Quality for Beginners – ISO 9001 & 14001 | A seasoned auditor answers FAQs
Jul/10
7
Making audits useful and not just a compliance tool
No comments · Posted by pqaintl in Quality Management
Maintaining employee involvement in continuous improvement is all about corporate culture. If top management, managers, and supervisors are not routinely involved in addressing audit findings and driving improvement projects, it is all too easy for the QMS to have insufficient support to be more than compliance busy work.
ISO 9001:2008 says in the section for internal audits (8.2.2) that “management responsible for the area being audited shall ensure that any necessary corrections and corrective actions are taken without undue delay to eliminate detected nonconformities and their causes”. This sentence emphasizes several potential weaknesses to the effectiveness of any audit program:
- Management attention to audit findings – see earlier blog
- The difference between “ Correction”( a quick fix) and “Corrective Action” (a long term solution that addresses the weakness in the quality system, not the product, to prevent similar repeat issues) — see earlier blog
- The speed with which audit findings are addressed — the fact that ISO included the term “without undue delay” is telling of a trend to ignore/postpone addressing audit findings.
- The potential for any nonconformity to have more than one contributing cause
So how do you make internal audits useful?
- Reward those who find opportunities for improvement – don’t call them nitpicky whiners!
- Ensure supervisors and department managers are accountable for addressing audit findings
- Make corrective actions a positive team experience to ensure ownership of the new process
- Ensure that findings are addressed in a 2-step (immediate fix vs long term solution) process
- Set time limits and accountability for closing audit findings. Certifying bodies have a mandatory reply time to ensure that findings have been addressed and closed – do it for internal findings too!
- Reassess, reassess, reassess! If the first corrective action didn’t prevent recurrence of similar problems, find the second cause, implement a corrective action for that cause, and assess it’s effectiveness.
- Collect trend data by types of QMS nonconformities, types of product issues, types of corrective actions, etc., to evaluate the effectiveness of your improvement activities. If you have no audit findings, encourage auditors to dig deeper (they’re not looking at details!).
At the end of the day, it’s all about what you do with what you found. Do nothing and your audits are a waste of time. Use them to help you drive a culture of continuous improvement and they’ll be of great value.
Have fun making your audits useful
No tags
“It’s just a rework – don’t make me do a Corrective Action form – the paperwork will take longer than the fix”…. Ever heard that???
There’s a huge difference between NonConformities and Corrective Actions, but if you are the type of company who gets a customer return, and they demand a corrective action every time, you’ve probably come to dread these concepts. Lets step back from the viceral “I hate paperwork” reaction that we all have for just a minute, and discuss the uses and purposes for nonconformities and corrective actions.
There are many things that could potentiall fall into the NonConformity (NC)category -especially since ISO defines a NC as “non-fulfillment of a requirement” – but for most of us, it breaks down to:
- Product failure – it looked right, you delivered it, but it’s not working right and you are asked to rework, or replace it – (hard $$ loss)
- Rework – something needs fixing during/after production – (soft $$ loss)
- Audit finding – your documentation says you do things one way, but the auditor found something different – (no immediate visible impact…or is there?)
At first glance, in the world of customer satisfaction, this is definately a 1 is worst case, and 3 is least critical. But there’s a hidden factor in here. If your job is crisis management – always running around fixing complaints and reworks (ISO calls these fixes “Correction”) – then your Quality Managment System is not working for you because you’re stuck at the product level. The problem with the fireman approach to quality management is you’re stuck in “what” -fixing problems in categories 1& 2, instead of limiting them by adressing “why” they occurred when you found them in category 3.
That’s where Corrective Actions (CA) come in. Now don’t get me wrong. I’m not saying that for every internal rework you have to do a CA analysis – if you did you’d never get product out the door – but if you don’t keep a record of every time someone has to redo, rework, or replace already completed work, you’ll never know where you need to focus attention to look at the “why” for all that wasted machine time, material, and labor (the invisible $$ hemoraging from your company).
Addressing a NC is 3 steps:
NC identification (what is wrong) -> Correction (fix the product) -> Record what was wrong, reason it happened, result (rework/replace/ UseAsIs)
So what if there was a better way than repeating this first cycle again and again? How about learning from problems instead of being stuck in fix-it mode. That’s where those records of rework come in… once you know the most common types of errors (NC trends), you can address their causes one by one and cut down the time and $$ lost in rework.
