ISO 9001:2000 5.4.1 states,"Top management (TM) ensures that quality objectives (QOs)..... are established at relevant functions and levels within the organization." Top management of a company reviews the QOs of all the departments. The QOs have been track, and measured. The company is using a so called "bottom up" system flowing up QOs up to TM and say that those are the top level objectives also. These lower level objectives are pretty specific like reduce turn around time by X-hours. Basically TP doesn't have top level QOs written anywhere. Any comment on this flow up method of managing Quality Objectives?

I believe it is a N/C because Top Management is a critical level of the company and there should be QOs established just like lower levels and function is like Purchasing and Production. What do you think?

I believe it is a N/C because Top Management is a critical level of the company and there should be QOs established just like lower levels and function is like Purchasing and Production. What do you think?Suggest you read Auditing Quality Policy, Quality Objectives, and Management Review (http://isotc.iso.org/livelink/livelink/3553587/APG-QualityPolicyandObjectives.doc?func=doc.Fetch&nodeid=3553587). My impression is that you have a constrained idea of what the terms level and function mean in the context of this requirement. What kind of top management quality objectives you expect to see?

I am a bit confused. You state:

Top management of a company reviews the QOs of all the departments. The QOs have been track, and measured. The company is using a so called "bottom up" system flowing up QOs up to TM and say that those are the top level objectives also. These lower level objectives are pretty specific like reduce turn around time by X-hours.

Which indicates to me a basic support of quality objectives. Yet you then state:

Basically TP doesn't have top level QOs written anywhere.


Is this your organization, or an organization you are auditing? While they are "bottom-up", is your management supporting them?

I guess in my opinion I believe it's better to have management supporting decent quality objectives that the organization at least knows what is important, than have some poetry posted on the wall that no one ever reads.

We seem to ride a train a lot that management doesn't care/doesn't listen to their employees, or care about their quality system. If they are taking quality objectives from the bottom and supporting them; that' s at least a start. Granted, it would be probably a bit better to have a little more strategic philosophy, but like I said. If they have objectives, they are known within the organization, and management is supporting them, that's better than nothing.

This is an example of top quality objectives from a company on the web. All objectives are measurable, according to the company. This is what I expect to see. Again, the question is: if a company have not established top level Quality objectives, is it meeting the ISO requirement, even if they adopted the QOs of lower levels function like Purchasing or Production.

My question is : At the top level of a company, do they have to have top level Quality Objectives. Can they claim the lower department QOs their own?

http://www.olsonmfg.com/Company_Profile/Qualifications/ISO_9001-2000/Quality_Objective.html


The Quality objectives interpretation from a registrar:

http://www.dnvcert.com/DNV/Certification1/Resources1/Articles/NewsletterInfo/AuditingTopManagement/

Suggest you read Auditing Quality Policy, Quality Objectives, and Management Review (http://isotc.iso.org/livelink/livelink/3553587/APG-QualityPolicyandObjectives.doc?func=doc.Fetch&nodeid=3553587). My impression is that you have a constrained idea of what the terms level and function mean in the context of this requirement. What kind of top management quality objectives you expect to see?


I am a bit confused. You state:



Which indicates to me a basic support of quality objectives. Yet you then state:



Is this your organization, or an organization you are auditing? While they are "bottom-up", is your management supporting them?

I guess in my opinion I believe it's better to have management supporting decent quality objectives that the organization at least knows what is important, than have some poetry posted on the wall that no one ever reads.

We seem to ride a train a lot that management doesn't care/doesn't listen to their employees, or care about their quality system. If they are taking quality objectives from the bottom and supporting them; that' s at least a start. Granted, it would be probably a bit better to have a little more strategic philosophy, but like I said. If they have objectives, they are known within the organization, and management is supporting them, that's better than nothing.
NO, this is not my company. I am auditing this company. There are quality objective (QOs) established at most levels (Purchasing, Receiving..), except at the top level. Top Management claims the those lower level QOs are top level objective too. My question is: Does top level (President and Exec. VP) required by the standard to have QOs at that function and level? If lower level functions have QOs, how come top level Management doesn't have QOs? Is it more important that toopLevel Management to have QOs? Is there a nonconformance?

NO, this is not my company. I am auditing this company. There are quality objective (QOs) established at most levels (Purchasing, Receiving..), except at the top level. Top Management claims the those lower level QOs are top level objective too. My question is: Does top level (President and Exec. VP) required by the standard to have QOs at that function and level? If lower level functions have QOs, how come top level Management doesn't have QOs? Is it more important that toopLevel Management to have QOs? Is there a nonconformance?

You seem to have a very narrow and rigid view of what you're looking for.

Where does it say in ISO 9001 that 'President and Exec. VP shall have QOs?' It doesn't.

