Poll: Should auditors promote the process approach?

[Jen Kirley]

I'm happy to agree to disagree here. (Let's also include the mysticism part about something we agree to disagree upon. I see nothing mystical about it in the least. Once you understand it, the element-by-element approach is what seems surreal.)
Thanks.

Okay. I will continue to speak simply and directly whenever possible, give concrete examples of how PDCA can work in just about everything, be glad when I get timely and decent responses to my CARs and rejoice when people ask for my help on something before I discover it in an audit. It's low hanging fruit but I have a prayer of reaching it without falling and hurting myself, so to speak.

 

[ISO 9001 Guy]

Okay. I will continue to speak simply and directly whenever possible, give concrete examples of how PDCA can work in just about everything, be glad when I get timely and decent responses to my CARs and rejoice when people ask for my help on something before I discover it in an audit. It's low hanging fruit but I have a prayer of reaching it without falling and hurting myself, so to speak.

Okay, thanks!

 

[Jim Wynne]

The difference between "identify" (2000) and "determine" (2008) in 4.1a might be more than just a little detail. Please entertain my myopic philosophical excursion into this deliberate change of one little word. As a dictionary buff, you might appreciate the distinction. Although this wording change is not a change in the intent of the standard, it might clarify that intent a little. (And perhaps lend it some enforceability.)

As one who's been guilty of reading dictionaries for pleasure, perhaps I can shed some light if you want to go in the direction of denotation. My 4th Edition American Heritage Dictionary (my favorite for American English) says, in its second sense for "identify":

"To ascertain the origin, nature, or definitive characteristics of."

For the its second sense of "determine" it says:

"To establish or ascertain definitely, as after consideration, investigation, or calculation."

Note that "ascertain" means "to discover with certainty," thus in the definition of "determine," the phrase "ascertain definitely" is a pleonasm. Even lexicographers make mistakes.

Because the two words have senses in common, the change from "identify" to "determine," in the absence of disclosure for the specific reason for the change, serves only to confuse things. Your "philosophical excursion" is evidence of that. If you torture the language long enough it'll surrender and say whatever you want it to say.

Also note that if you feel that there must be a substantive reason for the change from "identify" to "determine," it could well be that the change was made just to quiet a committee member who wouldn't shut up about it, in the knowledge that in the end it wouldn't make any difference.

 

[ISO 9001 Guy]

Note: as for ISO - they cannot change the rules after a contract has been entered into- only on formal Standard upgrade / re-issue.

Richard, thanks. Will you elaborate upon this, please?

Thanks.

 

[ISO 9001 Guy]

As one who's been guilty of reading dictionaries for pleasure, perhaps I can shed some light if you want to go in the direction of denotation. My 4th Edition American Heritage Dictionary (my favorite for American English) says, in its second sense for "identify":

"To ascertain the origin, nature, or definitive characteristics of."

For the its second sense of "determine" it says:

"To establish or ascertain definitely, as after consideration, investigation, or calculation."

Note that "ascertain" means "to discover with certainty," thus in the definition of "determine," the phrase "ascertain definitely" is a pleonasm. Even lexicographers make mistakes.

Because the two words have senses in common, the change from "identify" to "determine," in the absence of disclosure for the specific reason for the change, serves only to confuse things. Your "philosophical excursion" is evidence of that. If you torture the language long enough it'll surrender and say whatever you want it to say.

Also note that if you feel that there must be a substantive reason for the change from "identify" to "determine," it could well be that the change was made just to quiet a committee member who wouldn't shut up about it, in the knowledge that in the end it wouldn't make any difference.

I like your definitions. One could identify (ascertain the origin of) QMS processes by looking at the elements of the standard. One could identify (ascertain the nature of) QMS processes by looking at the elements of the standard. And, one could identify (ascertain the definitive characteristics of) QMS processes by looking to the elements of the standard. In all three cases, organizations incorrectly identify their "processes" yet can still demonstrate conformity because they have simply identified them.

However, "To establish or ascertain definitely, as after consideration, investigation, or calculation," or to "determine" QMS processes affecting quality, an organization is required to REALLY figure it out (definitely), as after considering the intent of the requirements and investigating into how they apply to their existing (real) QMS processes. Organizations that have failed to accomplish this fairly simple exercise have failed to properly determine QMS processes.

 

[dknox4]

IMHO this poll, and the multitude of opinions, demonstates the problem with an auditor "promoting" anything that is not a requirement. Auditors will promote their own version of the process approach and how it should look. In the event the auditor added nothing to their original comment(s) promoting the process approach, when the auditee asks for more information/direction on how they can meet this "suggestion", the auditee may still try to implement something just because of the auditor comments and will end up with something along the lines of one of the opinions expressed here. Sure as the sun rises every day, the next auditor will have more opinons on what/how the original implementation was not correct and should be changed (more "promoting") The net result, after several audits, will be a system that does not reflect what the org really does. Auditors need to audit to the standard. If a system meets the standard, move on.

