ISO 9000:2000 will create challenges, require new competencies

Members Log In Now | My Saved Articles | ASQ.org

Keywords

Industry

Topic

Author

Date Range to

Search QP Search ASQ.org

2012

2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
- May
1999

All About Auditing

ISO 9000:2000 will create challenges, require new competencies

by J.P. Russell

Auditors are a coalition of men and women who verify that people are doing what they promised or planned to do. They supply a service for the third-party conformity assessment process, for evaluating supplier partners and for an organization's quality management system.

Auditors are an independent lot, yet they must conform to a variety of rules, standards and procedures and to a code of conduct. Few other professionals have to adhere to as many rules and requirements to remain qualified to work each year as do U.S. Registration Accreditation Board (RAB) certified auditors.

Independence

As an auditor, I worry about maintaining independence and remaining open minded. I am pleased to report that I am not writing this column to promote the agenda of any organization, nor am I limited because of any allegiances. The comments that follow are my independent views--based on experience, research and comments from others.

While I am a member of many organizations, I have none of the obligations associated with being CEO, president, board member or official spokesperson. I am also not a spokesperson for Quality Progress magazine or ASQ. My agenda is writing what I think is best for all auditors and customers of the audit process.

The new system audit standard

Third-party environmental and quality system auditors will be interested in the new (still in development) system audit standard. Called ISO 19011, it will replace the ANSI/ISO/ASQ Q10011 guidelines for auditing quality systems and the ISO 14010, 14011 and 14012 guidelines for environmental auditing.

The good news is that the environmental and quality folks combined their knowledge to come up with what many say is an excellent, mature auditing standard. It is also good that there will be one less standard to contend with. The new standard is still evolving, and it may be several months before it is ready to be published in its final form.

To some, this combined standard is a win-win one, while others think it is a win-lose--a win for the third party compliance assessment process and a loss for quality auditing and system effectiveness improvement.

The complication is that the focus of a quality system is to provide a product or service that will achieve customer satisfaction, while the focus of an environmental system is to achieve compliance to statutory and regulatory requirements.

The environmental auditors may worry about liability if they assess for effectiveness, while quality auditors may worry that they cannot provide a value added service unless they assess for effectiveness. Mix in the different agendas for first-, second- and third-party auditing, and you have potential fireworks. So far, however, what I have seen is a usable document for both quality and environmental system compliance audits.

This still leaves some auditors and organizations with a potential predicament. When the new ISO 9000 series standards are published, there will be no defined term "quality audit." The words have been deleted from the vocabulary of the ISO 9000:2000 Draft International Standard and the proposed ISO 19011 Committee Draft 1 (ISO/CD 1) of the guidelines on quality and environmental auditing.

The new auditing standard simply defines the word "audit" to include auditing for all types of standards whether quality, environmental or other. This underscores the point that many audit methods are common no matter what type of system or market sector is being audited. The only differences are in some auditing techniques, objectives and performance standards.

There are emerging interests in process auditing. No body of knowledge or auditing standards exist to provide adequate guidance for process or product audits. ISO/CD 1 19011 falls short of meeting process and product audit needs, and there is no existing American National Standards Group/ASQ standard to provide guidance. There has been some talk at ASQ Audit Division meetings that there is a need to develop a process audit standard. By the time this column is published the idea will be moving forward or tabled depending on division member interest.

One of the good things about the ASQ Audit Division is that every dues-paying member has a right to be heard. Simply attend one of the three yearly business meetings or contact a regional councilor or division officer. For additional information about the division meetings, call ASQ customer service at 800-248-1946 or 414-272-8575.

Internal auditing

There are also significant changes pending for the internal audit clause of the proposed ISO 9001:2000 standard. The title of the ISO 9001 clause was changed from Internal Quality Audits to Internal Audits to eliminate the word quality.

At first this seemed odd to me since it is a quality management standard, but since there will be no quality audit term definition, it is consistent. The existing 1994 ANSI/ISO/ASQ Q9001 standard states that audits shall "verify whether quality activities and related results comply with planned arrangements and to determine the effectiveness of the quality system." The new proposed ISO/DIS 9001 standard requires that audits "determine whether the quality management system conforms to requirements of this international standard and has been effectively implemented and maintained."

