Poll: Should auditors promote the process approach?

[ISO 9001 Guy]

Re: Should auditors promote the process approach?

It goes back to the old conflict between consulting, offering suggestions and auditing.... I am curious to learn from others in what manner an auditor could do this without falling in the consulting trap.

Stijloor.

About consulting . . . during the transition from 1994 to 2000, many consultants and registrars alike urged organizations to continue with the standard-based approach--contrary to guidance in the standard itself. I asked the proper authorities about it. Isn't this consulting? Answer: no. If a CB tells everybody the same thing, then it's an education thing, not a consulting thing.

So, many consultants and CBs "educated" everyone the same way: either keep your old 20-element 1994 procedures and modify them to meet 2000, or re-structure your system to align with the new 2000 requirements. And the contest over who had the best dysfunctional 20-odd procedures continued.

It just so happens that neither of the offered solutions were the right option per ISO 9001:2000. Both options urge organizations to mis-identify and mis-define their QMS processes by structuring their procedures according to ISO 9001. Guidance documents available from TC176 since 1998 warned CBS that auditor competence would be critical in rolling out the 2000 standard and its officially endorsed approach: the process approach. Yet over a decade later, ISO/IAF APG is publishing guidance to CBs to ensure their auditors understand the basic approach endorsed by the standard, even guidance helping auditors to understand this basic approach. ?

I hope the "providing uniform education is not consulting" rule has not changed. Now it seems according to ISO/IAF it's time for registrars to start telling everyone the RIGHT thing, even if consultants don't. As long as registrars tell everyone the same thing, presumably it is not consulting. Why not tell everyone the RIGHT thing? It's properly called "education." Especially considering the process approach represents a night and day difference that's much easier and more sensible for organizations managing quality. After all, organizations ARE THE CUSTOMERS in this arrangement, aren't they?

I would think registrars wishing to add value would jump at the chance to help their customers, but it appears as if there is some resistance to the change represented by this guidance. Auditors are now expected to determine if organizations are basically "doing it right" and report to them if they are not? GASP!

Customer focus, change, and improvement isn't just for the management of ISO 9001-certified organizations, is it? It's for auditors and CBs, too, isn't it?

 

[Stijloor]

Re: Should auditors promote the process approach?

About consulting . . . during the transition from 1994 to 2000, many consultants and registrars alike urged organizations to continue with the standard-based approach--contrary to guidance in the standard itself.

Fact or opinion? Organizations made a decision to do that. Many were not as comfortable with the process approach. I doubt if they were "urged", certainly not by the (many) good folks in the consulting and auditing business that I know...

I asked the proper authorities about it. Isn't this consulting? Answer: no. If a CB tells everybody the same thing, then it's an education thing, not a consulting thing. So, many consultants and CBs "educated" everyone the same way: either keep your old 20-element 1994 procedures and modify them to meet 2000, or re-structure your system to align with the new 2000 requirements. And the contest over who had the best dysfunctional 20-odd procedures continued.

Contest? :mg:

It just so happens that neither of the offered solutions were the right option per ISO 9001:2000. Both options urge organizations to mis-identify and mis-define their QMS processes by structuring their procedures according to ISO 9001. Guidance documents available from TC176 since 1998 warned CBs that auditor competence would be critical in rolling out the 2000 standard and its officially endorsed approach: the process approach. Yet over a decade later, ISO/IAF APG is publishing guidance to CBs to ensure their auditors understand the basic approach endorsed by the standard, even guidance helping auditors to understand this basic approach?

I let my CB Friends comment on this; if they chose to....

I hope the "providing uniform education is not consulting" rule has not changed. Now it seems according to ISO/IAF it's time for registrars to start telling everyone the RIGHT thing, even if consultants don't. As long as registrars tell everyone the same thing, presumably it is not consulting. Why not tell everyone the RIGHT thing? It's properly called "education." Especially considering the process approach represents a night and day difference that's much easier and more sensible for organizations managing quality. After all, organizations ARE THE CUSTOMERS in this arrangement, aren't they?
I would think registrars wishing to add value would jump at the chance to help their customers, but it appears as if there is some resistance to the change represented by this guidance. Auditors are now expected to determine if organizations are basically "doing it right" and report to them if they are not? GASP!
Customer focus, change, and improvement isn't just for the management of ISO 9001-certified organizations, is it? It's for auditors and CBs, too, isn't it?

