Re: External Audit Attendees - Surveillance Audit
If your clients don't recognize third-party certification and will perform supplier audits, why have certification, then? ... and more above...
Came across a term last week called "Violent agreement"...where two folks are agreeing with each other, but missing each other in the perceived outcome and some of the vocabulary. I think that's what's going on here.
There has been a "rut" on this topic, with many folks questioning the capability of auditors, and the value of the cert, and many great comments on how to actually get value from ISO9000 beyond a piece of paper on the wall.
Then there are some (like me) who get said value, but don't have the value recognized by all of the customers. I'm sure I'm not alone in this.
It is the accountability and oversight to a standard that can make a business thrive. Part of running a good system is making sure that the system is actually being followed...auditing the system. Finding where the system is not followed and correcting things has great value.
My vocab (no promises that it matches yours)
- 2nd party = the customer
- third party = not me or the customer
- internal audit = not by the Certification board
- external audit = by the CB
If I am totally butchering the terms, I beg your forgiveness. I recognize that I might be.
The most value to me is the internal audit (whether from a company employee or from an outside person). This is where it all hangs out, and everything gets looked at.
I'm not perfect...there are issues somewhere. I want them found. If an auditor can't find them, I'll get a new auditor who can.
The whole point of audit by the CB is to verify that the internal audits and training and, and, and...is working well. This was already accomplished in the internal audit, but now a disinterested third party (the CB) is verifying it and saying to the world (by means of a cert) that we're in compliance.
If everyone trusted the CB, the story would end there. But not everyone does. Some do, so the cert on the wall has some value and is worth having...but some don't. Those that don't come in and audit for themselves (2nd party). When you have over 100 customers, and 20 of them come in and audit for themselves, there is a declining value to the CB audit. There is SOME value, since 80 folks didn't show up and audit me...but being audited 21 times in a year is a bit overkill.
If the 20 customer audits don't find anything, I really couldn't care much about the CB audit...I know he isn't going to have a finding...let's just get it over with so I can go back to work.
Stepping back a ways, if the CB audit and the resulting Certification were actually recognized across the board, I would put more value on the CB audit. That I don't has nothing to do with the CB or the CB auditor...it has to do with the level of trust (lack of) that customers put on the results of the CB audit. I'll keep going with the CB since 21 audits is better than 100...but the perceived value of the CB audit is severely lessened by the actions of customers.