hygiene zone
quality tools
quality techniques
human issues
quality awards
quality extra
visitor tools


Stay Informed
Sign up below to receive our Occasional Newsletter.

We Respect Your Privacy!

Web SaferPak
SaferPak: Food Packaging Safety, Food Safety, Business Improvement and Quality Management
       Home     About     Contact

Internal audits and pastures new?
By Allan J. Sayle, President Allan Sayle Associates

Does the idea of process review comply with ISO 9001:2000?
Might process review as a surrogate for internal audits accord with my publicly expressed views?
If the precedent becomes the norm – will we visit fresh woods and pastures new?
Self certification
Effects on the registration industry
What should be the ISO position and that of the TC committee?
Appendix 1
Appendix 2 - My publicly expressed views over the years

Effects on the registration industry

An end to registration?

Registration of quality management systems by a so-called independent body came about as an extension of product certification. Some of the present day registrars had successful business in that field. As examples: BSI with its “kite mark”, Underwriter’ Laboratories with its familiar “UL” logo and Lloyd’s Register an outcrop of Lloyd’s Register of Shipping (LROS) with its famous 100A1 for ships and its “LR” applied to a ship’s Plimsoll Line. (Det Norske Veritas and Bureau Veritas did similarly). All possess honorable heritages and offer respected services that continue to this day. The certifications provided some assurance to “whomever it may concern” that a product had been designed, made or constructed in accordance with recognized codes and standards central to their specifications. When quality system requirements appeared, notably in the pressure vessel industry, some companies who certified the products were then expected to also determine compliance with the associated requirements. As an example: Hartford Steam Boiler became world known as the major certifying body for pressure retaining equipment constructed in accordance with ASME III or ASME VIII. But, the product and the QMS requirement were explicitly linked and, in the case cited, of pressure vessels, the applicant was required to produce a demonstration piece to the satisfaction of the Authorized Inspector (i.e. the assessor). Only after that had been done could a pressure vessel complying with the strictures of the product code (standard), which also contained the associated QMS requirements could be marked with an “N” or “U” stamp.

Firms could and did advertise the fact they had been awarded the “N” or “U” stamp. Customers knew what that meant and they knew what would be the involvement of the certifying body (e.g. Hartford Steam.): there would be an Authorized Inspector involved making sure of the proper application of the stamp and maintenance of the QMS. But, that AI was first and foremost knowledgeable in the product codes, standards, methods of manufacture, and all of the processes that would be used. The certifying body, to make sure it complied with the code or standard’s requirements for approved materials and scantlings, would have already assessed the design itself.

Even though an AI may be present, most customers would want to also do their own verifications and systems’ assessments. Soon came the problem of multiple assessment, whereby several organizations would be assessing the firm for the same thing. Multiply this by the number of contracts or orders in hand and it was something of a nightmare for the supplier.

Indeed, when I worked for GE’s nuclear division we had so many “audits” occurring, we employed people whose sole job was to act as escorts. Engineers and buyers, among others, would complain they could not get any work done because as one team of auditors departed, another almost immediately entered their office. It was costly.

Some bodies logically moved into offering quality system assessment as a service.

Have we come full circle and who needs a registrar?

If customers are an integral part of the process review, PR, process, they are starting once again to do the job that was being outsourced to registrars in an attempt to reduce multiple assessments. Organizations adopting this PR approach must be welcoming the involvement of multiple customers as distinct from regarding it as a costly nuisance.

At least PR involving the customer will put to an end to the horror stories about registrar performance and all the discontent there has been. One can strongly argue, if registration had delivered the type of service customers seek, they would not get as involved as they do. The old saying is, “if you want a job done right, do it yourself”: perhaps that is the message customers are giving the ISO 9001 and similar registration schemes through their willingness to be involved in PR together with their supplier(s). And, as every supplier’s management knows, the customers’ certificates are always the most valued and marketable to attract other business. (J.D. Power awards are derived from customer experiences and feedback concerning the actual product, service and value for money received. In effect, they are the real testimony as to the efficacy of the organization’s quality program et al in the face of market competition. That is something the ISO 9001 and similar certificates cannot provide.)

What is a most interesting feature of PR is that the customer is getting involved in the process and (hence) the product. Does that mean the customer and the supplier are exhibiting little confidence in a QMS to guarantee business performance in the essential areas of quality and delivery? Does it herald some companies beginning to turn away from the idea that any “third party”, such as a registrar can provide the service needed? Even if registrars pay little attention to the product and more to the QMS allegedly implemented, the customer and supplier do not. It is the product that makes the money go round. The old style AI looked at the product and processes needed to produce it. He/ she demanded demonstration pieces – coupons, examples – to be made so that the assessed firm could prove the system worked and embraced the requirements of applicable codes and standards. Few registrars do so today. The old methods were not perfect but, no one lost sight of the product. Too many do so today.

