From: ISO Standards Discussion
Date: Wed, 31 May 2000 11:39:43 -0500
Subject: Re: Is a Registrar to be Treated as a Supplier /Naish/Humphries
From: "Edwin Humphries"
Phyllis,
> In a recent audit discussion with an auditor, the question of the registrar
> as a supplier came up. It is my belief the registrar is just another
> service provider like any you might have such as a calibration supplier or
> carrier service.
>
> By that I mean you should do the same type of qualification as you might
> with a service provider. Meaning what ever you might do for a service
> provider. One auditor felt that because they were approved by the
> registration board you did not need to do anything and the other felt you
> should qualify them as well. Any thoughts on this?
I have for a long time promoted this course to my clients: the only problem is that against any reasonable set of "subcontract requirements" (i.e., customer and market requirements), most certifiers/registrars would fail. It also begs the question of what type of control the client can exercise over the certifier/registrar: incoming inspection? SQA? On site inspection?
> In the same discussion, we discussed the timing of the audits. By this I
> mean what time during the day the audit should begin. My client has most of
> their day shift employees starting at between 5 and 6 in the morning so
> they leave between 2:30 and 4:00 in the afternoon. When we requested an
> earlier start time, one of the auditors indicated he doesn't start before 9
> in the morning. So we had to have people stay late making for long days for
> the staff. They did not object but I did.
>
> If the registrar is a supplier doesn't that mean they should be meeting
> your criteria? I have seen this with a couple of other registrars as well.
> And have even seen them show up late at that. Am I the only one who thinks
> the auditors should be available at the time the company staff is there
> normally?
Absolutely not: I have seen auditors abuse their power in all sorts of ways, and this is a common one. Where companies ask their consultants to assist them during the audit period (an increasingly common, though somewhat problematic course), this means the company has to pay the consultant to cool their heels while the auditors wend their way to the audit.
I am now encouraging my clients to write a contract with their certifier, and to determine the clauses of the contract themselves - or to modify the contract proposed by the certifier. I believe that such a contract would include the manner in which audits are conducted, communication paths between certifier and client, the manner of reporting, to method of establishment of audit dates, the right to refuse auditor selection, time and duration of audits, etc. The contract should have teeth: financial penalties in the event of breach of contract, and the right for the client to refuse to pay for incompetent audits or for some of the common cost- adding audit practices: auditing areas not covered by the defined scope of the certification, audits focusing on issues not addressed by ISO9000, time spent on auditing to an interpretation of the Standard rather than its intent, etc.
Certifiers need to remember who is the customer, and to meet their stated needs and expectations; but then, that would be expecting them to practice what they preach.
> The client did have 2 other shifts but the people who did things like
> calibration and safety training, and key functions worked the day shift.
> They did audit some of the second shift production staff in this audit so
> at least they hit more than one shift.
It would, in fact, be reasonable to expect a responsible auditor to ENSURE they audit other shifts than the day shift; but maybe I'm being unreasonable! ;-o
Best Regards
Edwin Humphries
Date: Wed, 31 May 2000 11:39:43 -0500
Subject: Re: Is a Registrar to be Treated as a Supplier /Naish/Humphries
From: "Edwin Humphries"
Phyllis,
> In a recent audit discussion with an auditor, the question of the registrar
> as a supplier came up. It is my belief the registrar is just another
> service provider like any you might have such as a calibration supplier or
> carrier service.
>
> By that I mean you should do the same type of qualification as you might
> with a service provider. Meaning what ever you might do for a service
> provider. One auditor felt that because they were approved by the
> registration board you did not need to do anything and the other felt you
> should qualify them as well. Any thoughts on this?
I have for a long time promoted this course to my clients: the only problem is that against any reasonable set of "subcontract requirements" (i.e., customer and market requirements), most certifiers/registrars would fail. It also begs the question of what type of control the client can exercise over the certifier/registrar: incoming inspection? SQA? On site inspection?
> In the same discussion, we discussed the timing of the audits. By this I
> mean what time during the day the audit should begin. My client has most of
> their day shift employees starting at between 5 and 6 in the morning so
> they leave between 2:30 and 4:00 in the afternoon. When we requested an
> earlier start time, one of the auditors indicated he doesn't start before 9
> in the morning. So we had to have people stay late making for long days for
> the staff. They did not object but I did.
>
> If the registrar is a supplier doesn't that mean they should be meeting
> your criteria? I have seen this with a couple of other registrars as well.
> And have even seen them show up late at that. Am I the only one who thinks
> the auditors should be available at the time the company staff is there
> normally?
Absolutely not: I have seen auditors abuse their power in all sorts of ways, and this is a common one. Where companies ask their consultants to assist them during the audit period (an increasingly common, though somewhat problematic course), this means the company has to pay the consultant to cool their heels while the auditors wend their way to the audit.
I am now encouraging my clients to write a contract with their certifier, and to determine the clauses of the contract themselves - or to modify the contract proposed by the certifier. I believe that such a contract would include the manner in which audits are conducted, communication paths between certifier and client, the manner of reporting, to method of establishment of audit dates, the right to refuse auditor selection, time and duration of audits, etc. The contract should have teeth: financial penalties in the event of breach of contract, and the right for the client to refuse to pay for incompetent audits or for some of the common cost- adding audit practices: auditing areas not covered by the defined scope of the certification, audits focusing on issues not addressed by ISO9000, time spent on auditing to an interpretation of the Standard rather than its intent, etc.
Certifiers need to remember who is the customer, and to meet their stated needs and expectations; but then, that would be expecting them to practice what they preach.
> The client did have 2 other shifts but the people who did things like
> calibration and safety training, and key functions worked the day shift.
> They did audit some of the second shift production staff in this audit so
> at least they hit more than one shift.
It would, in fact, be reasonable to expect a responsible auditor to ENSURE they audit other shifts than the day shift; but maybe I'm being unreasonable! ;-o
Best Regards
Edwin Humphries