Full Issue

Vol. 5, No.
July-August 2005
When Results Count. ISO Standards.
IMS
ISO Management Systems

ISSN 1680-8096
Auditing
ISO 9001 at the sharp end ISO 22000 update QMS and products ISO 14001 survey in GB and China
Services in Singapore
Get me the money !

ISO Management Systems July-August 2005 1
ISO/IEC 17025:2005. The international accreditation standard for competent laboratories.
Confidence in the competence of laboratories is frequently needed by businesses when testing new products, or ensuring that finished products are fit for sale by government regulators and trade ofcials who require assurance about domestic or imported products before they can be placed on the market by consumers and users of products who need assurance about the quality and reliability of testing and analysis relating to environmental, health or safety hazards.
Competent laboratories operate to International Standards. Competent laboratories operate to ISO/IEC 17025:2005.
Available from ISO national member institutes (listed with contact details on the ISO Web site : www.iso.org) and from the ISO Central Secretariat Web store at www.iso.org or by e-mail at sales@iso.org.
by Roger Frost
EDITORIAL
How quality information helped save police officers life
aturally, most readers of ISO Management Systems would pay close attention if they met someone who had been shot and wounded three times by a gunman and who said he believed that if not for ISO 9001:2000, the encounter could have been fatal. In fact, readers who have been with us since May-June 2004 do know such a person. Matt Morgan was one of the officers of the Phoenix Police Department (PPD), Arizona, USA, who posed for the front cover photograph, illustrating the ISO 9001:2000 implementation case study by the PPDs Records & Idenification Bureau. One of the points made in that article, contributed by the PPDs ISO 9000 Management Representative, Dave Amari, was that if the information products and services of a unit like the R&I Bureau are not up to standard, the consequences for police officers and the communities they serve are potentially devastating . Just a few months later, Officer Morgan found himself providing a dramatic example.
Therefore, Matt Morgan contacted his radio dispatcher to ensure that back-up was on the way before proceeding with maximum vigilance to stop the suspect vehicle. He recalls, The information I received on my patrol car computer basically alerted me to be ready for anything and anything is what happened ! As the two cars came to a halt, the suspect suddenly exited and immediately opened fire. In the exchange of gunfire, Officer Morgan was hit three times, but managed to disable his attacker. The wounded police officer, with the assistance of a courageous citizen, kept the suspect covered until fellow officers arrived in response to his call for back-up. Matt Morgan declares, If I had not received the correct information, I might have treated the situation differently and it could have easily resulted in my death. My situation was by no means extraordinary as officers across the United States face situations such as mine on a regular basis. We depend on accurate information about subjects that we contact on the streets, or due to a call for service. The ISO 9001:2000 quality management system implemented by the PPDs Records & Information Bureau helped to ensure that timely and accurate information was supplied to Officer Morgan and that information was one of the factors that he affirms helped save his life. Let us not overstate the case. Matt Morgan also owes his life to the protection afforded by his ballistic vest, to the emphasis during his basic training on safety, to his respecting procedures for affronting a potentially dangerous situation while the intervention of a citizen by the name of Cipriano C.J. Garcia reminds us that the man or woman we pass in the street without a second glance could prove to be a hero only seconds later.
Fortunately if it is possible to describe such an incident in this way the example was a positive one. The system worked, as Matt Morgan testifies in the Viewpoint column of this issue (pp. 5 - 8). Although he was seriously wounded, the incident could have been not dramatic, but tragic and Officer Morgan could have been a fatality among the statistics of law enforcement officers who pay a price for going in harms way to protect fellow citizens.
The ISO 9001:2000 QMS helped to ensure that timely and accurate information was supplied to Officer Morgan
This is what happened. Officer Morgan was on patrol when he decided to check a vehicle and its driver. Before doing so, he followed procedures by checking the vehicles licence plate via the Mobile Data Terminal in his patrol car. The information came back that the licence plate was ficticious, which could indicate a number of scenarios, from a citizen trying to evade paying vehicle tax, to use of the car by a criminal.
At the same time, let us not understate the case. As Officer Morgans story illustrates quality counts. Quality can even be a matter of life or death. And what of Matt Morgan himself ? The latest news that he gave ISO Management Systems was My recovery is still progressing and I am probably only 4-6 weeks away from jogging !
What sort of manager are you ? Type A or Type B ? AB
Option A I take the strategic view. My goal is sustainable business without polluting or depleting the environment. I save money by cutting waste and making efficient use of resources. I respect the environmental concerns of customers, shareholders, employees, regulators, local communities, and society as a whole.
Option B Im focused on my own short-term goals. The future can take care of itself. Waste, finite resources and the environment are someone elses problem. Good corporate citizenship is just window dressing.
If you ticked Option A, then running a business that meets the requirements for sustainable development is your objective. ISO has a road map to get you there :
ISO 14001:2004, Environmental management systems Specification with guidance for use. ISO 14004:2004, Environmental management systems General guidelines on principles,systems and supporting techniques.
Newly revised Globally relevant Even clearer Still more compatible with ISO 9001:2000
For A class managers !
Available from ISOs national member institutes (listed with contact details on the ISO Web site : www.iso.org) and ISO Central Secretariat (Web store + sales@iso.org).
CONTENTS
VIEWPOINT
Wounded police officers perspective on ISO 9001:2000
In Spring 2004 in Arizona, USA, Matt Morgan was one of the police officers that posed for the cover photo of ISO Management Systems to illustrate an article on the ISO 9001:2000 implementation by the Records and Identification Bureau of Phoenix Police Department. In Autumn 2004, Matt Morgan was shot and wounded in the line of duty. It is worth paying attention to his viewpoint on ISO 9001:2000.
SPECIAL REPORT
ISO MANAGEMENT SYSTEMS is published six times a year by the Central Secretariat of ISO (International Organization for Standardization) and is available in English, French and Spanish editions.
Publisher : ISO Central Secretariat, 1, rue de Varemb, Case postale 56, CH-1211 Geneva 20, Switzerland. Tel. + 41 22 749 01 11. Fax + 41 22 733 34 30. E-mail central@iso.org Web www.iso.org Editor in Chief : Roger Frost. Contributing Editor : Garry Lambert. Artwork : Pascal Krieger, Pierre Granier. A one-year subscription (six issues) to ISO MANAGEMENT SYSTEMS costs 128 Swiss francs. Subscription enquiries : Sonia Rosas-Friot, ISO Central Secretariat. Tel. + 41 22 749 03 36. Fax + 41 22 749 09 47. E-mail sales@iso.org Advertising enquiries : SOGI Communication, 103, rue La Fayette, 75481 Paris cedex 10, France. Contact : Martin de Halleux. Tel. + 33 (0)1 42 81 94 00. E-mail halleux@qualite-references.com and ISO Central Secretariat, Case postale 56, CH-1211 Geneva 20, Switzerland. Contact : Ms. Gisela Helberling. Tel. + 41 22 749 02 58. E-mail helberling@iso.org
Management take control of your audit process !

What is the fundamental purpose of auditing ? According to author of this article, it is to provide managers with information to assist them to make business decisions . He argues that senior management need to be firmly in the driving seat of the internal audit process.
Auditing
Good practice for establishing the competence of certification body auditors Effective accreditation is essential for audit competence US adds guidance to ISO 19011 for internal and client audits, plus SMEs ISO 9001:2000 auditing kit extended to best accreditation audit practices
ISO INSIDER
28
ISO 22000 standard for safe food supply chains Get me the money ! How quality management systems can yield financial and economic benefits Guidance on the role of QMS in product certification New edition of influential ISO/IEC standard on competence of laboratories
INTERNATIONAL
Survey compares ISO 14001 experience in United Kingdom and China
Nothing beats the test of experience. A recent survey compares the experience of ISO 14001 users and non-users in the United Kingdom and in China. Its author concludes that ISO 14001 can help an organization make real progress towards sustainable development.
35
Overcoming language and literacy barriers to ISO 9001:2000 implementation

ISO 9001:2000 quality management systems are documented. What happens when the organizations work force is semi-literate ?
Santander Serfin takes ISO 14001 lead in Mexican banking sector

Mexican bank Santander Serfin has taken the lead in its sector, responding to top-of-theagenda governmental and public concerns about the environment by becoming the first banking institution in the country to implement ISO 14001.
ISO, July-August 2005.

The views expressed in ISO MANAGEMENT SYSTEMS are those of the authors. The advertising of products, services, events or training courses in this publication does not imply their approval by ISO. Cover photo: ISO
STANDARDS FOR SERVICES

SPRINGs harvest of standards for Singapores service economy
44
With the service sector contributing 62 % of Singapores gross domestic product (GDP) and 77 % of employment, the Singapore Government places great emphasis on the development of standards for services.
NEXT ISSUE
48
in on 005 i icatber 2 l Pubtem Se p
Failures in food safety can be dangerous and cost you plenty !
Make sure there are no weak links in the food supply chain... Get the security of ISO 22000, Food safety management systems !
For a free foretaste, see our press release on ISO Web site : http://www.iso.org/iso/en/commcentre/pressreleases/2005/Ref959.html ISO 22000 standard for safe food supply chains
VIEWPOINT
Seen from the front line

Viewpoints and ISO 9001:2000 implementation case studies are usually contributed by top or middle managers. The perspective of front line staff is rarely given directly. Matt Morgan is very much in the front line.
In Spring 2004 in Arizona, USA, he was one of the police ofcers who posed for the photograph used on the cover of ISO Management Systems to illustrate an article on the ISO 9001:2000 implementation by the Records and Identification Bureau of Phoenix Police Department *.
line of duty. It is worth paying attention to his viewpoint on ISO 9001:2000.

* See Phoenix Police Department counts on ISO 9001:2000 24/7, ISO Management Systems, MayJune 2004. Contact : David M. Amari, ISO 9000 Management Representative, Phoenix Police Department. E-mail david.amari@phoenix.gov Web www.phoenix.gov
Dean Oestreich
In Autumn 2004, Matt Morgan was shot and wounded in the
Wounded police officers perspective on ISO 9001:2000

by Matt Morgan
When I was asked to pose for the cover of a magazine I replied, Sure, but it will be on the clock right ? My next question of course was, What publication is it, and how famous will I be ? I was told the May-June issue 2004 of ISO Management Systems. No one had a comment on the level of fame.
Officer Matt Morgan, of the Phoenix Police Department, Arizona, USA, was shot and wounded three times when he proceeded to investigate a suspicious car and driver. He says that without the timely and accurate information he received prior to this intervention, the consequences could have been fatal. Matt Morgan affirms that the improvements in providing such information achieved by ISO 9001:2000 can be a life saver for law enforcement officers.
The ISO 9000 philosophy has, and will continue to save my life, and the lives of my fellow officers across the country
As a patrol officer with the Phoenix Police Department in Phoenix, Arizona in the United States I had seen and heard a lot of things, but ISO 9001:2000 was not one of them. It was explained to me in laymans terms by Dave Amari, of our Records and Identification Bureau, and ISO guru that it is a system that assists organizations in developing best
Officer Morgan with courageous citizen Cipriano C.J Garcia who provided assistance to the wounded policeman. He approached Matt Morgans assailant, who was lying wounded after an exchange of fire, and kicked his weapon towards the officer. He then reloaded Officer Morgans own pistol so that the latter could keep the suspect covered until police officers arrived in support.
business practices in an effort to consistently determine and meet customer needs. Our police department would be the first in the United States to implement a quality management system. Overall, I didnt understand what ISO 9001:2000 meant to me as a patrol officer on the street. It sounded like a good thing for our Records and Identification Bureau, but it didnt
VIEWPOINT
Mobile information before an intervention, officers use a mobile data terminal for information vital to the way they will intervene.
My day depends on the correct entering of information such as names, date of birth, address, physical description, 6-7 digit license plates, and 17 digit Vehicle Identification Numbers or VINs. This includes catching the mistakes of others and correcting them quickly. In addition to those basic ways to identify a vehicle or person, there is also the information about that person or vehicle. An example of this would be the mental condition of the subject, his/her violent tendencies, and whether or not they are known to carry a gun. Also, important information about a vehicle may include whether it is stolen, recent-
Important information about a vehicle may include whether it is stolen, recently used in a violent crime, or may contain a dangerous suspect
ly used in a violent crime, or may contain a dangerous suspect known to drive the vehicle. That information completely changes the way I physically approach a vehicle. It can range from wary and polite, to forceful with my gun drawn.
Dangerous situations
I should preface the preceding paragraph with the fact that the traffic stop is one of the most dangerous situations a police officer can encounter while on patrol. I know this at first hand as I was shot three times during a routine traffic stop. In reality, there is no routine trafc stop as one never knows what may happen on approach to a vehicle. That is why accurate information is critical to give law enforcement every advantage over the bad guys . In my situation, I checked, or ran , a license plate on my Mobile Data Terminal in my patrol car. When the information came back to me, I discovered that the license plate was fictitious, or in other words did not belong on the vehicle that I was stopping. This tells me many things, such as that it could be a person
Photo credits
seem like it would affect me in any way. This results from the Records and Identification Bureau, or R&I, striving to be accurate, complete, and timely in everything they do. Without the accuracy, I would perform a traffic stop on a vehicle, check the license plate on the computer, and approach the driver not knowing if I have stopped a little old lady or a dangerous criminal in a stolen vehicle. The photos illustrating this Viewpoint were staged by the members of Officer Matt Morgans squad, Phoenix Police Department (PPD), Arizona, to illustrate the types of situation that police officers may be faced with when checking vehicles and their drivers. They also show the information interface, examination of data and report writing to which ISO 9001:2000 can add value. The photos were taken by Kevin DeNomie, of the PPD.
Saves lives
I couldnt have been more wrong. Not only is the ISO 9000 philosophy important to many of my daily tasks, it probably has, and will continue to save my life, and the lives of my fellow officers across the country.
6 ISO Management Systems July-August 2005
VIEWPOINT Model for law enforcement agencies

