Welcome to Luca!globe
CPA Journal Current Issue!    Navigation Tips!
Main Menu
CPA Journal
Professional Libary
Professional Forums
Member Services

The pros and cons of offering this service

Perspectives on ISO 9000CPA

By Jeffrey R. Miller, Lori C. Miller, and L. Murphy SmithThe ISO 9000 series is having a dramatic impact on quality assurance practices around the world. What do CPAs think about the ISO 9000 quality assurance program?

Once considered a marketing ploy, ISO 9000 has become a practical necessity for many businesses. Some businesses are demanding their suppliers become ISO 9000 certified. General Electric, for example, requires 340 vendors to meet ISO 9000 standards if they want to continue to do business with GE. In the United Kingdom, more than 20,000 companies have registered to ISO 9000. Manufacturers, brokerage firms, lawyers, doctors, and even a barbershop have obtained certification. In the United States, companies initially were slow in adopting ISO 9000 standards, but the number of ISO 9000 certifications is rapidly gaining momentum. United States' ISO 9000 registrations have been doubling every nine to 12 months.

What Is ISO 9000?

Many believe that ISO, pronounced "ice-oh," is an acronym. It is not. ISO comes from the Greek word isos, which means equal, as in an isosceles triangle or isometrics. The International Organization for Standardization, located in Geneva, Switzerland, is the agency responsible for ISO 9000 standards. This not-for-profit organization's membership consists of national standards bodies from over 90 countries. Representing the United States is the American National Standards Institute (ANSI). The first ISO 9000 standards were issued in 1987. The goal of the International Organization for Standardization is to foster the creation and voluntary adoption of worldwide industrial and manufacturing standards.

One of the driving forces behind the creation of ISO 9000 was that many companies were facing multiple second party audits. That is, a supplier may encounter audits from customers to see if their products are meeting certain quality standards. Some suppliers may face 30 to 40 quality audits in one year. To help reduce the number of audits, it was felt a third-party auditor could be employed to attest to the quality of the products. This certification would then be accepted by customers, and reduce the need for second party audits of suppliers. ISO 9000 is regarded as a quality standard because it requires management to document and support its quality management system.

The Registration Process

Different Standards. Plant sites, not companies as a whole, are registered to ISO 9000. The ISO 9000 series must be reviewed to determine what standard would be the most appropriate for a particular plant site. One plant may be registered to one standard, while another site may be registered to a different standard. The plant sites' processes are the most dominant factor in determining the proper standard. There are five ISO series standards, ISO 9000­9004. ISO 9000 provides an overview, defines some key terms, and gives guidance in selecting the appropriate ISO 9000 standard. ISO 9004 describes the quality management philosophy that should be in place for a company to become certified under ISO standards. A facility may be registered to ISO 9001, 9002, or 9003.

The most stringent standard is ISO 9001, which applies to companies in design, development, production, installation, and service. ISO 9002 is a less rigorous standard and pertains to firms in production, installation, and service
but that are not involved in the design of products. The least demanding standard is ISO 9003, which is for companies whose compliance to quality standards is at final inspection. Thus, if a company is involved in all aspects of manufacturing, including design, then 9001 would be the correct standard. If a company does not design the product, ISO 9002 may be the suitable standard. Warehousing and distribution companies would find ISO 9003 the most applicable. Application of the standards is flexible, and all companies will fall under one of the three standards.

The International Organization of Standardization is currently deciding on whether to combine these three standards. The technical committee (TC) 176 of this organization feels that too much confusion exists over what each certification means. Some perceive companies registered to ISO 9001 are better than ISO 9003, which is not the intent of the standards. The differences in the certification are due to scope, not quality.

Gap Audit. An initial informal "gap audit," the first step in the registration process, should be made to help determine the corrective action needed to comply with ISO 9000 standards. This audit may be performed internally, by a consulting firm, or by an ISO registration body. The results from this assessment audit will be used to plan the implementation process.

Documentation. The quality manual is the cornerstone of the documentation process, and the company should get an early start on a draft of this manual. The quality manual should be done by someone within the organization familiar with the company's procedures. The quality manual is a relatively short (30 pages or less) document that describes the facility's quality policy, describes the means by which the facility complies with the ISO 9000 standard, and cross-references the main documents used in the quality system, such as quality procedures.

Complete and accurate documentation is essential to achieving ISO 9000 registration. The firm need not document all its procedures, just the areas covered by the appropriate ISO 9000 standard. The documentation should be sufficient to support the quality manual.

