Featured Product
This Week in Quality Digest Live
Standards Features
Denise Robitaille
Without ISO 9000, ISO 9001 lacks context
Matthew Barsalou
How failure modes and effects analysis became commonplace
Meg Sinclair
100% real, 100% anonymized, 100% scary
Michael Mills
The answer might surprise you
Alonso Diaz
Consulting the FDA’s Case for Quality program

More Features

Standards News
Feb. 29, 2024, 11:00 a.m. Eastern
HaloDrive Omnidirectional Drive System for heavy-duty operations
Draft publication aims to help measure and evaluate security programs
Progress via sustainability standards
Has played pivotal role in servicing and supporting the conformity assessment industry
Handle document, audit, and concerns management more effectively
Businesses with $300 million or more revenue in Europe must comply
Helps managers integrate statistical insights into daily operations

More News

Denise Robitaille

Standards

The Standard Answer

Don’t do it! Avoid quality system errors of excess.

Published: Monday, June 7, 2004 - 21:00

Do not ever, ever, do anything just to please an auditor. This is quickly becoming one of my new favorite mantras. For many individuals, this statement would seem to be self-evident, and yet there are instances when an organization has felt compelled to change a process or implement a new practice in response to an auditor finding or upon the recommendation of a consultant. They end up crippling their quality management system with layers of bureaucracy that add no value. They often do so grudgingly, unconvinced that the action is right or necessary. "Why," they grumble, "should we throw away valuable resources on unfunded mandates handed down by an organization that has no idea what our business is really about?" Even more detrimental than the waste of resources is the damaging effect it has on top executives’ commitment to the entire quality management system.

This is not to accuse consultants and auditors of malice or incompetence. The reality is that these errors of excess are usually rooted in their desire to ensure that the organization’s system is robust, compliant and responsive to customer expectations.

ISO 9001:2000 de-emphasized the documented procedure model in favor of a method of control more appropriate to each individual organization and industry. This provided greater flexibility, but placed an additional burden on the organization to consider carefully what level of control was adequate and what methods were most amenable to their own internal culture. The net result would be a system that was beneficial to the organization, facilitated fulfilling customer requirements and was compliant to the international standard. Managers would understand how it worked for them and be able to communicate that value to others. The expectation was that, since the organization had greater authorship and ownership of the system, it would be able to demonstrate to a third party auditor how it achieved the appropriate control and what methods it used to verify the results.

The advent of ISO 9001:2000 brought a comparable shift to the auditing community. Auditors could no longer rely on a rigid and predictable documentation structure to assist them in determining compliance to organizational and QMS international standards requirements. The auditors needed to work harder to understand the unique nature of the organization being audited and decide, based upon objective evidence, if the manner in which they had planned and implemented their quality management system was compliant and effective. The onus is upon them to observe the system, match the processes to the requirements and determine if they conform. In order to do so, the audit team needs to have expertise in the specific industry or service sector. With this expertise comes pre-existing knowledge of traditional industry practices, consensus on workmanship standards, minimal acceptance criteria, and sometimes, biased preconceptions of what conformity should look like. Auditors, therefore, need to make judgment calls as to whether a particular practice needs to be controlled because it is an implicit requisite, an industry standard and/or customer expectation, or if this is simply a good idea that lots of companies employ, but for which there’s no implied or actual requirement.

The two criteria good auditors will use in these instances are risk and effectiveness. Is there a risk of non-fulfillment of customer requirements? Is there evidence that the organization’s current practice is effective in fulfilling the requirement?

Sometimes auditors err on the side of the industry standard practices or base their decision on prior experience. When the organization feels that the finding is unjustified, executives should exercise their right to appeal. Unfortunately, few companies ever do--fearful that they will alienate the registrar and jeopardize their registration. However, a good registrar will welcome the dialog. Any organization that takes the time to appeal probably has a greater understanding of how their system works-a significant indicator of their level of commitment.

Consultants fall into similar quagmires. In an effort to anticipate auditor expectations and to ensure that nothing goes awry during the audit, they will over-develop the system. A short list of typical overkill culprits are: excessive documentation of simple processes, elaborate or redundant record retention, corrective action when all that is needed is correction or remedial action and calibration of anything that measures regardless of customer requirements or product specifications. There are probably more, all of them reliant on the nature of the various organizations or industries.

None of this is intended to suggest that organizations can cavalierly dismiss any requirement in the standard they don’t like. If they are committed to being an ISO-registered company, they need to conform to the requirements.

I tell my clients that they shouldn’t institute any new practices simply because "ISO says so." Implementing a practice that has no value is wasteful--the antithesis of good management. However, I add that there is great wisdom in the ISO 9001:2000 standard. It’s part of my job to help clients perceive the value in the requirements so that they can reap the intended benefit. If I can’t convince them, shame on me.

Discuss

About The Author

Denise Robitaille’s picture

Denise Robitaille

Authored of more than a dozen books on a variety of quality topicsDenise Robitaille has participated internationally in standards development for more than 20 years, serving in several leadership roles, including her current position as chair of TC176/SC1. That committee is responsible for the development of ISO 9000, the guiding document on quality fundamentals and terminology that is the foundation for ISO 9001.

Robitaille also chairs PC302, the committee responsible for revising the ISO 19011 standard on auditing quality management systems. She has facilitated the implementation of ISO 9001 for multiple organizations for more than 25 years, is a Fellow of the American Society for Quality, and a certified lead assessor.