Should Auditors add value?

A lot of our customers, and as I teach students and QMII alumni, have asked me about auditors, particularly internal auditors, who are pressurized to do quick audits and preferably without too many NCs (Non Conformities). Then there are auditors who have opinions (!), some who have been auditing for many years and start thinking they have the best advice. So who is a good auditor? What is the correct role of an auditor?

Here is what I think.

I first like to refer our alumni to an article I wrote some years back on “embracing audits and not fearing them”:

If auditors could improve a system then Enron would still be around. It is the management that improves the system. Their dependence on auditors weakens the system. A weak management needs advice! Managements including Top Management should be challenging the auditors against requirements and appreciating the inputs to be used in the P-D-C-A (Plan-Do-Check-Act) cycle and playing their part at the A-act stage to review the system (refer clauses under ISO 9001:2008 5). Once this fundamental is clear this conflict between auditors and managements (Auditee) will not remain significant.

Nowhere in ISO 9001:2008 does the standard ask the auditors to focus on non-conformities (NCs) Clause 8.2.2 urges auditors to look for conformity. So the intent of an auditor should be to look for conformity (unlike inspectors who go seeking non conformity). "The only bad NC is the one you do not know about - IJ Arora", so if while looking for conformity they do find a NC both the auditor and auditee (as also the audit client) should be delighted and use the input to do correction and CA (Corrective Actions). 

Of course the fundamental requirement is that the NC be based on a requirement being shown clearly by objective evidence to have not been met. A well written NC is worth its weight in gold. It is the starting point for correction, drives CA and when closed provides valuable data points, leading to data which the managements must convert into information which when analyzed enables PA (preventive Action) and as we look ahead to ISO 9001:2015, it will replace the PA and provide the input for risk assessment at the P stage of the P-D-C-A cycle. 

If only the auditors would stop trying to replace the managements, stop adding value to audits by giving advice, both the auditors and the managements would be better off.

The Sindhuratna Accident: A System Failure in the Indian Ministry of Defense

Resignation of the CNS (Chief of Naval Staff) of the Indian Navy (IN) a System Failure:

In the August 30, 2013 blog I wrote about the explosion on board the INS Sindhurakshak, a Russian built Kilo class submarine as a part of the Indian Navy submarine arm and the tragic death of 18 of its crew. My assessment of this being a system failure is now quite substantiated by the ill-fated accident on the INS Sindhuratna, another Russian built Kilo class submarine, which took the lives of two officers, and consequent resignation of Admiral DK Joshi as the CNS. I knew DK personally; we were students in the ASW specialization training in Cochin. A very fine upright officer let down by a failed system. Dr. Deming said: “a bad system will let down a good man every time”.

The ill-fated Sindhuratna was commissioned into the Indian Navy on November 19, 1988. The Russians operated the boat for about a year on trials and weapons testing before handing it over to India. On the date of  the accident the sub had effectively been in service for 26 years. These boats  are usually sent for a half-life (10 to 12 years) refit to Russia or done by the Indians in Vishakhapatnam, depending on the capacity of the dockyard. The major refit virtually rebuilds the submarine from its casing to the pressure hull. All hull valves are serviced and/or replaced and where advances have taken place new weaponry and sensors are replaced. The sub after such a refit is good for another 10 years. The pattern is similar to ships in the mercantile marine where the full term certificate is issued for 5 years (Clause 13.7 of ISM Code) and the ships maintained accordingly. Today most good ship registries as the Liberian ship registry will not register a vessel older than 20 years. However the Indian Navy squeezed out another two years of service from this boat. And finally the active life of this submarine ended in December 2013. Yet the submarine was operating…

The Achilles heel in a conventional submarine is its set of batteries. A Kilo class submarine is driven by 240 batteries, each weighing 800 kilograms. The batteries provide a service life of 200 fully charged to fully discharged cycles or exactly 4 years whichever comes first, and then they are due for change. The older batteries do not provide the juice necessary for running under water, require frequent charging, and emit excessive hydrogen and pollute the atmoshers inside quickly. The chlorine vapors and leaking electrolyte are hardly congenial to creating the safe work environment for performance as a warship (ISO 9001:2008 clause6.4).

