I have an area I would appreciate comment on. An individual I was advising recently asked this question: “Does ‘Management Review’ mean that we have to hold management review meetings? We are a small company and everyone knows the status and what is going on.” My response (summarized below) was this:

ISO 9001 4.1.3 states “The supplier’s management with executive responsibility shall review the quality system at defined intervals sufficient to ensure its continuing suitability and effectiveness is satisfying the requirements of this American National Standard and the supplier’s stated quality policy and objectives (see 4.1.1). Records of such reviews shall be maintained (see 4.16).”

ISO 8402 3.9 defines management review as “formal evaluation by top management of the status and adequacy of the quality system (3.6) in relation to quality policy (3.1) and objectives.”

The majority of companies comply by holding annual or semi-annual Management Review meetings where face to face discussions are entered into. It does not, however, state that “meetings” shall be held. My response also indicated that meetings are usually the preferred method because things may arise that may not be considered on an individual basis. However, they are not essential. I offered the following example:

Section 4.1.2.3(b) states “The supplier’s management with executive responsibility shall appoint a member of the supplier’s own management who, irrespective of other responsibilities, shall have defined authority for…reporting on the performance of the quality system to the supplier’s management for review and as a basis for improvement of the quality system.” Since this report must be prepared anyway, use it as a management review tool. Prepare the report outlining and describing performance and include the items detailed in 4.1.3. Include items such as internal audit results, noncompliances found, status of corrective actions, etc. After the report is complete, circulate it with a cover sheet that explains the content and purpose of the report. Include on the cover an area where comments can be recorded. Require that the receivers’ sign and date the cover indicating they have read the report, circulate to all recipients and have the original returned to you. Copy the recipients afterward and keep the original as your objective evidence.

Was I completely off base? Comments would be appreciated.

Don

Don't over complicate the matter - take a look at Mgmt_rev.pdf

Free Files Directory (http://Elsmar.com/pdf_files/) A Simple Management Review form

This was for a small firm (14 souls) and the registrar easily bought it. The VP Operations scheduled the review on his yearly calander (hanging on his wall). He and the other VP 'met' at least once a year, completed the form and all was well with the world! And with the registrar!

Thanks. That is much better than my suggestion. The form is GREAT. Will advise the individual who originated the question and reply if additional questions are raised. Thanks again, Marc.

Since I'm such a loud mouth, I'll say again to everyone:

Don't over complicate any system for the sake of compliance. Do what is appropriate for the employees, the business, the product and the processes.

Keep It Simple!

At the same time, remember that what satisfies ISO 900x does not automatically satisfy QS9000!

[This message has been edited by Marc Smith (edited 08-27-98).]

Marc,
You are correct. I seemed to have forgotten the primary rule, "Do not read in what is not there." Thanks for the reminder.

Don

My main concern - why this web site is here - is to provide, to anyone who wants to take the time (none of this horse **** of 'Please explain to me what ISO9000 is') to READ, information in how to comply with QS and/or ISO 900x 'requirements'.

I continue to contend:

1) Can you explain: What are you doing?
2) Explain how you meet the requirement.

If you are copying 'requirements' into your level 2's, you are not meeting the overall intent:

Can You Explain How You Comply?
Keep it Simple! It must be appropriate for your business and product(s).



[This message has been edited by Marc Smith (edited 09-09-98).]

Maybe its does not need to be said, but I'm going to say it anyway because many quality professionals have translates the advive "Keep it Simple" into "Get out of it Easy". I totally agree with Marc that you should keep it simple, but not at the risk of compromising the intent of the standard. It has been my experience that small companies tend to do this more than large, not true in all cases, but small companies tend to wanna "get out of it easy". I personnaly know a quality manager who is always saying "all you ISO guys wanna do is complicate things". Mostly in response to sound business practices, such as initialing and dating cross-outs on permanent quality records. His contention is if it does not say it in ISO his company dont have to do it. His consultant told him to "keep it simple", but now he wonders why ISO hasn't benefitted his company. I'm not saying that passing an agenda around to the management team does not work, or is a bad idea, but there is a lot to be said for having face to face meeting to discuss the health of the business system, no matter if the company is 2 people or 2,000. Yes while it is technically true that ISO does not require meetings, conducting meeting has its genesis in sound business practices, and has become the prefered practice for conducting management review.

