Search the Elsmar Cove!
**Search ALL of Elsmar.com** with DuckDuckGo including content not in the forum - Search results with No ads.
  • Google has changed ad sizes for some reason. I am investigating and will get the sizes reduced to what they have been until now. I apologise for the inconvenience.

An organization's Internal Audit Office certified to ISO 9001:2015

tony s

Information Seeker
Trusted
#1
I'm aware that organizations seek certification to ISO 9001:2015 in order to consistently provide products/services that meet THEIR customer and applicable requirements. What if an organization chooses to get certification only on their Internal Audit Office? Is it allowable? Can the IAO be certified under this scope of registration: "Provision of internal auditing services to various Offices of XYZ Corp"? (FYI: XYZ Corp. operates on a country-wide scale with various products and services).
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#3
I'm aware that organizations seek certification to ISO 9001:2015 in order to consistently provide products/services that meet THEIR customer and applicable requirements.
I don’t agree with that premise. What enables an organization to consistently deliver conforming products and customer satisfaction is their (robust) system.

External certification provides an attestation of a conforming system for the consumption of stakeholders.

Who would be the user of such limited scope certificate? What benefit would it bring? To whom?

Anytime I see a certificate with an artificially limited scope of certification, I wonder: what are they hiding? If a certificate does not add a component of confidence in an organization, what is the point?
 
#4
I have seen two large companies doing this.

Come to think of it, I have seen this a lot. Most commonly, there is a physical separation, however, the above examples were in a larger facility with the rest of the company.

One division gets certified to ensure their customer (the rest of the organization) is satisfied.

The certificate and subsequent certificate management (audits) are all then predicated on the scope.

Ex: Provisions of IT technical support for all corporate wan clients.

Processes:
-New employee
-Terminate employee
-System preventive maintenance
-Client ticket management (issues)
-Top management planning, strategy, and analysis
-Competence and Awareness (HR outsourced)
-Control of outsourced processes (including HR and Infrastructure-building and utilities, budget from corp)
 

tony s

Information Seeker
Trusted
#5
Anytime I see a certificate with an artificially limited scope of certification, I wonder: what are they hiding? If a certificate does not add a component of confidence in an organization, what is the point?
Here in my country, particularly in the public sector, the point is to obtain "performance bonus". When the national government here incentivize certification to ISO 9001, most government offices applied for "artificially" limited scope. Since the CBs will just happily take the money, as AndyN said, various government offices/agencies here are certified or working towards certification with the following scope:
  • a national trade agency with certification on their internal audit office;
  • light rail company that wants certification on their train drivers and crew administration;
  • a university with only their enrollment process that is certified;
  • a social security service provider with only their members enrollment process that is certified;
  • etc.
I believe if an organization, again in the public sector, would like to improve its services to the people, it should set the scope according to its mandate and not on just one operational or support process within its system.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#6
Here in my country, particularly in the public sector, the point is to obtain "performance bonus". When the national government here incentivize certification to ISO 9001, most government offices applied for "artificially" limited scope. Since the CBs will just happily take the money, as AndyN said, various government offices/agencies here are certified or working towards certification with the following scope:
  • a national trade agency with certification on their internal audit office;
  • light rail company that wants certification on their train drivers and crew administration;
  • a university with only their enrollment process that is certified;
  • a social security service provider with only their members enrollment process that is certified;
  • etc.
I believe if an organization, again in the public sector, would like to improve its services to the people, it should set the scope according to its mandate and not on just one operational or support process within its system.
Tony, thanks for providing additional evidence of how dysfunctional some organizations can be and how management system certification has been prostituted in some places and in some cases, totally missing the point of what a quality management system standard should accomplish. Total mockery of the intended goal, in my opinion. Some CB's are so money-hungry that don't realize that they are working against their own interests. When organizations realize that they can (artificially) certify sub-sets of an organization for marketing purposes, why would they go through the hard work of implementing the whole system, enterprise-wide? Unbelievable how the greed and shortsightedness abound in their ranks.

For the examples you mentioned, I wonder what mental construct such organizations and their respective CB auditors allow for the ISO 9001:2015 requirement associated with the need to consider the expectations of relevant stakeholders. For example, the internal audit office's primary (internal) customer would be the organization's top management. But what about the external stakeholders of the trade agency? Their expectations are, obviously, relevant to the system of the auditing office.

 

tony s

Information Seeker
Trusted
#7
For the examples you mentioned, I wonder what mental construct such organizations and their respective CB auditors allow for the ISO 9001:2015 requirement associated with the need to consider the expectations of relevant stakeholders.
And this is a requirement in determining the scope (i.e. clause 4.3). If I'm a student, am I only interested in getting enrolled in a school? or If I ride a light rail train, am I only interested in the training of the train's driver? CBs should clarify this with their clients.
 

John Broomfield

Staff member
Super Moderator
#8
Tony,

And do these bonus seeking departments then see their registrar’s logo displayed on their parent organization’s website?

John
 

tony s

Information Seeker
Trusted
#9

Attachments

Last edited by a moderator:

John Broomfield

Staff member
Super Moderator
#10
Tony,

Excellent, thank you.

Would you please post a link to the website?

Then we can see the context in which the certificate is presented to the public.

Many thanks,

John
 
Top Bottom