 The Sindhuratna's batteries in use had completed their life cycle in December 2012. Lack of planning, and incorrect implementation of a system approach to managing such a vital arm of the Navy is adversely affected by a non-committed incompetent top management (TM) both at the ministerial level and at the administrative level. Even if the IN is projecting these requirements the TM still rests in the ministry where the defense minister may not even understand the nuances of the requirements. Further, interference in the safety levels occurs when the national operational requirements remain unchanged in spite of the navy’s underwater arm being  hugely depleted. This result in the IN pressurized to stretch the service life of these aged submarines with batteries which are a ticking bomb. In this particular case, it is reported that the  Sindhuratna underwent a minor refit over the last four months and it was on its first sea trial or Task 2 sea examination before it could be re-inducted into active service. It was however at sea with these batteries whose service life had expired! Batteries which should have been junked 15 months ago. Has not the IN had accidents or near misses before related to old batteries? 

So the question is why are the submarines being sailed in this state? Why were the batteries not replaced timely? Surely the CNS would have asked for these from the Ministry of Defense (MoD). The Defense Minister (DM) needs to understand the part that batteries play, even if he is just a political head, he needs the administrative organization to explain this to him and meet the Naby’s requirements. The ship didn’t get new batteries because the procurement process of the MoD failed. It perhaps did not take the CNS’s inputs correctly. When repeated accidents occur, the CNS is aware more accidents will follow because the system in the MoD has failed. He however has no recourse or face to show his men as to why he is sending them out in unsafe vessels. Thus his resignation.

A system which is failing needs to recognize the root cause of the failure. Who is responsible for this sad state of affairs? Clearly the MoD. Battery projections for the submarines are not made at the last minute. Naval Headquarters (NHQ) processes these requests timely and at least 3 to 4 years in advance. In any case battery requirements are periodic and well known to a country which has been operating submarines since 1967. The fleet is required to have a set of batteries as a reserve. It is therefore a system failure at the national level. Authorities higher than the CNS need to take responsibility and then the new incumbent should look at the system failure. There is no room for politics in such matters of national importance. If the nation’s defense forces lose faith in the system, then the loss of morale cannot be far away. “Morale is to physical as two is to one” - Napoleon. 

There is an urgent case for studying the system that runs the navy. The resignation of the CNS is a good example but not the solution.

MLC 2006: The end of the CDC …

A CDC (Continuous Discharge Certificate) or 'Seamen’s Book' as it is also called, is a very important document for seafarers; it is an immediate recognition of a mariner. A passport holds importance on land but for those on the high seas a CDC holds more value. However, the life cycle of the CDC is probably nearing its end with the ratification of MLC 2006.

Article 5 of ILO Convention No. 22 of 1926, states that seafarers shall be given a document showing the period of service performed on each ship. In compliance with this article Flag States issue the Seamen Book or CDC as an Identification document to seafarers. A Seafarers Identity Document (C-185) issued by the Flag State slowly became accepted as the main identity for mariners globally.  This eased the cumbersome old method of seafarers carrying several pieces of discharge certificates. The CDC, as a single document, also provides objective service information for the next employer. It is also helpful as evidence of sea-service while going for higher examination/ certification. CDC’s were never intended for use as a travel document. A passport still remains the only legitimate travel document. This should be substantiated by a Discharge Book while traveling to and from ships across other countries.

The ratification of MLC 2006 is ushering in several changes to the maritime community at large. The MLC-2006 references the Continuous Discharge Certificate in A-2.1.e. It states that a CDC could be issued by the Flag State of the seafarer. Germany, in its interpretation, will now stop issuing seaman's books, as indicated by the German Maritime Authority (BSH). The other Flag States may follow lead but there is still no clear guideline from IMO on this.

International law does not require seafarers to have a seaman's book. Mariners, as any citizen of a country, can travel to other countries using their passports and visas. In the past there were concessions operating in several countries that allowed seafarers to arrive, join and leave ships with minimum formalities and a seaman's book often did the job. Flag administrations certifying mariners require them to provide evidence of their sea experience when seeking re-validation of certificates or new certificates. That can be easily done by a paper record from each ship. The CDC merely consolidates it. Sadly over the years, many flag states, especially the big open registries, have seen seaman's books as a revenue source. Thus many of them have requirements in national law that requires all seafarers on their ships to have national CDCs.

Today with electronic records readily available for instant verification the requirement of the CDC is indeed becoming more a hindrance than a requirement which serves any useful purpose. Germany has shown the way; perhaps a bit early as the rest of the world has to catch up to this. There are some countries which recognize mariners only based on their possessing a CDC. German seafarers and those who follow Germany in this may find it difficult. It will have to be an international decision with universal applicability if this is to be the future.

I still have my CDC and am nostalgic about it considering the lengths I had to go to acquire one from the Indian Authorities. Its future probably lies in a maritime museum somewhere!

