But what is one to do, when maintaining certification such as ISO is necessary; and therefore complying with the appointed auditor’s findings is part of the process? Well let me explain your options and provide some insights that may help you turn an audit into a win-win situation.
Most standards, such as the ISO standards, SOX, etc. require that organizations be audited periodically to ensure that the organization’s management or financial system (whichever is being audited) has been effectively implemented and that it continues to meet the requirements of the standard. In essence the audit seeks to ensure that the organization is brought back to the path of conformity or compliance if there have been any deviations from the norm. Think of the path as being a winding road and the organization being a person in a bicycle who sometimes takes wider turns to meet those road curves. Sometimes the turns may be wider than others, and in some cases, the person may decide to cut through some of the road because another curve is coming up and it makes no sense to follow the curvy road. So the auditor’s job is to point out those specific times when the rider went too far off the winding road or actually make too severe short cuts that did not follow the path at all.
So if that is the auditor’s goal, then we are OK with that. The problem lies when the auditor ends up pointing out every time the rider (organizations) falls out a few inches from the road (requirement), which may be insignificant compared to the larger shortcuts or the real wide turns. But is that good or bad? Let’s look at this from both the auditor and the organization’s perspective.
First at all the auditors are just normal people, not fortune tellers, despite their usual powers to find the records nobody wants them to see. Auditors have a vast experience not just in auditing but they are also well versed in several industries, either by having worked there or by having audited them extensively. Auditors have significant training in auditing techniques and the majority of them maintain personal certifications by accredited bodies. Their training gets reinforced with every audit they conduct and of course with the periodic training they are required to take to maintain their certifications.
But besides all the above, auditors are just normal people, who have good hair days and bad hair days, who are really good at some things and could improve in others. Most auditors are true road warriors, who spend a lot of their time in planes and hotels away from the families. In fact having a first class seat is a consolation price for the hardship they endure in order to perform their work. All in all, auditors want to do a good job and help organizations improve, at least most of them do.
So in essence auditors may not always find or be able to point out those times where your organization took severe shortcuts, where your organization deviated tremendously from the requirements of the standard. In those cases they may be more prompt to point out those small or minutia nonconformities that you may call mickey-mouse. But the auditor may say that even minutia nonconformities could have underlying causes that may prove to be systemic issues. Auditors have to answer not only to the company they work for, but also to the bodies that have accredited those companies, and those bodies have strict rules for reporting. Therefore for an auditor a nonconformity is a nonconformity and writing a nonconformity as an observation can be easily picked up by an accreditation body as a failure on the part of the auditor to report a true nonconformity despite how insignificant it may be.
But as mentioned earlier, auditors do have bad hair days, thus your organization may be audited in one of those days. In that case, the auditor may not be able to see the big trees from the forest and may resort to pointing out the little weeds. Sometimes auditors are also distracted by either their own schedules or by your own organization’s changes or availability. I feel that when an organization tries to hide weak areas, they somewhat disable the auditor. Kind of like covering his eyes but giving him a pen and pencil to write. All the auditor can do is hear, but there is no much evidence to prove otherwise. This is by far a technique that hampers the success of the audit and the organization actually suffers because they miss the opportunity to find out true areas of improvement.
So the auditor wrote what seems to be a mickey-mouse nonconformity, what is the organization left to do?. First at all, if the organization does not agree with the nonconformity, they can always discuss that with the auditor and try to reach a better understanding or agreement. If a consensus cannot be reached, then the organization can always appeal to the auditor’s company. Most auditing companies have an established appeal process and therefore your organization’s stand against this so called minutia nonconformity will be reviewed and be taken care appropriately.
But what if you recognize that the minutia nonconformity is a true nonconformity but in light of all the challenges and day to day fires your organization faces, this nonconformity is a waste of time? Well you are going to have to answer, because once it has been declared a nonconformity, the auditor will come back in the following audit and look to make sure that no other incidents of the same minutia nonconformity have reoccurred…because if they do…your mickey-mouse nonconformity could truly turn into an ugly Godzilla and well, let’s just say at this point your certificate may be in jeopardy.
But going back to the benefits of the minutia nonconformity and your rights. I believe that the best approach is twofold: one, you should let your organization continue on its path of continual improvement and world-class practices, and that means closing all those loose ends. And as mentioned earlier, even a minutia nonconformity may open a case of worms, so finding the true root causes and taken care of them promptly should be your goal.
The second approach is for your organization to determine its key or critical processes or problem areas. These should be the ones you can ask the auditor to concentrate on. I’m not suggesting that he/she forgoes the audit agenda and only look at those key processes, but rather for the auditor to keep those in mind when auditing. In fact if you have an honest and open dialog with the auditor, you can suggest that you will be offering examples in a process that is being a problem for you. Whether you zoom in on a specific product or process, you should work with the auditor to ensure that the agenda is met, while focusing on the product or process that you feel can provide more areas for improvement. By doing this, you will surely avoid having minutia nonconformities in an area of your facility that is doing relatively well, while getting more feedback on areas that need more focus and are in dire need of attention. This will also help you get the best bang for your buck when it comes to paying an auditor to audit your facility.
Now that you have seen mickey-mouse nonconformities from two different perspectives, I hope you can see that they do have some value, but more importantly I hope you can also see what you need to do in order to get more value out of your audits. Remember that means being honest and open to the auditor to actually help the auditor do a better job and provide better findings to help your organization advance. Don’t forget auditors want to help your organization improve, they just have to do it through reporting of findings which sometimes include pesky little mice.
Miriam Boudreaux is the President of Mireaux Management Solutions, a consulting firm headquartered in Houston, TX. Mireaux’s products and services encompass ISO consulting, ISO Training, Internal Auditing, implementation of Web QMS platform and electronic QMS hosting.
To get in touch with Miriam Boudreaux, please contact her at firstname.lastname@example.org.