by Robert H. King Jr.
Contrary to what alarmists
with an interest in fueling controversy might say, ISO 9001
is still on the rise--and with good reason. The standard
is capable of producing the desired results (i.e., consistent
quality in goods and services globally), and its full potential
is yet to be realized.
Organizations registered to ISO 9001 are widespread, and
their numbers continue to grow. These companies implement
the standard for a variety of reasons, and some businesses
are better than others at anticipating the ultimate benefits.
An organization seeking the greatest value from registration
needs its top executives to support the effort. They must
think of quality as a strategic issue and understand the
role quality management systems play in organizational survival
and growth.
Regrettably, many organizations probably don’t realize
ISO 9001’s potential. It’s no wonder, then,
that some of them have decided not to upgrade to the newly
revised standard. Still, the most common reasons for not
upgrading have little to do with lack of value. Rather,
they include the need to conserve resources during an economic
downturn, no customer requirement to maintain registration,
and plans to transition to sector standards or consolidate
multiple registrations. Nonetheless, predictions of negative
growth in ISO 9001 registrations seem misplaced.
Worldwide, there are more than half a million ISO 9000
registrations. Data contained in the 12th edition of The
ISO Survey of ISO 9000 and ISO 14001 Certificates indicate
that at the close of 2002, at least 561,747 certificates
of conformity to ISO 9000 standards had been issued, an
increase of 10 percent from the 2001 total. The number of
certificates issued to ISO 9001:2000 more than tripled from
2001 to 2002, representing 30 percent of the overall total.
These numbers affirm the value of management systems registration
and indicate a higher-than-expected percentage transitioning
to ISO 9001:2000.
In the United States, the complex system of third-party
auditing and management systems registration has no doubt
led to misunderstandings among stakeholders. Media predictions
of the decline and imminent failure of ISO 9000 help to
fuel confusion. One unfortunate result is that some parties
have exploited these misunderstandings to gain competitive
advantage.
After the ISO 9000 series of standards for quality management
systems was adopted in 1987, a global conformity-assessment
system evolved. As the business community recognized the
value of conformance to the standards, demand grew for third-party
registration as a means of establishing objective evidence
of conformance. And as the number of registrars increased,
a similar demand arose for evidence of their competence.
This led to the forming of national accreditation bodies,
including the ANSI-RAB National Accreditation Program in
the United States.
The International Accreditation Forum was formed to coordinate
the evolving third-party conformance assessment system internationally.
IAF, which represents 39 accreditation bodies in 35 countries,
develops for registrars and accreditation bodies uniform
professional norms of interpretation and practice (known
as IAF Guidance) on applying ISO/IEC guides.
Third-party QMS auditing and registration is based on
ISO 9000, and ISO 19011 for management and environmental
systems. ISO/IEC Guide 62 and IAF Guidance establish requirements
for registrars. The standards and IAF Guidance require that
registrars manage auditors and the audit process to ensure
competence, consistency and uniformity. Accreditation bodies
confirm that registrars and their auditors are competent.
Every registrar accredited by the ANSI-RAB NAP must abide
by the same procedures and meet the same criteria, including
specific requirements for auditors’ competence and
training. The NAP witnesses registrar audit teams conducting
audits and audits each registrar’s system documentation,
records and files. NAP auditors conduct extensive office
and witness audits of registrars for initial accreditation
and for re-accreditation every four years. They also conduct
annual office and witness audits. Witness audits represent
an in-the-field examination of the registrars’ auditing
and registration practices at facilities seeking registration.
As with audits of organizations by registrars, NAP audits
sometimes expose nonconformances. When this happens, the
registrar is expected to implement effective corrective
action within a reasonable time period, commensurate with
the severity of the nonconformance report. As with organization
audits by registrars, the auditee (here, the registrar)
may appeal. The NAP requires formal evidence to close out
any nonconformances and examines the effectiveness of corrective
action during future audits.
The NAP QMS Council reviews the results of audits and
makes decisions on initial accreditation and re-accreditation.
If the results of re-accreditation audits indicate serious
nonconformance by any registrar, the QMS Council can decide
to suspend or withdraw ANSI-RAB NAP accreditation. The QMS
Council also develops and approves accreditation procedures
and issues additional guidance in the form of ANSI-RAB NAP
advisories as needed.
The Registrar Accreditation Board has, on occasion, been
credited with greater influence than it actually wields.
The RAB is a partner with the American National Standards
Institute in the ANSI-RAB NAP. The NAP is governed by independent
QMS and EMS councils, and the RAB is its operational arm.