Christian,

I agree with you for the most part. Along with Keep It Simple is the fact that it must work. In general, the smaller the company the less complex it is thus the simplier the systems. One company of about 12 people I worked with was the source of the 'management review'. As I said (I think) they do meet once or twice a year - just the owner and the one vice-president - but it suffices for what they do.

You stated:

"His contention is if it does not say it in ISO his company dont have to do it. His consultant told him to "keep it simple", but now he wonders why ISO hasn't benefitted his company."

I contend that has nothing to with keeping anything simple - it has to do with the attitude of the person who wondered why ISO wasn't 'helping' his company. If the person was being guided by a consultant, well - there are bad consultants - lots of bad consultants as a matter of fact. The expectation that ISO is a magic bullet, or that ISO is "all you have to do" is just plain stupid thinking.

I suggest that the failure for ISO to 'benefit' his/her company is that person's fault and is unrelated to ISO requirements. ISO is just a set of required minimum business systems. I tell my clients that I cannot really remember an implementation where problems weren't found and addressed (typically fixed) but that it is very possible that ISO will provide no outstanding evidence that it has helped the company in any way and that, in fact (as almost always happens), the first 'evidence' is typically new customers who had a choice between the company and others and they wanted (specifically) an ISO registered firm to buy from.

There are two types of companies in my world - those which have good business practices to begin with and those which don't. Take them both and implement ISO and see what you get.

To say Keep It Simple is, I admit, in its self simplistic (just as Say What You Do and Do What You Say is simplistic) - there is more to it than just keeping it (whatever 'it' is - I assume 'it' to be a system or series of systems) simple - we all know that, yes? Better said might be Keep It Appropriate for Your Company.

Company 'qualifiers' I consider when addressing system(s) requirements include:

Facility Size
Number of Facilities
Location of Facilities Geographically
Number of Personnel in (Each) Facility
Dispersion of Facilities Geographically
Processes
Product(s)
Management Demeanor (Both Upper- and Mid-)
Hourly Demeanor
External Customers and their Requirements (Ford? GE? Motorola? Sue's Sandwich Shop? Wal-Mart? SAM's Discount Club?)

From now on I personally pledge to say:

Keep It Appropriate

instead of Keep It Simple.

with all of that digested....simple is easier to say than appropriate..also easier to spell...much simpler..wouldn't you say?....LOL.

You wouldn't want me to break my pledge in the name of simplicity, would you barb?

Yes I agree with what you are saying I wanted to illustrate the difference between getting around the ISO requirements and keeping it simple. The manager in my example thought they were the same thing. And yes it does depend on the business practices of management, no matter what size the company. I think ISO detractors would agree with the manger in the example.

To me, the beauty of simplicity is that it makes something like ISO9000 easier to follow. To take a simple approach means you document your system (and check for compliance), to be sure, but you document it simply so that it reflects your current system as closely as possible while allowing consistent execution of your system. I think that ISO gets its "bad" name from those who forget that simple things like "easy documentation" and communication between groups is essential. This has been preached by Deming et al. for a long time. Separation of a sound quality/business philosophy (like Deming or Juran) and application of ISO9000 will mean hours/days of frustration. (After this, the preacher descends from his pulpit...)

common sense.....there ought to be a course..simple takes the mystery away.....but to simplify it is a talent..an expertise if you will....not everyone gets it right !!! Once shown the way its 'easy street'.....but when you are led down a yellow brick road to OZ its quite another story.

And the next one to step up to the pulpit is......????????? I agree roger..so true..document it ...then use the system to improve itself.

Barb, I will take the next pulpit.

