An organization's Internal Audit Office certified to ISO 9001:2015

[tony s]

Would you please post a link to the website?

You can check out this Republic of the Philippines website. Scroll down and check section VIII.

 

[John Broomfield]

Thank you for the link Tony.

From this I see no attempt to deceive the public.

Is your organization planning to bring one department at a time into conformity with ISO 9001?

BTW, a department is not a "core process". Auditing though is a key process within the organizational management system. This system exists and determines the success of the organization whether it adopts ISO 9001 as its system standard or not.

Alternatively the auditors could include ISO 9001 among the audit criteria with the approval of each department head. They may find evidence of a lot of unintended conformity.

Best wishes,

John

 

[AndyN]

We should be very careful to NOT jump to conclusions about implementing and certifying an ISO 9001-based QMS in a "department", especially in the public sector. For example, the UK government has many "departments": Department of Transport, Department of Agriculture and so on. These are huge bureaucracies which have (customer) requirements, processes and products/services. As far back as 1992, a UK Government department was certified for the services it provided to other UK Government entities in recommending IT systems. What's "wrong" with that?

 

[Sidney Vianna]

What's "wrong" with that?

There is nothing "wrong" with that, but that's totally distinct from the examples pertinent to the discussion on this thread, such as:

• a national trade agency with certification on their internal audit office;
• light rail company that wants certification on their train drivers and crew administration;
• a university with only their enrollment process that is certified;
• a social security service provider with only their members enrollment process that is certified;

 

[John Broomfield]

Andy,

I accept your general point. Government departments may operate largely stand-alone management systems. Keeping them separate may however ossify waste and undermine the government’s fulfillment of its overall objectives.

And the other departments are not in need of an internal auditing process because they have a department that does this for them and the organization as a whole.

John

 

[Kronos147]

Tony, thanks for providing additional evidence of how dysfunctional some organizations can be and how management system certification has been prostituted in some places and in some cases, totally missing the point of what a quality management system standard should accomplish. Total mockery of the intended goal, in my opinion.

Funny story. I audited the logistics dept of a large company. During the assessment I discovered 2 things; 1) they really didn't take advantage of ISO 9001, and they didn't need it! and 2) the fire extinguisher that was the only one in a room that had no other exit, had been out of commission for 6 months.

I told them in earnest if they wanted to keep the cert, they should really embrace it a little bit more, rather than just kind of a minimal compliance approach. I told them "they passed the audit" with a couple of minor findings, however, I thought they would be better served giving up the cert and running a compliant system with a yearly consult instead of an audit.

They thanked me and kicked me out. They appealed the fire extinguisher minor and I was declared personna non-grata. Sucked for me, it was a good company to brag was in my portfolio. Doh!

Next audit, my buddy goes. I didn't know, he didn't know my story. He does the audit, and decides they really don't take advantage of ISO and maybe should discontinue certification.

Now look, I have done that twice in 100 audits. It is really rare! It was funny that both my and my buddy (incidently, my mentor) saw the same thing.

The registrars sales people are often too aggressive, but the assessors generally give genuine feedback about the organization, IME.

 

[AndyN]

They appealed the fire extinguisher minor

You seriously wrote an audit finding against a fire extinguisher on a 9001 audit?

 

[jmech]

They appealed the fire extinguisher minor

Which clause did you write that finding against? Did they win the appeal?

 

[AndyN]

I told them in earnest if they wanted to keep the cert, they should really embrace it a little bit more, rather than just kind of a minimal compliance approach. I told them "they passed the audit" with a couple of minor findings, however, I thought they would be better served giving up the cert and running a compliant system with a yearly consult instead of an audit.

It deeply worries me that when wearing your "ISO Auditor's hat", you'd have such a discussion with a client.

 

[Kronos147]

It deeply worries me that when wearing your "ISO Auditor's hat", you'd have such a discussion with a client.

I deeply worries me when I see you advise people to take shortcuts with ISO and not use the requirements to their advantage.

So I interject here, like you just did.

Ain't America great?

Happy Thanksgiving to you, and your loved ones AndyN! Cheers, Eric

(P.S. you never answered why risks are not applicable at the process level. I was looking forward to that one!)