Look Fors – Part 3: Planning for Risk and Change

A pen and a magnifying glass focusing on a chart.

Would you like to know what 3rd party auditors are looking for when auditing how your company complies with quality system standards like ISO 9001:2015?

016_1469JimFLOffice 1What are 3rd party auditors looking for?  This is the third of a three part series by Jim Lee, President of simpleQuE

Clause 6 of ISO 9001:2015 – Planning for Risk and Change
In parts one and two of this series of articles, Context of the Organization and Leadership were covered. Next is the topic of Planning for Risk, which brings risk-based thinking to the forefront. Once the organization has identified the risks and opportunities in Clause 4, it needs to stipulate how to address these.  The planning phase examines who, what, how and when risks must be addressed.  It’s a proactive approach that replaces preventative action and hopefully reduces the need for corrective actions later on.

Particular focus is also placed on the objectives of the management system.  These should be consistent with the quality policy and be measurable, monitored, communicated and updated when needed.  Changes to the QMS should also be planned and consequences understood to assess risk and minimize potential negative impact.

 

Third party auditors may use the following for evidence of risk based thinking and integration into the quality management system:

  • Design reviews
  • Competitive analysis, benchmarking, recall analysis, competitive testing
  • Process control plan, internally tighter tolerances and controls than customer specs
  • Management reviews
  • Process and design FMEA (Failure Mode and Effects Analysis)
  • Corrective Actions, and replicating actions across similar products and processes
  • Metrics related to objective in management review
  • Customer scorecards, dissatisfaction, trends and performance
  • Operational meeting minutes with action items for higher risks
  • Change in leadership or new programs
  • Processes to deal with new technology, new materials, new processes, new products, new suppliers, new packaging, moving production, changing equipment
  • Program plan describing and monitoring change
  • Equipment maintenance plans and programs
  • Calibration frequencies
  • Internal audit frequencies, and the need to audit some areas more than others
  • Contingency plans
  • Strategic or business planning, SWOT (Strength, Weaknesses, Opportunity, Threats) analysis, PEST (Political, Economic, Social and Technological) analysis, etc.
  • Approval for capital, along with the justification and risks to invest now or delay to later
  • Supply chain risk management with supplier performance, financial stability, sole sourcing, geography with lead times and inventory in transit, leverage, long term agreements, etc.

 

Not that all of the elements listed above will be needed, but organizations may experience potential issues if:

  • Risks and opportunities are not identified when there is clear evidence of problems or need for action
  • Risk-based thinking is not driven by leadership
  • Actions to address risks and opportunities are not taken or not effective
  • Risk evaluation is not applied throughout the QMS (supplier selection and evaluation, new product or service, short lead time, capacity constraints, etc.)
  • Measurable objectives are not established
  • Objectives are not monitored or changed as the context of the organization changes
  • Action is not taken when objectives are not met, or trends are going the wrong direction
  • The impact of change is not identified or magnitude of change not understood
  • Costs/schedule are not included in defining change

Also, read more about Context of the Organization in Part 1 and Leadership in Part 2.

 

 

Source:  NQA’s Teaming Conference – August 2017

Sign Up For Our Newsletter

5 Steps To Manage Your Environmental Impact And Boost Growth

hand holding signs of different green sources of energy in hexahedron shape a 'reduce reuse recycle' sign in the centre. Blurred green background. Concept of clean environment.

Twenty years ago small businesses focused on one thing: how to make profits. Today, environmental impact is turning out to be just as important as meeting the bottom line. Here’s how to manage it for growth:

  • Incorporate planning – the very first place to start with addressing environmental impact and risks is to include them in strategic planning at every level. Because ISO 14001 is the cornerstone of environmental standards for a business, planning is essential. If the matter isn’t addressed to begin with from the top down, one of two things occur: 1) no one internally treats the matter as a priority, and 2) responses that do occur end up being ad hoc and disparate, which often incurs more costs than expected.
  • Anticipate that not everyone will be happy at first – getting environmentally focused is still a politically-charged approach. Education is probably the best response, even though it may require a bit more effort. At the end of the day, however, socially-conscious businesses sometimes have to stake out a claim. Choose wisely and then stay the course.
  • Embrace leadership – businesses that really break out and become the major players using ISO 14001 as their environmental management system are not necessarily the biggest in their industry. Smart businesses are out ahead looking for these leadership opportunities to craft their own path and market niche before anyone else.
  • Use size to an advantage – Being a small business comes with a lot of advantages in terms of flexibility and speed for adjusting to changes. Rather than a big bureaucracy involved in shutting down an assembly line, small business can test the waters far more rapidly and frequently with new ideas in environmental impact and that’s a huge competitive advantage when used effectively.
  • Don’t throw out the baby with the bath water – Every new change should have a thorough cost-benefit analysis. There are plenty of existing quality management procedures that align with ISO 14001, including ISO 9001 and IATF 16949.

SimpleQuE offers customized consulting solutions for all sizes of Aerospace, Automotive, Laboratory, Manufacturing and Service organizations. When it comes to environmental impact and responsibility, ISO 14001 certification makes good business sense for businesses small and large, across all industries.