Certification FAQs

Helping you understand the certification process

Have some questions about the certification process?

Getting audited seems like a scary process - But it doesn't have to be.

We've outlined some of the frequently asked questions below to address some of your concern. If you have any other questions that haven't been outlined below, get in touch with our relationship managers on 1800 95 97 92 who would be happy to assist.

Certification

What is certification?

Certification is independent verification that your organisation's management system, product, or service, satisfies the requirements of an applicable national or international standard.

There are a number of international standards a company can be certified to. For example:

Quality management systems (ISO 9001)
Environmental management systems (ISO 14001)
OH&S management systems (ISO 45001)

Additionally, there are other management systems standards that cover a wide range of industry sectors including food, information security, forestry, and disability services.

For information on which standards PwC's Compliance Services can certify against, click here.

Why get certified?

Companies certify their business for a number of reasons; it may help keep track of their processes and procedures, or it may be because a client is demanding they have certification before they will trade with them.

More and more these days, companies are asking if their suppliers are certified as it provides assurance that the company they are dealing with is under control, and undergoes regular independent, third-party assessment.

For many organisations, the additional credibility of their systems helps with their own reputation in ther market by being certified to globally recognised standards.

What standards can I get certified to?

There are numerous standards available that a company can be certified to.

An example of some of the standards offered by PwC's Compliance Services are:

ISO 9001 (Quality management systems);
ISO 14001 (Environmental management systems);
ISO 45001 (H&S management systems);
ISO 27001 (Information security management systems);
TAPA (Transport Asset Protection Assurance),
ISO 22000 (Food safety management systems); and
Safe Quality Food (SQF) for food safety.

What is a certification body (CB)?

A certification body is an organisation, like PwC's Compliance Services, who is accredited as a Conformity Assessment Body (CAB) by an Accreditation Body. The most commonly used Accreditation Body in Australia and New Zealand is the Joint Accreditation System of Australia and New Zealand (JAS-ANZ).

Certification bodies are subject to audits by Accreditation Bodies (such as JAS-ANZ) to ensure they are operating within their documented policies and procedures, as well as the international certification auditing requirements.

Who controls the certification bodies in Australia?

The Joint Accreditation System of Australia and New Zealand (JAS-ANZ) provide internationally recognised accreditation to certification bodies such as PwC's Compliance Services and other Conformity Assessment Bodies (CABs) and ensures they are complying with standard owner requirements and conducting audits in line with mandated criteria.

Joint Accreditation System of Australia and New Zealand (JAS-ANZ) is a member of the International Accreditation Forum (IAF).

For more information about JAS-ANZ, head to their website at www.jas-anz.org/

Who is JAS-ANZ?

This acronym stands for the Joint Accreditation System of Australia and New Zealand.

JAS-ANZ accredits organisations like PwC's Compliance Services so we can conduct audits and issue certificates on companies.

JAS-ANZ does not certify or inspect organisations, products or people; rather, they accredit the certification bodies that do.

For more information about JAS-ANZ, head to their website at www.jas-anz.org/

Is my certification recognised outside of Australia?

Yes, JAS-ANZ is recognised globally as an accreditation body for Australia and New Zealand and is a member of the International Accreditation Forum (IAF).

Additionally, many standards against which you can be certified to are published by ISO, the International Organization for Standardization.

As part of the PwC network, certificates issued by PwC's Compliance Services will be reconised globally as well.

Do companies require certification?

Generally, certification is not compulsory.

Companies make the decision to be certified for a number of reasons. For example, they may be trying to supply a customer who requires them to be certified, or they may want a system in place to ensure all business activities carried out are consistent, and that this is verified by an independent third party audit.

Does certification to an OHS standard mean I meet legal requirements?

No. There is an abundance of legislation relating to a company's responsibilities to, example Work Health & Safety/ Occupational Health & Safety (WHS/OH&S).

When building an WHS/OH&S management system, you are building a system to the requirements of (in this case) ISO 45001. This standard has a number of elements documented to build your system around so that the end result is you are managing your OH&S risks.

However, as part of that overall system, legislative requirements are sure to be referenced.

Who should get certified?

Any business can potentially get certified, provided they maintain a management system aligned to the relevant Standard(s), and are able to provide consistent and reliable evidence to demonstrate this.

What happens when my company becomes certified?

Once you become certified, you will be issued a certificate demonstrating your compliance to the standard and the scope covered by that certificate. Your organisation will be added to (eg. JAS-ANZ register) list of certified organisations to show potential customers you hold certification.

