We know that within the ISO family of standards there are several standards that are certifiable, among them the most popular today are the ISO 9001: 2000 and ISO 14001: 2004 Standards.
In management systems, audits are tools used to determine the degree to which the requirements of the management system that were implemented have been met.
The findings of an audit are used to evaluate the effectiveness achieved and detect opportunities for improvement.
The audits in the ISO Standard scheme can be first party when they are carried out for internal purposes by the organization, these audits are called internal audits. Second party audits are those performed by an organization's clients to ensure that the organization meets the requirements of the standard required to purchase from you. And finally there are third-party audits that are carried out by independent and accredited bodies to recommend through certain committees the certification of other organizations.
It is interesting to observe in the different organizations in which management systems have been implemented under the principles of ISO Standards that can be certifiable. As audits are not always experienced as a natural process that adds value to organizational processes and should always have the stamp of continuous improvement.
Remember that these implementations require internal audits, maintenance and certification. The personnel who work in these organizations have to go through several audits a year that seek to detect deviations in the process in which their activities and tasks are subsumed.
This framework has been conducive to visualizing how in a high percentage of cases a thorough understanding of the audit itself, the role of the auditee and the role of the auditor is lacking.
In the first place we could say that the audit itself is a positive fact by nature. Someone with expertise and objectivity takes the time to evaluate the status of the process at work and its interaction in the management system in order to address deviations from it.
The auditee itself should receive an audit with the assurance that it is a contribution to continuous improvement. Someone with objectivity will observe the work and make a cross between it and the requirements of the standard that was implemented.
Unfortunately what is expressed in the previous two paragraphs is not very common. In part, and only in part, this is the responsibility of the auditors.
The ISO standards, through its ISO 19011 standard, give the general parameters for audits. Specifically, it provides guidelines for the auditor of quality and environmental management systems. This standard, plus the reading and understanding of the rest of the standards and the conceptual foundation provided by the eight principles of quality, among other elements, should give auditors an understanding of the scope of their role in management systems without problems.
In the first place, it is pertinent to say that an auditor is not a judge, he does not judge what he observes, he does not judge the people he is auditing, he has no power or authority to judge and sentence, he should not solve the problems visualized or order that it be done.. The auditor does not judge, is not and does not have the role of a judge. This is a basic premise of any management system auditor who wants to carry out their work in a responsible manner.
Second, to clarify that an auditor is not an inspector, he does not inspect, he does not have police power, the norm is not the same as the current legislation that inspectors seek to enforce. The standard is just that, a voluntary implementation standard. The management system auditor does not inspect, is not and does not have the role of an inspector.
The ISO auditor is a competent person to perform an audit of the management system. He understands that an audit is a systematic, independent and documented process to obtain audit evidence and evaluate it objectively in order to report the level of compliance with the audit criteria. An auditor only takes a "picture" of the management system, without judging. Furthermore, the alleged deviations found in the audit must be presented without categorical statements, it must only express what it observed from its place at the time of performing the audit at the audited site. This is very important. Nobody can at an organizational moment, which is how long an audit lasts, to be completely sure of something, especially when a large part of the audits are only samples.
Another issue that is hard to believe is how the idea that non-conformities resulting from audits can target people still persists in organizations. The Standard never says that a Non-Conformity can be made to people. There are, of course, the auditees but these are only facilitators to find deviations to the Management System. Non-conformities are always to the Management system. Unfortunately, this is not always clear and in the moments before or after the audits it is normal to hear that the staff say they are going to make me or they made me so many non-conformities.
This is not helpful, in the current context of organizations we already have enough with the orthodox models of implementation of the ISO Standard that have earned the Standard a reputation as complex and difficult. If we add to this that the role of auditors is not always clear, we end up understanding some ideas that circulate regarding implementations and systems under the principles of this international standard.
The auditor must re-read all the standards again, understand the principles that drive them. The auditor's work must once again be synonymous with commitment, ethics applied to reality and responsibility when intervening in the work of others.
