A long-time professional college “The Honorable Scott Weyburn”, recently posted an interesting question focusing on benefits of ISO 9001 registration. I posted a response that prompted Scott to ask for more so here it is. Here is a link to Scott’s post which you might want to read first.
Understanding the Problem
The cause of the problem is easy to understand but difficult to correct. In my three decades performing nonfinancial audits for CBs if have found the CB customers primary interest is in sending a signal of sustainability to customers and other interested parties. Improving sustainability performance is subordinate to that perceived imperative. As a result, the organization focuses on passing the audit, not on having an effective management system. Investment is in readying for the audit not on the resources of an effective system. This is partially due to naivety and a lack of readiness in leadership in the organizations.
It is also due to financial tension within the organization. Investing in audit readiness only cost less than skillful implementation of an effective management system. Leadership calculates “If all I want is certification for messaging and developing a MS with that goal is cheaper than an effective system, why would I invest in an effective system?”. Leaderships misunderstanding is almost excusable considering the misrepresentation bombardment from CB’s and AB’s that their certifications and accreditation’s are evidence of system effectiveness.
Audit Services as Commodities
Another reason the certification process is failing is organizations seeking certification services perceive them as a commodity to be purchased from the lowest bidder. They do not understand certification audits are a professional service where auditor and CB competence are critical to obtaining a return on their certification investment.
To be competitive CB’s in the past would reduce the number of audits days and thereby reduce the cost of their service over their competitors. IAF implemented MD-5 to try to control this audit day downward trend. MD-5 is a complex system for determining audit days that was of some help early on. However, as time went on CBs recognized that the only way to be competitive was to reduce the day rates for auditors. Subsequently there has been a continuing downward spiral in compensation of qualified auditors, especially for contract auditors with no employment benefits.
Many experienced auditors like myself have subsequently reduced the number of audits we perform for accredited CBs doing only enough to remain competent for purposes of certification. The CBs now rely on inexperienced, inexpensive, and often incompetent auditors to perform audits on their behalf.
ABs Playing a Role
The ABs have also found themselves in a difficult financial conundrum. There has been much consolidation in the CB business reducing the ABs revenue streams. They recognize the threat to their clients, that major findings of auditor incompetence would bring, and are reluctant to issue meaningful nonconformities that compel change. The incentives created by the ABs for CBs to improve their performance are more prescriptive and lead to “lipstick on a pig” corrective actions that exacerbate the problem.
These are tough problems to solve that cannot be wrestled to the ground overnight. The financial assurance industry addressed similar problems with Sarbanes–Oxley Act of 2002 as well as in the Accounting Standards Codification issued by the Financial Accounting Standards Board (FASB). The best chance of fixing the underlying problems with assurance in the non-financial sector is to enact similar legislation which is unlikely to happen in the foreseeable future.
The Exemplar Global certified ISO 14001:2015 EMS lead auditor courses are presented over a two week period 4 hours per day Monday thru Thursday. In the first week students take the ISO 14001:2015 Environmental Management System content (EM) . The EM content is delivered from 8:00am to 12:00pm each day of class.
The first two days of the second week of the class is the Auditor content (AU). The second two days of the second week is the Team Leaders content (TL). A test is administered after each course module.
ISO 14001 – EM
July 6-9, 2020 August 3-6, 2020
Auditor – AU
July 13-14, 2020 August 10-11, 2020
9:00am – 1:00pm
Team Leader – TL
July 15-16 2020 August 12-13, 2020
9:00am – 1:00pm
Exemplar Global Certified Course Schedule
Certified by Exemplar Global
Understand environmental terms and definitions
View the ISO 14001:2015 requirements from an auditor’s perspective
Plan, manage, and schedule an audit program
Identify, understand, and manage environmental aspects and impacts
Understand the requirements of ISO 14001:2015 to be able to conduct a successful audit. The course includes hands-on workshops to prepare you for real-life auditing situations. You’ll learn to manage the audit process and complete reporting..
This is a four-day, instructor-led classroom course. There are written tests on each of the competency units on days 2, 3, and 4. Days 1 and 2 will cover ISO 14001:2015 along with a corresponding competency exam. Day 3 will cover management systems auditing (AU) along with a corresponding competency exam. Day 4 will cover leading management systems audit teams (TL) along with a corresponding competency exam.
Who Should Attend
Those responsible for planning and scheduling an internal audit program for ISO 14001:2015 and those who must perform audits to ISO 14001:2015, environmental, suppliers, managers, or anyone interested in conducting first-party, second-party, or third-party audits.
