Remote Auditing

 

Audit, audit by exception

Q: I am a consultant and I have helped a dozen of companies receive certification to ISO 9001-2008: Quality management systems–Requirements. A recent client requested a specific registrar that is different than the one I have used before. That registrar states that per ANAB, the stage 1 audit must be conducted on site at the company being certified. My prior registrar claims that they do not know of this requirement. After a review of the documents and records sent to them, they conduct the stage 1 in a teleconference. Who is right?

A: No one can speak for ANAB and the requirements they have for certification bodies (CBs) for each standard except ANAB. For some standards, ANAB documents specifically state that stage 1 audits can be conducted on-site or remotely. However, in some cases, ANAB requires CBs to apply for accreditation to use Computer Assisted Auditing Techniques (CAAT).

I would recommend that a representative of the organization seeking certification formally ask for an explanation as to why remote auditing techniques cannot be used to conduct a stage 1 audit for conformity to ISO 9001:2008.

For more information about remote auditing techniques for internal and external audits you may want to consider reviewing material in the book eAuditing Fundamentals: Virtual Communication and Remote Auditing published by ASQ Quality Press.

J.P. Russell
ASQ Fellow, ASQ CQA
ASQ Quality Press Author
Member of the U.S. TAG to ISO/TC 176 on Quality Management and Quality Assurance
Quality WBT Center for Education/J.P. Russell and Associates
www.jp-russell.com

Related Content:

Browse the free, open access content below, or find more in the ASQ Knowledge Center.

Know and Follow ISO 19011’s Auditing Principles
Quality Progress

The auditing principles of ISO 19011 call for ethical conduct, fair presentation, professional care, independence, and an evidence based approach. The ethical conduct principle is realized throughout the standard because it is the cornerstone of auditing. Read more.

10 Auditing Rules
Quality Progress

Abstract:By following ten guidelines, auditors can significantly improve the effectiveness of audits. Read more.

The Future of Quality Management Research
Quality Management Journal

Members of the Quality Management Journal editorial board share their insights on the future of quality management research. Read More.

Explore the ASQ Knowledge Center for more case studies, articles, benchmarking reports, and more.

Browse articles from ASQ magazines and journals here.

Rescheduling an ISO 9001 Surveillance Audit

Schedule, calendar, timeline

Q: Our organization had its last external (third party) audit in December 2011 for ISO 9001:2008 — Quality management systems — Requirements. We planned to have our next audit the week of November 26, 2012, but the auditor has become ill and cannot come at that time.

Do we need to have our surveillance audit within one year of the last audit? I am considering rescheduling for the first quarter of 2013.

A: Thank you for contacting ASQ’s Ask the Experts.  With regard to your inquiry, surveillance audits are usually conducted by most registrars on an annual basis.  Your registrar has complete responsibility for ensuring the availability of their audit staff to conduct these audits as they are required.

In the event that no other auditors can be provided by your registrar, it would be their responsibility to ensure the audit is rescheduled to another mutually agreed upon date and, if necessary, extend your organization’s ISO 9001:2008 certification status as appropriate.

Your organization’s ability to maintain to an active QMS certification status should not be dependent upon the availability of the registrar’s auditor.  I recommend that you contact your registrar to confirm the next date for your surveillance audit.

I hope this helps.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com

Related Content:

ISO 9000 and Organizational Effectiveness: A Systematic Review, Quality Management Journal, open access

The authors conduct a systematic review of empirical studies of the ISO 9000 standard’s impact. Most of the reviewed studies focused on positive impacts. This review highlights the need for more critical and diversified approaches to examining ISO 9000. It also reveals some of the practical implications of ISO 9000 for managers. Read more.

ISO Survey Reveals Increase in QMS Certifications, Journal for Quality and Participation, open access

According to the ISO Survey of Certifications, the numbers of ISO 9001:2008, ISO/TS 16949:2009, and ISO 13485:2003 certifications all increased in 2010. Over 1.1 million ISO 9001:2008 certifications had been awarded by the end of 2010, representing a four percent increase over 2009. Central and South America saw an 11 percent increase in ISO 9001 certifications, while 18 percent of certifications in Africa and West Asia were lost in 2010. The Far East represented the largest share of the increase in ISO/TS 16949 certifications, and Africa and West Africa saw the largest percentage increase in ISO 13485 certifications. ISO 13485 was also the only certification that saw growth in North America; North American certifications for the other two standards declined in 2010. Read more.

 

ISO 9001:2008 and Reasons to Obtain Third-Party Certification

Reviewing confidential files, training records, human resources files

Q: I have a question regarding an excerpt about ISO 9001:2008 — Quality management systems –Requirements, from the ISO webpage, which is below:

“…Although certification is not a requirement of the standard, the quality management systems of about one million organizations have been audited and certified by independent certification bodies (also known in some countries as registration bodies)…”

Our ISO 9001 quality management system (QMS) has been registered through third-party audits since 1994. But according to this statement, we should be able to represent ourselves as an ISO 9001 organization by simply meeting the requirements of the standard. These requirements, of course, don’t require third-party certification.

Is this the case? If not, isn’t the statement on the website misleading, in as much as certification is an implicit requirement of the standard?

A: I am a U.S. Technical Expert for ISO 9001 and associated QMS standards, have been involved with QMS standards since 1975, and I am a coauthor of ISO 9001:2008 Explained, Third Edition from Quality Press as well as a co-editor of the ASQ ISO 9000 Handbook, also from Quality Press.

You are correct when you state, “we should be able to represent ourselves as an ISO 9001 organization by simply meeting the requirements of the standard. These requirements, of course, don’t require third party certification.” Many organizations use ISO 9001 as the basis for their quality management system without engaging in third-party audits. If you want to claim certification, I guess you could claim that you are “self-certified,” but I am not sure this would mean anything to anybody.

There are a variety of reasons for incurring the cost associated with obtaining an ISO 9001 certification:

  • Internal use: Many do this based on a perception of market advantage and use the certificates in advertisements promoting their goods and services. Some organizations use third party audits and certification to verify for their own management the adequacy of their quality management system.
  • Supplier qualification: The historical use for a quality management system standard is as a basis for qualifying the quality management system of suppliers. Development of quality management system standards dates to the 1950s. One of the early standards of this type was MIL-Q-9858A used by the Department of Defense for use in qualifying some of their suppliers.

Today, ISO 9001 is widely used as a qualification requirement for suppliers in many different product and service sectors. The automotive, aerospace, telecommunications and other industries have sector specific versions of ISO 9001 that are used with suppliers. These all require third-party certification.

  • Regulatory requirement: The European Union, FDA, Japan, Australia, Canada and many other countries use ISO 9001 as the quality management system for meeting certain regulatory requirements. Some regulatory bodies require third-party certification, others conduct their own audits (second-party audits) to verify compliance.

Bottom line: you should determine for yourself if you have a need for certification to ISO 9001 and act accordingly.

Joseph Tsiakals
Voting member of the U.S. TAG to ISO/TC 176 on Quality Management and Quality Assurance (ASQ)
Voting member of the U.S. TAG to ISO/TC 210 Quality Management and Corresponding General Aspects for Medical Devices (AAMI)

More content about the value of quality management systems and auditing are available from the ASQ Knowledge Center:

Explore more.