Poll: Should auditors promote the process approach?

[DrM2u]

:truce: It might be my impression only, but to me it seems like some of the voters are reading the disputed debate around the main topic and the 'branches' it has sprung before voting. While there is nothing against or pro this, I believe that some of the voters are focusing on the discussions and missing the meaning of the question for this poll. I would like to take this opportunity to bring the question back in focus for those who are about to vote.

The question is simple: "If an organization has not adopted the process approach, is it appropriate and proper for a third-party (registrar) auditor to formally identify "adopting the process approach" as an opportunity for improvement?"

For those of you who are or were auditors, what were the guidelines given to you by the registrar? In my case, the registrar had two sub-categories for OFI's: system weaknesses (i.e. some records were incomplete, actions were not always taken when desired outcome was not achieved, etc) and 'true' opportunities where the auditor could identify opportunities for the organization based on observed or commonly known and accepted best practices. To me (and to many schools of management) it is good practice to take a systemic approach to business, to identify the processes employed and to evaluate their effectiveness. Therefore I never hesitated to identify adopting a process aproach as an opportunity for improvement, whether I did it formally or informally.

For those of you who are auditees, do you and what kind of value would you expect your auditor to bring to the audit process besides evaluating the QMS's level of compliance? From my perspective, sitting on the client's side of the table, I would like the auditor to share with my organization best practices that I/we would not be exposed to or hear about otherwise. Not everyone expects and/or welcomes this, but that is an indicative of the organization not of the audit or the auditor. A formal identification of opportunities serves only as a reminder after the auditor is gone and it does not mean or imply that I have to do anything about it more than giving it a second thought. Did your auditors indicate this otherwise?!? Did your auditors do more than try to guide your thoughts toward or shine some light on the systemic (process) approach? If yes, then there is a good chance that they crossed the taboo boundary of consulting during the audits.

Please evaluate your position and the reason behind it a couple of times before voting. First or gut instincts are not always the right ones.

 

[Richard Pike]

The question is simple: "If an organization has not adopted the process approach, is it appropriate and proper for a third-party (registrar) auditor to formally identify "adopting the process approach" as an opportunity for improvement?"


For those of you who are auditees, Did your auditors do more than try to guide your thoughts toward or shine some light on the systemic (process) approach? If yes, then there is a good chance that they crossed the taboo boundary of consulting during the audits.

The problem is in the wording of the question !!! "- formally identify -
an opportunity for improvement." This (to me) implies that there will be consequences (formal) if the Auditors "suggestions" are not acted upon.

And of course as DrM2u identified - to do this (for any "opportunities for improvement" would indicate an Auditor "crossing the boundary"

Personally I would not be so polite! but thanks DrM2u, for what I believe is the most realistic and accurate post within this thread.

 

[Jim Wynne]

:truce: It might be my impression only, but to me it seems like some of the voters are reading the disputed debate around the main topic and the 'branches' it has sprung before voting. While there is nothing against or pro this, I believe that some of the voters are focusing on the discussions and missing the meaning of the question for this poll. I would like to take this opportunity to bring the question back in focus for those who are about to vote.

The question is simple: "If an organization has not adopted the process approach, is it appropriate and proper for a third-party (registrar) auditor to formally identify "adopting the process approach" as an opportunity for improvement?"

For those of you who are or were auditors, what were the guidelines given to you by the registrar? In my case, the registrar had two sub-categories for OFI's: system weaknesses (i.e. some records were incomplete, actions were not always taken when desired outcome was not achieved, etc) and 'true' opportunities where the auditor could identify opportunities for the organization based on observed or commonly known and accepted best practices. To me (and to many schools of management) it is good practice to take a systemic approach to business, to identify the processes employed and to evaluate their effectiveness. Therefore I never hesitated to identify adopting a process aproach as an opportunity for improvement, whether I did it formally or informally.

For those of you who are auditees, do you and what kind of value would you expect your auditor to bring to the audit process besides evaluating the QMS's level of compliance? From my perspective, sitting on the client's side of the table, I would like the auditor to share with my organization best practices that I/we would not be exposed to or hear about otherwise. Not everyone expects and/or welcomes this, but that is an indicative of the organization not of the audit or the auditor. A formal identification of opportunities serves only as a reminder after the auditor is gone and it does not mean or imply that I have to do anything about it more than giving it a second thought. Did your auditors indicate this otherwise?!? Did your auditors do more than try to guide your thoughts toward or shine some light on the systemic (process) approach? If yes, then there is a good chance that they crossed the taboo boundary of consulting during the audits.

