Would you like to know what 3rd party auditors are looking for when auditing how your company complies with quality system standards like ISO 9001:2015?
What are 3rdparty auditors looking for? This is the second of a three part series by Jim Lee, President of simpleQuE
Clause 5 of ISO 9001:2015 – Leadership
Leadership is the focus of this clause, which means top management now has greater accountability, responsibility and involvement in the organization’s management system. The standard wants to see that leadership demonstrates leadership and support for the quality management system (QMS). They need to integrate the QMS into the organization’s business strategic direction, to ensure the management system achieves its intended outcomes and allocate the necessary resources. Top management is also responsible for communicating the importance of the QMS and enhancing employee awareness and involvement.
With this clause there is a requirement that top management will be present and leading the implementation and monitoring of the QMS. Processes within the QMS must have process owners. In addition, leadership shall demonstrate leadership and commitment with respect to customer focus and the continual improvement aspect of the business. 3rd party auditors will be scheduling time with the management and leadership team asking questions and looking for the items below as objective evidence.
Established and communicated quality policy, objectives, strategic direction, and performance
Organizational chart, job descriptions and other evidence that responsibilities and authorities are defined and communicated
Metrics evaluated in the Management Review and the overall effectiveness of the key business processes
Actions being taken when goals are not met, and when trends for performance are going the wrong way. They want to see management is looking at the data and taking actions when necessary.
Promotion of risk based thinking and evidence of risk management processes with action items when risks are too high. This might include contingency plans, safety stocks, inventory levels, supplier selection and qualification process, etc. as a very few of the many possible ways to demonstrate this.
Involvement in audit activity and reviewing the outcomes and assessing the risks and actions that might be necessary for the QMS
Customer satisfaction and perception
Identification of contract terms and conditions and customer requirements, including any laws that must be met. How are these evaluated, understood, communicated and implemented in the departments that need to know and comply?
Evidence of continued improvement , which denotes that performance is monitored and tracked with trends
The company’s context changes over time, and the needs of stakeholders too. Management needs to be aware of the changing context and issues affecting the business to adjust the strategic direction.
Not that all of the elements listed above will be needed, but organizations may risk failure if they do not:
Identify process owners
Use metrics to monitor performance of the QMS
Include performance metrics in the Management Review
Develop action plans when performance goals are not met
Develop customer communication processes
Respond to customer complaints
Consider results of customer feedback/surveys and take appropriate actions
Identify internal customer requirements
Make improvement part of the quality policy
Align roles and responsibilities with processes
Contingency and emergency roles and responsibilities not defined
Have appropriate training and awareness of the ISO 9001:2015 requirements
The automotive quality standard has come a long way since its first inception in 1994. With the new standard and more than 200 changes, simpleQuE recognized the need for an IATF Gap Audit Checklist to assist companies with the transition. The checklist includes the new automotive requirements (IATF 16949:2016 and ISO 9001:2015) and is intended to be used as a tool to identify both compliance with the new requirements and the differences between ISO/TS 16949:2009 and the new requirements.
The utilization of this checklist, when populated with objective evidence of compliance and non-compliance, will satisfactorily demonstrate you have audited the differences between ISO/TS 16949 standard and the new requirements. It should be used with your certification body as evidence of internal audits to the new IATF 16949 and ISO 9001:2015 requirements. It’s one of the methods simpleQuE auditors and consultants use with our own clients.
A free half hour of phone or email consulting with a simpleQuE expert is included with the checklist for the purchase price of $300.
The simpleQuE team wishes you a smooth and simple transition!
What are 3rd party auditors looking for? This is the first of a three part series by Jim Lee, President of simpleQuE
Clause 4 of Annex SL – Context of the Organization
This is the cornerstone of a management system and the business’ strategic direction. An organization needs to identify internal and external issues that can impact its intended outcomes, as well as all interested parties and their requirements. It needs to document its scope and set the boundaries of the management system to line up with business objectives.