Where is the nonconformance? Which precise clause/s would you consider they might not be conforming to?

For example, 5.1 says that top management shall ensure that QOs are established. If they're established, and suitable and top management supports them... what's the actual problem here exactly????

I think I understand what you are looking for. Very often organisations have 'high level' objectives such as those in the example you quote (Olson Manufacturing) and these are quite often put into the quality policy as a means of 'providing a framework' for quality objectives.

If we take the example you provided, they are high level but they point down to the more specific objectives e.g. 'On-time deliveries – We strive to continually improve customer on-time deliveries, as measured through reschedule reports and customer complaints'.

So they tell us that on-time delivery is important and they tell us how they will manage that aspiration via complaints etc.

I agree with the previous posts though, as long as the quality policy provides the framework for quality objectives and they have those at the functional levels, I would be happy - as long as they are using these to help drive continual improvement.

You seem to have a very narrow and rigid view of what you're looking for.

Where does it say in ISO 9001 that 'President and Exec. VP shall have QOs?' It doesn't.

Where is the nonconformance? Which precise clause/s would you consider they might not be conforming to?

For example, 5.1 says that top management shall ensure that QOs are established. If they're established, and suitable and top management supports them... what's the actual problem here exactly????

You have missed the important part of 5.4.1. It states," Top Management (TM) shall ensure the QO's are established .....at relevant functions and levels withing the organization. TM is an important (or most important) function at the top level. If QOs are not established at the TM level, it shows that TM is not considering themselves important and that may not meet the intent of ISO.

Do you consider top Management one of the most important function in a company at the top level?[/COLOR]

Just to simplify things....

Our top management established three Quality Objectives which are applicable to ALL levels (including top management) :

1) Continually improve our processes and our Quality Management System
2) Attend all of our clients requirements
3) Reduce our internal costs and delivery times.

IMO, it´s as simple as that... they are all measureable, and every level of the organization and process is directly involved in each objective.

I remember when I came out of BSI's lead auditing class back in the day all full of fire and brimestone concerning Management review...:D I have never gotten hit by our registrars in the last 3 ISO9001 companies I have worked at. Almost any metric reviewed by Top Management can be explained to any registrar to satisfy the requirement. If you look at what Sidney has posted from the APG it takes a very humble approach, and does it for a reason. Once you start bugging your CEO or President for a particular quality objective metric that doesn't mean anything to them you will find yourself pounding pavement whether you are an internal management rep or a third party registrar! :lol: Where do you think the power of the managment rep or registrar comes from? The customer? :lmao:

You have missed the important part of 5.4.1. It states," Top Management (TM) shall ensure the QO's are established .....at relevant functions and levels withing the organization. TM is an important (or most important) function at the top level. If QOs are not established at the TM level, it shows that TM is not considering themselves important and that may not meet the intent of ISO.

Do you consider top Management one of the most important function in a company at the top level?[/color]

You make a good point, and I understand your concern. I am a big letter of intent, guy. IMO, quality objectives have been relegated to catchy phrases like the one on the post you provided. Mind you, I'm not ridiculing it, just saying they used the letters of the company name to make their quality objectives. So, if their quality objectives ever change, they'll have to be formed with those letters in mind, etc.

For there to be an effective quality system, there has to be objectives/goals of the system. While the management of company X doesn't have quality goals like company Y, that does not inherently mean they are wrong or inferior; just different.

If you are the auditor- in the end it's your decision. If you feel the system is lost in the desert without goals, then state as such. If you cannot see where they are documented, then state that. However.. as hard as it is, try to remain objective to the organization, and provide value to your work.

It's a good general point well made in this thread - the standard asks the top management to ensure the objectives "are established at relevant functions and levels within the organization." It doesn't say what those levels are and what functions they need to cover. As an auditor you have to assess the effectiveness of the objective setting process as a whole - not by going in with preconceived ideas about what they must have.

Personal goals may be part of the systems and some managers like to lead from the front with objectives either for themselves or for the organizaion as a whole. But you mustn't insist on it!

As has been mentioned - that is a short route to the invitation to use the door. :lol:

There is a role internally or as an external auditor to test reasoning and the objective setting process and independent questioning adds value - but, after all, it is "their" system.

ISO 9001:2000 5.4.1 states,"Top management (TM) ensures that quality objectives (QOs)..... are established at relevant functions and levels within the organization." Top management of a company reviews the QOs of all the departments. The QOs have been track, and measured. The company is using a so called "bottom up" system flowing up QOs up to TM and say that those are the top level objectives also. These lower level objectives are pretty specific like reduce turn around time by X-hours. Basically TP doesn't have top level QOs written anywhere. Any comment on this flow up method of managing Quality Objectives?

I believe it is a N/C because Top Management is a critical level of the company and there should be QOs established just like lower levels and function is like Purchasing and Production. What do you think?