The benefits of ISO 28000

ISO 28000:2007 was developed such that organizations of varying scale could apply the standard to supply chains of various degrees of complexity. ISO 28000 sets requirements for Security of the Supply Chain to enable an organization to establish, implement, operate, monitor, review, maintain and improve a documented management system within the context of the organization’s overall security risks.

The general rational for organizations to adopt ISO 28000 pertains to:

• developing a security management system,
• internal compliance with objectives of a security management policy,
• external compliance with best practice benchmarks,
• Recognition through accreditation.
• Best practices in deployment of resources to mitigate security risks

Organization given the responsibility of ensuring the security of the supply lanes of their country and its associated ports are required by International Regulations to audit each of their ports on a periodic basis. Specific skills required for this auditing process must be provided to an adequate number of members of the organization in order to ensure the safety and security of the country’s Ports is maintained at the optimum levels at all times. As such they should have an adequate number of personnel trained and ready to meet this requirement.

Subject matter expertise in supply chain security is an essential part of keeping the homeland secure. The ISPS (International Ship & Port Security Code) only enables protection of the maritime assets (the ships and the ports). Upstream and downstream of the ports and ships remains a grey area. It is from here that the genesis of breaches in security takes place. It is therefore essential that the organization consider the risks and potential dangers by considering the security management of the supply chain in its entirety and beyond the maritime assets.

Going further and widening the sphere of responsibility for organization the following too needs to be considered by the TM (Top Management). ISO 9001:2008 provides the framework for ensuring efficiency and equates to the ISM (International Safety Management Code) in maritime terms. The ISO 9001 however does not cover the by-products of the processes and the pollution as also the dangers to the environment. Internally ISO 14001:2004 provides this guideline which in our maritime world is enforced based on MARPOL. 

Taking this further with the global security situation being as it is, the protection givers have to be prepared, aware and have all the tools they require. ISO 28000 provides this essential security management tool. The US initiative on C-TPAT is based on ISO 28000. Some 10,600 companies are compliant with C-TPAT. ISO 28000 is fast becoming the basis for managing security of the global supply chain.

Leadership Training by QMII to Teach Leaders of People and Processes as a System.

QMII has always brought value to our alumni and clients by looking at the system in its totality and how the investment in the system will affect the bottom line positively. The Top Management plays a very important part in this. Our leadership training is for leaders to lead the people and processes as a system. The Awareness Leaders Workshop (AWS) has stood the test of time and been valued by leaders as they implement the system approach.

Effective from February 2014, QMII is launching additional training in leadership. This training has been planned based on inputs received over the years from our alumni including several CEOs and Top Management (TM) representatives of organizations that we have worked with. We are not planning at present to teach managers to be leaders. This is being done in the next stage in a separate training package.

 This training is not for teaching leadership to managers. Teaching leadership to managers is a completely different course to what our training on leading people and processes as a system. That would be the next step. The next stage of our training will include at least these 13 traits and perhaps a few more. An introductory lecture will mention these 13 traits: Attitude, External Awareness,   Professionalism, Initiative, Creative Thinking, Stress Management, Interpersonal Skills, Communication, Influence, Diversity, Conflict Resolution, Teamwork and Adaptability. My idea (and I am open to more discussion and inputs) is not to teach these leadership traits aspects more formally to meet the objectives of leaders as they implement their management systems to impact the bottom line, right to cash in the bank.

The leadership training being offered will teach leaders of people and processes as a system. This way we will not be are in danger of insulting the leaders who already have many of these traits.  We just mention them. This training strengthens the leadership training in making objective decisions using the system approach and not being in danger of regurgitating old-school people management styles, including blame culture without regard for the leaders’ responsibility to provide constancy of purpose and a management system that helps follower to fulfill the purpose. And we all will appreciate that a room full of leaders with desirable traits and competent people is ineffective.    They both need to work as parts of a process-based management system that is focused on creating more successful customers.  

QMII is therefore providing leadership training with the approach to process based management system.  We are assuming that the leaders who come to this training know these traits or will study them elsewhere or attend another of our courses where we will teach these.

Monitoring and Measuring Customer Satisfaction

Monitoring and Measuring Customer Satisfaction is covered under Clause 8.2.1 of ISO 9001:2008:

8.2.1 Customer satisfaction

As one of the measurements of the performance of the quality management system, the organization shall monitor information relating to customer perception as to whether the organization has met customer requirements. The methods for obtaining and using this information shall be determined.

