|
|||||||||||||
|
|||||||||||||
|
Title: Successful Internal Auditing to ISO 9000 Author: Tom Taormina Publisher: Prentice Hall Notes: Successful Internal Auditing to ISO 9000 demonstrates how to perform nonconfrontational audits that don't just check paperwork, but contribute powerfully to ongoing quality improvement throughout the enterprise. |
|
|||
|
You can order this book from internal-auditor.com at: http://www.internal-auditor.com/books.htm |
||||
This Month's Feature ArticleCOPs, SOPs and MOPsThere is a lot of noise about COPs, SOPs and MOPs these days. Most of this is because of the ISO/TS 16949 requirements, although it actually doesn't mention any of the three. There is no requirement to differentiate your processes in these terms, but organizations need to know how different processes affect the customer, and each other. Labeling your processes as whether they are core, support, or management can greatly assist in understanding process interaction. It is important to know that we do not have to use the terms COPs.,SOPs and MOPs, however, registrars do, and as internal auditors you also need to know what COPs, SOPs and MOPs are, and how you need to audit them. Actually, they are very simple to understand. Let's begin with an overview of a typical business. COPs In order to conduct business, you first need some form of customer requirement, need, or request. So that is where the we will begin. You need some method of determining what the customer wants, in order to find out if you can do the job, and relay that information to the customer. In our example, we will call that the Sales Process. so begins our overview. Once sales does its thing, and supposing we are awarded the order, then other things must begin, such as design, or manufacture. In our example, we are assuming we do no design, and we are using our existing manufacturing processes (this isn't a new thing we must figure out how to build). This will lead to an oversimplification of the model, but will allow us to gain some understanding. The second thing you must do is the make the product. Once it is manufactured, then you must ship it to the customer. So, in our super simple model, we have three simple steps:
If we were to show this graphically, it might look something like this. Customer---------------> Sales --------------------> Production ----------------------> Shipping -----------------> Customer Notice the graphic begins and ends with the customer. We have just completed a high-level map of our processes. These three steps, or processes, make up our Core Processes. Core Processes are those processes we use to make our money. Because they are strictly focused on customer requirements, they are also called our Customer-Oriented Processes, or COPs. Now, in our simple model, each of these three processes are made up of smaller processes. For example, our Production process will undoubtedly have many steps. Perhaps we need to cut material to length, do some welding and/or fabrication, perhaps some milling, heat-treating and painting. Each of those are sub-processes, and might not be used on every job. Also, some might be performed by outside vendors (although they are still our processes). Each of these sub-processes need to be identified, explained and audited. But even if we include our sub-processes, we still do not have enough steps in our model to make the product. We have to buy stuff, and hire people, and have other things in place in order to achieve our goal of satisfying the customer. We also need some way of checking our processes, including through internal auditing. That is where SOPs and MOPs come in. SOPs There are activities that are necessary to produce product, buy are not directly involved in your Core Processes. These activities support the Core Processes, and are every bit as important to meeting customer requirements. They are referred to Support-Oriented Processes, or SOPs. Some of the typical SOPs are:
Some models list purchasing as a COP because it is directly involved in acquiring the raw materials, components and other things that are used in production. If you feel that purchasing is important enough to be called a COP, then do it. It is your Quality Management System and you make the rules. In our model, we consider it a support process. Somewhere, in your process description, you need to show where and how these support processes interact with the COPs. MOPs There is another set of activities that are not COPs, nor do they directly support the COPs. These tend to be administrative in nature, and fall into management's area of responsibility. Some examples of these things are:
Because these activities are oriented towards managing the other processes, they are called Management-Oriented Processes, or MOPs. MOPs are less support than management and control. As with the other processes, MOPs are also important in meeting customer requirements. You will notice that most of the QMS administration and maintenance items are also found in the MOPs. Internal Auditing is a MOP. Summary: Understanding COPs, SOPs, and MOPs is an important step in process auditing. They allow the auditor to see the "big picture" of the business, and help explain how each activity and process interrelate. They also help in setting the boundaries of our auditing, and assist us in examining the hand-offs between processes. As internal auditors, we must understand the differences in our processes, and understand how they interact and interrelate. When auditing a COP, SOP or MOP, we must look at the inputs to the process, the outputs of the process, and the process itself. In November 2002's issue we discussed how to audit processes. Last November, we looked at process evidence. Those two issues should help you greatly. As always...Good Auditing! |
||||
|
Advertisement: |
||||
|