Please evaluate your position and the reason behind it a couple of times before voting. First or gut instincts are not always the right ones.

I think the main problem here is one of definitions, and how one recognizes the process approach when he sees it. The information in the standard doesn't constitute a rigorous definition, imo, and I'm not sure that a rigorous definition is even possible. It's one of those things where everyone seems to agree that it's a good thing, but no one knows exactly what it is.

Part of the reason for the difficulty in trying to decide what, if anything, to about the process approach lies in the ambiguous language of the standard, which says that it "promotes" the PA. Personally, I read this as saying that the standard, unlike its 1994 predecessor, was written to facilitate implementation of the PA, and as such is not in any sense prescriptive. YMMV, as they say, and that's the problem, I think.

The problem (imo, again) in having auditors running about "promoting" things is that too many audited companies perceive the CB auditor to be a daunting and inerrant authority figure, and think that everything that comes out of his mouth is sacred and must be attended to. Even offhand comments over lunch are often taken to heart by auditees who believe that the only goal is to please the auditor. Whether this is a fault of the auditee or the auditor is largely irrelevant; it's the results that matter.

In any case, the OP's thesis fails on a basic level because despite repeated attempts to get him to do so, he's never shown us the "shall."

 

[Marc]

Process Approach Challange - Please Define what the 'Process Approach' is

Process Approach Challenge - Please Define what the 'Process Approach' is.

 

[Richard Pike]

Even offhand comments over lunch are often taken to heart by auditees who believe that the only goal is to please the auditor. Whether this is a fault of the auditee or the auditor is largely irrelevant; it's the results that matter.

In any case, the OP's thesis fails on a basic level because despite repeated attempts to get him to do so, he's never shown us the "shall."

That is a good point on it doesn't matter if its the Auditors or the Auditees fault.

The SHALL has not been shown because (as we all know - except the ISO fellow) it does not exist!

My earlier point was that if the Auditee feels strongly enough that the Auditor is wrong (in anything) then they have recourse direct to the CB.

I do believe that we have NOT heard direct from a CB ( Despite 100,s of post,s). And of course we will not hear from a CB other than perhaps in wishy washy concepts of adding value!

Some added no-added value comments (sorry)
There is NO CB that will say publically -- Yes, we know we didnt want it on the last audit (even though we knew about it) but we (or ISO or some technical committe) have changed their minds. We havent got the courage to make it a non-conformance, but we are telling you we are going to make your life difficult if you dont implement our auditors "suggestion".

I am however seriously interested as to how and when this thread will run out?

 

[DrM2u]

I think the main problem here is one of definitions, and how one recognizes the process approach when he sees it. The information in the standard doesn't constitute a rigorous definition, imo, and I'm not sure that a rigorous definition is even possible. It's one of those things where everyone seems to agree that it's a good thing, but no one knows exactly what it is."

I agree that defining and recognizing a process is a problem but I disagree that there are no clear definitions for the concepts of 'system' and 'process'. See my comments in Marc's thread about Process Approach for more on the topic.

Part of the reason for the difficulty in trying to decide what, if anything, to about the process approach lies in the ambiguous language of the standard, which says that it "promotes" the PA. Personally, I read this as saying that the standard, unlike its 1994 predecessor, was written to facilitate implementation of the PA, and as such is not in any sense prescriptive. YMMV, as they say, and that's the problem, I think.

I think that the standard is fairly clear about its requirements as listed in clauses 4.1.a, 4.1.b, 4.2.2.c and 8.2.3. The difference (and the basis for all the debates goiung on here) is how these requirements are interpreted and implemented. This is where the 'process approach' comes in play. If an organization does not recognize and understand the concepts of 'system' and 'process' it will probably not address the ISO 9001 requirements using the 'process approach'. How can one recognize a chicken from a sparrow if never saw (or learned about) either?

The problem (imo, again) in having auditors running about "promoting" things is that too many audited companies perceive the CB auditor to be a daunting and inerrant authority figure, and think that everything that comes out of his mouth is sacred and must be attended to. Even offhand comments over lunch are often taken to heart by auditees who believe that the only goal is to please the auditor. Whether this is a fault of the auditee or the auditor is largely irrelevant; it's the results that matter.

I agree that the way the auditors and the audits are perceived is a problem, but ignoring it will not make it go away. 'The result that matter' is the symptom of a severe underlying problem. It is important that ISO/TC and CB's perform a thorough root cause and develop a plan of corrective action(s) to change the way auditees perceive the audits and the auditors. It is also important for the auditors to understand this problem and 'improve' the way they are perceived by their clients.