All attendees are required to bring their own copy of the ISO 14001:2015 Environmental Management Systems – Requirements. Copies will not be provided for you.
Describe the ISO 14001 Environmental Management System (EMS)-Requirements standard and development process
Describe the intent and requirements of ISO 14001:2015
Determine the evidence needed to demonstrate conformity to ISO 14001:2015
Apply the process approach and Plan-Do-Check-Act (PDCA) methodology
Identify aspects and impacts
Apply the principles, processes, and methods of auditing
Demonstrate the activities involved in preparing for an audit
Determine an effective audit in the context of the auditee’s organizational situation
Apply effective audit skills and practice personal behaviors necessary for an effective and efficient conduct of a management system audit
Establish and plan the activities of an audit team
Manage the audit process
Prepare the audit report and perform an audit follow-up
The purpose of this brief webinar is to discuss the advantages of using internal audits and corrective actions to check that an organizations Covid-19 program is effective. The webinar explores how organizations can use ISO 45001 management system tools to respond to new challenges from the Covid -19 pandemic.
As the economy reopens organizations are being required to establish new programs and controls to minimize the spread of the virus among employees. Internal audits combined with corrective action programs help organizations establish and operate effective Covid-19 programs rapidly.
The webinar covers the following topics:
Identifying Covid-19 compliance obligations
Risk assessment methods for determining which Covid-19 Risk to addressed
Establish operational controls for Covid-19 risks to employees
When and how often to audit the Covid-19 program
How to safely conduct Covid-19 audits
How to effectively address Covid-19 internal audit findings through corrective action.
Report the results of Covid-19 audits and corrective action to leadership
Kevin Lehner is a member of the US Technical Advisory Group (US-TAG) to ISO 45001: He is an expert and represents the US-TAG at international meetings. He recently traveled to Kigali, Rwanda to attend the 9th international meeting of TC 283 (interview with Martin Cottam in Kigali). Kevin is a certified lead auditor conducting ISO 45001 audits for clients including accredited ISO 45001 certification bodies.
The WDNR Green Tier program requires participants to conduct periodic “outside” EMS audits to check that the system is functionally equivalent to ISO 14001:2015. By law, the minimum frequency of these audits is once every three years for Tier 1 participants and annually for Tier 2 participants.
Many organizations choose to perform WDNR Green Tier audits more frequently than prescribed by the Green Tier law. Longer than a year between audits result in increased risk to the organization. Postponing an annual physical from your doctor increases the risk that a medical condition will becoming a bigger medical issue.
WDNR Green Tier audits also provide important information to leadership. Reviewing Green Tier audit findings during management reviews allows leadership to evaluate how the EMS is functioning and if it is achieving the intended results. Leadership may miss important information when it reviews the results of audits only every three years.
Organizations that invest in their WDNR Green Tier audit program have better performing EMS’s and get a better return on their EMS investment. ISO 19011:2018, Guidelines for auditing management systems provides guidance for organizations wishing to improve their EMS audits. This guidance includes:
WDNR Green Tier EMS audits evaluate audit criteria against audit evidence. Performing WDNR Green Tier audits ensures that “what should be is” and “what should not be is not”. Examples of audit criteria are requirements of Green Tier functional equivalence, compliance obligations such as permit requirements or requirements such as WDNR universal waste and hazardous waste regulations. They can also be internal requirements the organization has set for itself.
A robust EMS audit process and procedures coupled with effective corrective action process to address audit findings is critical to the effectiveness of am EMS. If the audit process or the corrective action process is weak the EMS may not be able to achieve the intended results of the EMS.
WDNR Green Tier Audit Corrective Actions
Green Tier audits are fundamental to superior environmental performance, but audits alone do not make changes that improve performance. Audits simply identify conformance and nonconformance to the requirements of Green Tier and the organizations internal requirement for the EMS.
Audits can be good news or bad news. If an organization is performing audits and find nothing but “good news” that is not especially noteworthy to leadership. Things are going along well, according to plan, and there is no identified need for action. When audits find nonconformances or bad news, this is good news to leadership because the audit has identified things that need to be fixed.
If organizations are either not performing effective audits or no audits at all this is bad news for leadership. Leadership has no way of knowing if the EMS is performing as planned. “No news” is bad news.
Audit nonconformance findings are good news and a source of EMS performance improvement. Audit nonconformances are not evidence of failure or reason to find fault. Doing so will create fear of the audit process within the organizations and increase the difficulty in gaining employees trust and cooperation with the audit process.
