Do you think there is merit to sending audit reports to customers?

Wes Bucey

Quite Involved in Discussions
#11
Just like a driver's license does not say if you are a good or bad driver, an ISO 9001 certificate gives no indication about your system robustness. Having access to audit records should be a way of making the supplier's system maturity more transparent to existing and potential customers.
IMO, there's a lot more "guess" and "hope" in that word, should, than there is certainty. I'm often accused [rightly] of being obsessive when it comes to vetting suppliers who do custom work for me, but, for the reason I AM obsessive, I would probably not count on any third party audit report to give me the insight into a supplier that I crave. If it were a second party audit, commissioned by me, performed by an employee or an agent I trusted, I would naturally receive a copy of the report anyway. As far as a copy of an internal audit - absolutely useless to a suspicious cynic!

They should read them because they requested it as part of due diligence.
If it is the case a current customer requested this, especially as part of an investigation into a problem issue, you probably should have said so in your first post to eliminate a lot of our responses tackling the issue of voluntarily sending them without a specific request or requirement.

If this is "due diligence" from a PROSPECT (I am intimately familiar with due diligence from my investment banking days), the only way I would consider someone elses's audit report if I were a prospect would be to compare it against my own, especially any internal audits. The difference is that in investment banking, we were very leery of scams and frauds, with cooked books and faked or forged documents. We were not especially concerned with "ignorance" since we would probably revamp a management team as part of an IPO, either educating or eliminating those we found ignorant of good business practices.

I CAN say that in 40+ years of business, I never met a business leader I respected who would have considered looking at someone else's report, especially a "self-created" one, without ALSO looking at and comparing with a similar report by his own employee or direct agent. Heck! As the ENRON case proved, even independent, well-respected CPA firms can have employees (auditors) who willingly aid a company's management in committing fraud.

:topic:
Think of it this way - if you were suspicious of your spouse being involved in an extramarital affair, would you believe his/her word alone or seek independent corroboration by your own investigator?
 
Elsmar Forum Sponsor

somashekar

Staff member
Super Moderator
#12
They should read them because they requested it as part of due diligence.
Apart from the other audits that we take up, the customer also comes over and audits us. In an instant when the customer could not make a scheduled visit due to various reasons, they requested us to send a copy of the last CB audit report, based on which they made out an assessment and justified to themselves (their management) that an audit skip had no adverse effects on the supplier's performance. It worked for both.
So what is wrong when your audit report is serving for a good cause ......
 

Wes Bucey

Quite Involved in Discussions
#13
Apart from the other audits that we take up, the customer also comes over and audits us. In an instant when the customer could not make a scheduled visit due to various reasons, they requested us to send a copy of the last CB audit report, based on which they made out an assessment and justified to themselves (their management) that an audit skip had no adverse effects on the supplier's performance. It worked for both.
So what is wrong when your audit report is serving for a good cause ......
Maybe nothing is wrong, but what purpose does the full report serve? Does the customer then demand copies of any and all CAR as if he was the one requesting them? Does he second guess the CB auditor on the sufficiency of the CAR? What features of your system are important to them? Do they also implement a system of checking your n-time delivery? Are you on a ship-to-stock or ship-to-production basis or does this same customer also require your shipments to go through incoming inspection? Do you make custom products to this customer's designs or do you manufacture your own designs (whether you sell the same design to one or many customers?)

Depending on the circumstances surrounding product, quality history, criticality of the part to the customer's production, I would consider a request for a copy of the complete CB report by a customer to be anywhere on a range from unnecessary tree killing to "minor component of continual surveillance of a problematic supplier." In any case, I would not consider it a "routine" request, but would either worry about my company's status in the customer's eyes or mark it down to a "paper happy" customer who probably doesn't have anyone really competent to interpret a CB report in a way that would truly benefit his own company by virtue of having the report.
 

somashekar

Staff member
Super Moderator
#14
Maybe nothing is wrong, but what purpose does the full report serve? Does the customer then demand copies of any and all CAR as if he was the one requesting them? Does he second guess the CB auditor on the sufficiency of the CAR? What features of your system are important to them? Do they also implement a system of checking your n-time delivery? Are you on a ship-to-stock or ship-to-production basis or does this same customer also require your shipments to go through incoming inspection? Do you make custom products to this customer's designs or do you manufacture your own designs (whether you sell the same design to one or many customers?)

Depending on the circumstances surrounding product, quality history, criticality of the part to the customer's production, I would consider a request for a copy of the complete CB report by a customer to be anywhere on a range from unnecessary tree killing to "minor component of continual surveillance of a problematic supplier." In any case, I would not consider it a "routine" request, but would either worry about my company's status in the customer's eyes or mark it down to a "paper happy" customer who probably doesn't have anyone really competent to interpret a CB report in a way that would truly benefit his own company by virtue of having the report.
Too many questions and assumptions...
But to keep it simple, when a customer asks (requests, if not a part of the contractual agreement) for the In Thing (A specific audit report, NC and NC resolutions) apart from the Thing (Certificate), he would have every good reason for that, to meet a good purpose.
When you are proud of the certificate, why not the same about the audit report as well, unless otherwise you have great reasons...
Are we not keen to meet the customer requirement ...?
 