Question and Answers: Q – Do process maps need to be labeled COPs, SOPs and MOPs ? A – No. There is no requirement is to even map your processes, however most companies meet the 4.1 requirements by mapping. What you call your processes is your business, but you need to ensure registrars, customers, and even your own organization knows which processes are critical to customer satisfaction. |
||||
|
Visteon CSR We have had to deal with Customer Specific Requirements (CSR) for years. Visteon has recently announced they have some new ones. One of theirs, which is rather disturbing is: "8.2.2S
Internal Audit Internal auditors shall have completed an internal auditing training class. The organization should have at least one lead auditor who has passed an accredited lead auditor class. When the organization does not have a lead auditor meeting these requirements a contracted third party with the above qualifications shall perform the audits. Audit records shall be retained for a minimum of three calendar years." Visteon is requiring suppliers to have audits performed by someone who has completed lead auditor training. Even though the language says the supplier "should" have at least one lead auditor, it goes on to say that if they don't they "shall" contract it out. You can read my opinion on this on the Back Page |
||||
|
Element Understanding: ISO/TS 9001:2000 Clause 4.1a) General Requirements "identify the processes needed for the quality management system and their application throughout the organization. " In order to successfully engage in business, you need to have certain processes. Some of these processes are related directly to fulfilling customer requirements, such as sales, design, production, etc. Others support those processes in some manner. Payroll, maintenance, purchasing, are all examples of support processes. What the standard requires you to do is to identify what processes you have. This is commonly achieved through process mapping. But you must include all processes in your QMS, and don't forget to identify how they are applied. |
||||
|
Monthly Scenario Explained: March
2003’s question: You have just begun the transition to auditing by processes. You are planning to audit sales, because that is the first identified process of the organization. A week prior to the audit, you have a meeting with the Management Rep and the Sales Director. They have worked hard to understand the sales process and have a detailed process map. They also developed a procedure, because they felt it was important. They hand you a "Process Binder" with all of the data related to the process identified by tabs. One tab is marked "Checklist". When you ask about this, the Sales Director states that as they developed the process and procedure, she generated a checklist for use during the internal audits. She also feels that you should be able to audit against this list without any additional modifications from you. The
answer: There is nothing wrong with having a checklist generated from a process, or procedure. The existence of a checklist is not a nonconformance. However, it is important that the checklist be a useful tool in audit process. While the auditor is free to use the checklist, the auditor also needs the flexibility to add, delete or modify questions based on the audit scope, and the objective evidence presented. The idea that you would use the checklist without any additional modifications is unrealistic. It should be pointed out that even if you had made the checklist, you would undoubtedly deviate from it during the audit, based on answers and evidence that you are presented. |
||||
|
The Back Page:
Meddling One of the hazards of being in the automotive supply chain is the ever increasing amount of Customer Specific Requirements (CSR). There is a disturbing trend beginning in regard to CSRs. Initially, CSRs dealt with specifics related to product, or product development. It was easy to justify a part being shipped in a particular container, or stamped with a particular type of symbol. But lately, the OEMs and the top tiers have began moving the CSRs into the administration and management of their suppliers. They have moved from CSRs to micromanaging meddling. Ford's CSR concerning qualification of internal auditor training is an example. Although I used to teach the Core Tools for the AIAG, I have no proof that I attended any classes, so I had to take a class on the Core Tools. Visteon now requires suppliers to either have a lead auditor, or they have to contract it out. I have several issues with these type of CSRs. Both are burdensome on the supplier chain. First of all, they ignore the aspect of competence, and go back to the idea of qualified. Experience with Core Tools is insufficient, teaching Core Tools is insufficient. You must have a piece of paper showing you attended a class. As if that makes you knowledgeable enough to perform internal audits. Lead auditor training might be a good idea, in many organizations, it has little positive bearing on the internal audits. Lead auditor training is geared towards third-party auditors and misses many of the aspects of internal auditing. In either case, the expense to the supplier, is just that...an expense. What's worse is in most cases it is an unnecessary cost. And this in a day when the automotive supply chain is constantly being asked to continually reduce prices. These are just two examples of how the automotive chain is being overrun by micromanaging. What is best for the company (either the customer or the supplier), or what is best for the industry is not an issue. What is the issue is; "I am the customer, and you are the supplier, so you have to do what I say.". Everyone loses, but the customer feels more important. This is a power thing, pure and simple. And that is what meddling is all about. Dave ...Good auditing!
|
||||
|
Copyright notice: internal-auditor.com is
fully protected under US and International copyright laws. Copying, or
re-transmitting all, or any part of internal-auditor.com is expressly forbidden
without prior written consent from Ruth Ellen Carey Communications.
| ||||
