|
|||||||||||||
|
|||||||||||||
|
Title: ISO 9001:2000 for Small and Medium Sized Businesses Author: Herbert C. Monnich Jr Publisher: ASQ Notes: Author Herbert C. Monnich, Jr. has taken readers into a seldom discussed but needed area of the ISO 9000 Standards - applying them to small and medium sized businesses. Monnich gears his book toward those with little or no ISO 9000 experience. Learn how the newly revised standards can be effectively implemented and maintained without spending large sums of money or increasing staff. This book gives the reader a review and explanation of the ISO 9000 series and explains how the quality tools and techniques can be used to implement the requirements of the standards. As Monnich guides readers through each clause, he includes techniques for small businesses to simplify compliance for small and medium sized organizations |
|
|||
|
You can order this book from internal-auditor.com at: http://www.internal-auditor.com/books.htm |
||||
This Month's Feature ArticleAuditing IntentIn previous editions of ISO 9001, it was said that you "Say what you do, do what you say and prove it." Although that still holds true, Auditing to ISO 9001 now goes much farther than that. There is greater emphasis on process interaction and on process measurables. It uses language such as: "Top Management shall ensure that customer requirements are determined and met with the aim of enhancing customer satisfaction."(5.2). In this case, the standard tells us what our intent is supposed to be. In this case, we are indirectly commanded to audit intent. But should an auditor be considering intent, when auditing? Types of intent Direct Intent To answer this question, we must first look at two types of intent. The first is direct intent. This is, as stated above the intent is programmed in and obvious. The standard often gives us additional information about this type of intent. Words such as commitment, aim, and perception point to this deliberate form of intent. In each case, the organization will have to show evidence that they are working towards meeting this intent. As an auditor, we need to be able to determine what evidence shows we are meeting intent. In 5.1, for example, the standard gives you the evidence, as listed in a through e. In 5.2 it gives you clues by referring to 7.2.1 and 8.2.1. But it doesn't tell you exactly what to look for (or at). This causes some problems for auditors, especially internal auditors. So, what do you, as an internal auditor do? The first thing is to look at the requirement, and ask top management how they meet the requirement. Their answer(s) should be direct, and supported by data. They should be able to interpret the requirement, indicating they understand it. Indirect Intent There are cases where the intent is not necessarily pre-programmed and direct. Every process, procedure, work instruction, etc. has intent. In many cases, the intent is not as obvious, and must be pulled out during the audit process. Let's look at two simple examples. Your QMS documentation requires management review meetings to occur once per quarter. The question is what is the intent? If the records show that a meeting was held on December 30th, and the next one was held on January 2nd, one can argue they have met the requirement. But, go back to the question. How important is the requirement? If the following meeting is not until the end of the 2nd quarter (end of June), then they could still be in technical compliance, but are they meeting the intent? Most of us would say they are not. On the other hand, let's say you have your own fleet of delivery trucks. You have a preventive maintenance schedule that states that oil changes be performed at 3000 miles or 3 months, whichever comes first. Because the trucks are used daily, they put on about 3000 miles in a manner of six weeks. So looking at the maintenance records you find that the mileage intervals vary between 2800 and 3400 miles. Not one is at 3000 miles! In this case they are not meeting the technical requirement (letter of the law), but are they meeting the intent? Most of us would say they are. Auditing Intent In order to audit intent, you first must determine what the intent is. It is usually best to determine this at the very beginning of the audit. Don't wait until an issue arises. The auditee may try to alter the intent to match the issue. If you agree on intent at the onset of the audit, it will minimize chances for questions about it later. In the two scenarios above, writing a nonconformance, based on intent (in scenario one) or a nonconformance, based on the letter of the law (scenario two) will undoubtedly cause some argument. In both cases, and in most cases where intent is involved, the corrective action may be nothing more than explaining (or clarifying) the intent. Changing the technical without clarifying intent will only lead to future questions and possibly future nonconformances. Summary: As we audit, we are always considering intent. It is intent that drives compliance, and permits continual improvement. Auditing intent is not always easy. Writing nonconformances to intent is even more difficult. It is vital for compliance, and for growth of an organization that the internal auditor find areas where intent needs to be clarified and ensuring that clarification takes place. As always...Good Auditing! |
