ISO 9001 3rd Party Audit Preparation - Open Issues Aspects

Sidney Vianna

Post Responsibly
Leader
Admin
Brad, thanks for posting that. I can see that my first post today could be misunderstood. From Angie's account, it does look like the organization is making significant improvements. From THAT perspective, yes, Angie apparently succeeded. And kudos to her for that.
My comment about lack of success was the part about being able to talk the company out of NC's by the external auditor. Unfortunately, many times, the external NC's are the only ones that get some attention, because, failure to resolve them could lead to de-certification proceedings. I know that we have debated in the past the lack of added value for external auditors to write up NC's when problems are already identified internally. But in this case, I think Angie should ask herself: What would be the problem for the external auditor to write up NC's on issues that we are already working on? It would give her more leverage to make sure that the corrective actions DO GET implemented and are effective. It concerns me as well that, before the last audit, Angie was questioning the credibility of the external auditor. And now, after her first audit in this organization, with the external auditor performing apparently in the same fashion he always did, she seems to think that he will demand great changes and improvements...or else? It might be the case, but from where I sit, it looks like history repeating itself.
 

BradM

Leader
Admin
Thanks for the follow-up.

So to pick up a few more auditing tips from you:

I never would have thought about writing the NC against the Internal items. Are you suggesting that you write an NC because no evidence of correcting the internal items? Is there a specific ISO citation for that, or do you objectively observe the internals have not been closed? I guess how would you give your NC some teeth? When would such an item move into a major, or most of the time just a minor?

Say an audit does not go well, and you dump the auditor. Should the new auditor have the similar approach of starting with internal findings first, or do they 'discount' them and start fresh?

Your thoughts. Not to get off track very much; just so I can learn a few more things from this thread; maybe OP will find them interesting also.
 
P

potdar

I never would have thought about writing the NC against the Internal items. Are you suggesting that you write an NC because no evidence of correcting the internal items? Is there a specific ISO citation for that, or do you objectively observe the internals have not been closed? I guess how would you give your NC some teeth? When would such an item move into a major, or most of the time just a minor?

My:2cents:

Clause 8.2 says "an action would be take without undue delay when an NC is identified. Normally organisations commit a closing date for the corrective action to be completed. The closure is also supposed to be reviewed.

The external auditor can check whether actions are being taken "without undue delay", whether actions taken are verified, whether they are effective and pass his own comments. An NC repeating time and again after supposedly being "successfully" closed is not properly closed and not properly reviewed. It is not EFFECTIVE.

In my dictionary there are no major or minor NCs. Either there is an NC or there is no NC. So sorry, I wont be able to comment on that aspect. I define an NC when the system is seen as collapsed or in danger of an imminent collapse. It could be a major deviation from the requirements, many small mistakes found to be repeated over a large working area / time zone, repetition of the same problem again and again even after being pointed out.

An isolated, unnoticed event without major repurcussions on the system functioning may be pardoned as an "observation" when the system is found to be functioning properly otherwise in the same working function.
 
P

potdar

Angie,

I am writing to you as an ex-MR. When you faced the auditor, you were probably long past the situation where you had to bother about saving your own butt. So you tried to save the company's butt in the best way you could think of and succeeded. Great ! Everyone is happy for you. Now you know there is a pile of work ahead of you and are in a hurry to get after it. Just wait a minute. Turn back and think. There possibly was a better way of handling the audit than what you did. Thats what our experienced friends are trying to tell you.

As an MR it is your job to know your system thoroughly. It is also your job to try and manipulate the external auditor to your benefit. It is his skill to know when he is being manipulated and to decide how much to relent.

But what is your benefit? To get things done your way in the company you need the top management on your side. But they happen to be a slippery bunch of people. (General observation - not an aspersion on YOUR management). To keep this bunch on your side, the best friend an MR can have is the auditor.

You could possibly go back to the portion of this thread where people discussed about what they would do if they were to audit your organisation. You would find many different views and possibly pick how you would like your auditor to behave while auditing you. Try to get him round to your view when he audits you next. THAT should help you keep a democles' sword on the head of the management and at the same time tell them that you are doing a great job, you are indispensable, you desrve excellent raises, ....

If I were wearing an auditor's hat I would probably attack and chew this post. But wearing the hat of a consultant or an MR I would stand by and defend what I wrote.

