Should Auditors add value?

A lot of our customers, and as I teach students and QMII alumni, have asked me about auditors, particularly internal auditors, who are pressurized to do quick audits and preferably without too many NCs (Non Conformities). Then there are auditors who have opinions (!), some who have been auditing for many years and start thinking they have the best advice. So who is a good auditor? What is the correct role of an auditor?

Here is what I think.

I first like to refer our alumni to an article I wrote some years back on “embracing audits and not fearing them”:

If auditors could improve a system then Enron would still be around. It is the management that improves the system. Their dependence on auditors weakens the system. A weak management needs advice! Managements including Top Management should be challenging the auditors against requirements and appreciating the inputs to be used in the P-D-C-A (Plan-Do-Check-Act) cycle and playing their part at the A-act stage to review the system (refer clauses under ISO 9001:2008 5). Once this fundamental is clear this conflict between auditors and managements (Auditee) will not remain significant.

Nowhere in ISO 9001:2008 does the standard ask the auditors to focus on non-conformities (NCs) Clause 8.2.2 urges auditors to look for conformity. So the intent of an auditor should be to look for conformity (unlike inspectors who go seeking non conformity). "The only bad NC is the one you do not know about - IJ Arora", so if while looking for conformity they do find a NC both the auditor and auditee (as also the audit client) should be delighted and use the input to do correction and CA (Corrective Actions). 

Of course the fundamental requirement is that the NC be based on a requirement being shown clearly by objective evidence to have not been met. A well written NC is worth its weight in gold. It is the starting point for correction, drives CA and when closed provides valuable data points, leading to data which the managements must convert into information which when analyzed enables PA (preventive Action) and as we look ahead to ISO 9001:2015, it will replace the PA and provide the input for risk assessment at the P stage of the P-D-C-A cycle. 

If only the auditors would stop trying to replace the managements, stop adding value to audits by giving advice, both the auditors and the managements would be better off.