Registrars. Although the ISO 9000 standards are uniform, the qualifications of third party registrars are not. Registrars register companies to ISO 9000. In selecting the appropriate registrar, certain factors need to be considered. For example, if an international customer wants its suppliers to be registered to ISO 9000, the company should become registered by a body recognized in that country. Registrars receive authority to conduct ISO 9000 registration audits from accreditation bodies. In most countries, the accreditation body is a government agency or an organization sanctioned by the government. Government sanctioning gives these accreditation bodies consistency and legal authority. In the United States, no body is accredited by a governmental agency. Therefore, a registrar accredited solely by an accreditation body in the U.S. may not be as meaningful to an international customer. The Registrar Accreditation Board (RAB), a joint venture sponsored by two private industry groups is a well known U.S. accreditation body.

The Pre-Audit. The pre-audit is a "test run" for the actual, formal registration audit. The results from the pre-audit should give a company a definitive list of remaining "nonconformities" that must be corrected. The pre-audit may be performed by an internal auditing team, a consulting firm, or the registrar.

The Registration Audit. After deficiencies noted in the pre-audit have been corrected, the company is ready for the registration audit. The registration audit is a third-party audit. The audit team will have a lead auditor and, in many cases, just one or two additional auditors. If the company does not pass the registration audit, it is usually given about 40 days to make the corrections.

Ongoing Audits. Passing the audit is an important step, but it is not the end of the process. A company must undergo surveillance audits each six months to maintain its registration. Surveillance audits are not as thorough as the registration audit. In addition, a full registration audit needs to be performed every three years. Obtaining registration should be looked at as the initial step toward improving the quality and efficiency of the business.

CPA Perspectives on ISO 9000

ISO 9000 has been mentioned as a possible revenue generating service CPAs should consider offering. A survey of practitioners at local, regional, and Big Six CPA firms was taken to see what the response has been thus far to the ISO 9000 "opportunity." From a sample of 29 firms, 45% of the practitioners had offered ISO 9000 services within the prior year. Most of these firms were large CPA firms with more than one hundred professionals each. The smallest firm that offered ISO 9000 services had less than 11 professionals. Exhibit 1 summarizes reasons CPAs gave for offering ISO 9000 services.

The most often cited reason for getting involved with ISO 9000 is to open the door for other services to current and/or potential clients. The registration process provides many opportunities for CPA firms to gain expertise in ISO 9000. If a CPA firm became certified to perform registration audits, for example, they not only could consult in the various stages of the ISO 9000 registration process, but also could offer services in such areas as continuous process improvement, total quality management, and materials resource planning implementation. As one respondent noted, "ISO 9000 provides an excellent entry to strategic planning, ABC/ABM, reengineering, and other related services." In fact, a survey of registered companies showed that the establishment of a formal quality system was one of the most common benefits from ISO 9000 registration. For example, a Canadian Fisher plant went from having the worst on-time delivery record of all Fisher plants worldwide to having the best. Its safety record, waste, customer feedback, and absenteeism all improved.

The next most often cited reasons for offering ISO 9000 services were that it helps serve client needs and it is a growing market. Sixty-nine percent of the respondents listed each of these as factors for their involvement with ISO 9000. In contrast to traditional accounting services, opportunities for consulting and registration services for ISO 9000 are increasing. However, more importantly, the CPA firms felt that offering these types of services helped serve a need of their clients. Nearly one-half of the respondents listed this reason as the most important in offering ISO 9000 services. Studies have also shown that companies that go through the ISO 9000 process reduce costs.

A joint study performed by Deloitte & Touche and Quality Systems Update found that companies achieving ISO 9000 reported an average annual savings of $179,000 as a result of complying with ISO 9000 standards. The average annual savings of companies with sales between $50 and $100 million was $130,000, and for companies between $100 million and $200 million was $195,000. Savings are realized through various means. For example, Betz Laboratories, a Pennsylvania company, reported saving $100,000 annually by reducing waste and scrap. Spartan Plastics found that factory waste and warranty costs were reduced and employee involvement improved as a result of trying to meet the ISO 9000 standards.

Slightly more than half thought a CPA's background is well suited for offering ISO 9000 audits. Most ISO 9000 auditors are individuals who have engineering backgrounds, but who need training as an auditor.

