Richard A. Litts, the founder and president of Litts Quality Technologies Inc., has many years of corporate, manufacturing, and consulting experience. He is an Exemplar Global Quality, Environmental, and Medical Device management systems-registered lead auditor, a PROBITAS Authentication AS9100 aerospace experienced auditor (AEA), and an IAQG-qualified AS9100 aviation, space, and defense auditor. Litts has been a member of (and the AS9100 subject matter expert on) a committee to protect impartiality for an international QMS registrar.
He is an U.S. expert representative for the U.S. Technical Advisory Group (TAG) to the International Organization for Standardization (ISO)/PC 302 Committee. This TAG was responsible for revising the ISO 19011:2011 standard, which was released as ISO 19011:2018, “Guidelines for Auditing Management Systems.”
Litts is a senior member of ASQ, an ASQ-certified quality engineer, and a certified quality auditor. He was the chairman of the Philadelphia section of ASQ from 2001 to 2002 and was the Region 5 deputy regional director from 2002 to 2005, and again from 2010 to 2011. Rick served as the ASQ Region 5 regional director from 2005 to 2009 and was a member of the ASQ Board of Directors from 2005 to 2009.
In this interview, we chat with Litts about how ISO standards have improved over time, why it is important to audit the organization instead of the person, and get some pertinent advice for those looking to make auditing a career.
EXEMPLAR GLOBAL: I’d like to start by asking a little bit about your background and how you got involved in quality and management system auditing.
RICK LITTS: Early in my career, I was working for SKF, which is an international bearing manufacturer headquartered in Gothenberg, Sweden. I was responsible for implementing a global management system audit program here in the United States, which included conducting management system audits of manufacturing plants, sales offices, and warehouses. I gained valuable experience and competencies by auditing these various types of organizations. Because it was an international program, I interacted with auditors from other countries around the world. This was a great learning experience because it allowed me to see how other auditors conducted audits and find out what I liked and what I felt could change.
EG: And what about your business? How did that start?
RL: I performed an audit for one of the SKF manufacturing facilities that had some issues. I was asked to go there and help turn the organization around from the quality standpoint. Now, there’s a lot of pressure in turning around a business with approximately 200 employees. When the audit turnaround was complete and successful, the parent company ended up selling the division. So, needing something else to do, I decided to start a consulting business related to the quality field. That was 24 years ago. Ever since, Litts Quality Technologies has been doing consulting, auditing, and training, and I’ve been a certified auditor through Exemplar Global for 18 of those years. It’s been a good relationship.
EG: That’s quite a success story. I think we’ve gone through three updates to ISO 9001 in those 24 years.
EG: Speaking of ISO 9001, and to a lesser extent other ISO standards, how do you feel that they have evolved and improved over time?
RL: I think the biggest improvement was the 2000 revision, when it went to process-based auditing. Up at that point, we audited the elements of the standard. We would audit an element and trace it through the organization, and then start at the beginning with the next element, and so forth. When the process-based approach came into play, that made much more sense to me as far as conducting audits. There, you go into a process and look at all of the applicable clauses of the standard. You can cover those during one audit. It reduced the amount of time to do an audit, and processes better represent how businesses work, anyway. I think that was the biggest change. The next most important came in with ISO 9001:2015, when ISO corrected some terminology through Annex SL and the 10 matching clauses across common standards, which will be the format for any management system that comes through ISO going forward. There have been some really good changes made over the course of time.
EG: How has that high-level structure changed the game for you in terms of training professionals to audit against various standards? What are differences and similarities when training someone to audit ISO 9001 vs. ISO 14001 or some of the other standards or schemes?
RL: Yes, there are differences, no doubt about it. For instance, the knowledge level required coming into the training is different. ISO 9001 is the most common link across general industry, but if you look at sectors like aerospace and defense, medical device, calibration testing labs, food and beverage, and distribution centers, there are differences and similarities.
For those who come into the training to audit these integrated management systems, there are different levels of knowledge. What I mean by that is, auditing the quality management system and auditing the environmental management system require different levels of skills, and the trainees bring their experiences into it because they have seen different things. And now, virtual auditing techniques are different based upon the skill level of the auditor candidates. People have different skills for things like using Zoom.
One of the similarities I’ve seen across standards include candidates not being aware of what they’re getting themselves into. Sometimes it’s kind of a shock as to what it takes to become a competent auditor. There are basically three things that an auditor needs to know. First, they must have knowledge of the standard that they are auditing against. Second, they really need to know how to conduct effective process-based audits…. they need to stay away from this clause-by-clause auditing. Third, they need to perform audits because then they can gain the experience of using those skills they learned during the training.
Another similarity I’ve noticed is that there’s not much knowledge of ISO 19011:2018, which are the guidelines for auditing management systems. This is a very useful standard that has a lot of information for auditors, but they just are not aware of it. The training programs I do revolving around process-based auditing is all based on that standard.
EG: Would you say that the role of the auditor is evolving to be more of a value generator? In other words, without consulting of course, should the auditor help the auditee by holding up a mirror as a means of improving the organization?
RL: Yes, and you bring up a very important point in that auditors must be careful not to consult unless it’s part of the scope for internal audits. But in general, auditors are very important in leading continual improvement. That’s a big part of conducting an audit because you’re looking at whether the organization is in conformance with the requirements of the standard. The job is to make sure that the system is implemented and that it’s effective.
During the audit, third-party auditors should first address the positive things and then cover the opportunities for improvement without crossing the line by telling someone how to do something. That can be done by talking with the auditee about the requirements of the standard and going over the objective evidence that shows the process is not in compliance. Then it’s up to the process owner or the team lead to address it, not the auditor.
