Note from Renaud: Let’s say your factory is undergoing a quality audit requested by your customer. The auditor will arrive and you are advised to have a ‘guide’ help them around the facility and the different processes. But what is the role of the guide in order to get a satisfactory result for all involved? Brad has been involved in many audits on both sides of the table, and he is sharing excellent advice here.
I long ago lost count of the total number of audits I’ve participated in. The number is surely well over 400 days worth over the past thirty years, at over 100 different company sites. Those are just the ones where I was an auditee… doesn’t count another 300-500 days where I was a second or third party auditor, auditing suppliers. So I think I should have some things to pass on… here we go!
Three roles for the guide…
In reflecting, I think of at least 3 distinct roles for the guide. They have different goals and require different “soft skills”. I assume that you are already knowledgeable about the hard technical skills for your area… though this can be complex, and maybe never “mastered”. But, the soft skills are critical too because this is a human effort, depending on communication, perception and relationships. So that’s the goal here.
The three roles, in the ideal situation:
First, as company quality leader. In years past we used the term “management representative”, meaning the management team member most responsible for the quality system. Often this was the QA Manager. As a contractor/ consultant, I sometimes served as a “management rep for hire”, and took the lead spokesperson role. I would often present key documents like the management review; corrective actions, internal audits, and customer scorecards. In particular, the corrective actions for any noncompliances from the previous third party audit will always be checked. And count on auditors to look critically at corrective actions for customer concerns. These five items are audited every audit, always at the start of the audit. (Exception: the review of previous noncompliances is sometimes done at different points.) They set the tone for the rest of the audit, so getting the “music” right is important. In IATF 16949, auditors have been asked to review these items and select a mode for the audit. If things are going well they should practice “value added auditing”. In reality this means ignoring minor problems (such as a document slightly out of date)… and offering verbal feedback to fix the concern without a formal nonconformity being written. On the other hand, if there are serious quality problems visible to customers, auditors are told to “take no prisoners” and write up every last issue however minor.
In my professional opinion, this is just wrong. I won’t go on at length, but it obviously goes against the principle of objectivity. Even the finest companies have blind spots, and the auditor should find these and point them out. To ignore this is to yield to what’s called the “halo effect” where strong performance in one area can excuse lackluster work elsewhere. But, this is the real world, not Brad’s theoretical universe.
One final detail. Everyone relies on electronic documents these days. But plenty of research shows clearly that ergonomics favor the printed word. So, my recommendation is to print hard copies of the critical documents – management review, corrective action summary, internal audits, and scorecards. Have these ready to go. On the other hand, use the ergonomics to your advantage in auditing documents that you don’t trust as well. Keep them online. If the auditor asks to have them printed, agree… and take your time.
Having presented the key deliverables of management review, customer concerns, scorecards, and internal audits, it’s time to move on to…
Serving as guide for other auditees.
In the ideal world, the lead guide will be with the auditor 100% of the time and serve as “master of ceremonies” for the audit. But, it’s also important to have the auditor see other faces, and hear directly from them. So, to balance this my recommendation is to very briefly summarize the procedures in the area being audited in the presence of the other auditee, then hand them off to the other person to take the floor. Let the auditor be in charge now. If the auditee stumbles a bit, you could prompt them. This may especially be true if the auditor asks using ISO jargon; you can serve as “interpreter”. For example, if the auditor asks for the “procedure”, you might suggest that the auditee show the “operating practice”. Generally, however, it’s best to allow the auditor to be in control, and stay quiet to give the auditee space. Use some body language to encourage the auditee… even if they screw up. (Perhaps especially if they screw up!) And, of course, don’t show weakness or unhappiness… be the face of confidence. If things go wrong, be calm and positive.
Negotiating noncompliance writeups.
A final crucial job. When done well, it makes a big difference. First, an important thing to avoid. Don’t fight to the finish to avoid a writeup! Be calm, and look carefully. First step: By and large, you should “trust your system”. Most guides are starting with a system that’s been successfully audited for years. You should assume as a starting point that your system meets the standard. So start by looking carefully at your own procedures. If it looks like you were following them, you’re most likely clean. But if you clearly goofed, then you might have a problem. If this is the case, most often you should just own up to the problem. Be positive – but realistic.
Steps for dealing with a noncompliance writeup:
- Pause… breathe deeply… and calm yourself if needed.
- Re-look at your procedure carefully. See if it offers exceptions or alternatives. Is it always applicable? It may be useful to look at related procedures, too.
Here let me show two alternative paths- first, if you have a real NC, second if you’re not sure.