The Phoenix Police Departments Records and Identification Bureau believes itself to have become the first law enforcement agency in the United States to achieve ISO 9001:2000 certification. In preparing for the certification, the bureau found 440 ways to improve efficiency, while one section of the Crime Lab found 134 procedures to improve upon. Since then, the department has expanded the application of the ISO 9000:2000 Quality Management Principles to the Investigations Division, Property (Evidence) Management Bureau, and additional sections of the Laboratory Services (Crime Lab) Bureau. In addition, the Phoenix Police Department has become a model which other agencies across the United States are inspired to emulate.
trying to avoid paying registration fees by using a plate from another car they own, or it could be a stolen license plate, or it could possibly be a stolen car as criminals will switch plates from other vehicles hoping no one will notice and place them on the one that they had stolen in hopes of avoiding the police. I let my radio dispatcher know about the situation which meant that back-up would be on the way. The information I received on my patrol car computer basically alerted me to be ready for anything and anything is what happened ! The driver of the vehicle immediately exited his car as we stopped our vehicles. He was holding a gun and fired at me. I returned fire, and was able to disable the suspect enough to
If I had not received the correct information, I might have treated the situation differently and it could have easily resulted in my death.
and they could face dangerous criminals from our state in their hometown. In the United States, every person is guaranteed a fair and speedy trial. What underlies this is that getting to that fair and speedy trial can take months, or even years. Most cases arent solved in a matter of a few days, and the suspects are never as cooperative as they are on television. Investigative management is an important part of law enforcement. Cases are delayed when information and physical evidence are not readily availa-
The traffic stop is one of the most dangerous situations a police officer can encounter
My situation was by no means extraordinary as officers across the United States face situations such as mine on a regular basis. We depend on accu-
rate information about subjects that we contact on the streets, or due to a call for service. We need to know if the particular individual whom we are contacting has a felony (serious crime) warrant, violent tendencies, or is mentally unstable or disabled. As mentioned earlier, the information affects officers across the nation as certain information is inputted into a national database
ble, or cannot easily be processed. Further delay occurs when the crime labs cannot keep up with the workload because operating procedures are creating a backlog of evidence to be analyzed.
save myself, and with the help of a courageous citizen named C.J. Garcia, we kept the suspect covered until he was taken into custody.
A crime lab criminalist examines firearm data. (Above right) When a serious traffic offence occurs, police procedures require a felony stop .
Every aspect
ISO 9001:2000 can be applied to every aspect of criminology, from securing the crime scene
VIEWPOINT
ling the suspect that had just fled from the home he was burglarizing and we were trained to do so. I have done all of those things and more, but none of us pictured the hours of paperwork and booking procedures that follow the three or four minutes of an adrenaline rush. This is where standardization of forms, procedures, and report entry can save time, money and lives as police officers will be back on the streets faster after the arrest. It is not unusual for an officer to be tied up after an arrest for four hours or more to book the prisoner into jail and create the necessary reports. Accuracy and speed of information entry and dissemination not only affect the safety of the police using it, but facilitates more rapid investi-
gations that will take dangerous persons off of the street before they can continue to victimize citizens. Safety is the first thing a police academy recruit is taught both physical and mental aspects. The ISO 9001:2000 standard and our organization being registered to it play a vital role in how we assess situations and develop ways to approach every situation with the accurate information given to us.
to the conviction in court, using process mapping to develop the most efficient procedures to solve a crime. Regardless of which crime-solving procedure is being developed, the quality records that document police activity for future reference continue to be associated with paperwork.
Matt Morgan (third from left) and his fellow officers of the Phoenix Police Departments 41Z Squad.
ISO 9001:2000 can be applied to every aspect of criminology

Law enforcement is a rewarding job with many benefits, and providing officers with every advantage they can have over the bad guys will help us go home to our families every day.
On the road to recovery

I grew up in the state of Missouri writes Matt Morgan, and received a Masters degree in Education before moving to Arizona and joining the Phoenix Police Department and receiving my commission in March of 2001. Regarding his injuries, he said : I recovered at home for approximately five months, and I am currently assigned to light duty (desk work) status within my detail 41Z squad in the South Mountain Precinct where we are assigned to patrol City Housing and the homeless shelter areas. I should make a full recovery within one year of sustaining the injuries.
If I had not received the correct information, I might have treated the situation differently and it could have easily resulted in my death.
Paperwork is a necessary evil for a patrol officer. Most of us signed up to catch the bad guys and put them in jail. In the police academy, we all pictured ourselves chasing a suspect on foot through a busy street, following a stolen car in a vehicle pursuit, or tack-
Arresting criminals is the most visible aspect of police work in addition, officers can spend considerable time on the associated paperwork.
SPECIAL REPORT
Management take control of your audit process !

What is the fundamental purpose of auditing? According to this author, it is to provide managers with information to assist them to make business decisions. He argues that internal auditing will only generate significant benefits to the organization if senior management are firmly in the driving seat of the audit process.
Auditing is recognized today as an extremely powerful technique that may be used by managers alongside other techniques to ensure adequacy of operations and assist in the achievement of objectives. Auditing is no longer conned to financial operations, in relation to which it is an accepted and respected practice for which the need is well understood and demanded in senior management circles.
by Nigel Bauer
Nigel Bauer has over 25 years of practical management systems and audit experience gained initially in major high technology industries, and over the last 15 years as an independent advisor and trainer to a diverse range of manufacturing and service sector organizations, in both public and private sectors. Based in the United Kingdom, Nigel Bauer and Associates operates internationally providing a range of consultancy and training services to a broad range of clients, including regulatory agencies, directly and through partner organizations located throughout the world.
E-mail nigel@nigelbauer.co.uk Web www.nigelbauer.co.uk
The audit process should be designed such that it fully serves the needs of management
With the explosion of interest throughout the world in quality improvement, auditing has received much attention as a means of ensuring that plans and systems for the achievement of customer satisfaction are being followed and are fully effective. In addition, the increasing legal requirements that must be met by organizations and individuals
SPECIAL REPORT
has resulted in the setting up of regulatory authorities that need to establish if such legal obligations are being met. The approach adopted to gain this information is to use audit techniques, basically similar to those adopted by those with an interest in quality improvement. There is therefore a need to ensure that when auditing is required, for whatever purpose, those delegated the task are adequately equipped by way of training in the tools and techniques necessary to perform audits in a fully satisfactory manner. Audits need to be conducted efficiently and effectively to gain information in the least disruptive manner to those subjected to audit activity. It is also necessary to ensure that those who are to undertake such a task are the right type of person capable of seeking out the information in a manner that is fully acceptable to those under scrutiny, without causing antagonism or ill feeling, and fostering a culture of partnership and no blame . The audit process should be designed such that it fully serves the needs of management and not the self-interest of auditors or quality functions who are trying to justify their existence by shrouding the process in mystique, bureaucracy and strictly enforced adherence to so-called management system requirements. I have been involved in the provision of advisory and training services for many years in a large number, diversity and sizes of organizations,
including regulatory auditing organizations. Throughout this time, I have been able to observe problems and difficulties that are being experienced by organizations in the putting in place of fully effective auditing activities. The following are just some of these observations relating to internal auditing, together with some identified factors for success.
the auditors then demand that these should be corrected, root causes determined and often within specific timeframes to satisfy the system ! The current trend for auditors to attempt to overcome the negative connotations of auditing by attempting to emulate business consultants and possibly to justify their existence by identifying so-called opportunities for improvement is not helping to overcome some fundamental failings of the audit regime. Basically, anyone can spend a short time in an organization and suggest opportunities for improvement. However, the value of these when compared to other issues facing the organization and requiring managerial attention is often questionable.
er themselves as an expert or higher authority and quickly become imbued with their own self-importance.
Opinions
It should be remembered at all times that managers manage and that auditors audit at the request and on behalf of management. If opinions are sought, they may be freely given, but it should not be regarded as an integral part of auditing that auditors express their opinions and demand actions of managers. If managers require opinions and identification of good/bad practices or opportunities for improvement, then this must be communicated clearly to the auditors together with the form of reporting to be adopted. The majority of audits undertaken in professional organizations reveals little by way of earth-shattering news for the business world, but merely indicate the level of noise in the organization, which may actually be tolerable to senior management and worth little attention in the overall scheme of things. Putting audit results into perspective is thus very necessary if an organization is to avoid tying itself up in knots constantly responding to trivial audit findings although it must be recognized that trend analysis could reveal something of value in this noise . It is not the job of the auditors to make decisions regarding the importance of audit findings. However, it is the task
An end in itself
Auditing does appear to be pursued as an end in itself, with many organizations employing auditors who assume that they know what to do and get on and do it in such a manner that the organizations systems are maintained and improved. However, the fact that the auditors are often left to get on with the job with senior management taking little or no interest, let alone becoming involved with the process themselves, is worrying and indicative of a lack of understanding of the true purpose of auditing and how it and the auditors should be managed. The mystique, misunderstandings and preconceptions relating to auditing are rife and it is hardly surprising, therefore, to find that in the majority of organizations, auditing is viewed as a necessary evil to maintain certification. The auditors themselves are viewed as strange, pedantic and often uncontrollable beasts who demand and dictate. In particular, when so-called nonconformities are found,
True auditing is aimed at providing independent and unbiased factual data not expressing opinions
Yes, the value of an external and independent viewpoint may be beneficial, but this is the job of professional advisors. True auditing is aimed at providing independent and unbiased factual data, not expressing opinions. Opinions expressed by those who then demand that attention be paid to such opinions, and formal responses provided, can cause great disruption and damage in an organization. To make matters worse, such auditors begin to consid-
SPECIAL REPORT
of management to take the audit information, to understand the implications of the findings, and to use the information as an additional input to their general management information systems. Th e f o l l o w i n g e x a m p l e s, although not company specific, summarize what has been observed over the years in a number of organizations, and highlight some of the factors that contribute to successful auditing.
The managers began to realize that they should be involved in steering the audits to serve their needs rather than simply accepting a constant stream of routine audits and responding to the often insignificant issues raised. The retrained auditors and quality managers began to undertake audits in a much more planned and systematic manner, responding to the needs of senior and middle management by focusing the audits on operational aspects that management had concerns over. Audits of overseas operations were directed to areas of greater perceived risk, and audits of suppliers and contractors became more focused on specific and relevant operational activities. The audit reporting become more factual and objective and the results were viewed by management as much more relevant, helpful and adding value to their operations. There was a quantum leap in the respect for and perceived usefulness of the auditors. Audit issues raised at management meetings were welcomed and actively discussed and where necessary, process improvements made. The auditors felt valued and eventually it was agreed that this professional audit team was far surpassing the benefits of third-party auditing and so subsequently, third-party certification was discontinued. Key points : Competent auditors, effective management of the audit process, management involvement.
Example B: how management puts little in...and gets little out

The second example is of a large organization providing a range of products and services. Separate divisions of the organization are responsible for their own local quality management system with each being independently certified to ISO 9001. The organization had a history of quality related complaints and investigations into its product and service delivery activities, with the consequence that there had been several quality initiatives resulting in large numbers of staff being trained, both in management systems and auditing techniques.
Example A: how managements attitude to internal auditing evolved from scorn to respect
The first example concerns a very large, internationally active organization that undertakes engineering work to exacting standards and must be able to demonstrate full control of its operational processes. This organization was certified for a number of years to ISO 9001, mainly due to the need to satisfy potential customers that it had an effective quality management system and so attract new business. The quality function comprised a relatively large number of technically competent staff, many of whom were required to undertake routine audits throughout the organization, including overseas operations, and of key suppliers of products and services. The audit team was not particularly well respected, had not been provided with appropriate audit training and conse-
quently provided audit reports that were often contested due to its members expressing opinions, rather than providing objective and factual data. The audits themselves were nonspecific in what was verified, this being left to the whims of the auditors, or they simply went over the old ground of previously reported findings. In addition, a third-party auditing organization undertook wide-ranging audits across the international operations and charged very high annual fees for what, in managements opinion, simply caused disruption and resulted in changed priorities due to the need to respond to the audit ndings, many of which were considered to be of little consequence to the business. Comprehensive auditor and audit management training was provided to selected members of the quality function. Senior and middle management of the operational areas were provided with awareness training to improve their understanding of the audit process and to inform them that they were the customers of the audit process.
Auditors are often left to get on with the job with senior management taking little or no interest
Major and dramatic improvements have been made and the organization is now well respected and a benchmark to other similar organizations. However, there remain problems in the effectiveness of internal audits with the consequence that there is a heavy reliance on third-party auditing. Managers, in spite of repeated attempts at encouraging participation, are either disinclined to become too involved with the management of the internal audit process and do not select appropriate staff to undertake
SPECIAL REPORT
the audits. Instead they choose to use junior and/or inexperienced staff to undertake audits, mostly on a part-time basis additional to their normal jobs. There is a central coordinating function which attempts to ensure that effective auditor training is provided. However, with a very limited budget, this function is unable to run other than basic auditor training which, coupled with willing but inexperienced auditors, results in relatively ineffective auditing, and certainly not to the standard of the third-party organizations.
In reality, many of those trained failed to develop the necessary skills during the training process, or undertook insufficient audits to develop their skills in the working environment and were rarely able to carry out audits that revealed other than trivia. Consequently, management were not impressed with the results, were rarely challenged by the auditors and had little regard or enthusiasm for the audit process or the auditors. Key points: inappropriate and part-time audit staff, lack of management understanding of and involvement with the audit process, inappropriate auditor training.
themselves, or held a senior management position ! Competence and ability Many of those who are required to undertake audits, through no fault of their own, may simply not be cut out for this difficult and often thankless task. They may be too junior in the organization, or they may not be able to stand up to the rigors of dealing with the type of people encountered when auditing.
for the development of auditing skills. Unfortunately, due to the largescale ignorance in the market place, it is often felt that for internal auditors, a two-day training course is sufficient, whilst for those who wish to progress a little higher up the scale, a five-day Lead Auditor training course will turn them into auditor graduates. Although such training courses provide a useful foundation for auditors, they should not be the only training that aspiring auditors receive. There is a need to supplement this initial training with a programme of auditing skills development over a period of time and suited to the individuals concerned. I have found custom-designed and flexible in-company training focusing on skills development to be the most effective approach to auditor training. Trainees respond well when taken through an auditor training process that provides them with the opportunity to develop their skills over a period of time in real working environments Effective management of the audit process ...by top management Unfortunately, senior management are very rarely involved in the planning of audit programmes, and hence do not participate in the determination of what is to be audited, how often and against which requirements. In the majority of organizations, senior management and the audit process have
People generally do not like being audited

People generally do not like being audited, they may often be rude, or just plain difficult for the auditor to deal with. The mental processing required when planning, reporting and particularly when conducting an audit is exacting and tiring, and some people will simply not be up to the job. It is also necessary for auditors to be able to write comprehensive reports to communicate meaningful information to management. This is another problematic area for many auditors, who do not seem to possess this important ability. Appropriate training The lack of appropriate training is a very significant failing. In many organizations, there has been an over reliance on the so-called certified auditor training courses which, whilst providing baseline auditor training, cannot possibly provide sufficient time
The majority of audits merely indicate the level of noise in the organization
The training provided to the auditors was inappropriate due to the desire of all to use internationally recognized Lead Auditor training and receive certificates to embellish their CVs. This resulted in more time being spent during the training course trying to impart an understanding of ISO 9001 and how to pass an examination, rather than on the development of auditor competence. Five long and intensive days of such training were a veritable mountain for the trainees to climb. They passed an examination and received a certicate, and then management believed that they were trained and competent to undertake audits that would reveal process weaknesses and assist the organization to achieve its objectives.
Critical success factors

From observations made in a range of organizations, large and small, public and private sector, the following are some of the conclusions reached: Selecting the right staff A very important auditor ability is that of being able to conduct the audit in a professional manner without upsetting, offending or intimidating those being audited. Auditor arrogance should certainly not be tolerated. Unfortunately, it is often the case that those attracted to auditing feel that they are the experts in everyone elses job, or for some strange, inexplicable reason consider themselves to be experts in business management, offering up their opinions of opportunities for improvement whilst they have never managed a business
SPECIAL REPORT
effectively become decoupled with the result that the auditing process no longer serves the needs of management or the organization. It should be remembered that the main purpose of auditing is to provide managers with information to assist them to make business decisions. Understanding and participation in the audit process will provide managers with better value from the auditing. All of the above need to be under the direct control of senior management if the full benefits of auditing are to be obtained.
ing throughout the organization. They should not simply abrogate their responsibilities in these areas to quality departments and the like without this understanding. If the process is not managed effectively, or if the wrong people are employed as auditors, then the process will inevitably fail to deliver. Auditing is not a technique to be pursued as an isolated profession in an organization it exists to support the organization and hence must be focused and directed to provide information that is desired and of value to senior management. An effective management-led audit process will likely be of far more value than the type of routine auditing often encountered utilizing inappropriate audit staff, or the various random efforts of external, thirdparty auditors.
needs. Audit results are part of the information needed by senior management to assist in its decision-making processes. The auditors are there to provide information, managers are the ones who will make use of the information and determine what happens next.
With an audit process functioning effectively, fully under the control of management and serving the needs of the business, significant improvements in the effective functioning of the organization may be realized and the benefits of thirdparty auditing rapidly evaporate.
Senior management and the audit process have effectively become decoupled
Serving the needs of management

