In this blogpost trilogy, I discuss three different types of audits. In this article you will read more about the third party audit, also known as the certification audit. 

This blogpost is a part of a trilogy about audits. Read our first blogpost in the series and learn more about internal audits. 

The expectations of a third party audit

A third party audit is a type of audit that you pay for, which leads you to expect some added value in return. In this case, you expect the auditor to find something new or unexpected to improve your management system. Because, let’s be honest, you already know where some of the nonconformances in your quality management system lie. 

So what you really want them to find is a flaw in your management system you weren’t aware of. Because that’s something that would really add value to your management system. 

When the certification auditor doesn’t find unexpected flaws, the auditor doesn’t add any value to your company. If that’s the case, I’m convinced you must inform your certification organisation.

A third party audit gone wrong

When I was still working as a quality manager in a factory, I was audited for ISO 9001. The outcome of the ISO audit was that if non-conformances popped up,  I had to put my nonconformances on a red paper I had to put on the blocked pallet, to make sure that it was visible to everybody in the organisation. Of course, everybody in the factory was already informed about this nonconformance, because the product with this nonconformance was already blocked in our system…

It was the only flaw the auditor came up with and it didn't add any value to our management system. It wasn’t something I could improve my management system for. And I, of course, was aware of many other nonconformances that could be improved in our management system, but the auditor simply didn’t pick them up. 

Although one minor nonconformance could sound great for your company, I picked up the phone and called the certification organisation. I told them the auditor didn’t have to come back to our factory because he simply didn’t add any value. 

Three ways to improve your quality management through a certification audit

1. Ask questions
   The first way to use a certification audit to improve your quality management system is by asking questions during the audit. A lot of consultants will tell you “Don’t ask the auditor any questions. Just answer their questions but in any case, don’t tell them more than they’ve asked for.” Don’t listen to them. Because, if you don’t ask your auditor any questions, how can you learn from an expert in quality? How can you improve your management system? How do you learn to make interpretations of the quality standards? 
   
   So in my opinion, the best way to get more out of certification audits, is by asking questions. And during the first follow-up audit I had to supervise, I did ask all the questions I wanted answers to. When the auditor finished the audit, my general manager asked the auditor how I did as a supervisor, and the auditor answered: “He asked a lot of questions.”
   
   Another time, one of the consultant auditors told us specifically not to ask any questions. And I still did. A lot. I learned to prove myself as a quality manager and learned a lot about how to interpret the standard. 
   
   So don’t be afraid to ask questions, as long as you don’t ask the certification auditor for advice, because that is something the auditor is not allowed to do. 
    
2. Challenge the findings
   A second way to get all of the information you can out of a third party audit is to challenge the findings of the auditor. If you think the auditors’ findings aren’t correct, challenge them. 
   
   The auditor will be happy to explain why some elements in your management system cause a nonconformance. Discussions are interesting for the auditor as well, because they will challenge him and teach the auditor something as well. So not only is challenging the auditor an obligatory exercise, it’s also an interesting discussion about quality. 
    
3. Take corrective actions
   Make sure to improve your management system with the findings of the audit. Because, at the end of the audit you will receive a list with nonconformances, which creates opportunities to improve. 
   
   Use these results. Every finding should result in a corrective action. And for me, a corrective action is an action you’re going to take to structurally improve your management system. 

What you should be aware of

You paid the certification organisation to conduct an audit. The goal of this audit should be to obtain a certificate or to keep the certificate. This means you have a commercial relationship with the certification company. 

This commercial relationship might impact the value of the audit for your management system. The certification organisation wants to gain or keep their customers. If the outcome of the audit is negative, they will lose a customer, which also means you just might go to another certification company to receive the certificate anyway. 

Some certification companies even hire freelancers to conduct the audit on their behalf. Because the freelancer, as well as the certification organisation, might lose a customer, which makes the financial impact even bigger. 

As a result, when the certification audit is done by a freelancer, the risk of having even less value coming out of these certification audits is even bigger. 

So the outcome of a certification audit will mostly be positive. 

That time a company passed the certification audit anyway 

One time, a company wanted to receive a certificate and asked for a certification audit. The first time they got the audit done, they got a C on the outcome and received the certificate. 
After reassessing the audit the following year, they received an A.

But the year after that, a new auditor came by again. This time, the auditor had to call the certification organisation during the audit, because the auditor wasn’t sure if the company was even gonna pass this follow-up audit at all. 

The answer of the certification organisation to the auditor was to at least give the company a B on their audit. On top of that, when top management of that company heard about the B, they weren’t happy about the result. They wanted to receive an A on their audit outcome, just like they received during all of the previous audits. 

Three months later, they got the A back on their wall.

In my opinion, it’s highly unlikely to have fixed all of the nonconformances in the time span of just 3 months time… 

So be aware: some certification organisations are willing to do anything in order to keep their customers. 

Make sure to use my tips to get everything out of your third party audit. Want to know more about the third party audit? Don’t hesitate to contact me! 

You can read part one of this blogpost trilogy here, where I discuss how an internal audit can add value.