We’ve all seen “Cinderella processes,” those processes that, although they do all the work in the company, are underevaluated, almost ignored by auditors.

I recently conducted a survey on 20 auditors. It was intended to analyze what processes are emphasized in ISO/TS 16949 audits, as well as any nonconformances. The results were quite frustrating, considering that the ISO 9001-based quality management schemes were born during the late 1980s, some 25 years ago.

I included 20 auditors to have a reasonably representative sample, since I was reprimanded by one Quality Digest reader that one event is not significant enough. I wonder what he would think of one accident badly hurting his body; I personally consider even one event to be significant when it’s a system failure.

Let’s start with the Cinderella processes, then we’ll go through the nonconformances Hit Parade.

Product design, product maintenance, and servicing are probably the most Cinderella of all the Cinderella processes, despite what you hear. According to the National Geographic Channel series Air Crash Investigation, which examines various accounts of air accidents, those three processes cause the vast majority of deaths among passengers and cabin crews. Rashly designed functional parts and “candle in the wind” maintenance are core elements of airlines’ cost-reduction management schemes, rather than a deeper analysis of those companies’ hidden costs.

Just as an example, Alitalia crews are all based in Rome (the recruiting criteria can be easily guessed at). When crews were tasked to fly from Milan, they were flown there free of charge—a one-hour flight. But, rather than book the crews in a hotel near the airport, the airline booked and paid for 100 rooms year-round in a luxury hotel on the Lago Maggiore, a one-hour drive from Milan. Perhaps Alitalia could have better used that money improving design, maintenance, and servicing.

I really believe auditors are looking at the wrong things. Have you ever heard of a nonconformance raised against ISO/TS 16949’s subclause 5.1.1—“Process efficiency?” Or 5.4.2—“Quality management system planning?” Or 6.2.2.1—“Product design skills?” Or 7.5.1.4—“Preventive and predictive maintenance?” Or 8.1—“Measurement, analysis and improvement—General?” Or 8.4.1—“Analysis and use of data?”

I don’t think so.

When I did audits for international registrars, in some cases, although the evidence was more than evident, I was prohibited from citing a nonconformance against subclause 5.4.2b—“Maintenance of quality management system integrity” by my team leaders because that would have meant a major nonconformance, and therefore a suspension of the certificate.

My 20-auditor survey confirmed my expectations: Auditors are still like restaurants’ customers. They complain that their steaks are not cooked as they requested, they raise nonconformances against single lapses of quality, but they do not investigate further. Why was the steak overcooked? Perhaps the waiter did not properly understand the order; maybe the cook wasn't careful enough. Who knows? No one asks.

In a word, more often than not the auditing system, not the process, is the failure.

A steak is a steak is a steak—provided the beef is safe for consumption. But when the issue is about safety or security, auditors must care much more about real criticality and risk. I’m a more-than-convinced supporter of the principle that management system audit criteria—be they first, second, or third party—must be based on risk assessment. That may include document control, although it doesn’t necessarily need to be limited to that.

When I audit a company with a Hollywood-style grand entrance, and I turn and see the backyard dirty and covered with scrap, I say to myself, “Mmmh,” and I investigate the manager or owner. That’s the weak point of the system; that’s where the cause of failures lie.

The media educates us to look only look at the aftermath of accidents; it teaches us to ignore the causes of accidents, and therefore their prevention. When any accident occurs, the media message is, “Put more armor on.”

Every Cinderella process needs a prince with the missing slipper to put things right. That prince is Deming’s plan-do-check-act cycle. As quality people, we have a duty to educate ourselves, our colleagues, and customers about prevention. We must not ignore the basics of the “prediction” principle: It’s in the DNA of human history.