ISO 9001:1994 has been defunct a long time. It’s a dinosaur, fossilized into the history of the last century. It was a great step forward for standardization of quality management systems. However, it had a few shortcomings. Perhaps the most unfortunate practice that it spawned was the habit of auditing by the elements. The practice persists to this day.
The scope of these kinds of audits is narrowly focused on one specific clause of the standard. Hence, an annual audit schedule is planned with a unique clause—or two—covered in each month: calibration in January, purchasing in February, customer-owned material in March, and receiving in April, despite the fact that the receiving process is directly related to the purchasing process. The habit has even been reinforced by third-party auditors who, as part of their audit reports, check off which elements have been audited during each surveillance.
We are now in the midst of the process to unroll a new version of ISO 9001—the third since the 1994 release. And yet, despite thousands of hours of training on the process approach and dozens of books, organizations are still auditing by the elements. It’s like paint by number, only you never get a finished picture because you use a new canvas for each color. You do twelve audits, you get twelve fragmented pictures of your quality management system.
Why does this matter? If audits are being conducted for the sole purpose of fulfilling ISO 9001 requirements, then it probably doesn’t matter at all. You go through the motions, produce some kind of record to provide evidence that you’ve done the audits, and then bury the reports until the registrar shows up. The whole thing is a waste of time—a misallocation of precious resources and a fraud.
To audit by the elements ignores a basic premise of business: No activity is performed for its own sake. There has to be a reason (an input) for the activity. This implies the need to look upstream to the requirement that predicated the activity and to look downstream to see if the requirement has been successfully fulfilled. Auditing by the elements does not allow this perspective; it doesn’t allow the organization to perceive the sequences of processes so as to observe breakdowns or bad practices that are creating unacceptable levels of risk. You are left without the ability to answer the question: “Did the process as implemented yield the results we wanted?” Or, to use a more specific example: “Did the purchase order as written communicate to the suppliers the customer’s need for material traceability, and do our receiving records show if the traceability was achieved?” This would require looking at records of actions from two or three processes, defined in several procedures and mirrored by requirements embedded in two or three ISO 9001 clauses.
Because it’s impractical to audit the entire quality management system several times per year, how do we structure our audits to ensure optimum benefit?
Cluster processes to reflect the process approach. Set up audits that allow the auditors to look at the inputs from previous processes, ensure the outputs will enable fulfillment of successive processes, and assess the control of support processes.
For example, a cluster of processes might include purchasing, receiving, incoming inspection, and inventory storage. The inputs to the purchasing function might require looking at customer orders if they are the primary driver for purchase orders. Otherwise, the audit could begin by looking at MRP or ERP reports. The purchase orders should specify the product attributes and acceptance criteria. These enable the receiving and incoming inspection functions. They may also indicate the need for material traceability—a separate QMS requirement, but one that is tied to the processes that are within this cluster. The output of the receiving and inspection functions allow for the movement of the material into inventory. Concurrently, it’s possible to assess other requirements that may be applicable, such as calibration of inspection equipment and logistical controls to ensure continued traceability. Finally, the auditor gets to assess the control of both documents and records that relate to all the processes audited.
The resulting report provides a more complete picture of how and to what degree these processes work together to help meet customer requirements—as opposed to a brief report that shows that all purchase orders were properly signed and issued to qualified suppliers.
It’s time we finally climb out of the audit silos and start conducting audits that reflect a well implemented system.
About the author
Denise E. Robitaille is an active member of the U.S. TAG to ISO/TC 176, the committee responsible for updating the ISO 9000 family of standards. She is also principal of Robitaille Associates, committed to making your quality system meaningful. Through training, Robitaille helps you turn audits, corrective actions, management reviews, and processes of implementing ISO 9001 into value-added features of your company. She’s an Exemplar Global-certified lead assessor, ASQ-certified quality auditor, and ASQ Fellow. She’s the author of numerous articles and several books, including The Corrective Action Handbook, The Preventive Action Handbook, and her newest book, 9 Keys to Successful Audits, all published by Paton Professional.