Auditors and CB's further investigating certified QMS' with ethical breaches?

[Sidney Vianna]

In that APG paper, last paragraph reads:

If auditors become aware of any deliberate legal noncompliance that could affect the image and credibility of the QMS before, during, or after the audit (including, for example, breach of antitrust law, labour law, health and safety or environmental regulations) then this should be taken into consideration and investigated further, as appropriate. Apart from the regulatory authority’s action, it is for the auditors to assess the effectiveness of the QMS in meeting customer requirements (stated or generally implied) and report this to the certification and registration body management to take appropriate actions.

Reminds me of the case which led me to start this thread, back in 2005. Wondering how many auditors and CB's "further investigate" if any of their certified clients are caught in ethical breaches which brings the "effectiveness" of the certified QMS into question.

 

[BoardGuy]

Well the first item would be, are the auditors trained in antitrust law, labour law, health and safety or environmental regulations at the national, state, county and city level. If the auditor has not been trained by the CB and found to be competent in these areas of expertise then he or she could not make that determination.

 

[Sidney Vianna]

Auditor and CB's would not be conducting a criminal investigation; thus no need to have competence in those areas. What the paper is suggesting is that auditors and CB's should react to situations where an ethical breach has or might have happened. The case that led to the thread linked in my previous post was a good example, but there are many more out there.

 

[Randy]

Well the first item would be, are the auditors trained in antitrust law, labour law, health and safety or environmental regulations at the national, state, county and city level. If the auditor has not been trained by the CB and found to be competent in these areas of expertise then he or she could not make that determination.

But some of us are

In the case of a suspected breach of ethics as illustrated by the OP, my personal code of ethics, and the professional ethics of who I represent, requires me to notify someone of authority in my chain of command (specifically identified in procedures I must follow), pack my stuff and inform my point of contact why I'm leaving. As for investigation, it's not within the defined scope of my duties, though quite capable of performing an investigation I wouldn't mainly because of potential libility and litigation.

Now if I can see that a "breach" was some type of innocent error or ommission, I'd still notify my point of contact for the client and the organization I represent and ask for a decision.

Either way, communicate and document because knowledge without action could = culpability

If I've misunderstood the Thread please let me know

Oh yeah, great memory Sidney

 

[BoardGuy]

Yes I understand what is being said but you must remember that under just the basic requirements of ISO 9001:2015 Clause 7.2 the organization (CB) must determine the necessary competence of person(s) doing work (auditing) under its control… ensuring that these persons are competent (on [FONT=&quot]ethical breaches and regulations[/FONT][FONT=&quot]) [/FONT]based on appropriate education, training, or experience.

[FONT=&quot]If the CB’s are requiring their clients to meet this requirement, then why are they exempt? Should they not also meet Clause 7.2 by providing training to their auditors on [/FONT][FONT=&quot]antitrust law, labour law, health and safety or environmental regulations if they are required to identify legal noncompliance[/FONT][FONT=&quot]?[/FONT]

 

[Sidney Vianna]

If the CB’s are requiring their clients to meet this requirement, then why are they exempt? Should they not also meet Clause 7.2 by providing training to their auditors on antitrust law, labour law, health and safety or environmental regulations if they are required to identify legal noncompliance?

the paper talks about IF the QMS CB/Auditor becomes aware of a breach. They SHOULD NOT be looking for one, as this is outwith of the scope of a QMS audit.

But, for example, if I am conducting an ISO 9001 audit in a company in the USA and I see what is (potentially) a labor violation of child-labor, I will react. I will ask questions and, even though I am not fully educated in labor laws, I will bring it up and confer about the situation. If there is, indeed, a breach of labor laws, my employer will become aware of the situation and legal counseling might start.

As for your question about auditor competence, the ISO 17021-2,-3,-4, etc... in addition to 17021-1 has very clear requirements on the establishment of auditor and certification personnel competence.

 

[Sidney Vianna]

According to this piece of news, the IAF will establish an Ad-hoc Task Force to study fraudulent behavior by certified organizations.

 

[SamMiller]

According to this piece of news, the IAF will establish an Ad-hoc Task Force to study fraudulent behavior by certified organizations.

In my opinion a comprehensive portal indicating all certified companies should work. The accreditation requirement indicates only an option to check the certificate published by the CB. What we need may be an option like IATF for all issued certificates.

 

[Sidney Vianna]

What we need may be an option like IATF for all issued certificates.

I see that you have just a few posts so, chances are, you have not seen many of the threads we have here at The Cove.

Yes, TRANSPARENCY should be a key component of the accredited certification that would ameliorate the situation. But the IATF database is nothing but opaque. No external party has access to that database. The one and only meaningful Industry controlled database that promotes transparency and accountability out there is the IAQG OASIS database, an instrument that I have been voicing for over 14 years should be used as a model for the "forthcoming" IAF database. Check out the thread @ IAF Database - Repository of (properly) Accredited Management System Certs