The context doesn’t have to be documented, so 3rd party auditors (as well as internal auditors) will be asking questions of various management members, and looking for these as objective evidence that an organization understands its context and considers all the factors and stakeholders affecting the business. The items listed below don’t have to exist, but if they do, you want to take credit for them in understanding the context. Some items may not by themselves demonstrate an understanding of the context, but combined with multiple examples, can provide the evidence an auditor is looking for.
Watching the big game? Here are a few takeaways that apply to any business.
You’re only as strong as your weakest link Football is a team sport, and so is business. A weak link in the supply chain can be detrimental to a business that fails to assess supply chain risk management.. SimpleQuE’s supply chain audits and corrective actions drive supplier development and can identify risks to your company.
Sometimes you have to take the punt to score the touchdown Football is all about taking risks. Going for a field goal is an easy way to score three points, but punting the ball could result in a touchdown for seven points. Just as the coach examines the possible outcomes before making the decision to go for a field goal or a punt, ISO 9001 calls for a manager to use a risk-based thinking cap. Organizations are asked to identify, analyze and prioritize all potential risks as they undergo implementation or upgrading their existing quality management system for certification.
When the plan fails, change the plan Things do not always go as planned on the football field. It’s not an ideal situation, but by quickly adapting to the current circumstances, the most effective teams can often salvage a few yards rather than giving up. Similarly, companies often need to come together, improvise and move forward in the face of adversity.
Always play the long game
Sure, the other team may score a touchdown in the first few minutes of the game. Instead of focusing on what went wrong, the best teams keep a long-term perspective. And in business, try not to get caught up in the day-to-day—rather, focus on long-term quality and excellence.
Training is important Far before the game starts, football players have spent days and weeks practicing and training to ensure they’re ready to play. Consider offering plentiful opportunities for training, such as SimpleQuE’s slate of courses covering internal auditing, root cause analysis and problem solving, and more.
Understand the competition The best coaches understand that beating the other team is often more about understanding their strengths and weaknesses than it is about playing your best. Businesses can employ the same strategy when it comes to their competition. Understand what advantages other companies have while also learning their key weaknesses is essential to your own success.
Always watch the highlight reel In football and in business, it’s essential to learn from your past mistakes as well as to repeat your past successes. Every situation has an upside, and provides opportunities to learn and move forward. As we always emphasize when working with companies on ISO, AS, or IATF implementation, Once plans are implemented, it’s essential for organizations to check the effectiveness of their actions and continually learn from experience.
The automotive quality standard has come a long way since it’s first inception in 1994. Take a look at our infographic to learn about the development of the standard, and it’s new iteration, the IATF 16949.
Quality Excellence is the foundation of our business at simpleQuE, as well as part of our name – (notice the Qu and E). To celebrate National Trivia Day, we gathered some interesting facts from around the world about QualityManagementand its important role in every business we serve. We hope you enjoy this fun trivia and learn something new about ISO and quality.
Happy Trivia Day!
The term ISO (as in ISO standard) derives from the Greek word “isos,” which means equal.
Many quality terms, tools, and methods were popularized in Japan— kaizen, gemba, muda, kanban, etc.
In Germany, 77 percent of organizations provide ISO training and 82 percent provide general quality management training—the highest of any group of organizations.(2)
The Pareto principle, or 80-20 rule, states that 80 percent of problems come from 20 percent of causes, and that management should concentrate on the 20 percent. It was popularized by Joseph M. Juran.
Twenty percent of senior executives rate their quality programs as world class, but only 5 percent of quality professionals do the same. (4)
Philip B. Crosby is perhaps best known for promoting a standard of excellence based on nothing—the concept of zero defects.
The “Big Q” refers to comparing differences between managing for quality in all business processes and products; while the “little q” relates to managing quality in a limited capacity, traditionally in factory products and processes.
One of the world’s best-known standards is ISO 9001.
Plan-do-check-act is not only the name of a popular process improvement method, it’s also the title of a music CD released in 2014 by a New Jersey-based rock trio Recovery Council.
Edwards Deming introduced the 14 points for management, which, he said, “have one aim: to make it possible for people to work with joy.”
