Missing image

Treat Audits as Servants, Not Masters

Focusing on audits as a means to an end and not just as an odious chore results in higher quality, lower costs, and smooth operations.
Focusing on audits as a means to an end and not just as an odious chore results in higher quality, lower costs, and smooth operations.

by William A. Levinson

The treatment of ISO 9001:2008 and related standards as costly and time-consuming annoyances is a self-fulfilling prophecy that turns them into exactly that. When organizations focus only on “passing the audit,” they get little real return for the time and effort. When organizations treat the standard—and the audit—as means to an end, the results include higher quality, lower costs, and smooth operations.

Quality systems developed directly from the need to manage complex processes. There was a time when a single worker, or at most a handful of workers, controlled the entire outcome of a task. Carpenters, blacksmiths, cobblers, doctors, and other trade workers and professionals had total control over a job from start to finish. Division of labor as well as the evolution of complex health care organizations meant that no single person was in any position whatsoever to take responsibility for the outcome of a process. The original (1987) release of ISO 9001 made this emphatically clear:

Technical specifications may not in themselves guarantee that a customer’s requirements will be consistently met if there happen to be any deficiencies in the specifications or in the organizational system to design and produce the product or service.

Frank Gryna and W. Edwards Deming added that a bad system will beat a good worker any day of the week. Gryna wrote in Juran’s Quality Control Handbook (McGraw-Hill, 2010) that 20 percent of an organization’s problems, such as poor quality, are due to carelessness and similar worker-related faults. The system in which the people work is responsible for the other 80 percent. Deming said the ratio was closer to 15:85.

This suggests, in fact, that more than four out of every five malpractice cases are not the fault of any individual doctor, nurse, or other health care professional, but rather that of the complex systems in which they must work. A patient may get a hospital-acquired infection because a person over whom the doctor has no control fails to practice good hand hygiene procedures. Plenty of things can happen to a prescription between the time the doctor writes it and the patient receives it. This, in turn, suggests that implementation of ISO 9001:2008 in health care would save countless lives and reduce health care costs enormously. I have seen credible estimates that range from 30 to 60 cents of every health care dollar.

The focus is on the system

There is an instinctive, often hostile reaction to the word “audit” when people don’t understand the purpose of the activity. The purpose of an audit, such as one from the Internal Revenue Service, is usually to catch people doing something wrong. Financial audits tend to focus on compliance, and they also expose evidence of crimes such as embezzlement.

The focus of ISO 9001 is, however, on the system as opposed to the people. It’s admittedly possible for a nonconformance to result from noncompliance with procedures and work instructions, but most nonconformances relate to deficiencies in the system itself. Even apparent noncompliances are often traceable to weaknesses in the system. Suppose, for example, that somebody is using an obsolete work instruction. An initial reaction might be to reprimand the worker for not being more careful, but a more intelligent reaction would be to ask why it was even possible for the worker to have an obsolete work instruction.

The same could go for the presence of a gage that has missed its calibration date. Somebody who doesn’t understand systems might demand why the person responsible for the gage was careless. The person who makes the standard and the audit his or her servants rather than masters would instead ask why the calibration system allowed the gage to miss its due date. There are, in fact, plenty of commercially available calibration management systems that make it almost impossible for this to happen. This leads to the concept of “Can’t, rather than don’t.”

Can’t, rather than don’t

This was actually a safety principle that originated at the Ford Motor Company. It was common during the 1910s and 1920s to post warnings against putting one’s hands, or other body parts, into moving machinery. Workers lost countless fingers and hands in closing presses despite the warnings, which underscores the principle that any job which relies on worker vigilance to prevent trouble will, sooner or later, have trouble.

Ford introduced presses that required each worker to press two buttons to operate. If the workers’ hands were on the buttons, they were not in the press. Instead of posting a sign that says, “Don’t put your hand in the press,” Ford arranged matters so “You can’t put your hand in the press.” This is the same principle that applies to error-proofing, or poka-yoke, and it should apply to processes and systems as well.

Another example involves administration of high-concentration heparin instead of low-concentration heparin. Dennis Quaid’s twin children were, for example, given a thousand times the dose the physician intended because the labels on the containers were very similar. Baxter1 then implemented “Can’t rather than don’t” with labels that are not only visibly different, but also require the user to tear off a warning label to use the higher dose. Ninteenth century pharmacies were, however, well ahead of Baxter. Dangerous medications and poisons were packaged in hexagonal containers or containers with bumps or ridges. These unusual shapes instantly told the person who picked them up that their contents were particularly dangerous. ISO 9001 is a framework for the application of “Can’t, rather than don’t” to an entire system.

“How?” is a good question

The people who design the system and write the procedures should always ask questions that begin with “How,” as opposed to “Do we…” The latter invites a checklist or yes/no response. The former demands details and exposes potential problems.

“Can’t,” in the context of “Can’t, rather than don’t,” also is a good word. Examples might include:

  • How do we ensure that gages are calibrated? Alternatively, how do we ensure that gages cannot miss their calibration dates?
  • How do we ensure that the calibrations are traceable to NIST standards?
  • How do we communicate the quality policy to the workforce, and make sure the workforce understands it?
  • How do we make sure that nonconforming work is segregated from the product stream? Alternatively, how do we make sure that nonconforming work cannot re-enter the product stream?
  • How do we make sure that people are aware of document revisions?
  • How do we know that obsolete documents cannot be present on the shop floor?

Auditors should also phrase audit questions in this manner, and the response should be a narrative reply as opposed to a simple yes or no. If there is no answer (and/or no quality records as evidence), then there is a flaw in the quality management system. Exposure of these flaws, either during the planning process or during audits, protects the organization from poor quality, customer dissatisfaction, and other genuine costly and time-consuming annoyances. Again, this approach makes the standard and the audit servants rather than masters.

This doesn’t change the fact that organizations never like to have auditors find nonconformances, which leads to another thought: Find the nonconformances first.

Make every day an audit

Many Japanese companies empower their workers to file a hiyari, or “scare report,” for safety and quality issues. The hiyari has the same force as a finding by an auditor. If the company trains workers to understand ISO 9001, a worker can then file a quality system hiyari that, perhaps upon approval by a trained auditor or the quality system’s management representative, has the same force as an audit finding. This results in a closed-loop corrective action that removes the exposure in question. The entire organization will be receptive to this approach as long as everybody remembers that the goal is to find fault with the system, and not the people who work in it.

An audit should not be an event whose sole purpose is to qualify an organization for a certificate. When it is, the audit and the standard become the master whose demands the organization must satisfy, at least temporarily, in exchange for a piece of paper. The audit and standard become the servants when the organization uses them proactively to remove deficiencies from the quality system and to drive continuous improvement.


  1. http://sustainability.baxter.com/quick-links/case-studies/2007-report/reducing-medication-error-2007.html

About the author

William A. Levinson, P.E., is the principal of Levinson Productivity Systems, P.C. He is an ASQ Certified Quality Engineer, Quality Auditor, Quality Manager, Reliability Engineer, and Six Sigma Black Belt, and the editor of The Expanded and Annotated My Life and Work: Henry Ford’s Universal Code for World-Class Success.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.