ISO 9001 Myth #3 – Failing ISO 9001 Certification

Sometimes the office chatter gets around to the outcome of a pending ISO 9001 certification.  With a healthy combination of fear of the unknown coupled with serious concern for getting the job done right, I often hear key players speculating whether the auditor “is going to pass us.”  Perceptions of over-zealous or inexperienced ISO 9001 consultants and quality professionals often exaggerate the slightest documentation blemish and threaten to derail what would otherwise be an opportunity for positive momentum, streamlined operations, and tangible improvements.  Many firms are not this extreme with their concerns, but most look at failure of the audit as a potential outcome.  The truth is that failure is highly unlikely.

First, it’s important to realize that registrars are not in the business of failing their customers and auditors are not looking for reasons to fail you.  Auditors are looking for reasons to pass you.  In fact, they want you to pass.  The objective of a good auditor is to understand your quality management system and communicate with you to justify that your processes are effective and compliant with ISO 9001 requirements.  Although many of my ISO 9001 consulting and training clients imagine auditors as people who are difficult to work with; typically auditors are not trying to play “gotcha.”  In reality, you have to try hard to screw up an ISO 9001 certification audit that is properly prepared for.

Second, the auditor is measuring you against a basic set of requirements.  As I have discussed in previous articles, ISO 9001 is a minimal set of generic requirements.  Consequently, the auditor’s charter is to assess whether your company meets these minimal levels.  Since ISO 9001 is a quality management system framework and a platform for continual improvement, the auditor is not so interested in whether your company has realized every value-added potential for the business.  Sure he or she may note opportunities for improvement, bring some things to light, and even make some recommendations “off the record.”  But if you’re meeting the stated ISO 9001 criteria for a quality management system, then your auditor is typically anxious to report that your ISO 9001 implementation is successful.

Finally, if your company really is too screwed up to pass, this should be caught long before your certification audit.  The first line of defense should be your ISO 9001 consultant.  He or she should suggest that you postpone the certification until you are truly ready.  If the ISO 9001 implementation was done internally without the aid of a competent consultant and your company has begun the certification process only to find that failure seems possible or imminent, then your registrar may be more to blame than your quality manager or implementation team.

One of the first steps of the ISO 9001 certification process is the “stage one readiness assessment.”  Your auditor should note any red flags or significant concern as you cross the stage one toll gate.  By the time the stage two certification audit takes place, the path to successful compliance should be readily apparent and there should be no major nonconformances.

The truth is an auditor who issues failures with any regularity is an issue in itself.  The ISO 9001 auditor is a key component in the ISO 9001 certification process and should be communicating whether the organization is ready to proceed.  Your auditor should be looking to work with you to stand up a lean, value-added business operational system that meets minimum requirements and positions the company for continual improvement.

So that begs the question – “Does failing happen?”

Unfortunately there is the occasional situation where the auditor does not recommend the company for ISO 9001 certification.  This is usually due to extraordinary circumstances.  Sometimes a company going through a merger, opening new facilities, changing facilities, or changing leadership may make assumptions about the business operations based on the current state which simply cannot be carried forward.  Even if the existing systems have worked well in the past, if it can’t bear the organizational and operational changes, this may provide grounds for an unsuccessful ISO 9001 audit.  These situations aren’t typical but they do happen.

Many audits will end with the report of some minor nonconformities (the national average is 4-6; Pinnacle’s average is less than 1).  Does this mean failure is on the horizon?

Most of the time when minor nonconformities are reported there is ample time to correct them; sometimes prior to the auditor even leaving the facility or in a few days or weeks after the auditor makes his recommendation but before certificates are issued by the registrar.  The auditor may offer to recommend your company pending receipt of corrected minor nonconformities, so you still don’t fail; you just have some additional work to do prior to the auditor’s recommendation.

