Posts Tagged ‘Auditing’
What Happens Now That I Have My Certification?
At last we have attained certification, boy am I glad that is over. If this is what you are thinking right now, you have missed the point. Certification to ISO 9001, AS 9100 or any standard does not have a start and end point, (Implementation and Certification). Becoming certified is a continuous process which if implemented and attained correctly, with the right mind set, will result in lowering costs, and ongoing improvements for your business.
Never think that once you have reached your goal of certification that you are finished, now the hard part begins. Now you must live your quality management system day in and day out. Your processes must continue to be audited and improved, tracked and reviewed, trained and understood by all. This is your chance to reap the rewords of your planning, doing, checking and improving to become a world class organization and not just a another company with a certificate on the wall.
If you truly want to get the most out of the money and time spent to get that certificate, I suggest that you focus your attention on maintaining your system to reach peak performance. You will save money, improve relations with your customers, and knock the socks off of your competition. So why not take this certification and make it work for you?
Your Internal Auditing Process, Does It Hurt Or Help Continuous Improvement?
A Quality audit is the process of organized inspection of a quality management system carried out by an internal or external quality auditor or an audit team. It is an important part of organization’s quality management system and is a key element in the ISO quality system standard, ISO 9001.
Quality audits are typically performed at predefined time intervals and ensure that the institution has clearly-defined internal quality monitoring procedures linked to effective corrective and preventive actions. This can help determine if the organization complies with the defined quality system processes and can involve procedural or results-based assessment criteria.
With the upgrade of the ISO9000 series of standards from the 1994 to 2008 series, the focus of the audits has shifted from purely procedural adherence towards a process approach of the actual effectiveness of the Quality Management System and the results that have been achieved through the implementation of a QMS.
Audits are an essential management tool to be used for verifying objective evidence of processes, to assess how successfully processes have been implemented, for judging the effectiveness of achieving any defined objectives, to provide evidence concerning reduction and elimination of problem areas. For the benefit of the organization, quality auditing should not only report non-conformances and corrective actions, but also highlight areas of good practice. In this way other departments may share information and amend their working practices as a result, also contributing to continual improvement.
Internal audits should always be performed with the intension of improving the overall systems being audited, never as a fault finding or witch hunt practice designed to punish. If internal audits are properly executed with a spirit of open communication and real process improvement, this process can be the single most important driver for continual improvement. Done wrong, the internal quality audit processes can create a culture of fear which will hinder continual improvement. It is important that everyone within the organization clearly understands the objectives of quality auditing and their role in them.
Suppliers: Positive & Negative Affects
Suppliers are an integral part of any organization’s overall process. As such, they have the potential to be a positive or negative force. When suppliers are a positive force, materials arrive on time, materials are processed in a problem-free manner and costs are controlled. When suppliers are a negative force, materials often arrive late, processing problems occurs, and the supplier is of little or no help in resolving such issues. Obviously, it just makes good sense to have good suppliers.
The industry is quickly moving toward requiring their subcontractors and suppliers to be AS9100 compliant and/or certified. By conforming to AS9100 or becoming registered by a third party, suppliers can gain a competitive advantage and benefit from the improved processes and continuous improvement that is the foundation of ISO 9001:2008 certified quality management systems.
General Electric Aircraft Engines (GEAE) was one of the first manufacturers to require AS9000 compliance by all of their direct material suppliers. Currently, GEAE is requiring as9100 certification for all new suppliers, and existing suppliers have a gap audit and a certification audit performed to coincide with their existing surveillance audit schedule.
AS9100 Initial Assessment, What Does It Involve?
The quality certification assessment for AS9100 has two main goals:
- Validating system compliance and implementation
- Determining system effectiveness
Initial assessments are conducted in two stages. The first stage involves determining the company’s state of readiness and defining the approach and duration of the second stage.
Prior to conducting a quality management system AS9100 certification audit, the following should have taken place:
- The documented system has been reviewed and approved
- A complete cycle of internal audits has been performed and the results covered in a formal management review
- You know exactly what SQA will be looking for, so there should be No Surprises
- All identified weaknesses in the system that were discovered in the pre-assessment have been effectively corrected
- The certification assessment date, audit team makeup, and audit schedule have all been developed and agreed upon
The Purpose of The Stage 2 ISO 9001 Audit
The purpose of the Stage 2 Assessment is to evaluate your entire management system against the requirements of Standards to ensure conformance for the purpose of initial registration.
Stage 2 Assessments cover the entire scope of the quality management system (all policies and procedures related to the requested scope of registration). Audit methodology may include: watching activities as they are performed, interviewing personnel and reviews of the the management system documentation. As nonconformities are identified, the auditors will discuss them with your representatives to assure understanding.
The Purpose of a Stage 1 Assessment
The stage 1 audit is primarily for scoping and planning an ISO 9001 certification audit (the stage 2 audit) and to allow the auditor to obtain an understanding of the organization. During the stage 1 audit the auditor will gain knowledge of organizations quality Management system, policies, objectives, risks, processes, locations, etc. It also may be used for the auditing body to communicate its needs and expectations to the auditee.
