All posts by spaton

Establishing Audit Program Objectives

by J.P. Russell To most,…

by J.P. Russell

To most, establishing program or department objectives seems like the normal thing to do. However, that isn’t always the case. Sometimes managers of programs or departments only focus on the purpose of their program or department. For example, the purpose of the audit program is to conduct audits. Therefore, all resources go into conducting as many audits as possible. Another example might be the shipping department where incoming material must be shipped ASAP. Establishing objectives or desirable outcomes goes beyond the purpose of a function. The aim is more about how the purpose is carried out and improved upon.

ISO 19011, Guidelines for auditing management systems, states that it is top management’s responsibility to ensure that audit program objectives are established. That doesn’t mean audit program managers should wait to hear from their boss before they establish objectives. On the contrary, audit program managers need to be proactive.

The audit program manager can start by determining the organization’s objectives and policies. An organization should have objectives to achieve their performance goals and obligations. Not all, but many policies may affect the audit department. Examples include safety, stewardship, ethics, and confidential information. A good starting point is to ensure audit program objectives are consistent with, and support, management system policies and objectives.

Next, audit program objectives can be established. There may be objectives for the entire function or specific audit program activities such as program management, plans, and performing audit services. Audit program objectives should relate to organizational objectives.

The program and individual audit objectives should also align with the needs and expectations of interested parties. For example, interested parties may include regulatory agencies, customers, suppliers, purchasing, and operations.

Audit program objectives direct program planning (department policy, procedures, guidelines, etc.). Plan what you do and do what you plan. Plans should align with objectives as well as the purpose of the function. One might ask, “Is this plan consistent with our objectives?” and “Is there anything we should change that would enhance our effectiveness to achieve our objectives?”

There should also be objectives for conducting audits. Providing an audit service is the purpose of the audit program. These objectives may relate to efficiency, safety, professionalism, and the code of conduct, and they should be consistent with audit program objectives. Perhaps an example objective would be to incorporate the seven lean wastes thinking when conducting the audit process to improve efficiency.

Audit program objectives can consider the following:

  • Management priorities
  • Commercial and other business intentions
  • Characteristics of processes, products, and projects and any changes to them
  • Management system requirements
  • Legal and contractual requirements and other requirements to which the organization is committed
  • Need for supplier evaluation
  • Needs and expectations of interested parties, including customers
  • Auditee’s level of performance, as reflected in the occurrence of failures, incidents or customer complaints
  • Risks to the auditee
  • Results of previous audits
  • Level of maturity of the management system being audited
  • Auditing organization risks

Examples of audit program objectives include:

  • To contribute to the improvement of a management system and its performance
  • To fulfill external requirements, e.g., certification to a management system standard
  • To verify conformity with contractual requirements
  • To obtain and maintain confidence in the capability of a supplier
  • To determine the effectiveness of the management system
  • To contribute to the identification of risks to the organization and verification of risk treatment actions
  • To implement an eAudit program to reduce costs
  • To evaluate the compatibility and alignment of the management system objectives with the management system policy, strategic direction, and overall organizational objectives

The objectives should be measurable. The idea here is to avoid vague generalizations such as “We will only use top-notch auditors or achieve performance excellence.” Plans for monitoring the achievement of program objectives will need to include determining the appropriate metrics. Some metrics will be obvious such as continued certification of the management system. Determining the metrics for other objectives such as the effectiveness of the management system may be more challenging. There may be some thought about appropriate metrics now or later as part of the monitoring performance process.

Plans should include how objectives are communicated. Objectives should be shared (note that there could be security exceptions). Informing people that need to know will only help the achievement of objectives. Communication of objectives could be done using several media options. For example, posters, intranet, emails, and virtual or face-to-face meetings.

Plans should take into account the need to update, delete, or replace certain objectives. Objectives need to be monitored and periodically evaluated and updated. For example, they may need to be updated due to changing organizational objectives or strategic direction or the results of monitoring the achievement of objectives. Typically, objectives are reviewed annually, but circumstances may require the objectives to be assessed more frequently.

When appropriate, objectives should consider the type of audit. For example, on-site versus remote and internal versus external. The audit function of an organization may provide many different audit services beyond management system audits. Process audits are becoming increasingly popular due to the value they add to the organization. An ever-expanding supply chain has stressed the need for greater supplier accountability.

About the author

J.P. Russell is the founder and managing director of eLearning provider QualityWBT Center for Education ( He is also an ASQ fellow, ASQ-certified quality auditor, member of the U.S. Technical Advisory Group (TAG) 302 for management system auditing, member of the U.S. TAG for ISO technical committee 176. Russell is a recipient of the Paul Gauthier Award from the ASQ Audit Division and author of several ASQ Quality Press books about auditing, standards, and quality improvement.

The post Establishing Audit Program Objectives appeared first on The Auditor.

Risky Business: Why Auditors Need Liability Insurance

As an auditor you make…

As an auditor you make a living by providing your professional opinion. No matter what industry you audit, it is your responsibility to evaluate businesses and determine if they follow the applicable standards. Regardless of what you decide, there may be long-term consequences for the business.

Let’s outline a couple of scenarios to illustrate how some of these consequences could affect your legal liability.

Example 1: They Pass the Audit

In the first scenario, your findings indicate that the business you are auditing is compliant with the laws and industry standards you are reviewing. Great! Except, down the line, it’s discovered that the business isn’t compliant, and they get hit with fines and fees.

In this situation, the business may feel that you missed something during the audit. They may claim you were negligent in your duties, and if you had performed your duties fully, they would have had time to fix the situation before being fined.

Whether you were or were not negligent is irrelevant in this situation. If the client feels you were, they may bring a lawsuit against you. As an independent auditor, paying your legal expenses alone can cost tens of thousands of dollars.

Example 2: They Don’t Pass Your Audit

In this scenario, the business you have audited will need to fix the issues you identified—a process that will take time, money, and manpower to implement.

If the business disputes your findings, or if they spend the money to fix the issues, only to find out later that your recommendations were unnecessary or done in error, they may sue you as a way to recover costs.

Again, the lawsuit itself is expensive, even if you aren’t found liable. However, if you are found liable, then you will also have to pay damages and other settlement costs, which may include the court costs of the business. As an independent auditor, you likely don’t have this kind of money on hand. Even if you do, can your business afford that kind of loss?

Beyond Professional Liability: The Insurance Coverages You Need

The above scenarios illustrate your need for a specific type of coverage—professional liability coverage. As an auditor, this type of coverage needs to be the backbone of any insurance policy you choose. It protects you against the cost of damages and claims that occur because of errors or omissions made while providing your professional services, as well as any negligent acts in this same capacity.