The bottom line is that no company should worry about passing or failing your audit.  ISO 9001 implementation and certification are not about collecting another plaque for the lobby.  The process is about developing, maintaining, and evaluating a business operating system that works well and positions your business for success.  Align your business processes with best practices, create lean value-added documents, be able to demonstrate that your quality management system is effective and your ISO 9001 certification will be a byproduct and a positive force to move your company to continual improvement.

15 Responses to “ISO 9001 Myth #3 – Failing ISO 9001 Certification”

  1. Buddy Godbout says:

    Kirill,
    Thanks for finally spinning us in a positive light. Hope you are well.

    Buddy

  2. Kirill says:

    Hi Buddy and welcome to the blog. I hope you will come back and provide us with some your knowledge and experience.

    Ironically, since I wrote this article I went through an ISO 14001 certification with an auditor that I had never worked with before. The client passed with 0 nonconformances, but the experience was not positive. The auditor’s background was automotive and military. Need I say more? Shame on me for not vetting the auditor. It has been so long since I had an unpleasant experience. I must have gotten soft. 🙂

    I hope you will chime in more often.

    Kirill

  3. David says:

    Hi Kirill,

    I just went back and got caught up on Myth’s #1 and #2. I love the line about the documentation becoming “self aware,” very funny….unlesss they are procedures you have to follow that is.

    David

  4. Kirill says:

    Thanks, Dave.

  5. Chris Carson says:

    Hi Kirill,

    Great article on a very prevalent myth. I still get questions asking how many non-conformances mean I fail the audit? There is no answer because even if you have numerous non-conformances, you aren’t automatically prevented from certification. Those non-conformances just need to be addressed before you can be approved.

    However (as you note), it’s not that you won’t get approved, but that shouldn’t preclude a company from putting in the effort to meet the intent thinking they’ll just pass eventually. At the same time the auditor should be focused on if the intent of the standard was met. Then feedback to help meet the intent of the standard and more importantly feedback to help the system grow and mature, while aligning with the company’s goals and strategies is a must.

  6. Kirill says:

    Great comment, Chris. Always good to hear from you.

    I completely agree that from the registrar’s perspective true failure almost never happens. However, from the client perspective, getting a bunch of minor nonconformances at the certification audit (Stage 2) and having to provide the auditor with corrective action before the auditor will give his/her recommendation for registration is tantamount to failure.

    As a consultant, I agree with and share this perspective. If I or any other Pinnacle consultant allowed a client to proceed to the certification audit that did not result in a recommendation for registration before the auditor left, then we did a bad job. I can accept nonconfonmances that are so minor that they are closed out before the auditor leaves (one has to give auditors something to find 🙂 ), but not more. I take pride in Pinnacle’s spotless record in this regard. All consultants should hold themselves to the same standard and clients should expect nothing less. Meeting the minimal requirements of ISO 9001 should not be a stretch for a competent consultant.

  7. Tim says:

    Kirill,

    Yet another great topic from your blog. Coming from the perpective of an ISO 9001 Lead Assessor for 16 years, this issue has been on my mind and is rather aggravating to say the least.

    I honestly believe that this myth is primarily due to the lack of knowledge and training at the C-level of management (e.g. CEO, COO, CTO, CFO, etc). Deming said that 85% of problems (in a company) are caused by management and only management can fix them. His point is that corporate leadership should be able to assume blame as well as lead by example. In my ISO 9001 audit experience, the C-level managers are depending on the middle management to hold the golden key of the entire ISO 9001 process. This includes a core understanding of ISO 9001 foundations and principles like the myth of passing or failing audits. Often when I audit this kind of question comes from the top and not the ISO informed middle level of management and, to be frank, most of the C-level do not bother to play a part in the audit process and hold the middle 100% responsible for the audit outcomes. At the same time they really do not have a clue about the value ISO can bring to a company and simply ask: “did we pass or fail?”, “what is the bottom line and shut the door when you leave”.