Management should recognize that the internal audit process exists to serve their needs. Management has to fund it and resource it so that it provides the added value required. In addition, auditing needs to provide assurance that everything in their organization is happening in the way that management wishes it to happen and that the results being achieved meet with the organizations objectives. Auditing is not undertaken merely to entertain auditors, keep them in gainful employment, or to respond to the requirements of standards or external auditing agencies. In order to take control of the auditing process, senior managers should develop a full understanding of how the audit process needs to be managed and the resources that are required to provide for effective audit-
Auditor arrogance should certainly not be tolerated

Auditing is being pursued by many as a profession in its own right, rather than as a means to an end within an organization. Yes, it does require particular expertise and those required to undertake audits need to develop their skill set; however, the auditors should not be undertaking audits isolated from the needs of the organization. Senior management need to take firm control to ensure that all auditing activities are undertaken fully in support of operations and to a level compatible with managements
SPECIAL REPORT
Good practice for establishing the competence of certification body auditors

While much has been published about internal auditing and auditing by certification bodies, a vital link in the chain of confidence has received scant publicity how do accreditation bodies establish that certification body auditors are up to the job ? An experienced accreditation body auditor presents a straightforward approach drawn from good practice observed worldwide.
by Brian J. Henry
Brian J. Henry is an experienced and independent Accreditation Body Lead Auditor who is contracted to represent several international accreditation bodies that are Members of the International Accreditation Forum. He is the United Kingdom Principal Expert on Auditing to the ISO/TC 176 and ISO/TC 207 Joint Working Group for ISO 19011:2002 and participated in the development of this standard and its predecessors. Brian Henry is also a member of the ISO 9001 Advisory Group (IAG), member of the Auditing Practices Group (APG) and member of the IAF/ISO Task Force that is currently investigating how to improve the verification of auditor competence.
Tel. + 44 1636 673272. Fax + 44 1636 673272. E-mail bhenry@btconnect.com
It has become clear that many certication bodies have found difficulty in making the transition from the old qualification approach for auditors that was previously specied in withdrawn stanards such as ISO 10011-2 for quality management system (QMS) auditors and ISO 14012 for environmental management system (EMS) auditors to the competence
approach taken by ISO 19011:2002, Guidelines for quality and/or environmental management systems auditing,
which is now the unique auditing standard in the ISO 9000 and ISO 14000 families. This problem has led to nonconformities being raised when the accreditation body has audited the certification body and often then resulted in disagreement because the certification body management has not understood the competence approach.
Many certification bodies have found difficulty in making the transition from the old qualification approach for auditors to the competence approach
SPECIAL REPORT
As a result, ISO (www.iso.org) and the International Accreditation Forum (IAF www.iaf. nu) have set up a task force with the job of writing clearer auditor competence requirements in the draft ISO/IEC DIS 17021, Conformity assessment Requirements for bodies providing audit and certification of management systems. In the meantime, the following straightforward approach may be of some help. As an experienced accreditation body auditor and having had the bene t of contributing to the development of ISO 19011:2002, I consider having very reasonable and straightforward expectations on what to see from certi cation/registration bodies (CRBs) with regard to auditor/audit team competence.
of a technical expert(s) to fill the gap.
ISO and the IAF have set up a task force with the job of writing clearer auditor competence requirements
What do I expect in terms of competence of the individual CRB auditors and audit team ? At this stage, the focus is on the audit team, which may consist of one individual auditor, or perhaps several auditors. What I do not do at this stage is make the mistake of diving straight into Table 1 in Section 7 of ISO 19011:2002, Examples of levels of education, work experience, auditor training and audit experience for auditors conducting certication or similar audits . This has nothing to do with auditor competence at all. Table 1 does not list levels of competence instead it lists levels which historically have been useful as a coarse filter for qualification and which undoubtedly will usefully contribute to the development of auditor competence. ISO 19011:2000 defines competence as being the demonstration of personal attributes and knowledge and skill. Nine personal attributes, together with four generic areas of knowledge and skills and two specific clusters of knowledge and skills, are specified for QMS auditors in Section 7 of ISO 19011:2002. Three specific items knowledge and skills are given for EMS auditors.
It is reasonable to expect that the CRB should have identified each of these within the documented processes and assigned quantitative or qualitative criteria against each for a specific audit situation. The criteria stated needs to be the minimum necessary to ensure satisfactory auditor performance and deliver audits that are sufficiently thorough and consistent and also provide added value.
these factors has been acquired from successful completion of formal auditor training courses, CRBs specific training, and skills developed from role play, or from audits carried out under guidance and supervision. Probably the most important need to be demonstrated from this knowledge and skill set is the ability to carry out conformity audits using the process approach. Management system and reference documents. This is perhaps the most important of the generic knowledge and skills and certainly the most controversial. Research is confirming that many auditors do not really understand the standards and do not apply them correctly often resulting in invalid or inappropriate findings. It is expected that the CRB should be able to demonstrate that the levels of knowledge have been appropriately set.
Personal attributes
Dealing firstly with the nine personal attributes I would expect individual auditor records to show that these have been addressed and evaluated. The evaluation can range from simple observation to more complex methods such as psychometric testing. What is more important than the method selected is the recognition that any shortfall is either corrected through further development, or can be safely mitigated and managed by assigning the auditor to situations where the audit will not be compromised.
First step
My rst step is to examine the contract review that the CRB has carried out for certification of an applicant organization. This, amongst other things, should have resulted in a prole being created for the organization to be audited, especially in terms of the proposed scope of certication activities to be considered for a particular IAF scope code. I then expect to see an auditor/audit team prole from the existing CRB pool of auditors that matches the corresponding IAF scope code. The two profiles should match. In the event that they do not, then consideration needs to be given to acquiring additional specialist external auditor resources or making use
The competence needed to audit design and development processes effectively has often not been clearly specified
This is likely to have been acquired from successful completion of formal auditor training courses, CRBs specific training, and skills developed from role play or from audits carried out under guidance and supervision. Organizational situations. This covers, for example, avoidance of disasters caused through assigning an auditor without sufficient knowledge of the
Generic knowledge and skills

What is expected here is that the CRB has assigned quantitative or qualitative criteria for each of the following criteria for a generic audit situation and that resulting individual conformity and performance has been demonstrated, tested and accepted. Audit principles, procedures and techniques. Knowledge of
SPECIAL REPORT
structure and operations of a large corporate multi-site organization, and not having the requisite skills. The converse case is the auditor who is competent with the large organizations, but is then unable to adjust expectations when dealing with small or medium-sized enterprises where employees have to wear many hats, but with mitigated conflicts of interest. It is expected that the knowledge and skills to handle these situations effectively can be gained from exposure to these organizations through training, work place experience and auditing experience under training and supervision. It may well be that some auditors will not be able to acquire the full range of knowledge and skill and the CRB should have precautions built in to the assignment processes to confine activity accordingly. Applicable laws, regulations and other requirements. Although listed under generic knowledge and skills, this set of criteria will inevitably have a slant on a QMS-specific context and it is expected that the auditor(s) should be aware when it is appropriate to back off .
ed through continuing professional development. Processes and products. This area is almost certainly the most difficult knowledge and skill set and the most troublesome for CRBs. What is expected here is that the CRB has recognized that the auditor(s) will encounter sector-specific terminology and jargon, technical characteristics of processes and products including services, and, very often, unique sector-specific processes and practices. The situations can often be very straightforward with processes and techniques having synergy across similar IAF scopes. In other situations, it can be very complex, especially with such diverse sectors as food, aerospace, agriculture, finance and education. What I expect to see here is that the CRB has carried out some type of risk analysis for the criticality related to the product in the specific sector. It may well be that in situations of high-risk criticality, the CRB decides that the auditor(s) will always be accompanied by a scope-specific and currently practicing technical expert. The other end of the spectrum with low risk criticality product may be that auditor(s) with limited competence may operate alone, but with the support of briefing notes. What is not acceptable is a situation where the CRB may have mistakenly considered that the process and product knowledge and skills that are needed for a surveillance audit can be somewhat less than for
an initial certification and reassessment audit. Whatever the approach taken, it is vital that the CRB has defined the parameters to be met in terms of the specific product knowledge and skills for use when establishing the requisite audit team profile. This does not have to be complicated and in some situations it may be satisfactory as a coarse filter to identify simply in broadest possible terms by discipline, such as mechanical engineer, electrical engineer, industrial engineer, metallurgist. In other situations it may be considered that a scientific discipline such as a chemist, physicist, or materials scientist may be more appropriate.
to audit design and development processes effectively has often not been clearly specified by the CRB. I expect to see this included with specific product and process knowledge and skills, and evidence that this has been demonstrated and tested.
Migration of competence
It is a well established fact that many auditors are able to acquire satisfactory levels of knowledge and develop satisfactory levels of skill to audit effectively in other IAF scope codes that are sometimes quite different from their mainstream industrial or commercial disciplines. This should be neither dismissed, nor accepted at face value. What needs to be considered is that the grounds and justification have been satisfactorily provided by the CRB. This is perhaps the time when criteria such as Table 1 in section 7 of ISO 19011:2002 may be useful and assist the CRB in setting the levels which, if attained, may lead to the requisite auditor competence. However, it needs to be emphasized again that there is no single Table 1 to suit all situations. The accompanying notes in the standard are quite clear that depending on the scope and nature of the specific audit, that the levels can be higher or lower. Experience has shown that outdated work place experience is often more dangerous than having none at all. Claims of having gained product and
Outdated work place experience is often more dangerous than having none at all
The same rationale can be similarly applied to other areas such as the food industry where individuals classified as food technologists, nutritionists, hygienists ; agronomists may all be appropriate as an auditor. The important point again is that the CRB can demonstrate that auditor competence criteria has been set, that the individuals have been tested, that their competence has been demonstrated and that the demonstration methods and techniques are sound. As an accreditation body auditor, I am particularly wary that the competence needed
Specific knowledge and skills

Quality related methods and techniques. In order to audit effectively in a QMS context, it is vital that the CRB has clearly set the levels needed. It is expected that these relate to modern quality management tools and their applications and are maintained and updat-
SPECIAL REPORT
process knowledge through operating as a consultant need to be carefully considered especially if there is no satisfactory evidence that the individual had the ability to undertake consultancy in the first place and accepted the consultancy project through misrepresentation of his or her qualifications and competence. Having worked in other areas as an auditor when supported by a technical expert is a common and acceptable way of developing product and process knowledge and skills. It is again expected that the CRB is able to demonstrate that the minimum audit-specific levels of knowledge and skills have been met and have been demonstrated and tested.
or take away from the CRB the responsibility for auditor competence.
team leaders and make use of the methods specified in ISO 19011:2002 for testing and demonstrating this.
see that use of this or a similar model has been documented and implemented by the CRB. Guidance on the use of a variety of evaluation methods is specified in ISO 19011:2002. I expect to see that these, or a selection of these have used. Witnessed audit is a powerful technique, but by its very nature is artificial, intrusive and with potential to influence the outcome of the actual audit being undertaken. An alternative technique is post audit review, which has been found to be equally effective without the undesirable side effects.
Generic knowledge and skills of audit team leaders

This is no different to the generic knowledge and skills for auditors with provision for the CRB to set the levels needed to develop the competence needed by QMS audit
Evaluation processes
ISO 19011:2002 Section 7 Figure 5 shows the relationship between the stages of the evaluation process and then goes on to describe four main steps that are needed. As an accreditation auditor, I expect to
ISO 19011:2002 Section 7 Figure 5 : Relationship between the stages of evaluation.
Development of competence
Better approaches
Criteria not met Initial evaluation (7.6)
Auditor certification
This is now required to be taken into account, but consideration needs to be given about the credibility of the auditor certification body. Members of associations such as the International Personnel Certification Association (IPC formerly IATCA www.iatca.org), linked by multilateral agreements and subject to regular peer review, and bodies accredited by IAF accreditation bodies to provide auditor certification to ISO/IEC 17024, Conformity assessment General requirements for bodies operating certification of persons, should inspire confidence. Even so, auditor certification may not focus on product and process knowledge and skills and therefore does not absolve
Auditing (clause 6)
Criteria met Criteria met
Continual evaluation of performance (7.6)
Auditor
Criteria not met
Care was taken when preparing this article to maintain confidentiality and not to divulge any unique techniques that have been developed by an individual CRB. What has been cited is strictly a generalization of what is considered as being some of the better approaches that have been seen to be used around the world and would be acceptable to accreditation body members of the IAF.
Not selected
Maintenance and improvement of competence (7.5) Audit team selection (6.2.4)
Research is confirming that many auditors do not really understand the standards
SPECIAL REPORT
Effective accreditation is essential for audit competence

