ISO 9000 standards: an emerging CPA service area.
Increasingly, ISO 9000 is becoming the price of admission for doing business in the United States, too. In 1992, only 400 U.S. plants were certified as in compliance with ISO 9000. By July 1993, almost 1,500 U.S. plants had been certified. In all likelihood, thousands more U.S. plants eventually will seek to comply with ISO 9000 standards. A survey of midsized manufacturers released last November projected that as many as 10,000 plants could be certified by the end of 1994.
Why should CPAs be interested in the standards? (1) CPAs can give their companies or clients a competitive edge by providing advice on this emerging domestic and international business issue, before certification becomes a standard business practice. (2) CPAs can expand their repertoire of audit services by becoming certified to perform ISO 9000 quality system audits. This article explains the regulatory and business reasons why companies seek ISO 9000 certification, describes the certification process and tells CPAs where to get information on obtaining certification to perform quality system audits.
WHAT ISO 9000 MEANS TO U.S. COMPANIES
U.S. companies obtain ISO 9000 certification for four reasons.
1. The EC legally requires suppliers of certain regulated products to have ISO 9000 certification. Regulated products are those that have important health, safety or environmental implications, such as medical devices, construction products or telecommunications equipment. Since about half of the more than $100 billion in U.S. exports to the EC are regulated products, this requirement has a significant impact on American companies.
2. ISO 9000 certification enables companies to compete for business from individual customers (both foreign and domestic) that contractually require their suppliers to be certified. This is not just an overseas issue. American companies such as Motorola, Xerox, IBM, General Electric, Eastman Kodak and the three largest U.S. automakers are beginning to require certification. The North Atlantic Treaty Organization and the U.S. Department of Defense also require suppliers to obtain ISO 9000 certification.
3. Certification enables companies to differentiate themselves from noncertified competitors. For example, Dow Corning sees certification as a way to establish a competitive advantage and has 12 certified sites.
4. Most important, many managers insist the process of creating, documenting and establishing the controls for a quality system actually is a catalyst for improving quality. For example, half of DuPont's 240 worldwide facilities are certified. At its Emigsville, Pennsylvania, plant, which makes plastic connectors for computers, employees claimed the defect rate fell from 30% to 8% as a result of participating in the ISO 9000 program. European DuPont sites reported benefits such as increased manufacturing yields and a decrease in customer complaints. In addition, Rockwell International's Allen-Bradley plant in Twinsburg, Ohio, improved productivity 21% and decreased cycle time and product defects by 18% and 32%, respectively, since obtaining certification.
ISO certification is not given to products or companies. It applies only to individual plant sites.
Companies begin the certification process by selecting the most appropriate ISO 9000 standard. As exhibit 1, at left, shows, ISO 9001 is the most comprehensive standard and is intended for use in companies that take products from the drawing board to the consumer. Companies that design and develop, produce, install and service their products should seek ISO 9001 certification. ISO 9002 certification covers a much narrower range and is suited for companies that only produce and install their products. Finally, ISO 9003 certification is most appropriate for companies that only inspect and test products.
After determining which ISO standard applies to their operations, companies should obtain an ISO guidebook, such as the ISO 9000 Handbook or ISO 9000: Preparing for Registration, both available from the American National Standards Institute (see exhibit 2, at right, for its address). These books provide guidance on documenting the work performed at every function affecting quality and on installing mechanisms to ensure workers follow through on the documented procedures.
For instance, a company seeking ISO 9001 certification must have an internal team verify that written procedures, actual practices and records are in compliance with the ISO quality system. A qualified external audit registrar inspects the company's quality system, and if appropriate, awards a compliance certificate. (The registrar's role is explained in the next section.) If any problems (called nonconformances) are found during an audit, they must be corrected before certification can proceed. Such an audit can take 2 to 10 days depending on the size of the business and the number of nonconformances. Registration fees can exceed $10,000 to $20,000 per site. Maintaining certification requires periodic visits from the registrar (usually every six months) that cost between $2,500 and $5,000 per visit, and a reaudit every three to four years. Fees for a reaudit normally are about two-thirds of those for an initial audit.
