Posts Tagged ‘Audit’
Are Your Suppliers Meeting The Requirements Of ISO 9001:2008?
There are various ways in which your supplier can claim that its quality management system meets the requirements of ISO 9001:2008. These include:
- Supplier’s declaration of conformity: Your supplier makes a declaration affirming that its QMS meets ISO 9001:2008 requirements, usually supported by legally-binding signatures. This declaration can be based on your supplier’s internal audit system, or on second party or third party audits;
- Second party assessment: your supplier is audited directly by its customer (e.g., by you, or by another customer, whose reputation you respect) to check if its QMS meets ISO 9001:2008 requirements and your own requirements – sometimes used in contractual “business-to-business” transactions;
- Third party certification: your supplier uses an accredited Certification Body (Registrar) to audit and verify it’s conformity to ISO 9001:2008 requirements. This third party then issues a certificate to your supplier describing the scope of its QMS, and confirming that it conforms to ISO 9001:2008.
AS 9100: How Often Will We Be Audited?
Each type of audit will have its own schedule. Often companies will have more frequent internal audits than third-party audits, especially during the early stages of your as9100 certification and implementation. These early audits help employees become more comfortable with the audit process, eliminate any problems in the quality management system, and thus help ensure the company will “pass” the registration audit.
WHAT IF WE DON’T PASS THE ISO 9001 REGISTRATION AUDIT?
There are basically three things that can happen in a registration audit:
- Your company may “pass ”the iso audit, (in official language, your company will be “recommended for registration”), in which case the company will receive its official registration in about a month.
- Your company may be told that a follow-up visit must be scheduled and that if corrective action on all nonconformities found during the audit is successfully completed by that visit, registration will be issued.
- Your registrar may find that your company has quite a bit of work to do before it will be ready for registration, and another registration audit will have to be scheduled.
In all cases, the registration auditor will report all findings to your management before he or she leaves, so that your company knows where it stands.
The ISO Standard Says That Internal Audits Cannot be Completed by Someone Involved in the Activity. How Does a Small Business Meet This Requirement?
An organization that has fewer resources must look to other options, like outsourcing or cross-functional activities, to fulfill internal requirements for audit. There are many individuals and organizations that provide internal audit services to small companies at a fraction of the cost of employing personnel full time. The contracted individual or organization manages the planning process for internal audit based on your established procedures or you can develop the plans for ongoing internal audit. Another option is to train individuals within your organization that can perform internal audits and alternate audit activities between processes. For small companies this is often not possible as people are actively involved in all the processes and activities of the company; therefore, outsourcing is a better option to ensure objectivity.
The Goal Of The AS9101 Rewrite
The AS9101 rewrite goal is to provide requirements on process auditing and development of AS9100 series audit approaches and tools that focus not only on conformity, but also on effectiveness of a AS9100 quality management system (QMS). The AS9101 proposal is to develop an enhanced audit process for evaluating process-based management systems that aligns with ISO 17021 and consists of:
• Process-based information gathering.
• Assessment or analysis and audit planning.
• Development of performance-based and process-oriented audit methods and techniques.
• The ability to capture objective evidence of process conformity and effectiveness.
The major proposed changes in the rewrite of AS9101 include:
• Creation of one document covering AS9100, AS9110 and AS9120.
• Elimination of scoring and key requirements designations.
• Use of data and customer feedback concerning organizational QMS performance as an input for process-oriented audits (for example, Online Aerospace Supplier Information System (OASIS) customer satisfaction or performance scores).
• Inclusion of determination of effectiveness, in addition to conformity.
• More emphasis on performance measuring.
• Introduction of the objective evidence record.
A major theme of the AS9101 rewrite is examining process effectiveness. ISO 9000:2005 defines effectiveness as the extent to which planned activities are realized and planned results achieved. The ultimate measure of QMS effectiveness is customer satisfaction.
What has not changed in AS9101 includes determining conformity to the standards, documenting discovered nonconformities and drawing conclusions on conformity of the organization’s QMS based on information collected during the audit.
The Real Purpose of The Internal Audit
How a management system is audited and the data that comes out of a management system is analyzed will directly relate to how much money a company saves by using an ISO 9001 system. If a company wants the most from its internal audit system, it must go above and beyond checking to see if it does what it says, says what it does.” Questions such as these must be asked:
- How is the effectiveness of this process measured?
- What is done when desired results are not achieved?
- Why is something done in a certain way?
- How do other departments affect this process?
- What could improve this process?· What are some preventive actions that can be taken or have already been implemented for this process to prevent a potential problem?