Simple, ahhhhh, yes, simple. Simplicity is the better method for many companies. I have seen those that believe that the ISO 900x is the MASTER. I believe (IMHO) that it is the SLAVE. It tells us what we must do. We decide HOW we will do it. Marc, I prefer simple, but NOT at the cost of the business’s best interest. Do not implement a system that would be “in compliance” but would cost the business (money, customers, etc.) in the long run. For example, do not implement a system that would cost a small company a fortune in paperwork. Can you explain: the key word is appropriate, but be able to justify when it is not appropriate. Be able to explain if a section (or portion of a section) is not appropriate and WHY!

Christian, there are those who would prefer to comply with the “letter of the standard” rather than the “intent of the standard.” Does that mean that those who do comply are not doing what is best for their business? Maybe, maybe not. Do we, as assessors, judge them for their business practice? No! Objective evidence is our concern. Each depends upon the operation and the philosophy of their management. The example you gave above is a classic. The manager is, what I consider, a “trophy hunter.” He wants the registration without going through the pains of making his operation more profitable and efficient. But, the “pains” of registration can be reduced without sacrificing effectiveness of a ISO 900x Quality Management System.

Roger, I prefer simple but not at the expense of my company’s effectiveness. There are many portions of the standard where I have gone beyond the “letter of the standard” and others that I have “complied with” the standard. Each is, in my (humble) opinion appropriate for our operation. Again, KEEP IT SIMPLE but, in Marc’s words, also APPROPRIATE.

Barb, your insights (as well as all others) are very helpful and provide (me, at least) ammunition to use in my discussions with my management team (they can be stubborn sometimes). I also agree that simple is much easier to spell than appropriate. Perhaps Marc will revert to his original slogan. Perhaps not.

“Short Term Results Must Never Be Confused With Long Term Goals.”

With that said, I surrender the pulpit to the next speaker.

Best Regards,


[This message has been edited by Don Winton (edited 09-14-98).]

Here's a quickie from Jennejohn's discussion listserve:

-------snippo------

Date: Fri, 11 Sep 1998 11:24:59 -0600
From: Paul Murgatroyd
Subject: RE:Q: Management Reviews/Broodryk/Murgatroyd

Yes, It is useful to consider the management review as a process that will add value to the overall success of the business. Furthermore, it is in my opinion the most vital component of the quality management system (many systems I have observed have failed due to deficiencies in the management review process. Furthermore this widespread and chronic state of decifiency is perpetuated by registration organizations typically accepting what I believe to be insuffcient objective evidence of compliance with the spirit of the related requirement clause. Hopefully, from what I have seen in the working drafts this will be addressed by the next edition of the International Standard ). More specifically, a properly designed and implemented review process will ensure that the system continues to develop towards an optimizing state in terms of a capability maturity model (capable in terms of delivering against the desired objectives). Ideally, the approach is proactive. with a focus on continuous improvement involving the PDCA cycle. As well, it is advisable to integrate the review into the overall strategic business planning process. The Actors in this process should include the most senior level of management that would normally be involved in strategic business planning. Again, the management review process will be the engine of improvement if properly implemented.

The management review process can be defined using the standard process model comprised of input, process activities, and output . A model I have found to be useful in this case is as follows:

Inputs:

Customer feedback data (eg: complaints, survey results, etc.)
Internal feedback data (eg: inspection results, internal audit results, etc)
Regulatory requirements
Benchmarking data
Present strategic objectives for quality management
Other relevant information

Process Activities:

Presentation of the input data that facilitates identification of levels and trends in outcomes
Comparative analysis of outcomes achieved against the desired strategic objectives Conclusion regarding effectiveness and of the present system in delivering the desired objectives
Planning the correction of known deficiencies and prevention of potential deficiencies

Outputs:

Corrective or preventive action plans
Revised strategic objectives for quality management

Although this is a fairly cursory address of your question, I hope it will be of assistance. If you can get your hands on a working draft of the next edition of ISO 9001 and ISO 9004, it will also provide some useful guidance. I invite you to contact me directly via e-mail if you would like to engage in more detailed dialogue on this topic.

