Audit Crisis - The entire management has left


Dan Larsen

I've run across a situation that I'd like to offer for comment and input. The scenario involves a small company, currently registered to ISO 9002/QS, just finishing their first full year of registration.

In the last three months, the entire management has changed. Most recently the management representative has left. The company now faces a surveillance audit (their second). Ironically, the registrar is trying to arrange the audit for the same day the likely management representative is supposed to start.

The management is reluctant to announce the situation to the registrar, but doesn't want to fail the audit. After a very brief review of the scenario, I have a feeling that could happen. It appears that the new personnel haven't yet bought into the system, and I suspect an audit would indicate a system that has rapidly deteriorated.

My recommendations were:

1. Inform the registrar of the situation, don't hide it. Put a positive spin on it by letting them know that a replacement management rep has been hired, that an interim management rep has been designated, and that a consultant has been brought in to help smooth the transition.

2. Ask for a delay in the surveillance audit. Even a few weeks would help. The audit could be postponed up to four weeks and still be held within 15 days of the actual one-year-old registration. I say go for it…every bit of time will help.

3. Gap audit the system and immediately start coaching the new personnel in their responsibilities to the system, stressing that they have to up to speed quickly.

I'd be interested in hearing from others regarding how they would play this out. I'd also be interested in hearing from QS auditors regarding how they think the registrar will approach this.

I'll add two other observations. Personally, I don't think there ever was full company ownership of the system. I think the former management rep made it work. I also received information that would suggest that the management rep and the registrar auditor were on relatively friendly terms. This brings another question to mind…is it in the companies interest to ask for a different auditor at this (hopefully postponed) surveillance audit?

Thanks in advance.

Elsmar Forum Sponsor

Kevin Mader

One of THE Original Covers!
Staff member
This is a tough one for sure.

When QS9000 certified, the problem goes beyond complying to an ISO9000 registration. It is no longer voluntary. You must comply.

My thinking is that the new administration needs to recognize the problem, decline the audit, and rework the System. Another Registration/Certification audit appears to me as inevitable.

Now if the circumstance is that the company may fold without the Customer Orders, then you may need to delay the audit and coach for success. The alternate is to contact the Customer, explain the situation, and take your chances.

Short on time and I have to run.


Al Dyer

Talk about a rock and a hard place.

I think the only wat to go is to stall as long as possible while getting the new team up to speed then have the audit. Sure the company will take some lumps, but isn't that what is needed to get the attention of management.

As was said, there sounds like a lack of management support which might be the reason for the turnover.

A Management Representative needs to know the system but should not be expected to answer all questions during an audit, this is the role of department managers (and staff) with only support from the MR.



We faced a similar situation 2 years ago but had 6 weeks to prepare. Dans suggestions are right on the mark. By all means let your auditor know whats happening. Our auditor helped us delay as long as possible, and was very forgiving that first audit with the new management rep.

Laura M

I jumped into a company like this a few months ago. Had about a month to prepare the learn the system and be management rep for a surveillance audit. The entire management team did not leave, but I could easily tell that the management rep force fed the majority of the work.

They were in an absolute panic when they 1st called me. Really made me realize how much they didn't know. Unfortunately the situation was clouded with overwritten procedures. I've been cleansing the system at the same time. They are seeing the light, but it's still at the end of the tunnel!

Anyway - the registrar should absolutely accomodate. There is no reason that the company has to take the date the registrar gave them, is there?
Dan, IMO,
1- Read your contract with your registrar. Some registrars do not allow cancellation of a scheduled audit. Due to a lack of auditors it is very difficult to re-schedule. Some will also charge you a hefty cancellation fee.
2- Be up front with your registrar/auditor. Tell them exactly what has happened. I haven't come across an auditor yet that isn't willing to help out in a tough situation.
3- You can only receive a "Major" for a complete breakdown in the system. Do you see a complete breakdown?
Lack of management in itself does not constitute a complete breakdown; sometimes it helps. (sic)
4- As is the case in most companies management doesn't listen very well to the people it hires to do the job. May be that your company needs to hear the words
"effective this date you will be on probation" from your auditor.
Any way, good luck with your challenge and let us know what happens.

Dan Larsen

I want to thank all for the feedback. I decided to take on the job, and we'll see how it plays out (I guess I enjoy the challenge!) I figure I'll either "crash and burn" or "create a silk purse from a sow's ear" (excuse the choice of metaphors…it's late).

