 |
Internal audits and pastures new?
By Allan J. Sayle, President Allan Sayle
Associates
Effects on the registration industry
An end to registration?
Registration of quality management systems by a so-called independent
body came about as an extension of product certification. Some of the
present day registrars had successful business in that field. As examples:
BSI with its “kite mark”, Underwriter’ Laboratories
with its familiar “UL” logo and Lloyd’s Register an
outcrop of Lloyd’s Register of Shipping (LROS) with its famous 100A1
for ships and its “LR” applied to a ship’s Plimsoll
Line. (Det Norske Veritas and Bureau Veritas did similarly). All possess
honorable heritages and offer respected services that continue to this
day. The certifications provided some assurance to “whomever it
may concern” that a product had been designed, made or constructed
in accordance with recognized codes and standards central to their specifications.
When quality system requirements appeared, notably in the pressure vessel
industry, some companies who certified the products were then expected
to also determine compliance with the associated requirements. As an example:
Hartford Steam Boiler became world known as the major certifying body
for pressure retaining equipment constructed in accordance with ASME III
or ASME VIII. But, the product and the QMS requirement were explicitly
linked and, in the case cited, of pressure vessels, the applicant was
required to produce a demonstration piece to the satisfaction of the Authorized
Inspector (i.e. the assessor). Only after that had been done could a pressure
vessel complying with the strictures of the product code (standard), which
also contained the associated QMS requirements could be marked with an
“N” or “U” stamp.
Firms could and did advertise the fact they had been awarded the “N”
or “U” stamp. Customers knew what that meant and they knew
what would be the involvement of the certifying body (e.g. Hartford Steam.):
there would be an Authorized Inspector involved making sure of the proper
application of the stamp and maintenance of the QMS. But, that AI was
first and foremost knowledgeable in the product codes, standards, methods
of manufacture, and all of the processes that would be used. The certifying
body, to make sure it complied with the code or standard’s requirements
for approved materials and scantlings, would have already assessed the
design itself.
Even though an AI may be present, most customers would want to also do
their own verifications and systems’ assessments. Soon came the
problem of multiple assessment, whereby several organizations would be
assessing the firm for the same thing. Multiply this by the number of
contracts or orders in hand and it was something of a nightmare for the
supplier.
| Indeed, when I worked for GE’s nuclear division we had so
many “audits” occurring, we employed people whose sole
job was to act as escorts. Engineers and buyers, among others, would
complain they could not get any work done because as one team of auditors
departed, another almost immediately entered their office. It was
costly. |
Some bodies logically moved into offering quality system assessment
as a service.
Have we come full circle and who needs a registrar?
If customers are an integral part of the process review, PR, process,
they are starting once again to do the job that was being outsourced to
registrars in an attempt to reduce multiple assessments. Organizations
adopting this PR approach must be welcoming the involvement of multiple
customers as distinct from regarding it as a costly nuisance.
At least PR involving the customer will put to an end to the horror stories
about registrar performance and all the discontent there has been. One
can strongly argue, if registration had delivered the type of service
customers seek, they would not get as involved as they do. The old saying
is, “if you want a job done right, do it yourself”:
perhaps that is the message customers are giving the ISO 9001 and similar
registration schemes through their willingness to be involved in PR together
with their supplier(s). And, as every supplier’s management knows,
the customers’ certificates are always the most valued and marketable
to attract other business. (J.D. Power awards are derived from customer
experiences and feedback concerning the actual product, service and value
for money received. In effect, they are the real testimony as to the efficacy
of the organization’s quality program et al in the face of market
competition. That is something the ISO 9001 and similar certificates cannot
provide.)
What is a most interesting feature of PR is that the customer is getting
involved in the process and (hence) the product. Does that mean the customer
and the supplier are exhibiting little confidence in a QMS to guarantee
business performance in the essential areas of quality and delivery? Does
it herald some companies beginning to turn away from the idea that any
“third party”, such as a registrar can provide the service
needed? Even if registrars pay little attention to the product and more
to the QMS allegedly implemented, the customer and supplier do not. It
is the product that makes the money go round. The old style AI looked
at the product and processes needed to produce it. He/ she demanded demonstration
pieces – coupons, examples – to be made so that the assessed
firm could prove the system worked and embraced the requirements of applicable
codes and standards. Few registrars do so today. The old methods were
not perfect but, no one lost sight of the product. Too many do so today.
Though firms may be paying lip service to thee idea of being “certified
to ISO 9001”, many registrations came as a result of significant
customers contractually compelling the supplier to be certified: and we
all know it!