This article examines the causes behind the current concerns over the credibility of certification and, from an auditor certification perspective, suggests where the solutions lie.
Few involved in the certification industry can have failed to note a change in recent times in the way the markets regard accredited certification. The situation might be confused slightly by the differences in the way certification is perceived between markets that are mature and those that are developing. Look to the east and all appears rosy. But back in those regions where certification had its origins, a different picture is evident. It is easy to identify positives. The number of accredited certificates worldwide for environmental and quality management systems at last count was well over 600 000. The growth in the five-year period to December 2003 was a very healthy 80 %. Certification is now global, with few if any regions of the world exempt from its influence. More standards are being accommodated within the certification infrastructure. On the face of things, it is a healthy scenario.
by Simon Feary
Simon Feary has been Director and CEO of IRCA since 1994. He currently serves on the Board of IPC, the successor to IATCA.
E-mail sfeary@irca.org Web www.irca.org
SPECIAL REPORT
Concern
But there are negatives and these are of sufficient magnitude to cause concern. The growth in 2003 was supported almost entirely by two economies, China and Japan, while all the other majors were at best flat with some showing a retraction in percentage terms of double figures. One high-profile manufacturing industry, automotive, has declared no confidence in mainstream certification although maintaining its confidence in ISO 9001: 2000 and has walked away to create its own sector-specific structure for accreditation and certification. Another major sector, the aerospace industry now requires having auditors accompanied in order to ensure confidence in their findings. China, a rare bright spot, has seen fit to impose some severe caveats in the way it allows certification to operate within its borders. While some argue their action is no more than a clever expression of the Chinese way , where legitimate competition is kept at arms length, others recognize it to be a reasonable response to damaging and out of control practices that are symptomatic of a malaise within the industry. So what has caused the brakes to be applied so abruptly ? Expressed in business jargon, diplomatically, the reasons are that demand has outstripped the ability of the infrastructure to control the quality of output.
Free markets, an over-abundance of providers and the voluntary nature of certification have allowed short-term commercial interests to exploit opportunities offered by naive markets and complicit or disinterested governments. But put another way, simply and bluntly, accreditation has failed to do its job adequately and the certification product has leaked credibility. Accredited certification has a simple and coherent structure. This was outlined in the original declaration developed by the United Kingdom Government in the early 1980s and remains valid today. Government delegates authority for control (control, not regulation an important distinction that reflects the voluntary nature of this enterprise) at arms length to the accreditation body, one per country. The accreditation body has oversight of the certification bodies, ensuring rigour of quality and consistency of those certification bodies practices.
Interpretations
Interpretations of standards differ from one accreditation body to the other, sometimes significantly, depending to an extent on the lobbying skills of the petitioning certification body, and often they vary within an accreditation body, depending on the extent of assessment competence of the accreditation personnel.
So wheres the solution? Apparently, it lies with the accreditation industrys governing body, the International Accreditation Forum (IAF). Nothing is ever simple, or speedy with governing bodies that are consensus-oriented and composed of a membership approaching 50 from across the very broad spectrum of economic situations and cultures.
Certification is now global, with few if any regions of the world exempt from its influence
Simple in concept but in practice it is not working well enough. Accreditation bodies, invariably monopolies within their own countries, are often accused of lacking the commercial and technical competence found within the certification bodies they are tasked with controlling.
It also tends to be forgotten that, as with certification, accreditation is also a business operation. Accreditation is not disinterested financially, being dependent on revenues from those bodies they are controlling. And in some parts of the world, accreditation has overtly political drivers. All these serve to complicate and frustrate what should be a straightforward exercise in surveillance and control.
But credit where credit is due, and taking a historical perspective, the IAF has to be regarded as making progress, from a standing start a few years ago, it has now gripped its brief and has shown competence at producing guidance on a range of issues, all geared toward best practice and harmonization. But it is slow, and its decisionmaking process subject to the inertia of consensus.
SPECIAL REPORT
It has reacted with reasonable speed to the specific threat drawn attention to by ISOs late Secretary-General, Lawrence D. Eicher. In late 2001, he raised the issue of disreputable practices by some conformity assessment operators and indicated firmly that that the remedy lay with the conformity assessment community itself, and not with the writers of standards. Police yourselves ! was his message.
Cause
But from the perspective of auditor certification and it is from this direction that this critique comes there is unease. There is a fear that the focus of the IAF and other initiatives will be on the symptom, leaving the cause unaddressed. The culprit will be determined to be the auditor, or more precisely, the incompetent auditor and recommendations will lean toward addressing this aspect rather than structurally, where this article argues the problems originate. The reasons for this unease lie with the considerable interest shown in ISO/IEC 17024:2003, Conformity assessment General requirements for bodies operating certification of persons, for the approval of auditors. It is almost as if this is seen as the what weve been waiting for solution. And that would be incongruous, as ISO/ IEC 17024 implies a third-party determination of auditor competence, in other words, auditor certification, and auditor certification has historically been relegated to the periphery of accredited certification.
bodies have always argued that competence is a matter to be determined themselves and whether or not an auditor is certified is of no great relevance. Some accreditation bodies accord it some status, others do not. This is understood by (most) auditor certification bodies, and accepted. While having no formal mandate to contribute represents something of an irritation, it does serve to keep auditor certification honest and focussed on providing added value. While it is understandable that there is interest in ISO/ IEC 17024:2003 it is a new and an International Standard the danger is that it will be seen as the answer: not just part of the answer, but the answer. Already, one major auditor certification body is presenting it as exactly that.
The current mantra is auditor competence , but it should more properly be audit competence . To place all the ills at the foot of the individual in the field is disingenuous. The entire audit process, from the advertising literature, the sales pitch, the audit team competence, performance in the field to the certification decision are all valid factors in determining whether the resulting certification provides value to the organization and its customers, is consistent with the purpose for which certification was intended, or whether it is just commercial opportunism.
There are negatives and these are of sufficient magnitude to cause concern
At the end of 2001, during the IAF plenary meeting in Kyoto, Japan, a proposal was made for the establishment of a multilateral task force comprising representatives of the IAF, ISO/TC 176 (the ISO technical committee responsible for the ISO 9000 family) and ISO/ CASCO, Committee on conformity assessment. One of the objectives of the new group is to monitor real or potential threats to ISO 9001:2000 posed by the use made of it in certification. In May 2002, the first meeting of the group, known as the ISO 9000 Advisory Group (IAG) was held in Denver, Colorado, USA. The group conducted a warts and all review of the certification industry, its practices and various future scenarios and looked at ways to tackle problems identified. And by all accounts, the IAG is vigorously and seriously pursuing its brief.
Accreditation has failed to do its job and the certification product has leaked credibility
Auditors are just part of the certification process. If the process itself is not well controlled or is based on false premise, then it is unreasonable to expect the auditor to shoulder the blame. Two issues give cause to be realistic about the impact that ISO/IEC 17024 and accredited, certified auditors will have on certification and both, unsurprisingly, relate to competence. The first is the way auditor certification is regarded by certification bodies. The majority, especially those that take a responsible, long-term view, see auditor certification as not much more than an indication of basic competence. For
Competent
The message this organization is promoting is that only accredited certified auditors are properly competent. All others, it says, are suspect and the current criteria and methods for evaluating auditors count for little. This is dangerous nonsense. It is nonsense because there are thousands of extremely competent, certified auditors exercising their profession to good effect, and dangerous because it distracts from the root cause of the industrys loss of credibility the lack of effective control at the accreditor level.
Demand has outstripped the ability of the infrastructure to control the quality of output
Although auditor certification provides evidence of competence, it has never gained more than an anecdotal respect from the accreditors. It is very definitely the poor relation. The accreditors and certification
SPECIAL REPORT
them, it represents an assurance that the auditor has a working knowledge of ISO 19011:2002, Guidelines for quality and/or environmental management systems auditing, and the ability to audit simple, generic processes. Certification bodies accept that the real training and acquisition of competence comes via the certification bodies own monitoring, training and appraisal processes, where the auditor learns, amongst other things, the organizations own practices.
These certification bodies make sure that no auditor is let loose on a client until he or she is able to demonstrate the required auditing competence and approach specific to that certification body.
An expectation that all certification bodies will now regard accredited certified auditors as off the shelf, ready to audit just because they are accredited is misguided and naive.
terms of managing client relations, will continue to exercise close control, through training, performance monitoring and calibration. Using accredited auditors will not change that aspect. The second issue is contextspecific competence. Auditor certification provides an indication of generic auditing competence only. There are few if any auditor certification bodies that certify competence to audit within specific industry contexts to any great extent, and it is this context-specific
Critical
To place all the ills at the foot of the individual in the field is disingenuous
No doubt some will, in the same way that they do now with auditors qualified under the current system, but those who recognize that from a risk perspective, the performance of their auditors in the field is one of the most critical in
About IRCA
The London-based International Register of Certificated Auditors (IRCA) began certifying auditors in 1984. It was set up as part of an initiative by the United Kingdom Government to make business and industry more competitive. The aim of this initiative, which was in effect accredited certification, was to achieve efficiencies by reducing the costs of supplier audits by replacing them with a fewer number of third-party audits. Each third-party audit of a supplier would then be accepted and recognized by all customers of that supplier. This quality infrastructure proved to be extremely successful and is now recognized worldwide to be the most effective and most commonly used method for assuring the quality of supplier organizations. This same structure is now used in other contexts, e.g. to assure the compliance of organizations management systems to occupational health & safety, food safety and environmental requirements. But whatever the context, because the structure relies heavily on competent auditors and consultants, the role played by IRCA has been essential. The evaluation and certification methods developed and used by IRCA have been adopted by most other auditor certification bodies. Although most countries now offer alternatives to IRCA through their own national auditor certification programmes, IRCA certication has achieved international recognition. Around 30 000 auditors have been awarded certification since 1984, and over 100 countries are currently represented on the IRCA register.
Programmes
The majority of auditors on IRCAs register are certified to audit ISO 9001:2000. In addition to providing certification services to quality management system auditors, IRCA also offers certification programmes for environmental management, occupational health and safety, food safety, information security, social systems and sustainability assurance. Under development is a programme certifying the competence of auditors who audit greenhouse gas emissions under the European Unions carbon emissions trading initiative. IRCA also certifies auditor training courses and, in addition, now certifies an increasing range of training organizations and training courses as independent activity. Originally designed for auditors intending to become certified, the range of such courses has expanded to meet the needs of students seeking information on quality, environmental and health & safety management for a variety of reasons. Now, only a small minority of students attending these courses are auditors. Training organizations in many parts of the world seek IRCA certification for their courses. Around 50 000 students a year attend IRCA-certified training in all parts of the world.
SPECIAL REPORT
aspect that has caused arguably the greatest negative reaction from client organizations. This gives rise to the our auditor didnt know anything about my business/industry/processes protest. And unless there is a sea change in the attitude of certification bodies toward costs and they are prepared to absorb the additional cost burden associated with sector-specific auditor certification, this is one aspect of improving audit competence that auditor certification, accredited or otherwise, will not address.
by those who carry the most risk. And those are the certification bodies that employ and use the auditors. With the best will in the world, the attributes of honesty, integrity, tenacity and most of the others listed in ISO 19011 are best determined in the field, in real-life conditions and, most usually, over time.
ought to be a simple, valueadding process. So let us leave the gimmickry aside and focus on the real cause of the markets growing disenchantment with certification the ineffective and poor performance of the accreditation system. Some may be tempted to consider this as falling within the too difficult category, but left unaddressed, all other approaches will amount to little more than sticking plaster. There is an old adage in business, applied when organizations are not working effec-
tively, indicating where the cause lies the fish rots from the head . In this analogy, the auditors quite clearly represent the tail. If the certification industry wants a proper, viable, long-term solution to the problem of audit competence, then leave the tail alone and address the problems at the other end.
Value-adding
Attempting to resolve these aspects through an artificial, third-party process only serves to add a layer of complexity, cost and mystique to what
Auditor certification provides an indication of generic auditing competence only

Determining competence requirements of a specific audit and matching these with individual auditors competences is a responsibility that lies entirely within the remit of those who manage the audit process. That it is too often neglected is neither an indictment of auditor competence, nor of auditor certification. It is a reflection that certification bodies are cutting corners and the accreditation process is not picking this up. Identifying the remedy is simple. Accreditation must be made to work properly. The key to credible certification does not lie with auditor certification bodies adding complexity, cost and gimmickry to what ought to be a simple process. There are aspects of competence that are best addressed
SPECIAL REPORT
US adds guidance to ISO 19011 for internal and client audits, plus SMEs
By definition, International Standards are developed for adoption without change worldwide. Sometimes, however, a country will decide that a standard needs supplementing to be truly effective. A case in point is the management system auditing standard, ISO 19011, to which the USA has added guidance.
The US judgement of the ISO 19011:2002 management system audit standard was that it lacked sufficient guidance on internal and supplier audit programmes and audits, and on the use of the standard by small-to-medium enterprises or organizations
by Gary L. Johnson
This has led to the development of ANSI/ISO/ASQ QE 19011S-2004, Guidelines on Quality and/or Environmental Management Systems Auditing US Version with Supplemental Guidance Added. The Supplement is not intended to supplant ISO 19011:2002. The purpose of the Supplement is to augment the ISO text with the text needed, in the US view, to provide clear and useful guidance for internal (first-party) audits, supplier (second-party) audits, and use by small organizations.
+
O /ASQ ANSI / IS
0 Introduction 1 Scope 2 Normative References 3 Terms and Definitions 4 Principles of Auditing 5 Managing an Audit Programme 6 Audit Activities 7 Competence and Evaluation of Auditors
S-20 04 QE 19011
Description
The structure of ANSI/ISO/ ASQ QE 19011-2004 follows the same order as the ISO standard:
The Supplement presents the ISO text in a box and follows the box with the supplemental guidance in three sub-clauses, one each for internal (firstparty) audits, supplier (secondparty) audits, and use by small organizations. In those clauses where the ISO text is sufficient, the Supplement notes that no additional guidance is needed.
SPECIAL REPORT
The placement of the ISO text in boxes was done to distinguish clearly between the ISO text and the Supplement text. This had been done previously in ISO 9004:2000, Quality Management Systems Guidelines for performance improvements, with the ISO 9001 requirements placed in boxes and followed by the ISO 9004 guidance.
Clause 3 Terms and denitions

While the Supplement does not add new definitions or changes those in Clause 3, it does note that the term competence is used in the context of auditor competence.
improvement of the management system.
About the author

Clause 6 Audit activities
The Supplement adds important guidance for audit team leaders for internal (first-party) audits and supplier (second-party) audits that is not covered by the ISO text. The Supplement also provides extensive guidance on internal (first-party) audits and supplier (second-party) audits, including the audit team review of any available documents pertaining to the audit and preparation for the on-site phase of the audit.
Clause 4 Principles of auditing

The Supplement adds text to stress the importance of audit and auditor independence, adding that auditors should not audit their own work. The value of the audit principles to supplier (second-party) audits and to use by small organizations is also discussed.
Gary L. Johnson is currently an environmental engineer in the US Environmental Protection Agencys Ofce of Environmental Information. He is a recognized international expert on auditing, having represented the US in the development of the ISO 19011:2002 auditing standard for quality and environmental management systems. He co-chaired the ANSI Z1 Committee effort to develop ANSI/ISO/ASQ QE19011S-2004, the US Supplement to ISO 19011:2002. He represents EPA on the US technical advisory groups to ISO/TC 176 (ISO 9000) and to ISO/TC 207 (ISO 14000). Most recently, he has represented ISO/TC 207 on the IAF-ISO Task Force on Auditor Competence.
E-mail Johnson.Gary@epamail. epa.gov Web www.epa.gov The author wishes to acknowledge the contributions to ANSI/ISO/ASQ QE 19011S2004 by John Stratton and Bart Solomon as fellow US experts to the ISO 19011 Joint Working Group on Auditing and by the members of the ANSI Z1 Joint Task Group that developed the Supplement. The support of the development of ANSI/ISO/ ASQ QE 19011S-2004 by the U.S. TAG to ISO/TC 176 and the U.S. TAG to ISO/TC 207 is also greatly appreciated.
Clause 1 Scope
The ISO text focuses on the applicability of the standard to quality management systems (QMS) and environmental management systems (EMS), and notes that it may be applied to other types of management systems as well.
Clause 5 Managing an audit programme

The Supplement adds text to emphasize the differences between internal and external audit programmes. The audit programme may also address the possibility of combined audits and joint audits. Such audits are more typically found in external (third-party) audits, but combined internal QMS and EMS audits are possible. The Supplement adds text to emphasize again the differences between external and internal audits in how audit programmes are managed and in the involvement of the organizations management in the programmes. In addition, the Supplement suggests that audit programme review should also consider the performance of the audit programme in meeting the needs of the organization and the contribution of the audit programme to the
The US judgement was that ISO 19011 lacked sufficient guidance on internal and supplier audit programmes and for SMEs
The US Supplement is not intended to supplant ISO 19011:2002

The Supplement emphasizes the particular differences in how internal and external audits are conducted. For example, an opening meeting may be less formal for an internal audit and communication during the audit can be simpler. The Supplement notes, however, that a formal meeting is always appropriate in supplier (second-party) audits. The ISO standard and the Supplement provide specific guidance for audit completion and follow-up as needed to confirm that all nonconformities have been addressed. In most cases, the audit will be completed when all activities described in the audit plan have been completed; however, there may be
The Supplement adds clarification of the concept of small organizations to include consideration of the complexity of the management system ; that is, the Supplement would apply to large organizations if they have simple management systems, simple products and processes, etc.
Clause 2 Normative references

The Supplement does not add guidance to this clause.
SPECIAL REPORT
occasions when follow-up by the same audit team will be necessary, for example, in an internal audit.
Clause 7 Competence and evaluation of auditors

