by Christopher Paris
VP Operations, Oxebridge Quality Resources International

In my 23 years of working with ISO 9001, the past 12 of which have been as an Implementation Specialist and trainer with Oxebridge, I have always seen a disconnect between the thinking process of registration auditors and managers, and their customers: the ISO 9001 end user.

(This extends to all the other management system standards, too, including AS9100, ISO 14001 and ISO/TS 16949, but for simplicity I will just refer to 9001 for this piece.)

I’ve spent years trying to decipher this problem, and attempting to resolve it. For a while I was on the Advisory Boards of two accredited registrars, offering my unique perspective as a “professional auditee” and trying to bring the voice of the ISO 9001 consumer to the table. I worked for a registrar as a Lead Auditor for a time, and got to see things from that perspective. I left that quickly, as I found the implementation and consulting side of things suited me better, but also because I couldn’t “fit” in what I felt was a very limited viewpoint of the registrars, throughout all levels of their organizations.

In 2004 and 2005 I gave speeches across the country to ASQ groups, the IAAR (the registrar’s collective organization), and to the US TAG to ISO TC 176, an audience which featured end users, standards authors, registrars and accreditors. In all of them, I tried to bring the auditee’s experience and perspective to the forefront.

I have offered to speak, at my own cost, to registrars during their annual auditor training sessions, but have only had two registrars – Eagle and ABS – show any interest. The others declined, or never replied. That in itself may say something — or they may just not like the presenter. (A high ranking representative of ANAB recently told me that the “registrars are afraid of you, Chris.” I asked him why they weren’t afraid of him, since he was the regulator, not me. Surmise from that what you will.)

I have written, in few places, about “The Unnecessary Conflict” between auditors and consultants, and how both “sides” (a concept I hate) need to work together to support the end user, since the best structure is a three-legged stool, not a single pole balancing two jumbling figures locked in combat.  But registrars have rejected even that concept, except when bugging consultants for leads.

It just looks like registrars want a fight, and some consultants are willing to give it to them. Meanwhile, the ISO 9001 end user suffers.

Consultants – No Free Ride For You, Either

It’s not all the registrar’s fault. I have written a lot about what’s wrong with consultants, leading to Oxebridge’s almost total abandoning of the term “consultant” (we are “Implementation Specialists” since what we do is so alien when compared to traditional consulting.) My criticisms against “traditional consultants” and their billing practices, contracts, methods and attitudes have led to harsh, and often deeply personal, attacks made against both Oxebridge and myself (and even my family) by those traditional consultants, unaware that those kind of hostile reactions only prove my thesis, and don’t help anyone.

So my record on trying to get consultants (including Oxebridge) to improve is solid. I won’t go into it further here.

Instead, I want to propose that registrars take a hard look at their internal training, corporate philosophy, management styles, and personal attitudes, and try to tune them into sync with that of their clients. Why that’s difficult is the first thing to examine.

Drudgery in Judgery

Registrars, by mandate, have only one role in the management system certification world: to verify compliance. All the talk of “value-added auditing”, risk reduction, and “improving your operations” are far afield (and sometimes in contradiction with) the sole role that Certification Bodies play. The origins of this “fluff marketing” come from the fact that registrars all offer a single service, and they have to do something to differentiate themselves from their competitors. It’s understandable in a market economy, but it does cause problems when they pursue these alternate goals at the expense of their accredited mandate: to simply assess compliance. Nothing else. (More on that in Part 3.)

It’s no great truth that being put in a position of authority over one’s customers eventually (or sometimes very quickly) leads to lazy thinking and an unrealistic perspective of one’s duties.  Scientific studies have proven this human trait. A “swagger” sets in, sometimes literally. This is not true for most registrars sales representatives, who are often very courteous and flexible and responsive… but things change immediately when the actual auditor takes over. The auditors have long since forgotten that they are a supplier to their clients, not a government regulatory body. They can be challenged, they can be appealed, they can be reported, and most of all, they can be fired.

This arrogant mindset is shared by the senior management of registrars, too; a top-ranking BSI exec was fired after he threatened “to bury” me in response to a complaint we had filed. His arrogance was so off-the-charts, he thought he was immune not only from criticism, but from the law, too. Umm, not quite.

It is only during their annual ANAB or UKAS accreditation audits that CB’s are reminded they aren’t the top of the food chain. But once the accreditor leaves, it’s back to business as usual, treating their customers as if they are regulators from the FCC or investigators with the Justice Department, assuming a mantle of impunity.

