Are 3rd party (ISO9001 Registrar) auditors allowed to provide "Recommendations" ?

Should / Can Registration Registrar auditors provide recommendations?

  • Recommendations for Closure of nonconformance

    Votes: 0 0.0%

  • Total voters
    31

howste

Thaumaturge
Super Moderator
#31
Keep in mind that ISO 19011 is a guidance document for all types of QMS and EMS audits. This includes not only 3rd party audits, but also internal audits and customer/supplier audits.

To me it's not surprising that it talks about making recommendations if specified by the audit objectives. Recommendations are not part of the audit objectives in 3rd party registration audits. Opportunities for improvement should be limited to identifying weaknesses in the system, not providing solutions.

Of course, if an auditee asks for ideas they can be provided in an off-the-record non-binding way.
 
Elsmar Forum Sponsor
A

AllanJ

#32
I do find to be fascinating the way in which the "poll" is proceeding. At the time I am posting this, approx 2:1 of the votes are in favor of some kind or recommendation as opposed to providing nothing at all.

In another thread concerning, "ISO 9001, gigantic waste of benefit", the discussion has (inevitably) considered what is going on in that industry and the fact that so many firms are withdraing from being registered. Is there not a link? If registrars will not (more likely are incapable of) offering solutions, is it any wonder CEOs also perceive they offer little by way of a value-added service?

But, if a two-to one majority does not already signify something, what would? Many Covers are the registrar's clients. Perhaps the registrars should heed the message of the market place?

It would be nice if more Covers considered all the arguments so far presented in this thread and then vote, if they have not done so yet.
 

Randy

Super Moderator
#33
AllanJ said:
If registrars will not (more likely are incapable of) offering solutions, is it any wonder CEOs also perceive they offer little by way of a value-added service?

Perhaps the registrars should heed the message of the market place?

The Registrars can't because of the potential for lost objectivity. You ever hear of Arthur Anderson and Enron? DUH!

The requirements that Registrars meet explicitly state that "consulting ist verbotten" (not that exactly, but you get the point). Registrars are even restricted form offering some training services because of the objectivity issue.
 
B

Bill Pflanz

#34
Randy said:
The requirements that Registrars meet explicitly state that "consulting ist verbotten" (not that exactly, but you get the point). Registrars are even restricted form offering some training services because of the objectivity issue.
I agree with Randy. If an auditor gives an opportunity for improvement than they are going beyond determining whether you have met the requirements or not.

Where you get into a conflict of interest (which is what happened to Arthur Anderson) is suggesting an improvement and then getting the consulting part of the auditing company to provide the solution. The auditing part of the company is then forced to audit changes that were made by their own company. If the auditor made their own recommendations for improvement they could be forced to audit their own solutions. It definitely changes the meaning of independence.

Even internal auditors should think twice about making suggestions for improvement if they will eventually audit the changes.

Bill Pflanz
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#35
AllanJ said:
Perhaps the registrars should heed the message of the market place?
What exactly is the message, Allan? Please tell us.

It is a well known fact that some Registrars grew by leaps and bounds by being the path of least resistance. Rubber stamping is the name of their game. Others, on the other extreme, think that by being blindlingly rigid and unflexible, are bringing "integrity" to the process. :lmao:

ISO 9001: gigantic waste OR beneficial? This has been answered many, many times. Let me refresh your memory.

For the majority, a gigantic waste. For a few enlightened organizations, beneficial. Nothing new. That is the same thing with 6S, lean, TQM... Isn't that interesting that all programs get trivialized so they can be better commercialized? Fastrack here, ISO-while-you-sleep there :whip:

So, can this process be sustainable, if the majority does not realize the benefits? NO!!!!!!

You seem to think that the Registrars and Accreditors are the ones that could affect changes to make this whole process meaningful and sustainable. Wrong. The users of the certificates are the ones that have to demand accountability of the validity of the certificates vis a vis supplier performance.

Few Registrars are trying to make changes the way we operate to make our services more meaningful, but as long as the market place perceives ISO certificates as an attribute rather than a variable, the 3rd party certification process will leave a lot to be desired.
Of course, just my opinion
 
C

Craig H.

#36
I agreed that the auditor can provide neither. BUT....