- If it’s clear that you or the auditee missed the mark, don’t argue or deny it. Take the posture, “OK, looks like we may have an issue here. Let’s take a closer look.”
- Look and restate the procedure out loud with the auditor and auditee.
- Consider how to ease the damage by carefully stating the problem. A key example: it is much better to write an NC stating, say, “No records of the inspection could be provided.” Rather than “No inspections were being done.” As long as the facts are clearly written, most auditors won’t object to this. I might say, “Would it be fair to say that no records of the inspection of part number 12345 were available?” This will make the audit report less potentially damaging, and often be much easier to write a corrective action.
- If you are reasonably confident that this is a rare problem, suggest that several other instances be audited. Sometimes auditors will overlook individual incidents if it’s clearly an unusual exception. (Often auditors will do this on their own… it’s good practice.)
- Thank the auditor.
On the other hand… if you think the auditor is wrong…
- Make sure of your facts. Is the auditor saying that something is mandated by the standard, but your procedures don’t require it? If so, take a closer look at the standard together. As silly as it may sound, make sure that the auditor is using the right standard. I have seen, for example, auditors applying requirements of ISO 17025 – the laboratory accreditation standard – when auditing IATF 16949 in a lab.
- Remember, the standard says what is required, not the specific method to achieve it. Does your approach meet the intent of the requirement?
- Does the standard specifically require a written record as evidence? While this was true in the past, there has been an explicit effort to reduce the requirements for records. (At least, this is true for ISO 9001 and ISO 14001. It is less true for IATF 16949, the automotive standard.)
- Does your overall performance overall justify a claim that the intent has been met?
- As a last resort, if you still believe that you are having a meaningful disagreement on the requirements of the standard, a reasonable tactic is to engage the lead auditor (if you have a multiperson audit team), or the “technical lead” for the registrar. (Obviously, you will need to have the auditor call the technical lead). This is rare – I have only had occasion to do this twice – once with a lead auditor, the second time with the registrar’s technical lead. And in both cases, I thankfully prevailed… though I always was careful to be deferential to the auditor.
Some final “do’s and don’ts”…
- DO stay with the auditor the entire audit if at all possible. There will likely be relatively long spells where the auditor works privately on report writing. Sit patiently, and have some easily interrupted paperwork to keep yourself busy.
- DO provide the auditor a “home base” – ideally a neutral place such as a conference room, or a private office.
- DO ask the auditor to repeat or restate a question if you aren’t sure you understand it. It can also help to restate the question yourself first and ask for confirmation.
- DO have relevant procedures or work instructions in front of you and use them to guide your answer. DON’T rely on your memory.
- DO answer the specific question asked, no more, no less. Don’t elaborate.
- DO be prepared to back up what you say with evidence, at least for those items you commit to retaining records for.
- DO provide the truth about problems, especially customer concerns. If you try to hide this you’ll be sorry. Even broad general comments – such as “We struggle with keeping XYZ current” in your management review should be real. Better if the auditor sees that you know you have an issue and are doing something about it.
- DON’T qualify or add to the answer with comments like, “What we usually do is”… unless you are prepared for the question, “What do you do in other cases?” Keep it straightforward, and avoid adding excess wordage.
- DON’T automatically assume that some specific item an auditor requests is mandated by the standard. They, too, are often trying to simplify communications and may use a common industry term. But, your company may be different, and meet the standard in a different way… or simply use different terminology.
- DON’T question or complain about a particular requirement of the standard. At best the auditor will remind you that she doesn’t have any latitude to waive a requirement, and/or that you voluntarily signed up to comply with this standard when you agreed to supply this customer. A special case of this – don’t bother saying, for example, “GM doesn’t do this themselves”. Doesn’t matter.
- DON’T claim an exemption on the grounds that your company is small; your resources are limited; or a similar excuse. Actually, most auditors spend lots of time auditing small companies. There are nearly 1,000,000 firms certified to ISO 9001, and 75,000 sites certified to 16949. Many are small firms – perhaps most. (Sometimes you may be able to claim that a particular requirement isn’t applicable to your firm. Better have a strong, fact-based case. Or, if you are in the rare situation of having a written customer waiver, that will do the job.)
- DON’T feel anguish or take noncompliances personally. As they said in the movie The Godfather, “It wasn’t personal, it was just business.”
About the author:
Brad Pritts is principal of Eagle and Dragon LLC, a contract service specializing in quality assurance and auditing. Among other responsibilities, he has been the primary manager of the Asian supply base of a successful auto and truck parts importer since 2006. Earlier, he served as quality leader for an aftermarket auto body parts supply network in Taiwan and China, from 1999 to 2003.
Contact. bpritts (at) EagleandDragon.net