Generally your certification is a three year cycle and subject to ongoing surveillance audits within the next 6 or 12 months.

The certification period for most food standards is dependent on audit score; SQF audits are typically conducted annually however in the event that the site scores a 'C', a 6 monthly surveillance audit is required.

The certification audit process

What is the certification process?

Once an agreement is reached between you and PwC, the audit can commence.

Firstly, a desktop review (stage 1 audit) of your documented system is carried out.
Once complete and findings addressed, the main audit is conducted (stage 2 audit).
Once any findings are addressed and the certification manager has reviewed the report and approved it, certification with PwC's Complianve Services will be granted.
You will be issued with a PwC's Compliance Services certificate and you will be added to the JAS-ANZ register.
Ongoing surveillance and recertification audits will need to be conducted to ensure your certification remains current.

Who completes the certification audit?

PwC's Compliance Services engages experienced auditors, registered with Exemplar Global or equivalent, to conduct the reviews. The auditors must also demonstrate they have the specific knowledge and experience for your industry and scope of work before they are assigned to your engagement.

They also undergo an internal review process to ensure they meet our expectations of technical quality, communication and reporting abilities and audit completeness.

What is a finding?

Findings are the outcome of your auditor's activities throughout your audit and their assessment of your conformance with the audit criteria; in other words, the determination of conformance or nonconformance with the standard.

Your finding will typically be:

Conformant/conformance,
Observation or opportunity for improvement, or
Nonconformant/nonconformance.

Nonconformances are then typically graded as either minor, major, critical or non-critical to indicate their severity.

Nonconformances require a corrective action (CARs) to be implemented in order to prevent their recurrence with timing dependent on the grading.

Observations or opportunities for improvement are raised when your organisation has technically met the requirement of the criteria, however the audit team believe there is the potential to improve the process or activity, however it is then up to the auditee to review the observation and determine whether or not action will be taken.

What is a nonconformance?

ISO 9000 defines a nonconformance as the non fulfilment of a requirement. In other words, that the organisation's management system doesn't meet the requirement of the standard and requires action to be taken to prevent the recurrence of the issue.

Nonconformances are then typically graded as either minor, major, critical or non-critical to indicate their severity.

Nonconformances are then typically graded as either minor, major, or critical or non-critical to indicate their severity.

Nonconformances are then typically graded as either minor, major, or critical or non-critical to indicate their severity.

What happens during the audit?

Once an agreement has been reached to commence an audit, a desktop review (stage one audit) will be conducted on your management system. If there are findings arising from that review, they are then addressed by you.

Next, the stage two audit is conducted. This is the on-site audit and occurs for the number of days agreed with your certification body. When that audit is completed, the auditor completes the report, which undergoes technical review.

Once the review is complete, a certificate is issued stating that you comply with the standard you have been audited to.

How many audits will it take to be certified?

It may only take one audit, but the length of time to get certified depends on how many nonconformances (NCs) the auditor finds.

Generally, if there are few NCs companies take corrective actions and, if the auditor results that those have been correctly implemented, certification is awarded.

In most cases, organisations will have a system that has been operating for some time, they will have plenty of records, test results, monitoring records, internal audit records etc and other documentation the auditor to review when conducting the audit.

We call that being "audit ready". So, if you are "audit ready" and you request an audit, the process should not take too long.

What if nonconformances are raised?

Nonconformances are, in most cases, part of the audit.

Not every system is going to be perfect and nonconformances could be found by the auditor.

The auditor is interested in how you deal with the nonconformances once identified. If you already have a corrective action plan (also referred to as a corrective action request or CAR) where the nonconformance is addressed, and long term actions are put in place, it shows you have good control of your system.

If CARs are raised, then you will need to demonstrate to the auditor how you have rectified them, or intend to rectify them, for the auditor to close out that finding.

How often will my organisation be audited once we are certified?

The audit cycle is a three year cycle.

If you are on six month audits (example high risk industries), you will have 5 surveillance audits over the certification period. The beginning of the new cycle starts with a triennial audit which is a full audit of your system.

Depending on the risk level of your operations, you may be allowed 12 monthly surveillance audits and this means you will get two surveillance audits with the triennial audit starting the new cycle.

Who are the auditors?

Most auditors are registered with an auditor registration body, typically either Exemplar Global or IRCA.

There are other similar organisations around the world, however Exemplar Global is more commonly used in Australia and New Zealand.

