Well we were treated the same as any of our clients. No significant difference during the documentation review (aka audit), precertification review (conducted simultaneously with the document review), the certification review was quick and to the point and every other post certification review over the last 24 years. Yes, you read right. 24 plus years we have been walking the talking. Currently three standards of 9001, 14001 and 45001 and soon 27001. We do present some challenges to our certification providers and in particular some hardship for our auditors, because we do things just a little different.
1. we prepare. We schedule the people they need to audit, when and the records they will review.
2. we don’t ask for a value-add audit. We ask for compliance to the standard with a minimal of audit duration and reporting. We keep our value add and continuous improvement internal.
3. our systems manage our business and often are apparent as to what clause of or the intent of the standard such activities relate to. We overcome this with our cross reference register and having all the mandatory retained documentation needed to enable our auditor to do their best.
4. we also prepare a brief of just what is our scope and our deliverables so that there is no mistaking what they are to focus on with regard our operations and contractual requirements.
It can be a little tough for them as we are not easily bluffed or led astray by what they might think would or should beneficial to us. But hey, we openly discuss the needs and expectations for both sides of this equation to make our audits one of verification and validation rather than some ethereal debate on what is risk based thinking –v- the need for a risk register (don’t get me started).