Is it time to remove the constraints under which registrars have been expected to operate?

[AllanJ]

I wonder if there's enough basic competence to go around, with the understanding that a significant proportion of competence is experience, which can't be taught.

Ah! What a fabulous question that truly energizes me.

One of the problems professional auditing has experienced has been the reduction in general ability and competence of those assigned to be auditors. For that, the explosive growth in ISO 9K registrations is much to blame. The demand for auditing and hence auditors outstripped the supply of capable people and those knowledgeable in the processes, technology and businesses they were required to audit.

Auditing is about the assessment of applied knowledge and to repeat one of my published sayings: "the application of knowledge cannot be assessed by assigning ignorance to the task". But ignorance and stupidity are not the same thing. Experience and training can replace (destroy) ignorance. It takes time and time was not given. The net result has been a lowering of the quality of the audit service experienced by management which then thought it unnecessary to assign the best people to the audit pool, thus creating a vicious circle and self-fulfilling prophesy in their minds.

Poor quality auditing has, in my view, been a major contributor to the generally disappointing results of ISO 9K. Those who rushed to promote it and made it sound so easy (a quick fix etc) did much damage.

But, it is not irreversible. It takes only a few dedicated people and firms to patiently do what is required, demonstrate the results such that general calibre of assigned auditors is eventually raised to the requisite level of "competence".

I have written much more on this matter elsewhere and will not repeat it now.

 

[Jim Wynne]

Ah! What a fabulous question that truly energizes me.

But what about the question? Is there enough competence to go around? This isn't only a third-party audit question. In an internal audit, where is the wisdom in taking someone from marketing and asking them to audit a technical function that is outside their own narrow area of expertise? We've been told time and time again that auditors must be independent of the function being audited, which effectively reduces the audit function to hoping that auditors will be able to discern whether or not the process being audited is in compliance with the standard, and not whether there are any opportunities for improvement from that will only be identified by an experienced person. And "hope" is not a strategy.
And now it seems that you want to expand the role of auditors, despite the fact that efficacy without the expansion has never been proven. I'm always open to suggestions for improvement regardless of the source, and it's true that sometimes good suggestions emanate from unexpected sources. But I have serious misgivings about being audited by neophytes or nincompoops who have no basis in knowledge and experience and then expecting them to provide suggestions for improvement.

 

[Gerry Quinn]

I for one am concerned with the ability of some registrars to offer anything of use to the client. In the past year I have been to several facilities with registration certificates proudly hanging on the wall only to find that their systems don't come close to complying with the intentions of the standards or of my company's requirements.

Some firms don't address all of the standard's requirements but fail to take formal exceptions in their registration certificate.

Some make statements of policy in their manuals only to have an unwritten policy that contradicts the written policy.

Most of these organizations tell my boss that they never gone through an audit as thorough as mine. I am not a nit picker, I just review the entire quality system and look for a process that works. I don't write trivial corrective action requests.

During my closing meetings, I tell it like it is (or how I see it). During my last audit I told the supplier that his registrar wasn't doing him any favors since I determined that his system did not comply with the intentions of the standard.

So how do you let uneducated registrars give advice?

It seems to me that the only one who can really do anything to cause a supplier to improve, is the customer. The customer needs to meet with his suppliers and spell out the requirements for compliance and improvement. He then needs to ensure that those requirements are being met. Relying on registrars to do this just won't work.

 

[David Hartman]

By the time the first company I worked with that chose to move to ISO 9001 certification made that decision our internal audit team (3 auditors) had a combined experience base of 21 years (myself w/9 years of experience). Thankfully the first book I picked up on auditing was Management Audits by Allan (I say thankfully because I believe that it started on the right road). Our team had been responsible for encouraging the company to make some pretty significant improvements in their business processes.

Then we moved towards ISO certification (customer required, and felt by all to be the right move to make). But what we found was that the internal auditors where no longer taken seriously - the general concensus was that the "professional" assessors did not find any major issues, so whatever the internal auditers found was trivial and not really of importance.

It took us over 5 years to once again convince the powers-that-be that there really was value to be had by continually improving the process. Most of this proof came in the form of pointing out to them that months or years before the "professional" had noted a finding - that was just noted by them - we had made the same observation, but before it really became an issue.

Was our ability to see the problems before the "professional" attributable to better training, possibly; but it could have been influenced by many factors such as a greater amount of maturity (experience) and the fact that we were "living" with the processes on a daily basis.

 

[AllanJ]

But what about the question? Is there enough competence to go around? This isn't only a third-party audit question .

With apologies, I though I had answered the question by implication. At present there is not enough competence to go around. But, there will be once it has been developed. I hope you did not think I addressed so-called 3rd party stuff, for I do not believe I did.

Gerry is highlighting matters experienced by far too many organizations. Yet, the accreditation and registrar training/ certification schemes have not sufficiently grasped the nettle and improved even though the problems have been extant for twenty years, predating ISO 9K's appearnce. We have the wrong people running those schemes and in the wrong way. But, that is a bit of a digression.

ddhartma is very kind in his remarks about my book, and I sincerely thank him for them. The issue of expectation of internal auditor performance in relation to that of "professionals" comes as a result of the somewhat excessive publicity given to ISO 9K certificates, management then assumption of the abilities of the registrars - the "professional auditors" to whom he alludes. I do recall the very early days of auditing when management had no idea what to expect and, in a few cases, would put the CFO in front of one. (I especially recall in 1977 a particular German company whose CFO sat at the head table of the entry meeting with a pile of documents and books before him. He was constantly wiping his brow until I explained the purpose of the audit, which I was doing for GE. I always wondered what was in those books! As a post script: that firm went bust about five years later - I hope there is no connection with my audit! ) They assumed that was the type of audit to be performed and their assumption was that the extrinsic auditor was akin to the financial auditor.