NOTE Monitoring customer perception can include obtaining input from sources such as customer satisfaction surveys, customer data on delivered product quality, user opinion surveys, lost business analysis, compliments, warranty claims and dealer reports.

The question asked to me by a colleague was  if then measuring and quantifying customer satisfaction was a requirement, was it good for an organization. My final conclusion and recommendation after in house discussion with John (our Senior VP) is that in simple terms ISO 9001 does not require the organization to quantify the satisfaction of customers. Clause 8.2.1 does require the organization to monitor information related to customer perception with regard to requirements being met. In system terms I would say that Customer Feedback is part of the Check segment in the PDCA cycle. A restaurant may measure customer satisfaction by how they feel or the size of their tips. …or late payment may indicate customer dissatisfaction. This qualitative measurement of customer perception as required by the standard need not be quantitative. The second question is whether it is good for the business? This is up to the organization in how the management uses the input in the P-D-C-A cycle, both at the check stage as an input and at the Act stage for making changes to the plan. We can not blindly rely on what customers say. "If I had asked people what they wanted, they would have said faster horses."- Henry Ford.

ISO 14001:2015 - Introduction to the expected changes

The revision process for the standards is common, and ISO 14001:2015 is undergoing similar scrutiny. The draft revisions will continue as per the process that ISO follows. The working group is expected to move toward a true consensus standard following up on comments and suggestions. This is expected to be finalized by end of 2015. The standard is then expected to be good till about 2025. These fundamental changes are going to be with us for a long time. So by September of 2015, both ISO 9001 and ISO 14001 will be available in the revised format.

  The ISO 14001:2004 lays the framework for organizations to manage environmental aspects effectively and ensure protection of the environment and prevent pollution. This internationally accepted standard is proof of an organization conforming to the EMS (environmental management system) principles. The existing standard has stood the test of time, but the changes envisaged now will ensure the revised standard continues to meet emerging and future requirements and expectations of stakeholders. This is a fundamental revision to the standard similar to what is being done for ISO 9001 and what has already been implemented in ISO 27001. This is expected to be followed perhaps to publish a new standard encompassing the current OHSAS and ANSI standards with a single occupational health and safety standard under the ISO framework with the HLS (High Level Structure). The revisions will impact both the structure of the standard and the contents. 

   

   Expected Changes. The revised standard not only will have many clauses further strengthened but the order of many in the standard will change to the new structure to align with the HLS prescribed in  Annex SL. Awareness, for example, will no longer be part of competence and training; instead it will be in a separate sub-clause. The standard will provide greater emphasis on improvement. Changes to the structure will address new requirements requiring the understanding of the organization and its context as also the needs and expectations of interested parties. New clauses will address external communication and reporting, value chain planning and control and continual improvement. 

   Annex SL. The revised standard will have structural changes aligned with the HLS provided in  ISO Guide 83/ Annex SL. The look and feel of ISO 14001:2015 is expected to be functional for the management system approach aligned to the approach in ISO 9001:2015 as applicable to quality, to ISO 27001 – information security and ISO 50001 – for energy. The integrated management system approach which has been tried all these years was a challenge similar to the side car attached to a motorcycle! With the guidelines of ISO Guide 83/ Annex SL better integration of organizations management strategies.

   Leadership. The emphasis on leadership will ensure environmental management is integral to overall management strategy, policy and business development. Considering the environmental requirements as integral to the business development and continuity will require an overall consideration. The leadership will be required to further consider: 

1. Evaluation and understanding of both external and internal context of the organization in relationship to the environment. Implying that not only must organizations consider the impact of activities on the environment (as with ISO 14001:2004) but also consider the impact of the environment on the organization’s activities. 
2. Organizations will need to consider the needs and impacts of interested parties, including their supply chains and end users. 
3. Enhanced leadership commitment to include expanding the pollution prevention commitment to cover sustainable resource use, climate change mitigation and adaptation and protection of the environment biodiversity and restoration of the natural habitat. 
4. There is expected emphasis on transparency in line with the Global Reporting Initiative (GRI) and the Social Responsibility aspects from ISO 26000 requiring reporting of environmental performance. 
5. Evaluating organizational risks and opportunities in the context of external environmental conditions as adapting to climate change and so on. 

In conclusion, please stay tuned for future articles on this subject. It is important for management to know what to expect from future audits and for auditors to understand that when ISO 14001:2015 is published, it will have a new structure and text aligned to the HLS as per ISO Guide 83/ Annex SL. It will address the recommendations from ISO “Future Challenges” study for the adoption of various approaches in the field of EMS. The revision to the standard is a fundamental change.