The ‘bottoms-up’ goal setting approach (a kind of joint goal setting) is a good method that originates from America and now being adopted by many forward looking organizations worldwide. It’s better because:

1. Goals are set by relevant people/department themselves after having understood the guidelines or policies formulated by the top dogs. As a result there is ownership.
2. These goals had gone through the tough negotiation table and both management and departments are committed to it. (Management Commitment)
3. The departmental or front line people know the market better than people sitting at the corporate office and thus the goals set are more realistic.

Just because your current employer does not practice it doesn’t mean it’s wrong. People who audit or consult could do much better if they care to be equipped with some practical business knowledge.

ISO 9001:2000 5.4.1 states,"Top management (TM) ensures that quality objectives (QOs)..... are established at relevant functions and levels within the organization." Top management of a company reviews the QOs of all the departments. The QOs have been track, and measured. The company is using a so called "bottom up" system flowing up QOs up to TM and say that those are the top level objectives also. These lower level objectives are pretty specific like reduce turn around time by X-hours.

It appears that there are objectives set (emphasis added in Bold), and they are measurable, which would meet the intent of ISO9001:2000, in my opinion.

Basically TP doesn't have top level QOs written anywhere. Any comment on this flow up method of managing Quality Objectives?

In my opinion, it does meet the intent of the standard.

I believe it is a N/C because Top Management is a critical level of the company and there should be QOs established just like lower levels and function is like Purchasing and Production. What do you think?

They have been established.

I'm confused. If Top Management is not setting the objectives and direction of the organization, who is? And, if TM is not, what ARE they doing?

The intent is the leadership sets the goals and agenda, and rolls it down, down, down to all the relevant levels.

Just to simplify things....

Our top management established three Quality Objectives which are applicable to ALL levels (including top management) :

1) Continually improve our processes and our Quality Management System
2) Attend all of our clients requirements
3) Reduce our internal costs and delivery times.

IMO, it´s as simple as that... they are all measureable, and every level of the organization and process is directly involved in each objective.


I'm resurrecting an old thread here, mostly because this post hit the nail on the head with my current dilemma. We're due for another surveillance audit in a couple months and I was reviewing the registrar's last report. It stated that we needed more quality objectives. Ours are:

I. Customer Confidence
(a) Orders delivered error free - percent of orders shipped without verified customer returns.
(b) Orders delivered on-time – percent of orders shipped later than the dock date originally quoted to the customer.

II. Improvements in Our Capabilities
(a)Maintain or improve our internal defect rates.

III. Employee Confidence
(a) Maintain or improve the level of employee satisfaction in both their jobs and the environment in which they perform them.


They're all measurable (measured and reported) and relate directly to our Policy. We're a small company and if any process breaks down we know where, how, and why immediately if not sooner. I can find no value in measuring, for example, if purchase orders are placed on time, if jobs are released on time, etc. We've done it, found it to be in control for a long enough period of time, and quit doing it because again, no value. I can see where a large, departmentalized company may need to know which link in the chain is causing problems and they get this info from internal metrics, but here we're all involved solely in the three listed above.

I'm sure the auditor is going to try to give my QA Director another finding, then they're going to come to me to see why top management didn't establish these lower level objectives and there'll be an hour of my life I'll never get back...

Oh yeah, and:

We never ship anything late and have exceptional customer quality ratings.
Our internal defect rates have gone down (from when I started here 19 mos. ago and implemented this QMS) and are stable.
Our employees are happy.

Am I missing something here, still, or am I rightly prepared to defend my interpretation and perspective?

Thanks,

Tym Tucker
VP Ops
Cable Technologies, Inc.

"I was reviewing the registrar's last report. It stated that we needed more quality objectives."

When a registrar writes a non-conformity he or she is supposed to indicate the requirement of ISO 9001 that is not being met. (Non-conformities are the only things you need to fix. If they write observations or opportunities to improve, you can accept or reject them as you choose.)

There is no requirement to have "more objectives", only a requirement to have objectives, which you have met.

I think it would be reasonable to ask the registrar which objectives, specifically, are missing and why you need them. As you say, there is no value in measuring things for the heck of it. If a registrar says simply and vaguely, 'set more objectives,' you're within your rights to say 'No.'

Just 2c,
Pat

Now this is a thread I'm happy is resurrected! ;)
I'm resurrecting an old thread here, mostly because this post hit the nail on the head with my current dilemma. We're due for another surveillance audit in a couple months and I was reviewing the registrar's last report. It stated that we needed more quality objectives. Pat is spot on here. There is no clause the auditor can raise a finding on. You have objectives.

Ours are:

I. Customer Confidence
(a) Orders delivered error free - percent of orders shipped without verified customer returns.
(b) Orders delivered on-time – percent of orders shipped later than the dock date originally quoted to the customer.