The record keeping part is 3 steps too:
NC records -> NC trend data -> Data analysis to determine issues requiring Corrective Action
The Corrective Action process takes you from problem, through reason it happened, to deciding what to do to prevent it ever happening again. It’s purpose is not to assign blame or make someone promise to pay more attention next time (a common misunderstanding), but to help you discover the weakness in your QMS that allowed the NC to occur. Once you know what’s wrong with your system, then as a team you can decide what needs to change in your process. Be sure to involve those who will carry out the new process - they have to own it, and will know what won’t work.
The Corrective Action process is 4 steps:
NC trend -> Root cause (whats wrong with the system, not a person) -> Corrective Action (what do we do to prevent this happening again) -> Followup to see if the corrective action was completed, and was effective.
We’ll discuss Root Cause Analysis another time. For now, if you hear someone say “now What?” and you know that it’s not the first time that problem has happened, consider digging down to “Why” and doing a corrective action — even if an outside body ISN’T requiring it.
Happy improving !
No tags
Jun/10
30
Using external consultants to perform internal audits
No comments · Posted by pqaintl in Quality Management
Over the last 10 years I have audited many small companies that hired consultants to perform their internal audits for them, so that they could meet their ISO 9001 audit requirements. Using an external consultant to reboot a failing system can be highly beneficial to overwhelmed staff. However, while auditor objectivity is indeed enhanced by using external auditors, someone internal must be responsible for ensuring complete follow through of any findings. The level of longterm effectiveness is dependent on company culture and management commitment to improve the QMS. I have rarely seen it work for small companies over the long term, for a couple of reasons:
Firstly, the reason internal audits cannot be completed by existing trained in-house auditors should be evaluated. If management views internal audits as `only beneficial to obtain a certificate and therefore time has not been made available for internal staff to perform the audits, the impact of external auditors will be minimal since the purpose is conformity not improvement. If instead management has determined that best practice input could be obtained by external auditors, then the follow through will probably be different, and even though the auditor many not know every detail of the company, their expertise will be a valuable asset to the organization.
Secondly, responsibility and effectiveness of activities following any external audit must be evaluated. If (as is more commonly the case in smaller companies) it’s easy for everyone to go back to business as usual after the external auditor/consultant leaves the premises… the typical long term result is repeat or similar findings recurring during each subsequent visit by the external auditor – a prime indicator of lack of internal ownership for the findings. If (ideally) there is an internal driver responsible for implementing corrections and corrective actions, and evaluating effectiveness of those actions ( a critical element to closing out audit findings), then using the expertise of external auditors to drive improvement of your QMS will likely be highly beneficial.
No tags
There is a lot of confusion within the quality industry, and especially new companies about these two actions. Part of the reason is that ISO 9001:2008 (and its predecessor 9001:2000) describe their associated activities in a similar structure, with a couple of key wording differences… We’ll discuss the specific actions in a later blog. For now lets clear the confusion of terms.
A corrective action is a result of a Nonconformity – and prevents Recurrance. The implication being that once the corrective action has been implemented to prevent recurrance you shouldn’t see repeat corrective actions for the same type of issue.
A preventive action on the other hand comes from a Potential Nonconformity – and prevents Occurance. That’s right – nothing bad happened to initiate a preventive action. It’s a documented improvement. As an auditor, true preventive actions – not long term corrective actions – are rare in companies with a young QMS. They are evidence of management and staff focus on improvment. Sadly many companies implement them, but forget to document them. This leaves a hole in your Knowledge Base.
Whether its a CA or a PA, the person responsible for implementing a change will eventually move on, and noone remembers why you’re doing it that way. CAPA records drive you to document what, why, and evaluate your solutions to see if they were effective.
More later. For now Happy Improvement!
No tags
My auditor says we need Quality Objectives. What are they and why do we need them?
