90 Perceptions of ISO 9000 and its derivatives
How we think about reviews, inspections and audits
Audits of the quality system were supposed to determine its effectiveness but effective-
ness seemed to be judged by the extent to which procedures were being followed. ISO
9001 Clause 4.1.3 did state that the system should be reviewed for its continuing
suitability and effectiveness in satisfying the requirements of the standard and the
supplier’s quality policy and objectives. The words underlined were added in the
1994 revision. Clause 4.17 did require internal audits to verify whether quality activ-
ities and related results comply with planned arrangements and to determine the
effectiveness of the quality system. Again the words underlined were added in the
1994 revision. But the original and modified wording seemed to have had no effect.
Quality systems continued to be judged on product nonconformities, audit findings and
customer complaints. Ten years later nothing has changed although there is a glimmer
of light on the horizon that might suggest that some auditors are looking at performance.
The management review was supposed to question the validity of these procedures,
the validity of the standards and the performance of the system. It was supposed to
determine whether the system was effective, i.e. whether the system enabled people to
do the right things right. But effectiveness was not interpreted as doing the right things;
it was interpreted as conforming to the standard. It led to quality being thought of as
conformity with procedures. The reviews and audits therefore focused on deficiencies
against the requirements of the standard and deviations from procedure rather than
the results the system was achieving. But as the system was not considered to be the
way the organization achieved its results, it was not surprising that these totally inad-
equate management reviews continued in the name of keeping the badge on the wall.
Audits did not establish that people were doing the right things. Had they done so the
system would have been changed to one that caused people to do the right things
right without having to be told.
It was often thought that the standard required review, approval, inspection and audit
activities to be performed by personnel independent of the work. Critics argue that as
a consequence both worker and inspector assumed the other would find the errors.
ISO 9000 does not require independent inspection. There is no requirement that prohibits
a worker from inspecting his or her own work or approving his or her own documents.
It is the management that chooses a policy of not delegating authority for accepting
results to those who produce them. There will be circumstances when independent
inspection is necessary either as a blind check or when safety, cost, reputation or
national security could be compromised by errors. What organizations could have
done, and this would have met ISO 9000 requirements, is to let the worker decide on
the need for independent inspection except in special cases. Alternatively, they could
have carried out a risk assessment and imposed independent inspection where the
risks warranted it. However, inspection is no substitute for getting it right first time and
H6663-Ch02.qxd 6/29/05 9:58 AM Page 90