Look Fors – Part 2: Leadership

Stock quotes price charts and a magnifying glass with stock price in detail.

Would you like to know what 3rd party auditors are looking for when auditing how your company complies with quality system standards like ISO 9001:2015? 

What are 3rd party auditors looking for?  This is the second of a three part series by Jim Lee, President of simpleQuE

Clause 5 of ISO 9001:2015 – Leadership

Leadership is the focus of this clause, which means top management now has greater accountability, responsibility and involvement in the organization’s management system. The standard wants to see that leadership demonstrates leadership and support for the quality management system (QMS). They need to integrate the QMS into the organization’s business strategic direction, to ensure the management system achieves its intended outcomes and allocate the necessary resources. Top management is also responsible for communicating the importance of the QMS and enhancing employee awareness and involvement.

With this clause there is a requirement that top management will be present and leading the implementation and monitoring of the QMS.  Processes within the QMS must have process owners. In addition, leadership shall demonstrate leadership and commitment with respect to customer focus and the continual improvement aspect of the business.  3rd party auditors will be scheduling time with the management and leadership team asking questions and looking for the items below as objective evidence.

  • Established and communicated quality policy, objectives, strategic direction, and performance
  • Organizational chart, job descriptions and other evidence that responsibilities and authorities are defined and communicated
  • Metrics evaluated in the Management Review and the overall effectiveness of the key business processes
  • Actions being taken when goals are not met, and when trends for performance are going the wrong way. They want to see management is looking at the data and taking actions when necessary.
  • Promotion of risk based thinking and evidence of risk management processes with action items when risks are too high. This might include contingency plans, safety stocks, inventory levels, supplier selection and qualification process, etc. as a very few of the many possible ways to demonstrate this.
  • Involvement in audit activity and reviewing the outcomes and assessing the risks and actions that might be necessary for the QMS
  • Customer satisfaction and perception
  • Identification of contract terms and conditions and customer requirements, including any laws that must be met. How are these evaluated, understood, communicated and implemented in the departments that need to know and comply?
  • Evidence of continued improvement , which denotes that performance is monitored and tracked with trends
  • The company’s context changes over time, and the needs of stakeholders too. Management needs to be aware of the changing context and issues affecting the business to adjust the strategic direction.

Not that all of the elements listed above will be needed, but organizations may risk failure if they do not:

  • Identify process owners
  • Use metrics to monitor performance of the QMS
  • Include performance metrics in the Management Review
  • Develop action plans when performance goals are not met
  • Develop customer communication processes
  • Respond to customer complaints
  • Consider results of customer feedback/surveys and take appropriate actions
  • Identify internal customer requirements
  • Make improvement part of the quality policy
  • Align roles and responsibilities with processes
  • Contingency and emergency roles and responsibilities not defined
  • Have appropriate training and awareness of the ISO 9001:2015 requirements

Coming soon – Part 3 and what auditors are looking for in regard to Risk.  Also, read more about Context of the Organization in Part 1.

Source:  NQA’s Teaming Conference – August 2017

Sign Up For Our Newsletter

Look Fors – Part 1: Context of the Organization

Research

What are 3rd party auditors looking for?  This is the first of a three part series by Jim Lee, President of simpleQuE

Clause 4 of Annex SL – Context of the Organization

This is the cornerstone of a management system and the business’ strategic direction.  An organization needs to identify internal and external issues that can impact its intended outcomes, as well as all interested parties and their requirements.  It needs to document its scope and set the boundaries of the management system to line up with business objectives.

The context doesn’t have to be documented, so 3rd party auditors (as well as internal auditors) will be asking questions of various management members, and looking for these as objective evidence that an organization understands its context and considers all the factors and stakeholders affecting the business.  The items listed below don’t have to exist, but if they do, you want to take credit for them in understanding the context.  Some items may not by themselves demonstrate an understanding of the context, but combined with multiple examples, can provide the evidence an auditor is looking for.