Clause 7 in ISO 19011:2002 represented a significant change from looking at auditor qualifications to auditor competence. Auditors must be competent to perform their assigned tasks and the standard described a consistent process for initially selecting and continually evaluating the competence of auditors. Competence is based on the demonstration of personal attributes and the ability to apply requisite knowledge and skills obtained through education, work experience, auditor training, and audit experience.
The Supplement adds text to stress the importance of audit and auditor independence
The ISO 19011:2002 standard describes the general knowledge, skills, and personal attributes needed for an auditor and an audit team leader. An auditor should have knowledge and skills in audit principles, procedures, and techniques gained through appropriate education, work experience, auditor training, and auditing experience consistent with the needs of the audit programme. Typically, the levels of education, training, and experience will vary according to the spe-
The levels of education, training, and experience needed for internal auditors will very likely differ significantly from those for certification auditors
cific goals and objectives of the audit programme. For example, the levels of education, training, and experience needed for internal (rst-party) auditors will very likely differ signicantly from those for thirdparty, certication auditors. In a practical manner, these levels should be set by the owner of the audit programme or by an appropriate accreditation body. The Supplement provides an alternative approach from ISO 19011:2002 to determining and evaluating the competence of auditors based on the scope of the audit programme.
Practical considerations show that the competence needed for certification/registration auditors would logically be greater than that for internal auditors. These and other differences between internal audit programmes and external audit programmes form the basis the Supplements approach to competence, and the Supplement provides extensive guidance to the user in this regard. Lastly, Clause 7 also provides guidance on the maintenance of auditor competence. This is typically achieved through continuing professional development, such as through additional training, participation in conferences and seminars, and additional auditing experience. The Supplement offers additional examples of sources of continuing professional development that may be helpful to the user.
More effective
While ISO 19011:2002 provides new and more effective guidance for auditing QMS and EMS, its value for the full scope of auditing activities may be fully realized by an organization through the use of ANSI/ ISO/ASQ QE 19011S-2004. The Supplement contains the full text of the ISO standard and provides the added guidance necessary to manage audit programmes, plan and conduct individual audits, and select and evaluate competent auditors. The Supplement expands the applicability of ISO 19011 beyond its emphasis on external (third -party) audits to more effectively encompass internal (first-party) audits, supplier (second-party) audits, and use by small organizations.
SPECIAL REPORT
ISO 9001:2000 auditing kit extended to best accreditation audit practices
by Alex Ezrakhovich and Lorenzo Thione

Alex Ezrakhovich is co-convener representing ISO/TC 176 of the joint ISO/IAF ISO 9001:2000 Auditing Practices Group (APG) and the related Accreditation Auditing Practices Group (AAPG). He is General Manager of SAI Global Certication Services Pty. Ltd, based in Sydney, Australia.
E-mail Alex.Ezrakhovich@sai-global. com Web www.sai-global.com The prolific joint ISO/IAF ISO 9001:2000 Auditing Practices Group (APG) has been busy adding new guidance modules to its best practice auditing kit. Documenting nonconformities. Reviewing and closing nonconformities. Auditing the effectiveness of internal audits. Third party auditor impartiality and conflicts of interest. Auditing of electronic based management systems. Auditing service organizations. The modules making up the APGs auditing kit are available in electronic versions only free of charge via the ISO Web site : www.iso.org/ tc176/ISO9001AuditingPract icesGroup The short, easy to read modules offer a practical how to approach to auditing an ISO 9001:2000 quality management system (QMS). Although developed mainly for certification body personnel carrying out QMS audits for organizations seeking ISO 9001:2000 certification, they may also be useful to staff carrying out in-house audits, as
Lorenzo Thione, is co-convener representing IAF, is President of the certication body Sistema Nazionale per lAccreditamento degli Organismi di Certicazione (SINCERT), based in Italy.
E-mail l.thione@sincert.it Web www.sincert.it
New modules developed at the APGs two most recent meetings in Kuala Lumpur, Malaysia, in December 2004, and Chinese Taipei in February 2005, include the following : Auditing preventive action. Auditing internal communication.
SPECIAL REPORT
well as to consultants, trainers and anyone with an interest in quality (see also ISO offers free-of-charge ISO 9001:2000 auditing kit , ISO Management Systems, July-August 2004 . The APG was initially established as a sub-group of the ISO 9000 Advisory Group (IAG), as part of a broader initiative to ensure the continued credibility of third party certification. The APG is made up of experts nominated by ISO/TC 176 (www.tc176.org), the ISO technical committee responsible for the ISO 9000 family, and the IAF (International Accreditation Forum www.iaf.nu) the grouping of national accreditation bodies that verify the competence of certification bodies. The objective of the APG is to improve the value of third party certification audits for organizations and their customers. The guidance modules it has developed have generated great interest among international conformity assessment operators.
the same working procedures and publish informative papers on the APG Web site. Since the AAPG covers auditing in accordance with ISO/ IEC 17021, Conformity assessment requirements for bodies providing audit and certification of management systems, an operational liaison with ISO/CASCO, Committee on conformity assessment, which developed the standard, has been established. The AAPG has already developed a number of draft publications which are currently being reviewed prior to release, including the following : Auditing competence of QMS certification/registration body auditors and audit teams. Accreditation witness audits. Process approach based accreditation audit.
process we are asking all interested parties to provide inputs and feedbacks through our Web site, in order to support the work of the APG. The AAPG will provide inputs for IAF Technical Committee discussions and resolutions: However, since AAPG papers are informative and not designed to offer official guidance, they are not required to go through the formal TC balloting process. Instead, they
provide information on specific topics to help improve the added value of accreditation activities. However, we would not discourage accreditation bodies or standards developers from issuing formal guidance in conjunction with APG papers.
New ideas
We are delighted that IAF has extended the scope of our work to include accreditation practices, and we are working on ideas for new papers to help enhance the effectiveness of the accreditation process, and the value and credibility of accredited QMS certifications. We would encourage all accreditation and certification bodies to make use of the guideline papers, and urge auditors around the world to read them and benefit from the insights they provide. And as part of our continual improvement
Expanded scope
As a result, the IAF Technical Committee has decided to expand the groups scope and membership to cover accreditation audits (office and witness audits) of certification bodies. This has led to the formation of the Accreditation Auditing Practices Group (AAPG) administratively related to the APG which will hold joint meetings with the APG, follow
ISO INSIDER
ISO 22000 standard for safe food supply chains

by Roger Frost
agreed with the customer and those of applicable food safety regulations. Dorte Jespersen, secretary of the ISO 22000 working group, explained the background to the standard : Organizations that produce, manufacture,
9001:2000, with or without independent (third party) certification of conformity.
Complemented
The publication of ISO 22000 will be complemented by an ISO Technical Specification (ISO/TS 22004) giving guidance on the implementation of the standard, with a particular emphasis on small and medium-sized enterprises. In the following months, another Technical Specification ((ISO/TS 22003) will be published explaining certification requirements applicable when third-party certification is used. These documents are being developed by working group WG 8, Food safety management systems, of ISO technical committee ISO/TC 34, Food products. Experts from 23 countries are participating and organizations with liaison status include the following: Confederation of the Food and Drink Industries of the European Union (CIAA), Codex Alimentarius Commission, International Hotel and Restaurant Association, CIES/ Global Food Safety Initiative, and World Food Safety Organization (WFSO).
September 2005 is ISOs publication target for ISO 22000 1), the new standard for food safety management systems, which is intended to ensure that there are no weak links in food supply chains. ISO has circulated the final draft of the standard to the national standard bodies that make up its membership for a two-month voting period, ending on 5 July 2005. ISO 22000, Food safety management systems Requirements for any organization in the food chain, can be applied to organizations ranging from feed producers, primary producers through food manufacturers, transport and storage operators and subcontractors to retail and food service outlets together with interrelated organizations such as producers of equipment, packaging material, cleaning agents, additives and ingredients.
As food safety hazards can be introduced at any stage of the food chain, adequate control throughout the food chain is essential, commented Jacob Frgemand, convenor of the ISO working group that is developing ISO 22000.
handle or supply food recognize that customers increasingly want them to demonstrate and provide adequate evidence of their ability to identify and control food safety hazards and the many conditions impacting food safety.
Food chain
Thus, food safety is a joint responsibility that is principally assured through the combined efforts of all the parties participating in the food chain. ISO 22000 specifies the requirements for a food safety management system in the food chain where an organization needs to demonstrate its ability to control food safety hazards in order to provide consistently safe end products that meet both the requirements
The standard can be applied on its own, or in combination with other management system standards such as ISO 9001:2000
Th e g r o w i n g n u m b e r o f national standards for food safety management has led to confusion. Consequently, there is a need to harmonize the national standards at an international level. The standard can be applied on its own, or in combination with other management system standards such as ISO
1) See ISO 22000 to ensure integrity of food supply chain , ISO Management Systems September-October 2004.
ISO INSIDER
Get me the money ! How quality management systems can yield financial and economic benefits
by Tommie J. Johansson and Paul C. Palmes
Throughout the development of ISO 10014, achieving consensus in support of the content and format of Clause 5 Application of the management principles was our greatest challenge. This is the heart of the standard, dening the links between each of the eight management
principles and tools specic to each principle to achieve financial return. However, obstacles emerged from the moment the initial list of accepted business tools and reporting formats was developed. As most of these tools are not found in quality texts, the financial concepts and terminology required some form of
Financial concepts and terminology required some form of definition for the quality community
Swedenbased management consultant Tommie J. Johansson specializes in quality, project and competence management, and is convener of the ISO working group reviewing ISO 10014. He has been involved in ISO technical work for more than 10 years, representing Sweden in ISO/TC 176 since 1993. His participation included the development of ISO 10015, Quality management Guidelines for training, and in the Chairs Strategic Planning Task Group developing Horizon 2010 .Tommie Johansson is a member of Swedish Standards Institute (SIS) and represents the Swiss foundation, Centre for Socio-Eco-Nomic Development (CSEND) in Sweden.
Tel. + 46 70 593 6940. E-mail tommie@sighard.com Web www.sighard.com
In this sequel to Show me the money (ISO Management Systems March-April 2005), we look at what it takes to get the money actually achieve financial and economic benefits by applying the eight quality management principles of ISO 9000:2000 forming the heart of ISO 10014, Quality management Guidelines for realizing financial and economic benefits, now at Draft International Standard (DIS) stage.
Guidelines for top management

Anyone who has participated in a group of experts writing International Standards knows that achieving consensus is challenging. There are many opinions, cultures, experiences and language differences that have to be factored into the process. It takes time to accommodate ideas, comments and technical nuances, and arrive at a document that satisfies the majority of the working group.
Paul C. Palmes is the project secretary and US Lead delegate for the development of the ISO 10014 guideline, Vice Chair of the US TC 176, and Quality Assurance Director for Northern Pipe Products Inc. in Fargo, North Dakota, USA. He has been a Certified Quality Manager and member of the American Society for Quality (ASQ) since 1992. His new book, Process Driven Comprehensive Auditing (ISBN 0-87389-641-6) was recently published by ASQ Press (http://qualitypress.asq.org/). Paul Palmes is also a member of the Steering Committee of the Open Compliance and Ethics Group (OCEG) participating in the development of ethical systems design and management. He represents the US TC 176 on the Quality Board of the ANSIASQ National Accreditation Board (ANAB), the US accreditation body for management systems, and as liaison to the International Accreditation Forum (IAF).
Tel. + 1 701 282 7655. E-mail paulp@northernpipe.com
ISO INSIDER
definition for the quality community. Many of these financial tools resisted application to a single quality principle or function. Several share similar features, but have significantly different investment requirements. Some are identical, but have different names in different countries. Clause 5 addresses these obstacles by listing the most appropriate financial tools and reports beneath each management principle. Early drafts struggled with what goes where and whether the repeatability of a particular tool warranted an expanded denition in a separate annex.
agement principles (QMP) shown with the relevant subclauses of ISO 10014 to be used by top management in order to lead the organization towards improved performance : 1. 5.1 Customer focus 2. 5.2 Leadership 3. 5.3 Involvement of people 4. 5.4 Process approach 5. 5.5 System approach to management 6. 5.6 Continual improvement 7. 5.7 Factual approach to decision making 8. 5.8 Mutually benecial supplier relationships Adoption of these principles as guiding stars is a strategic top management decision that will help create an environment where people are fully involved and where a quality-directed management system can operate effectively. The ISO 10014
guidelines explore the QMP from a nancial and economic perspective. Using tools listed under each principle, the quality professional can develop a plan of action in which top management can expect to achieve a specic nancial result. ISO 10014 will help top managers improve business decisions by elaborating on each principle relative to achievable nancial and economic benefits, based on the availability of reliable and usable information. In doing so, the guidelines will enable quality professionals to recognize the link between quality improvement and achievable nancial benets and help them contribute to discussions concerning methods and tools that dene what it takes to get me the money ! These are a mixture of economic and quality disciplines, designed to reconcile any differences between top manag-
ers and quality professionals. More than 70 are briefly explained in Annex C of the guidelines, and once you have identied the specic tools to use in your organization, you can easily nd more detailed descriptions on the market.
Self-assessment
A unique self-assessment tool, developed specially for ISO 10014, is an integral part of Annex A. In the form of a questionnaire, it comprises three questions per principle in a condensed version, plus a detailed 68-question version for a more comprehensive evaluation, scored on a scale of 1 to 5, to assess an organizations level of maturity. The self-assessment process is designed to help identify the priority areas for improvement and to indicate methods and tools to realize benefits. An important link between the self-assessment findings and achievable benets is cross-referenced in Annex B, to assist top management rank and prioritize actions. Here are examples of how the guidelines elaborate on two of the key principles, Customer focus and Continual improvement : Customer focus Clause 5 examines each of the management principles and describes the nancial and economic benefits that can be achieved by applying them. Once you have identied and prioritized the principle improvement actions to be taken, the next step is to identify
Realizing financial and economic benefits

ISO 9000:2000 describes the fundamentals of a quality management system and identies the following eight quality man-
Figure 1: the Plan-Do-Check-Act cycle PLAN

Market appraisal
Customer feedback analysis Customer Relationship Management (CRM) Market surveys and analysis Strategic planning Strengths, Weaknesses, Opportunities, Threats (SWOT)
DO
Product realization
Advanced Product Quality Planning (APQP) Bottleneck management Electronic Data Interchange (EDI) Materials Requirement Planning (MRP) Product Part Approval Process (PPAP)
CHECK
(See Annex A) Balanced Scorecard (BSC) Benchmarking Dashboard Design of Experiments (DOE) Trend analysis
ACT
(See Sub-clause 5.6) Increased efficiency Improved effectiveness Improved performance in processes, activities and products New/rened objectives Recognition and reward
Assessment
Improvement
Customer requirements identification

Quality Function Deployment (QFD) Service agreements
Customer feedback measurement

Call centres Customer Relationship Management (CRM) Customer satisfaction surveys Help desks Response and complaints handling
CONTINUAL IMPROVEMENT CYCLE

ISO INSIDER
the processes to achieve such benets. The aim is to nd guidance concerning the management methods and tools available. As an example, the rst principle of ISO 9000:2000 Customer focus states: Organizations depend on their customers and therefore should understand current and future customer needs, should meet customer requirements and strive to exceed customer expectations. The core section of ISO 10014 utilizes a combination of the quality management principles and the Plan-Do-Check-Act cycle (P-D-C-A), reected in owcharts found in sub-clauses 5.1 to 5.8, two of which are illustrated here (see Figures 1 and 2). Each sub-clause describes some key benets (under ACT) that can be achieved by applying the principles via selected methods and tools. Examples
are shown under the P, D and C columns. Continual improvement Sub-clause 5.6 Continual improvement illustrates how the P-D-C-A approach can be applied effectively by top managers in their strategic planning and review processes to realize, and enhance, benets to the bottom line. Continual improvement of the organizations overall performance should be a permanent objective of the organization. (ISO 9000:2000) An effective continual improvement process is the key to maintaining nancial and economic benets, but top managers must commit themselves to applying all eight interrelated management principles. Benefits from using the methods and tools identified in Clause 5 show up as continual improvements that add value.
Nevertheless, it is important to take a holistic view of the needs of all interested parties to ensure an organization is capable of effecting the sort of changes that lead to continual improvement.
Guidance on the role of QMS in product certification

by Germn Lombana
Working towards a common goal

ISO 10014 was written to dene the common ground and a common language between top management and quality professionals. Both levels need to achieve positive nancial return for their work, but often struggle to understand each others perspectives, terminology and reports. The success of ISO 10014 will be measured by how far they succeed in communicating and working together towards a common goal.
Figure 2: The continual improvement process

