Saturday, 7 November 2009

The need to conform (ISO vs ISA)

In one of blogger Justiffa's earlier posts (Audit Fever), she tells the story of experiencing stress and anxiety in facing auditors checking the workplace compliance to ISO procedures.

For those of us who work in ISO-certified organisations (manufacturing, engineering/construction, service industry), the yearly audit exercise is looked on with some dread. While the main objective of all audits is to detect for conformance to the agreed procedures and improving weaknesses, most of the staff hate to be audited because they do not wish to be seen making mistakes. It is simple human nature. Everybody thinks (or wants to think) that he/she is perfect. Nobody wants to be seen to be doing their job poorly and least of all, being made an example to the rest of the colleagues.

My personal view on quality system audits is somewhat mixed. The primary purpose of setting up and maintaining a quality management system to ISO (International Standards Organisation) regulations is simply that... Quality. If our firm produces quality goods or provide quality services, then we will get very satisfied customers which in turn, would result in more business and hence improved profitability. So why then the mixed views? Because complying to the system entails hard work, especially in the area of documentation and record-keeping. While we can be proud of our staff for being hardworking, not many of them are good in the paperwork side of things.

As an example, in my line of work, we issue design changes and revised drawings all the time. No project is perfectly designed at the inception stage. Changes during construction are inevitable. Hence, any particular section of the work may have to be revised a number of times, for whatever reason. Keeping track of such changes is therefore of paramount importance. We have to make sure that the guy who is actually building the thing is in possession of the latest drawing and not one that was superseded three or four times over.

A proper quality management system ensures such revisions are properly recorded, relayed and implemented. The key area of concern here is traceability... who instructed the change, when was it authorised, were the revised drawings issued properly, was receipt of the drawings acknowledged, etc., etc., etc... So, if we do find the toilet being built in a location where it's not supposed to, we check the paper trail, find out where the cock-up occurred and then decide who gets the screwing.

I guess now you would have an idea why many people hate to keep records.

I am taking time to write on this subject because our company's ISO audit is scheduled for some time this month. I was informed that my project is the one proposed for the external auditor to visit because our documentation and filing system is in reasonably good shape (as opposed to other projects whose record-keeping is not quite up to par, it seems). Ironic, isn't it? I would have thought it would be more beneficial to send the auditor to the other projects so that the weaknesses can be detected and improvements made.

Anyway, what has ISO got to do with ISA? Actually, not much... although the ISA (Internal Security Act) has also got something to do with conformity. You better conform to what the government say or else the Minister of Home Affairs can lock you up without trial.

It's just that every ISO audit exercise reminds me of something someone told me many years ago.

`Aku tak suka lah ISO audit ni! Letih kena soal-siasat. Lebih baik ISA!'

Which prompted me to ask, `Kenapa?'

`ISO kan Ikut Suka Orang... ISA tu Ikut Suka Akulah!'

P/s : Graphic above borrowed from Saja nak buat Zendra tersedak, heheh... and thanks to Nurie for leading me to this site :-)


3yearshousewife said...

This ISO thing really makes me cringe inside. Most probably they'll ask me to do it again once I reported for work next year. I can almost see the procedural documents in my eyes now.
It is ironic that people who worked well and hard are scrutinized and people who are slacking left untouched. I thought it only happened in my workplace...

Snakebite said...

same here. preparing the iso papers is one hell of a job, tapi kadang-kadang (read most of the time)we tipu je auditor tu

anneaziz said...

I was serving in a bank many years back.

Beginning of the year, it was Bank Negara auditors. Middle of the year, it was external auditors. Towards the year end it was our inhouse auditors.

We were scrutinised 3 times a year!

Luckily those days were pre ISO. Kalau tak, 4 kali setahun!

Dah terbiasa sampai tak kisah pun..nak datang, datang lah...nak tengok, tengok lah...

PS/ Sempat jugak ngorat BNM auditor (hehehe!)

Zendra said...

