Get the Most Out of a CSIA Audit in Four Ways
Numerous companies with membership in the Control System Integrators Association (CSIA) are seeking or renewing certifications as a means of confirming / improving their various business practices. Having been through the original certification, along with two renewal efforts, I wanted to share some advice for passing the audit and getting the most out of the experience.
The first recommendation would be to define what you want to achieve with the audit. Is the goal to merely claim you’re certified, or define areas of improvement in a particular support group? Or do you hope to achieve a better understanding of industry best practices as an SI? By identifying what you want to get out of it, you can better align the effort you want to expend and the level of detail you present to the auditor. Hearing affirmation about what you already do well may take a backseat to learning about areas where you’re lagging and what you can do to improve. In some cases, the criteria being covered may not fit your business model or goals, and you may want to focus your efforts on criteria that’s more pertinent to your business needs. It’s an audit, not a validation of your business model. A poor mark in a specific section is not the end of the world, especially if it’s irrelevant to your business.
The second recommendation is to ensure you look at all business units and support functions when assessing the audit criteria. This is about more than just quality-based documentation and project execution methodologies. Be sure to check compliance in areas like finance, legal, EH&S, HR, sales, etc. It’s a broad-reaching audit and you need to be sure you look at all supporting groups. As an example, configuration management can be utilized in all areas, not just software development.
The third recommendation would be to review auditor options to ensure there are no conflicts of interests. In many cases, components of intellectual property are shared during the audit and you want to do all you can to protect that IP. We would recommend you avoid any auditors who service SIs as consultants. Your particular “secret sauce” should remain just that: secret. Selecting a truly independent / unbiased auditor is important.
Finally, a mock audit can help surface weaknesses that need to be tuned up and potentially clear up misinterpretations of the best practice standards. Make sure the mock auditor has not participated in the audit preparations to bring a fresh perspective. Ideally, the mock auditor will have participated in previous certification audits.