Wow.

As I struggled to catch up on the thread, I got the impression of an "us vs them" flavor in some of the posts.

Folks, we may be on different oars, but we're in the same boat!


Hershal

The title of this thread is "Are 3rd party ...allowed to provide "Recommendations".

I would refer you to my article in the Reading Room about "Auditing - at the Dawn of Opportunity" in which you will see my views that registrars must be allowed to provdie solutions etc to problems because as you rightly say, Hershal, we ARE all in the same boat and considering the current economic performance of the US economy (Current account deficit, exchange rate, fiscal deficit etc) it is not doing as well as politicians would have one believe. It is time to DUMP COI concerns and allow anyone who has useful knowledge and solutions to help business improve.

So, this thread's question should really now be : "Is it time to remove the constraints under which registrars have been expected to operate", which is what I raise in that speech. We must look ahead. The current title of this thread does not move us forward and business cannot wait on us getting our house in order.

I split this post from the thread Are 3rd party (ISO9001 Registrar) auditors allowed to provide "Recommendations" ? (http://elsmar.com/Forums/showthread.php?t=8842&highlight=3rd+party+allowed+%22provide), because Allan turned the question around a bit and I thought the post deserved a thread of its own. Discuss...

/ClaesSo, this thread's question should really now be : "Is it time to remove the constraints under which registrars have been expected to operate", which is what I raise in that speech. We must look ahead. The current title of this thread does not move us forward and business cannot wait on us getting our house in order.

I opine that the current strictures on third party registrars make them seem more like the secret police from some totalitarian country than "Andy, the Sheriff of Mayberry."

If we can agree that the premise of third party inspection is to help organizations in a supply chain work to a "Standard" to eliminate as many misunderstandings and misinterpretations as possible so products and services move in a smooth flow from one step to the next, then we need a "compassionate" entity to help rather than a cold, dispassionate robot which only judges right or wrong with no help on how to transform from "wrong" to "right."

We need someone more like Andy Taylor of Mayberry than Robocop!

I think it is important that we remind ourselves about the original goal of accredited management system certification activities: to provide for some level of confidence to an organization’s customers and other stakeholders about supplier conformance to a standard/specification, be it in quality, environmental, information security, etc….

PROVIDE CONFIDENCE. If a 3rd party certificate does not deliver that, then there is no credibility in the process and the exercise becomes futile.

We have discussed numerous times that the present process has at least 1 major drawback: the expectations from the registrar’s customers and the expectations from the registrar customer’s customers are, for the most part, distinct. While registrars have obviously to be concerned with their immediate customer’s expectations, we can not forget that the actual “users” of our certificates are our customer’s customers. It is imperative, in my opinion, that we find a way to reconcile all stakeholders expectations.

In my experience, in order to make the work of third-party agencies more meaningful, be it by constraint re-definition or other ways, two basic criteria have to be rethought:

We need more transparency
We need more accountability, at all levels.

On another thread, I had tried to start a related discussion ISO 9000:2020 by the Covers - Authoring a draft of the 'next generation' ISO 9001 (http://elsmar.com/Forums/showpost.php?p=101416&postcount=14) but there was no interest.

In my experience, in order to make the work of third-party agencies more meaningful, be it by constraint re-definition or other ways, two basic criteria have to be rethought:

We need more transparency
We need more accountability, at all levels.


So, how is this to be accomplished?

Frankly, as long as there are companies out there who simply go through the motions of a Q/E/S Management System (i.e., they want the pretty piece of paper, will we ever be able to have meaningful audits? :2cents:

That's where Opportunities for Improvement come into play during an audit. I don't believe that Auditors should provide solutions, but I do believe that recommendations should be allowed. This way, those organizations that wish to go above and beyond the "shall's" can do just that...while those that wish to do the bare minimum, can do just that, as well.

I don't believe that Auditors should provide solutions, but I do believe that recommendations should be allowed.

In fact a solution only can be said to occur if whatever action is implemented is verifed and found to have solved the problem. At that point one can say there has been a solution. Otherwise the action is in fact an "attempt". Until a solution has been found, the recommendation or suggestion is nothing more than a proposal. It always will be for the auditee to determine what it wants to do to resolve the problem.

The point in my keynote address (cited earlier in this thread and posted in the Reading Room) is this: When addressing that primarily American audience I was highlighting the problem of the USA economy and the need for knowledge to be applied in order to improve business competitiveness, product quality et al. It is my view, therefore, that the time for niceities about "conflicts of interest", restraints on registrars and so on must be swept aside. If a registrar can bring advice a.k.a. "consultancy" to the benefit of its client - all the better. Frankly management does not want to hear our somewhat esoteric and philosophical arguments - it wants help. It wants practical people who can suggest likely solutions that will work ASAP at minimum cost and with minimum effort. Those that can provide that service are at the dawn of opportunity: those that cannot will likely need to find another source of employment - sooner or later.

1st, let me say and please understand the opinions I express are mine alone and not a reflection of or in any way related to whom I work for. This is Randy talking, nothing more and nothing less.

A great majority of responsibility has to be born by the individual auditors themselves, and with that responsibility a corresponding accountability (the two cannot be seperated).

Auditors have the have the freedom to say "your system sucks" and then have the personal courage and fortitude to actually say it. (Maybe not in those actual words, but you understand my meaning). If auditors were to be totally honest about the lapses they see, organizations would be changing their registration bodies more often than you change your skivies. It doesn't happen, it won't happen. Why? Because business begins with customer expectation and ends with customer satisfaction, period. Theoretically pure, independent, objective auditors are truly not and will never be.

The weakness and failings that we identify in this endeavor of 3rd Party what-cha-ma-call-it revolves around an un-quantifiable, uncontrollable element called a human being. As we sit here, as friends and professionals in our own right, the accreditation authorities for auditors (like the RABQSA) are stumbling though the process (not unlike a freshly castrated calf) of trying to verify the "competence" of auditors. We now have grander schemes, physco-social testing, observation of performance and all other kinds of jibberish and whoop-dee-doo happening, but what is not happening is a quantification of the process. Why you ask? Because it all boils down to "is the glass half full or half empty?" You can call this perception based upon perspective.

The recommendations made by auditors, to 3rd party organizations, for registration purposes to whatever "standard" are ultimately made based upon the perception of the systems effectivess by the auditor through the evaluation of evidence gathered balanced against the applicable criteria, through the individuals auditors eyes (and mind) or in a short version, from the auditors perspective.

We're not dealing with an exact science here. There is black and there is white, but there is a whole lot more grey in the middle of varying shades. Most certificates are created from the grey and not from the black and white, always have been and always will be.

The process we have probably isn't the best, but it's what we have.

Hopefully I didn't stray too much from the topic, but I haven't written much lately and this feels good.

As we sit here, as friends and professionals in our own right, the accreditation authorities for auditors (like the RABQSA) are stumbling though the process (not unlike a freshly castrated calf) of trying to verify the "competence" of auditors. We now have grander schemes, physco-social testing, observation of performance and all other kinds of jibberish and whoop-dee-doo happening, but what is not happening is a quantification of the process.

Hopefully I didn't stray too much from the topic, but I haven't written much lately and this feels good.

Randy, your presence and incisiveness have been sorely missed and welcome back.

You will have noted in that article of mine I make clear there is a need for the whole model of auditing/ registration etc to be rethought, revised and so forth. As a number of folk who have read it have seen I want everyone to start seeing the bigger picture of service to the registrants and the national economic performance.

I am strongly in favour of an on-the-job assessment of auditor and registrar ability to do the job. Indeed, I have offered to assist the "powers that be" in framing how this can be done and in its implementation as I needed to do it some 30 years ago in the nuke business and developed some methods and rules for it. The RABQSA etc have never contacted me to discuss this matter, though on more than one occasion I was directly informed they would. Either amnesia or a lack of good old fashioned professional courtsey may be the problem. Or, perhaps, their senior people are not given to doing what they say they will. I do not know.

The psychometric stuff is an irrelevance and distraction from the real challenge and needs, in my view. It will probably absorb too much time, effort and money. What message must it show to management and business leaders? It makes us all look ridiculous. If there is a problem with bipolars, psychopaths, serial killers or whatever, it is for the registrar firms to sort out their people through their own HR policies and practices. Has the RABQSA etc nothing else to do? But, if they think it is necessary, maybe they believe there are too many nuts working in the registration industry and they must be sifted out. One hopes the top committees/ chairpeople and so on will lead by example. :rolleyes:

My article urges them to get into more substantive issues and I have made a few suggestions, though not offered all I could due to time constraints on the day.

I wonder if there's enough basic competence to go around, with the understanding that a significant proportion of competence is experience, which can't be taught. No one here who has spent any time at all being audited hasn't encountered an auditor who felt qualified to make stentorian pronouncments regarding issues he clearly didn't understand. How much time has been squandered in trying to explain to these people things they should have known to begin with?

The other part of incompetence that concerns me is how easy it is to present specious explanations to inexperienced auditors who will swallow them hook, line and sinker because they sound like they make sense.

In my daily work I continually encounter engineers who are ignorant of basic engineering principles, CAD people who don't understand GD&T, quality engineers who don't understand basic normal-curve statistics, etc., etc. Where are all of these helpful auditors going to come from? If they come from the population of downsized-but-competent people, then what happens to dedicated, internal competence? Is there enough competence to go around?

Randy, your presence and incisiveness have been sorely missed and welcome back.

The RABQSA etc have never contacted me to discuss this matter, though on more than one occasion I was directly informed they would. Either amnesia or a lack of good old fashioned professional courtsey may be the problem. Or, perhaps, their senior people are not given to doing what they say they will. I do not know.




Thanks for the kind words...

You are probably hitting the proverbial nail on the head in bringing up the courtesy subject. Based on my experiences with the aforementioned organization, to say that I am less than pleased would be an under-statement.

I wonder if there's enough basic competence to go around, with the understanding that a significant proportion of competence is experience, which can't be taught.

Ah! What a fabulous question that truly energizes me.

One of the problems professional auditing has experienced has been the reduction in general ability and competence of those assigned to be auditors. For that, the explosive growth in ISO 9K registrations is much to blame. The demand for auditing and hence auditors outstripped the supply of capable people and those knowledgeable in the processes, technology and businesses they were required to audit.

Auditing is about the assessment of applied knowledge and to repeat one of my published sayings: "the application of knowledge cannot be assessed by assigning ignorance to the task". But ignorance and stupidity are not the same thing. Experience and training can replace (destroy) ignorance. It takes time and time was not given. The net result has been a lowering of the quality of the audit service experienced by management which then thought it unnecessary to assign the best people to the audit pool, thus creating a vicious circle and self-fulfilling prophesy in their minds.

Poor quality auditing has, in my view, been a major contributor to the generally disappointing results of ISO 9K. Those who rushed to promote it and made it sound so easy (a quick fix etc) did much damage.

But, it is not irreversible. It takes only a few dedicated people and firms to patiently do what is required, demonstrate the results such that general calibre of assigned auditors is eventually raised to the requisite level of "competence".

I have written much more on this matter elsewhere and will not repeat it now.

Ah! What a fabulous question that truly energizes me.
But what about the question? Is there enough competence to go around? This isn't only a third-party audit question. In an internal audit, where is the wisdom in taking someone from marketing and asking them to audit a technical function that is outside their own narrow area of expertise? We've been told time and time again that auditors must be independent of the function being audited, which effectively reduces the audit function to hoping that auditors will be able to discern whether or not the process being audited is in compliance with the standard, and not whether there are any opportunities for improvement from that will only be identified by an experienced person. And "hope" is not a strategy.
And now it seems that you want to expand the role of auditors, despite the fact that efficacy without the expansion has never been proven. I'm always open to suggestions for improvement regardless of the source, and it's true that sometimes good suggestions emanate from unexpected sources. But I have serious misgivings about being audited by neophytes or nincompoops who have no basis in knowledge and experience and then expecting them to provide suggestions for improvement.

I for one am concerned with the ability of some registrars to offer anything of use to the client. In the past year I have been to several facilities with registration certificates proudly hanging on the wall only to find that their systems don't come close to complying with the intentions of the standards or of my company's requirements.

Some firms don't address all of the standard's requirements but fail to take formal exceptions in their registration certificate.

Some make statements of policy in their manuals only to have an unwritten policy that contradicts the written policy.

Most of these organizations tell my boss that they never gone through an audit as thorough as mine. I am not a nit picker, I just review the entire quality system and look for a process that works. I don't write trivial corrective action requests.

During my closing meetings, I tell it like it is (or how I see it). During my last audit I told the supplier that his registrar wasn't doing him any favors since I determined that his system did not comply with the intentions of the standard.

So how do you let uneducated registrars give advice?

It seems to me that the only one who can really do anything to cause a supplier to improve, is the customer. The customer needs to meet with his suppliers and spell out the requirements for compliance and improvement. He then needs to ensure that those requirements are being met. Relying on registrars to do this just won't work.

By the time the first company I worked with that chose to move to ISO 9001 certification made that decision our internal audit team (3 auditors) had a combined experience base of 21 years (myself w/9 years of experience). Thankfully the first book I picked up on auditing was Management Audits by Allan (I say thankfully because I believe that it started on the right road). Our team had been responsible for encouraging the company to make some pretty significant improvements in their business processes.

Then we moved towards ISO certification (customer required, and felt by all to be the right move to make). But what we found was that the internal auditors where no longer taken seriously - the general concensus was that the "professional" assessors did not find any major issues, so whatever the internal auditers found was trivial and not really of importance.

It took us over 5 years to once again convince the powers-that-be that there really was value to be had by continually improving the process. Most of this proof came in the form of pointing out to them that months or years before the "professional" had noted a finding - that was just noted by them - we had made the same observation, but before it really became an issue.

Was our ability to see the problems before the "professional" attributable to better training, possibly; but it could have been influenced by many factors such as a greater amount of maturity (experience) and the fact that we were "living" with the processes on a daily basis.

But what about the question? Is there enough competence to go around? This isn't only a third-party audit question .

With apologies, I though I had answered the question by implication. At present there is not enough competence to go around. But, there will be once it has been developed. I hope you did not think I addressed so-called 3rd party stuff, for I do not believe I did.

Gerry is highlighting matters experienced by far too many organizations. Yet, the accreditation and registrar training/ certification schemes have not sufficiently grasped the nettle and improved even though the problems have been extant for twenty years, predating ISO 9K's appearnce. We have the wrong people running those schemes and in the wrong way. But, that is a bit of a digression.

ddhartma is very kind in his remarks about my book, and I sincerely thank him for them. The issue of expectation of internal auditor performance in relation to that of "professionals" comes as a result of the somewhat excessive publicity given to ISO 9K certificates, management then assumption of the abilities of the registrars - the "professional auditors" to whom he alludes. I do recall the very early days of auditing when management had no idea what to expect and, in a few cases, would put the CFO in front of one. (I especially recall in 1977 a particular German company whose CFO sat at the head table of the entry meeting with a pile of documents and books before him. He was constantly wiping his brow until I explained the purpose of the audit, which I was doing for GE. I always wondered what was in those books! As a post script: that firm went bust about five years later - I hope there is no connection with my audit! :) ) They assumed that was the type of audit to be performed and their assumption was that the extrinsic auditor was akin to the financial auditor.

With apologies, I though I had answered the question by implication. At present there is not enough competence to go around. But, there will be once it has been developed.
No apology necessary. But you seem to be saying, "There will be enough competency when competency has been developed." Or do I misunderstand? It seems a little like saying, "The flood will recede when the water goes down."

No apology necessary. But you seem to be saying, "There will be enough competency when competency has been developed." Or do I misunderstand? It seems a little like saying, "The flood will recede when the water goes down."

Yes I am. No you do not.

Of course, water can drain away, it can evaporate, it can be pumped away. Generally any of those take time according to resources, effort and environmental conditions. But, human effort is probably a deciding factor. I am rather concerned about a recession though, if I may focus on your word" recede", but recession of a different sort: a profession-wide one.

But, to bend your hydraulic metaphor a tad, the swamp will be drained when the water level is reduced. First for the crocodiles.

Wow!

Let me restate.....we may be on different oars but are in the same boat.

First, accreditation vs registration as both relate to COI and competence.....

I agree with Sidney that the role of both accreditors and registrars is to provide (to the best possible extenet) an unbiased evaluation, without the concerns that our judgment is clouded by personal involvement. Now, we can not be perfect as we are human.

Accrediting bodies (e.g. IAS, NVLAP, A2LA, SCC/CLAS) accredit laboratories, or accrediting bodies (e.g. RABQSA) accredit ISO 9K registrars. The 9K registrars register various organizations to 9K or similar.

Accrediting bodies are tasked with - among other things - evaluating the "competence" of the various organizations and personnel they assess. Just a side note, in the accreditation world there is competent or not competent.....there is NO incompetent in the usual sense of the word. Competence means technical proficiency in the accreditation world.

The registrars in turn evaluate organizations to determine compliance to a QMS standard. Another note, registrars do NOT evaluate laboratories or inspection bodies, as accrediting bodies will assess testing and calibration labs to ISO/IEC 17025 (or ANSI/ISO 17025 for the U.S. version) and inspection bodies to ISO/IEC 17020.

Now, how do we assess competence? Ahhhhhhhhh......quite the question. In the accreditation world, to assess competence, we must have someone who is trained and experienced in whatever is being evaluated. For example, I might assess a fire test lab or microwave calibration, as I have been trained and experienced in both now. On the other hand, I cannot assess an inspector who audits wood shake and shingle mills.

Also, accrediting bodies who accredit 9K registrars and accrediting bodies who accredit laboratories generally do not cross the line to the other, but only in the U.S. market. Most economies have only a single AB, so the AB does everything.

Now, for COI or conflict of interest. We absolutely must be independent in order to provide confidence to the registrar's or laboratory's clients. Also, we must be independent to be recognized internationally. Yes, we can provide examples of what we have seen in other places, maybe even suggestions at times that an organization may find of value. However, the key is that these comments must be non-binding, and only offered as something to be considered in light of the organization's business.

Just my thoughts. Hope it helps.

Hershal

Claes split off this thread recognising I raised the question : should registrars be allowed to offer solutions.

From what I am reading from Sidney and Hershal who are in the registration business they are indirectly saying "no".

But, more important is what does the customer want or need. If customers would benefit from getting whatever suggestions for improvements and problems and if that would benefit their business performance and the overall economy (exports and so forth) it is my view that need should override whatever has gone before and exists at present.

There was a time when registrars ran consultancy divisions and became frowned upon - not least by consultants who wanted to protect their turf. From various anecdotal reports and posts I suspect some still do and have rearranged their organization so that such things are done at arms length such that an appearance of COI is avoided. If registrars had the kind of fiduciary responsibility of financial auditors I would certainly agree that advice/ suggestions/ recommendations giving rise to COI must not be tolerated for one could get a case of "Enronitis". Those auditors are there as a statutory requirement to protect shareholder assets etc.

But, much as I believe our work in quality is important in that it is aimed at protecting shareholders from loss and improving shareholder value, through preventing/ eliminating waste, I am not so conceited as to think we are in the same league.

There is no doubt in my mind that despite what I may think of the entire registration/accreditation industry, there is a number of individuals within it who are diligent and caring and possessing much useful experience that should be tapped. Importantly, as my speech also tried to show, if there was a restructuring of the business model, and market forces do their usual magic, the diligent registrars will prosper - for the right reasons - and the others will not for their real depth and value would soon be exposed.

That entire registration/ accreditation industry is overdue for a clean-up and I am sure people like Sidney and Hershal know it even if they cannot publicly state as much. Let the value they might be able to add become visible: let the nation and its business benefit as a result.

Allen,

I cannot speak for Sidney, nor any other besides myself or the AB I work for.....but the conflict of interest (COI) provisisons are in place for good reasons.....that being that we must be independent.....think about that.....

If you want to add a home addition and wire it in.....would you rather have Johnny from Henry's gas station, bar and calibration house? Or would you rather have a licensed person?

This is the choice for anyone using an accredited lab.....

so, think about this.....do you have a gas fireplace? do you have a stove? do you have an A/C? do you have a toilet?

would you rather have Johnny pass something so he gets decent pasta from MA.....or would you rather have something you can actually count on?

That is why the COI is important.

Hershal

Allen,

That is why the COI is important.

Hershal

Hershal,

I do know only too well all the arguments for COI. Especially where safety etc is concerned. Of course, just because someone is licensed that does not mean they are especially competent or that they will actually be diligent OTJ. I am an engineer and could not fathom why the local authority's authorized inspector who came to inspect and approve the installation of the new furnace in my house could consider he did a proper job (last Tuseday) without opening furnace panel, or checking (sniffing) for gas leaks in the connections, exhaust leaks, proper operation of the no flame cut out and so on. His question was "who installed it" (I named the firm) He replied, "Oh, they do a good job." So, Hershal, as you will know and realize we can all cite our own stories of the exception that does not prove the rule.

My keynote speech tried to point out the need for all advice and knowledge wherever it may reside to be used to help the nation's business - as I have stated in another post.

As you may also be aware, I have stated on a number of occasions why I believe auditors should offer "solution i.e. recommendations and so forth and that this does NOT mean the auditor then accepts ownership on the DECISION of what shall actually be tried to resolve a problem: that always rests with the auditee.

There have been any number of occasions when I have practised what I preach - without fear or concern. And I have then assessed the efficacy of the auditee's DECISION to implement my suggestion. In some cases my suggestions did not prove efficacious and it was then necessary for me to issue a CAR or reissue the same CAR or take some other action at a higher level. For whatever reason, auditees have never come back with a "you told us that was what to do" argument - though I have been teased a few times. What I can say is that they have appreciated my genuine effort to help. But,
I suppose someone will now post that they had a different experience.

And, that's life!