    In summation, the real root cause is not bad people but very misdirected education for the C-level manager. In closing, I will make it very clear to all those that have not been enlightened and educated concerning this myth — there is no pass or fail in an ISO 9001 audit. The real score is how effective are the C-level folks in flowing down strategic business objectives to the ranks. If your company is issued a nonconformance, it should be reviewed and assessed on some portion of the C-levels leadership and as a result, appropriate action should be taken from that level. Moreover, lets get some good ISO 9001 training in the MBA classrooms, that may be a good start.

  8. Kirill says:

    Tim,

    Thank you so much for contributing your experience and perspective to the blog. I is invaluable to get feedback like yours from real-life ISO 9001 Lead Auditors like you and the other contributors to the this blog.

    Your point about the lack of executive leadership’s understanding of the purpose and intent of ISO 9001 is right on. My objective with the ISO 9001 Myth series is to educate, from a high level, all those that have either failed to educate themselves or have been misled by incompetence ISO 9001 consultants and trainers. I fear that the latter may be as big a problem and the former.

    As you may have noticed in your auditing experience, many of my colleagues in the ISO 9001 consulting and training business do not exactly grasp the role and potential of ISO 9001 as a platform for a business management system. Unfortunately, too many lack vision and place emphasis on documentation rather than business value. And others actually capitalize on and propagate the myths I write about.

    In the coming weeks I will be publishing case studies of companies that were first guided down the wrong path toward ISO 9001 certification. Some even achieved ISO 9001 certification only to find that they were mired in a sea of useless documentation. These companies later became Pinnacle clients who used our services to brush away the myths and misconceptions and develop value-added business operating systems that they use to this day. I hope you will review these case studies and share more of your comments.

    Thanks again,

    Kirill

  9. Dan Cook says:

    Since 1997 I have been working as a registration auditor. When anyone asked me if I believe they will pass or fail the audit it only leads me to the opinion that they do not understand the principles of the ISO9001 standard. My interpretation of “passing” an audit is continue to pursue registration, “fail” means that management decides to dispose of their current management system and will no longer follow any of their current business practices (including audits).

  10. Kirill says:

    Welcome to the blog, Dan. Thank you for sharing your extensive experience.

    Unfortunately, there are still some auditors, particularly in the automotive industry (TS 16949), that still propagate this myth ISO 9001 (and TS16949) certification. Your perspective is correct, of course. But the few bad apples have provided credence to this myth.

    The other reason is that many clients perceive getting a major non-conformance at the Stage 2 ISO 9001 registration audit as a failure. They simply don’t realize how difficult and rare it is to “fail”, provided the QMS was implemented with basic diligence.

    I hope you will come back to the blog and share your thoughts again. I think we can all benefit from your perspective.

    Kirill

  11. Ctreya says:

    I the above article you mention the national average for nonconformities is 4-6. What is the length of the audit for these nonconformities or is that a nonconformity per day number?

    Thank you!

  12. Kirill Liberman says:

    Hello Treya.

    The average is for all initial ISO 9001 certification audits. I don’t have the breakdown by audit length.

    I hope this helps.

    Kirill Liberman

  13. ramakant says:

    I would like to become a Lead assessor / Auditor. I have worked in a manufacturing industry for more than 40 years and worked in QA/QC & documentation of ISO 9001 / 9100 /14001 etc. How do I go about it ?

  14. Kirill Liberman says:

    Hello Ramakant.

    The first step is to apply to several registrars. The ones that are interested will then advise you to take a Lead Auditor class. They may even sponsor your training. Then you will submit your credentials to an accreditation body. This body will require you to complete some number of audits with a registrar under another lead auditor.

    I hope this helps.

    Good luck in your new career.

    Kirill Liberman

  15. Chance Cook says:

    I will try and make sure that my processes are compliant with ISO 9001. That is what matters most to me. So I’ll see what I can do about getting that done.

Leave a Reply