+ Sidebar

Let’s Get Back to Basics: The Challenges of Being an Auditor

With more than 25 years…

With more than 25 years of audit experience, director of successful auditing and training business Global Quality Assurance, David Purslow has seen it all. In a no-holds-barred interview with The Auditor, Purslow gives insight into some key issues facing auditors and offers a simple solution for improvement.

Purslow enjoys the diversity of auditing and the process of assisting businesses improve. However, not everyone shares the same experience of auditing. In this fast-paced environment, auditors can face pressures from many sources, including auditees who want the job complete within tight deadlines or certification bodies pushing auditors to take on more than they can handle. According to Purslow, challenges such as these can easily pile up, leaving the auditor with a backlog of work or pushed to the point of burnout—particularly for contract auditors.

“In Australia, we work with a lot of contract-based auditors,” Purslow says. “This can breed the type of auditor who has a money focus, so they will take on every job that is available to them. That is where the issue of burnout can arise. They are trying to grow their business, but at what cost?

“All of a sudden we see people getting burnt out because they are doing too much.

“There are also a lot of young auditors who think they are invincible. They try to get as many audit scopes as they can and try to do as much as they can. You may have auditors who are quite happy working at a certain level within a certain scope. There is nothing wrong with that. There is always going to be a variance of auditor skills and knowledge across the industry.

“As an auditor you sometimes need to step back and have a good look at yourself and say there is only so much you can do, and be comfortable with what you do well.

“You need to manage yourself as an auditor, and as a business you need to manage your auditors to prevent those things from happening.”

Purslow postulates the current financial climate and varying audit standards to be an underlying cause of this pressure. When organizations tighten their budgets, the hunt is on to find the lowest-priced audit. As we all know, the cheapest price doesn’t always guarantee the best product or service, which raises the concern of ineffective auditing.

“If you start looking at the quality of the jobs being done, there is a big divide between the quality of the job and the actual meaningfulness of the reports that are generated,” Purslow says. “We don’t want an industry full of ‘tick and flick’ audits; we want people who write meaningful outcomes in their reports. We don’t want auditors to be subjective and negative in their approach to auditing where they forget to look at the process or become document focused. These aren’t good attributes of an auditor.

“For an auditor to do the job properly, he or she needs the time to actually do the job to the scope that has been issued. Sometimes that doesn’t happen because you have organizations that are so keen to keep clients, they cut the cost. Therefore, the expectation on the auditor to complete this body of work is increased.”

The notion of auditor competence is intertwined with these issues, which Purslow believes isn’t always the fault of the auditor.

“We talk a lot about auditor competence; the industry has been commenting on it,” he explains. “It always seems to be the auditors who are targeted for the inconsistency of auditing. But when we drill down to the root causes, you have to look at organizational cultures—the people who are running the scheme, the business, or the certification body and the auditors themselves.

“In particular, [you need to look at] issues like audit duration, number of standards being audited, expectations, audit cost, auditee, audit tools, audit team (if available), and location. All elements should be addressed by good audit planning.

“It’s about having the time and resources to put in to developing staff.”

Purslow offers the following tips to improve the standard of auditing:

  • Allow enough time. The extent to which a service will be provided when promised and how long it takes to consistently perform the service each and every time. You need to be able to complete the project or audit assignment in the time you have been given. If you don’t feel the timeframe is adequate, you need to be upfront and say it’s not going to meet the scope and objective of the audit. If you have a very heavy audit schedule, you need to make time to produce your reports and deliver your outcomes on time, in full.
  • Consistency. The extent to which audits are delivered in the same fashion for every client, every standard every time, relevant to the scope. You can’t have a bad day.
  • Honesty and integrity. The belief that things that are worth doing are worth doing well is a strong value that we should all aim to project. Integrity of the process and trust underpin the core philosophy of auditing. We choose this career path!
  • Accuracy. The extent to which the audit is performed right the first time and fully compliant to the standard we audit. Good audit planning should ensure that competency is held prior to audit delivery and enough time to complete the audit fully.
  • Competence. The relevant skills, knowledge, and expertise of auditors to complete the audits to the correct standard required. Auditing is a profession; it requires dedication, commitment, and the ability to keep learning and improving your skills and knowledge. Make time to do this!

So what is the solution to all of these challenges? Purslow suggests going back to the fundamentals.

“We need more consistency so we can get some traction and growth in the industry,” he says. “We need to go back to the fundamentals about why auditing is important and why process-based auditing is effective.

“We don’t want auditors to be checklist auditors. Ending up with 60 percent of an audit based on documentation doesn’t add value. We want auditors to be in processes, watching processes, understanding processes, and determining if they are meeting requirements.

“We choose to work in this sector, we choose to be auditors—we should all look at improving our industry, including standard owners, regulators, influencers, CABs, auditors, and clients alike. We should not accept substandard practices and planning, but agree on meaningful, achievable outcomes. To this end we all have a part to play, so let’s begin.

“Please do not perceive my passion for our industry with arrogance, as this was never the intent!”

The post Let’s Get Back to Basics: The Challenges of Being an Auditor appeared first on The Auditor.

A Look at the Evolution of Auditing in North America

Robert T. Ware has been…

Robert T. Ware has been in the auditing profession since 1974—before the term “audit” existed and when MIL-Q-9858 military standard audits were the norm. Speaking to The Auditor, Ware shares his opinions on the changes and challenges of completing manufacturing audits in North America, and the value of internal audit teams.

“Back when I started they called it an assessment, they didn’t like the punishing word of audit,” Ware reflects. “The word ‘audit’ came out in 1987 when ISO 9000 came into effect, and they called it internal audits.

“I remember a lot of people were upset about that word because it means pass/fail, where assessment means continual improvement.”

Ware spent the first 13 years of his career working in reliability, before making the transition to quality assurance. In his current role, Ware works for Zoll Medical looking after quality assurance and regulatory affairs/reliability for the resuscitation division.

“I lead a team of engineers that investigates all failures, return goods authorizations, and returned material,” Ware explains. “I am responsible for design and development, through to manufacturing, distribution, and post market surveillance.”

Having worked in the manufacturing industry for most of his auditing career, Ware is saddened to see a lot of businesses move their manufacturing offshore.

“In the 1960s, manufacturing was booming,” he says. “Forty-three years later, I have to look hard to find a company that manufactures here. Even Zoll, we do assembly and testing, and China makes all of our boards. Big manufacturing firms like Intel, Texas Instruments, Digital Equipment Corporation, and J&J, they all do the same thing.”

These changes present challenges for auditors who have to work on an international scale to get the information they need.

“We just have to keep coping,” Ware says. “We do audits over the phone. I have spreadsheets and word files that I send out. The auditee will send me back the information and then we look at the information and evaluate it, analyze it, and get results.

“We do a lot of virtual audits. We can do an audit over the telephone or by Skype. It has evolved because everything is global.”

Throughout his career, Ware has worked with standards such as TL 9000, ISO/TS 16949, and ISO 14000. Ware also served on the U.S. TAG to ISO/TC 176 from 1987 to 2006, and he worked to revise ISO 9001 in 1987, 1994, and 2000. Through his experiences, Ware has learned how industries and standards work, and has noticed some key similarities.

“Once you audit [different industries], the basic processes and products are the same in terms of how you would manufacture them,” Ware explains. “You just have to understand the process and audits to help you break it down.”

Having worked in internal audit teams for most of his career, Ware sees great benefit in the internal audit function. However, he fears young executives today don’t see the same value.

