Back in July 2014, prior to the release of ISO 9001:2015, Richard Green, former head of IRCA Technical Services, stated he believed that the changes to ISO 9001:2015 meant there would be a transition in the auditor's role from 'auditor' to 'assessor'. Green highlighted that auditors will increasingly need to deal with 'shades of grey; and 'new evidence sources will need to be examined.' Read more on this: ISO 9001:2015 Next Generation Auditing Whitepaper.
Two years down the road, ISO 9001:2015 has been released and many organisations have transitioned to ISO 9001:2015. But how have auditors coped with the new changes? Have the changes been logical? And what are the challenges internal auditors are now facing?
We asked Richard Green to share 5 of the main challenges internal auditors now must face. We've cut up the interview so you can watch all 5 videos in under 10 minutes.
Changing role of the auditor:
#1 A Box-Ticking Exercise
Moving from procedure based auditing to process based auditing requires a more informed and analytical process. Colin Partington, a Quality Management Consultant and ISO 9001 expert said in 'Next Generation Auditing' this will drive a cultural shift from procedure auditing where 'findings are discovered, corrective actions and made, and ultimately, boxes are ticked, to a more analytical approach which focuses on process auditing.'
So, is there still a perception that ISO 9001 is a box-ticking exercise? Richard Green shares his thoughts:
"In those organisations which were properly embracing quality,I think you find that the leaders were already meeting the new ISO 9001:2015 standard, because it was previously implied that they should be doing it. It was not explicit, but it was very much implied."
- ISO 9001 makes top management responsible and accountable for carrying out a certain number of activities themselves.
- Clause 5.1.1. gives you a list of top management activities that they need to be involved with. Some of those they can delegate, but there are some of them that they can not delegate.
- This is all designed to bring people at the highest levels into the quality management system. No longer can it centre around the quality management representative.
- Leadership must promote a process approach and they need to understand how all processes fit together.
- There are also requirements around risk.
- Leadership now need to make decisions around whether the system is effective. And if the system is not being effective, they must act to make sure that the quality management system is effective.
- It has come as quite a shock for some organisations but the changes are logical.
#2 Moving from Procedure to Process Based Auditing
Clause 4.4 and 6.6 in ISO 9001:2015 states that auditors need to look at the processes of the organisation and check that the organisation is monitoring, measuring and evaluating them to determine how effective they are in helping the organisation to achieve the desired outcomes. This requires process based auditing.
In 'Next Generation Auditing', Colin Partington, Quality Management Consultant and ISO 9001 expert says:
“Process based auditing is more about following through a trail by taking a job from start to finish and reporting what is seen as it passes through the various departments. By taking this approach, a number of clauses can be covered in one audit.”
So how are auditors coping with the new challenges? Richard Green explains in this video:
- Things are now less clear cut than they used to be.
- Context is amorphous - your perception of context is different from the auditor’s interpretation.
- There needs to be a discussion between the auditor and the commonality of view. I think the challenge for auditors, especially checklist auditors, is that now there is quite a lot of things which are grey.
- It used to be black and white, but this has disappeared. That is where the assessor comes in.
- There now needs to be judgment calls based on objective evidence that they see."
#3 Leadership Buy-in
ISO 9001:2015 requires senior management to take accountability for the effectiveness of the quality management system. As stipulated in ISO 9001:2015 5.1.1 Leadership and Commitment for the Quality Management System, 'Top management shall demonstrate leadership and commitment with respect to the quality management system.'
This means that top management must ensure the quality management system is effective and that it delivers real business improvement.
But are auditors getting the buy-in they need from top management? And are top management listening to their internal auditors as much as they should be?
Richard Green explains in this video:
- Internal auditors are the most valuable auditors out there.
- It is not your external auditor who perhaps comes in once or twice a year who has a look at your business. Internal auditors understand the business, the standard processes, they know where the weaknesses are.
- Too often you see internal auditing is a secondary part of the role.
- The organisation and top management need to recognise the real worth that lies in their internal auditors and they need to nurture, develop and make use of their insight.
- These are the people who are completely familiar with the business management system and can significantly impact the bottom line, if you listen to what they are saying.
- It is a continuous feedback loop."
#4 Challenging top management
In 'Next Generation Auditing', Richard Green said:
"Going forward, assessors are going to need to be able to speak the language of the Boardroom. They will need to engage with top management regarding strategy and context, not minor operational matters. They will need to feel comfortable challenging individuals at this level."
But are auditors comfortable challenging top management? What about when they have to deliver bad news? Richard Green shares his thoughts:
- Auditors have always had to deliver bad news.
- It is more challenging when bad news is not directed at quality managers and it is being directed to those at the helm of the business.
- Of course, culturally, in certain parts of the world, the very notion of challenging what top management do is completely alien.
- It's going be difficult and take a while for auditors to find their feet.
- In terms of how we go about doing that, for instance in the whole issue around reporting. The skills that we see set out in ISO 9011, in terms of the approach of auditing, diplomacy and tact are all coming into the forefront now.
#5 Training to meet new requirements
Colin Partington, Quality Management Consultant, said in 'Next Generation Auditing':
"Many auditors come to me overwhelmed with increasing commercial pressures and time constraints. Such issues can result in constrained or irrelevant information being delivered to senior management.
To rectify this, as stated in ISO 9001:2015 4.1, Understanding the Organisation and its Context, the auditor must understand what the organisation does and what influences there are upon the organisation. How the auditor will establish these factors needs to be considered, almost certainly needing the top management to be interviewed to discover these."
This requires a whole new skill set. So are auditors getting the training they require to meet the new requirements? Richard Green shares his thoughts:
- When we saw the new version of ISO 9001:2015, the requirements were significantly different for auditors in terms of their skills set.
- CQI's transition courses now actually lasts two days.
- 85% of this course focuses on skills and behaviours.
- Auditors need to be able to interpret all the diverse evidence sources, which are going to require upskills and its raising the bar.
Want more information about ISO 9001:2015? Download the toolkit.