Reality check: they don’t have one.

(More than a few sales reps in the industry have complained to me about this phenomenon, and said this is why the turnover rate for sales representatives is greater than that of either managers or auditors within CB organizations.)

Registrars would be far better served if they understood what was going through their customers’ minds before hand, so they could serve them from that perspective, and avoid the hassles of complaints or (more likely) registrar-switching. By understanding the thoughts, fears and mindset of the customer, the registrar can adjust their approach in a way that alleviates stress, ensures a fair and verifiable audit, and keeps the registrar’s reputation in good stead. Everyone wins under that scenario.

Here’s the problem, though. The people who need to hear this the most already tuned out after the first paragraph. The ones left reading are probably the ones who need this information the least. I’ll continue anyway.

Cowboys and Indi… No, Wait, Just More Cowboys

Some real life examples I have witnessed first hand.

An aerospace auditor with NSF once audited a client of mine, and decided that the processes they had identified were “too complicated” for him, so he drew an entirely new process flow chart in his report, dividing the company up the way he felt was best. He then audited to that structure. AS9100 (and ISO 9001, of course) mandates that the organization define its processes, not the auditor. When challenged, the auditor became indignant, snarling that his method was just an attempt to “help” the client, even though his final report referred to processes which didn’t even exist.

Making things worse, NSF has run press releases about having this guy on their staff. Insiders told me that NSF knows he’s a problem, notoriously engaging in profanity-laced arguments during audits and training sessions, but he’s spent so much money in getting RABQSA auditor certifications, he’s one of the few aerospace guys out there with multiple credentials. He effectively “bought” his immunity, and he knows it.

If, instead, the auditor had followed the rules while remaining flexible to understanding the client’s process structure, he may have learned something new while producing a final audit report that not only was easy to understand by the client, but also wouldn’t risk ANAB citing NSF for a rules violation.

Another example: in the recent incident with Smithers, where they cited a major nonconformity against an Oxebridge ISO 9001 client (the first in our 12 year history), everyone within the client company who was asked felt the auditor had simply become flummoxed. There was some legitimate reason for this: in some cases, the client was arguing against findings a bit too aggressively, and the tone outweighed the reason. At the same time, the auditor clearly did not like her findings being challenged, and grew defensive, “locking in” her notion that something was “just not right” with the client, even though she struggled to find objective evidence to prove it. The result was a major nonconformity issued to the client that is a classic example of “padding” a finding: it combined three or four different and disparate clauses into one finding, and cobbled together a number of unrelated single incidents in order to craft what appeared to be a systemic problem. De-constructing the finding could have it reduced to a minor, but too many egos were already bruised, and Smithers wasn’t budging.

Had Smithers truly followed their sales script, and “understood” the client — regardless of whether or not their attempted defense was heated (I wasn’t present, so can’t speak to that) — the auditor would have remained calm and listened. If she had sufficient evidence to support her findings, then she could have easily defended her finding in a calm and reasoned manner that left no questions open. Unfortunately, that’s not how things happened, and the finding remained riddled with more questions than evidence. The client was angry, feeling they were not given an opportunity to defend against the evidence before the final report was signed.  The auditor was so frazzled, she debated whether or not to be pulled from the account. Everyone walked away upset, but while Smithers got paid, the client was left with a poor view of the registrar and ISO 9001 itself.

In one final example, an auditor with QMI wrote a pretty off-base finding that was not supported by any requirements of the ISO 9001 standard. When my client questioned it, the auditor never even bothered to present his rationale, and just said “fix it, or I come back and yank your certificate off the wall.” In reality, auditors can’t yank any one’s certificate, since they only make recommendations to a committee within the registrar, a structure mandated by accreditation rules specifically designed to prevent emotional reactions like that.  Had the auditor taken the time to understand the client, rather than maintain an illusion of his omnipotence, he would have provided a clearer understanding of his finding to the client, or may have actually learned something. Again, everyone wins. When an auditor resorts to threats, everyone loses. (The client fired QMI after the incident.)

So many times these negative, ego-driven interactions result in the firing of a registrar, it’s not surprising that the only growth US certification bodies can obtain now is through acquisitions and mergers. The CB’s aren’t generating new business for themselves, they are not getting referrals from existing clients, and they have treated consultants as toxic cancers for so many years, consultants are not sending business their way, either. When your only growth is through buying your competitors, you know you have a dying business model.

Everyone needs to relax, and breathe.


About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.


Free ISO 9001 Template Kit