“Back in the 1970s and 1980s we had big audit teams,” Ware says. “Now I see a lot of companies outsource their audit teams. In reality, if I didn’t know anything about an operation and went in and did an audit versus working there—working there you are more of a Tasmanian devil. You can do some really good digging. It’s not like it used to be, but you have to make the best of it.”

However, Ware uses management review as an opportunity to reinforce of the value of an internal audit team.

“When I do a management review and they start discussing issues and problems, I love to bring them back to people and products,” Ware says. “These are the main parts of the business.

“I think the people who work in a company would find more value and would feel empowered. Why not take someone from the manufacturing line and make them an auditor? Especially women; they do a great job because of their intuitive nature. I think it’s a lost art.”

Ware’s Tips for Auditors to Improve Their Craft:

  • Do your preparation. Never do anything blind. The more information you know, the better you can question.
  • Keep your eyes open. Just like Yogi Bear said: You can always find something if you look. Just by observing you could not even audit and see is that how they do it? Are they sure they want to do that?
  • Just listen. The only time I talk during an audit is to ask a question. You have to let the person you are auditing do all the talking.

The post A Look at the Evolution of Auditing in North America appeared first on The Auditor.

Certificate vs. Certification: What’s the Difference, and Why Does It Matter?

by Anjali Weber There are…

by Anjali Weber

There are many types of credentials in the marketplace, and sorting through the various options can be confusing to the potential applicant or participant. Even greater confusion exists for employers, regulators, and especially the public as a myriad of “certifications” and designations are continually added to emerging and existing professions. But what are the differences between various credentials, and why does it matter?

First, the term “credential” can be broadly applied as the big umbrella under which certificate, certification, qualification, academic degrees, licensure, and registration all have a unique purpose. Second, there is a significant distinction between certificates and certification, and the right type of program will effectively satisfy stakeholder needs and accomplish desired business outcomes.

In this article, we will distinguish between certificates of attendance or participation, where there is no validation of learning, and an assessment-based certificate program, where intended learning outcomes are directly aligned to assessment. Our focus will be on a comparison between assessment-based certificates and personnel certification, as each serves a very different purpose, produces a different outcome, and fulfills different needs.

The differences can be critical to your business. Each type of program plays a role in closing skills gaps—a matter of international importance in today’s competitive business environment. Certification and certificate programs are part of a larger qualifications framework and help to address one of the biggest challenges the workforce faces today: providing the necessary skills and competencies to create qualified job candidates and successful employees. A 2009 annual talent shortage survey by Manpower of 39,000 employers in 33 countries found that 30 percent of employers worldwide are struggling to find qualified job candidates.

The traditional education system does not provide the necessary competencies for employees to succeed in the workplace. Many new college graduates fail to learn the knowledge, skills, and attributes that are most essential for success in their chosen careers. There is often a significant gap in knowledge and skills that must be addressed to make an employee workforce ready. But, the good news is that qualifications can play a major role in closing the gap.

So, what makes certificate and certification programs different? In short, a certificate program is a learning event. A certification program provides validation that learning has occurred and typically results in an awarded credential.

Primary focus

The primary focus of a certificate program is to provide instruction and training to aid learners in acquiring specific knowledge, skills, and competencies associated with intended learning outcomes. The primary purpose of a certification program is to confirm that an individual has already acquired (prior to applying for certification) a set of knowledge, skills, and competencies critical to the competent performance of a professional role or specific work-related tasks. Certification programs are independent of a specific learning event, class, course, or training program.

Purpose and scope of assessment

Both certificate and certification programs assess knowledge, skills, and competencies. However, the purpose and often the scope of these assessments are quite different. Certificate programs use formative and summative assessments to evaluate the effectiveness of instruction or training, monitor learners’ progress, and determine whether learners have achieved intended learning outcomes. Certification program assessments aren’t intended to evaluate mastery of the intended learning outcomes of a specific class, course, or training program. Rather, these are designed to verify that an individual possesses the level of knowledge, skill, or ability necessary for competent performance of a specific professional role. As such, the scope of the certification assessment also is often considerably broader than that of a certificate program assessment.

Duration of program

A certificate program typically ends when the intended learning outcomes have been achieved and the certificate is awarded. This differs markedly from certification, which is an ongoing process that requires individuals to engage in continuing education or re-examination on a periodic basis to maintain their certification.

For a detailed comparison of certificate vs. certification, the Institute for Credentialing Excellence, a premier non-profit organization serving the global credentialing community, has published a white paper that has been extensively peer-reviewed and compares and contrasts each of the major components of both programs. This Defining Features paper can be downloaded at no charge from the ICE website.

Which option is best?

It’s a matter of intention. Is there a need to acquire education and training to fill a gap or to validate that the knowledge and skills required of a particular job role or profession have already been acquired?

Certificate programs address ongoing learning gaps and may be very limited in scope or broad-based. High-impact job functions that require mastery of technical skills that may not already exist can be addressed with well-developed education and training programs. These programs can provide an organizing framework for the learning process, encouraging the alignment of all the learning components and assessments and help to synthesize the learning.

Certification programs validate existing competencies. The primary goal is to confirm that an individual possesses a desired set of knowledge, skills, or competencies previously acquired through academic or other formal education, internal or external training programs, or prior work experience. A well designed certification program begins with a comprehensive job analysis that validates the essential knowledge, skills, abilities, and characteristics needed to competently fulfil a job role. Also, if mastery of the baseline knowledge, skills, or competencies is confirmed through certification, then future training does not need to include these basics. Rather, it can focus on what is unique to the industry or the employing organization (for example, products, services, and processes). In so doing, resources will be used more efficiently. Certification also provides independent validation that equals credibility, as it is offered through a third party and is not directly connected to a specific education or training program. Recognition of an individual’s knowledge, skills, or competencies through an external certification process enhances credibility and defensibility, and this benefit is valuable to the recipient and the employer. Because the intent is not to “teach to the test,” the outcome may carry more weight in many circumstances.

In summary, certification and certificate programs serve very different purposes and are not equivalent. Well-developed programs for either that follow best practices and accreditation guidelines provide good but unique value. It’s up to the customer, the employer that hires them, and the public they serve to determine whether they have a skills gap that needs to be filled or whether personnel certification would provide better confirmation that they have attained the knowledge and skills that have been independently verified.

About the author

Anjali Weber is vice president of strategy for Exemplar Global. She was previously director of the Institute for Credentialing Excellence.

The post Certificate vs. Certification: What’s the Difference, and Why Does It Matter? appeared first on The Auditor.

Techniques for Gathering Audit Evidence

By Craig Cochran Gathering evidence…

By Craig Cochran

Gathering evidence as part of an audit involves a mix of techniques that are used interchangeably: visual observation, examination of records, and employee interviews.

Gathering audit evidence as part of an audit involves a mix of techniques that are used interchangeably: visual observation, examination of records, and employee interviews. One moment you will be looking around the work area, and the very next you’ll ask an employee a question. The audit is a fabric that is skillfully woven of these techniques. Let’s take a deeper look at each major technique used for gathering audit evidence.

