Welcome to the Whittington & Associates
e-Newsletter!
Visit and bookmark our web
site.
Our newsletters provide guidance on ISO 9001,
AS9100, ISO 13485, ISO/TS 16949, TL 9000, ISO
14001,
ISO 27001, ISO 20000, and related ISO
standards, as well as, Six Sigma.
If you have any questions about the articles
appearing in this issue, or you want to suggest
topics for future issues, please let us
know.
ISO 9001 and Suppliers
What can purchasers reasonably expect from
suppliers who point to their ISO 9001
certification as an argument for use of their
products or services? The ISO organization
provides answers to this and related
questions in an updated edition of its online
brochure, ISO 9001 - What does it mean in
the supply chain?
The document is particularly aimed at
purchasing managers of business enterprises
and public sector officials responsible for
procurement, but is also useful for
organizations representing consumer
interests, as well as for consumers
themselves.
ISO 9001 has been implemented by
organizations in 176 countries and become the
global benchmark for quality management
systems. The standard is used as a framework
for providing assurance about a supplier's
ability to satisfy quality requirements.
ISO 9001 certification is often a market
requirement for suppliers to participate in
supply chains or to bid for procurement
contracts. It is also widely used as a
marketing argument by companies selling goods
or services to consumers.
For these reasons, the update of the brochure
is timely. It provides concise answers to
questions such as:
What does "conformity to ISO 9001" mean?
How does ISO 9001 help you in selecting a
supplier?
How can purchasers be sure received
products will meet their requirements?
How can you have confidence that your
supplier meets ISO 9001?
Can suppliers claim that their goods or
services meet ISO 9001?
What can a customer do if things go wrong?
The brochure provides purchasers with the
information needed to ensure that the ISO
9001 standard is used to its full potential
in the business-to-business supply chain. In
addition, the document serves as a
"mini-primer" for ISO 9001 because it
includes brief explanations of the standard,
quality management systems, and the options
for claiming conformity with ISO 9001.
The free brochure, ISO 9001 - What does it
mean in the supply chain?, can be accessed at
this web page on the ISO web site.
AS Transition Training
The International Aerospace Quality Group
(IAQG) recently issued a letter on transition
training for aerospace auditors. This
training is a key element in the transition
to the AS9100C, AS9110A, and AS9120A
standards, as well as, use of the common
AS9101D audit requirements standard.
All Aerospace Auditors (AA) and Aerospace
Experienced Auditors (AEA) must complete
Aerospace Auditor Transition Training (AATT)
to be authenticated for auditing the new
aerospace 2009 standards.
AS9100: This IAQG-Sanctioned AATT
course has online and instructor-led
components. The online component consists of
an online initial examination and an online
module titled, "Foundations: Understanding
9100". The instructor-led component is a
4-day course and includes an evaluation and
examination.
AS9110: This IAQG-Sanctioned AATT
course has online and instructor-led
components. The online component consists of
an online initial examination and an online
module titled, "Foundations: Understanding
9110". The instructor-led component is a
1-day course and includes an evaluation and
examination.
AS9120: This IAQG-Sanctioned AATT
course has online and final examination
components. It does not include an
instructor-led course. The online component
consists of an online initial examination and
an online module titled, "Foundations:
Understanding 9120". The final examination
must be taken in a proctored environment with
an approved training provider.
Online: The online course for the
AS9100C standard must be completed as the
first step in the AATT. You begin by taking
an exam. If you pass it, you can complete the
online training or go to the instructor-led
course. If you don't pass, you must take the
online course before going to the
instructor-led course.
Auditors seeking authentication to AS9110A or
AS9120A must first complete the AS9100C
online course and AS9100C instructor-led
course before attending AS9110A or AS9120A
training.
Classroom: Instructor-led training
is required for auditors seeking AS9100C and
AS9110A authentication. AS9120A training does
not include an instructor-led course. As
previously stated, AS9100C instructor-led
training is a pre-requisite for AS9110A and
AS9120A training.
Trainers: All trainers wanting to
teach the AATT course must first successfully
complete the AATT and the Plexus Evaluator
course. All training providers, including
certification bodies, must be approved by an
IAQG Sector Management Structure approved
Training Provider Approval Body to deliver
AATT. Two approved trainers are required to
deliver the Aerospace Auditor Transition
Training. Class sizes must be a minimum of 9
students and a maximum of 12 students.
For more information on the IAQG-sanctioned
Aerospace Auditor Transition Training, go to
this Plexus
web page.
ISAE 3402 and SSAE 16
In December 2009, the International Auditing
and Assurance Standards Board (IAASB) issued
International Standard on Assurance
Engagements (ISAE) 3402, Assurance Reports
on Controls at a Service Organization.
ISAE 3402 was created to address engagements
undertaken by a professional accountant to
report on the controls at a third-party
organization that provides a service to user
entities when those controls are likely to be
part of user entities' information systems
relevant to financial reporting.
In January 2010, the American Institute of
Certified Public Accountants (AICPA) Auditing
Standards Board issued Statement on Standards
for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service
Organization, that is similar to the
international standard and supersedes
Statement on Auditing Standards (SAS) No. 70, Service Organizations.
The new ISAE 3402 and SSAE 16 standards are
effective for reports for periods ending on
or after 15 June 2011, with early adoption
permitted. Because many reporting periods
cover 12 months and begin in July, the new
standards will affect many organizations as
early as 1 July 2010.
While SAS 70 has worked well for many years,
a number of factors drove the need for the
new standards, including:
Globalization of business process
outsourcing
Business process outsourcing has grown from
regional shared service organizations created
by specific industries to multinational and
local organizations serving many different
industries for a mixture of local, regional
and international organizations. As a result,
the information required in a SAS 70 report
may no longer be sufficient for user
entities.