Although professional liability needs to be the foundation of your policy, there are additional coverages you should have. These are outlined below.

General Liability Coverage

Next to professional liability coverage, general liability is one of the foundational coverages you need for your insurance policy. This coverage protects you in the event of bodily injury or property damage claims.

For example, while performing an audit, you spill a chemical or other liquid. If someone were to slip and become injured on that spill, you could be held liable. Or you may accidentally damage an expensive piece of equipment, and the company wants you to pay for its repair or replacement.

One accident could even result in both types of claims. If you bumped into a piece of equipment and it knocked into or fell on an employee, injuring them and damaging the item. This single mistake could lead to both medical costs and property damage.

On their own, medical care (which may last for months) and property repairs are expensive, especially if a lawsuit becomes part of the equation. Together, they could be enough to lead you to bankruptcy.

However, having an insurance policy with enough general liability coverage could save you from paying these expenses out of your own pocket.

Personal and Advertising Injury Coverage

This type of coverage is usually a subset under general liability coverage, but for many policies, the “per offense” limits are separate from general liability “per occurrence” limits. The reason for this separation is the difference in how “injury” is defined for each coverage.

Injury, under personal and advertising coverage, requires intentional acts rather than simple negligence. Personal and advertising injury coverage protects you against seven specifically defined acts, including slander, libel, defamation, right to privacy violations, false arrest, copyright infringement, etc.

Because each of the covered acts have specific legal meanings, it’s difficult to illustrate how this coverage may be applied in a claim. However, if you would like more information, including examples, this article about personal and advertising injury coverage from online insurance resource IMRI is highly informative.

Damage to Rented Premises Coverage

This coverage is a necessity if you rent office space. It protects you from the cost of property damages sustained if you accidentally cause a fire.

Although you may not think you are likely to start a fire, legal liability can apply in more situations than you might first assume.

For example, you probably own a smartphone. You’ve probably seen recent news reports about a certain model exploding and causing fires. Even if you don’t own this specific smartphone, it’s only the most recent incident to capture the media’s attention. The truth is, any smartphone could overheat and explode. If yours does so while in your rented space, as the phone’s owner, you could be held liable.

Or, maybe you smoke, and while on a break, you don’t realize your cigarette isn’t fully extinguished. Or your laptop short circuits. Or you forget to extinguish a candle you were burning.

There are a lot of ways you may unknowingly cause a fire. Because the cost of repairing a building from fire damage is expensive, you’ll want this protection.

Computer Network Security Coverage

Since much of your work is done on location for the business you are auditing, you most likely use a computer or other technology to perform your duties. While computers are useful, they are also vulnerable to cyber threats.

If your computer becomes a weak point through which the business’s network or security is compromised or infected by malicious software, this coverage is a necessity. Depending on the specific circumstances of the event, it can protect you against claims where electronic data is destroyed, deleted, corrupted, or stolen.

Don’t Spend a Fortune for the Coverage You Need

Assuming liability risk is an inherent part of your work as an auditor. However, you don’t have to risk your business to do your job. Getting the right insurance coverage, like those outlined in this article, is the first step. Getting them for an affordable price is the next.

If you’re interested in an insurance policy that offers competitive limits for all of these coverages at a price well below market value, check out the policy provided by Exemplar Global’s insurance partners:
Australia: Envirosure at
United States: Veracity Insurance Solutions at

The post Risky Business: Why Auditors Need Liability Insurance appeared first on The Auditor.

Auditor Profile: Inspiring a Higher Auditing Quality

Consultant, trainer, and auditor Graham…

Consultant, trainer, and auditor Graham Caddies is a strong advocate for upholding the quality, professionalism, and benefit of auditing. Caddies’ passion for inspiring a higher quality of auditing began in the 1980s when he was disappointed by the inappropriate and poor quality approach to external auditing taken by an organization he was working for.

“The way they were doing it was never going to address the problem of safety,” Caddies says. “They weren’t addressing the business or culture, and they weren’t incorporating it in a way that people could understand how the work environment could impact their health, safety, and welfare.”

This experience motivated Caddies to gain more qualifications and a deeper understanding of how businesses work, including governance, compliance, assurance, and risk. It was then that Caddies became confident to voice his concerns.

“People were being certified as quality organizations and quite frankly they were delivering a poor product,” Caddies says. “Predominantly, it was a ‘tick and flick, show me the paperwork, walk away, and you are compliant exercise.’ But they weren’t auditing from the context, risk exposure, and how the organization actually operates, which was inferred in the old standards but is now a requirement with the new standards. The focus has to be from a context and risk point of view and how the organization actually operates.”

Committed to making a positive change, Caddies started Advance Profit Plan in 1994 to help businesses improve, grow, and incorporate the necessary requirements through coaching, mentoring, auditing, and training. Ultimately, Caddies hopes his business can help to improve the quality of auditing across all industry sectors and all types of organizations.

“The quality of auditing has been pulled down through poor practices in training, certification, and auditing, and unethical people,” Caddies says.

“There have been improvements, with some auditing organizations and auditors doing it thoroughly and achieving sound outcomes, but a large percentage are still doing tick and flick, show me the words, or are auditing just for auditing sake, or have the wrong focus. They are giving the profession a bad name. This is what gives me passion and drive to bring about change.”

Postulating as to why audits aren’t being done properly, Caddies points to numerous factors such as the level and quality of training, poor certification processes, organizations not knowing or defining what they require from the audit process, and poor professionalism.

“I’m not against online training, but how can you be deemed a competent safety auditor or environmental auditor by completing all of your training online in two months when you haven’t even read and unpacked the standards and understood their intent/objectives and their application within an organizations context?

“The other thing is we are not training as per competency-based training. We are just giving them the principles and the theory, but they also have to be able to demonstrate that they have the skills and capability of applying it in different scenarios. When they go through the training, this isn’t being assessed to the required depth or at all.

“[Then there’s the issue of] trainers having a piece of paper saying they are qualified, but they have no experience and are just reproducing [the course content].”

Another issue is a lack of understanding of the auditing process—both by the auditor and the auditee.

“Some auditors don’t understand the auditing process,” Caddies explains. “The organization needs to understand and define why they want the audit, and what criteria they want the audit conducted against.

“When the auditor goes in, the people who engage them don’t know what they want. They get a big wordy document that they think covers it all. But when they read it, they don’t understand, and no one knows what to do about how to improve.

“It’s about professionalism. You need to understand the complete package that you are delivering as an auditor and what your role is in helping to change the organization that has engaged you. You need to either endorse what they are doing well or make them understand what they need to do to improve and why.”