Visual observation

This is the most basic ways to gather evidence during an audit. Simply looking around is a very powerful way to understand how an organization works. Is the place organized or cluttered? Is communication formal or informal? Smart auditors immerse themselves in the organization they are auditing and look at it from every angle. Here are some especially powerful pieces of audit evidence you can look for:

  • Uncontrolled documents. Look around for “bandit documents” posted on walls, machines, and desks. These are often informal specs or procedures that are not controlled in any way. Bandit documents often take the form of Post-It notes, marker settings written on machines, old memos, printed emails, and photocopies of external documents. If the document provides information on product requirements, process control guidelines, or decision making criteria, you need to inquire how the information is supposed to be controlled.
  • Product outside the normal flow. Look for large piles of product that appear to be outside the normal flow of production. These are often nonconforming products, moved to the side so they can be addressed. If you find nonconforming products, make sure they are being handled in accordance with the company’s process for controlling nonconforming products.
  • Measuring instruments. The presence of measuring instruments usually means that there are important characteristics that must be verified. When you see measuring instruments, you need to find out what they’re used for. If we’re using them to check product, verify service, or control a process, then the organization should have a process for ensuring the fitness of the instruments. These range from complex measurement devices to include very simple gauges (such as templates, patterns, jigs, rulers, tape measures, and limit samples), and everything in between.
  • Housekeeping and organization. It doesn’t take an expert to identify a mess. That’s really what you’re looking for. Problems with housekeeping and clutter are symptoms of larger issues. Delve deeper into these conditions and try to find out what is happening. Lack of housekeeping often points to issues with product preservation, defects, identification, and traceability.
  • Product identification. Look to see that all product has some sort of identification. Identification could be achieved through a variety of methods such as stickers, tags, bar codes, paint dabs, assigned location, special bins, boxes, or bags. If you’re not clear what the identification is, ask someone in the area.
  • Improvised fixes and repairs. Look for evidence that employees have had to make improvised fixes and repairs. Amateur repairs often use duct tape, rope, shims, and other crude methods. If employees have improvised repairs, then it could be evidence that the maintenance program is not being carried out or that adequate resources are not being provided by management.
  • Informal record keeping. Look for informal record keeping in notebooks, logbooks, scratch sheets of paper, etc. If the records relate to anything that ISO 9001 or the company’s system addresses, then the records should be handled in a formal manner.

Examination of records

Records are historical artifacts. They tell what has happened in the past. Auditors generally accept records as statements of fact. If we have a credible record that indicates something happened, then we can usually conclude the action happened. Of course, records are not required of everything that happens in an organization. If a company procedure or the applicable standard (such as ISO 9001) requires a record, then obviously we need a record.

I mentioned the need for “credible” records. What exactly is a credible record? It is one that we can have faith in as being an accurate representation of the activities it vouches for. These are some characteristics that help make a record credible:

  • Completely filled out. If the record starts as a blank form, then we would expect all spaces to be completed. Any blanks should have clear explanations for the omission.
  • Dates. Records need verifiable dates in order to have any credibility.
  • Participants. If the record was a meeting, then a listing of participants would help tell the story of what happened. If the record was simply proof of something happening, then who carried out the action would need to be recorded.
  • Actual results. What actions took place? If the record was proof inspection, then the inspection results would be needed. If the record was taken from a meeting, what was decided?
  • Subsequent actions. Many records will include action items or follow-ups. If the activity being recorded includes these types of actions, the record should clearly indicate it.

Employee interviews

An interview is a structured discussion. Unlike a normal discussion that can meander over a wide variety of topics, an interview has a specific objective. Your objective is to capture factual information about the process being audited. The interviewer must plan and control the discussion so the required facts are gathered in the most efficient manner possible. In general, certain cues help an auditor know if the interview they’re leading can be considered objective evidence:

  • The employee makes statements relating to things they personally saw or took part in.
  • The employee’s statements relate directly to their responsibilities and authorities.
  • The employee’s statements can be corroborated by records or supporting statements from other personnel.
  • The employee makes statements that are specific and which include credible details (as opposed to blanket statements that are vague on specifics).

In cases where there are requirements for records, a statement alone would not suffice.

Related Article: Objective Evidence: An Auditor’s Secret Weapon

Techniques for Gathering Audit Evidence

Objective evidence is the proof that the organization did or did not meet its requirements. One of the primary objectives of an audit is to collect objective evidence. Not just random objective evidence, but evidence specific to the requirements in the audit. The auditor selects requirements to verify, and then looks for objective evidence that the organization met the requirements.
Click Here to Read


Sampling of evidence

Audits are never 100 percent inspections. There is simply not enough time to examine everything that is happening within the organization. Instead, audits sample evidence. The sample does not need to be statistically based, but it does need to be representative. If a population of evidence includes thousands of records, then a representative sample would certainly be more than one. Just take a reasonable sample of evidence given the evidence available. Think about how you might subdivide the overall population of evidence into rational sub-groups. For instance, if you’re auditing training, you might sub-divide employees into top management, hourly, employees less than 90 days old. Employees with more than 10 years of experience. Then you’ll take your samples from the sub-groups, instead of just blindly selecting samples from the overall population.

Recording notes

Note taking is an important part of the audit process. Evidence gathered must be fully traceable and highly detailed. This means that auditors must develop efficient means for capturing their notes. If you’re the type of person that takes notes during an interview, make sure to tell your auditee that you’ll be writing down details. Also remember that you likely have one chance to capture the details of evidence. Slow down, take your time, and write the required details and evidence traceability while you’re in the department. The one thing you would never do is ask an auditee to speak into an audio recorder. This makes the audit seem too much like a police interrogation.

Examples of evidence

The best way to understand good versus bad evidence is to study some examples. Here’s what appears to be a detailed statement of facts. Read it carefully and decide what you don’t like about it:

“Returned goods were missing the nonconforming materials tags, which greatly increases the chance of accidentally shipping bad material.”

This evidence has a number of problems. In summary, it’s highly opinionated and not traceable. Here are the specifics:

  • Where was this found? The area or department should be indicated.
  • What returned goods are we talking about? We need to identify them to enable traceability. Part numbers or descriptions should be adequate.
  • How many returned goods were missing the tags? The quantity helps put the situation in perspective.
  • The auditor has included his opinion at the end. This adds subjectivity to the evidence and will only inflame the auditee.

Let’s rework the evidence. Here are the same facts, expressed in much more complete and correct terms:

“Three out of 10 returned desk kits (product code 675) in the warehouse hold area were missing the nonconforming materials tags.”

The first thing that strikes you is how much more specific this evidence is. It is the epitome of “just the facts, ma’am.” Here is why it is better:

  • The area where the returned goods were located is clearly indicated (i.e., warehouse hold area)
  • The identity of the returned goods is provided (i.e., desk kits, product code 675)
  • The sample size is shown, helping the audited organization understand the magnitude of the situation (i.e., three out of 10)
  • Only facts are stated. No auditor opinions about impacts or ramifications of the nonconformity are included.

Seeking evidence of positives

Smart auditors always ask themselves, “Am I actively looking for positives during the audit?” The audit should be a balanced snapshot of the organization. Balanced means the identification of positive practices, as well as nonconformities. Any organization that is still in business in these tough economic times is doing a lot of things right. Too often, audits become an obsessive exercise in finding the organization’s flaws. As you can imagine, audits of this type are rarely welcomed or requested.

You have to continually remind yourself to be on the lookout for positives during the audit. Ask yourself these questions during the audit, to keep the topic fresh on your mind:

  • What sets this organization apart?
  • What do they do especially well?
  • What practices create competitive advantage?
  • Where are the isolated pockets of excellence?
  • Who are the innovators of new methods and tools?