To benefit from the results of audits organizations also need to fix the nonconformance problems the audits discover. Performing audits and then being unable to correct the problems discovered is often a bigger problem than not performing audits at all. An example is an audit of regulatory compliance status that discovers a potential noncompliance. Uncorrected findings later discovered in a regulatory agency compliance audit could result in enhanced “knowing and willful” criminal penalties. Finding a potential noncompliance problem and not fixing it is worse than not finding it in the first place. To reduce risk, organizations need to take corrective action on audit findings in a timely fashion.
Some organizations struggle to get traction on their corrective action process for two primary reason.
A clear process or workflow for performing corrective action has not been defined and or communicated by the organization.
The organization has not established a systematic way to keep track of and report on if and how the nonconformance are being addressed.
WDNR Green Tier Audit Corrective Action Workflows
Corrective action workflows for audit nonconformance should be a team effort. Teams should follow several sequential steps collaboratively and reach consensus on each stage in the workflow. The last stage of the workflow is verification of effectiveness of the corrective action.
This team approach is similar to the collaborative product design process used by industries to develop products. The design process has desecrate points in the process called gates. Design teams agree that each step was completed before the design process can progress through the gate to the next stage
The purpose of this design review workflow is to ensure the design process is proceeding in a systematic fashion and to minimize the potential for design flaws that will become apparent in the production or use stage of product or service.
Figure 1 is an example of a corrective action workflow with approval gates and stages.
Gates separate some of the stages in the corrective action workflow. The number of approval-gates in the corrective action process can vary depending on the organizations’ needs. Stages in the corrective action workflow can include:
Stage 1 – New (Contain and Assign)
Recognition of the problem is the first step in the corrective action workflow. Recognition can occur as the result of an audit or incident. How the workflow proceeds after recognition depends on the gravity of the problem or incident encountered. The team leader or gate keeper needs to quickly decide what type of problem it is such as:
Easy to Fix – We understand the problem cause and we can just fix it because it is unlikely to recur
Not so easy to fix – We do not fully understand the problem but believe that the cause and solution can be discovered without commitment of substantial resources at this stage.
Difficult to fix – This type of problem needs significant resource (horsepower) to address it with skill.
The preliminary evaluation will determine the size and competencies of the team needed to address the problem.
The team should consider Immediate steps to contain the problem (stop the bleeding) and what that containment should be. Placing lables and dates on the universal waste containers corrects the audit finding.The person assigned to the corrective action task should not delay implementation.
Stage 2 – Investigate (Cause and Corrective Action)
Putting a band aid on the problem with a short-term correction alone will not address the underlying problem cause and the nonconformance is likely to recur. Determining the cause of a problem is necessary to find a solution that fixes the problem and prevents recurrence. The team should investigate why the problem happened in the first place.
Root cause analysis is a huge topic and there are many approaches to doing a cause analysis, but sometimes asking “why did that happen?” several times can help identify the underlying cause of the problem (5 why analysis). Other problems can be more complex and require more horsepower than a 5 why analysis can deliver. These types of problems may need more sophisticated cause analysis techniques such as Six Sigma (DMAIC), 8 Disciplines (8D) or others.
The root cause of the problem helps the team discover an effective corrective action that will prevent the problem from recurring. The team should reach consensus that the proposed corrective action is appropriate to the cause before the corrective action is implemented. This will improve the likelihood that the corrective action will fix the problem in a way that it will not happen again..
Corrective action solutions that are based on one individual’s perception of the root cause and how to fix that problem often oversimplify both the cause and the solution. The tendency is for individuals to hurry the process and close the nonconformance as quickly as possible. This leads to weak root cause analysis which in turn compromises the selection of an appropriate corrective action.
If the corrective action process is not monitored in a team setting the assignee is more likely to close out the issue (get it off their desk) as soon as possible. A team approach to the corrective action process that use approval-gates can help avoid this consequence. Approval-gates encourage robust cause analysis.
The following is an example of poor cause analysis and proposed corrective action for the audit finding that universal waste containers were not properly labeled and dated.
Proposed Cause – “The employee had not been trained in how to properly package and label the universal waste”.
Proposed Corrective Action: Train the employee in how to properly package and label universal waste.
This cause analysis simply repeats the finding. It does not describe why the problem happened in the first place and the proposed corrective action is more of a correction than a corrective action. Implementing this action will not ensure that the same problem does not happen again.