Take away the compulsion and the entire registration industry would forced
to prove it adds value to the registrant’s business. In a 2004 posting
on the Elsmar Cove I stated:
“I look forward to the day when major, powerful buyers
such as automotive OEMs remove all requirements for any certification
to any [QMS] standard and simply say to their suppliers, ‘we
are concerned with quality, delivery, price, continuous improvement
and our standards for performance are zero defects, 100% on time
every time etc etc. If you believe ISO 9K, TS 16949 or whatever
else will help you get there – it is your free choice; if
you believe obtaining a CofC against a standard will help –
it is your free choice. We are indifferent about how you achieve
those results. We will not interfere in your internal management
strategies or decisions concerning how you will meet those obligations
if you wish to retain our business. But, we reserve the right to
visit you to determine how well you spend our money entrusted to
you when we award you our business.’
“When that happens the diligent registrar will have its
day in the sun, driving out the less professional minded, effectively
cleaning up the act. And the benefits or otherwise of pursuing whatever
Q. standard a firm might choose, will become clear – unfogged
by issues of registrar performance because those that do not add
value to the client’s operation will disappear.
“That the number of registrations is falling may be a
healthy sign for the quality profession. There is nothing like a
crisis to stimulate a rethink and to ‘get back to the basics’.”
|
Self-certification, mentioned earlier, is another possibility that would
make redundant the registrars. Put another way, they would be “downsized”
if it becomes a practice acceptable to customers. And why not? The world
does not owe registrars or anyone else a living.
What might registrars do in a PR world?
When it comes to the world of “compliance” services,
registrars may earn a living on parallel matters where the deliverable
is not directly affected: environment; safety; security.
However, I pointed out in my 2005
keynote address the business model needs to be revised and that the
old COI concerns must be discarded. What must not be allowed is for registrars
to re-label their old wine bottles. They do need to work with RABQSA/
UKAS on developing the new model for which I have expressed some (but
not all) of my thoughts in that speech.
We are probably witnessing the first breezes preceding a Schumpeterian
gale of creative destruction. The smart registrar will take note and adapt:
the foolish one will vanish.
Where stand the RABQSA, UKAS et al?
They are likely facing their own Schumpeterian gale. If there is
no need to undertake internal audits and no need to train auditors, let
alone “certify” them, that aspect of their business has no
purpose: that cash cow is gone to the abattoir, transported to its slaughter
and evisceration by that registrar’s precedent-making decision.
Since one registrar has shown it will accept PR as the internal audit
surrogate, others must follow. After all, firms wanting to pursue that
approach can take their business to that particular registrar away from
a registrar who does not see matters as flexibly. Alternatively, when
renegotiating with the present registrar, the firm could advise accepting
PR in lieu of internal audits will be a condition of contract.
That is, it could exercise “negotiated compliance”, (rather
more commonplace than some might care to believe in an industry where
registration services themselves are a commodity offered by hundreds of
firms.)
If registrars adopt the approach I suggested in my 2005
keynote speech and offer solutions as part of their service, they
will effectively become consultants. They will be engaged on the basis
of their ability to add value. At that point, would the customer really
care about its accreditation? Probably not: I would not. In which case,
what do those accrediting bodies have to offer? Not much because it would
be most difficult for them to determine the capability and competence
of a consulting firm in an age of transient knowledge: an employee can
depart quickly with the sellable knowledge.
This is most exciting and energizing.
Of course, the accreditation bureaus may try to scold, censor or reprimand
registrars daring to accept PR but that would deny what the market is
saying. Registration numbers are falling and management is flexing its
muscles on what it will and will not accept. Who pays the piper shall
call the tune. Push management hard and it will turn away from registration
and, as with human habit, the departing trickle could become a flood.
It is quite common for people to muse why such notable firms as Toyota
succeed as they do considering they did not adopt ISO 9001 etc. nor compel
their suppliers to become “certified” to it. And, considering
ISO 9000 family has now existed for close on 20 years, the percentage
of businesses in this world that are “certified” is small:
given all of the publicity, propaganda and posturing of that industry,
the numbers represent a miserable achievement in comparison to, say, the
number that have invested in PCs or web sites.
The accreditation bureaus are more vulnerable than are the registrars.
Many of the latter retain honorable roots to which they could return,
roots predating by decades or, in some cases, centuries the birth of accreditation
bureaus. The registrars possess sellable knowledge they can continue to
develop: accreditation bureaus do not. I do not need an accreditation
body to advise me on the worth and competence of, say, Underwriter’s
Laboratory or DNV.
In a private communication to me, one accreditation bureau confirmed it
has been aware “…for about 12 months of [registrar
named] acceptance of Yell’s assertion that conventional auditing
is not required…”
Is ISO 9001:2000 out of date?
Yes and no. But that is of little importance. Management is on
the move and deciding for itself what it needs for its business purposes.
: What
should be the ISO position and that of the TC committee?
top of page |
 |