The answers to these questions are what management will review to decide if it needs to, or should, take action to improve the process. The management team does not really care about pages of filled out checklists in a book that says the processes match the procedures and that there were no findings. If the management team is going to invest time and resources into the iso internal audit activity, it wants to have information brought to it on how it can improve processes and ultimately make the company better.
Avoid documentation mistakes
If your company is preparing to become ISO 9001 certified, you should know what you need and what you don’t need. Some companies are overzealous and become obsessed with over-documenting their systems, rather than focusing on what their procedures actually are and documenting them. While ISO 9001 requires documented procedures, the standard doesn’t specify what they should include or how they should be formatted. The fact that many companies miss is that a third-party auditor will not be concerned with the format, but rather with the content of the procedures and how closely they align with what the company actually does.
Documents should be written to define a company’s processes, not to make processes sound more impressive than they are. A common nonconformance found in an ISO audit is not that a company was unable to meet a standard’s requirement, but its inability to meet a requirement in one of its own documents. A company can essentially sabotage itself by over-thinking its documentation. ISO 9001:2008 requires a manual and six documented procedures. Fulfill those requirements; other written procedures are unnecessary.
Auditing and Continual Improvement
The most important part of the audit is not what the auditor does in collecting the data, but what the manager does with the audit information. Managers must be prepared to take actions to correct audit finding and to recognize excellence. The actions taken to make improvements must not make the situation worse. The best approach is to meet with the people involved in the finding and ask for their ideas for improving the situation and to empower them to solve the problem. This allows them to assume ownership for the problem and for the solution. The manager must then seek commitment from people to resolve the problem within a certain time frame and make resources available to support improvements, if necessary.
The worst possible scenario is for managers to use audit information to punish people. Management must drive fear out of the organization. Punishing people will condition the organization to resist audits and hide problems from management. The manager must learn to receive bad news from an audit as an opportunity for improvement and then involve staff members in resolving the issue. Often the audit will bring to light performance problems that can be solved only by upper management. Although management alone has the authority to change the system, management can usually invite the people who work in the system to help diagnose the problem, make recommendations, and implement solutions for resolving the problem.
Successful organizations are those that learn to place a high value on continuous improvement. Everyone in the organization, from the managers in the strategic center to the individual contributors, must all share a belief in the positive discussion of problems and deficiencies as a necessary first step in achieving excellence.
Supplier Management Software Solutions
Controlling Your Supplier Base Using CIS – Large corporations may not have a need for CIS Software for their own applications because they generally have an integrated information system that has been in use for many years that meets their requirements for management and quality assurance. However, their system does not integrate with their supplier base and does not provide for a complete control over their suppliers other than simple reporting of nonconformities, engineering approvals and purchasing.
Most larger corporations have a supplier control department that will audit and approve suppliers to ensure that the suppliers are capable of meeting their stringent requirements. Additionally, the supplier control department will monitor and perform periodic audits of the suppliers to ensure continued conformance to their specifications.
This approach, although effective in controlling the quality, is very expensive when the travelling expenses and time to audit is factored into the overall cost.
CIS Software offers the larger corporation as well as small business a solution that is more effective and far less costly. If the suppliers to a large corporation are using the CIS Software, then the supplier control department can perform electronic audits of their systems far more often without the huge travelling expense. CIS will also offer immediate reporting of supplier issues and their resolutions.
Auditing Competency and Training Requirements ISO9001/AS9100
In auditing your organisation’s compliance with the competence and training evaluation requirements of ISO 9001 or AS 9100, an Auditor would be seeking evidence that the following issues are addressed:-
1 – An organisation needs to identify what competencies are required by personnel performing work that affects quality.
The objective of the auditor should be to determine whether there is a systematic approach in place to identify these competencies and to verify that the approach is effective. The outcome of the process may be a list, register, database, human resources plan, competencies development plan, contract, project or product plan, etc.
2 – Are competent people assigned to those work place activities necessary to control the quality characteristics of its processes and products?
Verify that some form of evaluation process is in place to ensure that the competencies are appropriate to the organization’s activities, and that the personnel selected as competent are demonstrating these competencies. Also, the process should ensure that any deficiencies are being acted upon and the effectiveness of personnel is being measured.
3- The organization needs to evaluate the effectiveness of the actions taken to satisfy the competence needs and to ensure that the necessary competence has been achieved.
The organization may use a number of techniques including role-play, peer review, observation, reviews of training and employment records and/or interviews
4 – Maintenance of competence.
The auditor needs to verify that some form of effective monitoring process is in place and being acted upon. Ways of doing this include a continuing professional development process (such as the one described in ISO 19011), regular appraisals of personnel and their performance, or the regular inspection, testing or auditing of product for which individuals or groups are responsible.