Root Cause Analysis
Figure 2 shows the results of a more appropriate cause analysis of the universal waste packaging and labeling nonconformance.
Once the root cause is identified an appropriate corrective action can be proposed that will prevent it from happening again.
Often there are several options for corrective actions that fix the problem in a way that it does not recur. Some might have potential to be extremely effective but are costly to implement. An example might be to outsource the universal waste management to a contractor that comes to the site daily to check that the universal waste is being management correctly. This is highly effective and can transfer some of the risk of universal waste management, but it is expensive to implement. Before the corrective action is approved the team needs to decide if the proposed corrective action is appropriate for the cause.
An appropriate corrective action decided by the team for this problem and cause might be something like:
Leadership will direct the HR department to develop a training matrix that shows competence required for all jobs including temporary fill in positions.
The HR department will develop a process(es) that require(s) employees to demonstrate competence to do a job before the employee can be assigned to that job including temporary fill-in positions.
The team should reach consensus that the proposed corrective action is appropriate for the root cause before it is implemented. Once approved the actions should be implemented without delay.
The team implements the corrective action after it is approved by the team and its leadership. One individual can implement a simple corrective action quickly. Complex problem solutions may require development of a project plan that assigns team members tasks. Task assignee’s need to accomplished these task by established dates. The team monitors progress on the tasks and periodically reports to the team leaders.
Stage 4 – Verification of Effectiveness
Verification confirms that the agreed upon corrective action was implemented as planned. It also confirms that the corrective action implemented was effective and fixed the problem in a way that it will not happen again.
Corrective action verification is usually performed by internal or external auditors during regularly scheduled or other audits. Others in the organization or on the team can perform the verification but it is important that the verifier be independent to the implementation process or the area where the verification is occurring.
Stage 5 – Closed
Team can close the corrective action after it has been verified. The team may need to invest additional effort if the verification finds that the corrective action implemented did not fix the problem. The team may need to re-investigate the cause and to re-propose and implement another corrective action.
Communicating and Tracking Corrective Action Status
A significant stumbling block that organizations sometime encounter when addressing nonconformances is the absence of a method to communicate and track the status of completion of the corrective action. Information about corrective action status has traditionally been paper based or electronic. These systems assign a corrective action task to someone to investigate and complete.
The team leader passes the physical or electronic copy of the corrective form to team member responsible for investigating the cause and proposing a corrective action. Then the paper or electronic copy is passed to other team members to add information or it is returned to the team leader for review and approval.
Assignee’s can misplace paper or electronic copies of corrective actions. Paper-based tracking systems require large three ring binders to store the completed corrective action forms and associated supporting documentation such as pictures or other evidence of completion of the corrective action. Electronic documents are often individually stored in folders located on the organizations servers or in the cloud.
With paper-based systems, communicating the overall status of corrective actions to leadership requires a labor-intensive process of thumbing through the three ring binders and manually recording the status of the corrective actions. Individual documents stored on servers or in the cloud have similar problems. Sorting through individual folders and files takes time to to find important information about the corrective action program. Use of electronic spreadsheets can help here but create other problems that limit the effectiveness of this solution
Corrective Action Tracking Database Apps
Industry 4.0 revolution will soon fundamentally and significantly change almost all business. This revolution is helping organizations store data optimize equipment and operations using the cloud environment. Organizations will be able to access enormous amounts of information with a click. Affordable cloud-based applications that track corrective action progress progress of are now becoming available to all types of businesses. Some of these application are easy to use and allow quick access to trends that inform management decisions.
The heart of these cloud based applications are databases that organize and store information. They help communicate the status of corrective actions to team members and leadership. These applications make it easy to monitor the approval-gate process and communicate with team members via automated emailing functions when the status of a corrective action changes or is approaching a due date. Correcttrack.com is a cloud based application that helps organizations keep track of Green Tier audit findings and improve the effectiveness of the corrective action process.
WDNR requires Green Tier participants to periodically audit their Green Tier EMS. Audits confirm the organization has established and is operating a “Functionally Equivalent” EMS that results in superior environmental performance. They are the critical “checking” part of an effective functionally equivalent EMS. If performed with skill the audit results can provide important information that the organizations leaders need to determine if the EMS is achieving its intended results.
Ensuring the results of audits are addressed in a timely fashion is critical to an effective EMS. This is especially true for nonconformance and noncompliance audit findings because findings that go unaddressed or with poor corrective actions increase the risk to organizations than if audits had not been done at all.