|
Auditing is a means to establish the
extent to which performance meets the objectives for that performance. Over the
last 25 years however, it has been focussed simply on verifying that procedures
were being followed or standards complied with. If you are running a business it
is not helpful if an auditor tells you that you have not complied with certain
requirements unless he can also tell you what effect such non-compliance will
have on your business. Clearly audits focussed on legislation and regulations
where failure to comply may lead to prosecution under the laws of the land may
reveal non-compliance where your choice of action is limited. You either comply
or face the prospect of prosecution. With quality system audits the situation is
quite different. Correcting many non-compliances that in the past, ISO 9000
auditors have revealed will not necessarily add value to your organization.
There is often such an oblique link with performance that any added value is
impossible to imagine.
With the emergence of ISO 9000:2000
the style and approach to quality system auditing should change. The new
standard focuses on performance rather than conformity for the sake of it. A
quality management system is deemed effective if it enables your organization to
achieve the results you and your stakeholders expect. The auditors should
therefore be addressing performance issues.
Roger Brockway of UKAS in his paper
published in Quality World in May 2000 stated that "...there has been
disenchantment with ISO 9000 in the UK. It is seen as bureaucratic,
procedures-based and non-compliance focused. UKAS sees the new standard as an
opportunity to change this image - to show that ISO 9000 is a dynamic tool which
can help organizations achieve their objectives."
This clear message sends a signal to
all auditors to change their approach. If ISO 9000 is to be a tool which can help
organizations achieve their objectives it follows that the measure of its
success is the extent to which it does enable organizations to achieve their
objectives. The first place for the auditor to start is therefore to ascertain
what the organization's objectives are and whether they are relevant to the
needs and expectations their stakeholders. Secondly before moving on the auditor would
be very wise to ascertain what results the organization is currently achieving
and whether there is a match with the objectives. If the results are not being
achieved, the auditor can then ascertain whether there is an improvement process
in place that will drive the organization towards it goals. The auditor's next
task is to establish how the organization achieves these results (the effect). As results are
achieved through processes (the cause), it follows that the auditor should proceed to
examine the key processes and establish that these are being managed
effectively.
This is a new approach. It is not
based on deriving questions from a standard and pursuing an audit trail until
evidence of compliance or non-compliance is discovered. The auditor is not trying
to put a tick in every box on a check list. What the auditor should be trying to
do is quite simple. Establish that the organization is managing its processes
effectively. If it is not, then requirements may be found in ISO 9001:2000 to
demonstrate what is causing the gap in performance.
|