Sources of opportunities for improvement plans
Customer feedback Financial performance Self-assessment results Audit results Yield Value of goods and services Human resources Appraisal Satisfaction feedback Suggestions Recommendations for improvement Problem solving (corrective action) External factors Regulatory Emerging technologies Changes in the marketplace Environmental/social
Process steps
Review of action
INPUTS
Data analysis Trend identification Self-assessments Results evaluation Identication of action items Prioritisation Set and cascade objectives Application of all principles and selected tools Action plan development Allocation of resources Re-conducting self-assessment and evaluations
Projected sales Budget allocations Performance target levels Strategic plan Cost reduction targets Cash flow Capital expenditure
The role of a quality management system (QMS) in relation to product certification is clarified in the updated ISO/IEC Guide 53, Conformity assessment Guidance on the use of an organizations quality management system in product certification 1). It provides guidance for product certification
1) ISO/IEC Guide 53:2005(E), Conformity assessment Guidance on the use of an organizations quality management system in product certification, 21 pages, English only, costs 99 Swiss francs and is available from ISO national member institutes (listed with contact details on the ISO Web site : www.iso.org) and from ISO Central Secretariat (sales@iso.org)
OUTPUT
Implemented actions = FINANCIAL & ECONOMIC BENEFITS

ISO INSIDER
and regulatory bodies when assessing product conformity when the supplier operates a QMS : ISO/IEC Guide 53:2005, the first revision since it was introduced in 1988, has been four years in preparation by ISO/ CASCO, Committee on conformity assessment, Working Group WG 26. Although initially a terminology revision, it now reflects the many changes that have taken place in QMS and conformity assessment requirements, and also the functional approach established in ISO/
IEC 17000:2004, Conformity assessment Vocabulary and general principles. Product certification schemes incorporating an organizations quality management system can be beneficial for both the organization and the certification body in determining the conformity of products to specified requirements and in assuring that products continue to conform to those requirements, states the introduction to the guide.
In addition to outlining steps in the scheme selection, determination, review and attestation, and surveillance, the guide provides actual examples of data forms for product certification schemes that use either very few, or many, requirements of a QMS. In questionnaire format, these are intended to provide a certification body with information about the organizations QMS, competence and implementation responsibilities. D, E and H modules of European Directive 93/465/CEE and some IEC modules are examples of product conformity assessment schemes that include QMS requirements.
Product certification schemes incorporating an organizations quality management system can be beneficial
This is consistent with ISO 9001:2000 which specifies requirements for a QMS where an organization : 1. needs to demonstrate its ability to consistently provide product that meets customer and applicable regulatory requirements, and 2. aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable regulatory requirements.
requirements of an organizations QMS, and involves the following principles : assessment of an organizations QMS and its capability to consistently supply products conforming to specified requirements ; testing, inspection or comparable verification of the products conformity to scheme criteria and specified requirements : application of a suitable surveillance scheme to ensure continual conformity to specified requirements of products supplied by the organization, and control of the mark of conformity and/or logo of the certification body. The guide requires those interested in using it in developing product certification schemes to be familiar with ISO 9001:2000, and with the more general certification and surveillance provisions in ISO/IEC Guide 67:2004, Conformity assessment Fundamentals of product certification.
Benefits
ISO/IEC Guide 53:2005 is intended to make product supplier organizations aware of the benefits of access to product conformity assessment schemes offered by certification bodies, which include verification of QMS requirements. This can lead to increased confidence in fulfilling product requirements, and to reduced risks related to certification. Simplification of some stages of product conformity assessment can also yield corresponding reductions in cost and time.
Germn Lombana is a quality management system lead auditor with ICONTEC, the national standards body of Colombia, which he has represented on the, ISO/TC 176 and ISO/CASCO committees, and convenor of the CASCO Working Group WG 26, responsible for reviewing and updating ISO/IEC Guide 53.
Instituto Colombiano de Normas Tcnicas /ICONTEC), Carrera 37 No. 52-95, Bogota D.C., Colombia. Tel. + 57 1 607 8888. Fax + 57 1 222 1435. E-mail glombana@icontec.org.co Web www.icontec.org.co
Scope
In scope, Guide 53 outlines a general approach by which certification bodies can develop and apply product certification schemes utilizing the
In certification of services, there is still much to accomplish

Guide 53 is based on the assumption that an organization that has implemented a
ISO INSIDER
QMS covering the manufacture or supply of the product to be certified gains advantage over a company that has not done so.
New edition of influential ISO/IEC standard on competence of laboratories

by Roger Frost
Good alternative
In the certification of services, there is still much to accomplish, although service certification schemes have been established that include some QMS requirements, for example, those related to the competence of personnel providing the service (see ISO 9001:2000 clause 6.2.2 C o m p e t e n c e, awareness and training), and the necessary infrastructure supporting the service (clause 6.3 Infrastructure), among others. Some national service standards have been established following this approach in sectors such as tourism, dangerous goods transportation, moving, and cleaning. However, establishment of QMS requirements based on ISO 9001:2000 provides a good alternative for the service industry, particularly due to the standards responsiveness to changing customer needs.
A new edition has just been published of an ISO/IEC standard acknowledged as the international benchmark for approving the competence of the testing and calibration laboratories that play a vital role in trade, in product development and manufacturing, and in protection of the consumer. ISO/IEC 17025:2005, General requirements for the competence of testing and calibration laboratories, replaces the 1999 edition which has been used to accredit (approve) some 25 000 laboratories worldwide that test products and samples, and calibrate precision instruments.
Confidence in the competence of laboratories is frequently needed by businesses and by government regulators and trade officials
However, the influence of ISO/IEC 17025 is even greater than this figure suggests since many countries make its use a legal requirement. In addition, documents derived from it are used by laboratories in specific sectors such as medicine and microbiology. ISO Secretary-General Alan Bryden commented : ISO/ IEC 17025 benefits business,
government and society at large. Confidence in the competence of laboratories is frequently needed by businesses when testing new products, or ensuring that finished products are fit for sale, by government regulators and trade officials that require assurance about domestic or imported products before they can be placed on the market, or for ensuring the quality and reliability of testing and analysis relating to environmental, health or safety hazards. ISO/IEC 17025:2005 contains all of the requirements that testing and calibration laboratories need to meet in order to demonstrate to customers and
ISO INSIDER
regulators that they operate a sound management system which puts them in full control of their processes, are technically competent, and are able to generate technically valid results. Accreditation bodies that recognize the competence of testing and calibration laboratories will use the standard as the basis for their accreditation.
they are managing their activities, only ISO/IEC 17025 can be used to demonstrate the technical competence specific to laboratories. Laboratories may choose to be accredited to ISO/IEC 17025, or be certified to ISO 9001:2000, or both, but the processes of accreditation and certification would still be two separate actions, although highly facilitated both for the laboratories and the assessors by the consistency now ensured between the two standards. There are no essential changes to the technical requirements. The modifications relate mainly to the management requirements in the document to reflect the content of ISO 9001:2000, especially in a greater emphasis on the responsibilities of top management, on the need to demonstrate a commitment to continually improve the effectiveness of the management system, on customer satisfaction, and on internal and customer communication about the management system.
ments to make to their existing procedures to ensure that the new orientations in the management requirements are fulfilled. The International Laboratory Accreditation Cooperation (ILAC) has set a transition period of two years from date of publication of the new edition 12 May 2005 for accredited laboratories to comply with the standards requirements. ISO/IEC 17025:2005, General requirements for the competence of testing and calibration laboratories, costs 112 Swiss francs and is available from ISO national member institutes (complete list with contact details available on the ISO Web site: www.iso. org) and from ISO Central Secretariat (sales@iso.org). It was developed by Working Group 25 of ISO/CASCO, Committee on conformity assessment.
Worldwide
Dependable testing and calibration laboratories are ones that have been duly accredited as competent and ISO/ IEC 17025:2005 is the laboratory accreditation standard that, like the edition it replaces, will be counted on by business and governments worldwide, declared Peter van de Leemput, who led the ISO group of experts that carried out the work. The new, 2005 edition results from the amendment of ISO/ IEC 17025:1999 to ensure its compatibility with the requirements of ISO 9001:2000, Quality management systems Requirements. This became necessary because of the generalized adoption of quality management systems conforming to ISO 9001:2000, including many of the organizations that testing and calibration laboratories serve. It also seeks to clarify that while compatible, the two standards are not inter-changeable. Although both standards can be used by laboratories as a framework for providing their customers with confidence that
ISO/IEC 17025 will be counted on by business and governments worldwide
Peter van de Leemput summed up: Laboratories that have described and controlled their processes within the laboratory as already required by the 1999 edition of ISO/IEC 17025 will only have minor adjust-
INTERNATIONAL
Survey compares experience of ISO 14001 users in United Kingdom and China
Nothing beats the test of experience. A recent survey compares the experience of ISO 14001 users in the United Kingdom and in China, and of users compared to non-users. Its author concludes that ISO 14001 can help an organization make real progress towards sustainable development.
by Timothy Wan
ISO 14001 is generally regarded as the global benchmark for environmental management systems (EMS). It offers an opportunity for improved environmental performance coupled with tangible business benefits and therein lies its appeal. More than 74 000 1) organizations worldwide had achieved ISO 14001 certification by late 2004, and this number continues to grow at over 30 % per annum. However, some critics believe that ISO 14001 does no more than facilitate compliance with environmental regulations, and can impose significant implementation costs. What do companies really think ?
The research studied 44 large engineering companies in the United Kingdom and China
size between the United Kingdom and China. In each case, half of the companies were ISO 14001-certified, and half uncertified. The objective was to compare their ability to set goals, measure and review environmental performance, and examine the actual environmental improvements they had achieved. Responses are reported under the key questions asked. Th e r e a s o n f o r c h o o s i n g to compare environmental performance management between companies in the United Kingdom and China,
Following are key findings of a multi-company survey I conducted in 2004 (see box) to support or refute those opinions. Its main purpose was to assess the ability of ISO 14001 to improve the environmental performance management of organizations. The research studied 44 large engineering companies with a turnover exceeding 40 million euros per year, divided equally in sample
INTERNATIONAL
%
Others Waste generation Resource scarcity Prosecution Pollution 14 29 29 29 20 20 60 29 20
United Kingdom
particularly in assessing the effect of political and geographical differences on ISO 14001 implementation, was the fact that these two countries were ranked second and third respectively in ISO 14001 certifications, behind Japan, in The ISO Survey 2003 2). My findings indicated that organizations from both countries experienced positive results in managing environmental performance, with four important differences.
60
China
In the second place, expectations of auditors and certification bodies in China may be lower than those in the United Kingdom. This finding could indicate that the average level of environmental performance management constantly evolves as a result of continual improvement.
Figure 1 : What is the greatest environmental threat to your organization?

their ISO 14001 certification programmes and were only able to comply with environmental regulations after implementation. In contrast, most United Kingdom-based firms sought improvements beyond compliance. Thirdly, Chinese companies expected ISO 14001 to enhance innovation and marketing, rather than reduce cost, while the British enterprises found the cost-saving element more significant as their environmental management improved. These findings say much about the adaptability of ISO 14001 ability to different organizations. Many Chinese organizations used the standard as a means to develop an EMS or environmental policy from scratch. However, their environmental awareness, environmental performance, and management started from a lower level than in most developed nations. Few Chinese companies had the management resources or managerial training to establish an EMS until recently, in contrast to companies in most developed nations.
Exceeding requirements
Fourthly, a higher percentage of Chinese companies claimed they could obtain the same environmental improvements without ISO 14001 (see Figure 2). There are two possible explanations. In the first place, many Chinese companies form part of a supply chain to multi-national organizations that already have a stringent EMS in place, and are expected to apply best environmental practice to meet customer requirements, regardless of being ISO 14001-certified or not. A similar trend can be seen in other labour-intensive countries such as Vietnam and Mexico.
Greatest threat
Firstly, Chinese organizations set a higher priority on reducing the impacts of pollution and waste generation (see Figure 1). Given the dramatic rate of urban and economic development in China, it is not surprising that these are the two key issues on the governments environmental agenda. This is increasingly apparent in the run up to the 2008 Olympic Games, particularly for organizations based in Chinas major cities. Secondly, many Chinese companies had no environmental policy before implementing
The United Kingdom and China were ranked 2nd and 3rd respectively in ISO 14001 certifications in The ISO Survey 2003
Nevertheless, most of my research findings indicate that geographical location has little effect on ISO 14001 implementation, and on training and auditing activities.
Opportunities
Overall, the ndings indicated superior environmental performance management from the ISO 14001-certied organizations. In terms of goal setting, uncertified companies tended to direct corporate policies towards compliance alone. They saw little real business opportunity from environmental changes apart from the greenwashing effect, and considered environmental issues irrelevant to their future and protability. Those who had implemented ISO 14001 said the opposite (see Figure 3, overleaf) Certied companies identied environmental aspects that were relevant to their future operations, tended to stay ahead of regulatory requirements and found more innovative and
United Kingdom
China
1) According to statistics collected by Reinhard Peglau of the Federal Environmental Agency, Germany, 74 004 organizations had been certified in accordance with ISO 14001 by October 2004. 2) The ISO Survey of ISO 9001:2000 and ISO 14001 Certificates 2003 (ISBN 92-67-10393-7) is available as a combined report and CD-ROM at a cost of 47 Swiss francs from ISO (www.iso. org). The principal findings are available free of charge on the ISO Web site.
Hard to say 43 Yes 57 20
%
80
Figure 2 : Are you doing anything more than that required by ISO 14001 to improve environmental performance or sustainability?
Non-ISO 14001 organizations
%
Certified companies also benefited from having both internal and external environmental auditing which increased the reliability and transparency of the exercise. Evidence of continual improvement was reported in 75 % of certified companies, but in none of the uncertified respondents. This contrast in commitment reflects the stronger drive of the ISO 14001 review process, with its central concept of improvement. It should be noted that 50 % of the non-certified organizations failed to respond fully to the survey, and therefore the above analysis contains some degree of uncertainty. However, the significant difference in response between the two groups reflects a greater willingness of certified companies to disclose environmental information. This runs contrary to some scepticism about the transparency of an ISO 14001based EMS.
INTERNATIONAL
ISO 14001 organizations
17 0 33 0 42 50 58
0 10 20 30
75 Improved publicity Reduced costs New business opportunities Innovation

40 50 60 70 80
The best
ISO 14001 thrives by being the best and most generic tool available to improve environmental performance management. It offers a degree of flexibility not seen in its closest competitor the Eco-Management Audit Scheme (EMAS). It is adaptable to an existing environmental management system, or to companies establish an EMS for the first time. It provides solid framework for improving corporate environmental performance. A possible weakness of ISO 14001 is its non-requirement for organizations to report environmental performance to the public, since the decision to do so or not is left to the organization.
Figure 3 : What opportunities do environmental changes present to your organization ?

protable ways of doing business. Both certified and uncertified companies reported improved levels of environmental performance since 2000. This was probably driven by environmental legislation and/or pressure from customers. However, ISO 14001-certified companies showed a greater degree of improvement as a result of their commitment to continual improvement, and a tendency to exceed ISO 14001 and legislative requirements. Many had also received awards for outstanding environmental performance.
About the author and the research