SELECTING A REGISTRAR
Forty companies in the United States perform ISO 9000 quality system audits. However, only eight of them are accredited by the Registrar Accreditation Board (RAB), which is the official accrediting body in the United States (see exhibit 2 for its address). Selecting an accredited registrar is generally desirable but is not a foolproof strategy because recognition of accreditation internationally does not yet exist.
Given the lack of mutual recognition of accrediting bodies, the key to selecting a registrar is client or customer needs. For companies that have European subsidiaries seeking ISO 9000 certification, the best option is to select a registrar accredited by the appropriate board in a subsidiary's home country. Sites on U.S. soil that sell to U.S. customers should select one of the registrars accredited by the RAB. There are multiple options for U.S. sites that want to sell to customers in the EC: Such companies can seek certification from the U.S. division of a European registrar (such as Lloyd's Register Quality Assurance Ltd. in New York City or the National Standards Authority of Ireland in Merrimack, New Hampshire) or they can obtain certification from U.S. registrars that have been accredited by a European body. The key is to determine what is acceptable to the client or company requiring certification.
Another issue that companies may want to consider before choosing a registrar is industry expertise. Accredited registrars usually are authorized to audit quality systems only in certain industries.
ISO AUDITOR CERTIFICATION REQUIREMENTS
CPAs can expand their services to their companies or clients by obtaining certification to perform ISO 9000 quality system audits. Certification is available through the national certification body, such as the RAB in the United States. There are three progressive grades of auditor certification: quality systems provisional auditor, quality systems auditor and quality systems lead auditor. Each has education, training and workplace experience requirements that candidates must satisfy. An initial application fee of $100 is required along with annual renewal fees of $150 to $200.
WHAT ISO 9000 DOES NOT DO
ISO 9000 certification does not guarantee that a company produces quality products. It certifies only that a system of policies and procedures is in place to make the manufacture of quality products possible. A company can produce ISO 9000 certified products that no one wants or needs. As Richard C. Buetow, director of corporate quality at Motorola, explains: "With ISO 9000 you can still have terrible processes and products. You can certify a manufacturer that makes life jackets from concrete, as long as those jackets are made according to the documented procedures and the company provides the next of kin with instructions on how to complain about defects."
A NEW CPA SERVICE AREA
The limitations of ISO 9000 are being overshadowed rapidly by two facts of business life: (1) A growing number of foreign and domestic customers are dealing only with certified suppliers and (2) many companies appear to have used the certification process as a catalyst for improving their products' and processes' quality. International interest in ISO 9000 standards has grown considerably since they were issued. If CPA clients or companies have not already inquired about the standards, the chances are good that many of them will do so in the near future. CPAs who become familiar with the standards at this early stage in their acceptance in the United States will do the most to enhance the value of their services to their clients or to their employers.
* ISO 9000 IS A SET OF FIVE standards that serve as benchmarks for assessing potential suppliers' quality control systems. Issued by the International Organization for Standardization (ISO) in Geneva, the standards already have been adopted by 60 countries, the North Atlantic Treaty Organization and the U.S. Department of Defense- More and more large U.S. manufacturers are requiring their suppliers to comply with ISO 9000.
* CPAs CAN GAIN A COMPETITIVE edge for their clients or employers by providing advice on how to become certified under ISO 9000 standards. CPA firms also can expand their audit services by becoming certified to perform ISO 9000 quality system audits.
* U.S. COMPANIES BECOME certified to satisfy European Community regulatory requirements, to satisfy customers' contractual obligations, to establish a competitive advantage or to improve quality. Companies seeking ISO 9000 certification must have a qualified external audit registrar inspect their quality control systems.
* CERTIFICATION TO perform ISO 9000 quality system audits involves three progressive classifications of quality systems auditor. Each has education, trainning and workplace experience requirements.