The NAP manages accreditation auditors and the audit process,
and investigates complaints from anyone about anybody in
the system--registered companies, registrars and registrars’
auditors.
The NAP monitors registrar auditors’ performance
on the basis of sampling and requires that different auditors
be evaluated during witness audits throughout the registration
cycle so that a greater number of auditors are observed.
The registrar, for its part, must provide evidence that
it continues to monitor its auditors.
Continuity of auditors, whether employees or contractors,
is an important consideration for assessing improvement
of a QMS from audit to audit. Indeed, many organizations
perceive audit staff continuity as a key to promoting the
continual improvement that results from the surveillance
audit process. Thus, some organizations force registrars
to provide continuity of auditors, and NAP auditors assess
this during audits. As an example for registrars, the NAP
assigns an executive audit team leader to each registrar
for the duration of the accreditation cycle.
The NAP is required by ISO/IEC Guide 61 to have a formal
complaint process, and client organizations can report on
unprofessional or unethical behavior by auditors easily
and without fear of reprisal. This system for investigating
complaints includes reporting to those filing complaints
the conclusions of NAP’s investigation and actions,
within the constraints of confidentiality requirements.
The numbers and categories of complaints are reported on
the RAB’s Web site. Anyone can file a complaint against
a registered organization, registrar, auditor or the NAP
using forms on the site.
The NAP’s primary interest has always been to uphold
the integrity of registration. In light of recent financial
accounting scandals in the United States, the potential
conflict of interest inherent in packaging consulting and
registration services by registrars and related bodies has
received increased scrutiny. Within the last year, the NAP
has issued two new advisories in response. Advisory 29 elaborates
on the IAF prohibition on joint marketing of consultancy
and registration. Advisory 31 reinforces the requirement
for impartiality in the registration process expressed in
Guide 62 and IAF Guidance, and it prohibits a registrar
from issuing a certificate to any organization “to
which a related body has provided management systems consultancy
within two years following the end of the commercial relationship
between the related body and the organization.” The
two-year requirement has already been implemented in sector-specific
requirements of the automotive and aerospace industries.
Anyone claiming the NAP ignores conflicts of interest
by its registrars hasn’t been paying attention in
recent months to information published on the RAB’s
Web site and by independent media serving the conformity
assessment community. The NAP QMS Council has found it necessary
to withdraw NAP accreditation from a registrar and impose
suspensions within sector scopes on other registrars found
to have engaged in a conflict of interest. It’s clear
that the NAP will vigorously combat registrar violations
to maintain integrity in the system.
Providing value to users of the third-party system is
an ongoing NAP objective. It promotes ISO 9000 as a strategic
business tool through its registrars, its involvement in
IAF, presentations to stakeholders, the conformity assessment
media and its own publications. The NAP works with the Independent
Association of Accredited Registrars and industry groups
to ensure it understands and responds to their needs and
the needs of their customers. The NAP also works cooperatively
with other national accreditation bodies to add value. It
recently signed a Multilateral Cooperative Accreditation
Arrangement with Japan’s accreditation body to “provide
for the recognition of the acceptability of the results
of each party’s assessment and accreditation program
based upon the determination of equivalence.” The
MCAA was written with the express intent of adding other
national accreditation bodies as parties to the arrangement.
Independent of the ANSI-RAB NAP, the RAB operates programs
for auditor certification and accreditation of auditor training
courses. To ensure the abilities of those who earn its auditor
certification credentials, the RAB requires demonstrated
auditing experience, except for the Provisional Auditor
grade. RAB-certified auditors are required to abide by an
explicit code of conduct.
Auditor certification, like organization registration
and registrar accreditation, is voluntary. As certified
auditors demonstrate greater competence and consistence,
market forces may drive organizations or registrars to demand
certified auditors. Registrars aren’t required to
use certified auditors, but many do.
ISO 9001 is flexible enough to be applicable and useful
for any size and type of business, as demonstrated by the
number and variety of registered organizations. Implementation
really helps improve quality if the effort is driven by
top management and aligned with strategic goals. But although
the potential benefit from implementing ISO 9001 is considerable,
many organizations require more effort.
The benefits of implementation depend on many variables.
If the goal is simply to do the minimum to gain registration,
results are likely to be limited. Organizations seeking
the maximum benefit will satisfy the full intent of the
standard, aligning their QMSs with strategic goals and meeting
internal needs rather than just external requirements. Just
as the IAAR looks to the NAP to provide value in the accreditation
process, smart organizations among those seeking registration
demand and receive value from their registration.
Robert H. King Jr. is president and CEO of the Registrar
Accreditation Board. Before joining the RAB in January 2002,
King was a vice president for Bayer Corp.
|