Regards Paul J. Murgatroyd
Uniserve.com

Subject: Re: Management Responsibility /Syed/Bradley
Date: Tue, 13 Apr 1999 12:56:02 -0600
From: ISO Standards Discussion

From: Mark Bradley
Subject: RE: Management Responsibility /Syed/Bradley

> Hi,
>
> I am working as Quality Assurance Coordinator/Quality Management Rep. in
> a group in Doha, Qatar (Gulf/Middle East Region). I have started this
> since Oct '98. The group itself is chaired by Chairman, who is the only
> and final authority for providing resources. And only limited
> authorities have been given to company managers. There are 15 companies
> in Our Group.
>
> The problem is Our Chairman has a very busy schedule and I did initiate
> Group Management Review Council as reqd. in 4.1.3 of ISO 9002:94, but
> despite agenda were distributed, he had to leave for some business trip.
> As defined in the procedure, his brother, i.e. Vice-Chairman was
> supposed to chair the meeting, but he refused to attend the meeting
> stating that it was not his duty to attend the meeting.
>
> As all members of this review council, i.e. Executive Council for
> Quality, were very disappointed and started to leave. This caused a
> company-wide demotivation and as MR, I am trying to find some new
> strategies.
>
> These are:
>
> 1. To implement ISO 9002:94, from Company Manager Level without
> involving Chairman and Vice-Chairman even they are only and final
> authorities to provide resources (i.e. mentioning them as NOT in
> Scope).
> 2. If this is not possible, can we send them meeting minutes to take
> action without reviewing and discussing with Council members?
>
> I hope that you can understand the situation. Please give any suggestion.
>
> Syed Muhammad Ali, QA Coordinator/QMR.

I would suggest the following:

Create an ISO Implementation Team that has as it's members an individual from each of the departments. This team is your Action group. Meet frequently and use this team to coordinate your implementation of ISO. Meet with upper management quarterly to fill them in on the actions of the Implementation team. This worked well at a company I worked for in getting QS-9000, and I am using it presently at my present company to pursue ISO9002.

You still meet the requirements this way, but don't have to depend on upper management to be at all the meetings necessary to implement ISO.

----------snippo----------

Subject: Re: Q: Management Responsibility /Syed/Paris
Date: Tue, 13 Apr 1999 12:43:12 -0600
From: ISO Standards Discussion
Subject: Re: Q: Management Responsibility /Syed/Paris

Interesting post, Mr. Ali. I've had similar experiences, and one former client appears to be about to lose registration because the CEO felt that when the certificate was on the wall and the consultant (me) left, his involvement was over.... despite all the training I gave him to the contrary. He's since cancelled three review meetings, and the surveillance audit is pending. It's not reassuring.

The standard says "The supplier's management with executive responsibility shall review the quality system at defined intervals." It does not require management review MEETINGS... although obviously auditors like to see them, and such meetings are the most effective way for management to do the review. I've spoken with a few registrars about this particular issue and they say that an acceptable method IS to have reports sent to executive management for their review, but that in order to meet ISO 9000 the managers must do more than just RECEIVE the reports. There must be proof that they are reviewing the information and actually feeding the results of that review back into the system for improvement. For example, simply initialing the reports as "received" is not sufficient. This is difficult to do from a distance --- but not impossible.

There is no ISO9000 requirement that the managers be sitting in the same room. ISO must be flexible enough to accomodate modern office communications (teleconferencing, internet, etc.) Perhaps you can develop a means to satisfy the standard without having your CEO physically present. He must be PSYCHOLOGICALLY present, though.... and it's unclear from your post if he's really bought into the program or not. You say he's "busy." If he really wants the benefits of ISO (other than the certificate and marketing advantages) he will incorporate the needs of ISO into his schedule, even if it makes him busier. Then there's the question of will he be too busy to be physically present during the AUDIT, which IS required!

>As all members of this review council, i.e. Executive Council for
>Quality, were very disappointed and started to leave. This caused a
>company-wide demotivation and as MR, I am trying to find some new >strategies.

This illustrates the greatest harm uninvolved executive management can have.