I am not going to let a N/C or Opportunity for improvement go unchallenged - even if I agree with the finding. They are not going to get off so easy. That is when the fun, and the learning, begins.

Is it unethical to force an auditor to defend their position? I think not. So, in the process of questioning them almost always we get around to me asking something like ".... Ok, if we change the color to green, then it would meet the criteria?". Of course if I think its worth it I would try different angles, to try to see what the auditor has seen that has worked elsewhere - not just for compliance, but actually worked.

So, is my doing this unethical? If the third party auditor answers, are they unethical?

Where, exactly, is the line?
 
#37
Most findings, NCs, OFIs, I know how to fix or can find the answer here. However, I like the approach taken by an auditor from a 3rd party registrar that I used. Whenever I was unsure of how to correct a nonconformance, I would ask, and he would reply, "Here's the way I have seen a couple of other registered companies implement this." The obvious implication being that their system was REGISTERED. I don't want to chase a fix down a rabbit hole. I don't need a roadmap, but at least point me in the right direction.

I am paying a lot of money; I expect more that a list of standard sections to which I do not compy. I'm not paying for a piece of paper, I'm paying for confirmation that I comply. I already believe that I comply or I wouldn't have written it and implemented it that way and passed it in an internal audit. There should be some give and take.

I agree with AllanJ: if you don't know what would conform, how can you tell me what doesn't conform?
 
A

AllanJ

#38
Randy said:
The Registrars can't because of the potential for lost objectivity. You ever hear of Arthur Anderson and Enron? DUH!

The requirements that Registrars meet explicitly state that "consulting ist verbotten" (not that exactly, but you get the point). Registrars are even restricted form offering some training services because of the objectivity issue.
Yes, Randy, I have heard of AA and E. IMO there are at least three significant differences, though:

1. Our beloved registrars do not handle or deal with "money" matters, how money and other assets are dealt with and accounted for, and whether of not the firm is properly exercising its fiduciary responsibility. They are trying to determine, inter alia, whether theft is occurring.
2. The firm's financial auditors are appointed as a legal requirement: there is no legal requirement by which our beloved registrars are appointed.
3. The financial auditors' report has greater ramifications and applications than does an ISO 9K compliance audit report.

The consequences of those matters make the principle of independence far more important. But, as I have noted before on the Cove, making a recommendation, offering a solution does not confer ownership on the provider if the advice is accompanied by a judicious disclaimer. Moreover, as I have also remarked on the Cove, such provision does not in any way remove or subvert the responsibility and auythority of the process owner/ manager when he/she makes a decision concerning a solution.

As I understand AA and Enron, as well as similar well publicised situations, AA sought out the opportunity to obtain additional revenue by the giving of advice: it sold a service and billed its client. Worse, it also tried to pervert justice,if my recollection of the detail is correct, by attempting to destroy evidence of its actions.

I do not consider there is any similartity between that and in being a management auditor who, upon discovering a problem during an audit, offers some solution/ advice/ benefit of his/ her experience. But, when I do that, I always make clear the type of disclaimer I have mentioned.
 
A

AllanJ

#39
Sidney Vianna said:
What exactly is the message, Allan? Please tell us.

It is a well known fact that some Registrars grew by leaps and bounds by being the path of least resistance. Rubber stamping is the name of their game. Others, on the other extreme, think that by being blindlingly rigid and unflexible, are bringing "integrity" to the process. :lmao:
It seems to me the message of the market is in the various postings made in the Cove concerning: the loss of registrations, as currently under discussion in that other thread; the 2:1 vote inferring Covers think some kind of recommendation/ suggsetion whatever should be made.

Sidney Vianna said:
It is a well known fact that some Registrars grew by leaps and bounds by being the path of least resistance. Rubber stamping is the name of their game. Others, on the other extreme, think that by being blindlingly rigid and unflexible, are bringing "integrity" to the process. :lmao:
Registrars grew in leaps and bounds because, first, registration became a major thing in Europe (especially Britain) which was demanded by a lot of major companies who, in Britain, actually were nationalised industries. Bearing in mind how huge was the then public sector purchasing power, it was small wonder so many firms felt compelled (and were compelled) to get the "paper".