II. Improvements in Our Capabilities
(a)Maintain or improve our internal defect rates.

III. Employee Confidence
(a) Maintain or improve the level of employee satisfaction in both their jobs and the environment in which they perform them.

What's more IMHO they are all valid under ISO 9001. ;) Relating, as they do to quality of product or service (internal and external).

I particularly like the employee confidence objective. :applause:


They're all measurable (measured and reported) and relate directly to our Policy. We're a small company and if any process breaks down we know where, how, and why immediately if not sooner. I can find no value in measuring, for example, if purchase orders are placed on time, if jobs are released on time, etc. We've done it, found it to be in control for a long enough period of time, and quit doing it because again, no value. I can see where a large, departmentalized company may need to know which link in the chain is causing problems and they get this info from internal metrics, but here we're all involved solely in the three listed above.
Again very valid justification - particularly if you can show that you've been down this particular road and have found no benefit. You can even log it as an improvement that you've stopped wasting time and effort! :lol:
I'm sure the auditor is going to try to give my QA Director another finding, then they're going to come to me to see why top management didn't establish these lower level objectives and there'll be an hour of my life I'll never get back... :lmao: I love the bit about an hour of your life .....

Certainly if you can get your QD to prepare the case before the auditor comes in it could head off the wasted hour. He / she should explain to the auditor that your organization has reviewed the previous findings and found they are unjustified. If the auditor can show what clause of the standard your practises have been found to be non compliant with then he / she can make the case to your QD and apply for an interview with you. Don't be afraid to use the threat of contacting the CB's management with a complaint and to have them replaced.

Oh yeah, and:

We never ship anything late and have exceptional customer quality ratings.
Our internal defect rates have gone down (from when I started here 19 mos. ago and implemented this QMS) and are stable.
Our employees are happy.:applause:

Looks like you have some effective measures.


Am I missing something here, still, or am I rightly prepared to defend my interpretation and perspective?Without the exact wording of the N/C it is impossible to give you a 100% answer but with the information available I would say you are perfectly within your rights to defend your company's position.

The auditor's statement about needing more quality objectives may not have been a finding. Many times these observations come out of the auditor's mouth during the audit; sometimes they show up in the narrative of an audit report.

Some folks take these statements as precursors of future findings (fix this or I'll gitcha next time), or as Good Things to do, just because an auditor said them. Most egregious example I know of: an organization changed the words "quality control" to "quality assurance" in approximately 30 documents because an auditor indicated a preference for the latter term.

ISO 9001 says you must have quality objectives for the relevant levels and functions. You get to decide what is relevant and what is not.

If the auditor disagrees with you, the burden of proof falls on him, not you. It's up to him to show the adverse effects of having "too few" quality objectives.

Thanks for the replies Covers!

I failed to mention in my original post that we weren't given a NC, it was just an observation listed as a "system weakness" and these "opportunities for improvement" would be reviewed at the next audit. That's why I wanted to make sure we did indeed have a full understanding of the requirement and that we could effectively communicate that we were meeting it in a way that was meaningful to our business. I appreciate the feedback!

Tym Tucker

Thanks for the replies Covers!

I failed to mention in my original post that we weren't given a NC, it was just an observation listed as a "system weakness" and these "opportunities for improvement" would be reviewed at the next audit.

I thought it was something like that. Someday I will perhaps understand why some few auditors believe they have the right to tell you how to run your business.
Seems like some of them come from a planet where all the streets are marked "one way."

That's why I wanted to make sure we did indeed have a full understanding of the requirement and that we could effectively communicate that we were meeting it in a way that was meaningful to our business. I appreciate the feedback!Opportunities for improvement aren't binding. There is no real reason to "review" them at the next audit.

Your understanding and rationale are both fine, You shouldn't have to defend them to the auditor. It's a shame he's putting you on the defensive in this way.

Paul's advice is excellent - don't hesitate to complain to the parent company if there are problems.

I thought it was something like that. Someday I will perhaps understand why some few auditors believe they have the right to tell you how to run your business.
Seems like some of them come from a planet where all the streets are marked "one way."
Opportunities for improvement aren't binding. There is no real reason to "review" them at the next audit.

Your understanding and rationale are both fine, You shouldn't have to defend them to the auditor. It's a shame he's putting you on the defensive in this way.

Paul's advice is excellent - don't hesitate to complain to the parent company if there are problems.



Cliff, while I agree with the intent of your advice, I think you went a bit far. In today's ISO and TS world, 3rd party auditors are not just doing "compliance audits." We are trained and constrained to push the improvement aspect as well. Unfortunately, it is not always clean and simple. That's why auditors and clients have to work together.

