Featured Product
This Week in Quality Digest Live
Standards Features
Using the CASCO Toolbox to repair and restore
Todd Hawkins
Good documentation is worth the effort you put into it
Rupa Mahanti
With data as the fuel of the digital economy, data governance is the much needed brake
Bryan Christiansen
Workplace policies that reduce accidents and enhance safety
Chip Reavley
Well-designed solutions lower costs and increase revenue

More Features

Standards News
Creates one of the most comprehensive regulatory SaaS platforms for the industry
Yotrio and SunVilla to provide interactive, 3D-enabled assembly via BILT app
KCP25C grade with KENGold coating sets new standard for wear and productivity in steel turning
Takes action to mitigate risk of medical devices shortage
Standards, testing help autonomous vehicles drive safely
Offering production versatility and throughput with increased detection sensitivity and low energy consumption
New lines improve software capability and analysis
Automotive cybersecurity on Feb. 9, and AS9145 on Feb. 28

More News

Denise Robitaille


The Standard Answer

Don’t do it! Avoid quality system errors of excess.

Published: Monday, June 7, 2004 - 22:00

Do not ever, ever, do anything just to please an auditor. This is quickly becoming one of my new favorite mantras. For many individuals, this statement would seem to be self-evident, and yet there are instances when an organization has felt compelled to change a process or implement a new practice in response to an auditor finding or upon the recommendation of a consultant. They end up crippling their quality management system with layers of bureaucracy that add no value. They often do so grudgingly, unconvinced that the action is right or necessary. "Why," they grumble, "should we throw away valuable resources on unfunded mandates handed down by an organization that has no idea what our business is really about?" Even more detrimental than the waste of resources is the damaging effect it has on top executives’ commitment to the entire quality management system.

This is not to accuse consultants and auditors of malice or incompetence. The reality is that these errors of excess are usually rooted in their desire to ensure that the organization’s system is robust, compliant and responsive to customer expectations.

ISO 9001:2000 de-emphasized the documented procedure model in favor of a method of control more appropriate to each individual organization and industry. This provided greater flexibility, but placed an additional burden on the organization to consider carefully what level of control was adequate and what methods were most amenable to their own internal culture. The net result would be a system that was beneficial to the organization, facilitated fulfilling customer requirements and was compliant to the international standard. Managers would understand how it worked for them and be able to communicate that value to others. The expectation was that, since the organization had greater authorship and ownership of the system, it would be able to demonstrate to a third party auditor how it achieved the appropriate control and what methods it used to verify the results.

The advent of ISO 9001:2000 brought a comparable shift to the auditing community. Auditors could no longer rely on a rigid and predictable documentation structure to assist them in determining compliance to organizational and QMS international standards requirements. The auditors needed to work harder to understand the unique nature of the organization being audited and decide, based upon objective evidence, if the manner in which they had planned and implemented their quality management system was compliant and effective. The onus is upon them to observe the system, match the processes to the requirements and determine if they conform. In order to do so, the audit team needs to have expertise in the specific industry or service sector. With this expertise comes pre-existing knowledge of traditional industry practices, consensus on workmanship standards, minimal acceptance criteria, and sometimes, biased preconceptions of what conformity should look like. Auditors, therefore, need to make judgment calls as to whether a particular practice needs to be controlled because it is an implicit requisite, an industry standard and/or customer expectation, or if this is simply a good idea that lots of companies employ, but for which there’s no implied or actual requirement.

The two criteria good auditors will use in these instances are risk and effectiveness. Is there a risk of non-fulfillment of customer requirements? Is there evidence that the organization’s current practice is effective in fulfilling the requirement?

Sometimes auditors err on the side of the industry standard practices or base their decision on prior experience. When the organization feels that the finding is unjustified, executives should exercise their right to appeal. Unfortunately, few companies ever do--fearful that they will alienate the registrar and jeopardize their registration. However, a good registrar will welcome the dialog. Any organization that takes the time to appeal probably has a greater understanding of how their system works-a significant indicator of their level of commitment.

Consultants fall into similar quagmires. In an effort to anticipate auditor expectations and to ensure that nothing goes awry during the audit, they will over-develop the system. A short list of typical overkill culprits are: excessive documentation of simple processes, elaborate or redundant record retention, corrective action when all that is needed is correction or remedial action and calibration of anything that measures regardless of customer requirements or product specifications. There are probably more, all of them reliant on the nature of the various organizations or industries.

None of this is intended to suggest that organizations can cavalierly dismiss any requirement in the standard they don’t like. If they are committed to being an ISO-registered company, they need to conform to the requirements.

I tell my clients that they shouldn’t institute any new practices simply because "ISO says so." Implementing a practice that has no value is wasteful--the antithesis of good management. However, I add that there is great wisdom in the ISO 9001:2000 standard. It’s part of my job to help clients perceive the value in the requirements so that they can reap the intended benefit. If I can’t convince them, shame on me.


About The Author

Denise Robitaille’s picture

Denise Robitaille

Denise Robitaille is the author of thirteen books, including: ISO 9001:2015 Handbook for Small and Medium-Sized Businesses.

She is chair of PC302, the project committee responsible for the revision to ISO 19011, an active member of USTAG to ISO/TC 176 and technical expert on the working group that developed the current version of ISO 9004:2018. She has participated internationally in standards development for over 15 years. She is a globally recognized speaker and trainer. Denise is a Fellow of the American Society for Quality and an Exemplar Global certified lead assessor and an ASQ certified quality auditor.

As principal of Robitaille Associates, she has helped many companies achieve ISO 9001 registration and to improve their quality management systems. She has conducted training courses for thousands of individuals on such topics as auditing, corrective action, document control, root cause analysis, and implementing ISO 9001. Among Denise’s books are: 9 Keys to Successful Audits, The (Almost) Painless ISO 9001:2015 Transition and The Corrective Action Handbook. She is a frequent contributor to several quality periodicals.