I’m quite a novice in risk audits, though I have twenty years experience in quality audits and fifteen in quality inspections.
I think that audits’ basics – or sound-track – are the same, be they quality, risk, financial audits. Auditors are usually – and officially welcome, treated like princes. As a colleague of mine once said, they’re told their work is most useful but – in the end – auditors and audits are a nuisance, even to the top management who might ask for them to investigate deep in the company’s business.
Any audit is an examination. Any auditor – when good enough – is an examiner, a doctor who looks straight into your eyes and tells you the sins that you’ve done.
This is why there aren’t so many good auditors and audits. It takes courage to tell somebody who pays you that he has done wrong.
MY AUDITING CAREER
I was enthusiast when I started my quality inspection career, that I later developed into an auditor. But, after many inspections and many audits, the enthusiasm faded away. More exactly, it grew to a kind of passion for observing audits and auditors, and analyzing how audits were – and are being – done, and auditors’ behavior, too.
I’m in no position to list auditors’ do’s and do not’s but I can certainly list the key features of my own way of doing audits, a list that I hope will be of help to you.
I’m an audit ‘lark’. I start early in the morning and I finish early in the afternoon. I dislike auditing night shifts. I find it a useless formality, unless they’re carried out at four or five a.m., that is, when people do really sleep.
I’m concise, I don’t like long talks or explanations or the usual blah-blah. When I ask for a question I want an answer, not a story. Most people find I’m not sympathetic to them in behaving this way.
I don’t like excessive paperwork, too. An audit plan is what it is, it’s seldom read by the auditees and even more seldom implemented. Either an audit plan or the audit initial meeting: both of them mean useless redundancy.
I also do not like that auditors do their work on an informal basis. Audits are technical surveys, auditors must focus on critical technical matters. Though it cannot be always easy: it happened to me in Egypt, I confess. I had to audit the human resources management process that – as often happens – is governed by ladies. I had four ladies in front of me, one of which was simply as beautiful as Venus. I couldn’t but stop short the interview, I couldn’t speak a word: was it even an audit?
AUDITING QUALITY AUDITORS
Field auditors need to be audited. Monitoring is certainly necessary when they’re ‘young’ auditors, but not always necessarily so. I’ve met and worked with ‘seasoned’ auditors who were so used to work according to their own rules that they didn’t recognize that the world had changed.
IMPLEMENTING ISO 9001: 2015
In implementing ISO 9001:2015, we are facing a double risk: that quality auditors will ‘invent’ themselves as risk auditors, and vice-versa.
I think it will be easier for risk auditors to develop to quality auditors. Tte most advanced quality standards – e.g. automotive – already emphasize risk management. On the opposite, quality auditors are still too limited by the ISO formal requirements, which makes it difficult to have an open vision of a company’s risks.
ISO 9001 has always required conformity to specifications; now it requires to identify the risks that can affect customer satisfaction but does not say how. Nor it says how to find out what risks within the organization will affect customer satis fact ion and how.
My guess is that Registrars (Certification Bodies) will have to roll up their sleeves and not only train “once for all” their auditors but to monitor and audit them very carefully.
Miriam Boudreaux, on the latest issue of Quality Digest Magazine, puts forward the issue of ISO 9001 certificates validity: I fully agree with her but it’s not only a question of validity, is much more a – worrying – question of credibility.
ISO 9001:2015 will raise quite a fuss with its focus on Risk.