To improve the standard of auditing, Caddies offers some useful tips:

  1. Understand the underlying intent and objectives of the legislation or standards you are auditing against. A lot of people go into the nitty-gritty instead of understanding the objective or intent of the legislation. You need to understand how to put that into context with each organization you audit.
  2. Get some experience and see what can go wrong. Often just reading doesn’t impact you until you actually see it. Get with some experienced people—it doesn’t have to be an older person.
  3. Keep reading and updating—a lot of things interact with each other.

Caddies considers the audit client to be his main source of information.

“Every time I work with a client I believe it is a partnership where I learn their uniqueness and they learn from my experience and understanding of the standards within their context and where they are at and need to be,” he says. “Auditing is more of sharing training/knowledge/information than an auditor going in like a policeman.”

To raise the standard of the auditing profession, Caddies has a clear vision of what needs to happen.

“I believe whether you are an auditor, trainer, or a consultant, like in the financial industry, we need to be licensed and accredited,” Caddies says. “One way is to make any professional—whether they be a trainer, or a consultant—be registered/licensed.

“[We need] a partnership between industry groups, certification bodies, and other community groups to help organizations understand [the value of auditing] and to improve the professionalism of the auditing process. The governing bodies are trying to promote change and they are slowly getting there. The words are good, but we have to convert the words into practice.

“It’s not just auditing; it’s the training too. The actual people doing the work, and the people who monitor and certify. They need to lift their game and get consistent across the board.

“It has to be a concerted effort to change, and it has to be people who are passionate about actually stepping up and driving the required improvement, otherwise nothing will change. The new standards give us the opportunity to act.”

The post Auditor Profile: Inspiring a Higher Auditing Quality appeared first on The Auditor.

Let’s Get Back to Basics: The Challenges of Being an Auditor

With more than 25 years…

With more than 25 years of audit experience, director of successful auditing and training business Global Quality Assurance, David Purslow has seen it all. In a no-holds-barred interview with The Auditor, Purslow gives insight into some key issues facing auditors and offers a simple solution for improvement.

Purslow enjoys the diversity of auditing and the process of assisting businesses improve. However, not everyone shares the same experience of auditing. In this fast-paced environment, auditors can face pressures from many sources, including auditees who want the job complete within tight deadlines or certification bodies pushing auditors to take on more than they can handle. According to Purslow, challenges such as these can easily pile up, leaving the auditor with a backlog of work or pushed to the point of burnout—particularly for contract auditors.

“In Australia, we work with a lot of contract-based auditors,” Purslow says. “This can breed the type of auditor who has a money focus, so they will take on every job that is available to them. That is where the issue of burnout can arise. They are trying to grow their business, but at what cost?

“All of a sudden we see people getting burnt out because they are doing too much.

“There are also a lot of young auditors who think they are invincible. They try to get as many audit scopes as they can and try to do as much as they can. You may have auditors who are quite happy working at a certain level within a certain scope. There is nothing wrong with that. There is always going to be a variance of auditor skills and knowledge across the industry.

“As an auditor you sometimes need to step back and have a good look at yourself and say there is only so much you can do, and be comfortable with what you do well.

“You need to manage yourself as an auditor, and as a business you need to manage your auditors to prevent those things from happening.”

Purslow postulates the current financial climate and varying audit standards to be an underlying cause of this pressure. When organizations tighten their budgets, the hunt is on to find the lowest-priced audit. As we all know, the cheapest price doesn’t always guarantee the best product or service, which raises the concern of ineffective auditing.

“If you start looking at the quality of the jobs being done, there is a big divide between the quality of the job and the actual meaningfulness of the reports that are generated,” Purslow says. “We don’t want an industry full of ‘tick and flick’ audits; we want people who write meaningful outcomes in their reports. We don’t want auditors to be subjective and negative in their approach to auditing where they forget to look at the process or become document focused. These aren’t good attributes of an auditor.

“For an auditor to do the job properly, he or she needs the time to actually do the job to the scope that has been issued. Sometimes that doesn’t happen because you have organizations that are so keen to keep clients, they cut the cost. Therefore, the expectation on the auditor to complete this body of work is increased.”

The notion of auditor competence is intertwined with these issues, which Purslow believes isn’t always the fault of the auditor.

“We talk a lot about auditor competence; the industry has been commenting on it,” he explains. “It always seems to be the auditors who are targeted for the inconsistency of auditing. But when we drill down to the root causes, you have to look at organizational cultures—the people who are running the scheme, the business, or the certification body and the auditors themselves.

“In particular, [you need to look at] issues like audit duration, number of standards being audited, expectations, audit cost, auditee, audit tools, audit team (if available), and location. All elements should be addressed by good audit planning.

“It’s about having the time and resources to put in to developing staff.”

Purslow offers the following tips to improve the standard of auditing:

  • Allow enough time. The extent to which a service will be provided when promised and how long it takes to consistently perform the service each and every time. You need to be able to complete the project or audit assignment in the time you have been given. If you don’t feel the timeframe is adequate, you need to be upfront and say it’s not going to meet the scope and objective of the audit. If you have a very heavy audit schedule, you need to make time to produce your reports and deliver your outcomes on time, in full.
  • Consistency. The extent to which audits are delivered in the same fashion for every client, every standard every time, relevant to the scope. You can’t have a bad day.
  • Honesty and integrity. The belief that things that are worth doing are worth doing well is a strong value that we should all aim to project. Integrity of the process and trust underpin the core philosophy of auditing. We choose this career path!
  • Accuracy. The extent to which the audit is performed right the first time and fully compliant to the standard we audit. Good audit planning should ensure that competency is held prior to audit delivery and enough time to complete the audit fully.
  • Competence. The relevant skills, knowledge, and expertise of auditors to complete the audits to the correct standard required. Auditing is a profession; it requires dedication, commitment, and the ability to keep learning and improving your skills and knowledge. Make time to do this!

So what is the solution to all of these challenges? Purslow suggests going back to the fundamentals.

“We need more consistency so we can get some traction and growth in the industry,” he says. “We need to go back to the fundamentals about why auditing is important and why process-based auditing is effective.

“We don’t want auditors to be checklist auditors. Ending up with 60 percent of an audit based on documentation doesn’t add value. We want auditors to be in processes, watching processes, understanding processes, and determining if they are meeting requirements.

“We choose to work in this sector, we choose to be auditors—we should all look at improving our industry, including standard owners, regulators, influencers, CABs, auditors, and clients alike. We should not accept substandard practices and planning, but agree on meaningful, achievable outcomes. To this end we all have a part to play, so let’s begin.

“Please do not perceive my passion for our industry with arrogance, as this was never the intent!”

The post Let’s Get Back to Basics: The Challenges of Being an Auditor appeared first on The Auditor.

