Posts Tagged ‘Auditing’
What Are The Inputs and Outputs and Key Measurables Of A Process?
With ever business process that you put in place there are inherent inputs, outputs and key measurable that will help you determine whether or not you are meeting the objectives of the process. You will first need to determine the inputs of your processes, “What are the key aspects of the process that you would like to achieve?” For instance, in your supplier management process what will be your objective? Your objective should be to have approved suppliers. Now, what will you put in place to achieve your objective: Supplier approval criteria, Supplier Evaluation (inspection discrepancies) and Supplier Reevaluation. These will become the inputs to your supplier management process.
Once you have determined the inputs of your process you will next need to determine the outputs of the process. In the example noted above some possible outputs to the supplier management process would be an Approved Supplier Register, and Receiving Discrepancies. These will become the evidence of your approval process objectives.
Once you have determined the inputs and outputs of your process, you must now measure the process to see if it is accomplishing its intended purpose (Approved Suppliers based on the inputs and outputs you have set in place). Key measurable for a supplier management process may include Supplier Performance data reviewed in Management Review (Receiving Inspections), Evidence of the organizations certification to an international standard (A copy of a current ISO 9001 or AS9100 certificate), results from a supplier audit or survey , etc. You must determine how you will measure a supplier’s performance towards your requirements and then keep records to verify their effectiveness at meeting these requirements.
ISO 9001, What Should I Be Auditing and How Often?
The ISO 9001 standard does not specifically tell you what processes need to be audited or how often they should be audited. It does however state that the audits you do perform should be planned, and based on status and importance. So what does this translate to mean? Should you audit everything process every year, maybe, maybe not. The standard does not tell you how often, how many or what to audit, you decide what makes since for your organization (where can you get the most value and keep your quality system functioning as intended).
The best advise that I can give is review your process maps, non-conformances, past internal and third party audits, and determine where your quality management system needs attention. Where are the black holes that cause lost time, lost money, customer dissatisfaction (where are the points that are or could significantly impact your ability to satisfy your customer or grow your business). Answer these questions and you will be able to develop a planned audit schedule that will add value to your quality system. Don’t audit every process every year unless every process in your system is not functioning as you intended it to or does not meet the ISO 9001 standard requirements. If this is the case you would not be certified in the first place. Don’t audit for the sake of auditing this is costly and time consuming, get the most out of your internal audits by making them address real issues that can improve the entire quality system.
How many audits should you conduct each year? You decide how many audits will be enough to keep your quality management system functioning properly. Keep in mind, you cannot successfully improve your processes unless you periodically review them. Nothing stays the same, so if you don’t review your processes periodically they will come back to bite you via loss of business, non-conformances, increased costs, obsolete documentation, and ultimately loss of certification.
Finding an ISO 9001 Auditor that fits the needs of your company
Finding an ISO auditor that fits well with your company is fundamental to a successful certification experience. You want to work with a person that you are comfortable with and that is comfortable with you! Here are some tips that you can follow to find an auditor that you know you will work well with your company:
Try to find a registrar that has somebody who can answer your questions, someone that you feel comfortable with and meets your financial requirements. Make sure the registrar has auditors with experience in your area. What good is a registrar that has an auditor that lives down the street from you if they’ve only audited service processes? They’ve never audited a machine shop, and you’re a machine shop.
You want an auditor that fits you and your company and gives you good observations and opportunities for improvement as they audit. Ask to talk with your potential auditor. It’s always nice to be able to converse with somebody so you get to know who they are before you meet them. If they are in the area, maybe they can drop in just to talk to you, just to put a face to the name.
Some registrars have auditors all over the United States and even some overseas. Be careful when you are trying to find an auditor close to you. Sometimes you are going to find that the auditor you like isn’t close to you. If you like that person, and are willing to pay travel expenses, the registrar should be happy to send that person to you.
Remember you are the customer, make sure you exercise your right to selecting the auditor that best fits your needs.
Quality Management Systems Auditing, Make It Worth Your Time
With the upgrade of the ISO9000 series of standards from the 1994 to 2008 series, the focus of the audits has shifted from purely procedural adherence towards measurement of the actual effectiveness of the quality management system or the total process, and the results that have been achieved through the implementation of a QMS. And now with the upgrades of the AS9100 quality standard, there are even more ways to develop and implement corrective and preventive actions that will greatly benefit the organization.