 

[Jim Wynne]

With apologies, I though I had answered the question by implication. At present there is not enough competence to go around. But, there will be once it has been developed.

No apology necessary. But you seem to be saying, "There will be enough competency when competency has been developed." Or do I misunderstand? It seems a little like saying, "The flood will recede when the water goes down."

 

[AllanJ]

No apology necessary. But you seem to be saying, "There will be enough competency when competency has been developed." Or do I misunderstand? It seems a little like saying, "The flood will recede when the water goes down."

Yes I am. No you do not.

Of course, water can drain away, it can evaporate, it can be pumped away. Generally any of those take time according to resources, effort and environmental conditions. But, human effort is probably a deciding factor. I am rather concerned about a recession though, if I may focus on your word" recede", but recession of a different sort: a profession-wide one.

But, to bend your hydraulic metaphor a tad, the swamp will be drained when the water level is reduced. First for the crocodiles.

 

[Hershal]

Wow!

Let me restate.....we may be on different oars but are in the same boat.

First, accreditation vs registration as both relate to COI and competence.....

I agree with Sidney that the role of both accreditors and registrars is to provide (to the best possible extenet) an unbiased evaluation, without the concerns that our judgment is clouded by personal involvement. Now, we can not be perfect as we are human.

Accrediting bodies (e.g. IAS, NVLAP, A2LA, SCC/CLAS) accredit laboratories, or accrediting bodies (e.g. RABQSA) accredit ISO 9K registrars. The 9K registrars register various organizations to 9K or similar.

Accrediting bodies are tasked with - among other things - evaluating the "competence" of the various organizations and personnel they assess. Just a side note, in the accreditation world there is competent or not competent.....there is NO incompetent in the usual sense of the word. Competence means technical proficiency in the accreditation world.

The registrars in turn evaluate organizations to determine compliance to a QMS standard. Another note, registrars do NOT evaluate laboratories or inspection bodies, as accrediting bodies will assess testing and calibration labs to ISO/IEC 17025 (or ANSI/ISO 17025 for the U.S. version) and inspection bodies to ISO/IEC 17020.

Now, how do we assess competence? Ahhhhhhhhh......quite the question. In the accreditation world, to assess competence, we must have someone who is trained and experienced in whatever is being evaluated. For example, I might assess a fire test lab or microwave calibration, as I have been trained and experienced in both now. On the other hand, I cannot assess an inspector who audits wood shake and shingle mills.

Also, accrediting bodies who accredit 9K registrars and accrediting bodies who accredit laboratories generally do not cross the line to the other, but only in the U.S. market. Most economies have only a single AB, so the AB does everything.

Now, for COI or conflict of interest. We absolutely must be independent in order to provide confidence to the registrar's or laboratory's clients. Also, we must be independent to be recognized internationally. Yes, we can provide examples of what we have seen in other places, maybe even suggestions at times that an organization may find of value. However, the key is that these comments must be non-binding, and only offered as something to be considered in light of the organization's business.

Just my thoughts. Hope it helps.

Hershal

 

[AllanJ]

Claes split off this thread recognising I raised the question : should registrars be allowed to offer solutions.

From what I am reading from Sidney and Hershal who are in the registration business they are indirectly saying "no".

But, more important is what does the customer want or need. If customers would benefit from getting whatever suggestions for improvements and problems and if that would benefit their business performance and the overall economy (exports and so forth) it is my view that need should override whatever has gone before and exists at present.

There was a time when registrars ran consultancy divisions and became frowned upon - not least by consultants who wanted to protect their turf. From various anecdotal reports and posts I suspect some still do and have rearranged their organization so that such things are done at arms length such that an appearance of COI is avoided. If registrars had the kind of fiduciary responsibility of financial auditors I would certainly agree that advice/ suggestions/ recommendations giving rise to COI must not be tolerated for one could get a case of "Enronitis". Those auditors are there as a statutory requirement to protect shareholder assets etc.

But, much as I believe our work in quality is important in that it is aimed at protecting shareholders from loss and improving shareholder value, through preventing/ eliminating waste, I am not so conceited as to think we are in the same league.

There is no doubt in my mind that despite what I may think of the entire registration/accreditation industry, there is a number of individuals within it who are diligent and caring and possessing much useful experience that should be tapped. Importantly, as my speech also tried to show, if there was a restructuring of the business model, and market forces do their usual magic, the diligent registrars will prosper - for the right reasons - and the others will not for their real depth and value would soon be exposed.

That entire registration/ accreditation industry is overdue for a clean-up and I am sure people like Sidney and Hershal know it even if they cannot publicly state as much. Let the value they might be able to add become visible: let the nation and its business benefit as a result.

 

[Hershal]

Allen,

I cannot speak for Sidney, nor any other besides myself or the AB I work for.....but the conflict of interest (COI) provisisons are in place for good reasons.....that being that we must be independent.....think about that.....

If you want to add a home addition and wire it in.....would you rather have Johnny from Henry's gas station, bar and calibration house? Or would you rather have a licensed person?

This is the choice for anyone using an accredited lab.....

so, think about this.....do you have a gas fireplace? do you have a stove? do you have an A/C? do you have a toilet?

would you rather have Johnny pass something so he gets decent pasta from MA.....or would you rather have something you can actually count on?

That is why the COI is important.

Hershal