  • Business plan
  • Strategic plan
  • SWOT analysis (Strengths Weaknesses Opportunities Threats)
  • Vision and mission statement
  • Process mapping
  • External parties identified
  • Lesson learned
  • Surveys
  • Internal meeting minutes to determine company goal setting
  • Metrics to measure effectiveness of QMS
  • Process turtle diagrams
  • Process flow plans
  • Quality manual

Not that all of the elements listed above will be needed, but organizations may risk failure if they do not:

  • Identify or understand their primary competitors
  • Mention civic responsibility
  • Consider future business trends
  • Identify all customer requirements
  • Identify local/state/national requirements
  • Identify required outputs needed for internal customers
  • Identify uncertainties like negative risks or positive opportunities
  • Determine the processes used to flow the business from quote to delivery
  • Identify outsources processes
  • Establish process goals

 

Coming in future articles – what auditors are looking for in regard to Leadership and Risk.

 

Congratulations Accutech Mold and Machine!

AMM’s Quality Team (from left): Ray Young, John Rogers, Eric Boyd, Butch Poynter, Jim Lee (simpleQuE President) and Kari Anderson
AMM’s Quality Team (from left): Ray Young, John Rogers, Eric Boyd, Butch Poynter, Jim Lee (simpleQuE President) and Kari Anderson

Not only is Accutech Mold and Machine (AMM) ISO 9001:2008 certified, but they also achieved their IATF 16949:2008 certification from Eagle Registrations.  In January 2016, simpleQuE consultants, Larry Vance and Don Milinkovich began working with AMM to assess their existing processes and formulate an action plan that would address the gaps and fit their very tight timeline.  That was followed up by an internal audit and training to prepare for the expansion to the automotive standard.

Why was this so important to AMM’s founders, Kelly and Darrin Geiger? As AMM’s website states, “International Standards are the backbone of our society, ensuring the safety and quality of products and services, facilitating international trade and improving the environment in which we live in. Conformity to International Standards helps reassure our customers that Accutech Mold and Machine’s products, systems and organizations are safe, reliable and good for the environment.”

Founded in 1996, AMM specializes in plastic injection mold manufacturing. In 2004 the company expanded with an injection molding press to sample molds that were built. Today, AMM continues to build high quality plastic injection molds and also produces plastic injection molded components with 25 presses running 24 hours a day.

Vice President, Darrin Geiger, had this to say, “It was easy to work with simpleQuE and they provided an action plan which our team utilized, working hard to reach our certification goal in just six months.  The advantage to being IATF 16949 certified is that it has opened new doors for us in the automotive industry, and our non TS clients are happy because they also benefit from these additional business processes.”

Risky Business vs Risk-Intelligent Business

Rolling the dice concept for business risk, chance, good luck or gambling

Digitalization, globalization, competition and the speed of technological advances has changed the nature of business.  ISO 9001:2015 has been in effect for a full year and it places a heavy emphasis on using “risk-based thinking” for managing quality-related processes. Risk has always been implicit in ISO 9001.  But the latest revision asks organizations to make a cultural shift—rather than focusing on isolated problem solving and resolution, they’ll focus on prevention and performance improvement.

The International Organization for Standardisation (ISO) explains it this way:

“Risk based thinking ensures these risks are identified, considered and controlled throughout the design and use of the quality management system”.

Under the new guidelines, risk management serves as the cornerstone of quality management system design. As organizations determine the processes needed for a quality management system, they’re also asked to determine the associated risks and opportunities and to plan and implement appropriate actions to address them.

In the context of ISO, the concept of “risk” relates to the uncertainty in achieving the main objectives of International Standards—namely, to provide confidence in the organization’s ability to consistently provide customers with conforming goods and services, and to enhance customer satisfaction. Risk is the possibility of events or activities preventing an organization from achieving its strategic and operational goals.

This shift in thinking does not replace the standard’s process-oriented approach, but enhances it. While the process is still a critical part of ISO 9001:2015, processes must now be implemented with an acute awareness of risk.

Organizations are asked to identify, analyze and prioritize all potential risks as they undergo building or adapting their existing quality management implementations for updated certification.

Risks can be defined by two parameters—the severity, or seriousness, of the harm, and the probability that the harm will occur. Risks can be assessed based on the likelihood they will occur, the likelihood they can be detected, and potential impact should they occur. From there, risks are evaluated based on their importance (what is acceptable, what is unacceptable?) and actions are planned to address the risks, whether that’s avoiding or eliminating the risk or mitigating it.