The boom in the American and other markets occurred as it was believed firms exporting to Europe would need to have the CE mark etc for which it was to be "mandatory" to be registered to ISO 9K. So, to protect their market share, the firms rushed to get their paper on the wall. Indeed, there were all kinds of rumblings that requiring ISO 9K certs was a non-tariff barrier to trade. Rather than fight the issue, CEOs of large corporations simply instructed the paper should be obtained. Being that they account for such a large slice of commercial contracts and they thought the standard mandated supplier certification in train, they started requiring their suppliers be certified.

Of course, all of this was accompanied by the "Emperor's suit of clothes" type of story about how beneficial would be certification for increasing market share, improving the "bottom line" and so forth.

Sidney Vianna said:
ISO 9001: gigantic waste OR beneficial? This has been answered many, many times. Let me refresh your memory.

Thank you for the kind offer, but I am following the other thread which is debatiung precisley this point. And, as I have posted there, the headline question (of the thread) has not been answered. I do note your views.

Sidney Vianna said:
You seem to think that the Registrars and Accreditors are the ones that could affect changes to make this whole process meaningful and sustainable. Wrong.
No I do not. Unless and until they recognise the kind of service, I believe, firms need. I have waited patiently for many years for registrars to provide a value-added service. If they really could effect the kind of changes needed, they would have been inundated with additional business and the number of registrations would be increasing, not falling. Further, they would have a greater proportion of the World's firms as clients, as I have also observed, elsewhere in the last few days.

Sidney Vianna said:
Few Registrars are trying to make changes the way we operate to make our services more meaningful, but as long as the market place perceives ISO certificates as an attribute rather than a variable, the 3rd party certification process will leave a lot to be desired.
Of course, just my opinion
Yes, I quite agree. But, what business ultimately survives if it does not continuously improve its service (process)? And as it loses clients, the market place is giving it a message, Sidney.
 
A

Aaron Lupo

#40
Sounds to me like you had a bad experience at one time or another with a Registrar, either that or you really have it out for Registrars/Notified Bodies for some reason. Every Registrar/NB that I have ever dealt with have always been willing to give suggestions/solutions to anything they perceived as a problem. Did they come right out and say this is how you fix it, nope if they did they would lose the “independence from the system” and every time they came back to audit there would be a conflict of interest now wouldn’t there? What they did say is “this is how I have seen other companies deal with a similar issue” or something along those lines.

I also do third party audits and have given clients the “this is how I have seen it done at other companies” as well. The companies I have audited in the past have always stated in their feedback to the Registrars that they did feel there was Value added from the audit findings/observations.

We as auditors cannot tell you how to fix the problem because we would then have to take ownership of the system, we can, however, tell you how we have seen it done before.

I am not sure where you are coming from but in my experience I would say your feelings are in the minority not the majority.
 