We're going to start with an audit of the system as it stands. I suspect there are going to be issues that could easily be considered "major" based on the inside info I'm hearing. I'm not sure yet about moving out the audit…that remains to be seen. It appears the company is still hesitant to "publicize" the situation by seeking a delay (or letting customers know). With the economic situation, they're trying to provide a strong appearance to the customer base.

My plans at this time are to provide a fair and honest (as always <smile>) audit of the system. If things aren't good, they'll be told, and we'll take it from there. I'm still pushing to let the registrar know the situation, but until the audit (my audit) I don't think it's going to happen.

I appreciate Carl's comments about using the same auditor, and I've been going back and forth on this. One the one hand, she knows the system. On the other, she may have a vendetta for the company (possibly well founded, but…). Granted, there are appeal channels to follow, but would the current situation taint the company's position? I'm still open to feedback on this issue.

As I said, I've accepted the task and we'll see how it plays. The feedback has been helpful and I appreciate it. I'll try to keep you all posted.

Carl Keller


The company I left in January is going to be faced with the same situation in April and I have wondered how they will handle it. Both myself as the Quality Manager and the ISO Coordinator/Management Representative left on the same day and they have not replaced us yet. Some questions I would pose as a Registrar are: Why did management not provide adequate resources? Why did it take so long to hire a replacement? This would seem to be a problem with timeliness of corrective actions. What are you going to put in place to insure that the situation does not occur again? If it has only been a short period of time, there should be little effect on a robust system. If the new personnel have not "Bought in" to the new system, then the company probably should fail the audit. I agree with most of the comments posted above, be up front with the Registrar and be ready to answer why the system is not up to 100% compliance and when you expect that it will be. I would use the same auditor and if I thought any funny business was going on, I would scream loud enough for RAB to take due notice.

Tough one, good luck to them.

Fire Girl

Laura M

That's exactly how I got where I am now. This company called me and said they need a little help with their implementation. I asked if they had procedures in place, and they assured me yes. So I told them it shouldn't take me long to get them certified. They had a consultant working for them. Anyway, I didn't think they had much in place and I had a lot of work to do. I did get them certified but it was no small task, I assure you. I find that it is best to be honest with your registrar. I've called to tell them we just can't have an audit that day. They are usually quite understanding.

Dan Larsen

Well, here's the update as promised.

The gap audit suggested the possibility of two areas where I felt majors could be declared...4.1 and 4.2. Management Responsibility was weak primarily because there was no one remaining from the old guard; there technically was no Management Rep and no QA Manager. Responsibilities for all sections was poorly defined and no one was clear as to what their responsibilities were. The quality system lacked because the new guard was making changes that weren't being documented. In addition, the whole quality planning system was not being followed and had stagnated for close to six months.

The company responded by assigning the NR responsibility to a young guy on the staff that interacted extensively with all levels (his assigned responsibility is an expeditor) and he seemed to have a good sense for the customer and had the internal respect needed to do the job. Another older gentleman was designated the interim QA Manager.

We reviewed and revised the policy manual to clear up responsibility assignments (a new org chart was included), and a matrix for procedural responsibilities was created. We got what I felt were key procedures out to appropriate personnel for review.

Production people were given copies of the existing control plans and FMEA's along with a crash course (one on one) as to what they were and how they are used. They immediately started reviewing existing processes against the plans that were documented.

Meanwhile, I coached the new MR in the overall value of QS and how the internal audit system and CPAR system are key elements. We reviewed all existing open CPAR's (there were about ten) and proceded to reissue them. We decided to use my gap audit as an internal audit for the first three months of the year, and issued about six more corrective actions based on my audit.

We reviewed and revised a number of procedures, concentrating on the procedures that I felt were critical (internal audit, corrective action, and all procedures for the sections that were up for audit this cycle).

The designated MR was an extremely fast learner, and he did a good job of following up on the inside.

While we were doing this, the registrar indicated they would push the audit out to the end of April or early May. We then got a gift when the auditors couldn't be scheduled for an audit until May 24th.

The six weeks were useful. Two days before the registration auditors came in, I performed a coaching audit with key personnel. I reported I felt they could expect between ten and fifteen findings, none of them major. They decided to sell the system as one in a state of flux as the new personnel were coming on-line, using the items that were strengthened as evidence of commitment.

