ISO Audit Questions and Answers – Are All Audits (and Auditors) The Same?

Nov 16, 2015

Archived Blog & News

The content in this blog was accurate at time of publishing, however as standards (and the understanding of their application) change, some of this information may no longer be applicable.
If you have any questions on this or the other topics we’ve covered; please get in touch and we can discuss any queries you may have.

In an earlier blog , I tried to demystify the ISO Audit, and give some insight into ISO Audit questions and answers. I’m a former auditor myself, currently a Registered Lead Assessor, a sort of gamekeeper turned poacher, so do have some insider knowledge.

So, how much does your audit depend on the person you are assigned, rather like a driving test? Well, quite a lot, as I found out recently. But before this causes any further unease, let me explain how this potential variation is, or should be controlled:-

In the UK, the registration of most lead auditors is managed by, IRCA although strangely this is not mandated. To use the analogy of school, this means that the staff have to be qualified, and verified. The certification bodies are managed by the dreaded UKAS, a government body. Think of them as a sort of “OFSTED”, looking after general standards of delivery.

So, certification bodies (and their auditors) should provide a consistent service. All UKAS accredited certificates should give the same level of assurance about the approved company. However, occasionally I’m not so sure…

Two months ago I had a useful but unusual occurrence. Two of my customers had requested stage one assessments against ISO 14001 from two different certification bodies. The companies to be audited were quite similar, two members of staff working out of a single office, and both businesses were primarily involved in the management of subcontractors.

Company A had arranged their assessment with a small certification body usually known for their low prices, and use of subcontractors.

Company B had arranged their assessment with one of the U.K.’s large“big name” certification bodies, renowned for their full-time staff.

I had written their management systems, starting with ISO 9001 and now adding ISO 14001. In both cases they contained a single documented procedure bespoke to the business, reflecting their unique method of working. The remainder of both systems was essentially the same, the same document titles and content.

So,the two completely independent certification bodies,the same system, installed in a company of the same size. An exercise in comparision followed.

The assessor for company A arrived at the company at 9 AM, and started his assessment. At 11 AM he agreed that he had completed all tasks for the day and would go home to write-up this report. Two minor non-compliances were agreed prior to him leaving. The report arrived later that afternoon and the contents were as agreed.

The assessor for company B be also arrived at 9 AM conducted a standard opening meeting but the audit/document review itself really started at around 0930. Questioning was intense. Although a simple management system, the audit seemed to be based on the principle of “guilty until proved innocent”. We worked until around 16.30. He then went home to write his report. This arrived a few days later with some new non-compliances which hadn’t been agreed during the visit, causing additional negotiation with the auditor for the business and me.

Both companies gained ISO 14001 approval, of equal value in the marketplace. However, the journey to certification and the costs of approval were significantly different.

The man who left at 11.00 was ridiculously “soft touch”, and his audit was of negligible value. Despite him leaving site by 11.00, and getting home writing the report and mailing it back by 3PM the company were charged for a a full day on site.

Company B’s auditor was over-involved, lacked focus and took far too much time. Personally I’d want a middle path, where an audit is of value, reasonable time is taken, and there are no hidden surprises.

So, the ISO Audit questions and answers process can be far from straightforward, despite tight regulation from various bodies. For me, it’s a source of mild exasperation. One simple lesson from this exercise is pretty obvious I suppose – auditors are human, and the difference between them can be huge and varied.

And, of course, I was present to “hand-hold” during the whole process. So if you have had a poor experience during the whole ISO audit questions and answers process, please get in touch!. The hand-holding is metaphorical, of course…

Image Courtesy of Tyne & Wear Archives & Museums