Top 5 mistakes companies make during ISO audits – Article published online on

Remember the cold sweats and clenched palms that accompanied the famous “pull out a sheet of paper”… Well, adult nightmares are triggered by phrases like that: “tomorrow’s payday”, “I’ve got a check from finance”, “the audit is coming tomorrow” etc.

In the following, we will talk about ISO audits, whether certification, surveillance or recertification.

And now, as in school, the options are the same: always be (relatively) prepared, steal your own hat by copying – in this case by formally mimicking compliance with audit requirements, or procrastinate… as much as you can.

Implementing and certifying an ISO system, such as ISO 9001 quality management, is a “necessary evil” for many small and medium sized companies to gain access to certain markets, projects or public procurement.

But this is not the big advantage. If you ask SME entrepreneurs how much they would pay for world-class management experts to provide them with a blueprint or solutions for the proper organisation of their business, they will certainly think of sums starting from tens of thousands of euros.

This is exactly the core of the ISO 9001 system – an effective, rigorously founded organisational framework for business management. At a fraction of the cost.

“It’s extremely damaging this positioning of many contractors – adversarial to the auditor. We are not the enemy. Auditors want the best for the businesses they audit, even if they seem to be looking for a knot,” says Claudiu Aiftimiei, CEO of Systema.

What would be, in your expert opinion, a top list of mistakes companies make when it comes to ISO auditing?

“From our experience of over 35,000 audits, the top 5 bad practices, in terms of frequency and business consequences, would be:

  1. Formal implementation – when most of the procedures exist only on paper and each employee works as they know or can. Without clear procedures it’s like a kitchen where the place of cutlery changes every day. It becomes frustrating and inefficient.
  2. Establish a single person in the company to talk to the auditor – usually the “joy” falls on the accountant – who is the man with the paperwork, who answers when other inspections come from the state, or on the secretary, who has free time. There are cases where a full-time RMC (Quality Management Manager) is appointed, a reliable, well-organised man, but isolated between files and taken out for audits. Everyone in the company should be able to explain what and how they work, what documents they use, in simple words.
  3. Evasive answers to questions asked by the auditor – the audit is conducted according to a plan with clear objectives, and trying to distract the auditor from the subject does not help anyone and is just a waste of time for both parties.
  4. Minimising corrective action – people are afraid of mistakes and try to show, on paper at least, that everything is going well. But herein lies an advantage of the ISO 9001 system, that it follows up mistakes to correct them, to improve and update the management of the company, not to put someone in a corner. So, when you see perfect records, processes that go smoothly, it’s pretty clear that the reality is cosmetic. And that the opportunity to correct is missed.
  5. Copying procedures from elsewhere – two companies, even with the same business, are not identical, so the way they are organised and therefore the procedures should be different. You can start from a template, but that tedious and seemingly pointless work of putting down on paper all the details of how supplies are made, how often meetings are held, how machinery repairs are scheduled should be done by those who know the company best and have the authority to determine how things should be done. The consultant can come in with observations and recommendations, but that’s about it.”

Does one or more of the above usually occur?

“In general, a combination of incorrect or misguided approaches is emerging, starting from the understanding of the horse management system. If I as an entrepreneur have a vision for the business and go with my gut, I am focused on what is happening in the market now without planning what I am going to do in the medium term at least, then ISO certification is a missed opportunity.”

Finally, what would be your tips for a successful ISO audit?

“I think it is important how the contractor looks at certification. Our advice is to see ISO 9001 as an investment in the smooth running of the business. The most important component of the investment is the personal effort of the CEO to empower employees to participate in developing procedures, complying with them and improving them.”

Article published in