by Robert H. King Jr.

Contrary to what alarmists with an interest in fueling controversy might say, ISO 9001 is still on the rise--and with good reason. The standard is capable of producing the desired results (i.e., consistent quality in goods and services globally), and its full potential is yet to be realized.

Organizations registered to ISO 9001 are widespread, and their numbers continue to grow. These companies implement the standard for a variety of reasons, and some businesses are better than others at anticipating the ultimate benefits. An organization seeking the greatest value from registration needs its top executives to support the effort. They must think of quality as a strategic issue and understand the role quality management systems play in organizational survival and growth.

Regrettably, many organizations probably don’t realize ISO 9001’s potential. It’s no wonder, then, that some of them have decided not to upgrade to the newly revised standard. Still, the most common reasons for not upgrading have little to do with lack of value. Rather, they include the need to conserve resources during an economic downturn, no customer requirement to maintain registration, and plans to transition to sector standards or consolidate multiple registrations. Nonetheless, predictions of negative growth in ISO 9001 registrations seem misplaced.

Worldwide, there are more than half a million ISO 9000 registrations. Data contained in the 12th edition of The ISO Survey of ISO 9000 and ISO 14001 Certificates indicate that at the close of 2002, at least 561,747 certificates of conformity to ISO 9000 standards had been issued, an increase of 10 percent from the 2001 total. The number of certificates issued to ISO 9001:2000 more than tripled from 2001 to 2002, representing 30 percent of the overall total. These numbers affirm the value of management systems registration and indicate a higher-than-expected percentage transitioning to ISO 9001:2000.

In the United States, the complex system of third-party auditing and management systems registration has no doubt led to misunderstandings among stakeholders. Media predictions of the decline and imminent failure of ISO 9000 help to fuel confusion. One unfortunate result is that some parties have exploited these misunderstandings to gain competitive advantage.

About the third-party system

After the ISO 9000 series of standards for quality management systems was adopted in 1987, a global conformity-assessment system evolved. As the business community recognized the value of conformance to the standards, demand grew for third-party registration as a means of establishing objective evidence of conformance. And as the number of registrars increased, a similar demand arose for evidence of their competence. This led to the forming of national accreditation bodies, including the ANSI-RAB National Accreditation Program in the United States.

The International Accreditation Forum was formed to coordinate the evolving third-party conformance assessment system internationally. IAF, which represents 39 accreditation bodies in 35 countries, develops for registrars and accreditation bodies uniform professional norms of interpretation and practice (known as IAF Guidance) on applying ISO/IEC guides.

Third-party QMS auditing and registration is based on ISO 9000, and ISO 19011 for management and environmental systems. ISO/IEC Guide 62 and IAF Guidance establish requirements for registrars. The standards and IAF Guidance require that registrars manage auditors and the audit process to ensure competence, consistency and uniformity. Accreditation bodies confirm that registrars and their auditors are competent.

Every registrar accredited by the ANSI-RAB NAP must abide by the same procedures and meet the same criteria, including specific requirements for auditors’ competence and training. The NAP witnesses registrar audit teams conducting audits and audits each registrar’s system documentation, records and files. NAP auditors conduct extensive office and witness audits of registrars for initial accreditation and for re-accreditation every four years. They also conduct annual office and witness audits. Witness audits represent an in-the-field examination of the registrars’ auditing and registration practices at facilities seeking registration.

As with audits of organizations by registrars, NAP audits sometimes expose nonconformances. When this happens, the registrar is expected to implement effective corrective action within a reasonable time period, commensurate with the severity of the nonconformance report. As with organization audits by registrars, the auditee (here, the registrar) may appeal. The NAP requires formal evidence to close out any nonconformances and examines the effectiveness of corrective action during future audits.

The NAP QMS Council reviews the results of audits and makes decisions on initial accreditation and re-accreditation. If the results of re-accreditation audits indicate serious nonconformance by any registrar, the QMS Council can decide to suspend or withdraw ANSI-RAB NAP accreditation. The QMS Council also develops and approves accreditation procedures and issues additional guidance in the form of ANSI-RAB NAP advisories as needed.

RAB’s role

The Registrar Accreditation Board has, on occasion, been credited with greater influence than it actually wields. The RAB is a partner with the American National Standards Institute in the ANSI-RAB NAP. The NAP is governed by independent QMS and EMS councils, and the RAB is its operational arm. The NAP manages accreditation auditors and the audit process, and investigates complaints from anyone about anybody in the system--registered companies, registrars and registrars’ auditors.