There are all types of quality objectives – from top management strategic objectives, to in-line production objectives. In each case the goal is to create continual improvement within the QMS by identifying something to shoot for and then measure how you are doing against the objective. Set by top management at relevant levels within the company, quality objectives are an expression of how the company intends to achieve its quality policy. Quality objectives should be measurable, specific, and communicated, since employees need to understand how they contribute to them. Quality objectives should not be limited to product quality, but be goals designed to help drive continual improvement of the entire Quality Management System (including resources, staffing, sales & marketing, production, measurement, analysis and improvement).
In our changing economy, staying the same is not an option – Strategic measurable quality objectives help everyone catch the vision and have specific targets to work towards. One last reminder – to keep employees engaged and contributing, remember to measure progress against your objectives, and communicate status updates — and find fun ways to recognize progress.
No tags
I’m often told “We fix the cause of any complaints or returns – isn’t that the same thing?” Unfortunately there is a dramatic difference between an immediate correction to a failed product or service and doing root cause analysis to help you make lasting corrective actions which will prevent recurrence.
Whether the failure is related to a product or service, fixing the surface cause of the individual occurrence (e.g., rework the part, replace the document, or call and clarify the miscommunication) may relieve the pressure temporarily, but it doesn’t really find out why it happened. And the problem with quick fixes is they often turn out to be short-term, which leaves you open to repeat failures.
Consider the alternative. If you spend the time to find out what within your current overall management system was the root cause of the issue, you can correct that weakness (in a specific procedure, or process) to ensure that the same type of problem does not recur – not just with that product but for any other customer or product. How? By digging a little deeper. Root cause analysis requires asking the question “why” at least 3 times. This helps you dig past the surface reason (and it’s associated quick fix) to the missing or unclear information within your QMS which led to one or more types of similar failure.
Data analysis can be a great help in this. Tracking internal rework, or product rejects provides trend information which can point to root cause. In a service environment, consider tracking how many times you have to follow-up with a customer or supplier because you didn’t get or give complete information the first time.
Quick fixes may seem harmless, especially if the boss or the customer doesn’t see them, but they eat away at precious time, efficiency, and often materials. Next time you want to save any of those, consider implementing a habit of root cause analysis.
ISO 13485:2003 lists the International Standards Organization requirements for quality management systems for medical devices. Like many of ISO’s 17,500 different standards, ISO 13485 takes the core quality management concepts of ISO 9001:2008 and adapts them to the medical device industry.
The ISO technical committee for this standard took input from the Global Harmonization Taskforce and from food and drug agencies around the world, to ensure that those who pursued 13485 certification would be well-positioned to meet the requirements of a variety of medical device regulatory bodies – a true benefit to those designing, manufacturing and marketing anything to the medical device industry.
If you have ISO 9001 certification it’s a relatively small leap to this more advanced set of requirements – and like ISO 9001, if a specific area doesn’t apply to the activities that occur at your company, you can identify it as not applicable within your QMS.
If you design, manufacture, or distribute medical devices or their components this standard is worth your consideration and attention.
Part of any quality management system (QMS) or environmental management system (EMS) is checking to see if you are really doing what you claim. Accountants do that for your finance department. Quality Control does that for your product. Internal auditors do that for your management system. I’m often asked “why can’t I hire someone outside to come and do audits for us?” While that sounds logical, it’s kind of like saying “why can’t I stop brushing my teeth and have the dentist clean them for me?” It would get pretty scary in between visits.
As someone who formerly worked as a quality consultant, I can tell you that for small companies without someone within your company trained on the requirements of your QMS, things slide out of control much faster, and process issues rarely get permanently resolved. It is much more effective if someone on-site can spot things on a daily basis.
Part of Management’s commitment to a quality management system involves making the investment in time and training to keep the QMS on track. The pay-off is a change in company culture where attention to detail, and continual improvement, is everyone’s job.
Save the pain, do it right the first time – train internal auditors and let them be the ’pit crew’ for your quality management system.
auditors · EMS · Environmental Management · internal audits · ISO 14001 ·ISO 9001 · QMS · quality · small companies
Oct/09
12
I need to get ISO certified – How do I pick a certifying body or registrar?
5 Comments · Posted by pqaintl in Quality Management
While ISO uses the term “certifying body” (because they certify the management systems of companies), many organizations in the USA use the term “registrar” (because they maintain a register of certified companies). Same concept, just different words.
Choosing a relationship with a certifying body is an important decision.
