QMT Features: October 2016
What has changed in quality auditing?
Experienced consultant Chris Eden* looks at how quality auditing has been subject to a seismic shift during his career

My own experience goes back to the Defence Standards through BS 5750 and then on to ISO 9001. This is the route whereby Quality Assurance standards have evolved over the years into the latest version which uses the ISO annex SL format (10 Sections). It is instructive to note that Quality Assurance has become Quality Management.

Quality Auditing has also changed to keep pace with the development in Standards.
Auditors covering the Defence Standards, AQAP and BS 5750 often set themselves a target number of non-conformities (NCRs) to report, and would continue auditing until they found the requisite number of NCRs. Their prime objective was to find areas of non-conformity. Many auditors prided themselves on the number of NCRs they could report.

Of course, once the auditor’s requirements were known It became common practice to leave a number of readily identifiable errors for the auditor to find. An audit became a battle of wits rather than an audit of the system. Audits were often unannounced and this resulted in NCRs being raised because personnel were not available; this was also very disruptive.

Training for auditors was a bit sketchy and it was quite normal for an organisation to send one auditor on a recognised auditor training course and then to expect that person to pass on the information to others; the message tended to get diluted and skewed after a while; think of ‘Chinese whispers’.

Other auditors became Registered with IRCA (International Register of Certificated Auditors) who require auditors to undertake auditor training and conform to a set of rules. Registered auditors have to undertake continual professional development to be able to renew their qualification on an annual basis.
The 1994 version of ISO 9001 made some changes in the way audits were carried out and these relied on the auditor checking each clause of the Standard against the quality manual in use by the organisation. It also introduced the requirement for auditors to be adequately trained and competent. External auditors would expect to see evidence/certificates of training for auditors.

When the 2000 version and its minor updates in 2008, was issued there was a change to the audit requirements; auditors were required to audit the processes, rather than the clauses of the Standard within the organisation; the prime requirement was to confirm that the processes were working correctly rather than just looking for non-conformities.

It was fine to have zero non-conformities and the practice of target numbers of NCRs was no longer used. Unannounced audits were discouraged as it became clear that prior notice would allow the organisation to have critical people present. The fear that organisations would correct any problems just before the audit were unfounded as any good auditor will see any attempt to fix problems and then hide all evidence that this has been done.

ISO 19011:2002 (Guidelines for Management Systems Auditors) was published. All auditors were required to undergo training to ensure that their knowledge of the revised ISO 9001 was up to date.
This Auditing Standard was updated in 2011; It was recognised that first/second party audits were quite different from third party audits. First party audits are those carried out on their own organisation (internal audits) and second party audits (typically audits of suppliers). Third party audits are carried out by Certification Bodies for awards of compliance certificates). Third part audits are now covered under a separate Standard ISO 17021 and are not discussed here further.

The ISO 19011:2011 Auditing Standard allowed audits to be carried out remotely by telephone or video conference, where this did not compromise the audit. Travelling for six hours to spend one hour auditing was always counter-productive. The Standard also requires that the selection and competence of auditors had to be evaluated.

The latest version of ISO 9001:2015 was a major change in the way the Standard was being operated, not only did it use a new format (Annex SL) but it made ‘risk thinking’ a major part. The requirement for procedures was no longer mandatory.

Auditors would be required to confirm that the requirements have been met by interview with top management. In some instances, audits will need to be longer as It may take time to gain information and evidence that actions have been taken and are effective. It became obvious that auditors would need to undertake transition training to the requirements of the new Standard in order to understand the changes and then apply this to auditing.

All auditors are required to transition to the new systems or lose the qualification. IRCA mandated that registered auditors had to attend a two-day transition course and pass the course elements before the deadline of September 2018 or the qualification would be withdrawn.
You can now view all QMT Magazine issues on your favourite tablet or smart phone.
Download the free Quality Manufacturing Today App from the Apple iTunes App Store or from QMT Magazine on Google Play.

Rob Tremain Photographer
Click above to see full page display and links to QMT articles.
Bowers logo
Mitutoyo logo
Control logo