15 March 2017 has been and gone, it marked the halfway point for transition to certification to the latest edition of ISO 9001. If the project plan to have all certified organisations transition to the 2015 edition by 15th September 2018 is half complete then where are we compared with the gantt chart or resource plan?
Aside from the early adopters who went for ‘First to be certified’ on the very same day the standard was published there appears to be a huge bow wave building up in front of the 3rd party certification tanker. Do all those responsible for managing the transition project in their organisation have a plan? Have they updated their personal competence to cover those significant changes that the 2015 edition brings? Do they have buy in from all those ‘top management’ in 9001 called upon to demonstrate leadership and commitment? If the answer to any one of these questions is ‘no’ then there is a serious risk they will not be in the club of 1 million plus holding a certificate on the 16th September 2018.
As with all resource constrained systems the problem will become: ‘How to deliver transition audits in the 6 month period leading up to September 15th 2018 for those late adopters?’
At s2a2s our recommendation is in two parts: Get started on making any changes needed to your systems to demonstrate compliance with the new requirements, and; engage with your current CB and start to work on a programme of visits to cover transition and book those assessment dates in the diary.
With this article I’m hoping to prompt discussion about the auditor pool we select from, particularly internal auditors. This started after a comment from a 3rd party certification body where I was told their issue was succession planning and how to deal with an auditor pool where the majority of individuals were well past ‘normal’ retirement age. Now, as a ‘seasoned’ quality professional, I’m all for opportunity at the end of my career and there is great logic in having a good selection of experienced people in your ranks but, as in all things, there has to be balance.
Mirroring the suite of Management System Standards coming out of ISO’s technical committees there seem to be endless ISO / IEC 17021 – xx documents describing 3rd party certification auditor competence and, in the brave new world of demonstrated ability, these documents don’t define auditor competence by a minimum length of stay in a particular technical sector. As a colleague described it: 20 years experience on a cv can be demonstrated progression in a chosen field or one year’s experience repeated 20 times. Nevertheless it takes time to understand sector context, industry tools and techniques, jargon used and regulatory requirements that apply, all things covered in the latest draft of ISO 19011 and 17021 – 3, and hence you need some mileage on the clock to pick them up.
What about internal auditors, do the same rules apply? I say no. Auditors should be selected based on personal capability and behaviours, in particular intelligence and curiosity. If you are lucky enough to be able to afford one, look no further than your graduate programme. These are the best of the new intake to the organisation, proven to have enthusiasm, perhaps tested on assessment days and identified as the ‘best of the best’.
When graduates join you on day 1 they are all desperate to get under the bonnet of your organisation and understand how it works. As an early part of their graduate scheme get them auditing your management system. They bring with them latest thinking and technologies in their field and an inquisitive nature. With the licence to follow their nose, communicate with people working at all levels in the process(es) you operate and to challenge current thinking they can provide a real ‘fresh eyes’ look at what you do.
Of course they’ll need some training in your audit process and as they go they’ll make mistakes and tread on some toes but my bet is that you will get some real nuggets from their insight and fresh thinking about your way of working including how your system is portrayed in systems including documents. The individuals will gain a great deal, too. Having to challenge senior colleagues if poor practices or ineffective controls are found and then to have to report back to function managers is character forming.
Give it a go, particularly if your current internal audit programme is seen as a check box exercise and results generally fall into the ‘And? So what?’ category. This way of holding a mirror up to your organisation is bound to give you value way beyond what you expend.