If you are leading an audit, remind the other auditors under your supervision to also be on the lookout for positives and best practices.

It’s important to note that in mature management systems, identification of positives is one of the most important purposes of an audit. That’s because the discipline of the management system is well established. Audits have already picked the low-hanging fruit, so auditors can turn their attention to finding the isolated pockets of excellence. These pockets of excellence are often obscured and hidden from view, so an important purpose of the audit is to root these out. Once identified, these best practices can be widely adapted and turned into the new standard. This motivates people to embrace the audit process, while driving improvement throughout the organization.

Here are some examples of positive findings:

  • Clean and well-organized receiving area
  • Management of the lab is fully engaged in the management system
  • Effective corrective actions generated by production
  • Detailed action plans for achieving objectives in the purchasing department.

Try to write positives that are highly individualized and specific to the areas they relate to. We have no use for “boiler plate positives” that are generic and generalized. Remember, we’re looking for best practices that the rest of the organization can learn from. Keep your eyes open for positives, and you’ll find that you produce better results and are always welcomed as an auditor.

About the author

Craig Cochran is the North Metro Regional Manager with Georgia Tech’s Economic Development Institute. He has assisted more than 5,000 companies since 1999 in QMS implementation, problem solving, auditing, and performance improvement. Cochran is a Certified Quality Manager, Certified Quality Engineer, and Certified Quality Auditor through the American Society for Quality. He is certified as a QMS Lead Auditor through Exemplar Global.

He is the author of numerous books, including ISO 9001:2015 in Plain English, published by Paton Professional. His next book, Auditing in Plain English, from which this article was excerpted, will be released in late 2016.

The post Techniques for Gathering Audit Evidence appeared first on The Auditor.

Objective Evidence: An Auditor’s Secret Weapon

One of the primary objectives…

One of the primary objectives of an audit is to collect objective evidence. Not just random objective evidence, but evidence specific to the requirements in the audit.

By Craig Cochran

Objective evidence is the proof that the organization did or did not meet its requirements. One of the primary objectives of an audit is to collect objective evidence. Not just random objective evidence, but evidence specific to the requirements in the audit. The auditor selects requirements to verify, and then looks for objective evidence that the organization met the requirements.

Objective evidence has a couple of specific purposes. First, it provides credibility to the audit process. By keeping evidence of facts gathered during the audit, we can be confident that an audit actually took place. The auditor didn’t just go through the motions. Real people were interviewed, actual records were examined, and current processes were analyzed. Anybody can review the evidence that was gathered and feel confident that the audit was effective.

Second, the evidence forms the raw material for any nonconformities that result. We’re not seeking nonconformities, of course—we’re seeking conformity. Despite this goal, nonconformities are a common outcome of audits. If we collect detailed evidence during the audit, we’ll be able to write clear and defensible nonconformities. Objective evidence also helps to write meaningful positive findings. Both of these outputs—nonconformities and positive findings—rely on accurate and objective evidence gathered by the auditor.

Characteristics of objective evidence

The term objective evidence sounds rather complicated, but it is actually very simple. Here are the characteristics of objective evidence:

  • Unbiased: Objective evidence is unbiased. That means it is not clouded by emotions or feelings. The evidence is gathered in a completely neutral way. Bias often arises when the auditor has a personal relationship with the person they are interviewing during the audit. Auditors have to always be aware of how their personal relationships influence the way they view evidence. If an auditor believes they’re becoming biased, it is their responsibility to approach the lead auditor or quality manager and make this known.
  • Factual: Objective evidence is factual. That means it is real, not made up or imagined. Very few auditors intentionally create non-factual evidence. It sometimes happens accidentally when evidence is misinterpreted. This is one of the benefits of auditing in pairs. When you are with somebody else, you can always ask for their opinion of the evidence you’re examining. This should keep you in the realm of factual evidence.
  • First hand: Objective evidence is first-hand. That means the auditor gets evidence directly from the source. The evidence is seen, heard, read, or experienced by the auditor. A good auditor never relies on second or third-hand information, as it is often distorted. The more hand offs in an information chain, the more distortion exists and the less the information can be trusted.
  • Traceable: Objective evidence is traceable. That means you include all the identifiers about the evidence. Identifiers could include the date, time, part number, department name, and anything else that lets the organization know where the evidence came from. In theory, audit evidence should be traceable enough that anybody could see the same thing that you saw during the audit.
  • Impersonal: Objective evidence is impersonal. The evidence is written to reinforce a focus on systems and processes, instead of people. Names are omitted from evidence and job titles are used instead. No opinions about the severity or possible impacts of evidence are includedjust the facts are given. The evidence is written in a neutral, non-accusing manner.

Just because your evidence is subjective doesn’t mean that’s the end of the line. You can often turn subjective evidence into objective evidence by doing some additional digging. That’s what is referred to as following an audit trail. You might start out with biased or second-hand information, and then convert it to objective evidence by asking a few more questions.

Evidence gathering

Evidence gathering is the heart of auditing. Effective auditors are naturally curious and enter every audit in a learning state of mind. When you want to learn, your mind will crave information and your senses will be especially sharp. Very little will escape your detection. Armed with the desire to expand my own knowledge, I ask probing questions and pursue unique and important lines of inquiry. You can’t fake the desire to learn. It exists solely inside your head. There are certain truths that can help put you in this state of mind:

  • This company is doing a lot of things RIGHT. In today’s extremely competitive economy, bad companies don’t survive. They dry up and blow away very quickly. If the company you’re auditing is still in existence, then it must be doing at least a few things correctly.
  • The people here are interesting and have some fascinating stories to tell me. I have found this to be true 100 percent of the time. No matter how banal and commonplace an organization seems, it will include some people who absolutely fascinate me. They will have interesting things to tell me and I’ll have a hard time pulling myself away from them.
  • I will learn a lot during this audit. There are processes, technologies, and products here that I’ve never seen before. Yes, I’m here to do an audit, but the benefits of the audit will flow in both directions. If I’m perceptive, I will learn as much from them as they will learn from me.
  • I am a partner of the organization, not an adversary. You’re not looking for nonconformities; you’re looking for ways that the organization can improve. This is a subtle but important difference. At no time should an auditor portray the audit as a sport in which the objective is to rack up nonconformities. The number of nonconformities is inconsequential. What matters is that the company knows what they need to focus on.
  • The evidence I gather should focus on the big picture. Auditing is definitely a process of details. My task is to accumulate the details into trends that will help the organization improve. I need to probe beneath the surface and uncover the true strengths and weaknesses of the organization. I will only be able to do this once the organization trusts me and understands that I am truly there to help them.

The overall impression that you should give the organization is trust. Every word and mannerism that you evoke as an auditor should reinforce the idea that you can be trusted. People who are trying to learn can usually be trusted because learning is a cooperative process that requires a two-way exchange of information. Be a learner and you will also be an effective auditor.

About the author

Craig Cochran is the North Metro Regional Manager with Georgia Tech’s Economic Development Institute. He has assisted more than 5,000 companies since 1999 in QMS implementation, problem solving, auditing, and performance improvement. Cochran is a Certified Quality Manager, Certified Quality Engineer, and Certified Quality Auditor through the American Society for Quality. He is certified as a QMS Lead Auditor through Exemplar Global.

He is the author of numerous books, including ISO 9001:2015 in Plain English, published by Paton Professional. His next book, Auditing in Plain English, from which this article was excerpted, will be released in late 2016.

