Kym Jaeger is the director of Quality in Focus Pty Ltd. and a subcontract auditor to certification bodies.
Prior to his current role, Jaeger spent nine years with SAI Global, auditing for standards and programs including ISO 9001, ISO 20252, Commonwealth Disability Standards (Victoria, NSW, and Queensland), Commonwealth Advocacy standards, ESIS, and NDIS. He is certified Exemplar Global ISO 9001 lead auditor.
In this conversation, we discuss the evolution of ISO 9001, how people find their way to management system auditing, and the important distinction between compliance and continuous improvement.
EXEMPLAR GLOBAL: It’s always nice to start at the beginning, so why don’t you tell us a bit about your career and how you got into auditing management systems.
KYM JAEGER: I worked in the railway industry in Australia for nearly 30 years. The company that I worked for had been funded by the federal government in Australia before it was shut down. At that point, they paid for me to go and do a Technical and Further Education (TAFE) course. In Australia, you have the option of either doing a course at university or through TAFE. I picked quality management for my area of study. This was in 1995 and at the time, I hadn’t really heard the term ‘quality management’ before. I went and did the course, which went on for about six weeks. It must have been serendipity because a week after I finished the course, the certification body QAS called for an auditor with an accounting background. I applied for it and that’s where in all started.
EG: You mention that you hadn’t encountered the term ‘quality assurance’ prior to that—so is it fair to say that quality assurance was kind of a foreign concept to you at the time?
KJ: I wouldn’t say it was foreign. I worked with the railways in senior administration for a lot of years, and we did quality stuff, but it wasn’t called ‘quality management.’ But with my experience I understood the concepts very well when I moved into it, and it was easy to pick it up.
EG: Had you participated in an audit as an auditee until that time? Had you seen audits being done?
KJ: Not until 1995, no.
EG: The first version of ISO 9001 began not that long before, in 1987.
KJ: That’s correct, and when I first started with QAS, the 1987 version was just being phased out and the 1994 version was being phased in. I’ve been doing this work ever since—I did 18 years for QAS. I don’t work for them anymore, I subcontract. Meanwhile, my wife and I mainly work for organizations that have management systems to support disability functions in Australia. I’m 73 and I’m still doing it.
EG: That’s wonderful. You’ve spent about half of your career in the quality space. What have you seen that’s changed in that time? Have those changes been for good or ill?
KJ: I believe in systemic audits, which is what quality management is all about, but with the government getting involved in a lot of programs in Australia, most have become compliance auditors. I don’t believe that auditing quality management is purely compliance. Compliance is a factor in it, but it’s not just compliance—it’s systems and processes.
EG: When I hear you use the term, ‘compliance auditors,’ to me that’s analogous to being a policeman. No one gets into this career to be a cop (or at least, they shouldn’t). You want to try to encourage success, not just a rap somebody over the knuckles with a ruler.
KJ: Well, of course we’re strongly encouraged not to be cops.
EG: Yet there are still a lot of people out there who look at auditing as a check box function from the perspective purely of compliance, and that’s leaving a lot of improvement on the table.
KJ: Oh, I totally agree with you. I believe in systems and processes and risk management… all of that stuff that’s in the first part of ISO 9001. I haven’t done an ISO 9001 audit for about 12 months, but the audits that I do perform are all about systems and processes. That’s what quality is all about, and compliance is just an outcome.
EG: It seems that ISO wants to integrate a lot of these concepts through the high-level structure, which reinforces the idea that these standards are intended to function in a similar way and work together systematically throughout the organization, rather than within separate silos of functions and processes. Do you think that the high-level structure was a positive step forward?
KJ: Yes, I do. I’ve read the high-level structure, and for me, it’s just part of my psyche. It’s inherent in what I know and what I do. I wouldn’t necessarily like to call it a paradigm but that’s basically what it is.
EG: I know that you have read with great attention Peter Senge’s work that primary looks at organizations as systems that have inputs and outputs that need to flow across the enterprise. That’s a very different perspective that you’ll get from many auditors, much less auditees, who tend to be quite parochial in their outlook.
KJ: As I mentioned, my wife and I work primarily now in the disability sector. One of the large companies in that space is called Wise Employment. I work very well with them, and their quality manager is very much into systems, processes, and risk management. Their system is just growing out of all proportion because it’s moved forward. But with those that are just involved with compliance, they tend to stay in the same place. The auditor just puts a tick sign down on a piece of paper and says that everything’s fine. But no, that’s not what it’s about. That doesn’t encourage improvement.
EG: It shouldn’t be a bureaucratic endeavor. Quality is the pursuit of excellence in the organization, not checking a box as you mention. It really should be about looking objectively at the entire system and making sure those working in the organization understand the big picture, especially in the hand-offs between processes or departments. That’s where quality really lives or dies.
KJ: I agree with that completely. I see quality as on the outcome of a good management system.
EG: It seems that not many auditors are that familiar with Senge’s work. How did you encounter his writings?
KJ: I first came across Senge before I got into training in ISO standards. Quality management was part of what the railway system I worked for was involved in, of course, because there’s a lot of parts of a railway system that must be improved. We were doing this process without calling it quality management.
