Hi,
thanks for your comments they are very encouraging but sets a crossbar high for me (hope not too high).
The main reason of my thread was to support ISO9001 future. It is a good standard in my opinion and should not be treated as a technical standard and implemented on “to pass” basis only but as something which creates PDCA circles and value to the company (too big words?). So value added audit is a part of it.
Re value added audit.
If you need a certificate only you do not need any audit at all. Certificate can probably be bought. And even if you have to be audited you can buy so called “proved” ISO Documentation and insert the name of your company within it, however it will only create costs for your company: cost of certification and follow up audits and costs of your people preparing objective evidence for auditor (you can however choose the least productive employee to do this to keep the costs low). I have a feeling that a second detailed ISO9001 standard exists all over the world and everybody knows that preparing company and it’s documentation according to this ensure certification. Even auditors feel more comfortable when they see familiar solutions.
If my earlier thread created smallest value it means that external audits can do it, without my experience as an external auditor it would had never been written (difficult conditional sentence).
First obligation of the auditor is to confirm that company qms complies to ISO standard. My experience is that because ISO9001 is general and objective generally every more or less successful company now (almost) compiles but they are not aware of it. There are ISO9001 elements all over the company management system under different names so in the beginning they shall be identified, pointed out and documented if required. The problem is however that for many external auditors something does not exists unless it is named according to ISO9000 (which is obliviously not requirement of ISO9001). And often the result is that if already mentioned horse is defined in ISO9000 and company puts a big signed sticker HORSE on a donkey it passes the audit with “ears too long” observation only. I think that overuse of quality language is damaging. I know companies which named their “clever idea box”: “ISO9001 box” , nobody is throwing anything to it (except few denunciations).
So generally I do not think this is a problem to comply (at least virtually) with ISO9001 and pass the certification. The problem is how to implement ISO9001 so it can be used by the company for business improvement and competitiveness. The question shall be not how to pass an audit but what is the best solution for my company. We all agree that this forum shall not exist to provide answers how to pass certification audit only (even if some suggestions are really helpful) but how to improve qms.
External audit shall be used as one of the tools for business improvement especially that you have to pay for it (no one will pay more for your product because you are certified). Basic value is that your auditor is open-minded and experienced so he does not spoil your qms. Next he should sense virtuality of the system and point it out (usually the reason is wrong interpretation of the standard). And finally he shall suggest improvements and by this way spread good business practices (not technology) and decrease risks. He has a rare opportunity to observe how ideas work in reality in various environments.
Re ethic.
Ethic problem is not with auditors only. Note that this the first requirement for the auditor according to ISO190011 (second is open-mind!!). You have this problem with employees, managers etc. I do not think that somebody who would like to get information about other company will hire external auditor, there are better ways to do it. So if auditor reveals info about other companies this is not a matter of ethic but stupidity (if it is a correct English word for this) and stupid and close-minded auditors shall be eliminated (but no exterminated, give them a chance). Somebody in the company the best if he has Wes experience can evaluate auditor at the beginning of the audit and when he noticed that he reveals confidential information of other companies simply say him good-by and report to his principals. As mentioned earlier key to ISO9001 quality and existence is with the companies, they shall be demanding not docile.
By the way, I do not thing that revealing information that Motorola use SixSigma pose any threat to this organization. You can find a lot of info abut various companies in business and management magazines like HBR. Auditor shall have general management knowledge obviously not to advise but to sense, discover and point out areas for improvement, and PDCA circle applies to him.
Maciek
Lots of good points!
.
