My first ISO Audit-It still gives me nightmares!
There comes a time in every man’s (or woman) life when they have to face their fear, going on my first 3rd party assessment on my own was one of those fear-provoking moments which hits every auditor on their first assessment.
I remember the day vividly like it was yesterday but it was around 17 years ago now, I received my IRCA Lead Auditor certificate and thought I was ready to rock, I quickly realised that what I had learnt on the training course doesn’t reflect what happens in the real world scenarios.
The audit took place when the 1994 standard was going and the client was transitioning to ISO 9001:2000, I turned up nice and early and sat down with the Quality Representative and in walked the Managing Director. I had to perform my first real opening meeting and I used my checklist of things but I was just reading words from the checklist, they had no real meaning or feeling behind them. I just knew I needed to cover everything in that opening meeting which I did nervously but I didn’t really add any value to the process. Now after many years of practice I think I have nailed it and I can run through the meeting without any aids and can now relax myself and the client. I found it very useful to get the client to speak first, the client knows nothing more than their business so if you just ask them to give some basic background information on the business it helps to settle their nerves, gives me some insight into the business and also strikes up a rapport with the organisation. Then I can either ask a couple of little questions or get straight to the mandatory requirements.
After the initial shock of the opening meeting I began the audit, I always like to start with the Internal Audits and Management Review process as it gives me some insight into what has been going on within the organisation over the last twelve months. The problem I had is that they hadn’t done any internal audits and they didn’t perform a management review meeting, erm, what do I do now! Obviously, no internal audits being planned or performed was an easy non-conformance to raise and I raised this without hesitation. When we came to discussing the management review the client started to challenge me and asked why they need to do them as they know everything that goes on? I went on to discuss the process and what the standard asks and I was looking for a management review meeting. The standard doesn’t actually mention “meeting” so why did he have to do one? Good point, the standard doesn’t actually mention “meeting”, it just states that top management will review certain elements of the management system which everyone just interprets to mean they have to have a meeting about that. That’s what they taught me in the training so surely that’s what needs to be done? I focused myself and asked the client to demonstrate how they meet that element of the standard then, they went on to show me that he has a big pile of presentations that display all of the inputs that are in the standard and he knows everything about every one of them as he reviews them. He was right, he did actually know everything and had some action task lists in place which were his outputs. Wow, lesson number 2, read the standard carefully as people will interpret the standard differently to what you have either seen before or is the norm, it doesn’t mean they are wrong, be open minded!
As I went on with the audit I struggled to pinpoint what the organisation does and how it fits in with the standard, their industry (cleaning company) was not one of the scenarios I had back in the classroom. Where is the job card telling the cleaners what to do? There isn’t one so is that a non-conformance? Of course it isn’t, I needed to understand what the clause is asking (7.5.1 back then) and how do they apply this? Asking the question to the client would get a blank look on their face as they didn’t know the terminology of the standard, they just know how they do their job, it was up to me to see how that fits in with the standard. This is probably the hardest thing I learnt for the first year of auditing, understanding and appreciating the standard and knowing how to apply it to different industries.
The closing meeting for my first audit was awful, I won’t lie, I got destroyed by the client as I wasn’t prepared for confrontation. The Quality Representative had accepted all of my findings as I was raising them but the Managing Director did not. I was challenged on every single one and I struggled to defend my non-conformances as I wasn’t confident enough with what I was raising. I tended to go off and raise something without fully appreciating the business and operations of the business. They didn’t show me something that I saw in the classroom so it must be wrong! Now some of the non-conformances I defended but others I had to backtrack on as the Managing Director showed me some additional evidence of what he believed addressed the standard. I wasn’t too proud to admit when I was wrong and I adjusted my findings to everyone’s satisfaction. I learnt to push and challenge not only the client’s system but also my own findings, maybe what I believe is a shortcoming in evidence could be demonstrated in other ways. Auditors should not be afraid to challenge their own self-belief in what you think is right, and never be afraid to admit you are wrong.
The first year of auditing is the worst as you are learning so much about business, business operations and the standard itself. Today I can do it with my eyes shut and can apply the standard to any client I walk into, however, I never stop learning and I learn new ways and methods on each and every audit. Just because one machine shop does it one way, doesn’t mean another machine shop will do it the exact same way. Neither is right or wrong, they do what works best for them and it’s our job to ensure that what they are doing meets the standard requirements and intent.
Obviously an IRCA course is not going to give you every scenario possible but hopefully, they have given you enough knowledge to be able to understand how every clause requirement relates to each type of organisation. The trick and steep learning curve of every new auditor is to be able to ascertain how every requirement is being met in each type of organisation, it takes a good 12 months of solid auditing before you become that comfortable.
My Top Tip for New Standards
Read and understand the requirements of any standard you are auditing against fully. When I am auditing to new standards I like to pick one clause out of the standard for each audit and focus my attention on it fully until I have gone through the entire thing. Read it in depth and challenge your thinking around the specific words in the clause, understand what is being asked and why it is there and within a few months, you will be a master.
