News & Commentary on ISO Management System Standards

    ISO Certification Body - time for a change?

    ISO Certification 2-1-1

    It isn’t just about getting an ISO Certificate. 

    Your organization needs to get value from the Certification Body Audits and, if you don’t, move to another Certification Body.

    We at deGRANDSON Global are regularly asked about a policy for changing Certification Bodies.  Certification Body (CB) contracts are of three years duration.  This is the universal norm.  Unfortunately, many organizations renew contracts without giving the matter much thought.  This is a mistake.

    Reasons Why You Would Want to Change Your Certification Body

    You should, as with any key supplier, evaluate their performance periodically.  And coming towards the end of a 3-year cycle would seem the ideal opportunity to do so.  So here are some reasons you might want to change CB – the list is not prioritised.

    1.  As a matter of Corporate Policy

    Many significant corporates change their financial auditors on a 5-year or 10-year cycle as a matter of policy, no matter how satisfied they are with past performance.  Many also apply the same policy to their choice of CB.  In both circumstances, the Board is keen to get a fresh perspective.

    1. The Audit Team is unchanged for the past 5+ years

    Audit Teams, even though lead by a professional and suitably trained Lead Auditor, can go ‘native’ and become too friendly with the auditee’s staff. Naturally there then tends to be a reluctance on the part of the Audit Team to be exacting in grading findings and to be lenient in their Audit Conclusion – you get to keep your Certification even though there are serious failures of the system that are not going to be corrected

    You’re paying them to be rigorous, not to give you ‘an easy ride’.  A new Audit Team (perhaps, from the same CB) will find it easier to ask the tough questions.


    Train your Internal Auditors online - easy & inexpensive

    1. Management can’t see any tangible benefits other than the Certificate itself.

    Some Audit Teams avoid engaging with Management. This is because they don’t ask the hard questions or encourage a critical examination of what benefits the organisation is getting or should be getting from its quality management system or other management system.

    1. Staff don’t feel they learn anything from the audits

    During the audit interviews, staff are not being asked challenging questions, e.g., to justify why certain jobs are done the way they are.  There is no depth to the questioning – few, if any, ‘what-if’ questions.  A good audit should be a learning experience for the persons interviewed.

    1. Management doesn’t feel challenged or made to think about our processes and how well they serve the business.

    Auditors don’t follow an audit trail by checking processes sequentially.  E.g. the auditors never take a signed delivery docket and track the associated activities and records back through the operational processes until they get to a customer inquiry and/or an inquiry for a raw material sent to a prospective supplier.  This kind of audit activity will quickly establish whether a set of operational processes is' sound'.

    1. Auditors spend too much time in the office checking documentation.

    While documentation constitutes strong evidence, it is not the only evidence an Audit Team should seek.  We all know that documentation can be ‘doctored’.

    Good auditors will spend substantial time collecting other forms of evidence, such as,

    1) structured interviews with staff at all levels and functions within the organisation,

    2) observing people usually working while conducting the interviews, and

    3) checking and counting physical objects (stock counting, checking product labelling, checking calibration stickers, and the like). 

    Evidence from a variety of sources forms the basis for a fairer and more reliable audit conclusion.

    New call-to-action

    1. Audit Team arrives late and leaves early.

    To get through the audit plan, the Audit Team consequently takes smaller samples and has less evidence than is deemed necessary to make a reliable audit conclusion. As a result, an unwarranted positive audit conclusion could mean a nasty surprise when the next Supplier Audit takes place.

    1. Audits don’t focus on critical processes.

    They don’t appear to have a deep understanding of what’s essential to your business, and they miss things. Things that Customers doing Supplier Audits are unlikely to miss.

    1. The Audit Plan doesn’t get completed.

    The Team is too easily distracted, and if they spend too much time on one item, they need to make more effort to ensure that all the items in the plan get covered.  Consequently, some processes that go unaudited. And again, too little evidence upon which to make a reliable audit conclusion.

    1. The Audit Team loves a leisurely lunch.

    A classic time-wasting tactic.  Sometimes encouraged by the auditee.  The end result: processes go unaudited. And you’re being ‘robbed’.

    So, over to you...

    If any of the reasons above apply to your organisation, consider changing your Certification Body or, at least,     the Audit Team.  Failure to do so may mean a 'timebomb' in your system waiting to be found during a Supplier Audit by a critical Customer.  Or it may mean that the many benefits and improvements your management system should be prompting (and helping you achieve) are needlessly foregone.  

    If you demand value for money, you'll regularly change your Certification Body or Audit Team.  And while you're at it, why don't you train your internal auditors? So I couldn't resist getting a plug-in.


    Click on the image thumbnail to see the image in full size or click the button on the other side to go to our ISO Lead auditor overview page to learn more about our lead auditor courses.


    Related Articles

    deGRANDSON Global is an ISO Certified Educational Organization

    In October 2021, we secured certification to three education-related ISO Standards.  As a result, we now have a university-grade management system conforming to the requirements of  …

    • ISO 21001, Educational Organizational Management System,
    • ISO 29993, Learning Services outside formal Education,  and
    • ISO 29994, Learning Services – additional requirements for Distance Learning.

    We have chosen ISO 21001 certification because it is based on independent third-party assessment, unlike IRCA and Exemplar badges (which we believe are commercially compromised).  In addition, it is a ‘university grade’ standard globally by schools, colleges, and universities to demonstrate their competence.


    Written by Dr John FitzGerald

    Director & Founder of deGRANDSON Global. Spent 15 years in the manufacturing industry and 25 years training, consulting & auditing management systems
    Find me on:

    Subscribe to Email Updates

    Recent Posts