 

[ISO 9001 Guy]

IMHO this poll, and the multitude of opinions, demonstates the problem with an auditor "promoting" anything that is not a requirement. Auditors will promote their own version of the process approach and how it should look. In the event the auditor added nothing to their original comment(s) promoting the process approach, when the auditee asks for more information/direction on how they can meet this "suggestion", the auditee may still try to implement something just because of the auditor comments and will end up with something along the lines of one of the opinions expressed here. Sure as the sun rises every day, the next auditor will have more opinons on what/how the original implementation was not correct and should be changed (more "promoting") The net result, after several audits, will be a system that does not reflect what the org really does. Auditors need to audit to the standard. If a system meets the standard, move on.

Thank you. (And I DO see your position.)
So you disagree with the ISO/IAF guidance, right?

 

[Jen Kirley]

I haven't seen anyone here disagree with the idea of, and ISO's guidance on the process approach, but there seems to be little concrete understanding - never mind agreement - of how external auditors are empowered to promote the approach.

 

[Sidney Vianna]

In all three cases, organizations incorrectly identify their "processes" yet can still demonstrate conformity because they have simply identified them.

If an user has to read ISO 9001 like "The Da Vinci Code", looking for subliminal nuances, in search of the holy grail, we are all doomed.

So you disagree with the ISO/IAF guidance, right?

There are (and we have discussed it here) questionable guidance from the IAF and the TC 176, especially a couple of "official" ISO 9001 interpretations. The IAF has developed Mandatory Documents as part of the Management System certification Conformity Assessment process. If they want something to happen consistently and be auditable, during the accreditation body oversight activities, a Mandatory Document is the proper channel; not a guidance document, which by definition, carries little weight in the eye of the registrants.

 

[ISO 9001 Guy]

IMHO this poll, and the multitude of opinions, demonstates the problem with an auditor "promoting" anything that is not a requirement. Auditors will promote their own version of the process approach and how it should look. In the event the auditor added nothing to their original comment(s) promoting the process approach, when the auditee asks for more information/direction on how they can meet this "suggestion", the auditee may still try to implement something just because of the auditor comments and will end up with something along the lines of one of the opinions expressed here. Sure as the sun rises every day, the next auditor will have more opinons on what/how the original implementation was not correct and should be changed (more "promoting") The net result, after several audits, will be a system that does not reflect what the org really does. Auditors need to audit to the standard. If a system meets the standard, move on.

In fact, it seems ISO/IAF share your concern (from ISO/IAF APG Guidance on: Understanding the process approach (5 June 1009):

"A certification body should ensure that all its auditors have received sufficient training regarding the requirements in ISO 9001, particularly those on the process approach. Thus, an auditor should realise that several steps are needed, including the following:
-determining the processes and responsibilities necessary to attain the quality objectives of the organisation;
-determining and providing the resources and information necessary;
-establishing and applying methods to monitor and/or measure and analyse each process;
-establishing and applying a process for continual improvement of the effectiveness of the QMS.
The process approach concept must be so well understood by auditors that they are not limited by the terminology in the standard; however, auditees may use their own “in-house” terminology. Auditors must be aware that the application of the process approach will be different from organisation to organisation, depending on the size and complexity of the organisation and its activities. Special consideration should be given to the situation in small and medium enterprises (SME’s), so that auditors should not expect so many processes in their QMSs."

So, the IAF appears to be saying that competence with regard to the process approach is a required competence for ISO 9001 auditors. Is this such a stretch? Though I also understand the objection that not all auditors will "get it", should this stop the rest of us from doing what is directed by ISO/IAF? Does the question become whether or not CBs are capable of ensuring all of their auditors are competent regarding the process approach? Or whether CBs should strive to ensure all of their auditors understand the process approach?

ISO/IAF appears to be requiring them to ensure their auditors are in fact competent with the process approach. Whether this is 100% objective is attained, an objective of less than 100% competence seems unreasonable--especially in an industry where competence is an auditable issue.

Are all doctors competent? Are all lawyers competent? Are some better than others? ISO 9001 auditors are no different. But don't we hope that all doctors are competent? Don't you hope that YOUR doctor is competent? Don't we have some appreciation for the controls in place to ensure (to whatever degree) appropriate competencies?

Also, once we start focusing on process, IMO, the variation in interpretation about how processes work and how requirements apply to those processes will diminish greatly.