Thread starter Similar threads Forum Replies Date
Z TS16949 Clause 7.4.1.2 - Suppliers must be 3rd party registered to ISO9001:2000? IATF 16949 - Automotive Quality Systems Standard 4
A Becoming an ISO27001 3rd Party Auditor Career and Occupation Discussions 4
A Non-Conformances Found After 3rd Party Sorting Supplier Quality Assurance and other Supplier Issues 12
G Do HIPAA Rules Apply to a 3rd Party Logistics Shipper? Other US Medical Device Regulations 2
J Extent of 2017/745: providing 3rd party mass produced devices to NHS patients EU Medical Device Regulations 0
S AIAG CQI Auditor Qualification and 3rd Party Certification Requirements General Auditing Discussions 2
W Internal Auditing carried out by a 3rd party - Review of previous audits AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
M 3rd Party Sorting and Inspection Company Certification Service Industry Specific Topics 4
D Auditing Our Outsourced 2nd-3rd Party Internal Audit Company ISO 13485:2016 - Medical Device Quality Management Systems 6
M CE self-certify, or needs testing by 3rd party? CE Marking (Conformité Européene) / CB Scheme 12
A CAR from 3rd party AS9100D auditor - Root cause dilemma AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 45
S ISO 9001:2015 Gap Analysis - In-House or 3rd Party? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
O IATF 16949 3rd party auditor training sources IATF 16949 - Automotive Quality Systems Standard 1
M IATF 16949 - Multiple Locations - 3rd party audit scope IATF 16949 - Automotive Quality Systems Standard 1
J 3rd Party Certification and QMS Revisions Registrars and Notified Bodies 4
Sidney Vianna Proposed Change to 3rd Party Audit Process - Limiting Scope of Audit Registrars and Notified Bodies 19
A How to 3rd Party Audit ISO 9001 Clause 7.1.6 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
A How to approach ISO 9001:2015 Clause 7.1.6 when 3rd Party Auditing ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
Stijloor Calculating (3rd Party) Audit Days for Company with Seasonal Employees General Auditing Discussions 3
L Release of Audit Results Report to 3rd Party ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
C 60601-1 13.1.2 - Passive Device Energized by 3rd Party Device IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
C Looking for 3rd party audit firm for unique contract, have RFP General Auditing Discussions 1
Manix Should a 3rd Party Auditor Audit against IATF rules and not just the ISO standard? General Auditing Discussions 4
S AAMI EC57 for ECG Medical Device - Seeking 3rd Party Test Laboratory US Food and Drug Administration (FDA) 5
V Is the CQI-9 Heat Treat Assessment performed by a 3rd Party Auditor APQP and PPAP 1
D AS 9104/1 has New Requirements for 3rd Party Auditors AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
A 3rd Party Audit Finding Not Clear - 4.1 Outsourced Processes AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 36
R 3rd Party Audit Comment - Identify ISO Clauses/Sub Clauses to each Process Quality Management System (QMS) Manuals 45
J Contents of DMR (Device Master Record) when manufacturing is by 3rd party 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
C Measuring Equipment on Injection Machine should be Calibrated by 3rd party? General Measurement Device and Calibration Topics 21
C Policy for 3rd Party Auditing of Sequencing Facilities IATF 16949 - Automotive Quality Systems Standard 6
D Using IMDS database with 3rd party Intermediate Trade Company RoHS, REACH, ELV, IMDS and Restricted Substances 2
S ANVISA Audit by 3rd Party? Other Medical Device Regulations World-Wide 4
W Do 3rd party testing labs need NRTL certification to perform testing for FDA conforma ISO 13485:2016 - Medical Device Quality Management Systems 3
Howard Atkins ISO/TS 16949 3rd Party Automotive Auditors Group on LinkedIn ASQ, ANAB, UKAS, IAF, IRCA, Exemplar Global and Related Organizations 1
S Customer Requesting 3rd Party Audit Report (AIB) - Help! Quality Manager and Management Related Issues 17
QMMike Telephone Billing - Cramming Scheme 3rd party billing company Coffee Break and Water Cooler Discussions 5
Howard Atkins Right to Appeal 3rd Party (Registrar aka CB) Findings General Auditing Discussions 23
V TS 16949 3rd Party (Certification Body) Audits of Remote Sites IATF 16949 - Automotive Quality Systems Standard 11
V 18001 2nd stage 3rd party Top Management Questions (Training Assignment) General Auditing Discussions 8
E Should FDA implement 3rd party (PMAs) reviews? What are the pros and cons of doing so Other US Medical Device Regulations 2
Y 3rd Party Sterilization Validation for Reusable Medical Devices Other Medical Device Related Standards 7
somashekar A question on 3rd Party Sustainability Audit Cost Misc. Quality Assurance and Business Systems Related Topics 5
M Validating 3rd Party Software which Tracks Archived Samples Qualification and Validation (including 21 CFR Part 11) 2
K Pass Thru Calibration Certificates? Out-Sourcing Calibration to 3rd Party General Measurement Device and Calibration Topics 6
J FMEA Evaluation of "User Risk" - Wording FMEA 3rd party advisors ISO 14971 - Medical Device Risk Management 3
J FDA 510K - Justifying Fatigue Test results - 3rd Party Component Failure US Food and Drug Administration (FDA) 7
L IS/TS 16949 Initial Cert. Audit - placed on 3rd party containment with Customer IATF 16949 - Automotive Quality Systems Standard 3
L Recommend a 3rd Party Certifier for Master Value in Linearity & Bias Study General Measurement Device and Calibration Topics 0
J Adding Value to a 3rd Party Audit - What does 'Value Added' mean to you? General Auditing Discussions 25

Similar threads

Top Bottom