You may contact the CB's directly for a response. This is a public Forum and some of our Members representing CBs may not be as comfortable and I certainly understand.

Good luck!

Stijloor.

 

[ISO 9001 Guy]

Re: Should auditors promote the process approach?

Fact or opinion? Organizations made a decision to do that. Many were not as comfortable with the process approach. I doubt if they were "urged", certainly not by the (many) good folks in the consulting and auditing business that I know...



Contest? :mg:



I let my CB Friends comment on this; if they chose to....



You may contact the CB's directly for a response. This is a public Forum and some of our Members representing CBs may not be as comfortable and I certainly understand.

Good luck!

Stijloor.

You've been using the process approach for years, Stijloor. You agree (with ISO/IAF APG) that the process approach is the right way to go, right?

Fact or opinion? How do I prove this fact? Would you like me to state the name of a registrar who clearly did so by promoting a "bridge document" to hundreds of customers, a document yes, suggesting organizations maintain the standard-based structure, suggesting that in addition to the 20 procedures already in place, two or three more procedures were appropriate to address the "new" requirements. I have no beef with this registrar (or any registrar), and it is only fair to point out that this registrar was not alone, so it wouldn't be fair to call them out. I don't want to call anyone out, anyway. I can provide you names in a PM if you like, Stijloor, to prove this a fact and not an opinion, as I don't know how else to prove it to you. But to do so here would be bad juju, don't you think?

At the same time, I am not saying all registrars did this, either. But CBs continue to tolerate the elemental approach, and ISO/IAF is now making it clear that they don't need to tolerate it any longer, in fact, they SHOULDN'T. Are there any CBs here who DO NOT have client organizations operating standard-based QMSs? Please let me know.

Since guidance about the importance of the process approach and auditor competence was available from TC 176 in 1998 (I'll have to dig for this if you want proof, since it is no longer readily available on-line at ISrg), and since organizations had three years to transition (from the release of the standard), ISO/TC176 apparently hoped organizations would be transitioned also to the process approach when they transitioned to the 2000 standard. After all, it's not hard to do, and they had five years (from 1998) to get it done.

Perhaps ISO thought organizations would act in their own self-interest and adopt the process approach once they discovered how easy it makes compliance. But still to this day, plenty seem to be unaware of it as an alternative to the common elemental approach. Worse, plenty in the ISO 9000 business today say they use the process approach simply because they deal in ISO 9001:2008. You can find evidence of that in this very thread, if you know what I mean.

So, ISO/IAF/APG--aware that this problem is common--is doing everything it can to promote the right way to do it, starting apparently with auditors according to the ISO/IAF APG guidance (5 JUNE 2009). How else can they effectively promote the process approach? (ISO/IAF can't control consultants.)

Contest? Yes, without looking very hard, you can find, right now on-line, successful quality professionals selling canned procedures based upon the standard. The best canned manuals, procedures, and forms money can buy. Of course, these procedures do not and cannot accurately describe any organization's realization processes; instead, these procedures require organizations to adopt unfamiliar processes prescribed by pre-written procedures. Unfortunately, this approach is clearly not confined to on-line procedure vendors.

Soon after the 2000 standard was released, many were promoting patches or procedure sets to drag the standard-based approach into the 2000 era. And many organizations bought them. And it did seem like a contest--my 20-odd procedures are better yours because you use flow charts, or text documents, or turtle diagrams, or whatever. Yet this documentation was/is STILL based upon the standard. Worse, there are still quality professionals who think documentation based upon the standard is good and proper AND they think they are using the process approach. THAT is why ISO/IAF is being so very clear to say that 1) the elemental approach--defining procedures per the sections of the standard--is wrong, and 2) the process approach should be promoted in its stead.

