And in the real world BLOG
Does your certification provider supply you with an audit plan? Do they supply it with sufficient time before the audit commences? If the answer is no to either or both of these questions, you deserve better. Without this invaluable tool, how can you satisfactorily prepare for the audit? Never forget that the certification process is a relationship journey, not just one of inspection and compliance. When you are in a relationship, both parties need to contribute. It is very difficult to ensure the right people are available at the right time so that the auditor is reviewing the right process owners and associated records.
There is a cornerstone to any effective communication policy and that is having one source of truth. One environment for knowledge preservation. Sure it is not mandatory, but it makes effective communication very difficult with out one. So we use (funnily enough) myQuality for all things quality.com.au. Sure it has secret spaces, hidden IP, and needs internet connection, but without it we can’t function and we have no effective communication. But we do and so comms are streamlined and factual.
In the real world it is all about context. What do you do? Why do you do it? At quality.com.au (QCA) we have both of these on our home page on the web. We also have it in every newsletter we send out. However, it needs to be a little more specific than that when it comes to our certifications, professional indemnity and our intellectual property insurances. So in that space we document and retain in our myQuality portal to ensure the directors and our interested parties are on the same page.
Let me remind you (because it is worth it), at quality.com.au we claim to design, develop and implement quality management systems. We are even certified to ISO 9001 to do so. Nice huh! Our controls are the contracts, checklists and quality plans we develop as part of the project plan. Next our design outputs are subjected to internal audits, external audits and even peer review as EVERY project has an assigned project director to ensure all facets of every project is delivered.
Our current certification provider is Global-Mark. They primarily use subcontractor external auditors. They do have employee external auditors, but they a small in number. Do we care if the external auditor is employee or subcontractor? No. But we do know and that ensures transparency. Our current auditor is a Global-Mark employee. He has a great technical knowledge of the three standards we are certified to (soon to be four) and has grown in expertise with his understanding of commercial reality and the simplicity of small business. And we are not easy to audit either.
In our world we take preparation very seriously. We ask for the plan. We develop our own plan to correspond to what the auditor wants to see. We ensure our people are briefed and agree to specific time slots. Then we further develop our road map to ensure our auditor has the right information to do his or her job right and meet their back office compliance review needs. We do go a little extra and prepare anticipated records they will want to see, PDF’ing them ready for review. We also ensure there are fall-back people and data so the audit flows well should any hiccups occur or availability issues arise.
At quality.com.au we have many interested parties, many internal and external requirements, many external providers who provide products and services for the delivery of our strategic plans, quality objectives, risk management and, of course our quality management systems delivery to our clients.
In our world we define the responsibilities, authorities and verifications of all people in our policies, procedures, employment contracts, subcontractor consultant agreements and external provider agreements. Each have specific terms and conditions. Each enables the person or company to modify ‘bits’ to best suit them and our commercial partnership. These are managed through open communication in all of its form.
Nothing says more for leadership and commitment than walking the talk and communication. Within the realms of our vast organisation that means; one source of truth, uniformity in application, strategic planning, clears goals and objectives, corporate certification, legal compliance, ethicacy and so much more.
To the extent necessary, our company maintains documented information (policy, procedure, instruction, etc) to support the operation of its processes; and retains documented information (records) to have confidence that the processes are being carried out as planned. These documents and records are managed with our proprietary product, myQualityTM which enables us to add and indeed subtract or archive as we need.
We have a rolling three year plan. The current one finishes this December, the next one starts in January 2022. We are writing that one as I newsletter. It contains all of the above requirements from the standard and a little bit more. Heck, it even talks about succession plans and blue sky thinking. But we don’t just write it and then leave it fallow. The plan is reviewed biannually by the directors to ensure there is no drift. Sure there is always drift, but we react, improve, test and rethink.
Here are at quality.com.au we follow a strict formula to ensure what our clients want (whether they know it or not) and what they get align, and align with a great deal of accuracy. A big call? You bet. When you retain our SaaS product (myQuality) and our services (design, implement, certify and support), there cannot be any surprises.
Yes we have an Objectives Register. Yes, it is split into quality, environment, safety, information security and strategic. Yes, we have several programs, targets and results for each. Yes, we freely make this available to all our stakeholders. Yes, we review it every management review. Heck we even reference and tie in our business plans, strategic plans and heaven forbid, our sales and marketing plans. And does it help? Well, it is mandatory for our 4 certifications, but most of all it helps our shareholders focus on why we are business and why we do what we do!
One virtual site. Nothing more. Nothing less. Over 80 actual project sites around the world, but only one certified site. Sure we have our ‘head office’ at Pyrmont listed as our registered address, but the reality is our company and our systems only exist in the cloud. We might actually put a bum on a seat in a client office from time to time, but all the evidence of engagement, delivery and support reside on a connected device.
Well in our world, the site is our registered office in Pyrmont. But nothing, and I mean nothing ever happens there that is covered by our scope of operations. In fact, all operational, in-0scope activities before contract are virtual with an even split between virtual service delivery or on-site service delivery using our very own virtual systems in myQuality, or the clients virtual systems and even the odd LAN based systems. We are not required by any contract to have the project ‘office’ certified. We do however, run our operational health checks and internal audits on all things operational, but once again, that is a virtual scenario.
Well we pretty much follow the above words. Fortunately, since we use myQualityTM ourselves, we have our audits conducted remotely. Even before lockdowns. So, the plan arrives, the people are set and the audit is conducted. We also have a provider, who then plans the date for the next audit. Twelve months out! Excellent.
Well we were treated the same as any of our clients. No significant difference during the documentation review (aka audit), precertification review (conducted simultaneously with the document review), the certification review was quick and to the point and every other post certification review over the last 24 years. Yes, you read right. 24 plus years we have been walking the talking. Currently three standards of 9001, 14001 and 45001 and soon 27001. We do present some challenges to our certification providers and in particular some hardship for our auditors, because we do things just a little different.
In the real world it is all about context. In our business, we were like everyone else way back last century. We offered far more than we would like to do, but in order to make ends meet, we took on more and more until we finally burnt out resources or decided not to live with the lack of gross margin. We were then ‘lucky’ enough to realise a cash flow that enabled us to niche and to focus on what we did, what we did well and what we wanted to do. In particular it was to make quality certification easy and to make it available to any business.
I am often asked this question. The provider we currently choose and trust to provide quality.com.au with certification to ISO 9001, 14001, 45001 and soon 27001 is Global-Mark. We have been a client of Global-Mark since the day Herve Michoux (Managing Director) opened his doors for business (circa 2007). They made the transfer process from our previous provider seamless and painless with no extra fees. We like their personnel, processes, back office support and automation, ensuring we get what we deserve from a certification provider.
The short answer is… when they are due. Then we consider when it is convenient for the provider and then when it is convenient to us. For us, it is anytime. We don’t prepare for external audits. Our systems are living breathing systems that can come under scrutiny whenever. Sure we get busy. Sure there are always external factors that might sway us. But certification is a strategic objective for us so we give it the attention it deserves. Having said this, we are fortunate with our provider (Global-Mark) who assigns us a dedicated client manager to deal with all planning matters when it comes the audit dates.