A Look at the Evolution of Auditing in North America

Robert T. Ware has been…

Robert T. Ware has been in the auditing profession since 1974—before the term “audit” existed and when MIL-Q-9858 military standard audits were the norm. Speaking to The Auditor, Ware shares his opinions on the changes and challenges of completing manufacturing audits in North America, and the value of internal audit teams.

“Back when I started they called it an assessment, they didn’t like the punishing word of audit,” Ware reflects. “The word ‘audit’ came out in 1987 when ISO 9000 came into effect, and they called it internal audits.

“I remember a lot of people were upset about that word because it means pass/fail, where assessment means continual improvement.”

Ware spent the first 13 years of his career working in reliability, before making the transition to quality assurance. In his current role, Ware works for Zoll Medical looking after quality assurance and regulatory affairs/reliability for the resuscitation division.

“I lead a team of engineers that investigates all failures, return goods authorizations, and returned material,” Ware explains. “I am responsible for design and development, through to manufacturing, distribution, and post market surveillance.”

Having worked in the manufacturing industry for most of his auditing career, Ware is saddened to see a lot of businesses move their manufacturing offshore.

“In the 1960s, manufacturing was booming,” he says. “Forty-three years later, I have to look hard to find a company that manufactures here. Even Zoll, we do assembly and testing, and China makes all of our boards. Big manufacturing firms like Intel, Texas Instruments, Digital Equipment Corporation, and J&J, they all do the same thing.”

These changes present challenges for auditors who have to work on an international scale to get the information they need.

“We just have to keep coping,” Ware says. “We do audits over the phone. I have spreadsheets and word files that I send out. The auditee will send me back the information and then we look at the information and evaluate it, analyze it, and get results.

“We do a lot of virtual audits. We can do an audit over the telephone or by Skype. It has evolved because everything is global.”

Throughout his career, Ware has worked with standards such as TL 9000, ISO/TS 16949, and ISO 14000. Ware also served on the U.S. TAG to ISO/TC 176 from 1987 to 2006, and he worked to revise ISO 9001 in 1987, 1994, and 2000. Through his experiences, Ware has learned how industries and standards work, and has noticed some key similarities.

“Once you audit [different industries], the basic processes and products are the same in terms of how you would manufacture them,” Ware explains. “You just have to understand the process and audits to help you break it down.”

Having worked in internal audit teams for most of his career, Ware sees great benefit in the internal audit function. However, he fears young executives today don’t see the same value.

“Back in the 1970s and 1980s we had big audit teams,” Ware says. “Now I see a lot of companies outsource their audit teams. In reality, if I didn’t know anything about an operation and went in and did an audit versus working there—working there you are more of a Tasmanian devil. You can do some really good digging. It’s not like it used to be, but you have to make the best of it.”

However, Ware uses management review as an opportunity to reinforce of the value of an internal audit team.

“When I do a management review and they start discussing issues and problems, I love to bring them back to people and products,” Ware says. “These are the main parts of the business.

“I think the people who work in a company would find more value and would feel empowered. Why not take someone from the manufacturing line and make them an auditor? Especially women; they do a great job because of their intuitive nature. I think it’s a lost art.”

Ware’s Tips for Auditors to Improve Their Craft:

  • Do your preparation. Never do anything blind. The more information you know, the better you can question.
  • Keep your eyes open. Just like Yogi Bear said: You can always find something if you look. Just by observing you could not even audit and see is that how they do it? Are they sure they want to do that?
  • Just listen. The only time I talk during an audit is to ask a question. You have to let the person you are auditing do all the talking.

The post A Look at the Evolution of Auditing in North America appeared first on The Auditor.

Certificate vs. Certification: What’s the Difference, and Why Does It Matter?

by Anjali Weber There are…

by Anjali Weber

There are many types of credentials in the marketplace, and sorting through the various options can be confusing to the potential applicant or participant. Even greater confusion exists for employers, regulators, and especially the public as a myriad of “certifications” and designations are continually added to emerging and existing professions. But what are the differences between various credentials, and why does it matter?

First, the term “credential” can be broadly applied as the big umbrella under which certificate, certification, qualification, academic degrees, licensure, and registration all have a unique purpose. Second, there is a significant distinction between certificates and certification, and the right type of program will effectively satisfy stakeholder needs and accomplish desired business outcomes.

In this article, we will distinguish between certificates of attendance or participation, where there is no validation of learning, and an assessment-based certificate program, where intended learning outcomes are directly aligned to assessment. Our focus will be on a comparison between assessment-based certificates and personnel certification, as each serves a very different purpose, produces a different outcome, and fulfills different needs.

The differences can be critical to your business. Each type of program plays a role in closing skills gaps—a matter of international importance in today’s competitive business environment. Certification and certificate programs are part of a larger qualifications framework and help to address one of the biggest challenges the workforce faces today: providing the necessary skills and competencies to create qualified job candidates and successful employees. A 2009 annual talent shortage survey by Manpower of 39,000 employers in 33 countries found that 30 percent of employers worldwide are struggling to find qualified job candidates.

The traditional education system does not provide the necessary competencies for employees to succeed in the workplace. Many new college graduates fail to learn the knowledge, skills, and attributes that are most essential for success in their chosen careers. There is often a significant gap in knowledge and skills that must be addressed to make an employee workforce ready. But, the good news is that qualifications can play a major role in closing the gap.

So, what makes certificate and certification programs different? In short, a certificate program is a learning event. A certification program provides validation that learning has occurred and typically results in an awarded credential.

Primary focus

The primary focus of a certificate program is to provide instruction and training to aid learners in acquiring specific knowledge, skills, and competencies associated with intended learning outcomes. The primary purpose of a certification program is to confirm that an individual has already acquired (prior to applying for certification) a set of knowledge, skills, and competencies critical to the competent performance of a professional role or specific work-related tasks. Certification programs are independent of a specific learning event, class, course, or training program.

Purpose and scope of assessment

Both certificate and certification programs assess knowledge, skills, and competencies. However, the purpose and often the scope of these assessments are quite different. Certificate programs use formative and summative assessments to evaluate the effectiveness of instruction or training, monitor learners’ progress, and determine whether learners have achieved intended learning outcomes. Certification program assessments aren’t intended to evaluate mastery of the intended learning outcomes of a specific class, course, or training program. Rather, these are designed to verify that an individual possesses the level of knowledge, skill, or ability necessary for competent performance of a specific professional role. As such, the scope of the certification assessment also is often considerably broader than that of a certificate program assessment.

Duration of program

A certificate program typically ends when the intended learning outcomes have been achieved and the certificate is awarded. This differs markedly from certification, which is an ongoing process that requires individuals to engage in continuing education or re-examination on a periodic basis to maintain their certification.