It sure is difficult to change the mind of some people who have been doing something a certain way for a long time. Even if the change is for the better and they would surely be glad they did it. But people get comfortable with what becomes the norm and comfortable with their understanding of it and changing their understanding of it is painful. (And it often requires some investment of effort.)

In the short run it's natural and easy to deny that change is needed, attack the change agent, make the change seem more difficult than it is, etc. We've all seen this as quality professionals, haven't we? We hear the old, "but this is how we have been doing it for years" objection all the time, don't we? Irritating, isn't it? How do we overcome this objection?

 

[Jen Kirley]

Well, I never considered the process approach to be difficult, but I do run across people who think of what they do as a self contained capsule. With them I sometimes decide I need to bring them along slowly. Stealth quality. Some will never get it.

With them, what's to be done? Whether or not they realize it, if they satisfy all the elements asked of them, chances are good they have a process approach to their part of the system, though they may not be process thinkers. With some people like this, you'd need to be satisfied and go after what's reachable. Our work is hard enough without trying to take on the quirks of humanity.

The other thing to consider is the subtle effect culture can have on an organization. In a competitive atmosphere, departments and processes can become siloed out of a perceived need to defend themselves against whatever threat they perceive. They build walls, they keep details to themselves, they decline to share successes, they lack trust. An army of Demings probably couldn't do much with a battalion of aggressive, myopic narcissists.

Rock is hard; water is patient.

 

[Stijloor]

Re: Should auditors promote the process approach?

<snip>Fact or opinion? How do I prove this fact? Would you like me to state the name of a registrar who clearly did so by promoting a "bridge document" to hundreds of customers, a document yes, suggesting organizations maintain the standard-based structure, suggesting that in addition to the 20 procedures already in place, two or three more procedures were appropriate to address the "new" requirements. I have no beef with this registrar (or any registrar), and it is only fair to point out that this registrar was not alone, so it wouldn't be fair to call them out. I don't want to call anyone out, anyway. I can provide you names in a PM if you like, Stijloor, to prove this a fact and not an opinion, as I don't know how else to prove it to you. But to do so here would be bad juju, don't you think?

Fair enough, no names required.

Stijloor.

 

[Richard Pike]

If an organization has not adopted the process approach, is it appropriate and proper for a third-party (registrar) auditor to formally identify "adopting the process approach" as an opportunity for improvement?

Thanks!

Wow - what a lot of response to a basic question.

I have had the opportunity to discuss with a number of Industrial Psychologists the (external) Auditors apparent need to "improve" their clients QMS.

Aside from wanting to comply with that Grey requirement of "improving the QMS" there is undoubtedly the potential for Auditors to feel doubts as to their personal value when simply evaluating "compliance". Checking other peoples work (solely) is recognized as amongst the most demoralizing work available, worse even than repetitive machine like functions.

So in an effort to relive this situation the human auditor gets satisfaction from the appearance of "adding value" or "improving" and it is this human condition that a good auditor must ensure they keep under control.

It is interesting that the German Society for Quality (endorsed by the European Organization for Quality) train their Auditors for a full five weeks, often over a period of two years. The use of a qualified industrial phychologist (with QMS experiane) is mandatory during the final week. The objective of this is not only to train auditors in the physological aspects of auditing but also to constructively evaluate if the Potential Auditor can objectively apply what they have been taught.

My point- It is a human survival instinct to "add value" in order to feel useful - Auditors MUST recognize this and ensure that improvements are required in order to support future compliance - and not simply because of their own human frailties.

If they cannot justify that future compliance may be at risk- they should recognise their human frailties and restrain their enthusiasm.

 

[ISO 9001 Guy]

Wow - what a lot of response to a basic question.

I have had the opportunity to discuss with a number of Industrial Psychologists the (external) Auditors apparent need to "improve" their clients QMS.

Aside from wanting to comply with that Grey requirement of "improving the QMS" there is undoubtedly the potential for Auditors to feel doubts as to their personal value when simply evaluating "compliance". Checking other peoples work (solely) is recognized as amongst the most demoralizing work available, worse even than repetitive machine like functions.