The post Objective Evidence: An Auditor’s Secret Weapon appeared first on The Auditor.

The Influential Auditor

Influence is an attribute that…

Influence is an attribute that can be developed once you know the formula. Knowing how to be influential in your daily pursuits can be the difference between a value-added experience for the auditee and just another audit.

Influence is an attribute that can be developed once you know the formula. Knowing how to be influential in your daily pursuits can be the difference between a value-added experience for the auditee and just another audit.

We all know at least one auditor of great influence and watch as they command an audit outcome, network event, or technical committee. They may not have the highest competence, the most experience, or the greatest technical skills, yet colleagues choose to listen, follow, and accept the advice or arguments voiced by these individuals.

This influence comes from within the individual and it is a series of traits that they have developed or learned to intuitively master. The traits I am speaking of are: confidence, courage, commitment, passion, empowerment, trustworthiness, and likeability. Not all of these traits come in an equal concoction of awesomeness—the mix will talk to how influential you really are.

If we were benchmark ourselves against highly influential people, we would likely pick some religious icon, business mogul, or academic. The choices are endless. Let’s take a brief look at the attributes of influence.

Confidence is how much you rely on and believe in yourself and your abilities. You may have a strong sense of personal judgment that lets you know when you are right, especially when the outcome of a situation is unknown. People could relate this to vision or the art of seeing the unseen.

Commitment is your will to achieve an outcome. Those with high commitment will overcome almost any adversity and power through to the finish line. Commitment and purpose are intertwined. Knowing what you are striving for will be a strong driver for you.

Courage is where you draw your inner strength from. It’s how you face barriers to success or challenges to outcome. Having courage can move you through a confronting situation in the workplace, to a balanced, peaceful, or fruitful outcome. Courage and commitment make great bed fellows.

Passion—one of my favorites—is your eagerness to complete the job and engage others on your progress. Those with high passion can very clearly communicate their vision to others and demonstrate the value of having them join you.

Empowerment is the ability to share the effort and rewards that follow. Those who are comfortable sharing power attract others to their work or vision. Being empowered means that you build the competence of others around you and enjoy the fruits of your labor.

Trustworthiness. A big one here for us all is having others place their trust in you without being let down, betrayed, or taken advantage of. Trust and responsibility show others that when you commit to something, you finish the task, are reliable, and in turn they will support you. Trustworthiness is probably the hardest attribute to attain, and the easiest to lose.

Likeability is how you demonstrate your positivity to others. Having a positive mindset and allowing others to feel positive can be an empowering experience for both parties. Likeable people tend to be heard more, trusted more easily, believed more often, and given the benefit of the doubt. Being likeable does not mean that you are a push over or are overly optimistic. Rather, it means you can overcome the barriers to success by believing work matters, and that you can only be successful when you have the support of others.

These traits underpin the best leaders, influencers, popular icons, and community elders.

When we consider ourselves against these seven traits, what do we see in ourselves? We may be committed and passionate about our cause, but does our likeability and empowerment let us down causing people to trust us less?

Let’s turn this into a positive statement. When we are clear about our purpose and have the determination to deliver a great outcome that benefits others as well as ourselves, then we are more likely to be trusted and supported.

Focusing on auditing—knowing your key competencies and how they can positively influence the outcome of an audit—will greatly improve your presence on site. Your confidence builds a level of trust in your capabilities and a commitment by the client to achieve a successful outcome.

What we know about auditing is that people are drawn to the profession by the nature of their personal attributes. These individuals have an innate sense of passion and pride in their work and know their efforts contribute to a safer, secure, consistent way of life for all that meet or exceed consumer expectations.

Influence can be measured and is able to be enhanced through your daily pursuits and reflections on your work. Your mix of traits can be identified, measured, and reported on, and you can become a more influential auditor.

If you have a story about a moment of influence you have achieved, participated in, or witnessed, please share it with us. If you would like to know more about how to measure your influence rating and how to build upon your traits, please get in touch.

About the author

Peter Holtmann is the president and CEO of Exemplar Global Inc., the premium provider of personnel certification and credential management and independent certification for training outcomes.

Peter has been passionately dedicated to the conformity assessment profession for 20 years, spending the last 10 years building Exemplar Global into a world-class certification organization. As the industry has changed so has Peter’s role, from a scientific professional to trainer and risk consultant, from auditor to business developer, and now as a strategist and leader of a global non-profit organization.

Peter sees his role as an advocate for credentialing that helps drive career pathways to international recognition. He believes unilateral acceptance of a person’s capabilities across cultures, countries, and continents builds world trade and fosters global growth of human capital.

The post The Influential Auditor appeared first on The Auditor.

Why We Don’t Ask Why (and Why It Matters… Sometimes)

Sometimes our expertise, previous history,…

Sometimes our expertise, previous history, and a cursory assessment of risk lead us to the logical conclusion that the appropriate action is correction.

By Denise Robitaille

Recently I had a minor problem with the bathroom sink at the hotel. Water was draining at a trickle’s pace, leaving scummy water stagnating in the basin overnight.

To have correctly stated the issue, I would have said, “The sink isn’t draining properly.” However, my mind immediately leapt to: “That sucker needs a good plunging.”

In less than a heartbeat I went from problem to solution, completely bypassing even the faintest glimmer of an inquiry into what was causing the slow trickle.

It occurred to me that we do this all the time. We rarely pause to go through the mental gymnastics of the situation. For example, the sink isn’t draining properly:

  • Why?
  • Is it clogged? Perhaps.
  • Could it be a larger and denser obstruction?
  • Should I try using a plunger or a chemical drain cleaner?
  • Is there a greater risk of one method over the other?
  • If it isn’t a simple clog, will the chemical cleaner create a bigger problem?
  • Based upon prior experience and how the sink is generally used, the plunger option is a low-risk tactic that will probably solve the problem.
  • The outcome? Plunge the sucker!

In terms of everyday life, we’d probably be paralyzed into inaction if we consistently paused to perambulate through these comatose-inducing mental mazes. Therefore, the normal inclination is to assume we know what is wrong and act accordingly.

When then should we delve into the root cause? And, why is this discussion relevant to auditing?

Sometimes our expertise, previous history, and a cursory assessment of risk lead us to the logical conclusion that the appropriate action is correction. Fix the defect. Make note of the action and move on. Correction is an acceptable action that is defined in ISO 9000:2015.

ISO 9001:2016 has an escape clause: “Corrective actions shall be appropriate to the effects of the nonconformities encountered.” An organization needs to understand effects, which means it needs to understand the implicit risk. Sometimes, it’s OK not to do corrective action.

Problems arise when the cause really isn’t apparent or there is serious risk if root cause analysis isn’t done and we still take the short cut. We make inappropriate assumptions of the nature of the cause based on opinion or incorrect and/or inadequate information.

A quality management system has requirements relative to addressing customer complaints, investigating the cause of problems, and having an effective corrective action process.

It’s up to the auditor to assess if problems have been appropriately addressed through either correction or corrective action. If it is apparent that corrective action should have been initiated, the first step should have been to conduct root cause analysis. In the absence of the root cause analysis step, it’s impossible to have a consistently effective corrective action process. Bearing in mind that the purpose of the audit process is used to assess both conformance and effectiveness, an auditor could rightly raise findings relative to failures in both risk-based thinking and implementation of corrective action requirements.

Individuals must be cognizant of their natural inclination to resist root cause analysis and determine when it is essential that the tendency be overruled so that the organizations can implement the process needed to solve problems and experience improvements.