SAS 70 is a US standard
While SAS 70 is used globally, it is a US
standard and engagements must be performed in
accordance with the AICPA US Auditing Standards.
Consequently, current reports may not respond
to the needs of user entities and their
auditors outside the US.
Service organization's report versus
service auditor's report
SAS 70 was developed as an auditor-to-auditor
communication, a way for the service auditor
to share audit work papers with the user
auditor, who then could rely on this work in
planning and executing the financial
statement audit. However, the regulatory
landscape has seen significant changes, and
governments, regulators, boards of directors
and financial statement users are placing
ever-increasing emphasis on internal control
over financial reporting. These stakeholders,
as well as the user auditors, now need a
report from and by the service organization
describing its internal control. This, in
turn, significantly increases the importance
of management's description of its system.
The independent service auditor's opinion
remains critical, but its role is as a
provider of assurance, not the entity
responsible for the communication.
While similar to SAS 70, the new standards
will require changes to service
organizations' reporting processes and
reports. For some service organizations,
these changes will be relatively minor. For
others, significant efforts will be required
to change their reports, reporting processes,
or both.
For more information on ISAE 3402 and SSAE
16, as well as, an explanation of:
Service organization responsibilities
under the new standards
Changes to service auditor
responsibilities under the new standards
Impact on reports with inclusive
subservice organizations
The 19th Annual ASQ Audit Conference will be
held on October 7-8, 2010 at the Hilton Hotel
at Walt Disney World Resort in Orlando, FL.
The conference will focus on auditing as a
pivotal tool to improve business performance
through added-value, effective negotiation
and decision making.
It will be an opportunity to learn the tools
and applications of quality improvement, how
auditing impacts the overall performance of
your business, and how to expect the
unexpected. Auditors of all experience levels
will be exposed to fresh ideas and new
techniques they can implement immediately.
The focus areas include:
1. Magnify the View
Auditors add fresh eyes and expertise to the
wealth of tools available to management for
effective decision-making. Learn what to
expect during and after audits: audit
planning, audit strategies, auditor
selection, audit checklists,
non-conformities, audit reporting, audit
effectiveness checks, audit challenges, and
other audit expectations in different types
of industries.
2. Do You See What I See?
Auditing and quality tools have a value-added
impact on overall business performance. Learn
about auditing tools, quality tools,
statistics, communications, negotiation
skills and all the other tools used by
auditors to improve auditing skills and audit
performance, and see how these tools can
magnify the success of your organization.
3. Rose-Colored Glasses
Special issues can come up in auditing, and
blur the vision we have of outcomes and
performance. Learn to recognize, work through
and expect unexpected audit considerations
such as ethical and legal challenges,
regulatory challenges, cultural differences,
international concerns, crisis management,
difficult negotiations, effective
decision-making and more.
4. Do You Have the Right Prescription?
Expecting the unexpected is an important step
in improving overall business performance.
This starts with audit and quality
improvement strategies. Learn about the
business needs for audits, audit program
strategies, quality improvement tools,
reducing the cost of quality through
auditing, and other performance improvement
methodologies and objectives.
Early-bird ASQ members can register for $750.
If you aren't an ASQ member, you can register
for $825 and also receive a full year of
Audit Division member benefits. You can
register at the Audit
Conference web site. I
hope to see you in Orlando.
Age-Proof Your Career
1. You look old if you think only birds
tweet.
Social media isn't a flash trend, it is part
of a high-tech cultural shift.
The Age Proofer: Become part of the
Twitterati. Sign up for an account at
Twitter.com. Create profiles at Facebook.com
and LinkedIn.com.
2. You look old if you love the big
meeting.
Boomers worked long hours and the line
between work and life were blurred. Frequent
meetings served as a pseudo-social outlet.
Young employees have a different philosophy.
Get the job done and get a life. They embrace
flexible schedules and use new tools to work
more efficiently.
The Age Proofer: Hold fewer meetings
and keep them short. Rely on more on texting
and webinars. Collaborate on projects using
the wiki tool. Set up videochats to replace
traditional gatherings.
3. You look old if you called the project
an "epic fail".
If you try to use a trendy term, it may come
across as sounding pathetic or just plain
silly. You'll just remind them of your age
rather than encourage them to forget.
The Age Proofer: Know what the latest
phrases mean, so you're not insulted if a
young colleague calls your work "sick". But
as for using them, don't.
4. You look old if you're always
referencing the glory days.
Among the deadliest phrases is, "Let me tell
you how we used to do it." The blank stares
may tell you they could care less. Mentioning
the old ways may cause you to be seen as out
of touch.
The Age Proofer: Focus on the future.
Show you have a handle on emerging issues in
your field. Broaden your knowledge of the
industry. Be viewed as an asset, not an
artifact.
5. You look old if you fashion sense is
straight out of 1989.
If you are still sporting a briefcase or a
tie, you're showing your age. If you dress
more formal than the rest of the office, you
may be perceived as being rigid.
The Age Proofer: Find the right
balance. Don't try to wear clothes too young
for your age, but you may want to ditch the
tie to join the gang.
You can read the full article by Dan Kadlec
at the Money magazine web site.
AS9115 for Software
The AS9115:2010 document supplements the
AS9100 standard requirements for deliverable
software and contains quality management
system requirements for organizations that
design, develop, and/or produce deliverable
software for the aviation, space, and defense
industry. This includes, as required, support
software that is used in the development and
maintenance of deliverable software. The
deliverable software may be stand-alone,
embedded, or loadable into a target computer.
Whittington & Associates provides training, consulting and auditing services for
management systems based on
ISO 9001, ISO/TS16949, ISO/TS 29001, TL 9000, AS9100, ASS9110, AS9120, ISO 13485,
ISO 27001, ISO 20000, and ISO 14001.
