A well-established organization do not worry of any findings and non-conformities detected during an audit. This is because the employees have done their job well to maintain the system. The top management always regards eyes of the third parties as an opportunity for improvement. This type of organization will see findings as adding value and a gift for the organization. They are people who appreciate the auditors work and would always look forward for the next audit.
When an organization sees the management system as a business tool they would continuously maintain the system. They would establish their own management system which in in line with the management systems. They are always above the international management system such as ISO9001, OHSAS18001 and/or ISO14001. Auditors are welcome; certification body, customers, government etc. These are the people who would review the effectiveness of their systems with feedback for improvement. Consider this as a free consultation.
However, not all organizations are well prepared for audits and many are not. There are organizations which manage the management system for the sake of certificates. The top management usually not very responsible and committed, they are only interested to get the certificate because the customer wants it. You will see on the day of audit they are mostly missing in action; vacation or meetings. The highest person attended the audit usually a management representative. Some of these people sometimes do everything; he is an auditor, document controller, auditee etc. When they get the certificate, they let the system run by itself without proper maintenance. A few days before the next audit, they will call all their people to start updating the system. They usually spent certain period of time purposely to prepare for an audit.
Let me ask you, do you think all the records available? Do you think they can update all the records correctly? Do you think they could take corrective actions effectively? It is least likely they will get it all done correctly.
How do you think they will get it done and ready for an audit? This time they will do anything to hide, divert attention of auditors and to waste the auditing time just to ensure non-conformities are not detected. Here are some of the examples:
1. During an opening meeting, the management will give a lengthy presentation. Sometimes it associated with breakfast which may kill about 1 hour of the time.
2. During site visit, although there is already a scheduled time, the tour guide will take a longer distance walking around. This would kill another hour or two of the auditing time. If there are locations which are not ready and they don’t want the auditors to see, they would avoid passing through the area.
3. The auditee will book a room for audit investigation. Audit will be conducted in the room. Whenever the auditor needs to see documents or records, auditee will run out of the room ‘to look’ for them. It takes a long time to get them. Sometimes they purpose slow down the search just to kill the time.
4. When there are routine tasks were not done and forms were not completed, they will fill up and signed all form for the year in one day.
5. If records were found not up-to-date or signed, they would immediately update or sign. This very common.
6. Some management records may not available or up-to-date. When these records are requested, they would tell the auditor that they are kept in the manager’s office and the manager is away and nobody has the key.
7. Lunch time, the auditee would take auditors out for it. Sometimes they purposely book a place which is far from the premises and take long time to order. This will delay the investigation further.
There are many more auditee tricks. Some of these tricks are already known by the experience auditors. Whatever tricks auditee apply it does not harm auditors. Although the organization get the certificate; new or renew, the defect in the management system is still exist. No corrective action taken and more damage to the system as the time goes by. No one pay attention for the defect of the system. In the end, the certification body get the money from the organization for the damage which done by their own employee.
Next … I will write how auditors should handle those tricks.
No comments:
Post a Comment