||||
|
Advertisement:
|
||||
|
Question and Answers: Q – To avoid conflict we just write everything up as opportunities for improvement. Is this okay ? A – The real question is how does the auditee know what "has" to be corrected from what you are "suggesting" be changed? Normally, opportunities for improvement (OFI) are voluntary. They tell the auditee, that this particular item should be investigated to see if change is warranted. A nonconformance dictates change be made. If everything is an OFI, then what distinguishes which items have to be changed, and which items don't necessarily have to be changed. You may very well be adding more confusion ,complexity and possibly even conflict, rather than reducing the same. |
||||
|
Audit Scheduling Here is a rather unique way to schedule audits. Use a "points" system. First off all assign each process, activity, or element that needs to be audited a monthly point value, based on its importance. For example, a manufacturing process might be assigned two points a month, while an element (such as the Quality Manual) receives only three-quarters of a point. Each month the points accumulate until they reach a trigger number (such as twelve). An audit is then scheduled the following month. If there are no problems, the audits will be very predictable. Should a problem (or risk) occur, then additional points will be added. For example, if an audit discovers a nonconformance, then perhaps three more points are added. A major nonconformance might add twelve points! Adding new people might trigger extra points. Customer complaints should add a bunch of points. This system would meet the requirements, and enable you to direct your auditing resources where they are needed the most. |
||||
|
Element Understanding: ISO/TS 9001:2000 Clause 8.2.2 Internal audits "An audit programme shall be planned taking into consideration the status and importance...as well as the results of previous audits.. " In our Notes from the Field section, we discuss on way to meet this requirement. It is important to have an understanding of the word "status". What is status anyway? Basically, status means the current condition. Is the area, or processes at risk for nonconformances? By analyzing the risks, we can determine the status. Things that bring an area risk are such things as:
Many times we don't think of all of the things that can affect the status of an operation, activities or processes. |
||||
|
Monthly Scenario Explained: June
2003’s question: You are performing the first systems audit, and beginning with Clause 4. Specifically, 4.1. You ask about the identified processes, and how your company identified them. The Management Representative (your boss) states that she analyzed the organizational business plan, and derived the processes from that. From there, she mapped the processes (you've seen the maps dozens of times), indicating the relationships and listing the inputs, outputs and metrics. In the Quality Manual, everything is laid out so all of the 4.1 a) through f) is clearly referenced. Heat treating is the only outsourced process, and it is included as well. She indicated she presented this to management at the first management review meeting, where they adopted the process description. A review of the meeting minutes reveals that they were on the agenda, however the minutes do not reflect that the processes were adopted by management. The
answer: The issue here is whether the minutes need to reflect the adoption of the process descriptions. If the process descriptions are in the quality manual and there is evidence that top management has approved the quality manual, then they were clearly adopted. Also, you can ask top management if they did approve the process descriptions. If all other evidence indicates the processes were adopted, then you might want to suggest that decisions made in management review meetings be clearly reflected in the minutes. This is the issue of this scenario. What other decisions are not being recorded by the meetings? |
||||
|
The Back Page:
Uncertainties of April April is a peculiar month, here in Michigan. It is known for its rain: "April showers bring May flowers", but it is a month of all seasons. Some of our heaviest snows have come in April, as has some of our worst ice storms. It is not unheard of to have a 70 degree day followed by a 20 degree day. As uncertain and unpredictable as the day-to-day weather is in Michigan in April, one thing is certain. May will follow. April may bring the last big blast of winter, but we know that April is only a transition month. It won't be long and summer will come. The seasons are planned, and winter gives in to spring, who yields to summer. The volatility of spring will soon dissipate in the summer heat. Sometimes auditing is like April in Michigan. Sometimes we need to be the volatility that lead to more pleasant times. Sometimes we need to be the April thunderstorm that lead to May flowers. Giving bad news is not pleasant. Writing nonconformances is not easy. But sometimes through pain, we gain the most. Dave ...Good auditing!
|
||||
|
Copyright notice: internal-auditor.com is
fully protected under US and International copyright laws. Copying, or
re-transmitting all, or any part of internal-auditor.com is expressly forbidden
without prior written consent from Ruth Ellen Carey Communications.
| ||||
