It isn’t all about getting and keeping your ISO Certificate.
Your organization needs to get value from the Certification Body Audits and, if you don’t, move to another Certification Body.
Certification Body (CB) contracts are of three years duration. This is the universal norm. Many organizations renew contracts without giving the matter much thought. This is a mistake.
You should, as with any key supplier, evaluate their performance periodically. And coming towards the end of a 3-year cycle would seem the ideal opportunity to do so. Here are some reasons you might want to change CB – the list is not prioritized.
- As a matter of Corporate Policy
Many major corporates change their financial auditors on a 5-year or 10-year cycle as a matter of policy, and no matter how satisfied they are with past performance. Many also apply the same policy to their choice of CB. In both circumstances, the Board is keen to get a fresh perspective.
- The Audit Team is unchanged for the past 5+ years
Audit Teams, even though lead by a professional and suitably trained Lead Auditor, can go ‘native’ and become too friendly with the auditee’s staff. Naturally there then tends to be a reluctance on the part of the Audit Team to be exacting in grading findings and to be lenient in their Audit Conclusion – you get to keep your Certification even though there are serious failures of the system that are not going to be corrected.
You’re paying them to be rigorous, not to give you ‘an easy ride’. A new Audit Team (perhaps, from the same CB) will find it easier to ask the tough questions.
- Management can’t see any tangible benefits other than the Certificate itself
Some Audit Teams avoid engaging with Management. They don’t ask the hard questions or encourage a critical examination of what benefits the organization is getting or should be getting, from its quality management system or other management system.
- Staff don’t feel they learn anything from the audits
During the audit interviews staff are not being asked challenging questions, e.g. asked to justify why certain jobs are done the way they are. There is no depth to the questioning – few if any ‘what-if’ questions. A good audit should be a learning experience for the persons interviewed.
- Management don’t feel challenged or made to think about our processes, and how well they serve the business.
Auditors don’t follow an audit trail by checking processes sequentially. E.g. the auditors never take, say, a signed delivery docket and track the associated activities and records back through the operational processes until they get to a customer inquiry and/or to an inquiry for a raw material sent to a prospective supplier. This kind of audit activity will quickly establish whether a set of operational processes are ‘sound’ or not.
- Auditors spend too much time in the office checking documentation.
While documentation constitutes strong evidence, it is not the only evidence an Audit Team should seek. We all know that documentation can be ‘doctored’.
Good auditors will spend substantial time collecting other forms of evidence, such as,
1) structured interviews with staff at all levels and functions within the organization,
2) observing people working normally while conducting the interviews, and
3) checking and counting physical objects (stock counting, checking product labeling, checking calibration stickers, and the like).
Evidence from a variety of sources forms the basis for a fairer and more reliable audit conclusion.
- Audit Team arrives late and/or leaves early.
To get through the audit plan the Audit Team consequently takes smaller samples and has less evidence than is deemed necessary, on which to make a reliable audit conclusion. An unwarranted positive audit conclusion could mean a nasty surprise when the next Supplier Audit takes place.
- Audits don’t focus on the critical processes
They don’t appear to have a deep understanding of what’s important to your business and they miss things. Things that Customers doing Supplier Audits are unlikely to miss.
- The Audit Plan doesn’t get completed
The Team is too easily distracted and, if they spend too much time on one item, they make no effort to ensure that all the items in the plan get covered. Consequently, there are processes that go unaudited. And again, too little evidence upon which to make a reliable audit conclusion.
- The Audit Team loves a leisurely lunch.
A classic time-wasting tactic. Sometimes encouraged by the auditee. The end result: processes go unaudited. And you’re being ‘robbed’.
So, over to you...
If many, or any, of the reasons given above, apply to your organization, it's time to think about changing your Certification Body or, at least, changing the Audit Team. Failure to do so may mean that there is a 'timebomb' in your system waiting to be found during a Supplier Audit by a critical Customer. Or may mean that the many benefits and improvements that your management system should be prompting (and helping you achieve) are needlessly foregone.
If you demand value for money, you'll change your Certification Body or Audit Team regularly. And while you're at it, why don't you get your internal auditors trained? - sorry, couldn't resist getting a plug-in.
Note: First published August 2017; reviewed and updated March 2021.
- ISO Accreditation vs ISO Certification: Which Do You Need?
- [Infographic] The route to ISO Certification explained
- What is ISO Auditor Competence and Who Decides on It?
deGRANDSON Global is an ISO Certified Educational Organization
We have chosen ISO 21001 certification because, unlike IRCA and Exemplar badges (which in our opinion are commercially compromised), it is based on independent third-party assessment. It is a ‘university grade’ standard in use globally by schools, colleges, and universities to demonstrate their competence.