About the author

Denise Robitaille is the author of numerous books on various quality topics. She is an internationally recognized speaker who brings years of experience in business and industry to her work in the quality profession. Denise is an active member of U.S. TAG to ISO/TC 176, the committee responsible for updating the ISO 9000 family of standards. She is also an Exemplar Global-certified lead assessor, an ASQ Certified Quality Auditor, and a fellow of the ASQ.

Denise’s recent books include The (Almost) Painless ISO 9001:2015 Transition (published by Paton Professional) and ISO 9001:2015 Handbook for Small and Medium-Sized Businesses, Third Edition (published by ASQ Quality Press).

The post Why We Don’t Ask Why (and Why It Matters… Sometimes) appeared first on The Auditor.

Successful Audits Start with Well-Planned Opening Meetings

by Craig Cochran Have you…

by Craig Cochran

Have you ever felt anxious about something that was about to happen? Imagine if the “thing” was called an audit. Your anxiety would be sky-high. The truth is that audits are always a little nerve wracking, no matter how much preparation and communication happens ahead of time. An opening meeting aims to remove this anxiety and sets the tone for a smooth, friendly audit that is focused on improving processes.

The name “opening meeting” is probably a little grandiose for what this really entails. We’re talking about a short, usually informal meeting to discuss the audit plan and basic details of the audit. For an internal audit, the opening meeting can be accomplished in little more than five minutes. The auditor briefly goes over the audit plan line by line and asks if any changes are needed. Questions about the audit are addressed and any lingering anxiety is dealt with. A friendly and informal opening meeting gets the ball rolling toward a successful audit.

The opening meeting typically takes place in an office or in a conference room for larger groups. Participants include the auditor(s) and the main auditee contact. I have led opening meetings with as few as two and as many as 200 people. The exact size of the opening meeting depends on the organization being audited and the number of people they want to invite. During your pre-audit communication, it’s helpful to tell your organization contact that you’ll be having an informal opening meeting prior to the start of the audit. You can mention that they are welcome to invite whatever personnel they’d like to attend, and that you’ll be covering some basic details related to the audit.

The lead auditor conducts the opening meeting. If there is a team taking part in the audit, there’s not much for the other auditors to do or say. After all, the whole meeting lasts only a few minutes and provides an overview of the audit. The closing meeting will have more opportunities for involvement by other auditors.

You may be wondering, why is something that only lasts a few minutes so important? The opening meeting may sound inconsequential, but it isn’t. The event may be simple and brief, but the outcomes are critical. Consider these results from the opening meeting:

  • Comfort about the audit process
  • Spirit of partnership in improvement
  • Warm introduction to key participants (auditors and usually the managers of the areas being audited)
  • Agreement on any scheduling changes that must be made
  • Answering of questions
  • Trust that the auditors are seeking conformity not nonconformity

If the organization has been audited multiple times before and is already comfortable with the process, the opening meeting will be less important. It never gets skipped, though. You always start with an opening meeting to give the auditing process the dignity it deserves and briefly cover what will happen once the auditing begins.

It’s common for auditors to use a checklist to help them conduct the opening meeting. Here is a detailed explanation of each agenda item:

  1. Welcome: Begin the opening meeting with a warm welcome to everybody present. A big smile and a friendly voice will help establish a tone of cooperative improvement. As part of your welcome, you may also want to let everybody know that the opening meeting won’t last more than a few minutes. “Thanks for coming to our opening meeting this morning. We’re just going to cover a few details about today’s audit and let everybody get on their way.”
  2. Introductions: Introductions may or may not be necessary, depending on everybody’s familiarity. Make sure that nobody is a stranger. Knowing somebody is the first step toward trusting them. “My name is Craig Cochran and I’ll be leading the audit. Dennis Kelly will be auditing with me. And this is the manager of the production area, Tim Israel. We appreciate you welcoming us to your department, Tim.”
  3. Scope: Describe the boundaries of the audit in terms of departments, functions, and/or processes. A clearly defined audit scope helps to remove confusion. “The scope of today’s audit will be the production area, which includes the molding, machining, and finishing processes.”
  4. Criteria: Communicate the general requirements against which the audit will be conducted. This usually includes an outside standard of some sort (such as ISO 9001) and the organization’s own policies and procedures. There’s no need to list specific procedures, unless the audit criteria is very narrow. “We’ll be auditing against ISO 9001:2015, your documented management system, and applicable customer requirements.”
  5. Objective: Complete your introductory remarks by stating the objective of the audit. Possible objectives include preparing for ISO 9001 certification, addressing organizational weaknesses, and identifying opportunities for improvement. Everything that happens in an organization should have a purpose, and an audit is no exception. “The objective of today’s audit is to prepare for our ISO 9001:2015 transition audit, as well as to identify opportunities for improvement.”
  6. Review audit plan: Now you get into the details of the audit plan. I find that it’s helpful to go over every angle to remove the potential for confusion. Here are the most common details:
    1. The duration of the audit. “We’ll begin the audit at 8:30 a.m. and continue until 11:00 a.m.”
    2. Departments and/or processes to be audited and times. “Molding will be audited from 8:30 a.m. until 9:15 a.m., machining will be audited from 9:15 a.m. until 10:00 a.m., and finishing will be audited from 10:00 a.m. until 11:00 a.m.”
    3. Documents to be used during the audit. “We’ll be using departmental procedures, customer specifications, and the ISO 9001:2015 standard during our audit.”
    4. The anticipated schedule for closing meeting. “We’re planning on having a closing meeting at 11:30 a.m. today. At that time, we’ll go over all the findings and discuss next steps. Feel free to invite anyone you think would benefit from being there.”
  7. Sampling: The audit will be a representative sampling of evidence, not a 100 percent inspection. This should be obvious to all participants, but it is important to declare this limitation before the audit begins. “We will select a random and representative sampling of evidence during the audit, with the objective of producing a balanced picture of operations. There is no way we could possibly conduct a 100 percent inspection of everything happening here, but we believe our sample will provide an accurate snapshot of current operations.”
  8. Company Rules: Clearly state the auditors’ intention to following all company rules and safety precautions. “We know that ear plugs and safety glasses are required while in the production area, and have come equipped with these personal protection items. Also, we’ll make sure to stay within the painted yellow lines that indicate pedestrian walkways. As you’ve indicated, we will also stay with our company guide at all times.”
  9. Confidentiality: Make a general commitment to maintain confidentiality related to the evidence gathered and conclusions generated during the audit. “Everything we see during the audit and all the evidence we gather will be held in strict confidence. We will not share it with any parties outside of your organization.”
  10. Confirm changes: It’s not uncommon for emergencies and unforeseen events to emerge right before an audit. These can range from employee injuries, to visits from regulatory bodies, to urgent customer orders. Make sure to confirm that the audit plan is OK as published. If not, what changes need to be made? Try to accommodate any changes within reason. In rare cases, the audit may need to be rescheduled. “Do we need to make any changes to our audit plan? Let me know and we’ll talk about possible alternatives. We don’t mind changing the timing of any of our activities to suit your operations.”
  11. Questions: In a gathering as relaxed as the opening meeting, questions are usually addressed as they come up. Explicitly ask for questions at this point in case anyone was waiting on a cue. “Does anybody have any questions or comments? Please don’t be shy. All your thoughts are very important to us.”
  12. Thanks again: Conclude the opening meeting with one more thanks to all in attendance. Thank them for coming to the opening, and also for their cooperation and assistance related to the audit. Thank you is something you can’t say too much during an audit. “Thanks again for having us here today and allowing us to audit. I look forward to making this a real win-win activity, because I expect that we will learn a lot from you.”

