Auditors and Auditing
Revisions improve on the ISO 9001 standard
by J.P. Russell
This month's column is about auditors, who are an integral part of the deployment, maintenance and improvement of the rules we work by. Auditors collect, evaluate, and determine the extent to which organizations are doing what they are supposed to be doing. The what they are "supposed to be doing" may be determined by regulations, laws, industry standards, national and international standards, internal procedures or organizational objectives.
Auditing is a service that can be purchased from an external auditing organization or provided by an internal department or ad hoc group. Management expectations of the auditing function span from "it is a necessary evil" to "it is an integral part of continual improvement."
Internal system auditing
The requirements in the new ISO/Final Draft International Standard 9001:2000 clause on auditing are very similar to the existing requirements in clause 4.17 of ISO 9001:1994, but I think the new wording is an improvement over prior versions. We even got rid of the wording that personnel must be "independent" of those having direct responsibility and replaced it with the idea that the output goal is for organizations to ensure objective and impartial audits.
The ISO 9001:1994 requirement for internal quality audits to determine the effectiveness of the quality system has been left out of the new version. This seems to limit the role of the audit program under the ISO 9001:2000 quality management systems requirement standard. However, if we take a look at ISO 9004:2000 for business improvement, the internal audit function is responsible for evaluating the effectiveness and efficiency of the organization.
ISO 9001:2000 audit training
Virtually all existing auditors will need training in the new version of the standard and new auditing techniques. Put it into your budget. Existing auditors and audit program managers familiar with the ISO 9001:1994 version will need to receive what people are calling transition or delta training.
Since many of the requirements of the new version of the standard are simply repeats or elaborations of previous requirements, a one-day course on the changes and new audit techniques may be sufficient for internal company auditors.
If you are a Registrar Accreditation Board (RAB) quality system auditor, you are required to take 14 hours of training to maintain your certification. The training must take place within 18 months of the issuance of the ISO 9001:2000 international standard. Auditors wanting to maintain their RAB certification may take the training from any organization as long as it meets RAB requirements.
RAB has preapproved some courses and put that list on its Web page at www.rabnet.com. For courses that have not been preapproved, additional documentation will be required when auditors seek credit for the transition or delta training. Contact RAB at 888-722-2440 for details.
We should applaud RAB for opening up the transition or delta training to as many course providers as possible. The additional training options for veteran certified auditors should result in better classes at lower costs. The United Kingdom based International Register of Certified Auditors (IRCA) also requires 14 hours of training but has taken a more formal approach similar to the five-day lead assessor class.
RAB type transition training has been advertised for just under $1,000. I expect ISO 9001:2000 transition course offerings to range anywhere from $250 to $1,200.
ASQ CQA certification
ASQ offers a certified quality auditor (CQA) program. If you take a four-hour exam, pass it and meet the specified requirements, you can become an ASQ CQA. The ASQ Quality Audit Division (QAD) now offers its own CQA refresher classes. When you attend a QAD conference, you can take both the QAD CQA refresher class and the CQA exam.
The quality auditor body of knowledge used for the CQA exam is being modified with the addition of subtext. The subtext is reported to describe what is meant by the ASQ quality auditor body of knowledge topic headings. The subtext is expected to appear in the ASQ CQA brochure starting this month, and candidates for the CQA exam can be tested on the content of this subtext.
The QAD certification chair is looking for volunteers to write questions for the CQA exam. If you are an ASQ Certified Quality Auditor and would like to learn more about this valuable experience, please contact ASQ at 800-248-1946, and ASQ staff members can put you in touch with a QAD officer.
RAB auditor certification
RAB also offers auditor certification programs. Most auditors who conduct third-party registrar audits are certified by the RAB or IRCA. RAB recently announced a reduction in certain quality management system auditor certification program requirements relating to work experience and witness audits. This reduction is welcome news because it seemed that the answer to every auditor issue was to add another requirement for certification. RAB quality management system auditors already have more ongoing certification requirements than most other professionals.
The new ISO 9001:2000 will seem like a breath of fresh air for organizations, but many auditors are still holding their breaths with a wait and see attitude. Transitioning to the new standard should not be a big problem for internal system auditors once they understand the new requirements and auditing techniques. The major issues will probably be with third-party conformity assessment auditors.
Only time will answer the following questions: Will the organizations being audited accept more culpability when auditors cite nonconformances for higher level nonprescriptive requirements? Will registrars support their auditors when organizations being audited appeal a nonconformance relating to deployment or process output measures?
The quality management audit (ISO 10011) and environmental management audit (ISO 14011) standards are being replaced with a new guideline standard called ISO 19011 for quality and environmental management systems auditing. The new standard is still in development and has progressed to what is called the committee draft number two, or CD2, stage.
By most accounts, the new standard has been received favorably, but recent criticism and questions about the intended users of the document have set new challenges for the task group working on the standard's development.
The criticism includes such comments as "not user friendly," "too big" and "only for third-party registrar auditors." To me, these are valid criticisms if the document is to be used as a guideline by small, medium and large organizations that have implemented a management system (environmental or quality). Before the standard is advanced to the next stage of development, the criticisms should be resolved and the intended users clearly defined.
Auditors make front page
On Sept. 8, USA Today ran a "Money" section front-page article titled "Quality Auditor Ok'd Deca-tur Tire Plant" by Del Jones. The article was damaging to the quality profession because it fostered the myth that quality can be achieved through inspection and, for that matter, that inspection can detect all imperfection and eliminate fraud.
The truth is that over the last 20 years society has been the benefactor of the fact that organizations have improved processes instead of adding inspectors.
I have heard from registrar auditors who believe that there is not enough time allocated for an audit to complete all the paperwork and conduct a proper audit. I would echo those concerns and add that auditing against the new ISO 9001:2000 will take even longer.
J.P. RUSSELL is principal of J.P. Russell and Associates (www.jp-russell.com), a quality management training organization and sponsor of Web based training programs at www.QualityWBT.com. Russell is author or editor of several Quality Press books: The ISO Lesson Guide 2000, After the Quality Audit: Closing the Loop on the Audit Process (both editions), Puzzling Auditing Puzzles, Puzzling Quality Puzzles, The Quality Audit Handbook, Quality Management Benchmark Assessment and The Quality Master Plan. He can be reached at firstname.lastname@example.org.