state of the industry
Execution of remote audits has gained popularity.

Quality standards trace their roots back to the military. Decades ago, governments needed specifications to ensure that items procured from different vendors worked properly when brought together. Standards facilitate international trade by providing a common language with common expectations. They help companies identify precisely how they work, and they help organizations consistently implement the best way to run the business. The need for efficiency continues to influence the evolution of standards, because: “If you can measure something, then you can improve it.”

The first national quality management system can be traced back to the BS 5750 Standard introduced in 1970 by the United Kingdom. This provided the predecessor to ISO, the International Organization for Standardization, which introduced the ISO 9000 series in 1987. Today in the United States, the Technical Advisory Group (TAG) to TC 176 is responsible developing and for maintaining standards for quality system management.

ISO 9001 Certification 

The 9001 standard can be applied to any service or manufacturer. It is applicable to any organization, ranging from the one-person shop, to an international company. In many cases, ISO certification enables small organizations to cast a bigger shadow, by securing government contracts that require ISO certification as criteria for acceptance. Different standards apply to specific industries (Image 1).

ISO chart
IMAGE 1: ISO standards chart (Image courtesy of the author)

Standards Are Critical for Growth or Contraction 

During rapid expansion and growth, many companies struggle to maintain quality because it takes time to transfer skills to new employees. Similarly, during contractions or downsizing, expertise leaves the organization with workers (particularly now, as more than 10,000 baby-boomers reach retirement age each day). During the COVID-19 pandemic, many businesses have scaled back, while striving to maintain the same quality levels. Fortunately, standards protect organizational knowledge. They codify best practices in a way that can be shared with other workers.

The Certification Process 

Certifications are conducted by independent accredited certification bodies who assess and certify that companies (such as manufacturers, service providers, government agencies and other types of businesses) are meeting current standards.

ISO and AS9100 certifications last for three years. Each year, an annual check-in audit is required, but official “deep-dive” recertifications take place every three years. Companies seeking to obtain certification for the first time typically find their own certification body from referrals or online research. Once a relationship is established, annual audits are scheduled in an ongoing manner.

After an initial consultation with a certification body, a quote for audits for a three-year period is provided, the terms of the audit are discussed, and a contract between certifier and the business is signed. The certification body identifies an experienced auditor with expertise in the client’s industry. The audit dates are then scheduled, and detailed planning for the audit begins.

Initial interviews set the scope of certification, identify requirements, clarify the organizational structure, identify business processes and set certification goals. For companies with unique or intricate processes, it is imperative to identify these nuances up front, so that more time can be dedicated to them during the assessment. Some of the planning focused on areas where a client feels they need help. There is a direct correlation between pre-audit collaboration and the overall effectiveness of the audit, and this is one of the steps that can set one certification company apart from another.

Once the pre-audit planning is complete and the plan is set, auditors have traditionally performed an on-site visit to take a close look at the business processes and the workflows. Auditors are typically guided around a facility where they will interview employees, watch operations and review process-related records so that they can compare the actual practice to the planned process and to standard requirements.

Deviations observed from planned processes or contract requirements are considered non-conformities. These issues are documented in non-conformance Reports citing the evidence observed to substantiate them. Organizations seeking certification must address the issues, including corrective actions to prevent their recurrence. Common examples include: using expired material in a product; failing to calibrate instruments; deviating from client contractual requirements; failing to inspect work; failing to update records; or failing to record important data.

The point of certification audits is to independently confirm that the organization’s business system meets its own expectations, as well as the minimum requirements expected by the world, and also to identify potential areas of improvement. Certification assessments are not designed to tell companies how they should operate or improve, but rather, to verify the business operations against internal, customer and standard requirements, and also to identify anomalies or areas that can be improved.  Ultimately, a company’s management and personnel have the expertise to modify operations to correct their own issues.

The Role of Auditors & Certification Bodies

Certification bodies must themselves be accredited by the ANSI National Accreditation Board (ANAB) or other IAF-recognized body to be “internationally recognized and to be transferable.” However, just because a certification body is ANAB-accredited does not mean they are all equal. Auditing competency is critical, and it can vary from certification body to certification body. Auditors must be carefully vetted to ensure that they possess technical experience, have credentials demonstrating knowledge in assessment techniques and have personal characteristics that make the assessment experience supportive, precise and professional.

