I'll Tell You How To Run Your Business!



Comments, group?


Subject: Q: ISO Observation for use of software /Naish
Date: Mon, 16 Aug 1999 14:23:36 -0600
From: ISO Standards Discussion <[email protected]>

From: [email protected]
Subject: Q: ISO Observation for use of software /Naish

In a recent audit, the company was given an observation for not using modern techniques such as software programs for doing their purchasing and sales order quoting. The auditors did say they could ignore the observation because it was only that. Has anyone else ever been told this in an audit as a non- conformance or as an observation?



Subject: Re: ISO Observation for use of software /Naish/Hankwitz
Date: Tue, 17 Aug 1999 10:52:49 -0600
From: ISO Standards Discussion <[email protected]>

From: "Hankwitz, John " <[email protected]>
Subject: RE: ISO Observation for use of software /Naish/Hankwitz


We have never been outright told that we could ignore an observation, but I have always thought of that as being implied. ISO can't tell us how to run our business, but the auditors are able to see things from an outside perspective that they think we should look at. It's obvious the auditor in this case saw an area that could be improved, and brought it to their attention through an observation. There's no way an auditor could tell them they must convert to using a computerized system, but it's something they might want to look into.

During our periodic audit last month, we received two corrective actions, five observations, and another eight what I call "looks". A "look" is something less than an observation. When something is not up to expectations for a mature system such as ours during an audit, and neither a corrective action nor observation is appropriate, our auditor makes eye contact with me, affirming that he just saw what I should have seen, and I might want to take the time to follow up on it. Most of the time, I've already started taking notes before he gives me "the look". "Looks" are so minor that anyone would laugh if they saw it documented in a report. I think they're the best part of the audit since I can usually catch a problem before it actually becomes one. I think they call it "prevention". After all, ISO 9000 is all about customer satisfaction through the prevention of problems.

An example would be during the audit of our Painting Supervisor. While accessing his team's Training Records on his PC, his mouse was not working as it should. We spent several minutes as he figured out the appropriate key-strokes to get to the information. I had already started writing this down before I got "the look". Could you imagine getting a Corrective Action or Observation for "Individuals mouse operating intermittently erratic"? Further investigation a few days later revealed that an upgrade to our Windows software was creating problems on computers with certain processors. This problem existed on several computers, but no one else knew about it since they hadn't yet accessed their teams Training Records. So, we fixed the problem before most knew they had it. We followed up by updating our computer upgrade procedure to check for such problems in the future.

John Hankwitz
[email protected]


Subject: Re: ISO Observation for use of software /Naish/Fares
Date: Tue, 17 Aug 1999 11:07:17 -0600
From: ISO Standards Discussion <[email protected]>

From: "Fares, Angie" <[email protected]>
Subject: RE: ISO Observation for use of software /Naish/Fares

In my opinion, the auditor overstepped the boundaries of what they were supposed to audit. They should only be auditing the control of your system and your compliance to that system. Personal observations are not appropriate and only serve to jeopardize the credibility of the auditor because they had a preconceived notion of how you should be doing something.

I have had auditors "observe" that I did not stamp copies of my specifications in the traditional manner of paper-based specifications, however, I proved that my system was controlled and that it worked. Therefore, the fact that I do not rubber stamp my specifications should not be recorded as an observation just because it is not what the auditor personally expected or wanted to see.

I think your auditor confused personal expectations with regulatory expectations. I get annoyed when auditors record observations that have nothing to do with whether or not I was in compliance. It gives me the impression that they are annoyed or disturbed when I have not met their personal opinions of how I should be doing my job. I don't mind if the auditor asks whether or not he/she could do me a favor by including that observation (for the benefit of my management team), but I resent the arrogance of some auditors who assume that their observation (or automation in general) somehow automatically results in better, more controlled systems.


Subject: Re: ISO Observation for use of software /Naish/Hankwitz/Deibler
Date: Tue, 17 Aug 1999 12:20:02 -0600
From: ISO Standards Discussion <[email protected]>

From: Bill Deibler <[email protected]>
Subject: Re: ISO Observation for use of software /Naish/Hankwitz/Deibler

The bedrock quarry from the Flinstones got ISO registration....and they used stone tablets.

Use of technology is not a requirement of the standard. When I used to do assessments for BSi (93-95), I used to issue "observations" for processes that I suspected were about to collapse, but a nonconformance was not in order because the defined quality system was compliant with the standard.

I only issued observations when it was very clear to the client that this was the case and it was considered value added. This would give them a sort of heads-up in addressing things in the future.

The last thing in the world that an auditor should do is tell the client what they should be doing...what technology they should apply, etc. It really becomes a form of consulting and also confuses the client as they believe this is something they must do. Accreditation issues come into play...blah blah blah...and we all know that on this list right?

I was always clear with the client that an observation was not a nonconformity, but something that could lead to a nonconformity in the future....for example, if in a software company, significant resources had been diverted that were normally assigned for validation purposes, this could jeopardize the ability to execute on contractual committments....or implementing their defined lifecycle.

All registrars work a little differently and use a little different terminology when documenting the results of the assessment.

As a customer, question why they are doing what they are doing...and never ever do anything to please a registrar. That would be your biggest mistake. They don't have to answer to the shareholders....you do.

I once had an auditor tell me that we shouldn't be using C++, but rather C because ISO hadn't issued a standard for C++. This was his opinion, and it was rather nuts...and I had to pull him aside and calm him down.

You see...all auditors really want to be consultants...smile...and sometimes they step over the line a little. But a legitimate observation can be very helpful to the client in the long run and not act as a form of consulting.

My 2 cents,



Subject: Re: ISO Observation for use of software /Naish/Ganor/Raymond
Date: Wed, 18 Aug 1999 13:23:28 -0600
From: ISO Standards Discussion <[email protected]>

From: "Raymond, Charles E. x1280" <[email protected]>
Subject: RE: ISO Observation for use of software /Naish/Ganor/Raymond

The auditor may be on to something. If we examine clause 4.2.3 Quality Planning, about mid-way down the first paragraph it states: "The supplier shall give consideration to the following activities, as appropriate, in meeting the specified requirements for products, projects, or contracts:"

d) the updating, as necessary, of quality control, inspection, and testing techniques, including the development of new instrumentation;

The problem, IMO, is the subjective nature of the standard. What does "give consideration" mean? It is a requirement as evidenced by the use of the word "shall". How do you audit this for compliance? Can you show a copy of a magazine advertisement for current software and say, " I considered buying this.", And be in compliance? I'm not saying that the auditor is right, I would like to know how an auditor verifies compliance with the above requirement? To me, it seems that this is what the auditor was trying to audit for compliance. Re-reading the original post, I do not see where this is being limited to just software, it appears that software was given as one example.

Chuck Raymond
Top Bottom