Through a brief opening meeting, you’ve invested in the success of the audit. The plan for the audit has been discussed and agreed to, and a feeling of mutual trust has been established. Now you’re ready for a successful audit.

About the author

Craig Cochran is the North Metro Regional Manager with Georgia Tech’s Economic Development Institute. He has assisted more than 5,000 companies since 1999 in QMS implementation, problem solving, auditing, and performance improvement. Cochran is a Certified Quality Manager, Certified Quality Engineer, and Certified Quality Auditor through the American Society for Quality. He is certified as a QMS Lead Auditor through Exemplar Global.

He is the author of numerous books, including ISO 9001:2015 in Plain English, published by Paton Professional. His next book, Auditing in Plain English, from which this article was excerpted, will be released in late 2016.

The post Successful Audits Start with Well-Planned Opening Meetings appeared first on The Auditor.

Auditable Requirements

By Craig Cochran At the…

By Craig Cochran

At the heart of every audit are the concepts of auditable requirements and objective evidence. Indeed, one cannot function effectively as an auditor without a full understanding of these concepts as they work hand-in-hand to produce a complete picture of how the organization performs.

Auditable requirements

Let’s begin with auditable requirements. These are the obligations that the organization has committed to implementing. Most of an audit is spent verifying that requirements have been met. Here is an example of a requirement: “Technicians must have the customer sign the work order after repairs have been completed.”

The requirement comes out of a company procedure. The company wrote the procedure because managers deemed this requirement (and others) to be important. We can’t see the entire procedure, but there are requirements before this one and probably some after it.

During the preparation phase of an audit, the auditor requests to receive various procedures and documents the organization has written. These are read and analyzed to determine which requirements are worth verifying during the audit. Auditors simply don’t have time to verify every single requirement. Rather, auditors choose what they believe to be the most important requirements to verify.

Inexperienced auditors generally struggle with identifying the requirements they should focus on. Here are some guidelines:

  • Requirements for key production processes
  • Requirements for inspecting product/service
  • Requirements related to potentially dangerous tasks
  • Requirements for reviewing information and making improvements
  • Requirements related to known weaknesses and problem areas
  • Requirements that come directly from customers

Although there are thousands of requirements organizations must satisfy, and they come from a range of sources, auditors only care about the requirements that are within the scope, or boundary, of the audit. For instance, if I’m doing an ISO 9001 audit, I’m probably not going to pay much attention to regulatory requirements about used oil disposal. This requirement is related to environmental regulatory compliance and is not within the scope of most ISO 9001 audits.

The other caveat related to requirements is that they must be officially approved by company management. If we’re talking about a company procedure or document, the approval usually comes from some sort of signature or other sign-off. If we’re talking about a standard such as ISO 9001, the approval comes from top management making an official declaration to pursue the standard. Usually the only requirements that will be made available to you before and during the audit are ones that are officially approved. If you stick to these, you will be fine.

Let’s talk about a number of different requirements that are likely to be used during an audit.

Company procedures and instructions

This group constitutes the largest category of requirements during most internal audits. They are documents written by the company itself to address its specific needs. They can be long or short, graphic or text, simple or complex. There is no right or wrong way to write a procedure, and they are certainly not written for the convenience of auditors.

The auditor will request to review company procedures prior to the audit and will attempt to understand them during his or her preparation time. Preparation time could take 30 minutes or eight hours depending on the number of requirements within the audit’s scope and the auditor’s familiarity with the organization.

Organizations use a wide range of names to refer to their documents. Some have highly formal categories of documents that relate to different degrees of detail. For instance, you may encounter a company that has a category called “operating procedures” and a category called “work instruction.” Historically, an operating procedure addresses a process from a high level, covering broad systematic requirements. For instance, you may find a document called “Calibration Operating Procedure.” This is likely to be a fairly high-level document that talks about the entire calibration process and how it is managed. On the other hand, a work instruction is usually a much lower level document that addresses tasks from a step-by-step level. For example, you might encounter a “Caliper Calibration” work instruction. This would describe step-by-step how to calibrate a caliper. Please note that organizations are not required to have different levels of documents like this. I only mention it so that you can be aware of different approaches that companies may take.

Besides procedures and work instructions, there are many different “procedural” documents that an organization may decide to write. These include:

  • Flow charts
  • Checklists
  • Process descriptions
  • Set-up sheets
  • Process standards
  • Test methods
  • Standard operating procedures

The list goes on and on. As an auditor, you will never be 100 percent familiar with all documents written by the organization. How could you? Your challenge is to do a reasonable amount of preparation so that you can ask meaningful questions during the audit. Some company documents will only rear their heads during the audit, especially in the case of very low-level instructions. You will use these as you see fit, based on their apparent importance and risk.

Company policies and objectives

Policies are the highest level documents written by the organization. They rarely include procedural content (i.e., “how to”), but most often address overall company direction, philosophy, and goals. Since policies are so high level, they can be very difficult to audit against. Nonetheless, they must be included. Within the ISO 9001 framework, the quality policy is specifically required.

Auditors should examine the commitments stated in policies and ask how high-level commitments are deployed in all levels of the organization. A hollow commitment that nobody understands is worthless. If you read a policy that includes a statement such as, “We are committed to becoming the leader in technological innovation,” top management should be asked how they are working toward that commitment. Look for specific evidence that lower level employees also understand the commitments and can explain how they support the policies.

Objectives are also high-level documents, although they have a sharper edge than most policies. Objectives state metrics and measurable goals that the company is pursuing. Here are some examples:

  • Reduce warranty repairs to less than one percent of sales.
  • Deliver 97 percent on-time shipping.
  • Perform all service calls performed within two hours of scheduled appointment.
  • Reduce scrap by five percent.
  • Increase sales by 10 percent.

As an auditor, you’re concerned about what sort of plans are behind the objectives. Have resources been determined, actions planed, responsibilities identified, and timelines established? Ultimately, is the organization making progress against each objective? If not, what is being done about it? Inherent in the presence of objectives is the obligation to work toward them in a systematic way.

Standard requirements

Most management systems that use internal auditing are based on a standard of some sort. The most common standard is ISO 9001, but there are many others. These standards are usually written to apply to a wide variety of organizations, which tends to make them a little difficult to interpret. For this reason, standard requirements are sometimes de-emphasized during internal audits. This is a mistake. If an organization has implemented a management system standard, then internal audits definitely need to include the applicable standard’s requirements.

Requirements in standards such as ISO 9001 are written as “shall” statements. The “shalls” are sometimes very specific and sometimes quite vague. Understanding the practical interpretations of a standard represents a specific training need for most internal auditors. When auditors apply standard requirements, they often find that they must explain the requirement to the auditee.

Sometimes auditors find that there are two nearly identical requirements: one from the applicable standard and one from a company document. When this happens, the requirement that should be used is the lowest-level requirement. In other words, the requirement written by the organization. Why would an auditor want to use the company requirement instead of a standard requirement? Because it has more specific relevance to the organization. They felt strongly enough about that particular topic to address it within their own procedures, so any issues raised by the auditor on that topic will presumably grab their attention.


