Do We Have to Comply with Our Own Procedures?

[Paul Simpson]

I'm reasonably sure that the tank chemistry specs did not come from the supplier. That is that they were not written up for not following their own spec, but rather a required spec.

Next time I visit that shop I will find out.

I can hardly wait.

You may need to wait for a long time (and I'm sure you know that) if you expect me to be able to pull the plating spec out of my hat. I only have access to them when I'm on site where the plating specs are used.

Now my understanding of the competence process required under ISO / IEC 17021: 2011 is that your registrar should have a process in place to identify how it determines you are competent to audit plating shops. I would expect that includes the ability to refer to principal controls needed. Now I and a couple of others have identified what we think is generally needed ...

I'm not sure what you mean by the ship welding analogy. I don't see where I have excluded that as a method of control. Perhaps you are concerned that I'm suggesting that certifying the welder is the only control ever needed under any circumstance. I do not believe that. At different times any or all of 7.5.2 a-c may apply.

Forgive me, this was an unsubtle dig at the 'you don't have to follow procedures' faction.

And what on earth does this conversation about validation of processes have to do with the process approach?

This is part of the thread (albeit to my memory nobody has directly mentioned the process approach). Let me summarize:

• This all (re)started with Steve’s post here when he was asking whether internal auditors should follow the process and check to see if people are following what the process says they should be doing.
• John Broomfield replied saying that they shouldn’t - here
• My first post on the subject was challenging the idea that there is not a requirement for people to follow procedures and in particular John's statement: ‘Management may say "ISO 9001 says that you must obey our procedures" but that has been untrue since the year 2000.’
• You entered into discussion with John Broomfield (who I had refused to debate with by this time) on the subject of process validation - here.
• and my response just followed your thread - here

I hope this helps.

 

[John Broomfield]

[*]John Broomfield replied saying that they shouldn’t - here

Paul,

Just to be clear here is what I last said in an attempt to summarize my position on this subject:

"Of course the procedure is the specified way to carry out the process.

But it is top management through their actions that makes the process specifications mandatory or not.

Indeed the procedure may not include a single “shall” but merely describe the latest known way of the process achieving the planned results.

Or, because top management ignores its own procedures, the employees know that even if the procedure is full of “shalls” it is window-dressing; perhaps for certification.

It appears to me that we have legions of auditors (and management reps) willing to do the bidding of managers who cannot or will not lead by example. Instead of enforcing unenforced procedures of an unknown quantity to counter a permissive environment, auditors should report the real system weaknesses that causes people to ignore their procedures.

This is why I said it is better to audit the process through the auditee’s monitoring of that process. Auditors and their auditees learn a lot more that way than assuming the procedure is correct or mandated by management."

To answer the question, ISO 9001 no longer requires employees to "comply" with their organization's procedures but it does require top management to show their commitment to the development, implementation and improvement of their management system. Indeed, top management may require the employees to conform to their procedures. It is up to your leaders not your auditors to be the first to enforce the procedures.

John

 

[tyker]

To answer the question, ISO 9001 no longer requires employees to "comply" with their organization's procedures but it does require top management to show their commitment to the development, implementation and improvement of their management system. Indeed, top management may require the employees to conform to their procedures. It is up to your leaders not your auditors to be the first to enforce the procedures.

John

My real difficulty with this argument is the way it appears to distance auditors from real life. I think most people in business would assume a procedure is to be complied with. For the auditor to argue that conformance to the procedure is not mandatory unless it comes from the top management's commitment to development, implementation etc is surely going to damage the auditor's credibility as a being that inhabits the same planet as the rest of us.
This situation applies to people trying to run a business and who want straightforward requirements and interpretations. I don't see this kind of esoteric application/interpretation of ISO 9001 as useful to anyone.

 

[Big Jim]

My real difficulty with this argument is the way it appears to distance auditors from real life. I think most people in business would assume a procedure is to be complied with. For the auditor to argue that conformance to the procedure is not mandatory unless it comes from the top management's commitment to development, implementation etc is surely going to damage the auditor's credibility as a being that inhabits the same planet as the rest of us.
This situation applies to people trying to run a business and who want straightforward requirements and interpretations. I don't see this kind of esoteric application/interpretation of ISO 9001 as useful to anyone.

