The ISO certification industry, unfortunately, has a dark side.
A large proportion of purchasers ask about certifications in the sourcing process. If a potential supplier sends an ISO 9001 certificate, it’s one box ticked. Also an ISO 14001 cert, another box. And so on. It has become a no-brainer prerequisite.
And Chinese suppliers have taken notice. There are now more ISO 9001-certified companies in China than in any other country. Is it a sign that China’s factories are great? Nope.
Sadly, it is a sign that the process of getting companies certified is deeply broken.
Most purchasers don’t know enough about quality
Before I blame manufacturers and traders, I want to put some of the responsibility on purchasers. Then often tend to request documents without understanding the value behind those documents. And that’s how many suppliers got trained to “just prepare documents”…
David Collins Jr. wrote about the way a Chinese factory’s salesperson was conditioned to prepare whatever documents are requested in Are Your Production Management Systems For Real (Or Just For Show)?:
I recently visited a factory on behalf of a client. They wanted me to see if the factory was capable of making the products that the company needed at the right cost and quality. When I called the supplier for an appointment, the representative asked me what standard I wanted to see: ISO or some other certification?
I told them I wanted to see their production systems and how the factory knew that the people were doing their work properly. I also asked about maintenance, incoming quality control, and how they developed their new products.
The representative in charge of sales asked me what I meant. I said, “Well, do you have FMEA’s, a preventative maintenance system for machines, the standard work instructions for the operators, etc.?”
She was very polite and told me those things were no problem. She asked if I could send her what I wanted to see, and she would have it all filled out for me by the time I came the next week. I said do not worry about it – I will just see her.
What I found, of course, is that they had little documentation relevant to what they actually do. They were ISO 9001 certified and had mountains of irrelevant paperwork that had nothing to do with their actual processes and procedures.
It’s all just a marketing scheme
Most companies focus on marketing more than process improvement, quality, or safety. That’s (increasingly?) true in many countries. Especially in some Asian countries like China.
In several East Asian countries, there is a prevalent idea in many circles that hiring the right people is what matters. Systems and processes are not that important. The right people will find a way to get the results needed. There is sometimes even a feeling that Chinese people don’t like process thinking, but that’s probably over-generalizing.
China in general also places a LOT of importance on formalism. The right paperwork shown on the wall gives a positive impression.
That’s why companies are ready to open their wallet to get a certification (as a tangible deliverable) but don’t actually want to do the work of putting in place the right processes.
The ISO standards are good, but the certification process is bad
Don’t blame ISO 9001, 14001, 13485, 22001, 27001, and so on. They push the companies to upgrade their systems. They are not perfect, but they are generally a force for good.
Whom to blame? The ISO certification industry (involving most certifying bodies, and the accreditation bodies that are supposed to police them) as well as all the consultants gravitating around this industry. They went really deep into the dark side…
In many cases, we have conducted audits on factories that were showing nice certificates on the wall, and we wondered ‘how did they manage to get certified??’ With the exception of a few certifying bodies, it is amazingly easy to get certified without implementing anything from the relevant management system.
A serious lack of competence
Most audits are basically ‘tick the box’ exercises. Auditors tend to look for simple issues to show they did their work, so they often focus on labeling and document version numbers. For example, in a recent audit, we were asked for the certification of our mechanical engineer who calibrates our calipers, micrometers, etc., but he has more than 10 years of experience making plastic injection tooling (which means he knows a thing or two about accuracy) and just looking at the calibration records gives an idea of whether he knows what he is doing. Maybe we need to give him a 1-hour training and keep a record of it??
Most certification auditors seldom take two steps back and look at the entire system to confirm it makes sense. No assessment of high-level interactions.
And the reason is, the training for internal or lead auditors is rather simplistic. Spend a few days in a classroom and you are a certified auditor! Do a certain number of days of auditing, and you, too, can be a third-party auditor!
It is so embarrassing, some of the training companies are starting to offer more advanced personnel certification. For example BSI with its “process improvement auditor” level.
Auditors’ training is biased
Who provides a lot of the training courses about auditing? Those same companies also doing the audits for certification!
And what does the CQI/IRCA lead auditor exam (which is seen as the “gold standard” for auditing certification) test? That systematically puts the trainees in the shoes of a third-party auditor.
Why? What is wrong with second-party auditing?
A customer auditing a supplier also uses a lead auditor. In my view, second-party auditing is much more focused on the actual needs of businesses. It is much more concerned about really understanding the manufacturing processes at play, putting the finger on the biggest sources of risk, and pushing hard for improvement. It is much less concerned about conformance to an abstract standard. Second-party auditing deserves its own training track & recognition.
And the most guilty of all… the consultants!
A lot of companies like to make the ISO certification process look like a game to be played only by those who know the rules.
Certifying bodies are intimidating… but they are just commercial bodies that compete to get business, they are not government bureaus!
In most cases, some training and some high-level guidance should be sufficient for a company to do the work and get certified. If there are still issues, listen to the auditor’s findings, act on them, and you are fine. However, most SMEs don’t have a proper QA staff and have no real understanding of what such and such ISO standard really requires.
That’s how an entire industry of zero-added-value consultants has emerged over the years accompanying the ISO certification industry. In 2015, I wrote about “consultants that make paperwork look good” vs. “consultants that improve processes”. Since then, it has only gotten worse.
Why do I hate those consultants so much?
Think of the devastating effects when factory people are trained to lie — to play theatre and pretend that they actually use that stack of useless papers.
Think of the conflict of interest, as those paperwork consultants recommend certifying bodies that are easier to deal with, and those auditors in turn suggest the consultants as trainers. (Amazingly, a large part of the members of the technical committee behind ISO 9001 are… consultants who make money from that standard.)
Think of the lost opportunity when they deny their clients the ability to understand the requirements of the standards. Consultants routinely remain involved in yearly internal audits and other actions that should be done by the manufacturers themselves.
What do you have to add about the ISO certification industry?