First – Always look for an accredited organization – this means that, like you, they are audited and monitored, and meet the stringent requirements of both the ISO requirements for certifying, and the requirement of their accrediting body. This ensures that you are being certified by an organization worth trusting.
Second – Find an organization with experience in your industry, with companies of your size, and preferably with auditors in your area so that you don’t pay travel and per diem expenses in addition to audit fees. That information should be available upon request .
Third - Interview them. Learn about their philosophy, and processes. This should be a long-term relationship – you’re trusting them with confidential information about your company’s strengths and weaknesses. While they must remain impartial and objective as auditors, they should care about providing value to the company as part of their services.
certification · certifying-body · EMS · Environmental Management · ISO 14001 · ISO 9001 · QMS · quality · registrar · small companies
Collecting and analyzing data doesn’t make us money - I don’t have time. Survival is a big deal in this economy. But wouldn’t you want to stop money from invisibly hemorrhaging out of the company? Many small company owners have a hard time seeing the return on investment in data collection. But those who collect even simple information about how their company is doing, and find where they are losing time or money, can stop those invisible leaks in profitability and productivity.
- Are your people busy all the time, but never really increasing production?
- Do you know how much time you spend in rework?
- Do you know if actual job costs match your estimate?
- Do you know why you’re reworking product? – what if the cause could be eliminated?
- How much do you spend on replacement costs (in material and labor)?
- Do you know what your first-pass ratio is? – how much gets finished with NO rework?
- Do you know where the bottlenecks are within the process and why?
- Do you track your scrap rate?
- Do you know which suppliers are costing you money in delays and errors?
- Do you know how satisfied your customers are (no news is not necessarily good news!)
What would change for your company if it was easy to collect this information?
Is it worth it to you to find out? If you’re a small business, you don’t need an MBA to do basic data analysis, just a willingness to record and evaluate meaningful information. Why not start today?
Is it worth it to you to find out? If you’re a small business, you don’t need an MBA to do basic data analysis, just a willingness to record and evaluate meaningful information. Why not start today?
Sep/09
28
Do I need a consultant if we’re just starting a QMS?
No comments · Posted by pqaintl in Quality Management
When putting a quality management system in place for the first time, you need guidance through the concepts, terms and requirements. How you achieve that depends on the size and previous experience within your company – books, classes, or consultant are all viable options.
A consultant can provide valuable training and guidance for those charged with maintenance of your system. However, it is a mistake to assume that a consultant will “do it all for us”. It is, after all, your company’s system – not the consultant’s – and at the end of the day you are responsible for its maintenance.
As an alternative to hiring a consultant, make training the start of your implementation and learn together as a management team — that way everyone is on the same page when making strategic decisions later. After all, ISO requires top management to provide evidence of their commitment by being involved in key strategic activities to direct your QMS, and requires that all employees are aware of, and understand their contribution to the management system.
Sep/09
21
What’s the difference between being ISO compliant and ISO certified?
3 Comments · Posted by pqaintl in Quality Management
“If I have a quality or environmental system that meets the ISO rules, what’s the big deal about being certified?”
I get asked this a lot. Being “compliant” means that you are aware of and believe you comply with the requirements of the specific ISO standard in question. Being “certified” means that not only do you think you meet the rules but you’re willing to prove it by having an outside “certifying body” come in and audit you to verify that you really do meet the requirements.
Being complaint, but not certified, is like going through college but never taking the exams to prove you learned anything. All the work, but none of the credit.
Being certified increases customer trust because they know what it takes to get there, and for those who know the difference it is a marketing tool to set you apart from the crowd.
Acheiving certification is something that everyone in the company can be proud of. After all, quality is everyone’s job – not just QC’s – so why not give recognition for the hard work and effort of everyone on the team.
If your company has a functioning documented management system that you believe is compliant to the requirements of an ISO standard, why not take the next step and contact a certifying body, and get a certificate to prove it?
Sep/09
14
How do I get management to care about Quality?
No comments · Posted by pqaintl in Quality Management
For top managers or small business owners without a background in quality management, “quality” can mean products that customers don’t reject. After all, Quality Control’s job is to make sure that only good products go out the door. But there’s a huge difference between QC (quality control of products) and a QMS (a quality management system that identifies, controls, and improves the processes that produce those products).