Though firms may be paying lip service to thee idea of being “certified to ISO 9001”, many registrations came as a result of significant customers contractually compelling the supplier to be certified: and we all know it!

Take away the compulsion and the entire registration industry would forced to prove it adds value to the registrant’s business. In a 2004 posting on the Elsmar Cove I stated:

“I look forward to the day when major, powerful buyers such as automotive OEMs remove all requirements for any certification to any [QMS] standard and simply say to their suppliers, ‘we are concerned with quality, delivery, price, continuous improvement and our standards for performance are zero defects, 100% on time every time etc etc. If you believe ISO 9K, TS 16949 or whatever else will help you get there – it is your free choice; if you believe obtaining a CofC against a standard will help – it is your free choice. We are indifferent about how you achieve those results. We will not interfere in your internal management strategies or decisions concerning how you will meet those obligations if you wish to retain our business. But, we reserve the right to visit you to determine how well you spend our money entrusted to you when we award you our business.’

“When that happens the diligent registrar will have its day in the sun, driving out the less professional minded, effectively cleaning up the act. And the benefits or otherwise of pursuing whatever Q. standard a firm might choose, will become clear – unfogged by issues of registrar performance because those that do not add value to the client’s operation will disappear.

“That the number of registrations is falling may be a healthy sign for the quality profession. There is nothing like a crisis to stimulate a rethink and to ‘get back to the basics’.”

Self-certification, mentioned earlier, is another possibility that would make redundant the registrars. Put another way, they would be “downsized” if it becomes a practice acceptable to customers. And why not? The world does not owe registrars or anyone else a living.

What might registrars do in a PR world?

When it comes to the world of “compliance” services, registrars may earn a living on parallel matters where the deliverable is not directly affected: environment; safety; security.

However, I pointed out in my 2005 keynote address the business model needs to be revised and that the old COI concerns must be discarded. What must not be allowed is for registrars to re-label their old wine bottles. They do need to work with RABQSA/ UKAS on developing the new model for which I have expressed some (but not all) of my thoughts in that speech.

We are probably witnessing the first breezes preceding a Schumpeterian gale of creative destruction. The smart registrar will take note and adapt: the foolish one will vanish.

Where stand the RABQSA, UKAS et al?

They are likely facing their own Schumpeterian gale. If there is no need to undertake internal audits and no need to train auditors, let alone “certify” them, that aspect of their business has no purpose: that cash cow is gone to the abattoir, transported to its slaughter and evisceration by that registrar’s precedent-making decision. Since one registrar has shown it will accept PR as the internal audit surrogate, others must follow. After all, firms wanting to pursue that approach can take their business to that particular registrar away from a registrar who does not see matters as flexibly. Alternatively, when renegotiating with the present registrar, the firm could advise accepting PR in lieu of internal audits will be a condition of contract. That is, it could exercise “negotiated compliance”, (rather more commonplace than some might care to believe in an industry where registration services themselves are a commodity offered by hundreds of firms.)

If registrars adopt the approach I suggested in my 2005 keynote speech and offer solutions as part of their service, they will effectively become consultants. They will be engaged on the basis of their ability to add value. At that point, would the customer really care about its accreditation? Probably not: I would not. In which case, what do those accrediting bodies have to offer? Not much because it would be most difficult for them to determine the capability and competence of a consulting firm in an age of transient knowledge: an employee can depart quickly with the sellable knowledge.

This is most exciting and energizing.

Of course, the accreditation bureaus may try to scold, censor or reprimand registrars daring to accept PR but that would deny what the market is saying. Registration numbers are falling and management is flexing its muscles on what it will and will not accept. Who pays the piper shall call the tune. Push management hard and it will turn away from registration and, as with human habit, the departing trickle could become a flood. It is quite common for people to muse why such notable firms as Toyota succeed as they do considering they did not adopt ISO 9001 etc. nor compel their suppliers to become “certified” to it. And, considering ISO 9000 family has now existed for close on 20 years, the percentage of businesses in this world that are “certified” is small: given all of the publicity, propaganda and posturing of that industry, the numbers represent a miserable achievement in comparison to, say, the number that have invested in PCs or web sites.

The accreditation bureaus are more vulnerable than are the registrars. Many of the latter retain honorable roots to which they could return, roots predating by decades or, in some cases, centuries the birth of accreditation bureaus. The registrars possess sellable knowledge they can continue to develop: accreditation bureaus do not. I do not need an accreditation body to advise me on the worth and competence of, say, Underwriter’s Laboratory or DNV.

In a private communication to me, one accreditation bureau confirmed it has been aware “…for about 12 months of [registrar named] acceptance of Yell’s assertion that conventional auditing is not required…”

Is ISO 9001:2000 out of date?

Yes and no. But that is of little importance. Management is on the move and deciding for itself what it needs for its business purposes.

Next: What should be the ISO position and that of the TC committee?



Back to previous page




























top of page

home :: about :: contact :: terms

© 2006 SaferPak Ltd.