Tips, tricks and information about Certification

First, the information...

Certification is the  provision of a Certificate, to those organisations which have proven they meet the requirements of a particular Certification standard.

Anyone can issue a Certificate - but the Certificate really isn't worth all that much unless it's an Accredited Certification Body

Click here for a list of Accredited Certification Bodies (accredited by JAS-ANZ) 

What is Accreditation? Click here for an explanation of what Accreditation is...

So, what is an Accredited Certification Body?

It's an organisation which has itself been audited by an Accreditation Body (JAS-ANZ in Australia and New Zealand). There is one other Accreditation Body that operates in Australia worthwhile mentioning, and that's the Office of the Federal Safety Commissioner (the OFSC). The OFSC Accredits construction organisations - the OFSC role is to is to promote and improve occupational health and safety (OHS) in the building and construction industry, and it requires Certification (by an Accredited Certification Body) against AS/NZS 4801 before an organisation can apply for OFSC Accreditation...

 Confused? It's not an unusual situation to be confused by a new set of buzz words and terms. If you want your specific questions answered you can always contact us

So - you've decided you want or need Certification? Where to from here?

You can contact one or more of the Accredited Certification Bodies - or you can read on, and get some more information...

First, you have to apply to an Accredited Certification Body. This entails filling in either an on-line or a hard copy Application Form where the Accredited Certification Body gathers information from you (on behalf of your organisation), so the ACB can determine if it can provide the services you require, in the location you desire the service to be provided. This Application process also allows the ACB to formulate a Quotation which you may or may not accept. Once you accept a quotation, the Certification process begins in earnest...

The process of Certification entails going through a series of audits (how many audits depends upon which standard you are seeking Certification against)

Typically, the first audit is a Document Review where your documented management system is compared to the requirements of the standard you're seeking Certification against. This provides the audit team (one or more auditors) with background information about your system - its structure and its content, so they can issue a report showing where your documented system complies with the requirements of the standard, and where it doesn't comply. Non-conformance reports (Non Conformance Reports, NCR's, Corrective Actions, or CAR's as they are variously known) may be formally raised (and therefore need to be formally closed as part of a subsequent audit) or are simply reported within the text of the Document Review Report

You can choose to undergo a Gap or Pre-Evaluation audit. It may be a requirement, for example under the Certification process for ISO 14001 - Environmental Management Systems. Not such a bad idea, Gap audits - simply because the time spent in a Gap or Pre-Evaluation Audit should be deducted from the total audit time required to achieve Certification. Gap audits also allow you to ge feedback on just how far away, your system is from achieving the milestone of Certification. You also get a 'feel' for the audit team members - and this is a really good thing, because the variability in the audit process is in the competence of the audit team members and the approach taken by the audit team members. Applying the 80/20 rule, only 20% of Certification auditors are good auditors. Sad, but more than likely, true...

Onwards to the Certification Audit...

A Certification audit is one where your organisations' implementation of every element (clause) of the standard is checked. It's a really in-depth audit, and can take a long period of time, from a day, to weeks, depending on the size and complexity of operations, of your organisation (and the competence & experience of the audit team members)

It is very unlikely that you will go through a Certification Audit without some Corrective Action Requests (or whatever the ACB names them) being raised, but that's no big deal...

Any CAR's raised at a Certification Audit must either be downgraded from Major to Minor or Closed completely, before the audit team leader can make a recommendation to Certify. It's important to remember that an Audit Team Leader does not make a Certification decision - they just make a Certification recommendation.

Minor CAR's must have an appropriate response on file (a Plan as to how to achieve the closure of the Minor CAR, over a specified time period)

Once a Certification recommendation has been made, the Reports are created, forwarded to the Certification Body, reviewed by a technically competent authority (person or group) and a Certification decision is made. Then a Certificate is created (or printed) and forwarded to your organisation. Only when you have the Certificate, can your organisation refer to itself as being Certified.

OK -that's the boring stuff out of the way - now for some tips...

 The tips...

 Tips about putting in your system...

There are many ways to do things wrong and few ways to do them right...

Probably the best way is to 'bite the bullet' and get some assistance in creating the structure and content of your Management System (you'd expect us to say that, we're a Consultancy organisation).

Why get the help of a professional person in putting together your system? Simple - a well structured and well implemented system will accurately reflect the way your organisation works; will be easily adopted by your people; and will be easy to maintain into the future

A word of caution about Consultancy organisations...

If we again (see above) apply the 80/20 rule, only 20% of the Consultants will be any good - that leaves your organisation with an 80% chance of being taken for a ride in terms of the cost, the time and the usability of the Management System. Not good.

What can you do about this?

