That a system is effective, does that imply that it is guaranteed that only good product will be produced? We know that even full inspection of the final product will not absolutely ensure quality (http://en.wikipedia.org/wiki/Acceptance_sampling).
A manager of a certification body once said to me: ‘(System) Certification means that the system has no major shortcomings, that the organization is focused on the systems’ objective and that it continuously improves.’ It’s all about confidence.
Starting point for confidence are SMART objectives, what exactly is promised. Clear quality specifications inclusive of tolerances. (In the absence of SMART objectives producer and client need to regularly consult on progress.)
Now if you would then audit system effectiveness, where would you start looking? Start at the end results, verification? Use statistics? Sounds like a lot of work, even if you use the producers own records to ‘verify that they verify’? And it would only tell you something about the situation at that time. More indicative is the design of the system – are all the parts there, are they connected, are there no major shortcomings. For this frames of reference are used, for instance ISO9001 or legal ones. The most basic frame of reference though is the PDCA-cycle (http://en.wikipedia.org/wiki/PDCA):
Most indicative is the overall dynamic of the system and its resulting emerging properties – does it work, is the organization focused on the objective and do they continuously improve. Assessing design and operation so helps to target verification of results, making that risk based, proof or disproof of hypotheses and less work.
Nassim Nicholas Taleb tells in his The Black Swan (2007) of the acronym NED, used in medical literature, which stands for No Evidence of Disease. He continues: ‘There is no such thing as END, Evidence of No Disease.’ In system auditing we have to accept this. An effective system is no guarantee for zero risk.
Published earlier on June 12, 2012