KOFF KOFF KOHHHFFFF, Oldstock my coffee almost went down my windpipe when I saw that pic and then saw that little foot-note that wasn't there before hahaha. Ini sah nak kenakan orang pencen relaxing over breakfast. You pun boleh nakal macam bebudak - sungguh tak kena dengan nama OLDstock ;)

This thing about ISO, I've never had to go through it during my time because my nature of work wasn't that cut and dry. But colleagues in other depts. had to and they seemed to have enjoyed doing it. As I understood it at that time, it's just a matter of documenting what you do (the first time, same time choosing not to document the iffy things hehe) then doing what you have documented while keeping records. If the records are tip-top, as yours are, they will ask no questions like WHY NOT? WHY NOT? WHY NOT? and you go home smiling ... hahaha. Alahai that was last time lah.

Neways, you're the show-case of your company. Two thumbs up!

Tommy Yewfigure said...

Good to have ISO what; can charge premium service price mah..heheh. Surprising most companies have this but do not actually practice it. Me, I still prefer the old gentlemen way, I pay good money, u deliver your 'best practise'goods or services as agreed. One handshake, 'kao tim sai'.



P/S - Nice family photo of Kak Anjang & her siblings in their birthday suites, u got there...kekeke.

Ed. said...

The entire tenure of these postings reflect an out of date approach to both ISO and auditing. If the purpose of ISO is product and service improvement - excellence even - what is the purpose of external assessment? Auditing shouldn't be about compliance but about adequacy, a risk assessment; what are the risks - to the achievement of business objectives - of continuing to operate in the manner identified by the audit. When auditors and managers employ auditors who can perform in this way THEN the business will improve, in part because audits will no longer be seen asa threat to those being audited.

Oldstock said...


Sebenarnya, tak perlu sangat nak risau pasal ISO Audit ni. Kalau kita buat kerja dgn betul, apa-apa teguran dari auditor adalah untuk kebaikan diri sendiri.

Prinsip saya dalam hal ni mudah je... tak mati pun kalau dapat dua tiga NCR, heheheh.

Oldstock said...


I'm sure most auditors would know that there is some form of penipuan here and there. In the end, siapa tipu siapa sebenarnya, heheheh...

Oldstock said...


Is it the other way round.... auditor tu yang ngorat you? muahaha!

Oldstock said...


The documentation part of ISO procedures is very important... tapi tau je lah, ramai staff yang slack kat bahagian ni. Actually, it is already good management practice to have your records in order. The ISO procedures ensures that you do this consistently.

Gambar zebra tu kebetulan je, hehehe...

Oldstock said...


Yes, I fully agree that it is good to have the ISO procedures. In fact, if we wish to participate in international projects, ISO certification is almost mandatory.

However, for the system to work properly, it must have top level management commitment.

For you and I, a gentleman's agreement would work (because we are real gentlemen, right?).

Oldstock said...


The moment I read your comment, I suspect it as spam. The language is too formal. Clicking on your name confirms it... it is a link to

Aduh... auditor Mat Salleh nak cari business kat blog saya pulak.

Justiffa said...

Hahaha.. gawd oldstock, the last part just kills me. next time my boss gives me grief on iso issues i'll go the 'ikut suka aku la' way (dare i? lol) ;)

Good luck with the auditing!!

Nurie said...

during my HR days in manufacturing, I had the opportunity of being an internal auditor, after passing the exams and all those trainings, ugghh! I had some fun too coz during audit time, it is a good opportunity to 'kena' those managers that you dun fancy by going more in depth on his dept's procedures and asked them lots of questions. heh heh.. saja bagi org nervous.

Your ISO vs ISA definitions mmemang kelakar! ...and memang ada kebenarannya kan!

Oldstock said...


Next time you undergo an audit, just try the ISA approach with your boss. Let's see if he has a sense of humour :-)

Oldstock said...

Uiks! Brutal sungguh Puan Nurie bila jadi auditor ye... hehehe..

Kasihani lah kami, wahai Puan auditor :-)