Best of luck in your endeavours.
 

Sidney Vianna

Post Responsibly
Leader
Admin
Are you suggesting that you write an NC because no evidence of correcting the internal items? Is there a specific ISO citation for that, or do you objectively observe the internals have not been closed? I guess how would you give your NC some teeth? When would such an item move into a major, or most of the time just a minor?
I will assume that by "correcting internal items" you mean applying corrective actions to nonconformities found during the internal audits.
Clause 8.2 says "an action would be take without undue delay when an NC is identified. Normally organisations commit a closing date for the corrective action to be completed. The closure is also supposed to be reviewed.

The external auditor can check whether actions are being taken "without undue delay", whether actions taken are verified, whether they are effective and pass his own comments.
In addition to that, remember that one of the required inputs into management review is the status of corrective actions. If top management is not taking appropriate action on chronic, delinquent issues, absolutely, as an external auditor, I would write a nonconformity. Have done a number of times.
 

Paul Simpson

Trusted Information Resource
Missed this first time around and I'd just like to express my disgust that Angie's company got a recommendation - never mind with only one NC.

No offence to her and I hope she gets the continuing support fromn her management team.

But look at what this says! You can have a system that is about a million miles away from being ISO compliant -
  • everyone in the company knows it (and will happily tell everyone they know now that ISO isn't worth a bean).
  • the "darkened room auditor" may even know it and,
  • if the system is that bad, the customers will know it and know that ISO certification is worth as much to them as a breakfast cereal box top
  • the certification body review process is a crock as they can't identify from the report that their auditor is recommending a basket case for certification

What happened to that idea to name and shame? Perhaps the Cove isn't the place but there has to be a place where this type of practice is raised to the surface. I have spent over 20 years in quality working to management systems. Too long to have it degraded and devalued by this type of audit.

:frust: :frust: :frust: :frust: :frust: :frust: :frust: :frust: :frust: :frust: :frust: :frust: :frust: :frust: :frust: :frust: :frust: :frust: :frust: :frust: :frust:
 
Last edited:

BradM

Leader
Admin
What happened to that idea to name and shame? Perhaps the Cove isn't the place but there has to be a place where this type of practice is raised to the surface. I have spent over 20 years in quality working to management systems. Too long to have it degraded and devalued by this type of audit.

Excellent points, Paul. Thank you for the passion. But getting to the long-running thread regarding ISO being a piece of paper, well... sadly for many that is exactly what it is.

Who is going to do it? The customer isn't (for the most part). They passed their audit, and justifiably so, are happy with the results. The audit did not detect any problems, so everything is good.
 

Paul Simpson

Trusted Information Resource
Thanks to Sidney for echoing my thoughts. I have posted a reply earlier but for some reason it hasn't come through. Perhaps there's a "Rant" filter on the Cove these days. But here goes.

Excellent points, Paul. Thank you for the passion. But getting to the long-running thread regarding ISO being a piece of paper, well... sadly for many that is exactly what it is.
There are many on the cove who can in their minds separate the ISO certificate from a compliant system and a documented ISO system from a good quality management system delivering what customers want. I cannot.

I have invested too much blood, sweat and tears over the years to accept you can certify duff systems and will argue till I'm blue in the face against this. I realize this poor practice (on the part of the company and the auditor) does take place but would rather the culprits are brought to book than congratulated.

Who is going to do it? The customer isn't (for the most part). They passed their audit, and justifiably so, are happy with the results. The audit did not detect any problems, so everything is good.
As Sidney has said there is very little about this situation that approaches good. Nothing is even acceptable. I think of it like this:

  • The company has a certificate they know is meaningless
  • Their employees know that an ISO system is worth three tenths of naff all and are happy to tell anyone who will listen that this is the case
  • The "darkened room" auditor can sleep easy after a job well done
  • The customers have a less than optimal supplier and - if all the problems mentioned are there - then will live with poor quality from the "certified supplier
  • Any poor soul who pays credence to the certification will end up selecting a duff supplier on the basis of this "audit"

And ISO as a tool for Quality Assurance will reap the whirlwind of reputation based on this as a "successful" audit.

We must be so proud! :nope:

Thanks Brad for your constructive prodding!

P.S. A darkened room auditor is one who cannot find their butt in a darkened room using both hands.
 
Top Bottom