‘Quality management’ put a name to the process that you did to make sure that everything worked better and was improved. That’s what ISO is supposed to be and is about. I also did market research; there’s a standard in Australia for market research companies, and so I performed market research audits to ensure that the auditees met the processes that were in place. There’s a lot of standards that have grown up around ISO 9001; my perception of that is that different parties want to consider themselves as having performed quality management, and have their own variation, but if you go back and look at the details, it’s all from ISO 9001. As an example of that, take continuous improvement, records management, and document control, all of which changed in the 2015 version of the standard. ISO amalgamated document control and records management and called everything ‘documents.’ I don’t know if that was a good thing. It never bothered me the way it was done before the 2015 version because I knew exactly what that was all about. To someone new to the industry, though, it might be considered innovative and more efficient.
Quality for me is an outcome of a good management system. If you have a good management system in place that’s well-managed, with trained employees, a continuous improvement function, compliance systems, and all of those things that come out of ISO 9001, then quality is the natural outcome. That’s my view.
EG: Management system auditing can be an excellent career for a person with the right skills, but it seems that not enough people are coming into the field today. What do we need to do to find those people and better support the future of the auditing profession?
KJ: That’s a good question. Most people who get into external auditing come in through certification bodies, and they are trained by the certification body to become an auditor. In Australia, my perception is that’s the only way it can be done. You can do a course where you earn a diploma in quality management, and then you can move from there into training yourself to become an auditor. You must do it through that medium, working with a certification body and having them train you up. All the certification bodies are different, and of course there are quite a few in Australia, America, and elsewhere.
I’ve read a lot of this stuff in my career. Senge’s book was a very good one, but there’s quite a few books that talk about management systems. Those of us auditing in this space are looking at quality as an outcome, we’re looking at how the system can improve, how well it’s managed, and all of those things.
A lot of people become internal quality people when they work within the system, but in the ISO standards system they are called management representatives and they do it within the one company. It is interesting that if they do follow the ISO 9001 standard, they can bend the requirements of the standard to meet their system and what they’re doing. That’s the main thing—you’re not just going in to check compliance, you’re going in to check how the organization interprets what quality management is all about and how they put it into their system. In the transportation sector in Australia, there’s a lot of legislation. One of the things an auditor must be able to do is to take what the standard says and look at the organization to see how they’re doing things and say, ‘Yes, that meets the requirement,’ not say, ‘No, no, you’re not doing this correctly because you don’t call the process such-and-such.’ That’s not understanding the standard. Understanding the standard means looking at it and saying, ‘Yes, you are doing this, but this is the way you do it, and that’s good.’ An auditor must be able to understand the organization and the standard and tie the two together.
EG: That’s a fairly sophisticated way of looking at it. It’s difficult without some level of experience to wrap your mind around the fact that, yes, you need to bring the standard to the organization, not the organization to the standard. You don’t walk in and say to an auditee, ‘This standard is the standard, and you have to fit what you’re doing into it.’ If anything, you need to do it the other way, saying, ‘OK, here are your processes. Do they work? Is your output reliable? Is it doing what you need to be doing as an organization?’ If it is, and they call it something different or they have a slightly different way of achieving that outcome, but it works, then they are in compliance with the standard. But not every auditor sees it that way.
KJ: It happens all the time.
EG: Perhaps it’s a training issue with the auditors.
KJ: Part of the reason that happens, I believe, is because organizations don’t go into it for improvement, they go into it for the trademark. In Australia there is a trademark called The Five Ticks, and that’s all most everyone is out to do. It’s up to the auditor to make sure what the auditee’s system is doing meets the requirements of the standard. Otherwise, they don’t get The Five Ticks.
EG: For the auditees, I suppose the ends justify the means in that case, but it doesn’t provide what they should be getting, which is performance improvement. It’s expensive to get and maintain certification to a given standard, and if it’s being done just for marketing purposes, the organization is going to miss opportunities to reduce waste, better serve the market, and do other things to make the organization much more successful in the long run.
KJ: I totally agree. I’ve got a Master’s in Business Administration, and I’ve studied a lot of this stuff and practiced it in industry, so it was relatively easy for me to come in as a quality person and figure out the auditing process. Well, it wasn’t easy to begin with, it was a bit of a challenge because there were a lot of changes starting in the mid-1990s, when industry moved from the 1987 version of ISO 9001 to the 1994 version, then to the 2000 version, and then to the 2008 version. Now of course we have the 2015 version, which is much more flexible than the 1994 version in terms of language. The 1994 version had 20 clauses. But then if you took those 20 clauses and put them into processes it is no different than the process approach. A certain process may include elements of inspection and testing, management responsibility, continuous improvement, training, etc. Not much has changed between the 1994 and 2015 versions of the standard, they just use different language.
EG: In theory, understanding how the language of these standards apply to the auditee’s business should be straightforward. Getting the maximum value out of standards depends in large measure on the culture of the company and the desire of not only the executives, but all the employees, to buy into continuous improvement. It’s hard to expect 100-percent compliance on that, but you just want to be a little bit better today than you were yesterday.
KJ: I learned a lot of lessons when I first started in this game, because many companies’ systems are written by consultants. Some of these consultants would barely understand the standard but write a quality management system for about 10 different clients anyway. I had several companies I was auditing in the transportation field, and I remember being a bit puzzled as to why they didn’t think they could change their system to improve it. They said, ‘Oh, we can’t do that, because the consultant said it has to be done this certain way.’ I would then pull out a copy of the standard and put it in front of them. I said, ‘Do you know what this is?’ And they had never seen it before. That’s the sort of thing that goes on.
EG: It’s the old story of the tail wagging the dog.
KJ: I learned a lot in those first few years. Now, I’ve been auditing for so long, it’s just different. By this point, you know what you’re doing, you know how to do it, and you know what should happen. Then it’s the company’s choice as to what happens from there, but they still have to comply with the requirements of the standard.