For a detailed comparison of certificate vs. certification, the Institute for Credentialing Excellence, a premier non-profit organization serving the global credentialing community, has published a white paper that has been extensively peer-reviewed and compares and contrasts each of the major components of both programs. This Defining Features paper can be downloaded at no charge from the ICE website.

Which option is best?

It’s a matter of intention. Is there a need to acquire education and training to fill a gap or to validate that the knowledge and skills required of a particular job role or profession have already been acquired?

Certificate programs address ongoing learning gaps and may be very limited in scope or broad-based. High-impact job functions that require mastery of technical skills that may not already exist can be addressed with well-developed education and training programs. These programs can provide an organizing framework for the learning process, encouraging the alignment of all the learning components and assessments and help to synthesize the learning.

Certification programs validate existing competencies. The primary goal is to confirm that an individual possesses a desired set of knowledge, skills, or competencies previously acquired through academic or other formal education, internal or external training programs, or prior work experience. A well designed certification program begins with a comprehensive job analysis that validates the essential knowledge, skills, abilities, and characteristics needed to competently fulfil a job role. Also, if mastery of the baseline knowledge, skills, or competencies is confirmed through certification, then future training does not need to include these basics. Rather, it can focus on what is unique to the industry or the employing organization (for example, products, services, and processes). In so doing, resources will be used more efficiently. Certification also provides independent validation that equals credibility, as it is offered through a third party and is not directly connected to a specific education or training program. Recognition of an individual’s knowledge, skills, or competencies through an external certification process enhances credibility and defensibility, and this benefit is valuable to the recipient and the employer. Because the intent is not to “teach to the test,” the outcome may carry more weight in many circumstances.

In summary, certification and certificate programs serve very different purposes and are not equivalent. Well-developed programs for either that follow best practices and accreditation guidelines provide good but unique value. It’s up to the customer, the employer that hires them, and the public they serve to determine whether they have a skills gap that needs to be filled or whether personnel certification would provide better confirmation that they have attained the knowledge and skills that have been independently verified.

About the author

Anjali Weber is vice president of strategy for Exemplar Global. She was previously director of the Institute for Credentialing Excellence.

The post Certificate vs. Certification: What’s the Difference, and Why Does It Matter? appeared first on The Auditor.

Andrew Baines Appointed New President and CEO of Exemplar Global

The Exemplar Global board of…

The Exemplar Global board of directors today announced the appointment of Andrew Baines as its new president and CEO following the resignation of Peter Holtmann this week. This change is effective immediately.

The board thanks Holtmann for his many years of service and for his work in leading Exemplar Global to its position as the premier global personnel certification body for auditors, engineers, and training providers.

Baines has more than 30 years of work experience spanning the food industry, auditing and conformity assessment, and international business development.

Living in New Zealand for the past 25 years, Baines is originally from the United Kingdom where he graduated from Dundee University in Scotland with an honors degree in microbiology. After graduating, he worked in the food industry in quality control, quality assurance, and product research and development before immigrating to New Zealand where he began a career auditing quality, environmental, and safety management systems. This led to business unit management and senior executive roles in a conformity assessment body, including establishing a New Zealand government-owned agency, turning it into one of the largest conformity assessment bodies in the Southern hemisphere. Baines has global experience working in China, South East Asia, the Middle East, as well as North America and Europe. He concurrently served on the board of directors of RABQSA (now Exemplar Global) for seven years before resigning to join ASQ in January 2015 in the position of global managing director. He will continue to hold that role.

At ASQ, Baines leads ASQ Global, which comprises regional service centers in South and North Asia, Latin America, the Middle East, and Africa, and leads the global team at ASQ headquarters in Milwaukee, Wisconsin.

About Exemplar Global

Exemplar Global provides individuals from around the world with credentials of competence and capability through personnel certification. Training courses and their outcomes can be certified against international requirements for training delivery and examination best practice. Exemplar Global College offers continuing professional development to our certified professionals. Exemplar Global’s iNARTE business unit credentials engineers in the electronics and telecommunications industries. The organization’s business activities ensure’s that Exemplar Global is a thought leader and influencer of best practices of competency-based certification through its Laureate division. As a not-for-profit registered charity Exemplar Global supports its communities with its Gratiis services for those who support others charitably.

For more information, visit

Note: The Auditor is published by Exemplar Global, a wholly owned subsidiary of ASQ.

The post Andrew Baines Appointed New President and CEO of Exemplar Global appeared first on The Auditor.

Auditor Profile: An Inside Look at Motor Coach Operator Auditing

To say that Terry Ohlsson…

To say that Terry Ohlsson is passionate about the motor coach industry would be an understatement. After owning a successful motor coach company, Ohlsson dedicated the last decade of his working life to auditing to give back to the industry. The Auditor spoke to Ohlsson just before his retirement to learn what it’s really like to audit motor coach operators in the Australian state of New South Wales (NSW).

In 1993, Ohlsson was seeking a career change when the opportunity to purchase a small motor coach company came up. This led to the creation of Red Carpet Tours, which Ohlsson grew from one coach to one of the biggest operators in the Hunter region.

In 2005, Ohlsson made the decision to sell the business and retire. However, after a year, Ohlsson was approached by another operator who encouraged him to enrol in an auditor course. As auditing in the motor coach industry is not a full time responsibility, Ohlsson said he thought about the opportunity “for a good hour.”

“I thought this is a good way to stay in touch with a lot of colleagues we have made over the years and do something constructive,” Ohlsson says.

Helped largely by his experience as a coach operator, Ohlsson completed more than 500 audits and was quite well known in the industry.

“Operators face different problems according to their size and I think they were happy to have an auditor who had been an operator and understood the problems from an operator’s point of view.

“Seeing how they all operate, and understanding what the problems are, and seeing new ways of dealing with problems—it’s fascinating.”

Throughout his auditing career, Ohlsson worked closely with government transport agency Roads & Maritime Services (RMS). Ohlsson says that to understand motor coach auditing, you first need to understand the relationship between the RMS and the operator.

“When you are an operator and facing an audit by the RMS, there is a certain amount of tension involved,” Ohlsson says. “I have an obligation to that operator to make him/her feel relaxed, more comfortable with the process of being accredited, and to understand the reasons for the audit.”

However, Ohlsson acknowledges that meeting the tightening guidelines set by the RMS can be challenging at times.

“Much of [the detail] is largely irrelevant for the safe operation of a coach, and that is what this whole process of auditing was designed to do,” he explains. “Anything that insures safety is good, but there are a lot of things that have nothing to do with safety, and these can confuse and irritate an operator, particularly the many one man operations and those that have English as a second language.