In any case, the OP's thesis fails on a basic level because despite repeated attempts to get him to do so, he's never shown us the "shall."

I am still trying to figure out the thesis, so no comment on this one yet.

 

[DrM2u]

I am however seriously interested as to how and when this thread will run out?

Can we start betting on this?!? Will Marc allow some light gambling here?

 

[Brunetta]

The problem is in the wording of the question !!! "- formally identify -
an opportunity for improvement." This (to me) implies that there will be consequences (formal) if the Auditors "suggestions" are not acted upon.

And of course as DrM2u identified - to do this (for any "opportunities for improvement" would indicate an Auditor "crossing the boundary"

Personally I would not be so polite! but thanks DrM2u, for what I believe is the most realistic and accurate post within this thread.

Hmmmm... Speaking as an auditee here....
I never had the experience of not acting on a formally identified opportunity for improvement (OFI) because the ones our auditor has pointed out have made sense for us to investigate through preventive actions and we have then implemented an appropriate solution for our company.

The thought never occurred to me that IF we declined to take the OFI cited by our auditor that it may have consequences.

If OFIs not acted upon do result in future consequences (nonconformity findings) then I am really SHOCKED and my CB WOULD be hearing from me because IMHO that is consulting by coercion!

Perhaps mistakenly I thought that an OFI by a CB auditor was something akin to...hey here is something you might not have considered and it may or may not warrant a preventive action (keeping in mind that preventive actions are to be appropriate to the effects of potential problems)

If I were in an organization that appears as if it has not adopted the process approach due to how the documentation is structured. I would want this brought to my attention as an opportunity for improvement.

Then we would at least consider the risk, identify the root cause (which could be ANYTHING including the auditor's competence) and decide if we were going to take appropriate action and what that action would be.
What if the appropriate action is to do NOTHING and continue to monitor the risk?

For example, if the QMS documentation has been structured this way for so many years and redefining it to clearly show the process approach would:
a) expend resources that the company may not have, and
b) risk confusion by employees which could mitigate any ROI
Then why can't a company decide that the most appropriate action is to continue to monitor the QMS?

Goodness, have I been that naive to think that OFI's are something we should look into and let our management make its own judgement call? Seriously...inquiring minds want to know?

BTW...I have enjoyed reading this one. It has given me a lot to chew on. I originally voted yes and I have not changed my mind because of the discussion yet.

~Brunetta

 

[Jim Wynne]

I agree that defining and recognizing a process is a problem but I disagree that there are no clear definitions for the concepts of 'system' and 'process'. See my comments in Marc's thread about Process Approach for more on the topic.

I didn't say that the definition of "process" is a problem.

I think that the standard is fairly clear about its requirements as listed in clauses 4.1.a, 4.1.b, 4.2.2.c and 8.2.3. The difference (and the basis for all the debates goiung on here) is how these requirements are interpreted and implemented. This is where the 'process approach' comes in play. If an organization does not recognize and understand the concepts of 'system' and 'process' it will probably not address the ISO 9001 requirements using the 'process approach'. How can one recognize a chicken from a sparrow if never saw (or learned about) either?

If the standard is "fairly clear," how can you say in the next sentence that interpretation is a problem? If the intent were clear, we wouldn't be having this discussion.

I agree that the way the auditors and the audits are perceived is a problem, but ignoring it will not make it go away. 'The result that matter' is the symptom of a severe underlying problem. It is important that ISO/TC and CB's perform a thorough root cause and develop a plan of corrective action(s) to change the way auditees perceive the audits and the auditors. It is also important for the auditors to understand this problem and 'improve' the way they are perceived by their clients.

And while they're at it, they should also find a cure for cancer, which might be easier than trying to control the attitudes of the registered community at large. In many cases, if not most, the auditor will have no control whatsoever over the perceptions of auditees.

 

[DrM2u]

I didn't say that the definition of "process" is a problem.

Sorry, I must have misunderstood the meaning of your statement. It happens ...

If the standard is "fairly clear," how can you say in the next sentence that interpretation is a problem? If the intent were clear, we wouldn't be having this discussion.

Can you say that the Bible is not clear in its intent? If the Bible is clear then how come there are quite a few Christian-based religions? Isn't this partially (if not mostly) a result of interpretation and implementation? And if it can happen with the Bible then why couldn't happen to a measly standard?

And while they're at it, they should also find a cure for cancer, which might be easier than trying to control the attitudes of the registered community at large. In many cases, if not most, the auditor will have no control whatsoever over the perceptions of auditees.

I agree, easier said than done! I probably could never control someone else's perception but I could try to influence it.