(Part 1 of this article can be found here.)

Continuing on the top 10 mistakes made by ISO 9001 consultants, in no particular order:

6.) Training the client to be a consultant. Consultants often don’t realize that by teaching clients everything they know (see #5 “Data Dump”), they are not training clients on ISO 9001, but instead training them to become their competition.

Typical scenario: a procedure is required, so the consultant trains the client on how to write a procedure. Perhaps a week later, the consultant returns to review the client’s procedure, only to point out the weaknesses, order some edits, and come back later to check again. It’s agonizingly slow, and would be better served if the consultant just wrote the procedure based on information gleaned from interviews.

This approach teaches the client how to create an ISO 9001 QMS, rather than use one, which is only good if the client wants to become an ISO 9001 consultant. It sounds like a subtle distinction, but there is actually a vast difference. Clients are not tech writers, they are not skilled at writing procedures that address all the requirements, and they don’t need to be. Once again, that’s what they have hired you for.

You are paid to develop and deliver the QMS. The client wants to get busy with using the system, not crafting it. Their input is essential, of course, but the nuts and bolts of building the system are the work of the consultant. Then the client can focus on implementing those procedures and moving forward to improve them.

Consider this: your doctor doesn’t teach you how to do surgery on yourself, but he will help you improve once the surgery is complete.

7.) Reliance on boilerplates and previous client documents. Boilerplate documents provide a limited use, mostly for saving time when writing procedures that are unlikely to differ between clients, such as management review (because the standard is so descriptive in what is required, leaving little room for creativity.) But the bulk of procedures are likely to be very, very different from one client to the next, and the use of boilerplates will either require the consultant to fit the company around the procedure (never good), or to re-write the procedure from scratch anyway.

Consultants will also often use documents they’ve written for other clients, and the risk here is that (again) the previous client’s approach doesn’t work for the new client, or (most embarrassingly)  the previous client’s name will pop up in the document’s text or metadata, revealing the game. Instead  it’s best to only use boilerplate text as a last resort, to obtain data from the client through interviews, and then write procedures based on that, only adding or changing things when a specific requirement is not met.

PS: boilerplate documents that rely on cut-and-pasting of client information rarely pass a registration audit, no matter what the sellers of those documents say. For more, see Seven Reasons Why ISO 9001 Boilerplates Don’t Work.

8.) Staying within the box. ISO 9001 has devolved into a set of memes, cultivated by lazy registrar auditors and somnambulist consultants. These include such non-requirements as the “training matrix,” “master document list,” “job descriptions,” “process maps” and “document numbers.” None of these are specific requirements, but you’d be hard pressed to find an auditor or consultant who didn’t think at least one of those really was mandated by ISO 9001. As a result, consultants tend to impose these methods on clients, rather than find an alternative “out of the box” approach that might better suit the client.

Consultants must tailor their solutions to the client, and sometimes that means “going nuts” with new ideas. For example, I once wrote a quality manual that utilized single-panel cartoons to present most of the information. Don’t worry about getting registrar buy-in; that can be dealt with later, by communicating clearly with the registrar. During the implementation, focus on what works for the client, and constantly bounce it against the actual language of the standard, not your memory of it. If it meets the intent, the auditor will have to agree to it later.

9.) Representing the registrar over the client. Too many consultants conduct their own work with both eyes on what they think the registrar will accept. This has the effect of the consultant working more for the registrar than for their own client. As I’ve said, registrars must — by accreditation rules — attempt to understand how each client has interpreted and implemented the various requirements. The client will have plenty of opportunity to explain the approach or method to the auditor. An auditor who refuses to accept a given approach without citing specific evidence on how it fails to comply can be challenged. The client must come first.

10.) Needlessly combating the registrar. The industry may suffer from poorly trained auditors, deceptive CB sales reps, unmotivated Accreditation Bodies and inept ISO management, it’s still no excuse to go off half-cocked on an auditor. Auditors will make mistakes — lots of them, if history is any indicator — and these must be addressed in a calm, procedural manner. Accreditation rules require registrars to process appeals and complaints according to set requirements, and consultants should learn these (ISO 17021) and know how to run such concerns through the documented systems. You’ll have a harder time convincing an auditor, or the appeals committee, of the validity of your challenge if you don’t ground it in evidence and facts, and instead rely on full-on freakouts to make your case.


About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.


Surviving ISO 9001 Book