For example, some OFI's that I have written are:

1. Your downtime is rather high, compared to similar companies. (It is their prerogative, but it is my job to inform them.

2. You have few, and basic Quality Objectives. Compliant, but you are not getting the full benefit of the purpose for this requirement.

3. Process XYZ is compliant, but appears rather complex and unncessarily complex. etc...

They don't have to do them, and they may not always agree with them. But, I am not doing my job if I don't point it out. And often, there is a lot of financial benefit in those OFIs, though they may not see it immediately.

Remember, the ISO program is about continual improvement, and good auditors see more companies in a year than most people get to see in a whole career. Unfortunately, while this tool can be valuable in the hands of a skillful auditor, in the hands of a rookie, it can be messy and ugly. Also, since communication is not always a particulary effective activity, sometimes the auditor's comments are misconstrued.

For all these reasons, OFIs are not mandatory to implement. But, for an organization that supposedly is "committed to continual improvement," (it's in your Quality Policy, remember?), it is expected that OFIs be considered by the managment team, as to whether they would provide benefit and be feasible. But it remains with the organization to decide whether to do them.

Frankly, I would drop a client that does not have an interest in hearing and considering OFI's. I work too hard to waste time on clients that are not committed to improvement based on the audit process. There are other auditors who can audit them to basics, if that is what they want.

I'm resurrecting an old thread here, mostly because this post hit the nail on the head with my current dilemma. We're due for another surveillance audit in a couple months and I was reviewing the registrar's last report. It stated that we needed more quality objectives. Ours are:

I. Customer Confidence
(a) Orders delivered error free - percent of orders shipped without verified customer returns.
(b) Orders delivered on-time – percent of orders shipped later than the dock date originally quoted to the customer.

II. Improvements in Our Capabilities
(a)Maintain or improve our internal defect rates.

III. Employee Confidence
(a) Maintain or improve the level of employee satisfaction in both their jobs and the environment in which they perform them.


They're all measurable (measured and reported) and relate directly to our Policy. We're a small company and if any process breaks down we know where, how, and why immediately if not sooner. I can find no value in measuring, for example, if purchase orders are placed on time, if jobs are released on time, etc. We've done it, found it to be in control for a long enough period of time, and quit doing it because again, no value. I can see where a large, departmentalized company may need to know which link in the chain is causing problems and they get this info from internal metrics, but here we're all involved solely in the three listed above.

I'm sure the auditor is going to try to give my QA Director another finding, then they're going to come to me to see why top management didn't establish these lower level objectives and there'll be an hour of my life I'll never get back...

Oh yeah, and:

We never ship anything late and have exceptional customer quality ratings.
Our internal defect rates have gone down (from when I started here 19 mos. ago and implemented this QMS) and are stable.
Our employees are happy.

Am I missing something here, still, or am I rightly prepared to defend my interpretation and perspective?

Thanks,

Tym Tucker
VP Ops
Cable Technologies, Inc.


I'll stand by my previous comments to Cliff's post, but I also want to comment that your objectives, at fisrt glance, are pretty good. If I were auditing, I would want to see the current performance to these. And, I would ask what the specific targets might be. However, you are complaint. And if the current performance is exceptional, I would commend you.

However, I might still look at all the other processes you have, (and I assume you measure or monitor based on cl 4.1.e), and I may ask whether you set goals and targets for any of the rest? I can't make you, but might question why you wouldn't want to.

You also said you reviewed them, in prep for your upcoming audit. I might also question whether the Mgt. team reviewed them after the audit. They are not meant to be filed away unreviewed.

But, by all means, do keep up the good performance, and keep improving.

We're due for another surveillance audit in a couple months and I was reviewing the registrar's last report. It stated that we needed more quality objectives.
Haven't seen the exact wording, but assuming that's what it says, then I share the reservations of others. You're required to have objectives - no prescription of how many is correct (thank the Lord, as this naturally varies).

I would refuse to accept this as reasonable. I would politely insist on more information on precisely what the 'problem' is perceived to be, including references to the exact clause/s in question.

Your quoted objectives sound great to me.

We're a small company and if any process breaks down we know where, how, and why immediately if not sooner.
Wonderful. Would that some of the firms I've seen could say the same :)

I can find no value in measuring, for example, if purchase orders are placed on time, if jobs are released on time, etc. We've done it, found it to be in control for a long enough period of time, and quit doing it because again, no value.

Good for you. There's no point in measuring for the sake of it.

I'd recommend covering bases (if you haven't already) by making a suitable record to demonstrate that said auditor's 'finding/suggestion' has at least been consideration and then rejected, for the reasons given.

Am I missing something here, still, or am I rightly prepared to defend my interpretation and perspective?

Not from where I'm sitting, & on the basis of the info supplied. Nor does it sound as though there are any indicators of a 'problem'. Is the auditor seeing any indicators? If so, what are they?

