An organization's Internal Audit Office certified to ISO 9001:2015

tony s

tony s

Information Seeker
Trusted Information Resource
I'm aware that organizations seek certification to ISO 9001:2015 in order to consistently provide products/services that meet THEIR customer and applicable requirements. What if an organization chooses to get certification only on their Internal Audit Office? Is it allowable? Can the IAO be certified under this scope of registration: "Provision of internal auditing services to various Offices of XYZ Corp"? (FYI: XYZ Corp. operates on a country-wide scale with various products and services).
 
A

AndyN

Moved On
There's no limitation really. CBs will happily take the money. It's a (business) decision which has some downside, but who'd really care?
 
Sidney Vianna

Sidney Vianna

Post Responsibly
Leader
Admin
tony s said:
I'm aware that organizations seek certification to ISO 9001:2015 in order to consistently provide products/services that meet THEIR customer and applicable requirements.
Click to expand...
I don’t agree with that premise. What enables an organization to consistently deliver conforming products and customer satisfaction is their (robust) system.

External certification provides an attestation of a conforming system for the consumption of stakeholders.

Who would be the user of such limited scope certificate? What benefit would it bring? To whom?

Anytime I see a certificate with an artificially limited scope of certification, I wonder: what are they hiding? If a certificate does not add a component of confidence in an organization, what is the point?
 
Kronos147

Kronos147

Trusted Information Resource
I have seen two large companies doing this.

Come to think of it, I have seen this a lot. Most commonly, there is a physical separation, however, the above examples were in a larger facility with the rest of the company.

One division gets certified to ensure their customer (the rest of the organization) is satisfied.

The certificate and subsequent certificate management (audits) are all then predicated on the scope.

Ex: Provisions of IT technical support for all corporate wan clients.

Processes:
-New employee
-Terminate employee
-System preventive maintenance
-Client ticket management (issues)
-Top management planning, strategy, and analysis
-Competence and Awareness (HR outsourced)
-Control of outsourced processes (including HR and Infrastructure-building and utilities, budget from corp)
 
tony s

tony s

Information Seeker
Trusted Information Resource
Sidney Vianna said:
Anytime I see a certificate with an artificially limited scope of certification, I wonder: what are they hiding? If a certificate does not add a component of confidence in an organization, what is the point?
Click to expand...
Here in my country, particularly in the public sector, the point is to obtain "performance bonus". When the national government here incentivize certification to ISO 9001, most government offices applied for "artificially" limited scope. Since the CBs will just happily take the money, as AndyN said, various government offices/agencies here are certified or working towards certification with the following scope:
  • a national trade agency with certification on their internal audit office;
  • light rail company that wants certification on their train drivers and crew administration;
  • a university with only their enrollment process that is certified;
  • a social security service provider with only their members enrollment process that is certified;
  • etc.
I believe if an organization, again in the public sector, would like to improve its services to the people, it should set the scope according to its mandate and not on just one operational or support process within its system.
 
Sidney Vianna

Sidney Vianna

Post Responsibly
Leader
Admin
tony s said:
Here in my country, particularly in the public sector, the point is to obtain "performance bonus". When the national government here incentivize certification to ISO 9001, most government offices applied for "artificially" limited scope. Since the CBs will just happily take the money, as AndyN said, various government offices/agencies here are certified or working towards certification with the following scope:
  • a national trade agency with certification on their internal audit office;
  • light rail company that wants certification on their train drivers and crew administration;
  • a university with only their enrollment process that is certified;
  • a social security service provider with only their members enrollment process that is certified;
  • etc.
I believe if an organization, again in the public sector, would like to improve its services to the people, it should set the scope according to its mandate and not on just one operational or support process within its system.
Click to expand...
Tony, thanks for providing additional evidence of how dysfunctional some organizations can be and how management system certification has been prostituted in some places and in some cases, totally missing the point of what a quality management system standard should accomplish. Total mockery of the intended goal, in my opinion. Some CB's are so money-hungry that don't realize that they are working against their own interests. When organizations realize that they can (artificially) certify sub-sets of an organization for marketing purposes, why would they go through the hard work of implementing the whole system, enterprise-wide? Unbelievable how the greed and shortsightedness abound in their ranks.

For the examples you mentioned, I wonder what mental construct such organizations and their respective CB auditors allow for the ISO 9001:2015 requirement associated with the need to consider the expectations of relevant stakeholders. For example, the internal audit office's primary (internal) customer would be the organization's top management. But what about the external stakeholders of the trade agency? Their expectations are, obviously, relevant to the system of the auditing office.

An organization's Internal Audit Office certified to ISO 9001:2015
 
tony s

tony s

Information Seeker
Trusted Information Resource
Sidney Vianna said:
For the examples you mentioned, I wonder what mental construct such organizations and their respective CB auditors allow for the ISO 9001:2015 requirement associated with the need to consider the expectations of relevant stakeholders.
Click to expand...
And this is a requirement in determining the scope (i.e. clause 4.3). If I'm a student, am I only interested in getting enrolled in a school? or If I ride a light rail train, am I only interested in the training of the train's driver? CBs should clarify this with their clients.
 
John Broomfield

John Broomfield

Leader
Super Moderator
Tony,

And do these bonus seeking departments then see their registrar’s logo displayed on their parent organization’s website?

John
 
tony s

tony s

Information Seeker
Trusted Information Resource

Attachments

  • DTI - IAS.pdf
    1,001.7 KB · Views: 257
  • DTI - Region 2.pdf
    3.5 MB · Views: 190
  • An organization's Internal Audit Office certified to ISO 9001:2015
    DTI Organization Chart_DO 17-35 as amended_18B27.jpg
    150 KB · Views: 336
Last edited by a moderator:
John Broomfield

John Broomfield

Leader
Super Moderator
Tony,

Excellent, thank you.

Would you please post a link to the website?

Then we can see the context in which the certificate is presented to the public.

Many thanks,

John
 
You must log in or register to reply here.

Similar threads

Y
Excluding section 8.3 from an ISO 9001:2015 certification
Replies
2
Views
292
Yoseline
Y
L
ISO 9001:2015 Audit checklist + scores for evaluation
Replies
4
Views
965
Randy
Randy
S
Need your advice to survive!
2
Replies
13
Views
1K
Jen Kirley
Jen Kirley
M
Preservation of Raw Materials in ISO 9001:2015 Standard
2
Replies
12
Views
2K
mmazahir
M
J
Maintaining site specific ISO Compliance/Certification within a non-certified organization & centralized processes
Replies
1
Views
376
malasuerte
malasuerte
Top Bottom