I received a phone
call from an ex-student, wherein she as an auditor wanted to add value by using
her experience and expertise in advising the management on how they should
improve the system.
I asked her if she
had found any NCs (Non Conformities) during the audit. She said not really but
she had recommendations to make based on her experience. My response to her was
to please consider that auditors and managements have distinctly different
roles. Though both performing their due diligence correctly will eventually
benefit the management system/ the organization. It is when auditors want to
add value and virtually impose their will, ideas,make recommendations or look for a reflection of their ideas that the seed of management failure
occurs. Auditors are SME (Subject Matter Experts) in auditing, the standard(s)
and the process approach etc.
We must respect the organization by
agreeing that the managements are the SME in their business and specialty and
in meeting customer requirements and ensuring the service and goods (products)
are delivered to meet requirements. If they do not meet the requirements, the
greatest service we do as auditors is to provide a
correctly written NC. It is for the management to follow up on the
NC and carry out RCA (Root
Cause Analysis).
Is she not obliged to assist in RCA and problem solving as an auditor? My
response is that RCA and problem
solving starts when auditors leave. Of course there may be occasions when
as internal auditors you perhaps wear two hats; a challenging situation. Yet
with a little maturity it can be ensured that the two roles are not mixed.
Verification which follows the implementation of the RCA results, does indeed, need a little "research", but might I
suggest, not of what you as an auditor expect, but of what is acceptable to the organization.
I further advised my readers to consider that by giving advice are you
taking on the management's
role? From my experience, whenever auditors do that, they slowly kill the
management. Often the first step in that death of an organization is that the
management just does what the auditors recommend/advice, forgetting their role at the
Act stage of the P-D-C-A cycle in terms of Management Review (MR) clause 5.6 of
ISO 9001. Please always remember the role of the auditors in the 'murder' of Enron.
Yes with your consultant's hat, it is acceptable. I agree. After all the
managements use consultants, not auditors, for advice.
