Beware! The Misinterpretations of a third party auditor

Recently, IQC has run across a disturbing trend among 3rd Party auditors: deciding how they want the client to comply with the standard; be it ISO 9001 or ISO/TS 16949. Registrar’s auditors have very little actual authority to decide anything regarding a client’s registration. They collect data (evidence) and make recommendations. For those of you who use IQC’s RASI™ approach, you can recognize this as “Level 2” authority! One auditor threatened to “pull” the client’s certificate because some paperwork wasn’t in order.

Some auditors are great for consulting under the guise of telling you how it was when they ran plants/companies/departments, etc. Some misinterpret their own Registrar’s instructions. Recently, a client was told that the Registrar would no longer “accept” the client’s use of a checklist for Internal Audits. When checked, the Registrar said that their auditors could not use a checklist for an ISO 9001:2000 audit. Just a slight mistake.

These auditors have no authority to interpret these Standards. I am on the US TAG to ISO/TC 176, and I do not have the authority to interpret the Standard. Interpretations are voted upon by the T/C nation members. ISO/TC 176 is the only body who can interpret ISO 9001:2000. As far as TS 16949, only the IAOB can issue sanctioned interpretations. The role of the auditor is to determine if your interpretation is effective!

The second area of concern is for registrar’s auditors to “approve/disapprove” the clients’ outsourced quality management processes. Once again, they have no authority to do this. What can they check? Your process for selection and control of outsourced process providers – not the providers themselves, is all.

Third Party auditors do not have the authority to approve or disapprove a client’s outsourced trainer, auditor, consultant, plater, assembler, IT provider… . Yet, in some cases they do. So,

What can be done? First, tell the auditor directly that you disagree and do not accept the “finding.” Second, appeal to the Registrar. If those actions fail, file a complaint with the ANAB -- http://www.anab.org/ and click on “Complaints.” For TS 16949, you must contact the IAOB (www.aiag.org) and file a complaint.

Many organizations are fearful of doing this. They feel that a Registrar or auditor will “nit pick” them to death if action is taken. Would you suffer this from any other supplier? No. Your Registrar should be selected, evaluated and monitored just as you would any other supplier – can they meet your requirements, on-time? If not, it’s time to change registrars, or, where feasible, consider a Self-declaration of Conformity.

-- George Hummel, CEO
IQC, llc.
PS – if you have any questions or concerns, please contact me at george@4iqc.com

An option for ISO based standards, other than ISO Registration--posted by seth@4iqc.com, written/edited by george@4iqc.com

Self-Declaration – is it an option for you?

Many ISO 9001 registered companies are finding that registration / certification is not a requirement of their customers or is too expensive for the limited value received. Organizations exploring ISO 9001 as a tool for business improvement may wonder how the expenses for third-party audits can show a return on investment. Small companies may not even have enough extra cash to afford the expense. US Government contractors may be wondering how to demonstrate compliance without registration.

IQC, llc. has developed an approach and services to aid with self-declaration of conformity - SDoC. This self-declaration is appropriate for any organization that wishes to demonstrate conformance with the expense of registration. This program is recognized internationally due to the fact that it conforms to the guideline ISO 17050:2004: (http://www.iso.ch/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=35516)

The International Organization has recognized in ISO 9001:2000 that there can be an option other than registration for organizations. This approach allows the organization to publicize their conformity. IQC’s program provides a public, low cost, validation of that publication. However, this is not a program for those who just want to go through the motions – to achieve a self-declaration requires the implementation and maintenance of a compliant Quality Management System; the same as if the organization goes through 3rd party registration. The difference is that the organization makes certain documents public and IQC validates those documents.

This approach is available for organizations who wish to declare conformance to:

· ISO 9001:2000
· ISO 14001:2004
· ISO 13485:2003
· AS9100:2001
· ISO 17799:2002
· ISO 27000:2005
· ISO 14791:2003
· OHSAS 18001
· ISO 15161:2001
· ISO/TS 16949:2002 – Tier 2 & 3 Compliance (These organizations must be registered to ISO 9001:2000)

For further information and an application, please contact IQC sales at:
seth@4iqc.com, 937-673-3732, www.4iqc.com