Activities performed at a stage 1 audit include:
• Identification of the key risks of the business and related statutory, regulatory aspects and compliance
• An assessment of whether the auditee’s defined processes are adequate to meet its objectives and customer requirements
• performing a Documentation Review
• This review should determine if the organization’s Quality Management system documentation adequately covers all the requirements of ISO 9001:2008. The review would normally be carried out at the auditee’s premises (unless otherwise requested and justified). As a result of this activity, a report should be provided that notes any deficient areas. As part of the documentation review, the auditor should assess the extent and availability of supporting procedures and process descriptions. Collecting necessary information regarding the scope of the organization’s management system, processes and location(s)
• planning of the future certification documentation, including the Scope statement
• Planning the certification (stage 2) audit, including the requirements for audit team selection
• Acquiring evidence that internal audits and management reviews are being planned, or performed, effectively
• Checking that the quality management system is implemented and ready for the stage 2 audit, including appropriate level of documents and supporting records.
• If the system is deficient in any way, the auditor should note this in the audit report, so that the organization has an opportunity to correct deficiencies prior to its certification (stage 2) audit.
• Agreeing to a date for the stage 2 audit
What Is The Objective Of the AS9100 Rewrite?
The objectives of AS9100:2009 are to:
- Incorporate ISO 9001:2008 changes
- Expand the scope to include aviation, space, and defense as well as land and sea based systems for defense applications
- Ensure alignment with IAQG strategy (On-Time and On-Quality Delivery performance)
- Adopt new requirements based on stakeholder needs
- Improve existing requirements where stakeholders identified a need for clarification, including when a documented quality management procedure is required
There are major changes to the AS9100:2009 release that affect how companies implement AS9100 for the first time or upgrade from a previous version of the standard:
- A customer focus on On-Time and On-Quality Delivery performance in the Aerospace, Defense, and Space Industries, which will directly impact the implementation as a whole.
- A significant focus on Planning and Project Management including characteristics flow down
- A significant increased role for risk management and mitigation
- Changes companies need to focus on from ISO 9001:2008
- A major change in the auditing from a “checklist focus” to Performance Auditing from AS9101
ISO 9001: Verification of Effectiveness?
What exactly is verification of effectiveness? Many organizations struggle with this quality management requirement. When you are verifying the effectiveness of a corrective action you are seeking evidence that the causes of the problem have been removed or reduced. In a perfect world, each problem cause would be removed. This however is not always possible. Sometimes the best you can hope for is a reduction of the causes. The cause is still there, but it manifests itself less frequently or less severely. So the best option is to remove the cause, but the next best option is to at least reduce the cause.
The key to verification of effectiveness is evidence. You are seeking objective, factual evidence that your problem causes have been reduced or removed. This evidence usually takes the form of data or records. Another powerful form of evidence is your own first-hand observations. That’s not to say that you can’t accept verbal evidence, but records, data, and first-hand observations are certainly better and more easily audited. To improve your current corrective action process make sure that each time you act to correct a non-conformance, you go back and verify that what you did actually accomplished what you set out to do, “ remove or reduce the problem”. Some software applications available today can greatly aid an organization that is struggling with this requirement by prompting the responsible individual to review the corrective action taken so that a decision can be made as to the effectiveness of that action. Let’s face it, today small business owners are concerned about where each dollar is being spent and what the pay back will be. Software is one of the best ways to add value when organizations are continuing to down size.
Auditing Your Suppliers And Assessing Risk
Supplier audits need to focus on the suppliers and quality management systems that are truly critical to the supply chain, and better utilize available expertise to ensure that performance requirements will be met. Why do we perform supplier audits/? Once we understood that the purpose is to ensure overall success of the supply chain, then an expansion of related audit issues is also required. Supplier quality system audits have contributed to spreading the word about the importance of quality, and the need for a management system that helps keep quality on every business’ agenda. It’s now time to expand the boundaries of our thinking to include other issues, such as risk, that allow a business to grow and prosper or fail.
Companies that do not utilize a strategy for managing supply chain risk may be exposed to potentially negative influences, including impact on procurement, manufacturing and time to market processes in supply chain.
It’s for these reasons that supply chain risk management is now an essential part of a company’s supply chain strategy. It is the only way companies can ensure risks are identified in the entire value chain and mitigated to deliver financial goals.
Are Your Suppliers Meeting The Requirements Of ISO 9001:2008?
There are various ways in which your supplier can claim that its quality management system meets the requirements of ISO 9001:2008. These include:
- Supplier’s declaration of conformity: Your supplier makes a declaration affirming that its QMS meets ISO 9001:2008 requirements, usually supported by legally-binding signatures. This declaration can be based on your supplier’s internal audit system, or on second party or third party audits;
- Second party assessment: your supplier is audited directly by its customer (e.g., by you, or by another customer, whose reputation you respect) to check if its QMS meets ISO 9001:2008 requirements and your own requirements – sometimes used in contractual “business-to-business” transactions;
- Third party certification: your supplier uses an accredited Certification Body (Registrar) to audit and verify it’s conformity to ISO 9001:2008 requirements. This third party then issues a certificate to your supplier describing the scope of its QMS, and confirming that it conforms to ISO 9001:2008.