Once plans are implemented, it’s essential for organizations to check the effectiveness of their actions and continually learn from experience.

What’s the best way to document risk-based thinking and demonstrate the approach during audits?. Evaluate how you evaluate risks today with the processes you have. Understand how you decide when risks are acceptable or unacceptable.  ISO wants to see that you record identified risks when action is required, and the action steps to be taken. 

Putting into place the Plan-Do-Check-Act (PDCA) methodology can be a great way to define, implement and control corrective actions and improvements. Companies should Plan what to do and how to do it, Do what was planned, Check that things happened according to plan, and Act on how to improve the next time around.

Companies have two years to make the transition to ISO 9001:2015, as certifications for the 2008 edition will expire after September 2018.

SimpleQuE was one of the first consulting companies to be ISO 9001:2015 certified and we’re ready to assist organizations with transition or implementation.  Please visit our website for more information about our services.

Matrix Design Group Celebrates ISO 9001:2015 Certification!

Screen Shot 2016-09-23 at 12.45.44 PM

Recognized as an industry leader in mine safety technology innovation, Matrix is focused on research and development for the mining industry. Matrix has designed, manufactured, distributed and installed a variety of products to improve safety and productivity for mining applications. The current Matrix innovative product line includes IntelliZone® Proximity Detection Systems (used on a wide variety of equipment ato detect workers in low or obscured visibility situations), Communications Systems, Personnel and Equipment tracking systems, Atmospheric Monitoring Systems (AMS), and the MineOwl Camera System. Continue reading “Matrix Design Group Celebrates ISO 9001:2015 Certification!”

ISO 9001 Certification Changing the Standards for Higher Education

Stack of hardback books and Open book lying on bench at sunset park against blurred nature backdrop. Copy space, back to school. Education background. Toned image.

More than 1 million organizations and companies worldwide understand the benefits of being ISO 9001 certified. Educational institutions are beginning to recognize the importance of established standards and are seeking certification, as well. As we enter the new school year, a these schools have taken the initiative and will start the year as ISO 9001 certified: Oakwood University, Greater Altoona Career and Technology Center,  DRS International School, and Wenatchee School District #246. Continue reading “ISO 9001 Certification Changing the Standards for Higher Education”

News Update from the International Automotive Task Force (IATF)

steering-wheel-801994_1920

In October 2016 IATF 16949:2016 will be published by IATF and it will replace the current IATF 16949, defining the requirements of a quality management system for organizations in the automotive industry. It will be aligned with ISO 9001:2015 and its structure and requirements. IATF 16949:2016 will be implemented as a supplement to, and in conjunction with, ISO 9001:2015.  www.iatfglobaloversight.org

IATF has also released a new transition strategy document for automotive suppliers and certification bodies to help with the transition.  It includes information about timing and transition audit requirements. After October 1, 2017 no audits (initial, surveillance, recertification or transfer) will be conducted to IATF 16949:2009. IATF Transition Strategy IATF 16949 › IATF 16949

It is also important to note that IATF/IAOB will recognize TS certified companies that have upgraded to ISO 9001:2015 prior to IATF 16949 and allow reduced audit days when the company does eventually upgrade to the new IATF 16949 standard.  Companies should coordinate with their registrar to determine the optimal audit approach and cost benefit.  (Separate audits may be not be cost effective, but it will depend on each company’s situation.)

SimpleQuE consultants and instructors are ready to assist companies now with implementation, transitioning and training for ISO 9001:2015 and IATF 16949:2009.  Consulting and training for IATF 16949 will be available after its release in October.  Contact simpleQuE

Congratulations to the entire Barrett team!

Barrett-Team2016-3000px

Congratulations to the entire Barrett team for achieving ISO 9001:2015 certification from global registrar NQA!

Headquartered in Murfreesboro, Tennessee, Barrett Firearms Manufacturing is a world leader in large-caliber rifle design and manufacturing. It was founded in 1982 by Ronnie Barrett, who invented the first shoulder-fired .50 caliber rifle. Continue reading “Congratulations to the entire Barrett team!”