It states very clearly in the proposed standard that internal organizational auditors are to audit against the international standard and determine if it has been properly deployed and maintained. Critics would say that internal auditors should also determine whether the quality management system conforms to internal procedure requirements and whether the resulting system is effective.

While some say the preceding is simply a duel over wording, others believe significant changes are being made. Are we losing the up-side potential of quality audits to contribute to business improvement, or are we simply refocusing auditing to where it needs to be? Personally I think we need to continually find ways to utilize internal auditing resources for the benefit of organizations--and any initiative that does not promote optimum use of resources is not in the best interest of the organization.

Auditor certification

As most of you know, ASQ offers a Certified Quality Auditor (CQA) program. You take a 4-hour exam and meet the requirements to become an ASQ CQA. This program is similar to programs like Certified Public Accountant or Professional Engineer. It is well-designed, professionally maintained and highly respected.

The news here is that there will be new supplemental options for auditors as ASQ creates add-on exams. Soon, CQAs will be able to qualify as HACCP (Hazard Analysis Critical Control Point) auditors. Next, ASQ is considering an add-on exam for the biomedical industry. The add-on exams will be about two-thirds the size of the existing CQA exam, and to qualify, one must first pass the CQA exam.

RAB launched an internal quality management system (QMS) auditor certification program last spring. The program allows internal auditors (company auditors doing internal audits) to be certified by the RAB after providing verifiable evidence of education, a QMS auditor training course, work experience in quality assurance activities, personal character attributes and QMS audit experience gained within the last five years.

The United Kingdom's International Register of Certificated Auditors (IRCA) has had a worldwide internal auditor certification program since 1992, with about 380 internal auditors currently registered by the IRCA organization. Anyone interested in the new internal RAB QMS auditor certification should visit www.rabnet.com for details.

Auditing against

Some of the biggest news for auditors comes with the new ISO 9001:2000 standard. The new QMS standard is designed to be more flexible and user friendly. It has fewer mandated system requirements and emphasizes the importance of achieving customer satisfaction.

This is wonderful news for the organizations registered to the standard, and I think it is in the best interest of ongoing improvement. However, there are a lot fewer prescriptive requirements--in other words, there are fewer easy-to-audit requirements.

The new standard has more results oriented and conceptual requirements. Some auditors have described these requirements as not auditable. For example, an easy-to-audit requirement might say, "The company shall have a written procedure for doing the best it can at all times." In this example, the auditor can determine if the organization has a written procedure and if it is being followed.

An example of a requirement that may be identified as not auditable is, "The company shall do the best it can at all times." In this example, collecting objective evidence to determine conformance or nonconformance to the requirement is more difficult.

Since the new ISO 9001 standard contains many of these not-so-easy-to-audit requirements, an agreement was reached that requires auditors to demonstrate new competencies including knowledge and understanding of the requirements of the new ISO 9001:2000 standard, the concepts and terms in new ISO 9000:2000 standard, and the eight quality management principles. The agreement does not tell auditors how this will be done, but a training program coupled with observations of auditor work may satisfy the requirement.

The conformity assessment process (system of accreditation, registration and auditing of organizations) will be challenged over the next several years to make the necessary changes for the new ISO 9001:2000 standard style. Critics question the issuance of standards with requirements that cannot be checked (audited), saying it's similar to legislators issuing a new law that cannot be enforced. On the other hand, why should the standard writers be constrained by the existing conformity assessment system?

J.P. RUSSELL is principal of J.P. Russell & Associates (www.jprussell.com), a quality management consulting firm specializing in assessments, planning, continuous improvement, and classroom and Web based auditor training. He is editor or author of the Quality Press books The ISO Lesson Guide, Puzzling Auditing Puzzles, Puzzling Quality Puzzles, The Quality Audit Handbook (both editions) and After the Quality Audit: Closing the Loop on the Audit Process. He and six other standards experts will contribute to "Standards Outlook" on a rotating basis.

QUESTIONS ABOUT STANDARDS

Send your questions about the quality and environmental management system standards and their derivatives to standardsquestions@asq.org, including your daytime phone number. Your questions will be answered by one of Quality Progress' "Standards Outlook" expert contributors.

If you would like to comment on this article, please post your remarks on the Quality Progress Discussion Board, or e-mail them to editor@asq.org.