EG: That’s a great distinction. I’d like to ask you a bit more about training. As a person that has been trained and done a lot of training yourself, what would you say are the most important lessons you’ve learned along the way, and what information, in turn, do you try to give to auditor candidates as they build their careers going forward?
RL: The number-one thing that sticks out for me is to know the standard inside and out. Read it and study it. What I learned is that it isn’t sufficient to go into an audit if you’re not completely familiar with the standard, because then you’re there doing the audit trying to read and interpret the requirements. Based on that, when I teach auditor candidates, the first thing I do is make sure that they know the standard. On the first day of any training, and it may go into the second day, we cover everything about the language of the standard. We go through the requirements, do exercises using the standard to find the answers, and discuss our findings.
The second important thing that I try to teach are auditor characteristics, and there are many. The ISO 19011 standard has many characteristics for auditors, but some of the most important ones that I stress are, one, be open-minded. Be willing to consider alternative ideas when you do an audit. If you think about ISO 9001, for example, there are hospitals that are registered, there are hotels that are registered, school districts, manufacturers, etc. They are all different, yet they have all met the requirements of the standard, so as an auditor, we must consider that.
Next, be observant and be aware of the auditee’s physical surroundings and what activities are being performed. I tell the auditor candidates that if they’re going to an organization or one of their facilities, always take a tour of the facility right after the opening meeting. When you walk around, keep your eyes wide open. Look at what’s there, what’s posted, what the facility looks like, and what the people are doing. Later on, when you go back to audit the processes, you can take a look at those things in more detail.
The next one is, be perceptive. You have to be aware and be able to understand different situations. You don’t have all the time in the world to do these audits, so you have to see what the requirements are, you have to look at the objective evidence, and you have to determine whether the auditee is meeting the requirements of the standard.
I talk a lot about being ethical, which means fair, truthful, and honest. That’s critical whether it’s a third-party audit, a second-party audit, or an internal audit. I always emphasize that these audits are not an audit of an individual, they are audits of a process, and an individual is only one small part of it. An individual can be doing everything they’re supposed to, but the process may not be right. Maybe it’s not meeting the outputs, or the procedures or work instructions may not be correct. It’s possible that the person may not have all of the resources they need to do the job or task.
And then the last key factor, which you already mentioned, concerns consulting. You have to be careful not to be a consultant, particularly with third-party audits. I have had the experience at many companies where I see something and I ask, ‘Where did you get that idea?’ And they’ll say, ‘Well, the auditor said we had to do this.’
In that circumstance, the auditor has really crossed that line from being an auditor to being a consultant. Now, if that had been a witness audit, it would have been an entirely different response from the auditor because they wouldn’t have been able to tell the auditee what to do. If they did, it would have ended up being a corrective action for the auditor, and the certification body would have had a problem, too.
EG: Do you ever have a situation where an auditor goes a bit too far the other direction, where they are so concerned about not being consultative that they don’t even answer questions at all?
RL: What I always say is, you have to explain yourself, you have to show what the requirement is, and then you have to show what is not in conformance. I teach that you need to do that when it occurs during the audit. If you see something that you know is not in conformance and you don’t say anything, and then you walk away, later the auditee will ask, ‘How did I do?’ as opposed to, ‘How is the process?’
As an auditor, it’s important to choose one’s words carefully. Don’t say things like, ‘Here are the negative things I found.’ Always put it in the context of improvements because that auditee may not be responsible for implementing corrective action.
I haven’t had anyone that I’ve trained who was ineffective because they were afraid of speaking up. An auditor needs to have confidence, and they acquire that through the competencies of knowing the standard and how to do audits.
EG: Finally, one of the things we talk about a lot is the idea that this is something of a graying workforce, in that there’s probably not enough people coming into the field, despite the fact that we know it’s a good career. Given that, what advice would you give to people as to what you can do with auditing as a career?
RL: Some advice I would give to anyone who’s interested in starting is to jump at any training courses related to auditing or overviews of different standards. That’s a key. To me, it doesn’t matter what the course is… you always gain something. I always say if you learn one thing from taking a course, it was positive.
The second thing I would suggest is to obtain a copy of ISO 19011:2018. Read it and study it, because it goes through all the steps of doing audits, the preparation, conducting the audits, the reporting, the characteristics, and how to manage an audit program. It’s a very good standard and it talks about risks for the auditor as well as risks for conducting audits, so knowing that really helps.
I would also suggest that people take the ASQ certified auditor exam. It’s a great way to enhance your competencies and a great credential to have. I’ve seen advertisements for auditors within organizations that say, ‘ASQ certified auditor preferred.’ I would also suggest that they take an Exemplar Global-certified training course and work towards becoming a lead auditor. You can do the internal auditor training, but if you take a lead auditor course, it’s usually a day or so more than the internal auditor program. It’s a great skill to have, so having those two really helps you.
In terms of the career path, once you have some credentials, you can become a certified auditor and consider becoming a third-party auditor or working for a certification body of some sort. And this can be done either full-time or part-time, so if you’re working for a company, use vacation and personal time to conduct audits. You have the potential to see the world and get paid for it. It can be a great career path for people.
There is a definite need for good, competent auditors out there. The certification bodies are looking for them; some certification bodies do their own auditor training, but if you hold a credential from an Exemplar Global-certified course, it carries a lot of weight. Auditing is a great career path, and I encourage anyone to do it. And everyone can do it.