Issue 67 – ISO Registrar Upgrade Audit – any surprises?
ISO 9001:2015…
ISO Registrar Upgrade Audit – any surprises?
Some of the feedback that I’ve received from readers… Over the past year I’ve received emails from a variety of people sharing their experiences from the upgrade audit conducted by their ISO Registrars. Not really surprising is that everyone I’ve heard from, successfully transitioned to the new ISO 9001:2015 with very few findings… and in some cases none!
I say this wasn’t a very big surprise because although there was a lot of chest pounding about the new four letter word used throughout the Standard, the authors of this document stopped short of giving that “risk” word any teeth. With no documentation required for any of the nine (9) times that this word shows up, the job of the auditor got exponentially harder in trying to assess conformance…. or exponentially easier, depending on your auditor’s style/approach.
It’s also not surprising that these upgrade audits went fairly smoothly because many of the new requirements (the new “shalls”) also did not require “documented information”, so that makes them easier to address in an audit situation. By the way, even though the Standard may not require “documented information” that doesn’t necessarily stop an auditor from insisting you provide this type of evidence. Resist the urge to creatively generate some “documentation” to appease the auditor because you’ll end up doing this extra unneeded work every year thereafter. I suggest you repeat that your organization simply does not have the “documented information” that the auditor is asking for… and then stop talking! This will force the auditor to decide if they need to talk to someone else, or that they are going to “write this up”… and if they do write it up… then you need to have them tell you exactly which “shall” that you have not addressed, AND where it requires “documented information” (and they need to put their statement in writing). It likely won’t get that far because they probably won’t be able to quote where it says this documentation is in fact required, and then it might turn into an OFI (opportunity for improvement), which you can politely dismiss a year later if you don’t see this need for “documentation” as adding value to your business. One last comment, all auditors are trained to understand that during an audit, objective evidence can be obtained in three different ways: a) Reviewing of documents and records; b) Interviewing of personnel; and c) Observation of activities… so even if “documented information” is not available, the auditor still has two other techniques they can use to assess conformance.
I think that the strategy being used by many ISO Registrars is to be flexible and accommodating with their Customers during the upgrade audit and then to begin tightening up their expectations in future visits (aka surveillance audits)… time will tell. If in fact you are faced with a much more stringent audit scenario during their next visit then one way to handle it would be to show them your Quality Manual and remind them that it’s the same one they saw last year… so why are they now suddenly concerned about some particular requirement?
I’ve seen this identical situation occur recently with one of my Clients and the root cause behind this sudden change of heart by the auditors was that they had not in fact read the Quality Manual the first time around. That was unfortunate but also was not my Client’s problem. The auditors finally had to relinquish their quest to write something up once they saw that the Quality Manual had clearly spelled out the organization’s interpretations of all the “shalls” in the Standard. This is just another reason why I have recommended from Day 1 to retain the Quality Manual (even though the Standard doesn’t require one), and to place within that manual all of the ways your company has interpreted and applied each of the “shall” requirements. Takes a lot of upfront work but will save you from stressful auditor discussions down the road. Please remember that the main purpose of the Quality Manual is to act as a blueprint to help your employees understand how your company views quality and how it manages quality …but it also can come in handy for fending off unreasonable auditors!
Be sure to watch for our next Newsletter issue where I will be answering some of the questions that I get from Readers of my Newsletters about how to implement the requirements of ISO 9001:2015 in a specific and practical way, that will also help improve business performance…
To view all of our past Newsletters or to sign up to receive them… click here
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Need Help?
ISO 9001:2015 Internal Audit Outsourcing (we can do it for you OR with you!)
For cost effectiveness, the Internal Audit function can be outsourced to an external experienced auditor on a periodic basis. This will provide an independent and objective assessment to management, of where process issues may exist, along with identifying opportunities for improvement. It will also provide the evidence needed to satisfy the Internal Audit requirements in the ISO Standards. We have used two different approaches with this service: a) We conduct the entire audit ourselves, or b) We act as the lead auditor, and along with your Team of internal auditors, we complete the entire audit together. This latter approach allows your people to receive guidance and direction from an experienced lead auditor while at the same time maintaining significant involvement in the internal audit process.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Internal Process Auditor Training for ISO 9001:2015
The two (2) day Internal Process Auditing for ISO 9001:2015 Training Session is focused on a process approach to auditing with the objective being not only to assess conformance of the quality management system, but also to uncover process improvements during an audit. This goes hand in hand with the process auditing requirements found within ISO 19011 and the process approach covered in ISO 9001:2015, which promotes continual process improvement throughout this Standard. An enhanced checklist is developed, and there will be workshops throughout, to reinforce learning, as well as a live, practice audit. If you are looking to meet the ISO 9001:2015 internal audit requirements and to “raise the bar” for your internal audit program then this is the course you should consider.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Until next time…
Tim Renaud
Helping Business Professionals Reduce Risk and Remove Waste!