K

Ka Pilo

#15
If it is the case a current customer requested this, especially as part of an investigation into a problem issue, you probably should have said so in your first post to eliminate a lot of our responses tackling the issue of voluntarily sending them without a specific request or requirement.
Yes, I should said it in my first post but I made the statement in generic because I want a variety of comments on providing a copy of the audit reports to customers. The responses makes sense.

If this is "due diligence" from a PROSPECT (I am intimately familiar with due diligence from my investment banking days), the only way I would consider someone elses's audit report if I were a prospect would be to compare it against my own, especially any internal audits. The difference is that in investment banking, we were very leery of scams and frauds, with cooked books and faked or forged documents. We were not especially concerned with "ignorance" since we would probably revamp a management team as part of an IPO, either educating or eliminating those we found ignorant of good business practices.

I CAN say that in 40+ years of business, I never met a business leader I respected who would have considered looking at someone else's report, especially a "self-created" one, without ALSO looking at and comparing with a similar report by his own employee or direct agent. Heck! As the ENRON case proved, even independent, well-respected CPA firms can have employees (auditors) who willingly aid a company's management in committing fraud.
This is not just for this instance. Giving out a copy of the audit report would be part of the routine. In other words, it will be done every audit.

:topic:
Think of it this way - if you were suspicious of your spouse being involved in an extramarital affair, would you believe his/her word alone or seek independent corroboration by your own investigator?
This case is different. The customer will not do the audit. They just want to see the audit report prepared by somebody else. It seems that it saves a customer audit. (Or the husband will not be paying for a private investigator)
 

Wes Bucey

Quite Involved in Discussions
#16
Look! As a long-time business executive, I am not blind to the marketing aspect of "apparent transparency" of my business operation. I have written about my actions in that regard a number of times here in the Cove and over on the ASQ Discussion Boards. The difference is that if I provided a report (self-assessment or third party) to a customer or prospect as part of my marketing, I recast the thing in a three column format:

  1. Column one - the objective or Standard
  2. Column two - our "happy version" of what we do (we certainly didn't offer "bad" reviews from second or third parties!)
  3. Column three - blank space where we offered any and all comers to come and check any or all of the items themselves to confirm or deny what we offered as the happy version
In my contract machining business, we had a 24/7 "open door" policy, partly described in this excerpt from a post I made a few years ago.
. . . we ran our high-tech contract machining business 24/7 (one shift "lights out") and invited ANYBODY to visit unannounced. Whoever was on hand was qualified to do "the tour" - from the janitor/maintenance man to the CEO.

We also sent notice to customers of the time window when their product would run, if they wanted to come and observe any or all of the process, we were happy to have them.

We had safeguards in place to protect trade secrets of both customers and us, so no security breaches occurred.

Some customers came often, for formal and informal audits. Most never came - one comment from our second biggest customer was, "If you have that much chutzpah to invite 24/7 scrutiny, we don't need to call your bluff; we believe you!"
Here's a link from seven years ago where I wrote about part of what I did in due diligence and why as an investment banker.
 
K

Ka Pilo

#17
Look! As a long-time business executive, I am not blind to the marketing aspect of "apparent transparency" of my business operation. I have written about my actions in that regard a number of times here in the Cove and over on the ASQ Discussion Boards. The difference is that if I provided a report (self-assessment or third party) to a customer or prospect as part of my marketing, I recast the thing in a three column format:

  1. Column one - the objective or Standard
  2. Column two - our "happy version" of what we do (we certainly didn't offer "bad" reviews from second or third parties!)
  3. Column three - blank space where we offered any and all comers to come and check any or all of the items themselves to confirm or deny what we offered as the happy version
In my contract machining business, we had a 24/7 "open door" policy, partly described in this excerpt from a post I made a few years ago.

Here's a link from seven years ago where I wrote about part of what I did in due diligence and why as an investment banker.
Thanks for sharing, Wes. Did you experience dealing with a behest loan transaction? If so, how did you exercise due diligence?
 

Wes Bucey

Quite Involved in Discussions
#18
Thanks for sharing, Wes. Did you experience dealing with a behest loan transaction? If so, how did you exercise due diligence?
My career in investment banking ran from 1970 up to 1987, when I sold my interest and "retired" for the second time (I'm on my fourth retirement and, although consulting part-time, I am strongly considering starting another business with employees and equipment and real estate.) I have a suspicion what you may mean by "behest loan transaction" by parsing the individual words, but I tell you truthfully I never saw or heard that phrase until seeing it in your post. Why don't you detail your understanding of the term? - Perhaps I know it by a different term.
 