The NAP monitors registrar auditors’ performance on the basis of sampling and requires that different auditors be evaluated during witness audits throughout the registration cycle so that a greater number of auditors are observed. The registrar, for its part, must provide evidence that it continues to monitor its auditors.

Continuity of auditors, whether employees or contractors, is an important consideration for assessing improvement of a QMS from audit to audit. Indeed, many organizations perceive audit staff continuity as a key to promoting the continual improvement that results from the surveillance audit process. Thus, some organizations force registrars to provide continuity of auditors, and NAP auditors assess this during audits. As an example for registrars, the NAP assigns an executive audit team leader to each registrar for the duration of the accreditation cycle.

The NAP is required by ISO/IEC Guide 61 to have a formal complaint process, and client organizations can report on unprofessional or unethical behavior by auditors easily and without fear of reprisal. This system for investigating complaints includes reporting to those filing complaints the conclusions of NAP’s investigation and actions, within the constraints of confidentiality requirements. The numbers and categories of complaints are reported on the RAB’s Web site. Anyone can file a complaint against a registered organization, registrar, auditor or the NAP using forms on the site.

Ensuring integrity and adding value

The NAP’s primary interest has always been to uphold the integrity of registration. In light of recent financial accounting scandals in the United States, the potential conflict of interest inherent in packaging consulting and registration services by registrars and related bodies has received increased scrutiny. Within the last year, the NAP has issued two new advisories in response. Advisory 29 elaborates on the IAF prohibition on joint marketing of consultancy and registration. Advisory 31 reinforces the requirement for impartiality in the registration process expressed in Guide 62 and IAF Guidance, and it prohibits a registrar from issuing a certificate to any organization “to which a related body has provided management systems consultancy within two years following the end of the commercial relationship between the related body and the organization.” The two-year requirement has already been implemented in sector-specific requirements of the automotive and aerospace industries.

Anyone claiming the NAP ignores conflicts of interest by its registrars hasn’t been paying attention in recent months to information published on the RAB’s Web site and by independent media serving the conformity assessment community. The NAP QMS Council has found it necessary to withdraw NAP accreditation from a registrar and impose suspensions within sector scopes on other registrars found to have engaged in a conflict of interest. It’s clear that the NAP will vigorously combat registrar violations to maintain integrity in the system.

Providing value to users of the third-party system is an ongoing NAP objective. It promotes ISO 9000 as a strategic business tool through its registrars, its involvement in IAF, presentations to stakeholders, the conformity assessment media and its own publications. The NAP works with the Independent Association of Accredited Registrars and industry groups to ensure it understands and responds to their needs and the needs of their customers. The NAP also works cooperatively with other national accreditation bodies to add value. It recently signed a Multilateral Cooperative Accreditation Arrangement with Japan’s accreditation body to “provide for the recognition of the acceptability of the results of each party’s assessment and accreditation program based upon the determination of equivalence.” The MCAA was written with the express intent of adding other national accreditation bodies as parties to the arrangement.

About auditor certification

Independent of the ANSI-RAB NAP, the RAB operates programs for auditor certification and accreditation of auditor training courses. To ensure the abilities of those who earn its auditor certification credentials, the RAB requires demonstrated auditing experience, except for the Provisional Auditor grade. RAB-certified auditors are required to abide by an explicit code of conduct.

Auditor certification, like organization registration and registrar accreditation, is voluntary. As certified auditors demonstrate greater competence and consistence, market forces may drive organizations or registrars to demand certified auditors. Registrars aren’t required to use certified auditors, but many do.

What’s ahead?

ISO 9001 is flexible enough to be applicable and useful for any size and type of business, as demonstrated by the number and variety of registered organizations. Implementation really helps improve quality if the effort is driven by top management and aligned with strategic goals. But although the potential benefit from implementing ISO 9001 is considerable, many organizations require more effort.

The benefits of implementation depend on many variables. If the goal is simply to do the minimum to gain registration, results are likely to be limited. Organizations seeking the maximum benefit will satisfy the full intent of the standard, aligning their QMSs with strategic goals and meeting internal needs rather than just external requirements. Just as the IAAR looks to the NAP to provide value in the accreditation process, smart organizations among those seeking registration demand and receive value from their registration.

About the author

Robert H. King Jr. is president and CEO of the Registrar Accreditation Board. Before joining the RAB in January 2002, King was a vice president for Bayer Corp.