As a company providing automation and system integration services to clients in the life sciences, we’re used to audits from clients. We welcome these audits so that our clients become familiar with our quality system and are confident that we have strong project execution controls in place. Their audits don’t always translate to what we do (i.e., our clients might make product; we don’t) but give us the opportunity to learn their requirements and expectations.
The Control System Integrators Association (CSIA) offers certification to control system integrators after they pass an intensive audit every three years. With the CSIA audits, there is a deep understanding of our business and the services we provide to our customers. The audit process is conducted by an independent third-party consulting firm measuring criteria in general management, financial management, project management, quality management, technical management, human resources, and business development. For our clients, this demonstrates that we operate the business within the best practices and benchmarks defined by industry experts.
Last year, Superior Controls an E Tech Group Company passed its eighth consecutive certification audit (we were the first company to do so!). To those new to the CSIA audit process, it may be scary or intimidating. But it is well worth the time and effort. Here are some things I’ve picked up along the way as I’ve led the audit process.
This time last year, we began preparation for our CSIA audit, which was to begin at the end of September. We started by looking at new milestones from CSIA. For example, they added IT Systems and Cybersecurity. We had a list from the CSIA auditor of what they were planning to discuss with us. We also looked at where we scored low last time.
I led the audit planning team, which included subject matter experts from various areas of the company for each section of the audit. We went through the list of criteria and assigned sections to everyone, so each person knew what they were responsible for. We had a central location for the planner, files and communications in Microsoft Teams. That helped everyone because we had people participating from multiple locations virtually. We met every week to check in on progress and answer any questions that the subject matter experts had.
This preparation was especially important to address the new milestones from CSIA in systems management and cybersecurity. We didn’t have procedures for these areas yet, but they were already in the works through our corporate IT department. This gave us plenty of time to review and adjust.
Audits can be stressful. We all want to pass. Don’t let that stress cloud the benefits of the process and what the auditor is doing for you. Remember that this is as much of an opportunity to learn and improve as it is to certify your business as it is today.
The key is not to be defensive or take it personally. You have to take the observations as positive criticism from the audit and build off of that. Embrace the fact that you can always do better. We know that our auditor meets with many system integrators. They can offer insights from their experience that can be very valuable. It’s better to know what you can do better than to be blissfully unaware. I’ve learned to do that with our clients as well.
Embracing the process can also give you exposure to other areas of your business that you may be less familiar with. In my job, I’m focused on quality operations and project execution. Anything that’s outside of that bubble is interesting to learn. It’s cool to see how other people in the company think, like strategic management, marketing, and IT. You get a full picture of the company.
It was very interesting to hear our team’s responses to the auditor’s questions and the auditor’s insights. We took A lot of notes.
We transferred the observations and notes resultant from the audit to the continuous improvement planner. This planner is used by our continuous improvement committee to track areas for improvement and gaps as they are identified during project execution, audits, etc. The continuous improvement committee includes our Quality Management System (QMS) Administrator, myself (Director of Quality Operations), our VP of Engineering, and an Engineering Manager. We meet monthly and we review whatever items we’re working on and their status. Seldom we reach out to subject matter experts outside the committee for their expertise. In each meeting, I look at one or two observations from the audit and we decide whether or not we adopt it. Most of the time we do adopt it, but we first discuss how it would work for us. The idea is that you’re not improving on those results a few months before the next audit. By having a continuous improvement committee, you’re regularly working on them throughout each year.
An example of this was from the past audit when we were asked whether we had a standard set of questions for interviews. We didn’t at the time, but when we promoted all of our group engineering managers, I realized how important it would be to have that, so we’re prioritizing that now with Human Resources.
The more involved I’ve been with the QMS and the auditing process, the more confident I’ve become. I’m not as nervous and not as surprised. That’s the last thing I’ll leave you with. The audit is just one step in the journey. And with each step, you become more comfortable, more adept at maneuvering the path. It still won’t be easy, but nothing worth doing ever is.
Virginia M. Bergman is the Director of Quality Operations at Superior Controls an E Tech Group Company. E Tech Group is a certified member of the Control System Integrators Association (CSIA). For more information about E Tech Group, visit its profile on the Industrial Automation Exchange.