Timothy Wan is currently developing instructor resources for engineering and sustainability education at the University of Cambridge, United Kingdom, and also at the Massachusetts Institute of Technolog, USA. The survey, conducted as part of his MPhil degree course at Cambridge, was based on a sample of 44 engineering companies with an annual turnover of 40 million euros and more than 250 employees 22 based in China and 22 in the United Kingdom. Half of the companies chosen had been certified to ISO 14001 before 2000, to ensure sufficient time for the impact of implementation to be measured. The remaining companies were not certified, but were required to have an environmental policy or an environmental statement in their corporate policy in effect before 2000. The author wishes to thank Professor Peter Guthrie and Dr. Richard Fenner of the Cambridge Centre for Sustainable Development for their continued support during preparation and completion of the research programme.
Timothy Y.M. Wan, Research Executive, Cambridge University Engineering Department, Trumpington Street, Cambridge CB2 1PZ, United Kingdom. Tel. + 44 (0)1223 330266. E-mail tymwan@gmail.com Web www-g.eng.cam.ac.uk/sustdev/people.html
Geographical location has little effect on ISO 14001 implementation

By closing this loophole and adopting complementary tools for managing occupational health and safety and social responsibility issues, ISO 14001 can help an organization manage its financial, environmental and social responsibilities simultaneously, thus making real progress towards sustainable development.
Measuring performance
ISO 14001-certified companies often utilize formal performance indicators that are not evident in uncertified companies, and their environmental performance suggests a greater ability to measure, evaluate and improve. In addition, most uncertified organizations did not carry out environmental or sustainability reporting, while 80 % of those implementing ISO 14001 did.
INTERNATIONAL
Overcoming language and literacy barriers to ISO 9001:2000 implementation

ISO 9001:2000 quality management systems are documented. What happens when the organizations work force is more at home in a minority language than in the one used in the QMS and is anyway semi-literate ? This case study reports how Indian agricultural pesticide manufacturer Hyderabad Chemical Supplies overcame the challenges and achieved impressive results.
by Sambasiva Rao Choda
While infrastructure and technology are essential tools, it is quality control that provides the cutting edge, states Hyderabad Chemical Supplies 1) Ltd. (HCSL) , a pioneer in the manufacture of pesticides in India, meeting the plant protection needs of thousands of farmers throughout the subcontinent. HCSL was certified to ISO 9001:2000 in April 2003. However, the implementation process was particularly challenging because the key to gaining the involvement of employees at all levels turned on two critical factors language and literacy. An essential principle of the Choda QMS Methodology , developed by the Choda Lead-
Author Sambasiva Rao Choda, CEO of Choda Leadership Centre, Hyderabad, India, is a qualified Lead ISO 9000 and ISO 14000 auditor and associate of National Quality Assurance Ltd. (NQA). He has published over 100 articles on quality management principles, and has trained executives in quality matters throughout India, and in Europe. Choda Leadership Centre, Hyderabad, India. Tel. + 91 98 480 21382. E-mail choda_centre@hotmail.com
1) Hyderabad Chemical Supplies Ltd, A-24/25 Assisted Industrial Estate, Balanagar, Hyderabad 500037, India. Tel. + 91 40 377 2651. Fax + 91 40 377 2595.
INTERNATIONAL
Establishing a core group

While I highlight this as an unusual feature of the QMS programme at HCSL, the implementation process started earlier with the establishment of a core group of ve functional executives to review gaps in the existing quality system when compared with ISO 9001: 2000 requirements.
They then formulated the quality policy which states, as its guiding mission : We are committed to manufacture and market quality plant protection chemicals in a cost effective manner for the delight of the customer. QMS documentation was developed in line with ISO 9001:2000 elements, customer needs, and with statutory, regulatory, organizational and chemical sector specific requirements. The procedures were then adapted and simp l i fied for routine use as described.
An essential principle is to ensure that all employees feel a sense of ownership in the QMS
Office premises of Hyderabad Chemical Supplies Ltd.
ership Centre, Hyderabad, which we apply in helping companies implement ISO 9001:2000, is to ensure that all employees feel a sense of ownership in the quality management system (QMS). That can only be achieved by their gaining a full understanding of the system and its documentation. When training employees, we find that if the consultant involves them closely in preparing documentation and in the implementation and improvement processes, the system then becomes integrated with the working routine and the business results flow accordingly.
Translation
In the case of HCSL, there were obstacles to overcome before this could be achieved. Many employees find English difficult to understand, particularly in sentences and paragraphs. ISO 9001:2000 documentation was seen as the foundation of the QMS but not as the foundation of a course to learn English. So, with the help of consultants Mrs. Madhavi and Mrs. Raghu Jyothi, of the Professional Quality Management Centre (PQMC), Hyderabad, the system work instructions were re-written in simplified English, supported by translation into the local Telegu language, and by pictorial representation where feasible. The result of this effort was a work force that became highly motivated to implement the ISO 9001:2000-based QMS culminating in many benefits to the company.
Packing, sealing and printing of plant protection chemicals at HCSLs ISO 9001:2000 plant in Hyderabad, India.
The core group was exposed to ISO 9001:2000 principles and elements, and their application to the plant protection chemical industry : good manufacturing and laboratory practices ; health and hygiene policies ; safety methods and environmental controls ; control of product labels, and specific requirements for the export of chemicals.
Mr. Simhachalam, Works Manager, testing PPC.

Around 500 Standard Operating Procedures (SOPs) have been formulated to cover all operations, organizational goals and ISO 9001:2000 requirements, cross-referenced in the department manuals and quality system procedures. We conducted the first internal audit three months into
INTERNATIONAL
Work instructions were re-written in simplified English, supported by translation into the local language, and by pictorial representation
implementation of the updated QMS and completed corrective actions to improve the system. Two consultancy audits followed, focusing on employee awareness of the QMS, and the effectiveness of the implemented system. This analysis led to further corrective actions. Such was the thoroughness of these audits that only few minor nonconformities were found in final assessment and certification.
A production supervisor monitors process parameters on the HCSL production line.
container reject rate reduced from 4 % to 0,4 %, and Karshaka Shaya Vani initiative introduced providing 24-hour online advice to farmers about crop management.
The percentage of on-time deliveries has increased from 85 % to 99,9 %

An operator transports liquid solvents to store at HCSLs corporate headquarters.
To summarize, I believe quality training, documentation adapted and interpreted by the organization, plus the enthu-
Impressive benefits
In the two years since ISO 9001:2000 certification, HCSL has seen some impressive benefits. Customer complaints have fallen dramatically from ten to one per month, while the percentage of on-time deliveries has increased from 85 % to 99,9 %. Equipment downtime has dropped from 5 % to only 0,1 %, linked with a reduction in process losses from 10 % to 1 % despite an increase in the number of product introductions. And during the period annual turnover has increased from USD 10 million to USD 44 million, without adding manpower.
Monitoring QMS performance

HCSL set a number of parameters for measuring the effect of its QMS. These included : increases in turnover and yield, customer satisfaction, vendor performance, employee satisfaction, reduction of waste including solvent losses in storage tanks, inventory reduction, training of employees, development and marketing of new chemicals, improvements in each area/ process, increase in market share, and financial results.
Additional measures and improvements achieved since QMS implementation include : solvent storage levels reduced from 3,5 % to 1,23 %; laminated film wastage in granular formulation plant reduced from 5 % to 1 % ; zero variation achieved between physical stock levels and recorded stock levels ;
In the two years since ISO 9001:2000 certification, HCSL has seen some impressive benefits
siastic involvement and clear understanding of all employees in the ISO 9001:2000 implementation process can bring excellent business results to an organization. HCSL is an outstanding example of what can be achieved,
INTERNATIONAL
Santander Serfin takes ISO 14001 lead in Mexican banking sector

Mexican bank Santander Sern has taken the lead in its sector, responding to top-of-the-agenda governmental and public concerns about the environment by becoming the first banking institution in the country to implement ISO 14001.
Santander Serfin is headquartered in Mexico City, a metropolis of almost 24 million inhabitants. Environmental pollution is one of the citys biggest problems, exacerbated by its location in a valley 2 240 metres above sea level. Pollutants from human and industrial activity and emissions from millions of vehicles disperse slowly. The problem is further aggravated by intense solar radiation at that altitude which provokes the rapid formation of ozone and secondary particles.
environmental impact, including the Hoy No Circula (No Driving Today) scheme banning 10+ year old vehicles one day a week, encouraging more cycling, and promoting environmental certification of public and private companies. Regulations now require all industrial companies producing hazardous waste to certify
by Sandra Villanueva and Fernanda Zubizarreta

Co-authors Sandra Villanueva (left), Media Supervisor, and Fernanda Zubizarreta (right), Marketing Manager, of AENORMexico, which certified Santander Servin to ISO 14001. AENORMexico, Presidente Masaryk 473-3, Colonia Polanco, M-11510 Mexico DF. Tel. + 525 55 280 77 55. Fax + 525 55 280 78 80. E-mail aenormexico@aenormexico.com Web www.aenormexico.com
Today, sustainability issues are becoming generalized, nonnegotiable demands of the general public. In the business world, sustainability extends to social, economic and environmental responsibility. And regardless of the sector in which a company operates, social responsibility implies a commitment to reducing its impact on the environment. One company that has taken the lead in its sector by demonstrating such a commitment is Santander Serfin, a member of Grupo Santander and the first banking institution in Mexico to implement an ISO 14001based environmental management system (EMS).
Taking up the challenge

Reducing pollution is top of the governmental, corporate and social agendas in Mexico. Various initiatives have been taken in the capital city to reduce
(Left to right) Enrique Mondragn and Edmundo Prez Toledo, ISO 14001 team managers at Santander Serfin, display the EMS certification awards.
INTERNATIONAL
and energy, the generation of waste in its many forms and the distribution of products and services, until the moment comes when they used by the consumer and then discarded. This prompted Jos Rodrguez Ziga, Maintenance Manager at Santander Serfin, to ask : What is the actual impact we cause on the environment as a banking institution ?
Teamwork gets the credit

For a successful implementation of ISO 14001, all departments of the organization should become involved in the process to ensure that the EMS is correctly applied and functions properly. This extends to the interaction between the building and the personnel that work in it. That is an integral part of environmental management. In the case of Santander Sern, architect Edmundo Prez Toledo, Vice Manager of Real Estate and Head of the Banks Environmental Committee, credits the companys successful EMS implementation to the work of many of its departments. The following departments, in particular, continue to participate actively :
Santander Serfins ISO 14001-certified Santa Fe Corporate Centre building in Mexico City 1).
their waste collection, handling and elimination systems. However, there is less obligation on service companies to reduce the emission of pollutants or consumption of non-renewable materials. Instead, they are expected to take action voluntarily in the context of social responsibility. Santander Serfin was the first financial institution in Mexico to take up the challenge. icy Plan. The objective was to integrate environmental protection with strategy and management, and achieve ISO 14001 certification. In December 2004, after more than a years work, AENOR certified the administration, management and maintenance of Santander Serfins Santa Fe Corporate Centre building in accordance with ISO 14001.
Reduction of water, paper and electrical consumption largely depends on the awareness of the employees
According to Gerardo Martnez Ruiz, Services Manager, the impacts identified were translated into key objectives reduction in the consumption of non-renewable resources such as energy, water, paper, and controlled management of toxic waste and hazardous residues. Once we were aware of the impact of the bank on the environment, said Carlos Silva Hernndez, Legal Manager, the next step was to adapt the requirements of ISO 14001 and applicable legislation to a banking institution. In doing so, the organization realised that many of the processes had already been implemented, but had not been put into writing, and that implementation of ISO 14001 would help to bring the pieces together.
Legal
In charge of adapting the existing legislation and standards, to comply with the banks established provisions and objectives, and to ensure that the system is kept up to date.
Reducing pollution is top of the governmental, corporate and social agendas in Mexico
The company, together with Grupo Santander, decided to implement an EMS as part of its Corporate Social Responsibility and Environmental Pol-
Environmentally smart
Constructed in 1994 and housing some 1 800 employees, the companys corporate centre was designed as an environmentally smart building from the outset. This in itself was a good starting point for staff members directly involved in the implementation and certification process. However, further measures were required to reduce the environmental impact still more. According to the ISO 14001 approach, all business activity involves the possibility of generating environmental impacts, such as the consumption of raw materials
Quality
Responsible for implementing the EMS and monitoring the system by coordinating internal audits.
Maintenance
In charge of maintaining the buildings equipment in good condition to reduce polluting emissions. Also responsible for installing devices to reduce the consumption of water and electricity.
1) Banco Santander Serfin, Prolongacin Paseo de la Reforma #500, Col. Lomas de Santa Fe, Mxico, D.F. C.P. 01219. Tel. + 525 55 257 80 00 ext. 46177. Fax + 525 55 257 80 00 ext. 46174. E-mail edmperez@santander.com.mx Web www.santander-serfin.com
Services
Responsible for managing the buildings non-renewable resources, such as water, electricity and paper.
INTERNATIONAL
Security and Civil Protection

This department implements emergency plans as required by ISO 14001 (4.4.7 Emergency preparedness and response), covering actions taken by employees before and after an emergency, and reducing environmental impacts by eliminating risks such as excessive accumulation of paper, cleaning products and used batteries. Corporate Security Manager Julio Cesar Gonzlez Loera explains that special containers have been designated to store the smallest possible quantities of hazardous materials, such as used batteries or empty ink cartridges. These can also be used by employees to dispose of similar household waste.
Economic advantages
Although the main objective of implementing ISO 14001 was to reduce the companys environmental impact, Santander Serfin has achieved economic advantages as well. In 2004, the year of implementation, the corporation reduced consumption of photocopy paper by 60 %, energy use by 38 % and water by almost 5 %. These savings have been reflected in the lower cost of these services.
water treatment plant, employees made bigger efforts to save water as a result of EMS awareness. Reduced electricity consumption was achieved by better time control of the air-conditioning and lighting equipment, and by installing sensors.
Vargas Romero, Quality Managers. The reduction in the consumption of water, paper and electrical energy largely depends on the environmental awareness of the employees. They were really committed to the cause because it is a noble issue and something one can achieve at home too, says Violeta Caro del Castillo, Vice-Manager of Corporate Communication.
Awareness was the key

The successful implementation and operation of Santander Serfins ISO 14001-based EMS owes much to the participation of all 1 800 employees at the Santa Fe Corporate Centre building. Meetings to explain how the EMS functions emphasized the fact that the banks environmental policies and objectives would only be realized if every employee collaborated. Certification was an achievement for everyone. Employees took up the challenge with enthusiasm, and that is the reason for our success, explained Araceli Paz Gamero and Diana
Sowing the seeds

Mexico has been making great strides in environmental issues, and even though there is still a long way to go, Grupo Santander has participated as part of its social responsibility programme. This first seed will create awareness in neighbouring companies and this is important since it needs a collective, not individual, effort if we are to have a better country in which to live, concludes Carlos Silva Hernndez.
How was it done?