Audits are an essential management tool to be used for verifying objective evidence of processes, to assess how successfully processes have been implemented, for assessing the effectiveness of achieving any defined target levels, to provide evidence concerning reduction and elimination of problem areas. For the benefit of the organization, quality auditing should not only report non-conformances and corrective actions, but also highlight areas of good practice. By highlighting these areas other departments may share information and amend their working practices as a result, which contributes to continual improvement.
There are times that auditing feels like an arduous ordeal, and those being auditee feel as though they are being personally judged. The most important part of conducting an audit is to communicate with the auditee the intent of the audit and their role in it. For an audit to give meaningful information back to the organization, you must get the cooperation of those being audited. Let them know that the audit is not a tool to punish but rather an opportunity to improve the organization as a whole. Finds are not bad things, quite the contrary they are the building blocks for the continued success of the organization (continual improvement). Why not make it the responsibility of each employee to contribute at least one opportunity for improvement each year. Just think how much better your company will be after one year.
AS 9100C Is Here, Are You Ready?
The International Aerospace Quality Group (IAQG) released a revision to AS9100, the quality management system for the aviation, space and defense industries. But, unlike the recent release of ISO 9001:2008 (which was more of an amended version), Revision C will have noticeably more impact. Its benefits, however, far outweigh the impact of implementation. The new requirements are intended to make major improvements in quality and reductions in cost – throughout the supply chain.
The Standard includes several new requirements and clauses that focus on planning, project management, and risk management. It is intended to cover on-time delivery performance, the formal monitoring of customer satisfaction trends, and formal plans to ensure continual improvement – all of these new requirements are operation critical. IAQG’s mission is to radically raise the on-time, on-quality delivery (OTOQD) performance across aviation, space and defense industries.
So when should you begin to implement these new requirements? The answer is now. The IAQG has finally completed the training requirements for the registration auditors. Auditors will begin to be trained to AS9100C in May 2010. If your recertification is coming up soon you may want to consider integration of the new requirements now. Keep in mind those suppliers participating in the aviation, space and defense industries will be increasing required to become certified over the next five to ten years. Most, if not all of the primes will require participation from its suppliers and subcontracted service providers. If you want to be a player in these industries, at some point certification will be the only way to play. Are you ready?
ISO 9001 Internal Auditing What, When, How?
Most companies understand the idea of auditing but not the concept of “Process Auditing” as expected to be compliant within both ISO 9001 and their own quality management system. Even companies that are currently registered to the standard may not have a thorough means for evaluating its processes through their internal audit program. Which processes are expected to be audited under ISO 9001?
The ISO 9001:2008 standard is quite vague as to what should to be audited or even how often these processes should be reviewed. The standard indicates that audits be carried out at planned intervals to determine whether the quality management system conforms to the planned arrangements, to the requirements of the standard and the organizations own quality management system requirements. So what is an appropriate interval for your company? Ask yourself,” What is the worst that can happen and where could it happen”? Where are we having the most problems now? Look at your interrelationship of processes and pinpoint the likely areas that have the most chance of resulting in non-conformance. Conduct a risk assessment to determine where the highest risks are, and which risks may produce the most significant impact on your product performance (Status and importance of the processes). Now audit these processes, interview staff, observe activities and view relevant records then determine if there are weaknesses and assign corrective actions. Go back to these areas after the corrective actions are put in place and determine if the actions have accomplished the desired effect. If the actions are effective, close out the audit and move on to the next process.
Don’t audit a process for the sake of having an audit record to show an auditor. If a process is functioning properly it does not need to be audited once a year. Nowhere in the ISO 9001 standard does it say you have to audit all of your processes once a year. You are in the driver seat, and you will determine what, when, and how you will audit your system.
ISO 9001 Internal Auditing Success
The third party auditor will audit your system once or twice a year, so why do you have to conduct internal audits? The first and most obvious reason is, if you wait for the third party auditor to tell you your system is in trouble, you are missing the point of continuous improvement all together. The second reason is that the third party registrar does not consider the surveillance audit as an internal audit. The standard requires that “you” perform planned internal audits of your system based on status and importance of the processes and areas to be audited. If you do not know whether or not your quality management system conforms to your planned arrangements, or the standard, then how can you determine if you are improving? The ISO 9001 standard is based on the Plan, Do, Check, Act principle of continuous improvement. Internal Auditing is the “Check”, and without it you may never know when to act.