ISO 9000 standards
ISO 9000: Quality management and quality assurance standards--guidelines for selection and use
ISO 9001 *: Quality systems--model for quality assurance in design and development, production, installation and servicing.
ISO 9002*: Quality systems--model for quality assurance in production and installation
ISO 9003*: Quality systems--model for quality assurance in final inspection and test
ISO 9004: Quality management and quality system elements-- guidelines
*ISO 9001,9002 and 9003 must be certified through an external audit.
Note: Each adopting country typically assigns its own name and numbers to the ISO 9000 standards. For example, in the United States the functional equivalent of ISO 9000 is the American National Standards Institute-American Society for Quality Control Q90 series.
Where to obtain information on ISO 9000
* For a copy of the ISO 9000 standards, contact
American National Standards Institute
11 West 42nd Street
New York, New York 10036
Phone: (212) 642-4900
* For information on registrars accredited in the United States, contact
Registrar Accreditation Board
611 East Wisconsin Avenue
P.O. Box 3005
Milwaukee, Wisconsin 53201-3005
Phone: (800) 248-1946
* For current information regarding registration activity in the United States, contact:
CEEM Information Services
10521 Braddock Road
Fairfax, Virginia 22032
Phone: (800) 745-5565
* For information on becoming an ISO 9000 quality systems auditor, contact
In the United States
American Society for Quality Control
611 East Wisconsin Avenue
P.O. Box 3005
Milwaukee, Wisconsin 53201-3005
Phone: (800) 248-1946
Ask for T946, Information Packet for Auditor Certification Program.
In the United Kingdom
The Registration Board for Assessors
P.O. Box 712, 61 Southwark Street
London SEI 1SB
Phone: (071) 401-2988
Ask for The National Registration Scheme for Assessors of Quailty Systems.
ISO 9000: FACT AND FICTION
ISO 9000 is not yet well understood. As a result, a number of articles published on ISO 9000 contain statements or inferences that could be misleading. Some common ISO 9000 myths are addressed below.
Fiction: The products of all companies that comply with ISO 9000 meet minimum quality standards.
Fact: ISO certification means only that a company has a system in place that enables it to meet quality standards it established for itself.
According to Richard C. Buetow, director of quality control at Motorola Inc., "ISO 9000 has no provision for evaluating the quality of a product or service that you provide to your customer. For example, if you purchase from three IS0-certified suppliers you might assume their quality levels are similar--or at least meet some minimum quality level. But as long as a supplier has a satisfactory complaint-resolution system, the majority of the products could be defective and the supplier still could maintain ISO 9000 certification."
Since ISO 9000 does not specify quality criteria, each certified company sets its own quality standards. As long as companies conform to their own quality criteria, they can retain ISO registration.
Fiction: All companies in member states of the European Community must comply with ISO 9000.
Fact: The EC does not require all companies in member states to comply with ISO 9000 in all circumstances.
To do business in an EC country, it is not always necessary to be ISO-certified. According to Daniel H. Pearl, manager of corporate quality systems and ISO 9000 program manager at Corning Inc., "If you do business with a company that does not require you to be registered, the EC will not say you cannot buy from that supplier.
"There are companies in the EC that won't do business with you unless you are registered," Pearl continued. "For example, you cannot be a supplier to British Telecom or the French PTT unless you are registered. There are certain companies that have made it a requirement for doing business, but it is not universal."
Fiction: Management accountants play support roles, rather than serve as driving forces, in developing and maintaining ISO systems.
Fact: Management accountants have an opportunity to expand the scope of their support services. They can be especially helpful in ensuring that a system is being implemented and maintained according to ISO requirements so that the outside auditors will not discover major problems that could jeopardize recertification.
--Zafar Iqbal, PhD. is professor of accounting at California Polytechnic State University, San Luis Obispo.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||International Organization for Standardization|
|Author:||Mills, Tina Y.|
|Publication:||Journal of Accountancy|
|Date:||Feb 1, 1994|
|Previous Article:||ISO 9000.|
|Next Article:||Materiality in government auditing.|