What leadership should know before coming face-to-face with a certification body auditor – by Jim Lee

Coming Face-to-Face with a Certification Body

Quality Managers should be happy about the new leadership and top management requirements in ISO 9001:2015.  It is now a requirement that the quality system be aligned with the company’s strategic direction; and the certification body auditors will be scrutinizing the company’s leadership for their involvement and support, beyond the management review meetings and establishing goals that support the quality policy. Those companies where the entire quality management system is placed solely on the quality manager are the ones that will feel the changes when the certification body auditors want to schedule time to talk with the executive team.

Importance Of Leadership

“Leadership” is one of the 7 quality management principles on which ISO 9001 is based and has been since the beginning of ISO. It’s now more enhanced with the phrases “top management” or “leadership” referenced 16 times, including Clause #5 titled “Leadership”.  Leadership at a variety of levels in the company should provide unity of purpose and direction, helping the company align its strategies, policies, processes and resources to achieve its goals. That’s a good quality system, and good business.

The company’s strategic direction (written or not) needs to encompass the quality management system.  This is accomplished through the new layout and requirements of the ISO 9001 standard for understanding context, the needs and expectations of interested parties, establishing the processes, setting the quality policy and establishing the objectives.  Are these really new requirements?  Maybe not, but there’s definitely more substance in the requirements to have top management involved and committed, and the quality system supported in the company’s strategic direction.

How will the third party auditors evaluate this when there are no requirements for a documented strategic plan, or a written context of the business, or documentation of who the interested parties are, or for managing risks? The auditors are going to have to talk to a lot of the management team to get a clear and reliable representation.  I wouldn’t be surprised if some auditors to set an agenda item to meet with the leadership team. They’ll want to see that the leadership is committed and connected to what’s happening in the business and whether the key processes of the quality management system are effective in meeting objectives. If not, then they’ll want to know that management is aware and taking actions to try to turn things around. They’ll want to learn where the risks exist and what’s being done about them, and how the leadership promotes risk-based thinking.  

The hard part for the certification body auditors will be that some of them will have difficulty auditing when no documentation is required. That’s why your company needs a consistent and clear story when documentation doesn’t exist.  

The majority of companies are already compliant with these requirements, but the leadership will be the ones that will have to answer third-party auditor questions to defend and justify what they’re doing.  As long as the leadership in your company is aware of the ISO expectations and can relate what your business does in answering the auditor’s questions, you will do fine.  I believe this will be the challenge for most of the executives who won’t know how to take credit for what they already do to satisfy ISO requirements, or don’t understand the auditor’s questions from ISO as it relates to their business.  

Educating the leadership and helping them understand the new requirements and how you already comply will help them be able to speak the right message when asked about context, interested parties, risk-based thinking, or strategic direction.

Jim Lee is President of simpleQuE Inc., an ISO 9001:2015 certified company. SimpleQuE is a medium-sized consulting, training, and auditing company of quality management systems with a focus on “quality excellence made simple”.  Jim is an IRCA certified QMS lead auditor, a former IATF certified IATF 16949 auditor, and a former RABQSA certified Aerospace Auditor and has performed 3rd party audits in the past.