Log in


Brian E. Wish

Quality Auditor, Sr. Staff, Lockheed Martin, Mansfield, TX, USA

Dr. Brian E. Wish works full-time at Lockheed Martin Aeronautics, where he leads a standing team dedicated to Quality Management System (QMS) auditing of suppliers (second-party audits) following AS9100, ISO 9001, and company requirements.

He also leads a team focused on performing internal (first-party) audits of the Environmental, Safety, and Health (ESH) management system throughout the Aeronautics business area, reviewing internal requirements as well as conformity to ISO 14001 and ISO 45001.

In a previous role at Lockheed, he led the QMS internal auditing team. He also represents Lockheed as an IAQG Other Party Assessor, providing industry oversight to certification bodies, and has been recognized as an LM Associate Fellow.

In previous positions, he has been a Quality Engineer and a Quality Manager at various companies in the automotive and aerospace industries, for a total of over twenty years working in Quality.Dr. Wish is certified for third-party audits by Exemplar Global as a QMS Lead Auditor and by the International Aerospace Quality Group (IAQG) through Probitas as IAQG Aerospace Experienced Auditor. He also holds certifications as an American Society for Quality (ASQ) Certified Quality Engineer (CQE) and Certified Six Sigma Black Belt (CSSB).

He holds a Bachelor of Science from the United States Air Force Academy, a Master of Arts from Bowie State University, and Doctor of Philosophy (PhD) from the University of Texas at Arlington.

Dr. Wish teaches graduate classes as an adjunct professor at Tarleton State University, and has over 31 years of service with the United States Air Force, where he is Colonel in the Air Force Reserve.


Getting the 'So What' from 2nd Party Audits, and Doing It Remotely

Every part of a QMS is important, but for management systems built on ISO 9001, to include specific industry standards and standards for environmental, safety, and security, there are certain critical portions that are essential to support the rest of the system. Analysis of three system-level processes, Management Review, Internal Audit, and Corrective Action, along with some tactical indicators, can even be done remotely.-Management Review – The Management Review is more that a checklist requirement that Top Management have a meeting. The auditor should examine evidence of how leadership consumes quality information (inputs), takes actions (outputs), and reviews effectiveness of their actions. The real work of reviewing conformity and OTD often takes place at other operational meetings. Everything that management should review is data-based, so there should be slide decks, metrics, and logs to support their review of information. These artifacts lend themselves to remote viewing. If leadership is not reviewing appropriate information, they won’t know whether or not they are satisfying the customers and cannot ‘steer the ship.’-Internal Audit – The Internal Audit program maintains management system. Strong programs constantly make small corrections to keep the company on course. Weak programs provide no actions signals to management. It’s easy to create a weak but technically compliant program, and it can be tough for an auditor to support a finding for an ineffective program. However, an understanding of how well the Internal Audit program standing watch informs the ‘So What?’ conclusions. Audit procedures, schedules, reports, and training records can all typically be reviewed remotely.-Corrective Action – ISO 9001 based management standards require Corrective Action systems, and these too can usually be reviewed over Zoom or Teams. As management identifies problems, often in Management Review or Internal audit but also as input from customers or other internal sources, the organization must deal effectively with the actions. Are issues captured? Are procedures for determining corrective action followed? How many corrective actions are overdue? A company with 33% of its corrective actions not meeting its own timelines may not have an effective system.These three indicators demonstrate whether a company is looking for problems and solving them when found. Other tactical indicators can also tell an auditor how detail oriented a supplier is. For example, often we don’t think of calibration as something that can be audited remotely, but one can review a gage database and understand how many are overdue, which indicates day-to-day compliance.In addition to the report with findings and a conclusion, LM Aero second-party auditors hold a meeting after each audit with supplier quality and supply chain representatives and senior management to discuss the synthesized. A simple four-panel slide [shown here] describes the general information prompting the audit, objective results, analysis of what was seen, and recommendations for action based on that analysis.


Ethics for the Auditor

What are ethics? Are ethics encompassed by laws and codes? Corporate ethics focus on rules like not accepting gifts or not supervising family, conflicts that are easy to define., but life is complicated.

Laws, rules, and codes tend to be ‘Thin’ ethics and only address easily identifiable conflicts. ‘Thick’ ethics are the relationships between people. For example, family relationships are easy to spot, but how does an auditor perform an unbiased first-party audit of the auditor’s best friend that referred the auditor to the Quality Manager to hire in the first place?

Workplace relationships are natural, and can even arise on 2nd and 3rd party audits as well.

How we think about ethics: Of the four levels of ethical analysis (values, moral rules, ethical decision-making, and post-ethical), most people work at the first two levels. However, good/bad judgements are not sophisticated enough, and sets of rules are almost always too vague or too specific to apply in most situations. We have to operationalize ethics and make good decisions based the spirit and intent of the rules.

Ethical conflict: Ethical problems are conflicts. Important types include conflicts of interest, conflicts of authority, and role conflicts. For example, an internal auditor might receive guidance from the president of a company during an interview with Top Management, telling the auditor to dig deep, take extra time, and document everything possible. Afterward, the Quality manager may tell the auditor to only document significant findings. The auditor has received conflicting guidance from two authority figures.

How should the auditor reconcile this with his or her responsibility to apply criteria to evidence in an unbiased manner? (Examples of other types of conflicts will also be given.)

Ethical decision-making: This section describes in detail a model that can be used to make decisions when perceiving an ethical dilemma. First, gather information…who, what, when, where, etc. Next, define the ethical problem. A Conflict of Interest? Conflict of Authority? Role conflict? Third, identify alternatives. What courses of action are available? Next, project the consequences of each course of action. Finally, find the right fit by applying moral rules, rehearsing defenses, and especially applying the “Washington Post Test.” How would one feel if the decision made became widely known?

Business-level strategy: Unbiased auditing comes down to establishment of a culture of ethical behavior. The first step is prevention of conflict through leadership and alignment. How do leaders act to negative information?

Do managers fight against adverse findings (beyond all reason), or do they accept the input as an opportunity to get better? If the former, Top Management must be engaged to explicitly champion the latter. The next step is to engage the audit staff.

Auditors should be trained to recognize ethical conflicts and to use the decision-making model when conflicts are perceived, Then, rather than being uneasy about a situation, auditors will know that their uncertainty is normal and have a path to resolve the dissonance. Both of these strategies require regular reinforcement.


Government Organizations


““ ““ ““ ““ ““ ““
““ ““ ““ ““ ““ ““
““ ““ ““ ““ ““ ““
““ ““ ““ ““ ““ ““

(*) based on previous conference attendance

Contact us at:
Log in