We suggest you check the referees of the Consultancy organisations you might be considering using - and don't just check the Consultancy organisation - check the individual - the intended service provider (the actual consultant to be used) - there is no real qualification to call yourself a Consultant - just hang up a shingle... Bear in mind that no Consultant is going to give you a bad referee...

You might want to consider establishing some criteria for selection of the Consultant - experience as a Certification Body auditor is a good one - it will have allowed the Consultant to witness many Management Systems - good and bad. You should also look at cost - but not necessarily the cost per day - better to look at the overall costs (internal and external). Sometimes you get what you pay for...

Industry experience counts as well, when selecting your Consultant. If you're in the Mining Exploration business, it's not much good getting a Consultant with experience in the manufacturing sector...

Here's a real tip...

Get the structure and content of your Management System correct first...

We have found that once an organisation decides it wants or needs to be Certified, i goes merrily about creating Policies, Procedure, Forms, Job Safety Analysis, Task Hazard Analysis, Risk Assessments, Safe Work Method Statements and the like without any real structure as to what each contains; why each exists; who are going to use the various elements of the Management System - and just how much of the system will be a duplicated, triplicated and quadrupled, even

A really good Management System is one that is so well structured that a novice can understand what is going on, where, how and why. Heck, then the user might even be able to apply the Management System in the workplace - a novel idea, eh?

And the best is saved 'til last...

The tricks...

The Position Description

If there is a secret to the implementation of a Management System which fits the requirements of the standards (ISO 9001, ISO 14001, AS/NZS 4801, SafetyMap, ISO 22000 and more) it is the well written Position Description (PD)

Sometimes called a Job Description, Person Specification or other term, the PD will only assist in he implementation of your Management System if the PD is structured in such a way that the requirements of the Standards are built into the PD. It is unlikely that a 'pure' HR person would be able to interpret the requirements of the standards, and then include them within the PD's of the entire organisation (yes - from the Cleaner to the Managing Director, and all positions in-between). Standards talk about such things as "at relevant functions and levels" , "Roles, Responsibility and Authority", "Responsibility and Accountability", "Responsibility and Authority", "Objectives and Targets" (at relevant functions and levels), Measurement and Monitoring", "training and Competence", "Incident Investigation", Competence, Awareness and Training", "Measurement, Analysis and Improvement", Monitoring and Measurement", "Internal Audit", "OHSMS Audit" and more - with all of these elements potentially having an impact on the Position Description. More importantly, with the well written PD, the implementation of the Management System is greatly eased by the reduction of the volume of documentation, and reduction of duplication. Not to cast aspersions on the HR profession, but they know what they know, and (like us) they don't know what they don't know. Perhaps a 'cross-functional' teams-based approach is called for ("TQM !" you say?). Yes - a new way of using the aged-old concept of Total Quality Management... Together Each Achieves More.

The Management Review process

There is no requirement for "Management Review" to be conducted:

• once a year
• as a separate meeting
• only with members of senior management
• as a special meeting

Once these urban myths are exposed, then the possibilities for Management Review become endless. Think in terms of:

1. implementing Management Review as part of existing meeting forums
2. using the Management Review process to set Objectives and Targets for personnel ("Management by Objective" you say?)
3. having Management Review undertaken by different levels of management (it's called 'delegation')
4. structuring the Agenda items to ensure the required elements are raised, discussed, and reported upon, with decisions documented in minutes
5. mapping the existing structure of management meetings, and identifying duplication of information, and discussion - with the wasted time, and its associated cost implications

The number of meetings increases, but the number of workers doing the income producing work, keeps getting pruned. Strange...

The really neat trick...

Possibly the most applicable quote here is from an 'old school' OHS Consultant of international stature (but I guess he heard it somewhere else) "Safety should be built-in, not bolted-on". Now applied to other Management Systems: "The (standards, legal and contractual) compliance processes should be built into the system of management, not bolted-on" - in that way, each organisation will have a sustainable compliance management system, into the future. We should be well past the stage of having "Quality Systems", "OHS Systems", "Environmental Management Systems" and "Food Safety Systems" - each with their own (dangerous) silos of self interest - surely we can, and should be developing organisation-wide Management Systems - that happen to fit our compliance needs - all  of our compliance needs

Comment: Does this mean that a 'good' Consultant should have a wealth of relevant experience across a range of Management Systems disciplines (Food, OHS, Quality and Environment)? Probably. We might also include areas of compliance not typically considered as part of Management Systems, for example:

• corporate governance
• contract law
• consumer law (the Trade Practices Act, and Sale of Goods Acts in Australia), and more...

HOME

CONTACT

SITEMAP

PRIVACY

TERMS & CONDITIONS