By Craig Cochran
Being a third-party auditor is challenging. You walk into somebody else’s company and try to make sense of processes that you may have never seen before. The atmosphere is often tense, and you never have enough time to do the kind of job you’d like to. Then you jump into your car and roar off to the next job. So, third-party auditors can be forgiven for saying dumb things every now and then. Here are my top five dumb things auditors say:
“You need to get a better grasp of ISO 9001 terminology.”
Does anybody in the world think ISO 9001 terminology is simpler than their own wording? If so, I pity the organization that person works for. The organization should use whatever terminology it deems fit, and sometimes this has little connection to the vernacular of ISO 9001. It’s the auditor’s job to adapt to the local terminology, not the other way around. Part of the auditor’s preparation for the audit should include getting up to speed on the organization’s terms, definitions, and vocabulary. The old saw, “When in Rome, do as the Romans do,” applies very well to the audit process.
“Six months is way too long for any corrective action to remain open.”
Ideally, corrective actions are opened, investigated, acted on, and closed as quickly as possible. There’s no benefit to stretching out the process. Implement the improvement and move on to the next opportunity. In the real world, however, corrective actions can take a lot longer. Depending on the nature of the improvement, the corrective action could involve construction, acquisition of capital equipment, culture change, or development of new processes and products. In all of these cases, it could take many months to fully implement the action. The corrective action remains open during this time, but the organization updates the status and can demonstrate forward progress. You have to consider the nature of the corrective action when you evaluate how long it’s been open.
“I won’t write you up this time, but if the issue isn’t fixed by the next audit, I’ll write a major nonconformity.”
This suggests that auditors are godlike creatures who can ignore or escalate issues at their whim. That’s not really the way an audit works, though. An audit is a factual and balanced evaluation of the organization. Failing to identify nonconformities helps nobody. The auditor should simply report what he or she finds—positive or negative. If the finding happens to be a nonconformity, it should be used as an opportunity to improve the process not as a police citation that can be avoided if you promise to do better.
“If you fix these nonconformities before the closing meeting, I won’t put them in the audit report.”
How effective are fixes that are implemented in a hurry? Not very. In fact, they tend to be very narrow and superficial actions that are mainly focused on problem symptoms. When auditors say they won’t make an issue an official nonconformity if you “fix” it in a hurry, they’re really just encouraging the worst kind of corrective action: the Band-Aid. When taking corrective action on audit findings, organizations should take a step backward and take a fresh look at the process. Part of this is identifying the full range of possible causes that exist throughout the process—from start to finish—and thinking about where else the nonconformity might exist. This is impossible to do in a rush before the closing audit meeting.
“You should separate your ISO 9001 management review from your leadership team meeting. It’s hard for me to see the required inputs and outputs in these records.”
In other words, you should do everything possible to make it easier to audit. Never mind what makes sense for your own organization. The cruel reality of auditing is that it’s challenging. Auditors have to seek out the evidence and ask the right questions, and facts are rarely served up in neat little packages. In cases where the audit evidence is pre-packaged for the convenience of the auditor, it should be suspected as possibly manufactured. Organizations must design their quality management systems in a way that helps them improve. Yes, you may have to eventually pass an audit, but that’s not the primary objective, despite the way everybody acts. A good auditor will see much more virtue in a system that drives long-term improvement versus a system that’s just easy to audit.
About the Author
Craig Cochran is the North Metro Regional Manager with Georgia Tech’s Economic Development Institute. He has an MBA from the University of Tennessee and a bachelor’s degree in industrial management from the Georgia Institute of Technology. Cochran is a Certified Quality Manager, Certified Quality Engineer, and Certified Quality Auditor through the American Society for Quality. He is certified as a QMS Lead Auditor through Certus Professional Certification.
He is the author of numerous books, including ISO 9001:2015 in Plain English and Internal Auditing in Plain English, both published by Paton Professional.
Copyright 2015 by Craig Cochran. All rights reserved. Reprinted with permission from the author.