Types of ISO 9000 Services Offered

The respondents who offer ISO 9000 services were also asked how they have helped their clients with ISO 9000. Nearly two-thirds of the CPA firms offering ISO 9000 services helped their clients prepare for the ISO 9000 audit. There were many ways in which CPA firms assisted their clients. The firms offered help in quality practices, provided training for internal auditing, advised clients on software products used for managing documentation, conducted documentation surveys, recommended how firms should comply with ISO 9000 standards, and performed the gap analysis.

The CPA firms also advised clients on the hiring of a registrar and ISO 9000 consultant. Thirty-eight percent stated they advised their clients in hiring an ISO 9000 consultant and 31% stated they advised the client in hiring a registrar. All but one of these firms also performed other ISO 9000 work for their clients in addition to recommending a registrar or consultant.

Thirty-three percent of the accounting practitioners stated they performed the pre-audit. Almost no CPA firms have become registrars. The only firm the authors are aware of that has become a registrar is KPMG Peat Marwick.

The Cons of CPA Involvement with ISO 9000

CPA firms choosing not to provide ISO 9000 services gave several reasons for their position. These are shown in Exhibit 2. The most cited reason was that the CPA firms' clients are not seeking ISO 9000 registration. Sixty-nine percent listed this as a reason for no involvement with ISO 9000, and, 63% named this as the most important reason for not becoming involved.

The second most cited reason for not getting involved with ISO was that too much of the CPA firm's resources would be required. Thirty-three percent noted this as a factor, and 19% stated this was the most important element in deciding not to offer such services. ISO 9000 does require a major commitment by a CPA firm. KPMG Peat Marwick, for example, took 18 months to gear up to offer quality ISO 9000 services. Time, resources, and major decisions will be required before a CPA is able to offer ISO 9000 services. Rule 201 of the AICPA Code of Professional Ethics states, in part, that CPAs should "undertake only those professional services that the member or the member's firm can reasonably expect to complete with professional competence." ISO 9000 training seminars are offered by many organizations. Georgia Tech Economic Development Institute, for example, offers a wide variety of courses in the ISO registration process. Their five-day lead auditor training course costs $1,595. A CPA firm will also need to make some crucial decisions such as: Who should be sent to training? Who should the firm hire or assign to work with the ISO group? Does the firm want to become a registrar? If so, which registration body or bodies should it be accredited by?

Despite the feeling by many that a CPA's background is helpful, other firms believe a CPA's professional background does not provide good training for offering ISO 9000 services. Auditing for ISO 9000 registration and auditing financials are not the same. Most CPAs have little direct experience in quality assurance. Some feel quality assurance/quality engineers have a much better background for ISO 9000 than CPAs. As one respondent noted, the "training and marketing requirement [to offer ISO services] exceeds perceived opportunity." Another noted he knew of no instances personally where a CPA was doing ISO 9000 work. He, for example, was a non-CPA with a manufacturing background working as a consultant with a CPA firm.

ISO 9000 competition is substantial. There are literally thousands of registrars and consultants in the United States. However, many of these consultants and registrars have weak qualifications. At this time, CPAs are not well known as quality registrars or quality consultants for ISO services. Many times a business firm selects an ISO registrar or consultant simply because they were the registrar or consultant used by one of the firm's customers. As with most opportunities, there will be challenges to overcome if a CPA firm is to successfully provide ISO 9000 services. *

Jeffrey R. Miller, PhD, CPA, is an associate professor at Augusta State University. Lori C. Miller is a management information consultant. L. Murphy Smith, DBA, CPA, is an associate professor at Texas A&M University and a department editor of The CPA Journal.

In Brief

Should We or Shouldn't We?

Accountants in public accounting and industry need to stay informed about ISO 9000 quality standards. ISO 9000 is a good business practice, and accountants may benefit from learning more about the standards and the registration process. Accountants in public practice will likely see many of their clients affected by ISO 9000; accountants can assist their industry clients in the registration process, if and when the decision to participate in ISO 9000 is made. Accountants can be particularly helpful in preparing for the ISO 9000 audit by seeing that a company's procedures are in place before the actual audit.

The survey of CPA firms indicates that, at this time, smaller firms tend not to get involved with ISO 9000 services because most of their clients are not seeking registration to ISO 9000. However, the survey showed that most large CPA firms have some involvement with ISO 9000 services, such as helping the client prepare for the registration audit and
recommending consultants and registrars. Few firms, however, have actually become a registrar due to the significant time and resource commitment necessary to attain and maintain a high quality practice.

The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.

©2009 The New York State Society of CPAs. Legal Notices

Visit the new cpajournal.com.