“The auditee needs to understand that the process is designed to make them and the industry safer. The RMS is not the enemy. I encourage them to feel free to ask questions and approach the RMS wherever they are in doubt. I also encourage them to seek advice from other operators.”

Reflecting on his career, Ohlsson lists auditing State Transit twice as one of the highlights.

“They are the biggest operator in the country and are one of the best run operations in the state,” he says. “They have over 2,000 vehicles, 13 depots, and it’s a big thing to audit. Getting to see the inside of how State Transit works was very impressive.”

However, working in an industry such as transport has its challenges—mainly in regards to continual changes in legislation and procedures. With a new auditing form on the horizon, Ohlsson was given the privilege of piloting it before its release.

“I’ve helped to pilot a new audit form in the last few months which is precursor of the changes to come, and to report back to the RMS,” he says. “I was one of two auditors selected and to trial the new form, which asks different questions and has more detail in certain areas.”

Ohlsson says the biggest challenge not only for auditors, but the transport industry as a whole, is the differences in regulations between Australian states and territories.

“Every state should have the same regulations,” he says. “Buses go interstate. We are one country. Why are we following different rules and regulations? It’s unproductive and not in the interests of safety.

“For example, operators accredited in one state could opt to have their coaches registered in another state because it’s a quarter of the cost.

Safety requirements cannot change just because a vehicle crosses a state border. While the NSW state regulations are the most severe, I’m not advocating that everyone has to adopt the NSW principles. I’m saying let’s all adopt a new one, and the sooner the better.”

Despite entering retirement, Ohlsson will not walk away from the industry completely, and will still be available as a driver authority trainer.

“I have a lot a lot of experience in this industry and there will be a lot of operators who may want to take advantage of that,” Ohlsson says. “Now I am no longer an auditor, I can offer advice and help without affecting the audit process. Whilst my knowledge remains relatively current, I can send people to the right place to find the right information.”

The post Auditor Profile: An Inside Look at Motor Coach Operator Auditing appeared first on The Auditor.

Objective Evidence: An Auditor’s Secret Weapon

One of the primary objectives…

One of the primary objectives of an audit is to collect objective evidence. Not just random objective evidence, but evidence specific to the requirements in the audit.

By Craig Cochran

Objective evidence is the proof that the organization did or did not meet its requirements. One of the primary objectives of an audit is to collect objective evidence. Not just random objective evidence, but evidence specific to the requirements in the audit. The auditor selects requirements to verify, and then looks for objective evidence that the organization met the requirements.

Objective evidence has a couple of specific purposes. First, it provides credibility to the audit process. By keeping evidence of facts gathered during the audit, we can be confident that an audit actually took place. The auditor didn’t just go through the motions. Real people were interviewed, actual records were examined, and current processes were analyzed. Anybody can review the evidence that was gathered and feel confident that the audit was effective.

Second, the evidence forms the raw material for any nonconformities that result. We’re not seeking nonconformities, of course—we’re seeking conformity. Despite this goal, nonconformities are a common outcome of audits. If we collect detailed evidence during the audit, we’ll be able to write clear and defensible nonconformities. Objective evidence also helps to write meaningful positive findings. Both of these outputs—nonconformities and positive findings—rely on accurate and objective evidence gathered by the auditor.

Characteristics of objective evidence

The term objective evidence sounds rather complicated, but it is actually very simple. Here are the characteristics of objective evidence:

  • Unbiased: Objective evidence is unbiased. That means it is not clouded by emotions or feelings. The evidence is gathered in a completely neutral way. Bias often arises when the auditor has a personal relationship with the person they are interviewing during the audit. Auditors have to always be aware of how their personal relationships influence the way they view evidence. If an auditor believes they’re becoming biased, it is their responsibility to approach the lead auditor or quality manager and make this known.
  • Factual: Objective evidence is factual. That means it is real, not made up or imagined. Very few auditors intentionally create non-factual evidence. It sometimes happens accidentally when evidence is misinterpreted. This is one of the benefits of auditing in pairs. When you are with somebody else, you can always ask for their opinion of the evidence you’re examining. This should keep you in the realm of factual evidence.
  • First hand: Objective evidence is first-hand. That means the auditor gets evidence directly from the source. The evidence is seen, heard, read, or experienced by the auditor. A good auditor never relies on second or third-hand information, as it is often distorted. The more hand offs in an information chain, the more distortion exists and the less the information can be trusted.
  • Traceable: Objective evidence is traceable. That means you include all the identifiers about the evidence. Identifiers could include the date, time, part number, department name, and anything else that lets the organization know where the evidence came from. In theory, audit evidence should be traceable enough that anybody could see the same thing that you saw during the audit.
  • Impersonal: Objective evidence is impersonal. The evidence is written to reinforce a focus on systems and processes, instead of people. Names are omitted from evidence and job titles are used instead. No opinions about the severity or possible impacts of evidence are includedjust the facts are given. The evidence is written in a neutral, non-accusing manner.

Just because your evidence is subjective doesn’t mean that’s the end of the line. You can often turn subjective evidence into objective evidence by doing some additional digging. That’s what is referred to as following an audit trail. You might start out with biased or second-hand information, and then convert it to objective evidence by asking a few more questions.

Evidence gathering

Evidence gathering is the heart of auditing. Effective auditors are naturally curious and enter every audit in a learning state of mind. When you want to learn, your mind will crave information and your senses will be especially sharp. Very little will escape your detection. Armed with the desire to expand my own knowledge, I ask probing questions and pursue unique and important lines of inquiry. You can’t fake the desire to learn. It exists solely inside your head. There are certain truths that can help put you in this state of mind:

  • This company is doing a lot of things RIGHT. In today’s extremely competitive economy, bad companies don’t survive. They dry up and blow away very quickly. If the company you’re auditing is still in existence, then it must be doing at least a few things correctly.
  • The people here are interesting and have some fascinating stories to tell me. I have found this to be true 100 percent of the time. No matter how banal and commonplace an organization seems, it will include some people who absolutely fascinate me. They will have interesting things to tell me and I’ll have a hard time pulling myself away from them.
  • I will learn a lot during this audit. There are processes, technologies, and products here that I’ve never seen before. Yes, I’m here to do an audit, but the benefits of the audit will flow in both directions. If I’m perceptive, I will learn as much from them as they will learn from me.
  • I am a partner of the organization, not an adversary. You’re not looking for nonconformities; you’re looking for ways that the organization can improve. This is a subtle but important difference. At no time should an auditor portray the audit as a sport in which the objective is to rack up nonconformities. The number of nonconformities is inconsequential. What matters is that the company knows what they need to focus on.
  • The evidence I gather should focus on the big picture. Auditing is definitely a process of details. My task is to accumulate the details into trends that will help the organization improve. I need to probe beneath the surface and uncover the true strengths and weaknesses of the organization. I will only be able to do this once the organization trusts me and understands that I am truly there to help them.