For an auditor to conduct an audit, they should be registered or deemed suitably competent, and they must have the necessary industry codes and experience to audit a particular industry. We utilise highly skilled and professional auditors with strong communication skills.

I have multiple sites, does each site need to get audited?

No, not necessarily.

A sample of sites will be selected based on your operations, risk and maturity of your system. These will be audited to determine your overall level of compliance, and depending the scope agreed upon every site can be listed on the certificate.

What do I need to provide to the auditor?

To be certified to a management system, an organisation should be operating to a documented system. That system will contain a description of the processes occurring in that business and will be supported by records, SOPs, and other procedures.

The auditor is auditing to the requirements of the standard but more importantly, the auditor is auditing your organisation against what you say you are doing.

When will I know if I have passed the certification audit?

The auditor will give you a reasonably good indication at the end of the audit how you went in the audit, however the report still has to go through a review process.

There maybe some findings that prevent you getting a certificate initially, however once these are sufficiently addressed, a certificate will be issued.

Do you offer a multiple standard certification?

Yes, multiple standard certification is an effective and efficient way of gaining certification across multiple standards, particularly if your organisation has an integrated management system (eg. Quality, Environmental and OH&S systems).

Other disciplines can be bundled together to save on audit times also.

Will I get a physical certificate?

Yes, you will get a hard copy as well as an electronic copy.

How do I know if I am ready for the certification audit?

There are a couple of ways to determine if you are ready for an audit. You could engage an external consultant to conduct an internal audit for you; this may be expensive and you would need to be comfortable with the credentials of the external consultant.

Alternatively, you could request us to conduct a gap audit for you. Gap audits are for your information only and you will get a report describing where more work needs to be done to the system, without giving your detailed recommendations - It will only identify areas that should be rectified before the certification audit is conducted. You can then address those areas and then move to a certification audit once you feel you are ready.

If you feel you are ready, then you can proceed directly to the certification audit. However any nonconformances (if identified) will need to be addressed before certification is achieved.

Making the Switch

How do I change certification bodies?

At PwC, It's free to make the switch. Contact your local PwC relationship manager to guide you through the process or call us on 1800 95 97 92.

What if I am already certified?

Ensuring you're getting the service and value out of your accredited certification body is important. Once certified, switching from one accredited certification body to another is reasonably simple.

Provided there are no lock-in contracts with your previous certification body, making the switch simply involves providing your previous audit report and your current certificate to your new accredited certification body, which will then be assessed by them.

A new certificate will be issued on behalf of the new certification body, and your audit cycle can remain the same - your next audit will be picked up when you're next due.

What information do I need to provide to the certification body?

When you make application for an audit, the certification body (CB) will send you a questionnaire to complete. The questionnaire will give the CB necessary information to prepare a quote for you. Some questions will relate to site location, phone numbers, email addresses, senior management, and audit management.

Other questions will be about the size of the business, the staff numbers and the scope of the audit. Any additional sites will need to be shown.

There will be other information required and this preliminary information is necessary so we can give you an accurate quote and satisfy the requirements of JAS-ANZ.

How long until I get the certificate once the audit has been completed?

We know how important the certificate is to an organisation. Because of this, we endeavour to get the certificate out to you as soon as possible after the audit.

There is always a review process the report must go through before certificate issue is approved, but we try to get the process done as quickly as possible.

Showing your certification to your customers.

How do I prove in tenders that I am certified?

You can attach the electronic copy of your certificate to the tender document. If for some reason that is not possible, you can direct people to the JAS-ANZ register where all certified companies and their certifications are listed.

The PwC Certification seal can also be used to promote your achievement in your corporate material by displaying the PwC Certification seal in the following:

The certificate issued by PwC’s Compliance Services indicating compliance with the relevant Standard (Certificate)
Your website
Tender response documents including corporate letterhead

More information about the use of the PwC seal can be found on our website under Certification Services policies.

What can I display to my clients to show that I am certified?

You can display proudly the certificates showing your compliance with the standard, and you may retain a soft copy to email clients should they be asked for it. Additionally, many companies display the PwC Certification seal on their corporate letterhead for tender documents, and website.

More information about the use of the PwC Certification seal can be found on our website under Certification Services policies.

Contact

Have another question?

Contact us

Contact us

Isil Uysun

Partner, Sydney, PwC Australia

Tel: +61 409 523 777

Linkedin Follow

Email

Partner, Brisbane, PwC Australia

Tel: +61 407 964 089

Linkedin Follow

Email

Follow PwC Australia

Facebook Follow

Linkedin Follow

Youtube Follow