATF 16949, ISO 13485, and FDA 21 CFR Part 820.