So in an effort to relive this situation the human auditor gets satisfaction from the appearance of "adding value" or "improving" and it is this human condition that a good auditor must ensure they keep under control.

It is interesting that the German Society for Quality (endorsed by the European Organization for Quality) train their Auditors for a full five weeks, often over a period of two years. The use of a qualified industrial phychologist (with QMS experiane) is mandatory during the final week. The objective of this is not only to train auditors in the physological aspects of auditing but also to constructively evaluate if the Potential Auditor can objectively apply what they have been taught.

My point- It is a human survival instinct to "add value" in order to feel useful - Auditors MUST recognize this and ensure that improvements are required in order to support future compliance - and not simply because of their own human frailties.

If they cannot justify that future compliance may be at risk- they should recognise their human frailties and restrain their enthusiasm.

Richard, I agree with the psychology bit. How do you deal with a situation in which an auditor does not distinguish between "auditing for conformity" (to use your phrase) and "auditing for effectiveness?" What if an auditor honestly believes s/he is doing a good job when merely auditing for conformity? I think that's what the ISO/IAF APG guidance is addressing, isn't it?

 

[Sidney Vianna]

How do you deal with a situation in which an auditor does not distinguish between "auditing for conformity" (to use your phrase) and "auditing for effectiveness?"

We have to remind ourselves that, FOR MANY DECADES, auditors were taught that their jobs was SOLELY to verify conformance with requirements. The expectation that auditors should be concerned (and report) on process and system effectiveness is relatively new.

Some of us were doing system-based, process based assessments with the 1987 edition of ISO 9001. Some were doing that even before the ISO 9000 family came about in the late 80's. On the other hand, some auditors will NEVER be able to make the mental switch and audit for effectiveness. Never. Auditorsauruses-rex will be with us for a little longer.

It is also critical to remember that auditing for conformance and auditing for effectiveness are NOT conflicting expectations, but complementary objectives. One can (AND SHOULD) audit for both.

 

[Richard Pike]

Richard, I agree with the psychology bit. How do you deal with a situation in which an auditor does not distinguish between "auditing for conformity" (to use your phrase) and "auditing for effectiveness?" What if an auditor honestly believes s/he is doing a good job when merely auditing for conformity? I think that's what the ISO/IAF APG guidance is addressing, isn't it?

I am afraid it opens a whole new discussion. IAF etc are merely attempting to "proceduralise" (sic) an auditing methodology in order to attain some form of common approach to what they perceive as good auditing practice. (and in the absence of anything else - that is OK).

Improvement - as far as 3rd party auditing goes - should(in my humble opinion) be limited to identifying "potential" Risks in the QMS -i.e weaknesses that could occur under realistic but different circumstances that was present during the Audit, and then suggesting ways to improve the QMS - so that those (realistic) potential risks are reduced.

Now if the improvement recommendations are not implemented, a subsequent auditor may quite rightly evaluate whether the identified potential risks actually materialized - and if they did would the "suggested improvements" have prevented them. If there is a pattern of this; then lack of action towards suggested improvements, would actually becoame a negative finding. (perhaps under the evaluation of the skills of the Q Rep).

So in the Case of the Process Approach -or lack of - yes identify - if not followed - potential risks to the effectiveness of the QMS. The Audit must clearly identify problems that have arisen as a result of this lack of action, and if it cannot pinpoint such problems (dont make it a witch hunt) then perhaps it doesn't apply to the organization.

Silly question, prior to 2000, would an auditor raise a non-conformance if an organization WAS following the Process Approach?

Even sillier question, perhaps there is something out there "even better" than that of the the Process Approach", would that be a non-conformance?


Thanks for your input - interesting!

 

[Richard Pike]

It is also critical to remember that auditing for conformance and auditing for effectiveness are NOT conflicting expectations, but complementary objectives. One can (AND SHOULD) audit for both.

Absolutely no doubt about that! However to conform - the system must be effective - if its not effective - it doesn't work and therefore does not conform.


Perhaps the word "efficient" is appropriate however at the moment ISO 9004 is only a guideline. Many people believe that it remains so because the ISO committees didn't have the guts to do what they should/could have in the 2008 revision.