So how do you get management to pay attention to quality? By showing them what it is costing to NOT have a well-functioning QMS. Present hard “cost of quality” data. Facts, figures, graphs – whatever they typically pay attention to. Then compare that to a vision of what could be.
Sales – document contracts lost because of no ISO 9001 certification vs. contracts available to ISO certified companies.
QC – calculate labor and material costs for replacement parts, percentage of product returned for rework, and labor spent in rework, instead of money-making production.
Planning – document the additional material and labor costs incured as a result of incomplete specifications at job inception, or use of wrong product specifications.
Training – calculate time spent in retraining and additional inspections due to lack of controlled processes and employee awareness.
QC – calculate labor and material costs for replacement parts, percentage of product returned for rework, and labor spent in rework, instead of money-making production.
Planning – document the additional material and labor costs incured as a result of incomplete specifications at job inception, or use of wrong product specifications.
Training – calculate time spent in retraining and additional inspections due to lack of controlled processes and employee awareness.
If that doesn’t work, look at overall job cost vs. competitor quotes for the same task — are you competative? If not, why not? Whatever the issue, a documented quality management system like that defined in ISO 9001, will help you identify the issues, and set measurable objectives for addressing them.
For many small companies the whole concept of quality assurance, quality management systems, and especially ISO 9001 certification can seem overwhelming. But the truth is, ISO 9001 is really just good business practices written down. And all it asks is that you follow a few basic guidelines to ensure that your company’s product or service is consistent.
It doesn’t have to be big, complicated, expensive or time consuming –”The extent of the quality management system documentation can differ from one organization to another due to a) the size of organization and type of activities, b) the complexity of processes and their interactions, and c) the competence of personnel.” (Section 4.2.1 of ISO 9001:2008).
And for those who want to prove their system is working well they can get certified to say that their QMS meets the requirements of this international quality standard.
Ready to save time, money, and brain cells? – say what you do, do what you say, check your results, and act on the difference. In other words, implement an ISO 9001:2008 compliant QMS and get certified.
Sep/09
10
What is ISO 14001 & why do I need it?
No comments · Posted by pqaintl in Environmental Management
ISO 14001 is an international environmental management standard that companies use to certify that their businesses have made a commitment to reducing the company’s impact on the environment. Not only is being “green” a significant marketing advantage, but it is also a very popular commitment to employees and your neighbors.
If you are cringing at the potential cost of becoming a “green” company, think again. Unlike the quality management standards that identify specific areas where you must meet minimum requirements for certification, this standard is a “voluntary” standard – you identify:
- the significant aspects for your company,
- what legal and regulatory controls apply to your industry,
- which projects you will address first, ( you prioritize your projects)
- how you will address them.
Philosophically this standard is more driven by management commitment and focus, and less by specific rules. It asks you to measure the effect of your controls and how well you meet legal and regulatory requirements.
All this makes being green much more accessible than you might think, for small and medium companies. Especially those in fairly “clean” industries.
Need to reposition the company? Go green – look into ISO 14001.
Sep/09
10
Why have a Documented Quality Management System?
1 Comment · Posted by pqaintl in Quality Management
Isn’t it just more paperwork? Well let me ask you this…
- Are you constantly interrupted by others’ questions?
- Are you dreading the learning curve of a new employee or temp?
- Have you had to fix the same problem more than once in the past 6 months?
Most of us “guess” or “figure it out” a couple of times a day (especially if the task is rare or new). But muddling through can cost time, money, focus – efficiency. What if there was a better way?
There is! It’s called a documented Quality Management System or QMS. It’s like a company-wide memory aid. A QMS is a set of frequently-updated controlled documents that define what you do and how you do it, so that no one has to guess or reinvent the wheel.
Documenting your systems helps you:
- make information easily-available, where it is needed, on the best way to do a job
- make sure that critical activities are done consistently, saving rework or repair time
- predict your output, both in terms of quality and how long it should take
- prevent repeat errors by learning from them and updating your process for next time
- keep improving your methods and processes which impacts efficiency
If you’re ready to make things more consistent, its time to define what you do and how you do it, so everyone can stop guessing and start being more efficient.
Source
No comments:
Post a Comment