ISO 9001:2015 – The Great Leap Forward for Auditors

Peter Holtmann
Peter Holtmann, CEO of Exemplar Global, discusses how the changes to ISO 9001:2015 will affect auditors.

by Peter Holtmann

A change in the design and thinking in ISO 9001:2015 brings new challenges for auditors to apply their competencies to the accomplishment of audits. The change also brings great opportunity.

ISO 9001:2015 is being hailed as the best thing since sliced bread. The changes to ISO 9001:2015 from ISO 9001:2008 incorporate input from manufacturers and service providers, change the focus to customers, and help organizations to use the process approach to achieve outcomes. These are great advances in standardization and, when combined with risk practices, should drive consistent outcomes with a greater confidence that the customer will be satisfied or even delighted.

If you have the opportunity to read the current ISO 9001:2015 DIS, you will see that the clauses are less prescriptive and require the user to engage the process approach to implement the standard.

Moving away from a prescriptive approach to process approach requires new thinking on how to audit. The mere use of checklists aligned with a set of standard clauses will no longer work as auditing moves toward interviewing techniques rather than review of records, corrective action data, and policy. The writers of the ISO 9001:2015 standard are envisioning that audits will take place through a series of in-depth discussions and analyses against risk to determine whether customers will receive their expected outputs or services.

For an auditor, the types of skills required now move toward interviewing techniques—similar to investigators. It’s more about digging into the reasoning for the application of a process, rather than the demonstration of the process. For an audit team leader, focusing on team selection against process may mean more members to follow individual processes to completion rather than selecting clauses for auditing.

As an auditor credentialing body, Exemplar Global looks at these changes to competencies and compares them to the current auditor references, experiences, and training and see a yawning gap. This means what has been asked for in the past has not focused on collection of experiences or training in negotiation, interviewing, interpersonal communication, presentation, or influencing attributes. To retrospectively apply the current auditor profile to the 2015 requirements would simply not work.

Another complication arises when we consider that the standard asks for competence in risk-based approaches and thinking but deliberately does not reference ISO 31000. This means the implementer and auditor alike need to identify concepts, tools, or methods for risk. It’s no surprise that there is more than one approach to risk management.

In my experience, most audit professionals have had no formal training in risk management or professional development in risk management as part of their credential renewals. This isn’t to say that it hasn’t happened—it’s just that the evidence collected does not sufficiently provide confidence that the audit population can handle this new requirement.

This is not an auditor’s plight alone. At a recent Independent Association of Accredited Registrars (IAAR) meeting, the hot topic was, “How do we use this thing?” It seems that some of the ISO 9001:2008 requirements around process and customer focus never made it to market in a consistent manner for much the same reasons as is being identified in ISO 9001:2015. It’s a matter of resources versus time. The customer demands the upgrade to the new standard even before it is released; the registrar tries to meet the demand and changes its audit process to accommodate the customer but the auditors only receive minimal training. Even more complex is the fact that 65 percent of auditors are now contracted to more than one registrar, so they receive piecemeal training from a number of sources and against any number of outcomes.

If we applied ISO 9001:2015 to our own industry, we could say we are in nonconformance to delivering a service outcome with the customer in mind. We’ve had little evaluation of the risks this incomplete and inconsistent approach to the standard presents to the customer.

Help is at hand! A movement has begun and the auditing profession is uniting. IAAR has reached an accord to create a single upgrade training and assessment on the knowledge of the new standard. The training will focus on the significant changes to the standard and highlight key examples or approaches to matters such as process approach, risk-based thinking, customer focus, interested parties, outcomes, and the integration of clauses. I’m sure I don’t need to point out what a significant occasion this is. The fact that there will be a single source available for auditors, managers, contractors, trainers, staff, and any person working with ISO 9001 is exciting and adds significant value to the profession. I have to point out that the training and assessment is only on knowledge of the standard—not on how to audit it. As a colleague recently described it to me, it addresses auditor competency (knowledge of process) versus audit competency (the auditing of the knowledge or the process of auditing).

This product should be available in early January 2015 (before the FDIS is due, which should be July).

What if the FDIS is changed considerably from the DIS version of ISO 9001:2015? There will be an upgrade package that can be used. At this point in time, no extra assessment is anticipated.

This offering will satisfy the requirements of numerous parties including accreditation but it does not mean that no further in-house training with registrars on how to audit will be required. I would imagine that registrars will build their competitive advantages into this training.

Why is this standard such a good thing for our industry? I believe it allows us to move away from checklists. The “Tick’n’Flick” audit perception should be a thing of the past. Customers should be expecting a more meaningful experience onsite where auditors can help identify process improvements and sharpen the auditee’s focus on customer-driven needs.

This revised standard will also provides numerous opportunities for auditors to upgrade their communication and negotiating skills and develop a wide array of investigatory techniques used in other professions. This will be disruptive innovation for our industry, and it should be the platform to demonstrate to customers the professional qualities of our personnel.

This approach from ISO is not going away and is not limited to ISO 9001:2015. We will see this type of standard roll out shortly with a host of current and newly created standards.

Interested in staying in touch with the roll out of the ISO 9001:2015 training and assessment? Subscribe to Exemplar Global’s College email list at

About the author

Peter Holtmann is president and CEO of Exemplar Global (formerly RABQSA International Inc.) and has more than 10 years of experience in the service and manufacturing industries. He received his bachelor’s degree in chemistry from the University of Western Sydney in Australia and has worked in industrial chemicals, surface products, environmental testing, pharmaceutical, and nutritional products. Holtmann has served on various international committees for the National Food Processors Association in the United States and on the Safe Quality Foods auditor certification review board.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.