The overall impression that you should give the organization is trust. Every word and mannerism that you evoke as an auditor should reinforce the idea that you can be trusted. People who are trying to learn can usually be trusted because learning is a cooperative process that requires a two-way exchange of information. Be a learner and you will also be an effective auditor.

About the author

Craig Cochran is the North Metro Regional Manager with Georgia Tech’s Economic Development Institute. He has assisted more than 5,000 companies since 1999 in QMS implementation, problem solving, auditing, and performance improvement. Cochran is a Certified Quality Manager, Certified Quality Engineer, and Certified Quality Auditor through the American Society for Quality. He is certified as a QMS Lead Auditor through Exemplar Global.

He is the author of numerous books, including ISO 9001:2015 in Plain English, published by Paton Professional. His next book, Auditing in Plain English, from which this article was excerpted, will be released in late 2016.

The post Objective Evidence: An Auditor’s Secret Weapon appeared first on The Auditor.

ISO 9001:2015 Key Changes

by Lorri Hunt ISO 9001:2015…

by Lorri Hunt

ISO 9001:2015 is the first major revision to the standard since the 2000 version. The intent of the 2015 revision was simple: Consider the technological changes in business during the last 15 years, develop requirements that could be dynamic enough to adjust when additional changes occur in industry, and include requirements that could be audited for conformance.

Any changes in requirements should enhance a customer’s confidence in the organization’s quality management system (QMS) and help the organization achieve intended results. A common criticism of past versions of ISO 9001 was that organizations could meet the standard’s requirements but deliver products that didn’t meet customer requirements. ISO 9001:2015 includes requirements that focus on achieving intended results. This new approach focuses on the performance and effectiveness of the QMS.

By making the standard less prescriptive and more reliant on risk-based thinking to determine the level of complexity needed for an organization’s QMS, ISO 9001:2015 accomplishes what many users have requested. However, this introduces new challenges.

For this reason, ISO 9001:2015 includes an annex that provides the rationale for some of the changes.

Here are some of the key changes in ISO 9001:2015.

Change: structure

Because the new structure of ISO 9001:2015 is the most obvious change in the revision, it’s important to understand the rationale for the change so that users can move on to the more substantive changes.

The structure of ISO 9001:2015 changed due to a decision by the ISO Technical Management Board to adopt a standardized format and common core text and terms for use in all new and revised ISO management system standards. This is to promote greater ease of use for organizations that want to integrate the requirements of multiple management system standards such as ISO 9001, ISO 14001, and ISO 50001. This standardized format is referred to as Annex SL, which is simply the alphanumeric indication of the index from the ISO Directives.

Understanding the change

Before getting too caught up in the structure of the revised standard, it’s important to read subclause 0.4, Relationship with other management system standards, and Annex A. Subclause 0.4 introduces the Annex SL high-level structure, explains the rationale of the structure, and highlights some of the changes in ISO 9001:2015. Specifically, it indicates that the structure relates to the framework developed by ISO to approve alignment among management system standards.

Subclause A.1 (located within Annex A), Structure and terminology, provides details that should help organizations understand the requirements related to structure. Subclause A.1 specifically states that there is no requirement for organizations to adopt the ISO 9001:2015 structure in their own QMS, nor do organizations have to change the terminology used in their QMS.

The text included in the annex should alleviate any concerns related to structure and required changes. With that said, organizations with an existing ISO 9001-based QMS should have already adopted the process approach in the structure of their QMS. Therefore, before making any structural changes to your organization’s QMS, it’s important to carefully consider the opportunities and issues associated with making such changes. Any change should add value. Making a change for the sake of aligning a QMS to an outside structure of any kind potentially adds unneeded cost and overhead.

If an organization wants to ensure that it has addressed any new requirements in ISO 9001:2015, it should develop a cross-reference of compliance methods such as implemented processes or documented procedures from whatever structure it’s using to the requirements in the revised standard. A cross-reference of ISO 9001:2008 requirements to ISO 9001:2015’s requirements is included in chapter 21. This cross-reference will help organizations understand the relationship of current requirements to requirements in ISO 9001:2015. This cross-reference is available to the public at no charge at:

Subclause 4.4, Quality management system and its processes, should also be considered when reviewing requirements related to the structure. Organizations that have taken a minimal approach to this requirement may need to make some changes in how they identify and control their processes. Organizations that have embraced the process approach will not only find that the transition to ISO 9001:2015 is simpler, but also that the integration of any new requirements into their QMS is easier to accomplish.

Products and services

Ever since the first of edition of ISO 9001 was published, there has been feedback from some users that the standard is difficult to apply to all types of industries, specifically the service sector. For that reason, the language in ISO 9001 was modified to make it easier to use across all sectors.

One way that ISO 9001:2015 has been made more generic is by replacing the word “product” with “products and services.” Using “products and services” helps to emphasize that the standard can be applied to all types of organizations. In addition, some requirements have been specifically changed to emphasize this point. This includes subclause 7.1.5, Control of monitoring and measuring resources, which was made easier to apply to service industries by changing the words “monitoring and measuring equipment” to “monitoring and measuring resources” and incorporating requirements related to monitoring and measuring as applicable to the service sector.

Interested parties

Some of ISO 9001:2015’s new requirements are practices that most organizations already do, but may cause some discussion regarding implementation. This is partially due to the new terminology in ISO 9001:2015 related to “interested parties.”

ISO 9001 has always been and remains a customer-focused standard. The high-level structure and common text that is required to be used by Annex SL uses the term “interested parties” instead of “customers.” Specifically, subclauses 4.1, Understanding the organization and its context, and 4.2, Understanding the needs and expectations of interested parties, require you to focus on these aspects. These requirements, while new in the text of the standard, were implied in subclause 0.1, General, in ISO 9001:2008, which indicated that the QMS is influenced by the environment that the organization operates in, including changes and risks.

Understanding the change

To eliminate the potential for the term “interested parties” to be interpreted beyond the intent of ISO 9001:2015, subclause A.3, Understanding the needs and expectations of interested parties (located in Annex A), explains subclauses 4.1 and 4.2. Specifically, ISO 9001:2015 doesn’t require an organization to consider interested parties that aren’t relevant to its QMS. Organizations will need to determine what is relevant for them based on whether the interested party has an effect on the organization’s ability to meet customer, statutory, and/or regulatory requirements. Some organizations may choose to expand the interpretation of the requirement, but this is at their discretion and where it can be determined that such an application can add value. A list of examples of interested parties is included in ISO 9000:2015.