E

EllenW

#19
No, but I sometimes show them our reports when they audit us (and our audit system). The next time I send them our reports, however, will be the first.

/Claes
I have never had a customer requesting to see audits as usually they take the fact we are certified to the relevant ISO standard as proof we carry out suitable audits etc. To be honest, actually getting people inside the company to read an internal audit report can be hard enough, let alone someone outside the company lol!
 

somashekar

Staff member
Super Moderator
#20
I have never had a customer requesting to see audits as usually they take the fact we are certified to the relevant ISO standard as proof we carry out suitable audits etc. To be honest, actually getting people inside the company to read an internal audit report can be hard enough, let alone someone outside the company lol!
I guess we are talking about the CB's audit report which is the client's or organization's property. If you see merits in the report you are always free to share with your customer, if they request offline. However, when the same customer schedules a second party audit of your system for which you have agreed, then not disclosing the CB's audit report when asked for the same, during that audit will not be in good light.
 
Thread starter Similar threads Forum Replies Date
P 4.2.1 d)...still has Merit? Merit and value of low level "work instructions" ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
E Requirements for sending Medical Device Samples to Indonesia Other Medical Device Regulations World-Wide 5
E Sending disassembled medical device to Brazil to be re-assembled there 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
K Regulations for sending Veterinary Surgical Instruments to Qatar Other Medical Device Regulations World-Wide 4
L ISO9001:2008 - Applicable clause for sending incompetent crew to client Service Industry Specific Topics 7
K Sending Audit Questions to the Auditee in Advance Internal Auditing 20
S Deferment Letter for a delay in sending equipment for Calibration - format ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
G Sending person(s) to Mars, and not bring them back. Coffee Break and Water Cooler Discussions 4
Z Long Lasting Problem with our Supplier sending incorrect parts Misc. Quality Assurance and Business Systems Related Topics 13
S Sending Partially Labeled Product to Korea 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
S Proof of Competency Outside of the Organization - Sending an Employee Abroad Training - Internal, External, Online and Distance Learning 4
M Sending sample devices to foreign countries Other Medical Device and Orthopedic Related Topics 1
H Manufacturers? Certificates: Can information be removed when sending to clients? Quality Manager and Management Related Issues 3
ScottK Free Trade Magazines... How long will they keep sending them? Coffee Break and Water Cooler Discussions 6
D Long Time Supplier sending Out-of-Specification Parts - Supplier Question Supplier Quality Assurance and other Supplier Issues 18
Q Supplier Excuse: Sending Defective Unit to Catch Up Shipping Schedule Supplier Quality Assurance and other Supplier Issues 11
Marc Western Union Stops Sending Telegrams - 145 Years of Telegram Service World News 0
S How to measure customer satisfaction? Sending out surveys by email? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
L A2LA - Sending testing to a non-accredited lab if customer doesn't require A2LA? General Measurement Device and Calibration Topics 2
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
P Audit check for IT company (ISO 9001) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
D Supplier audit Medical Device and FDA Regulations and Standards News 2
M Go Live With New ERP System before Recertification Audit General Auditing Discussions 6
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
A Define timeline for Major and Miner Audit finding General Auditing Discussions 4
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
A API Monogram audit review process Oil and Gas Industry Standards and Regulations 4
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 7
B Remote IATF 16949 audit preparation General Auditing Discussions 10
M AS9100D Registrar pre-audit requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
I Do I need to sign off my annual audit calendar? Internal Auditing 2
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M Nice and simple invitation email to an audit kickoff meeting Internal Auditing 1
M IATF 16949 - Audit of Remote Location/Support Site and IT IATF 16949 - Automotive Quality Systems Standard 4
Q IATF audit - Root Cause Analysis results IATF 16949 - Automotive Quality Systems Standard 5
Q Self-assessment audit information Quality Management System (QMS) Manuals 6
Le Chiffre Online training available for ISO/IEC 17021-1: Requirements for bodies providing audit and certification of management systems Training - Internal, External, Online and Distance Learning 3
xfngrs NIOSH Audit for N95 respirators US Food and Drug Administration (FDA) 1
Sidney Vianna IATF 16949 News Risked Based Audit Day Calculation IATF 16949 - Automotive Quality Systems Standard 2
T AS9100 audit due to facility move AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 5
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
B SAP Audit trail Periodic Review EU Medical Device Regulations 1
N What are the software audit and control steps Reliability Analysis - Predictions, Testing and Standards 2
R Gap Audit Aerospsace and Rail QMS Quality Manager and Management Related Issues 0
salaheddine96 Internal audit planning Internal Auditing 2
A MDSAP Audit Questionnaire Medical Device and FDA Regulations and Standards News 7
H Obligations as a contract manufacturer during an MDSAP audit ISO 13485:2016 - Medical Device Quality Management Systems 5
M What are the basics of Medical Device Single Audit Program (MDSAP)? ISO 13485:2016 - Medical Device Quality Management Systems 7

Similar threads

Top Bottom