I would debate it vigorously, using the strategies above. And if necessary discuss with the auditor's technical manager. And if you still get no joy, reconsider your particular certifier.

Cliff, while I agree with the intent of your advice, I think you went a bit far. In today's ISO and TS world, 3rd party auditors are not just doing "compliance audits." We are trained and constrained to push the improvement aspect as well. Unfortunately, it is not always clean and simple. That's why auditors and clients have to work together. Admirable sentiments, Helmut. What we have restarted discussing in this thread is where the auditor goes beyond their remit (in the eyes of the auditee) and tries to impose their view of the QMS on the organization.

For example, some OFI's that I have written are:

1. Your downtime is rather high, compared to similar companies. (It is their prerogative, but it is my job to inform them.

2. You have few, and basic Quality Objectives. Compliant, but you are not getting the full benefit of the purpose for this requirement.

3. Process XYZ is compliant, but appears rather complex and unncessarily complex. etc...
Now I don't know the context of these OFIs but I could certainly see problems with them. Putting my devil's advocate hat on : :D

1. I might be a bit upset that you were "using" my data around the industry - didn't you say information was to be confidential?
2. There is a general rule of thumb that if you go beyond 5 in anything the human brain is unable to cope. So 5 (or fewer) straightforward objectives might be the way the organization ensures their continual improvement programme is sustainable.
3. IMHO unless you tell me why the process is considered complex (and in what areas) then I have nothing to go on


Now I don't mean to critique your OFIs per se - just to point out that there are risks to any aspect of auditing / audit reporting.

They don't have to do them, and they may not always agree with them. But, I am not doing my job if I don't point it out. And often, there is a lot of financial benefit in those OFIs, though they may not see it immediately. I have just finished an audit where the client "ignored" a couple of observations raised at the previous audit. I was disappointed that they appeared to have swept things under the carpet (and said so at the time).

This approach was symptomatic of other problems and, to cut a long story short, they have a couple of Major NCs to deal with and an observation about company culture. Watch this space! :(

Remember, the ISO program is about continual improvement, and good auditors see more companies in a year than most people get to see in a whole career. Unfortunately wide exposure is not a guarantee of a quality audit. Flexibility and empathy are more important in giving a good service to the client.

Unfortunately, while this tool can be valuable in the hands of a skillful auditor, in the hands of a rookie, it can be messy and ugly. Also, since communication is not always a particulary effective activity, sometimes the auditor's comments are misconstrued.
Going back to the restart of this thread the issue seems to be that the auditor's comments are misjudged. If s / he is trying to impose big company / complex objective frameworks on a simple organization then they have not understood the company.

For all these reasons, OFIs are not mandatory to implement. But, for an organization that supposedly is "committed to continual improvement," (it's in your Quality Policy, remember?), it is expected that OFIs be considered by the managment team, as to whether they would provide benefit and be feasible. But it remains with the organization to decide whether to do them.

Agreed - the company's management is telling us (Directly) that, having considered the "OFI" it would make their system worse to implement the changes the auditor is suggesting.

Frankly, I would drop a client that does not have an interest in hearing and considering OFI's. I work too hard to waste time on clients that are not committed to improvement based on the audit process. There are other auditors who can audit them to basics, if that is what they want.

Now you have said this before, my questions are:

Are you in a position to "drop" clients? My understanding is that you, like me, are a contract auditor. I have yet to see any contract auditor in a position or wishing to choose their audits.
Are you saying that a compliant system is not a justification for certification? Just because they don't like your suggestions is, surely, not a good enough reason to "drop" them. They do have some continual improvement activities in place, don't they?

Thanks for the replies Covers!

I failed to mention in my original post that we weren't given a NC, it was just an observation listed as a "system weakness" and these "opportunities for improvement" would be reviewed at the next audit. That's why I wanted to make sure we did indeed have a full understanding of the requirement and that we could effectively communicate that we were meeting it in a way that was meaningful to our business. I appreciate the feedback!

Tym Tucker

Tym,
I fully agree with my colleagues that there is no nonconformance here. That said, I do believe there maybe in fact a good opportunity for improvement. This is based on the very fact that you are doing so well with your objectives. Is there an area that is not doing so well? May be you should add a problem area and track that. I'm of course speaking from very little knowledge of your specifics, but I have seen cases where most things were hunky-dory, and the objectives measured that, but some real areas of possible improvement existed, and where not measured.

Geoff Withnell

Cliff, while I agree with the intent of your advice, I think you went a bit far. In today's ISO and TS world, 3rd party auditors are not just doing "compliance audits." We are trained and constrained to push the improvement aspect as well. Unfortunately, it is not always clean and simple. That's why auditors and clients have to work together.

