The Silent Q (Auditing)

Following on from my take on the silent Q, I’m coming to considerations that have to be made by auditors in the supply chain…

Auditors cannot just be experts in “quality” or “safety” or “environment” (or “health” for that matter) or focus on compliance with a standard, be it ISO9001, OHSAS18001 or ISO14001.  Auditors need to be skilled in auditing irrespective of the standard.  They need skills for defining and agreeing clear terms of reference (ToR) for each audit, with a willingness to reach beyond a strict compliance mentality.  Compliance audits have their place but, when it gets down to assessing the ability to provide specific goods or services, compliance with the customer order, or even an international standard, may not be enough.  A compliance audit is only effective if the standards requiring compliance are explicitly and correctly defined.

Is it reasonable to expect the customer to be able to define the precise requirements of every critical supply?  Customers need to know operating envelopes but they cannot be expert in the details for everything.  Suppliers should be the experts in the details of their products and services, but does that relate to the actual operating envelope?  Yes, for mature products and services but I suggest it’s neither a reasonable nor safe assumption for frontier applications – those that stretch current technologies or practices.  These are applications that often expose organisations to high risk, with the double whammy of not being able to confidently assess the degree, or even precise nature, of it.

An auditor, therefore, might need to understand the business, the technology and a host of other aspects to a degree that would challenge a Time Lord!  An impossible state for mere mortals (and, despite rumours to the contrary, auditors are neither immortal nor infallible).  There is no easy answer and we have to develop better ways to use the people and skills available.

Key considerations when auditing in these circumstances are:

  • to consider leadership and communication;
  • to gain satisfaction there’s a clear direction to operations – not necessarily through a command and control, theory X mentality, but with well understood objectives aligned between customer and supplier;
  • to verify that key personnel are appropriately trained and their competence assured;
  • to realise that neither the audit nor the system being audited is perfect;
  • remaining flexible 9without losing focus).

Standard checklists are fine for standard audits, when it’s possible to predict what is needed, but not when we’re pushing back the boundaries.  A common complaint about certified quality management systems (QMS) has been that they focus on maintaining the status quo – often justified with off-the-shelf documentation but not necessary.  If the QMS has been developed for the organisation, however, this needn’t be the case.  Auditors have to be prepared to roll up their sleeves and dig into the system itself, not just the documentation and this is where process-based auditing has clear benefits, leading auditors away from a myopic focus on outputs.

Audits need to start well before the visit, even before the preparation, and establish clear terms of reference.  These need to address the customer needs, not only in terms of acceptability but also in managing findings.  By establishing the real need an auditor is better able to respond dynamically to the audit findings – as they are found – changing course but not losing focus on the objectives.

(Based on an article first published in IRCA Inform Issue 27, 2010, following the Deepwater Horizon incident in the Macondo oil field in the Gulf of Mexico to consider some of the challenges facing auditors).

(First published as a blog on 15th October 2011)