When ISO 9001:2000 was published and ISO 9002 was eliminated, the concept of exclusions was introduced into the standard. Exclusions allowed an organization to exclude a requirement of clause 7 of the standard as long as it doesn’t affect the organization’s ability to meet customer, statutory, and/or regulatory requirements or provide a product or service that conformed to such requirements.

With the introduction of the core Annex SL text, which includes a different structure, the standard has been made more generic. Therefore, it’s easier to apply the standard’s requirements. This change focuses ISO 9001:2015 on the application of the requirements and not on the exclusion of requirements. ISO 9001:2015 requires organizations to apply the requirements where they can.

Subclause 4.3, Determining the scope of the quality management system, still requires an organization to justify any instance where a requirement cannot be applied. However, it isn’t limited to certain clauses of ISO 9001:2015 like it was in the previous two versions of the standard. The required justification for not applying a requirement of ISO 9001:2015 will assist with establishing the framework of an organization’s QMS. This will be helpful not only to the organization, but also to any third-party auditors who will be reviewing the organization’s QMS.

Understanding the change

Subclause A.5, Applicability (located in Annex A), outlines the new concept of “application not exclusion.” It specifically addresses the idea that not all requirements have to be applied by an organization due to the nature of the product or service that it provides. Other influences might be the size of the organization, the management model it adopts, and/or its risks and opportunities.

Organizations that are already taking an exclusion to a requirement in their ISO 9001:2008-based QMS should be able to determine the requirement still no longer applies when they transition to ISO 9001:2015.

Risk-based thinking

Another concept that has been integrated into ISO 9001:2015 is risk-based thinking. Although risk was implied in previous versions of ISO 9001, the word “risk” is now actually used in ISO 9001:2015. Using risk-based thinking allows an organization to determine the level of controls needed for certain requirements, thereby reducing some requirements that were seen as more prescriptive than others.

In alignment with risk-based thinking, ISO 9001:2015 doesn’t use the term “preventive action.” The language in the standard looks at how an organization determines the risks and opportunities that need to be addressed as part of an effective QMS. Subclause 6.1, Actions to address risks and opportunities, includes requirements to ensure that the QMS can achieve its intended outputs. It also addresses taking action appropriate to the potential effect of conformity of products and services and preventing the occurrence of potential issues.

Understanding the change

Subclause 6.1 includes a note that provides clarification of the options that can be used to address risks and opportunities, including the idea that risks and opportunities aren’t always negative. The organization can take actions to avoid risks or actions to pursue an opportunity.

Subclause A.4, Risk-based thinking (located in Annex A), emphasizes the point that there is no requirement to implement a specific, formal risk-management system. Instead, ISO 9001:2015 focuses on the potential risks and opportunities associated with the implementation of a specific requirement and the level of implementation required.

In addition, subclause 0.3.3, Risk-based thinking, includes the consideration of risks and the potential consequences for different types of organizations, which allows the application of requirements based on those consequences.

Documented information

Throughout the many versions of ISO 9001, the terms “documents” and “records” have been used. In ISO 9001:2015, these terms have been replaced with the term “documented information.” In addition, in previous versions of ISO 9001 the requirements for documents and records were kept in separate clauses. They are now included in subclause 7.5, Documented information.

It’s important to understand that this new terminology has been introduced because the way we control documented information today is vastly different than it was when ISO 9001 was first released. Despite this fact, there had been little change to the requirements in past revisions.

Understanding the change

Subclause A.1, Structure and terminology (located in Annex A), identifies some of the biggest terminology changes in ISO 9001:2015. It states that although the terms have been changed, organizations aren’t required to use the same terminology used by ISO 9001:2015 in their QMS. Furthermore, subclause A.6, Documented information (located in Annex A), includes clarifying information related to when the term “documented information” is used. It states, “Where ISO 9001:2008 used specific terminology such as ‘document’ or ‘documented procedures,’ ‘quality manual’ or ‘quality plan,’ this edition of this International Standard defines requirements to ‘maintain documented information.’

“Where ISO 9001:2008 used the term ‘records’ to denote documents needed to provide evidence of conformity with requirements, this is now expressed as a requirement to ‘retain documented information.’ ”

The annex goes on to explain that when the word “information” is used without “documented,” there is no requirement that the organization maintain documented information unless the organization determines it’s necessary.

Organizational knowledge

Subclause 7.1.6, Organizational knowledge, requires organizations to determine what knowledge is necessary for the operation of their processes to meet product or service requirements. This is one of ISO 9001:2015’s new requirements, but it’s something that most organizations already have in place, even if informally.

This requirement is frequently confused with the requirements for employee competence. Organizational knowledge relates to the organization; competence is employee knowledge.

Understanding the change

Subclause A.7, Organizational knowledge (located in Annex A), addresses this requirement. It specifically relates that the organization needs to safeguard against loss of knowledge through employee turnover. It also provides examples of methods for acquiring knowledge, such as benchmarking or sharing lessons learned.

Control of externally provided products and services

This is another aspect of ISO 9001:2015 where the terminology has changed. In ISO 9001:2000, the term “vendor” was changed to “supplier.” In ISO 9001:2015, the term “supplier” has been replaced with “external provider.” This is because not all products or services are obtained through a traditional purchasing process. For example, some organizations receive parts or services from an associate company.

Understanding the change

Using the term “supplier” limited the organization’s ability to see that there might be the need for controls for providers other than suppliers. With the understanding that the controls for a traditional “supplier” might be different than those for an associate company, subclause A.8, Control of externally provided processes, products, and services (located in Annex A), provides clarification that the organization can take a risk-based approach to determine the type and extent of controls needed for each external provider based on the products and services to be provided.

In addition to this terminology change, additional terminology changes are included in subclause A.1, Structure and terminology (located in Annex A). As with the previous examples outlined, there is no requirement that organizations transition to these terms. Organizations should use terms that best fit their needs regardless of their use in the standard.

ISO 9001:2015 introduces concepts that are familiar to organizations. However, some of these terms may have some nuances and specific steps that need to be incorporated into an organization’s QMS.

About the author

Lorri Hunt is a U.S. technical expert and co-convener for WG24, the group responsible for ISO 9001:2015, TS9002, and The Small Business Handbook. She is an ASQ Senior member, an Exemplar Global lead auditor, a frequent contributor to quality publications and journals, and a speaker all over the world.  She is the president of Lorri Hunt and Associates Inc.

This article originally appeared as chapter 2 in The ISO 9001:2015 Handbook: A Practical Approach to Implementation. It is reprinted with permission from the publisher Paton Professional and the authors Lorri Hunt, Jose Dominguez, and Craig Williams. 

The post ISO 9001:2015 Key Changes appeared first on The Auditor.