Allan & Jim
In view of the debate you are having and the fact that I know you both quite well (Allan for some 20 yrs) I could not resist contributing my twopence.
I read 6 pages of Alans paper and tried searching on process audit or definitions etc but drew a blank. Allan appears to say that
If the 'reviewer' is independent of the process, fully understands the process approach, fully understands the process itself, works systematically, is properly prepared for the PR, is able to find root causes of whatever problems might be discovered, can demand effective corrective action, and will not allow work to proceed further unless and until such action is taken and verified as effective then, yes, equivalent practices are used.
I would take issue with Allan's statement.
ISO 9001 does not require the auditor to be independent of the process or activity - only that they do not audit their own work. Therefore a process 'owner' or 'manager' could audit/review his/her process and be compliant.
'Understands the process approach'
Here Allan and I may cross swords because while I agree he did introduce the task element approach in the 1970s I don't regard this as the process approach (unless of course he has changed it from his writings of the 1980s) because it is task focussed not objective focussed. Auditors do follow a sequence of activities, an audit trail but this is not process auditing, it is transaction auditing. Process auditing is about establishing that there is a process in place to achieve defined objectives, that these objectives align with the needs of the stakeholders and that they are being achieved by an effectively management process.
'will not allow work to proceed further'
Here Allan is suggesting that internal audits are controls. Which in my experience is not correct except for product audits where stock is held until the result of the audit are released. Internal audits are different. They might look at work that is currently being done but often they look at work done long ago and are not intended to act as a break on the process.
But the bottom line is surely what the audit or review sets out to achieve. If it can be demonstrated that the organization delivers outputs that satisfy the stakeholders and that there is in place a regime of activities that ensure the processes are not only delivering the right outputs but in the best way and that the outputs are periodically reviewed against stakeholder needs - what else do the certification bodies need?
If the organization cannot demonstrate it has the capability of satisfying its stakeholders and managing its processes effectively it should not be awarded the certificate anyway but thousand of organizations are which is why ISO 9001 cerrtification has been devalued.
Am I right or am I right?