Helmut, I appreciate your point of view and thank you for taking the time to express it so well. :applause: I would like you to understand that my opinions about auditors and how auditors should act come from observing auditors in action and seeing how the auditors affect clients.

I believe "pushing the improvement aspect" means determining if there is a mechanism for continual improvement and evaluating its effectiveness. I do not believe that it means becoming an engine of improvement.

I've looked at a few, not many, registrar contracts lately. The agreed-to service is to verify compliance in all the ones I've examined.



For example, some OFI's that I have written are:

1. Your downtime is rather high, compared to similar companies. (It is their prerogative, but it is my job to inform them.

2. You have few, and basic Quality Objectives. Compliant, but you are not getting the full benefit of the purpose for this requirement.

3. Process XYZ is compliant, but appears rather complex and unncessarily complex. etc...
These may be excellent. But where do you draw the line with regard to consulting? By 'partnering' with your client in this way, are you not in danger of losing your objectivity?


They don't have to do them, and they may not always agree with them. But, I am not doing my job if I don't point it out. And often, there is a lot of financial benefit in those OFIs, though they may not see it immediately.

Remember, the ISO program is about continual improvement, and good auditors see more companies in a year than most people get to see in a whole career.
That raises the point about confidentiality.


Unfortunately, while this tool can be valuable in the hands of a skillful auditor, in the hands of a rookie, it can be messy and ugly. Also, since communication is not always a particulary effective activity, sometimes the auditor's comments are misconstrued.
It's not just a matter of experience. No doubt competent auditors exist; I've had the pleasure of seeing some in action. That said, there are far too many who either sleepwalk and pencil whip the audit or play "my way or the highway."


For all these reasons, OFIs are not mandatory to implement. But, for an organization that supposedly is "committed to continual improvement," (it's in your Quality Policy, remember?), it is expected that OFIs be considered by the managment team, as to whether they would provide benefit and be feasible. But it remains with the organization to decide whether to do them.
Exactly. But when the auditor tells a client, "we'll review these next time around" there's a warning, maybe even a threat. Some clients, especially those new to the game, are easily swayed by these statements and often do unnecessary work.

I do think it's legitimate for an auditor to use an OFI to put a client on notice that there's an NC lurking in the future, but only when the NC can't be fully pursued during the current audit -- maybe it's too far off-scope, or the auditor is out of time.


Frankly, I would drop a client that does not have an interest in hearing and considering OFI's. I work too hard to waste time on clients that are not committed to improvement based on the audit process. There are other auditors who can audit them to basics, if that is what they want.I wish I could do that, but the cats come around demanding to be fed and I've spoiled my family by allowing them to live indoors. Unfortunately, the perfect client doesn't really need my services in the first place. But that's another story.

Just to simplify things....

Our top management established three Quality Objectives which are applicable to ALL levels (including top management) :

1) Continually improve our processes and our Quality Management System
2) Attend all of our clients requirements
3) Reduce our internal costs and delivery times.

IMO, it´s as simple as that... they are all measureable, and every level of the organization and process is directly involved in each objective.





Of course you can get by with complying with the letter of the standard. And I would agree that the wording that you've given is indeed quite useful as education for others.

But to my mind I'm not 100% sure I buy your response. Those "objectives" seem so ephemeral that I would argue that they are, in reality, actually aspects of the Quality Policy. After all, any company that doesn't include those three things is going out of business sooner or later anyway.

Surely the objectives should detail how those three "policies" are intended to be achieved in a more specific way. (I do appreciate that there would be a lot of supporting information - clearly, doing the "routine stuff" as good or better than usual is indeed an objective, and an important one at that.)

For myself, in addition to that, I tend to ask Top Management what are their most important projects over the next 24 months, and then track how that is translated through the company.

Roland, Not sure if you meant to quote the (much earlier) post by tedschmitt or the response by Tym Tucker that we have all piled in to.

I have copied an edited version (sorry Tym) below your post just in case you wanted to review again. :)

I believe Tym's company meets the spirit and intent of the standard.

Of course you can get by with complying with the letter of the standard. And I would agree that the wording that you've given is indeed quite useful as education for others.

But to my mind I'm not 100% sure I buy your response. Those "objectives" seem so ephemeral that I would argue that they are, in reality, actually aspects of the Quality Policy. After all, any company that doesn't include those three things is going out of business sooner or later anyway.

Surely the objectives should detail how those three "policies" are intended to be achieved in a more specific way. (I do appreciate that there would be a lot of supporting information - clearly, doing the "routine stuff" as good or better than usual is indeed an objective, and an important one at that.)

For myself, in addition to that, I tend to ask Top Management what are their most important projects over the next 24 months, and then track how that is translated through the company.

