#29 – HOW STATISTICS FAILED REGISTRARS – UMBERTO TUNESI

Umberto Tunesi pixWhen they started charting ISO 9001 and ISO 14001 non conformances, european accreditation bodies and registrars became visually aware of what their auditors were telling them for a few years; that is, the majority of all non conformances recorded were against documentation control requirements – about 50 %.

Both official bodies started campaigning against this organizations’ misdemeanor by re-training their auditors, as if the auditors who warned them since the beginning were not aware of what happened and was happening.  Organizations simply did not intend to meet ISO’s requirements for document control, for some reasons, last but not least, most organizations did not feel a strict control of documentation was really necessary or value adding.

AUDITOR RETRAINING
The auditor re-training went as far that – in an audit to a Swedish-controlled ball-bearings making factory with some 1,000 employees – the lead auditor raised a major non conformance because the list of the people responsible for access to the locked cardboards containing records was not controlled.

As years went by, it became very clear that thinking in terms of correction and prevention,  most organizations interpreted ISO requirements in terms of containment only.  Therefore frustratingly just half of Deming’s PDCA cycle was implemented, that is correction and (subsequent) action.  It has to be said that ISO 9001 or ISO 14001 registered organizations were never brilliant to go one step further than doing the very minimum, as they felt the ISO registration imposed upon them by customers or stakeholders as compulsory.

So auditors had to be re-trained once more, this time on a more technical basis, hinting to risk management principles that they ignored and to which they had not been trained before.  Or, looking at it from another point of view, the interpretation of the severity of non conformances – in term of risk – the definition of corrective and preventive became so subjective that organizations became even more confused than before on determining the effectiveness of management systems.

QS-9000’s and ISO/TS 16949 FMEA gave the coup de grace to this already shaking process of management systems design and implementation, by pretending to conduct a very thorough analysis of things that could go wrong – or in other words conducting a  risk analysis.  In other words going as far as requesting that the analyses’ results be numerically rated and that FMEA’s had to be included in controlled documentation.

This simply closed the circle but despite the many and often intense warnings coming from lean field auditors, registrars blindly went their way ignoring actual facts.

Or in the best cases, showing to field auditors nice charts that did not tell to the auditors what they did not already know even if not numerically.  But these nice charts are broken spearheads, nothing more and nothing else.  They embarrass auditors because they make them feel guilty for not being able to put the matter right.

STATISTICS AND REGISTRARS
This is probably a very good example of a very bad use of statistics, and of very simple statistical tools.

Registrars did and still do not analyze the why’s for organizations not implementing corrective and prevention processes.

Let alone prediction or predictability studies:  We are now faced with ISO 9001:2015 risk-emphasizing approach.  Critical questions arise:

  • How will registrars train their auditors?
  • Will they give them a 206 questions check-list like the MMOG-LE?
  • Will they content themselves with the old-fashioned green / yellow / red – rated questions? Or will registrars put auditors’ specific skills at work, when a  – risky – rat is smelled?
  • Will auditors be empowered to hunt the rat and, eventually, cage it or kill it?
  • Or will auditors have to go back to the old days of documentation control?

POSSIBLE SOLUTION
Generally speaking, registrars need to build a more thorough knowledge and understanding of the management systems of their customers, of the context in which they operate, of their weaknesses and strengths: this can be expressed in statistical terms, of course, with the usual statistical tools.

In doing so, registrars can surely be helped by accreditation bodies that, along with establishing accreditation rules and basic registration rules, could and should define the fundamental management systems metrics to be measured and monitored.

But samples and their characteristics have to selected more carefully, and validated, to be statistically significant and to be of any help in detecting the risks intrinsic in any management system; and to prevent their adverse effects.

Leave a Reply

Your email address will not be published. Required fields are marked *