As you know, we are convinced that ISO standard represents an opportunity and a real added value when starting with a brand new firm.
And moreover, is not necessary to wait for approaching ISO standards that one or more of this (traumatic) events happens:
- Some regulator, an important industry partner or an international tender suddenly requires a certification (then the only thing entrepreneur wrongly perceives is that ISO is just a paper work, or even a …”chip” necessary to play at the casino and nothing more);
- A major problem/incident takes place (ISO 9001 as a sort of “punishment” for the company’s staff or as a sort of “process cleaning” product)
The recently issued standard ISO 19011:2018 “Guidelines for auditing management systems” represents instead an opportunity for startups in order to:
- Finally approach and apply the auditing concepts into their processes, for focusing on risk and constantly improving them:
- Reduce auditing costs (either internal and second/third party)
The standard provides a comprehensive guidance on how to conduct a management system audit and is applicable to a really wide range of users, including, among others, organizations that need to conduct internal and/or external management system (MS) audits and manage audit programmes (cfr also our article https://massimilianobellavista.wordpress.com/2018/07/17/is-9001-2015-viable-for-startups/
And therefore id useful also for startups who are willing to:
- Transform the costs of receiving an external audit into an opportunity of growth and achieving the appreciation of their stakeholders and partners
- Fix errors in an earlier phase
- Prove their capacity of documenting and controlling their processes
- Show that they can adapt with large company culture (auditing is a most of the times a mandatory process to have the access to the support of financial and funding parters, large groups/clusters, incubators, international business partners)
The ISO 19011:2018 standard has undergone a certain number of changes. Why is so? Because the new standard finally considers auditing process as a continuous, risk focused and IT- supported process.
The most relevant new points for startups are at least as follows:
-the audit process is not anymore just a conformity audit; this is important because it means that auditor shouldn’t look anymore for mere compliance with the standard ( very often a self -referential and not value adding process from firm’s point of view ) but mainly for effectiveness and performance
–remote auditing. Audits can now be fully and easily (and with much less costs involved) performed on-site, remotely or as a combination. (“On-site audit activities are performed at the location of the auditee. Remote audit activities are performed at any place other than the location of the auditee, regardless of the distance. Interactive audit activities involve interaction between the auditee’s personnel and the audit team. Non-interactive audit activities involve no human interaction with individuals representing the auditee but do involve interaction with equipment, facilities and documentation.”)
–virtual audits. “Virtual audits are conducted when an organization performs work or provides a service using an on-line environment allowing persons irrespective of physical locations to execute processes (e.g. company intranet, a “computing cloud” ;“A virtual audit follows the standard audit process while using technology to verify objective evidence”, this represents an opportunity for aligning auditing processes, sometimes perceived as “old-fashioned” by young startuppers as an up-to-date management and control process.
Take a look to the standard structure: it may represent a chance for growth