Auditors provide better value to companies when they perform assessments in a manner that advocates for their clients. If something catches their eye (which could be a red flag) there are multiple ways to investigate it, to discuss it and to ask clarifying questions that help the client understand and take accountability. Contentious assessments are often ineffective, because lines of communication and trust break down, which makes it harder to effect change. Legitimate findings should be calmly raised with appropriate evidence. The organization and the auditors should have the same goals, which are to demonstrate conformance and improve the success of the business.

The Evolution of Remote/Virtual Auditing During COVID-19

Every certification body requires a disaster plan, for weather-related incidents, pandemics or other man-made issues. This year, COVID-19 has created the environment to revisit, update and test these plans.

While some industries (such as aerospace), still mandate on-site assessments (with prescribed safety procedures such as masks, social distancing, and potential quarantine for auditors following the completion of the audit), the execution of remote audits, using information and communication technologies (ICT) has gained extensive popularity in today’s COVID-times.

For a long time, remote audits have been commonplace for certification bodies that went through the approval process with ANAB to assess companies with remote workers, or businesses like software development firms, where physical products do not reside on a shop floor and core business processes can be assessed using ICT. Remote assessments require that the certifier has defined and approved processes. They also require additional training for auditors performing these assessments.  And they require more up-front planning to ensure that the assessment is performed correctly.

This year, business practices of all types have moved their business operations to home locations to reduce the number of COVID cases and the risk of exposure. Accreditation authorities are approving certification bodies to conduct more assessments, remotely, including those with physical products at their facilities.

Thanks to today’s technology, it is possible to see what’s going on in a plant and connect to people working in various locations using collaboration platforms. Video cameras on phones feature the resolution needed to examine a shop floor, observe employees and evaluate processes-in-action.

Remote assessments can usually be completed in about the same time it takes to perform them on-site (and at less expense, given the reduction in travel for the auditing team). A good auditor controls what will be reviewed with cameras, and skilled auditors can accomplish this without the auditee even knowing it is happening. Random samplings for employee interviews and gathering unscripted information provides confidence in the assessment results.

In many respects, the methodology for assessments has not changed, but the collaboration between the lead auditor and organizational—before and during the assessment—is more important than ever.

Can Clients Hide Weaknesses in a Virtual Audit? 

Clients never know in advance what questions they will be asked. One of the biggest differences between certification bodies comes from the experience level (and the savviness) of their auditors.  Any client can try to manipulate an auditor, but savvy, experienced auditors know how to change their tempo and introduce checks and balances that ensure comprehensive, objective and reliable audits—even in a virtual fashion.

It is important to draw a distinction and realize that this is not a tax audit. The point is not to try and catch mistakes, but to demonstrate conformance and help companies fully analyze and understand their processes and correct them when they are not meeting requirements.

Benefits & ROI Associated With Audits & Certifications

Although certification is a non-negotiable requirement in many industries, there are numerous benefits that companies receive from the auditing and certification process, including: 

Process improvements that enhance (or restore) efficiency

Correcting process flaws is the primary benefit. If something is working sub-optimally, the best way to fix it is not to focus on the employee, but rather on the process. This examination involves comparing current processes to past processes to see if anything has changed that has allowed the system to fail. In most cases, it is not about catching an employee doing something wrong, but rather identifying an activity, or a series of steps that cause suboptimal performance. Audits provide a useful check-up that returns processes to maximum efficiency.          

Better employee training

Most employee inefficiencies observed are not the result of a lack of effort or motivation, but rather training. Often times, improvements to worker training programs result from an audit.

Improved communication

Audits enable companies to analyze themselves from multiple perspectives. Employees of all levels are interviewed. Many times, the best feedback comes from front-line workers. Employees typically come to work each day trying to do their best. But sometimes (particularly during times of change) when employees lack a clear direction for what upper management wants them to do, they are forced to guess or do things based upon hearsay. This can perpetuate mistakes and put effort into areas that are not valued by management. An all-encompassing audit fosters teamwork, a feeling of belonging, better communication and less frustration for personnel. It can also create (or restore) proper alignment between different parts of the organization.

Relationships with certification bodies

Relationships between companies and their certification bodies are an important part of the process - not for the purposes of ensuring quick and easy certifications, but more like a patient’s relationship with their doctor. The idea is to get an honest assessment that has the best interests of the business in mind. In order to help a company optimize its operations, and its relationships with customers, certification bodies (and their auditors) should take a customer-centric approach to help the business achieve its quality objectives.