Time Magazine, http://content.time.com/time/specials/packages/article/0,28804,1908719_1908717_1908537,00.html
ASQ Global State of Quality research, 2013. www.globalstateofquality.org
The Economic Impacts of Inadequate Infrastructure for Software study, prepared by RTI for the National of Standards and Technology, 2002. http://www.nist.gov/director/planning/upload/report02-3.pdf
Not only is Accutech Mold and Machine (AMM) ISO 9001:2008 certified, but they also achieved their ISO/TS 16949:2008 certification from Eagle Registrations. In January 2016, simpleQuE consultants, Larry Vance and Don Milinkovich began working with AMM to assess their existing processes and formulate an action plan that would address the gaps and fit their very tight timeline. That was followed up by an internal audit and training to prepare for the expansion to the automotive standard.
Why was this so important to AMM’s founders, Kelly and Darrin Geiger? As AMM’s website states, “International Standards are the backbone of our society, ensuring the safety and quality of products and services, facilitating international trade and improving the environment in which we live in. Conformity to International Standards helps reassure our customers that Accutech Mold and Machine’s products, systems and organizations are safe, reliable and good for the environment.”
Founded in 1996, AMM specializes in plastic injection mold manufacturing. In 2004 the company expanded with an injection molding press to sample molds that were built. Today, AMM continues to build high quality plastic injection molds and also produces plastic injection molded components with 25 presses running 24 hours a day.
Vice President, Darrin Geiger, had this to say, “It was easy to work with simpleQuE and they provided an action plan which our team utilized, working hard to reach our certification goal in just six months. The advantage to being ISO/TS 16949 certified is that it has opened new doors for us in the automotive industry, and our non TS clients are happy because they also benefit from these additional business processes.”
Do you ever wonder how much of a difference quality really makes in an organization? The answer is: a lot! In fact, for every $1 spent on a quality management program, businesses have seen an average of $6 in revenue. Take a look at more interesting stats on today’s infographic.
As a consulting company, simpleQuE specializes in quality and environmental management systems and we are frequently asked what services we provide and how we are different from a certification body. This article explains the objectives, roles and responsibilities of the organization, consulting company and certification body to provide a better understanding of the connection between all three.
Organization (Manufacturing or Service Company)
Seeks to achieve one or more of the following objectives:
Implement and develop a new quality (QMS) and/or environmental management system (EMS)
Upgrade certification or expand to a new standard
Improve and/or simplify an existing QMS or EMS registration
Consulting Company (simpleQuE)
Assists organizations with implementation, improvement or transition by:
Providing customized consulting, training and internal auditing services and solutions
Assessing existing processes through a gap analysis and developing an action plan
Offering internal and supplier audits
Training for internal auditors and management including implementation and full standard reviews
Helps organization partner with Certification Body:
Assuring a common language for auditing and interpretation of the standard so it corresponds with the expectations of the Certification Body and requirements of the standard
Certification Body (Registrar)
Issues certifications: Provides organizations a resource for management system certification by evaluating policies and procedures to verify implementation and effectiveness against the specific requirements of the standard. Assessment consists of a series of audits:
Document review (sometimes combined with Stage 1)
Initial certification audit – Stage 1
Confirm that organization is ready (or not) for a full Certification Audit. Typically 30-60 days prior to the Stage 2 Certification Audit.
Verifies required documentation exists, certain requirements have been met such as a full internal audit completed, a management review completed, and risks considered.
Verifies processes have been established and is appropriate for the scope of certification, and that appropriate monitoring and measuring of processes are in place with appropriate objectives.
Plans the Certification Audit based on information and data gathered
Certification audit – Stage 2
A full QMS or EMS audit. Confirms that the management system fully conforms to the requirements of the standard.
Certification is issued upon successful completion of Stage 2 assessment and closure of any findings.
Certification is maintained through a series of annual surveillance audits (sometimes semi-annual). Every third year a full recertification audit is performed and a new certificate issued.
In summary, good communication between all partners is important to ensure all requirements and objectives are met in a simple straightforward way to comply with the standard. At simpleQuE we partner with the client and Certification Body to make quality excellence “simple”.