The internal audit process need not be a time consuming; there are many ways an internal audit can be accomplished. Every day we conduct countless audits without even knowing it. A manager who walks the plant floor may notice a process which is not working as intended, a worker may notice that the forms he, or she is using are outdated , receiving may find that the same supplier never send the correct paperwork with the products they provide; these are audits that never get documented. These audits are not planned, but they are audits none the less. The planned audits do not have to include all of the processes in your facility once a year, remember “Status and importance”. Go after the low hanging fruit first, (areas where you are having issues), then review the other areas as needed. Whatever you do, DO SOMETHING, or your entire quality system will fail to accomplish the goals and objectives you have set for your organization. My philosophy is simple, if you are going to invest the time and money to become certified, get the full value of certification or you will be wasting your resources for nothing.
ISO 9001 Lesson Learned
ISO 9001:2008 is the foundation of many of the quality management standards now available to organizations worldwide to help organize and maintain product and service integrity. The standard in and of itself, does not tell you “HOW “ to do anything but rather it tells you what quality programs and processes you need to establish to meet the requirements of the standard. For example: The standard has numerous passages which state the organization “SHALL” develop and implement something to comply with the standard. The organization “SHALL”:
- determine the processes needed for the quality management system and their application throughout the organization.
- determine the sequence and interaction of these processes.
- determine criteria and methods needed to ensure that both the operation and control of these processes are effective.
The quality management system documentation “SHALL” include:
- documented statements of a quality policy and quality objectives
- a quality manual
- documented procedures and records required by this International Standard
- documents, including records, determined by the organization to be necessary to ensure the effective planning, operation and control of its processes.
As you can see, nowhere in these requirements does the standard tell you exactly how to carry this out. Where many companies fall short when trying to interpret the actual intent of these requirements, is the planning process. How much documentation is enough and how will we satisfy these requirements so that what we say we do is actually what we do. A lot of the confusion comes from not understanding the standard, and then ultimately doing too much or too little. Most of the non-conformances that the third party auditor will eventually find, (90%), are written against the self imposed requirements of an organization, not against the standard itself. For example: Some companies buy document templates and insert their name here and there, but never modify the documents to meet their individual process needs. Every company is different, so you cannot buy a caned quality system without modifying it to your particular needs.
Get educated to the standard and or hire a business management consultant that can guide you through the process. ISO 9001 as well as most of the other standards out there does not have to complicated or overly time consuming. Get the most out of your system, and avoid the pit falls generated by lack of understanding.
ISO 9001:Why Do You Need Procedures and Process Control?
Why do you develop and implement policies and procedures in the first place? By adopting policies and procedures, organizations are generally trying to tackle one or more of the following organizational requirements:
- Decrease training time;
- Increase consistency;
- Fulfill compliance requirements for ISO 9001 or some other standard;
- Risks management assessment;
- Improve Communications, internally and externally;
- Preserve and convey knowledge;
- Document continual improvement and manage change;
- Decrease non-conformance rate;
- Streamline access to information; and/or
- Make duplication and growth easier.
If your organization is struggling with how to get started with documenting and organizing your quality management system, you’re not alone. As a Quality management consultant and lead quality management systems auditor, I see so many companies who just don’t get it. If you do a poor job documenting your quality management system you’re in for a lot of pain and heart ache. A competent auditor can tell in five minutes if an organization understands their own system.
So why not start with a firm understanding of how to develop and maintain your system, sounds like common sense, right? If you need help there are many consultants and training programs that can help get you started. Choose wisely and you will find that not only will you be prepared for certification, but also you just might make the improvements that do save money, time, and pain.
If AS9100:2009 is published, why can’t I get certified to AS9100C now?
Before any company can be certified to the AS9100C standard, the aerospace industry must complete these milestones:
- The AS9104-1 standard must be published (expected spring 2010)
- The AS9101D standard (checklist) must be published (expected Spring 2010)
- The AS9100C/AS9101D course for certification body auditors (NQA auditors) must be developed, vetted and made available for use by certification bodies (expected by 30 April 2010)
- Certification body auditors must attend this course, pass it, submit their applications to RABQSA and get approved (we expect that to happen over the summer and fall of 2010)
- The registrars must submit an application to ANAB and then be audited before we can be accredited to perform audits to AS9100C (we expect that to happen early summer of 2010)
Once all of the above tasks are completed, registrars will be able to conduct audits to the quality management system requirements of AS9100 revision C.
As to when your company must transition to this new standard, all AS9100 audits after July 1st, 2011 must be to AS9100C and that by July 1st, 2012, AS9100B will cease to exist and all registrations for AS9100 must be to revision C of the standard.