Registrars / Certification Bodies offering consultancy and training services?

[newkid]

Recently I noticed there are many Registrars / CBs in Singapore and Malaysia offering consultancy and training services. It has come to a situation where companies were forced to buy their services in order to have a smooth and easy audit, be it the assessment or the surveilance audits later on.

I can see that some of their auditors themselves are selling these services instead conducting audits as professional auditors should do. They give advise during the audits and recommend that the companies buy their services in the form of consultancy and training.

It seems that there is no separation and there will be bias during the audit later on if we do not buy their consultancy or training. Is there no agencies governing them? And are they allowed to provide such services? SOmething must be done fast. If not, ISO certifications will sound like something that can be bought from the shelves. It is not a fair and transparent audit.

Just my point.

 

[Colin]

This is not new but no less troubling for the fact that it occurs. Out of interest, do you have 'objective evidence' of this happening or is it just anecdotal evidence?

We know it does happen but usually when the CB is not accredited. Accredited CB's of course do have rules in place to prevent such things happening but the CB's are not always policed as well as they should be. Take a look at www.iaf.nu for the website of the International Accreditation Forum (IAF) for more details. You will see in the list of accredited bodies SAC which is the Singaporean body. I would first check to see if the CB in question holds accreditation to SAC or similar - it may be with ANAB (USA) or UKAS (UK) instead - or not at all!

 

[Stijloor]

Recently I noticed there are many Registrars / CBs in Singapore and Malaysia offering consultancy and training services. It has come to a situation where companies were forced to buy their services in order to have a smooth and easy audit, be it the assessment or the surveilance audits later on.

I can see that some of their auditors themselves are selling these services instead conducting audits as professional auditors should do. They give advise during the audits and recommend that the companies buy their services in the form of consultancy and training.

It seems that there is no separation and there will be bias during the audit
later on if we do not buy their consultancy or training. Is there no agencies governing them? And are they allowed to provide such services? SOmething must be done fast. If not, ISO certifications will sound like something that can be bought from the shelves. It is not a fair and transparent audit.

Just my point.

Hello newkid,

The place to start for Singapore is here: http://www.sac-accreditation.gov.sg/index.asp
The place to start in Malaysia is here: http://www.standardsmalaysia.gov.my/profile.htm

Complain loudly! Nothing changes until people in industry make their voices heard.

If you search The Cove, you'll find threads about similar concerns.

Stijloor.

 

[harry]

Recently I noticed there are many Registrars / CBs in Singapore and Malaysia offering consultancy and training services. It has come to a situation where companies were forced to buy their services in order to have a smooth and easy audit, be it the assessment or the surveilance audits later on.

I can see that some of their auditors themselves are selling these services instead conducting audits as professional auditors should do. They give advise during the audits and recommend that the companies buy their services in the form of consultancy and training.

It seems that there is no separation and there will be bias during the audit later on if we do not buy their consultancy or training. Is there no agencies governing them? And are they allowed to provide such services? SOmething must be done fast. If not, ISO certifications will sound like something that can be bought from the shelves. It is not a fair and transparent audit.

Just my point.

I think you are really a new kid - this kind of thing had been going on for a long, long time. As long as there is demand, there will be supply. And as long as there are people offering shortcuts, there will be takers for the easy way out.

Who are these people? Easy for others in the business to identify - the few big boys who have above 700 clients + some other certification work can afford to survive as 'independent' auditors and maintain their pride. Others have to survive by moonlighting as 'consultants' or 'monkeys'. But they are making good money despite offering cut-throat charges because they only do part of the auditors job and charged both 3rd party plus consultants cost.

One party I know of (they operate both in Singapore and Malaysia) was investigated by UKAS some years back. Now they are as strict as others for their normal clients but the yardstick changes when it comes to those who employed them as consultant cum 3rd party auditor.

During a recent seminar on compulsory certification for contractors beyond a certain 'size/volume of business', somebody from one 'big' but 'supermarket' style CB in Malaysia whisper into my ears - "if you engage us, it's OK if you cannot meet the dateline because we have people inside".

I will not waste my time or effort crying or moaning over here but whenever I meet my business friends or peers in business meetings etc, and have chance to speak or offer advice, it is - if you are a reputable firm, get an auditor of comparable or equal reputation. Not one that allow others to hang a big question mark on you or your firm.

 

[qualitychic]

I work for a registrar. This is definitely an issue. As a registrar, we cannot offer consulting service. However, we can offer trainings. Nevertheless, we would not allow our auditors to offer any guarantee to ISO 9001 certification that should they decide to register with us or enroll in any of the training program. Based on what you are explaining here could be a violation of Guide 62 and the new upcoming ISO 17021 standard. These are the standards that a certification body must comply.

 

[Sidney Vianna]

As a registrar, we cannot offer consulting service.

Technically, this is not correct. A registrar can offer consulting services to a client as long as they are NOT certifying that same client. The threat to impartiality exists if you have the dual role of advisor and certifier. But registrars are free to consult, just like anyone is free to certify systems.

 

[qualitychic]

ISO 17021:2006 section 5.2.5 "The certification body and any part of the same legal entity shall not offer or provide management system consultancy."

 

[Wes Bucey]

Technically, this is not correct. A registrar can offer consulting services to a client as long as they are NOT certifying that same client. The threat to impartiality exists if you have the dual role of advisor and certifier. But registrars are free to consult, just like anyone is free to certify systems.

ISO 17021:2006 section 5.2.5 "The certification body and any part of the same legal entity shall not offer or provide management system consultancy."

Wow! diametrically opposite statements! Who is correct? or do we need to know more to make BOTH statements correct?

 

[Randy]

Sidney is correct, it is all related to potential conflict of interest issues.

No potential conflict, no issue.

 

[Sidney Vianna]

ISO 17021:2006 section 5.2.5 "The certification body and any part of the same legal entity shall not offer or provide management system consultancy."

Wow! diametrically opposite statements! Who is correct? or do we need to know more to make BOTH statements correct?

Wes, these are not opposing statements. Let me explain:
The text from ISO 17021:2006 that qualitychic copied states:

"The certification body and any part of the same legal entity shall not offer or provide management system consultancy."

I emphasized the first 3 words of that sentence. If I work for registrar ABC, providing consulting services to organization XYZ, duly certified to ISO 9001 by certification body KYP, registrar ABC is NOT the certification body of XYZ, thus no threat to impartiality exists. No conflict of interest exists.

Qualitychic is misreading that paragraph as saying:

"Certification Bodies and any part of the same legal entity shall not offer or provide management system consultancy."

And this is not what ISO/IEC 17021 states.

To think that ISO 17021 would restrict the trade of organizations that have certification bodies as a branch of their business is mistaken. Threat to impartiality has to be examined for each established business relationship.