Records aren’t often thought of as sources of requirements during an audit. After all, records are historical and describe what happened in the past. Sometimes this past includes decisions that have been made and must be acted upon. Good auditors will identify these commitments and verify that they have taken place. Examples of records that are often used during audits include:

  • Purchase Orders: including the requirements that suppliers must meet. This also obligates the organization to verify that the supplier did what they’re supposed to do. An example is the requirement, “Shipment must include certified test results.” The auditor should check to see that certified test results were indeed sent with the shipment and that the test results meet all requirements.
  • Management Review Records: These meetings are led by top management and nearly always include action items that must be implemented. Auditors should scan these records for action items and seek evidence that they were carried out.
  • Corrective Action Records: Corrective actions are the formal problem-solving events for organizations. They will always include improvement actions that must be implemented. Auditors must verify that improvements have fully implemented and checked for effectiveness.
  • Sales Orders and Contracts: Sales records always include product/service requirements that the organization must fulfill. These could include delivery dates, performance requirements, dimensional specifications, or any number of other variables. Auditors should confirm that employees know about these requirements and that the organization is meeting all of them.

Auditing against opinions

Everybody has opinions. Sometimes these opinions make sense. But opinions do not constitute requirements. An auditor’s opinion is never used as a requirement. The irony of opinions is that the more auditing you do, the more likely you are to develop strong opinions. Auditors must always guard against using their opinions during audits. Opinions are part of a whole family of entities that have no place in most audits, including:

  • Opinions
  • Best practices
  • Neat ideas
  • World-class methods
  • “What we used to do at my old company”

If you see something during the audit that seems like the wrong way to do things, your job is to find a requirement that the organization committed to. Your opinion of what’s right or wrong is not sufficient.

Most audit systems have a category of finding that falls short of a nonconformity. These go by various names, including observation, concern, recommendation, and opportunity for improvement. This type of finding does not generally require the organization to take corrective action. As such, the findings don’t require a solid requirement and can be based on the opinion of an auditor. But nonconformities are never based on auditor opinions.

Traceable requirements

All requirements used during the audit must be traceable. In other words, you can say where each requirement has come from. Requirements without traceability have no credibility or context. When identifying a requirement, the following elements are defined:

  • Document name (where the requirement is taken from)
  • Document number
  • Revision level
  • Section number/title
  • The exact requirement, taken word-for-word from the source

Here is an example of a well-written requirement, along with the evidence that makes it a nonconformity:

Requirement: The Finishing Procedure (SOP #QOP-32, revision 3) states in section 6.5 that employees must wear white gloves when handling finished product.

Evidence: The auditor observed two employees in the warehouse handling a pallet of finished product (part #443) without white gloves.

About the author

Craig Cochran is the North Metro Regional Manager with Georgia Tech’s Economic Development Institute. He has assisted more than 5,000 companies since 1999 in QMS implementation, problem solving, auditing, and performance improvement. Cochran is a Certified Quality Manager, Certified Quality Engineer, and Certified Quality Auditor through the American Society for Quality. He is certified as a QMS Lead Auditor through Exemplar Global.

He is the author of numerous books, including ISO 9001:2015 in Plain English, published by Paton Professional.

The post Auditable Requirements appeared first on The Auditor.

Millennials’ Association with Quality

How do we learn to…

How do we learn to engage with millennials using their tools of communication, demonstrate that your association has an accessible and attainable career pathway, remove the barriers of achievement through mentoring, and articulate the purpose that will encourage engagement through volunteering?

by Peter Holtmann

Let me be clear from the start: This is not an anti-millennial piece, rather a call to action. We are interested in you. Millennials (Members of the generation following Generation X, or two generations after the 1946 to 1964 baby-boom generation. Also known as Generation Y.), are the voice of future quality professionals. So let’s talk.

In continuing our work on future sustainability pathways, Exemplar Global is very clear on one thing—millennials are our audience.

I am not going to detail the psychometrics of millennials. I would prefer to discuss the value proposition to engage in our industry.

For the sake of efficiency, I will call it the quality industry. But let it be understood this covers training, consulting, auditing, mentoring, coaching, and research into all things related to the consistent outcomes of product and service. This includes quality, health, safety, environment, security, and protection.

I decided to research how other industries and associations address the “enigma” of millennials and what engages them. I found 375,000 articles on Google alone. That number may have increased since I wrote this, which shows that people are seeking answers to the same questions I am.

I am not going into the exact details, but suffice it to say that the questions are common across all the associations I researched. I will share a thread of logic shared by all on the “how to” for millennials. Specifically, learn to engage with millennials using their tools of communication, demonstrate that your association has an accessible and attainable career pathway, remove the barriers of achievement through mentoring, and articulate the purpose that will encourage engagement through volunteering.

The list is by no means definitive and there are other nuances of these themes. Essentially, the formula looks and feels familiar. But do we pitch it to the right audience?

Speaking directly to millennials, I would like to respond to these terms on behalf of Exemplar Global and other like-minded quality professionals and communities.

Our mission and vision at Exemplar Global is to advance the art and science of recognition of the professionals within the communities we support. That means we work hard to show your value to customers and employers globally. We do this by building credentials that are portable and easily recognizable. We do this because we believe you are the future and will take us forward.

How do you engage in this mission? We need people to help us shape a clearer vision of the future. What will the work environment be? How will people engage with it? What do they need to bring with them as competencies to add value to this environment?

Millennials are faster, have higher energy, engage intimately with technology, and build ideas in a way that is unique and of high value. We need you to help us deliver your future career path.

Career path
We’ve taken the first steps to create a career pathway for you. This has the elements of engaging with your peers, describing the entry requirements, and the outcomes of developing your professional credentials (this means money, recognition, and association with others). We have the flexibility to work with you on how you would like to engage with a career path. This means technology, challenge to goals, recognition, and incentives to complete the path.

Mentoring to success
Mentoring is necessary and valuable. We are working to build platforms to connect our most accomplished certified professionals with aspiring millennial professionals. Having access to an expert helps you build problem-solving capabilities, client relationship development skills, and build interaction with senior or executive management. There is no better way to build your personal and technical skills than with a mentor.

Nothing beats in-person time at events or working environments. This counts as valuable professional development and can be used as recognition toward certification or professional growth.

To this end, Exemplar Global has begun to create these opportunities, starting with our Hackathon and then moving forward with the establishment of a young professional governance opportunity.

More details on this will follow in the near future, but the sole purpose is to engage young professionals to build future association and professional credentialing models. This will be a global opportunity that fast-tracks your skills development with governance, strategy, project management, and technical development.

Being a global provider of credentials and career development has its benefits and challenges. One challenge is being “local” to our audience. The physical and cultural barriers can be just as complex and impractical as in a medium-sized association. However, we have you to our advantage. You are global and local. You know the landscape and culture, and you are connected to us.

Together we can communicate using your technology and networks. After all, you have access to far more people than we do. We should encourage you to communicate on our behalf.

This assistance could count as recognition for certification and professional development. Championing our mission and enlisting others rapidly builds a social presence that sustains the quality movement.

These thoughts are just a sketch of what is possible with your help. I’m excited about what you can accomplish and how fast you can achieve solutions. My role is to encourage you to engage with us, support your ideation and enactment, and recognize and reward your efforts.

If this sounds like you, then let’s have a conversation. The future quality profession is owned by you, so make your impression on it.

As usual, I am interested in your feedback and thoughts. You can respond directly to this article or on your favored communication channel. I’m on most of those channels.

The post Millennials’ Association with Quality appeared first on The Auditor.