The bank purchased photocopying machines that use recycled paper and made employees more aware of the indiscriminate felling of trees for papermaking. These were key elements in dramatically reducing paper consumption. Although the building always had water-saving toilet facilities, a rainwater collection system and its own internal
Medical Service
The Medical Service collaborates by coordinating the handling and elimination of medicines, infectious biological waste and sharp medical implements, outsourced to a specialized company.
Training
Provides training for all company personnel and supplier company staff, tailored to their particular EMS activity.
Communication
Disseminates EMS information through the Intranet to all who work in the building and reinforces the message via a monthly magazine and regular campaigns.
Human Resources
Coordinates the participation of all head office employees in the EMS.
It was all about team work : the ISO-14001 implementation team at Santander Serfin proudly display their certificate.
SPRING cultivates harvest of standards for Singapores service-rich economy

With the service sector contributing 62 % of Singapores gross domestic product (GDP) and 77 % of employment, the Singapore Government places great emphasis on the development of standards for services. A first in this field will be the Singapore Standards on Exhibition Terminology.
by Lim Lee Fang

Lim Lee Fang is a manager with the Standardization Department of SPRING Singapore (Standards, Productivity and Innovation Board).
E-mail stn@spring.gov.sg Web www.spring.gov.sg Web www.standards.org.sg
Ask the man or woman on the street what standards mean to them and they may answer ISO 9000 or ISO 14000 . Others may mention manufacturing standards that exports must meet to enter overseas markets. What the passer-by may not know is the growing importance of standards for the service sector. Singapore is one of the few countries in the world pushing for national standards for the service sector, given the increasing importance of services to its economy. SPRING Singapore (Standards, Productivity and Innovation Board), Singapores national standards body and champion of small businesses, has been actively identifying and developing standards for the service sector. SPRINGs Chief Executive Loh Khum Yean comments : With services making up more than half of economic activity for nearly all WTO members and trade in services making up nearly a quarter of overall global trade, we recognize
its rising potential and importance. In Singapore, the service sector is a vital engine of growth, contributing 62 % of our GDP and 77 % of employment. It is, therefore, critical to initiate and develop national standards for specific service sectors to address key concerns that may impede growth.
by ISO and co-sponsored by the World Trade Organisation (WTO), on Service standards for open global markets . And it has not looked back. Work commenced on two national standards for exhibition management services immediately after the AsiaPacific Regional Seminar in 1998 and shortly after that, work began on performance
Structured approach
Singapores journey towards the development of service standards began in 1998 when it hosted the first of four regional seminars, organized
Singapore has developed the worlds rst national standard on exhibition terminology to help enhance and raise service and operational standards in the exhibition management industry.
The recent development of a technical reference on maturity assessment for e-supply chain management (eSCM) will benet enterprises in the logistics industry, especially in terms of reduction in costs related to order-tracking and recovery, logistics, production management and inventory holding.
standards for property management agents and for the cleaning of commercial premises.
The service sector contributes 62 % of Singapores GDP and 77 % of employment

With the increasing number of standards for the service industry, SPRING established the Services Standards Committee (SSC) in October 2001 to oversee this work under the national standardization programme. The SSC led the development of standards for services with the following objectives in mind : nurture a pro-business environment that encourages enterprise formation and growth ; drive the development of selected service industries through collaborative efforts with business associations and stakeholders ; enhance the productivity, innovation and competitiveness of enterprises ; and increase access to overseas markets and opportunities. A total of nine committees, which comprise technical committees and working groups, have been formed to look into standardization for the tourism, exhibition, logistics, environment, financial planning, education, healthcare and retail services. Typically, these committees are made up of representatives from industry associations and relevant government agencies, together with selected industry players. To date, seven service standards have been developed and launched. SPRING Singapore also works closely with industry associations to encourage the use of standards with a high impact on productivity through our standards implementation for productivity (SIP) projects to increase the competitiveness of industry in Singapore. ed Singapores proposal for such a standard in February 2005. Stephen Tan, Chief Executive of Singapore Exhibition Services Pte. Ltd., will lead the working group. Ten member countries have indicated their interest in participating in this new ISO working group. The 10 nations, including Singapore, are Canada, China, Japan, France, Norway, Russian Federation, South Africa, United Kingdom and United States of America. The first working group meeting will be held in Singapore this year.
Exhibition management
Today, it is significant that ISO has decided to develop an International Standard on exhibition terminology, using one of the Singapore standards as the initial draft. ISOs Technical Management Board (TMB) formally accept-
Singapores efforts in developing the worlds first national standards on exhibition services started in 1998 when ISO announced services as a new focus area. As exhibition trade shows in Singapore attract more than 85 000 foreign trade visitors and 27 000 foreign exhibitors each year, there was great potential for this industry. With the local exhibition industry behind it, SPRING Singapore proposed to ISO the development of a new ISO standard on exhibition terminology. This standard will help enhance and raise service and operational standards in the exhibition management industry by reducing uncertainties and ambiguities caused by the different usage and understanding of fundamental terms, allowing for more effective and meaningful trade show comparisons, and ensuring industry professionalism and integrity. The International Standard will be a rst crucial step towards facilitating the development and growth of this industry worldwide.
To this end, Singapore has developed a technical reference on maturity assessment for e-supply chain management (eSCM) based on the US Supply Chain Operational Readiness model. The eSCM assessment programme identifies the potential world-class eSCM capabilities that companies should adopt. It is a live and evolving standard that will incorporate global ebusiness and supply chain best practices.
The standard provides better defined and measurable requirements. This helps spur cleaning service providers to improve their quality of service delivery and achieve a higher standard of cleaning. With increased automation and mechanization of the cleaning equipment, as well as the use of information technology, the professionalism of the industry will also be raised. Pest management As Singapore is a highly urbanized country, good pest management is important to ensure that residents can continue to enjoy a hygienic environment with fewer pests. This newly launched national standard on pest management serves as a guide to Town Councils managing public housing estates. It is also the first known national standard for pest management. It specifies and standardizes the scope of work in their contracts. At the same time, it provides a set of performance benchmarks that can be used to measure the quality of the performance and technical competence of the pest management companies.
Other services standards and standards implementation projects in the pipeline include: Hotel security Amidst the current threats and fears of terrorism, there is increased emphasis on security to boost the tourism sector. This is one of the key concerns for Singapore, especially with a high tourist arrival rate of some eight million visitors a year. It was therefore timely when SPRING Singapore initiated the development of a standard on hotel security with the Singapore Hotel Association.
To date, seven service standards have been developed and launched

The two targeted industry sectors are high-tech manufacturing and logistics. Expected benefits to the local enterprises include reduction in costs related to order-tracking and recovery, logistics, production management and inventory holding. Cleaning services The cleaning industry is generally viewed as a domestic industry with a large pool of unskilled or semi-skilled labour. To improve the image and productivity of the cleani n g i n d u s t r y, t w o n a t i o n al standards using performance-based benchmarks were launched. One was for commercial premises which incorporated aspects of a NEN (national standards body of The Netherlands) standard and the other is the first known national standard for the cleaning performance of public housing estates.
There is increased emphasis on security to boost the tourism sector

This will provide the framework for hotels to set up a security management system, thus, enabling them to provide a higher level of safety, security and assurance to guests and staff. Retail E-business messaging Singapore supports the widespread adoption of the e-business messaging standards, developed by EAN Inter-
Making headway
Besides the exhibition service standards, Singapore has also launched service standards in e-supply chain management, cleaning services and pest management. Logistics Singapores connectivity to the world enables the quick exchange of goods, capital, information and ideas, so there is a continuous need to strengthen our logistics infrastructure.
national. It is based on the XML standard for use on the Internet, and implemented for e-procurement by the fast-moving consumer goods (FMCG) industry.
It lays the foundation for e-business and will assist small and medium-sized enterprises who previously were unable to participate due to the high cost of the technology standard, electronic data interchange (EDI). With the new e-business messaging standard, the FMCG industry can now be more cost-effective and respon-
sive in meeting customers demands and challenges in the market place. Electronic product code Another project to support the FMCG industry is a pilot scheme to tag all pallets, cartons and cases with the electronic product code (EPC). This scheme will result in raising supply chain efficiency by addressing problems such as product diversion and tracking, supplier replenishment, production planning, goods receipt at the distribution centres, inventory control and storage, real-time availability of products and other inventory-related issues.
sized enterprises, and is based on the XML standard. With electronic processing in place, companies which are linked up through the system can download customs declarations and shipping documents. This saves both time and money by cutting out manual delivery, reducing paperwork and limiting human error. Personal nancial planning The financial planning industry in Singapore has high growth potential given the increasing number of products being launched and demand from consumers. Participation by this industry in international standardization is timely, especially with banks accountants and lawyers entering the traditional territory of the insurance companies. Singapore is participating in the ISO technical committee ISO/TC 222, Personal financial planning, and has a national mirror committee monitoring the international standardization activities. Our industry partners are actively participating in the ISO/TC 222 working groups.
SPRINGs CEO Loh Khum Yean: In Singapore, the service sector is a vital engine of growth... It is, therefore, critical to initiate and develop national standards for specic service sectors.
SPRING and standards

SPRING Singapores mission is to enhance the competitiveness of enterprises for a vibrant Singapore economy. We work to nurture a pro-business environment that encourages enterprise formation and growth, facilitates the growth of industries, enhances productivity, innovation and the capabilities of enterprises, and helps increase access to markets and business opportunities. Our vision is to nurture a host of dynamic and innovative Singapore enterprises. As a national standards body, SPRING Singapore has been actively promoting and encouraging companies to use and adopt Singapore Standards in manufacturing products and services. Where feasible, Singapore Standards are aligned with International Standards to facilitate greater market access for Singapores manufactured goods and exports. As at March 2005, there are 756 Singapore Standards and 18 Technical References. Of these, 83 % (227) are aligned with International Standards. The alignment strategy supports Singapores open trade policy and eliminates incidences of standards becoming unnecessary technical barriers to trade. SPRING is actively participating in 31 ISO standards development committees and four IEC (International Electrotechnical Commission) committees, and holds three working group convenorships.
Singapore launched the first national standards on exhibition management services

The standard, which is developed by EPCglobal, will be applied to players along the entire retail store supply chain, including retailers, distribution centres and suppliers of packaged consumer goods. The EPC G2 specification has been successfully submitted by EPCglobal to ISO which has accepted it as a new work item for inclusion within the ISO 18000 suite of standards for automatic identification and data capture techniques. RosettaNet standards SPRING Singapore works very closely with industry organizations such as RosettaNet Singapore to help facilitate the use of new RosettaNet e-business standards in logistics, particularly among small and medium-
The path forward

Looking to the future, SPRING Singapore will continue to work closely with relevant industry bodies to identify areas critical to the growth of the service sector in Singapore. Standards addressing the gaps identified can then be developed so that companies in these industries can benefit from higher productivity, greater professionalism and increased efficiency.
NEXT ISSUE
ISO INSIDER
Lessons of the ISO 14001 SME survey
There are more than 72 million registered small and medium-sized enterprises (SMEs) in the world, although as most businesses of this type are not registered, the actual figure may be in the hundreds of millions. Therefore, their impact on the environment is huge and a sustainable future without their involvement is inimaginable. This article examines the results and lessons of the recent online survey carried out by ISO to gather feedback on the use of ISO 14001 by SMEs.
SPECIAL REPORT
How do standards become global supply chain pressures or cultural convergence ?
It is clear that standards such as the ISO 9000 and ISO 14000 families have been adopted at different rates by countries across the world. Likely, the same will be true for the recently launched ISO guidance for social responsibility, and for trade-facilitating standards such as those disseminating RFID (radio identication frequency) technology. It is also clear that a range of factors contribute to the global diffusion of these standards : supply chain pressures, word-of-mouth, personal contacts, etc. For example, ISO 9001:2000 primarily affects the certied rm and its customers, but is not something that end consumers, nongovernmental organizations, or governments have much interest in, while the ISO 14000 family is more tied obviously linked to a broader subsection of global, societal interests.
This Special Report argues that global diffusion of standards which reect the interests of a broader group of stakeholders than customers only will be driven more by cultural forces than is the case for standards which are relatively narrow .
Improved ISO/IEC 17799 for secure information
INTERNATIONAL
The impact of ISO 14001 certication on Israeli exports
Companies in six countries that are leading trade partners of Israel were surveyed to nd out whether ISO 14001 certication by their Israeli suppliers had any inuence on their choice. ed companies are increasingly influential. This study of long-certied companies in southern India ranks the bene ts they report and, more importantly, reports what their customers have to say.
Focus on the United Kingdom

While product quality and safety has improved considerably over the years due to the role of standards, services have improved very little. Receivers of services often complain of poor service levels such as billing or complaints handling procedures. This demand side of business must be engaged to successfully address services issues. This article examines existing standards, those in development and comments on what further is needed.
The revised ISO/IEC 17799, Information technology Security techniques Code of practice for information security management, integrates the latest developments in the eld to maintain it as the international benchmark for protecting information in e-commerce.
ISO 9000 survey in India shows value of customer focus

As India climbs the world economic table, the experience and views of ISO 9000 certi-
l. . rviva ction su te s ation t pro s iz e be rgan o th your rves to se vital t de s se ion i s as at u ecio form r In hap Suc 5 : 20 0 9 177 9 a l n /I EC ation formatio I SO tern or in nt he in mark fnageme T ch ben urity ma sec
For most businesses, information security is essential to maintain competitive edge, cash flow, profitability, legal compliance and commercial reputation. For many businesses and nonbusiness organizations, information may be their principal asset. A breach of information security may threaten their very existence.
ISO/IEC 17799, the state-of-the-art countermeasure, has just been updated and improved. Use it to make your information assets even more secure !
Available from ISO national member institutes (listed with contact details on the ISO Web site: www.iso.org) and from the ISO Central Secretariat Web store at www.iso.org. E-mail enquiries to sales@iso.org.
Probably, youve heard the expression, One good idea can change your life !
Denitely, one good ISO standard could change your business for the better
ISO has more than 15 000 great standards for you to choose from !

Full Issue

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Full Issue

Transféré par

Droits d'auteur :

Formats disponibles

Vol. 5, No.

When Results Count. ISO Standards.

ISO Management Systems

Get me the money !

ISO/IEC 17025:2005. The international accreditation standard for competent laboratories.

How quality information helped save police officers life

ISO Management Systems July-August 2005 1

What sort of manager are you ? Type A or Type B ? AB

For A class managers !

Management take control of your audit process !

Overcoming language and literacy barriers to ISO 9001:2000 implementation

Santander Serfin takes ISO 14001 lead in Mexican banking sector

ISO, July-August 2005.

STANDARDS FOR SERVICES

ISO Management Systems July-August 2005 3

in on 005 i icatber 2 l Pubtem Se p

Failures in food safety can be dangerous and cost you plenty !

Seen from the front line

line of duty. It is worth paying attention to his viewpoint on ISO 9001:2000.

In Autumn 2004, Matt Morgan was shot and wounded in the

Wounded police officers perspective on ISO 9001:2000

ISO Management Systems July-August 2005 5

6 ISO Management Systems July-August 2005

VIEWPOINT Model for law enforcement agencies

ISO Management Systems July-August 2005 7

ISO 9001:2000 can be applied to every aspect of criminology

On the road to recovery

8 ISO Management Systems July-August 2005

Management take control of your audit process !

ISO Management Systems July-August 2005 9

10 ISO Management Systems July-August 2005

Example B: how management puts little in...and gets little out

ISO Management Systems July-August 2005 11

People generally do not like being audited

Critical success factors

12 ISO Management Systems July-August 2005

Serving the needs of management

Auditor arrogance should certainly not be tolerated

ISO Management Systems July-August 2005 13

Good practice for establishing the competence of certification body auditors

14 ISO Management Systems July-August 2005

of a technical expert(s) to fill the gap.

Generic knowledge and skills

ISO Management Systems July-August 2005 15

Specific knowledge and skills

16 ISO Management Systems July-August 2005

Generic knowledge and skills of audit team leaders

ISO 19011:2002 Section 7 Figure 5 : Relationship between the stages of evaluation.

Criteria met Criteria met

Continual evaluation of performance (7.6)

Criteria not met

Maintenance and improvement of competence (7.5) Audit team selection (6.2.4)

ISO Management Systems July-August 2005 17

Effective accreditation is essential for audit competence

18 ISO Management Systems July-August 2005

ISO Management Systems July-August 2005 19

20 ISO Management Systems July-August 2005

ISO Management Systems July-August 2005 21

Auditor certification provides an indication of generic auditing competence only

22 ISO Management Systems July-August 2005

ISO Management Systems July-August 2005 23

Clause 3 Terms and denitions

improvement of the management system.