It would appear to be just the opposite.

Auditors would be auditing "where the rubber meets the road", not from an ivory tower. To me, that would be closer, not more remote.

 

[PatrickStew]

How do you determine this to be factual?

 

[Jim Wynne]

How do you determine this to be factual?

We can't tell who you're addressing. It's a long thread with lots of posts and opinions, so it's helpful if you hit the "Quote" button on the post you're responding to.

 

[Paul Simpson]

It would appear to be just the opposite.

Auditors would be auditing "where the rubber meets the road", not from an ivory tower. To me, that would be closer, not more remote.

Absolutely not. On the planet I inhabit an auditor would expect any employee to follow a documented procedure. But then according to some I'm a control freak. But hey, if the cap fits ...

Tyker's point, if I may be so bold as to speak for him, is that in the real world if someone in authority gives you a documented instruction then the general assumption is that you will comply with the instruction / follow the procedure. In fact many employment contracts specifically require this under threat of invoking disciplinary procedures (normally documented ). So Tyker's point is (again IMHO) that even though there is no one line requirement in 9001 that 'employees shall follow all documented procedures' the implied requirement is that anything that is documented has to be complied with and it is not in any auditor's remit to cut anyone some slack because they feel the procedure in some way isn't important enough to be followed.

 

[Sidney Vianna]

To answer the question, ISO 9001 no longer requires employees to "comply" with their organization's procedures

John, you are 100% entitled to your opinion. But I would think that, if that was the REAL intent of the ISO TC176, FOR SURE, they would have made that clear through the NUMEROUS documents they issue to support proper ISO 9001 deployment. For example, I would expect to see something that supports your "theory" in the Auditing Practices Group page under the TC176 website.

But I don't find anything that matches your perspective. Actually, I do find the following suggestion in the Audit Trail paper:

Procedures, forms, checklists and so on, all ensure that a process is managed and controlled effectively. It is essential that auditors take the time to understand what is required from the process they are auditing.

 

[John Broomfield]

My real difficulty with this argument is the way it appears to distance auditors from real life. I think most people in business would assume a procedure is to be complied with. For the auditor to argue that conformance to the procedure is not mandatory unless it comes from the top management's commitment to development, implementation etc is surely going to damage the auditor's credibility as a being that inhabits the same planet as the rest of us.
This situation applies to people trying to run a business and who want straightforward requirements and interpretations. I don't see this kind of esoteric application/interpretation of ISO 9001 as useful to anyone.

tyker,

Your point is well taken. This is why I advocate auditing the auditee's monitoring of their processes.

Failure to monitor a process against its specification/criteria (and correct either the process or its procedure as necessary for the process to be effective) would be a nonconformity to 8.2.3.

Failure of an employee to conform to a procedure would be a nonconformity against which clause? Or would such an issue be worthy of further investigation?

Thus far, on planet earth, I am seeing evidence of many auditors just itching to do the job of the auditee's management.

John

 

[Big Jim]

Absolutely not. On the planet I inhabit an auditor would expect any employee to follow a documented procedure. But then according to some I'm a control freak. But hey, if the cap fits ...

Tyker's point, if I may be so bold as to speak for him, is that in the real world if someone in authority gives you a documented instruction then the general assumption is that you will comply with the instruction / follow the procedure. In fact many employment contracts specifically require this under threat of invoking disciplinary procedures (normally documented ). So Tyker's point is (again IMHO) that even though there is no one line requirement in 9001 that 'employees shall follow all documented procedures' the implied requirement is that anything that is documented has to be complied with and it is not in any auditor's remit to cut anyone some slack because they feel the procedure in some way isn't important enough to be followed.

I guess it may be a matter of perspective.

Auditors need to audit the actual practice. That needs to be compared to both what the standard requires and to what they have documented or if no documentation exists on the topic what they say they do.

To me, auditing the actual practice is closer, not more distant, but if it is different from where you are standing you are welcome to your opinion and I respect that.