It played to plan. Twelve audit hours by the registrar, thirteen findings (most involving minor documentation issues), no majors, and only a little bit of a threat ("Remember, you can't play the new kid excuse at the next six month audit" [paraphrased]).

All in all, a success.

Thanks for the support.

Thread starter Similar threads Forum Replies Date
S Scheduling a Crisis Management Audit? Reasonable Request? Internal Auditing 2
P US FDA QSR Internal Audit 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
M How to answer ISO9001:2015 audit finding of old revisions of documents being used? Document Control Systems, Procedures, Forms and Templates 7
B UKRP to what level should you audit Class I Technical Documentation? UK Medical Device Regulations 0
I Audit is tomorrow but I refused to participate Misc. Quality Assurance and Business Systems Related Topics 15
I ISO 17025:2017 / ANAB 3125 - Articulating / Communicating Risks vis-a-vis Audit Findings ISO 17025 related Discussions 2
D Verify Audit Trail of SaaS system Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 3
D Re-labeler - audit the supplier EU Medical Device Regulations 2
J Outsourced Internal Audit requirements for Aerospace Suppliers AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 21
A PPAP question for audit APQP and PPAP 16
D Number of people to be interviewed during an internal audit? Internal Auditing 6
B Gamma Quarterly Audit Medical Device and FDA Regulations and Standards News 1
A Anxiety - ISO Re-registration Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 69
Ed Panek Auditor MDR (Presub audit) finding EU Medical Device Regulations 2
Q Easy CARs for Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
D Question and advice for a supplier self audit questionnaire ISO 13485:2016 - Medical Device Quality Management Systems 6
S Quarterly Dose Audit Medical Device and FDA Regulations and Standards News 5
H When is a SOC 2 audit necessary? IEC 27001 - Information Security Management Systems (ISMS) 3
J NCR- Failure of contract review process - NADCAP audit AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
D Special IATF audit of sub-supplier IATF 16949 - Automotive Quality Systems Standard 18
A Internal audit plan and processes for ISO 14001:2015 ISO 14001:2015 Specific Discussions 3
D Question on using audit checklist ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 20
C API Q1 internal audit report Internal Auditing 3
P Filled in F48/F49 for internal audit ISO 17025:2017 Internal Auditing 2
A IRIS audit - Discussion about Special Processes General Auditing Discussions 11
J Internal audit random sampling methodology Internal Auditing 2
D Major NC from last audit not fixed not sure how to fix General Auditing Discussions 10
X Sample SOC2 audit report (or a redacted one) IEC 27001 - Information Security Management Systems (ISMS) 0
D Lead time to schedule an ISO 13485 audit General Auditing Discussions 2
G Organizing internal audit program for an Integrated QHSE Management System Internal Auditing 13
S Does anyone have a checklist to prepare for ISO 13485, Stage I audit? ISO 13485:2016 - Medical Device Quality Management Systems 1
W How do you phrase your internal audit questions? Internal Auditing 3
Z Steps to take before an MDSAP audit for Canada Canada Medical Device Regulations 2
V Csv, excel format - audit trail file of HPLC system ( Empower, openlab, EZchrom or any other ) Qualification and Validation (including 21 CFR Part 11) 0
G Not accepting a non conformity during an audit General Auditing Discussions 11
K IATF audit day requirements table 5.2 IATF 16949 - Automotive Quality Systems Standard 6
Q ISO 9001/IATF 16949 Audit Finding Question - Document Retention IATF 16949 - Automotive Quality Systems Standard 11
M IATF - Internal Audit 3 year span Internal Auditing 4
Q Audit report template ISO 9001/14001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
Q ISO 9001-2015 Internal audit finding Internal Auditing 14
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
P Audit check for IT company (ISO 9001) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
D Supplier audit Medical Device and FDA Regulations and Standards News 2
M Go Live With New ERP System before Recertification Audit General Auditing Discussions 6
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
A Define timeline for Major and Miner Audit finding General Auditing Discussions 4
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
A API Monogram audit review process Oil and Gas Industry Standards and Regulations 5
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 18
B Remote IATF 16949 audit preparation General Auditing Discussions 10

Similar threads

Top Bottom