Skip to main content

What Will The ISO Auditor Ask?

It seems that, since Third Party Certification became an option to demonstrate compliance to a standard such as ISO 9001, ISO 14001 etc., it's been common for organizations to try and determine what a Certification Body (aka "Registrar) will ask during their audits. As a consultant, I've been asked many many times, "What will the auditor ask for?" or "How will they interpret this requirement?"

The simple - but unhelpful - answer is: "Who knows?"

The fact is, each auditor has their own unique approach to the auditing process, so it's very difficult to predict what any individual is going to ask about the management system.

It has been common, since Certification audits began, to prepare employees to answer a Certification auditor's questions. This preparation might include strict instructions:

  • Answer only the question you're asked
  • Don't elaborate
  • Don't try to answer if you don't understand the question
  • Don't give your opinion
  • If you don't know, refer the auditor to your supervisor
These "rules of engagement with the auditor" are often seen at work stations, posted in office cubes and so on. In a previous career as a Certification Auditor, I can tell you that when this approach is adopted, it can make employees overly anxious and nervous - and frankly - a good auditor will be totally able to overcome this apparent "stone-walling". In many cases, it can bring down what could have been an effective audit because communication becomes ineffective. It really is playing games, whether it's understood that way or not. And even the best of auditors will struggle to keep a smile on their face. Let's face it, this is not supposed to be an interrogation where the Geneva Convention rules apply: "Name, rank and serial number..."

A far better way to answer the imponderable question "What will they ask" and avoid any negativeness from a Certification auditor, by "stonewalling", is to do the following:

  • Take control of the audit, take the auditor to a person to...
  • Have people explain what they do, then
  • Have them demonstrate how they do it
  • Describe how the process is controlled through any applicable documents
  • Explain what they do when things might go wrong (if applicable)
  • What records are generated (if applicable)
  • If the process is performing as planned to the established goals (if applicable)
  • Their contribution to customer satisfaction and improvements
I'm not a big fan of people being able to whip out a card and recite the quality policy - it's often trite and meaningless (the policy, I mean) so what does it prove?

By taking control of the audit in this manner, the outcome of the audit will become more predictable, the auditor doesn't get to ask (obviously) dumb questions, it makes it easier for them to just audit (which is, after all, a listening activity for which they need to remain silent). As a result, the auditor gets a good feeling that this isn't going to be "one of those audits", where people don't answer freely. This automatically raises the auditor's perception in a positive way. They are able to listen, take vital notes and the pressure to be thinking of the "next question" become less of a burden.

In fact, it's less to do with "passing the audit" and more about the organization actually confirming that it has competent people, who know how to control their processes, what to do when something unplanned happens and so on - vitally important to any organization, whether they are going for ISO Certification or not. Every manager and supervisor should have confidence that their employees know their stuff!

I'd suggest that if your organization has prepared for a Certification audit, that you seriously rethink why you are doing it at all. You are probably avoiding a real issue - that of demonstrating leadership and confidence in your process controls. Imagine if a customer was hearing your people answer "just the question asked", instead of confidently describing what's done, why and how it meets their needs. I know which I'd be more impressed with, in all three roles - auditor, manager and customer.


Popular posts from this blog


Welcome to the "ISO Myth Busters" Blog!

With over 30 years of Quality Management System's experience, I enjoy sharing my knowledge with those who are seeking answers or a better way to implement ISO 9001 requirements. For too long, there have been myths and legends about how to implement a variety of requirements from the International Standard.
These myths and legends often come from the need to pass an ISO Certification audit and as a result, people get the wrong ideas about what implementing an ISO 9001-compliant Quality Management System is truly about.

In this blog, we'll cover such diverse issues as the myths surrounding document control, measuring equipment calibration, management review and internal auditing. We'll also take a look at the role of the Certification Body/Registrar and what to consider if you're looking for one to work with.
I hope you'll find the posts to be helpful. Let's make a start on busting the first myth:-
ISO 9000 Means '…

People Got Talent!

Competency is all around us. It pervades our lives. We see competency on t.v, - for example “America’s Got Talent” – talented people, regardless of their age, gender or social background. performing all manner of stage acts that wow the show’s judges and viewers. “How did they do that?”, we often ask ourselves…
ISO 9001 includes a requirement for an organization’s people, involved in the Quality Management System, to be competent in their work responsibilities. The normative reference (vocabulary) document, ISO 9000, defines competence as “the demonstrated ability to apply skills and knowledge”. Those t.v show contestants could certainly demonstrate skills and knowledge, but how did they become so competent? They weren’t likely to be born with some “gift”, therefore, their performance is most likely to have been the result of combination of factors…
Practice, Practice, Practice…
Zig Ziglar is credited with this: “Repetition is the mother of learning, the father of action, which makes it …

WTH? A Useful Quality Manual?

One of the first things which comes to peoples’ minds when describing Quality Management Systems and “ISO 9000” is documentation, which often includes a Quality Manual. The background to Quality Management Systems started with (big) procurement organizations such as government agencies and Fortune 500 companies making Quality Systems a contractual requirement. Frequently, these requirements included the need for a document, which was often called a “Quality Manual”, a “Quality Plan” or similar. These were used, by a supplier, to describe the approach to be used to fulfil the contract requirements and assure the quality of the deliverables.
Today, a hall mark of ISO 9001 Quality Management Systems documentation is a Quality Manual – one has been a requirement of the International Standard since 1987. Manuals produced by many organizations emulate the format and content of the ISO 9001:2008 clauses (4 through 8) to the extent that the words “The organization shall” have simply been repla…