It stated that we needed more quality objectives. Ours are:

I. Customer Confidence
(a) Orders delivered error free - percent of orders shipped without verified customer returns.
(b) Orders delivered on-time – percent of orders shipped later than the dock date originally quoted to the customer.

II. Improvements in Our Capabilities
(a)Maintain or improve our internal defect rates.

III. Employee Confidence
(a) Maintain or improve the level of employee satisfaction in both their jobs and the environment in which they perform them.


They're all measurable (measured and reported) and relate directly to our Policy. We're a small company and if any process breaks down we know where, how, and why immediately if not sooner. I can find no value in measuring, for example, if purchase orders are placed on time, if jobs are released on time, etc. We've done it, found it to be in control for a long enough period of time, and quit doing it because again, no value. I can see where a large, departmentalized company may need to know which link in the chain is causing problems and they get this info from internal metrics, but here we're all involved solely in the three listed above.

Oh yeah, and:

We never ship anything late and have exceptional customer quality ratings.
Our internal defect rates have gone down (from when I started here 19 mos. ago and implemented this QMS) and are stable.
Our employees are happy.

It was the earlier post I was responding to, I really like Tym's listing.

I would add that Tym makes clear that his company is small enough that those would indeed likely describe the most important day-to-day and year-to-year concerns of the whole company.

With a larger company, some cascading / refocussing would possibly be required.

Exactly. But when the auditor tells a client, "we'll review these next time around" there's a warning, maybe even a threat. Some clients, especially those new to the game, are easily swayed by these statements and often do unnecessary work.

I do think it's legitimate for an auditor to use an OFI to put a client on notice that there's an NC lurking in the future, but only when the NC can't be fully pursued during the current audit -- maybe it's too far off-scope, or the auditor is out of time.

At my CB we have two types of "Non NC" :confused: . We can raise an opportunity for improvement (OFI) when we see something that seems to be inefficient or where there is information in the public domain that might help. Some of my favourites are QOS for objective deployment or FMEA for preventive action. I always use these as examples for them to look at and consider.

The other form is the Observation which we use to indicate that a process may be deteriorating towards being non complaint - the shot across the bows if you like.

I always explain at closing meetings that they do not have to do anything on OFIs / Observations but that I will always ask them if they got anything from it.

I appreciate the "threat" may be there but if someone ignores an OFI / Observation the next step is not to raise an NC but to understand what they are doing instead.

I agree with Paul, but I would like to add that I occasionally raise non-conformities where Observations have been ignored.

Under Management Management Review there is a requirement to review the "results of audits".

It doesn't say "non-conformities from audits".

So if an organisation documents a justifiable rationale for taking no action on an OFI, that's fine. But if the organisation ignores the "non-NC findings", that isn't.

Was this really meant the way it sounds?

It seems like a textbook example of an auditor using a particular interpretation of the standard to enforce desired behavior that is not mandated by the standard.

I occasionally raise non-conformities where Observations have been ignored.

Under Management Management Review there is a requirement to review the "results of audits".

It doesn't say "non-conformities from audits". It doesn't say "observations and OFI's," either. Since neither ISO 9000:2005 nor 9001:2000 define "audit results," I would claim that the organization is free to define the term in whatever way best suits its needs as perceived by the organization.

So if an organisation documents a justifiable rationale for taking no action on an OFI, that's fine. But if the organisation ignores the "non-NC findings", that isn't."Documents a justifiable rationale." Can this really mean they can't just tell the auditor why they didn't adopt the idea, they have to write it down?

And who determines whether a rationale is "justifiable?" Is it the auditor, the one who had the idea in the first place? Isn't there just a wee risk of loss of objectivity here?

Sorry, I can't buy into this concept. Not when there are auditors in the field suggesting stuff like this:
replacing "quality control" with "quality assurance" in an entire body of quality system documentation; or,
suggesting that clients need to apply "page X of Y" numbering to all fo their procedures or work instructions; or,
suggesting that a company with 20 people adopt Toyota's badge system to indicate training level; or
suggesting that a company spend money to color-code hoses when the corresponding truck valves are not color coded.

:D

Not sure where all that came from. Are you sure that's just sugar in your coffee? :)

And no, I'm not defending the rest of your list, indeed they sound unreasonable to me too.


"Documents a justifiable rationale." Can this really mean they can't just tell the auditor why they didn't adopt the idea, they have to write it down?

"Err... we didn't act on the observations because we only read the CARs and forgot about the rest of the report."

I see that, worryingly often.

The standard requires Management Review to include recommendations for improvement and results of audits as inputs (5.6.2a and 5.6.2g). Where this doesn't happen it can be a non-conformity.
Sometimes. No more, no less.

And no, I don't insist they write it down. And yes, I do always try to avoid imposing my crusade-de-jour, but it never hurts to be reminded! :agree1: