After reading this interesting article from Mr. Croft, I was curious and decided to poll the Covers
IRCA said:Stopping the rot?
Much has been written about the difficulties of assuring the credibility of the certification industry. Here, based on an interview with INform’s Amy Holgate, Nigel Croft investigates a range of new initiatives aimed at pulling the industry out of the doldrums and gives an insider’s vision of the future
I have been a member of ISO/TC 176, the committee responsible for developing ISO 9000 standards and guidance documents, for about 12 years, as a representative of my adopted country of Brazil. In around 1999, when we were coming up with the new version of the ISO 9000 for publication in the year 2000, we were conscious that there were many new concepts and ideas being introduced in the new version. However, although it was more user friendly for service organizations and small businesses, there was a growing unease within the technical committee that the standard itself was not fulfilling its full potential and, in some cases, not being used appropriately, thus threatening the credibility of ISO 9000.
Breaking down barriers
I was asked by TC 176 to approach the IAF, and presented our perspective on the potential threats to the credibility of ISO 9000 certification. Although ISO 9000 certification is a small part of what the IAF does, we were determined to put this high on the agenda and really question whether ISO 9001 was delivering on its promise, that is to give purchasers confidence in their suppliers’ ability to provide them with a consistent product.
We concluded that everything was too compartmentalized. There are so many different bodies: the IAF; ISO/TC176; ISO’s policy development committee on conformity assessment (CASCO);the Committee on Consumer Policy (COPOLCO); and what was then IATCA. We needed to bring everyone together and start looking at ISO 9001 certification from the user’s perspective. Out of that came what we affectionately called a ‘spiritual retreat’ in Denver in Colorado in June 2002. It was a very informal workshop environment bringing together all these different interested parties and brainstorming ways in which to improve the certification process.
The ISO 9000 Advisory Group
Out of these sessions we formed the ISO 9000 Advisory Group (IAG), which has an informal remit but is, essentially, a think-tank. The IAG comprises senior people from most of the interested parties around the world, and is co-chaired by myself and Randy Dougherty, chair of the IAF technical committee. Just about all the stakeholders take an active part – accreditation bodies, certification body associations such as ABCB (not individual certification bodies), industry representatives, as well as the standards writers from TC176 and CASCO, and the auditing community represented by IPC. IRCA director Simon Feary is one active member of the group.
A recent achievement of the ISO 9000 Advisory Group was a white paper that was presented to ISO’s secretary general and top levels of the IAF. The white paper followed two planks of the group’s beliefs. The first is: output matters. Regardless of procedures, processes and competences, is the system actually doing what it’s supposed to do, and is it providing confidence in the organization’s ability to provide consistent conforming product to its customers? The second is: certification bodies should think of their customer’s customer. Certification bodies have a huge responsibility to their client’s customers, those purchasers who base their purchasing decision on the fact that the business has been certified. These are indirect customers of the certification body, but ultimately are the ones who are paying, and one way or another, they are the ultimate ‘accreditor’ with their purchasing power.
The IAF president responded recently to this white paper and these issues are being incorporated into the new IAF strategic plan. I reserve judgement on the actual implementation of it because there are going to be some tough decisions that have to be made. The policy and strategy has been defined – it’ll be interesting to see if the IAF members will be tough enough and have the collective will to stringently deploy and enforce it.
Auditing Practices Group and Accreditation Auditing Practices Group – practical advice
One of the things that became very clear early on was that there were significant inconsistencies in the approach to auditing of ISO 9001. To address this, in 2003 we formed the Auditing Practices Group, comprising experienced professionals (auditors, accreditors and standards writers who had been intimately involved in writing ISO 19011), with the aim of releasing some common sense and simple language guidance to auditors about some of the ISO 9001 issues that they often have difficulty with. They’re not requirements or recommendations, but advice from a group of highly respected and experienced professionals from within the industry.
A particularly recent development came as a result of the realization that there was a lot of focus on the ways auditors should audit organizations, but less acknowledgement of the fact that there are many inconsistencies in the way that the accreditation bodies audit certification bodies. So the Accreditation Auditing Practices Group was created and has now started putting out guidance on good practice for accreditation body auditors. The first meeting was held at the beginning of last year.
The problem is that not enough people are aware of all this guidance, so not enough people are using it, and we really want to promote that. Guidance is there and it’s there to be used.
Stimulating feedback
We also discovered that there is no user-friendly, clear feedback process on the effectiveness of certification. If an organization is certified, and they’re providing products to their customers, what do their customers think about their products? ISO 9001 requires the organization to monitor the level of customer satisfaction, but there is no user-friendly mechanism for those customers to communicate with their suppliers’ certification body, if they have ongoing concerns, and there is a reluctance on the part of those customers to do so. Many customers aren’t even aware that they have the right and indeed the responsibility and the obligation to let the certification body know when there are systemic problems with their supplier.
One initiative of the IAG was to prepare a document aimed at the lay purchasing manager, to explain what to look for in order to have confidence in a prospective supplier – what ISO 9000 can and can’t guarantee; how to be sure the supplier does have a confirming system; and, very importantly, what to do if things go wrong. This guidance is on the official ISO website (http://www.iso.org/iso/en/iso9000-14000/index.html )
QSU Publishing in the US has also attempted to address the dearth of feedback itself with an initiative called ‘whosregistered.com’. This website is an international directory of certified organizations, with a link inviting independent feedback on the performance of each of these organizations from their customers. It can be anonymous but it will automatically be passed onto the certification body in question.
If we can really drive this feedback loop, then we can begin to look at a more intelligent way of auditing - do we really need to spend as much time auditing the supplier with consistently good products and satisfied customers as we do the one about which all the customers are complaining? This is a move towards what we’re tending to now call performance based auditing, and which is slowly being incorporated into various IAF and ISO/CASCO documents.
IS0 17021 parts 1 and 2
One of the big initiatives that we’ve been waiting a long time for has been ISO 17021 part 1. This has aimed to address a lot of the credibility issues of ISO 9000 certification, and it will be a big step forward if it is wholesomely applied by the certification bodies and rigorously (but fairly) enforced by the accreditation bodies.
However, the requirements for auditor competence are really quite vague when you look at the ISO guide 62, ISO guide 66 and ISO 17021 part 1, in that they refer to ISO 19011, which is the guideline for ISO 9001 for first, second and third party auditors –and they are guidelines, not requirements. This means that there are some certification bodies choosing not to adopt these guidelines with the argument that they aren’t requirements, only guidance.
So there was a recognition for some requirements for third party auditor competence. Ultimately it became ISO CASCO’s responsibility to develop part 2 of ISO 17021 which will deal with competence issues. Basically, there are three components to that. One is to have generically competent auditors. However, that’s not enough. The second part of ISO 17021 part 2 addresses the competent use of those auditors, so the right people for the right audit can be selected, working together as a competent audit team. The third part of this is to give that competent audit team the resources they need to do a competent audit. The main resource in that respect is time - time to do a thorough audit, to prepare adequately, to report adequately, and to breathe in between audits. They may even find time to read some of the APG’s guidance documents!
Of course the downfall is that this costs money. So who’s going to pay for that? Is it a certification body’s overhead or does the client foot the bill and, if so, does the client really want to pay for it? It’s not an easy issue to solve but it’s a very important one. If it’s not solved quickly, then we may face the situation that occurred several years ago in the automotive industry, where the customers (in their case represented by the IATF) feel the need to take matters into their own hands.
The future
To continue fighting against the erosion of credibility, we need to have the moral courage to do the right thing. That’s throughout the system, from organizations, consultants and certification bodies to the accreditation bodies.
The irresponsible organizations and certification bodies cannot survive because they are a minority. There are many very good organizations out there, with excellent quality management systems, being assessed by competent and ethical certification bodies doing an admirable job. We need to incite a sense of anger within the industry that a minority are doing a disservice to us all. Rather than complaining and gossiping, they need to unite and actually take action. There must be mechanisms in place to allow them to do that, such as clear, transparent communication channels with the certification and accreditation bodies, and bringing on board the purchasers so that their voice is heard. That pressure will ultimately oblige the accreditation body members of IAF to be tougher on the deficient minority and to take them out of the game.
About the author
Nigel Croft is a UK/Brazilian dual national, and has represented Brazil on ISO’s TC 176 committee since 1994. An IRCA-registered lead auditor for over 15 years, he is co-convenor of the IAG and a member of the Auditing Practices Group. For more information about the Auditing Practices Group click here