>These are:

> >1. To implement ISO 9002:94, from Company Manager Level without involving Chairman and Vice-Chairman even they are only and

> >2. final authorities to provide resources (i.e. mentioning them as NOT in Scope).

This is completely NOT something you want to do, and will likely be a major nonconformance in an audit. Again, the standard calls for "The supplier's management with executive responsibility " to do the review. Excluding them from the scope is like excluding the entire 4.1 element from the scope, and that constitutes a missing element --- a major nonconformance.

Your second option, sending minutes, MAY work as I discussed--- but it will be very tricky, and will still require your CEO's absolute involvement, even if it's from a plane or 2000 miles away.

Christopher Paris

[This message has been edited by Marc Smith (edited 04-18-99).]

Marc,

This post kills me! This is what feeds that stereotype we just discussed about Senior Managements role in an organization. The Top Person in any organization sets the tenor. If senior managament believes Quality is the Quality departments responsibility, the possibility for improvement is virtually lost. Fortunately, Mr. Ali might be able to set up the organization to pass ISO 9002 from a middle position, but sadly it will be a smoke and mirror approach. I would like to be a fly on the wall as the Registrar's auditors sit down with the Chairman and Senior Management (including the Vc who said it wasn't his duty) when they cover Management Responsibility and the Quality System. It really pisses me off when I hear or read a story like this one (excuse my grammar here). Management Review is for ALL of management. In my organization, I recall the first couple of Management Review meetings lacked commitment and cross functional input. Folks looked at me and thought I put a poor agenda together and that I was ill prepared for the meeting. They were reluctant to come to the next meeting. So was I. I had to stop the second meeting to ask the group whose meeting this was, Mine or Theirs? What looks of astonishment. They had no idea that this was Our meeting! Most had not even read the Management Review SOP (I might add it contained the Standard Agenda and explained the need for Management Review with other guidelines)! Then others complained about the semantics chosen for the Agenda (no comments during draft review, plenty came during the meeting). Well, I shrugged it off after a couple of days. The system will yield what the system is capable of. And that was what it did (complainers). Subsequent meetings have improved, folks are more prepared, and fortunately Senior Management is supportive, unlike Mr. Ali's position.

Final comment: It is every managers DUTY to prepare and participate in Management Review. The Vice Chairman (regardless if it is formalized in a procedure or not) is DEAD WRONG!

Good post Marc. Now back to the group...

[This message has been edited by Kevin Mader (edited 04-20-99).]

I have a similar problem.

General Manager of the Company understands his role in the scheme of things.

Managing Director (his father) is a loose cannon who wanders in and out of the business, refuses to use purchase orders, never attends any training sessions and moans about cost of implementation.

I just wrote him out of the system.

Sounds like a good idea. Unfortunately, being a key role in the organization, this will undoubtably raise some suspicion with a Registrar once it is discovered. Management Commitment is key, and the lack of it from a Senior Level position would indicate to me that the Registration is a smoke and mirror job. What is worse, folks below, understanding the intent and standing behind it, are overshadowed by the blatent disregard for structure. Too bad.

Back to the group...

Much depends on how involved dad (managing director) is in the business and how much influence he has on the employees. I could very easily see that the son (general manager) really runs the business and influences behaviour more than dad who is in and out of the business. While the registrar would be correct in being suspicious and investigating, I think to assume that the registration is "smoke and mirror" is too harsh a conclusion.

Tom,

You caught me projecting again (sorry, but I often do). But I must stick to my guns on this for now. Is my position harsh? I guess it is the perspective by which an individual views the system. I am a top down individual. Granted 'dad' may not have a huge hand in the day to day operations and is just around long enough to raise some dust and leave, yet this is who has the ultimate charge for Quality (even if he delegates, it truelly isn't an item that can be, IMHO). Quality is born in the boardroom. Should the leader of the board show little interest (especially when he pays for it)? Above that, should he break the rules? What kind of leadership does he provide? While the son runs the shop and folks know he is the go to guy, they will notice the behavior of dad and a few will use this to their advantage. Meantime, the son runs around doing damage control (not even corrective action) trying to smoothe things over. Nonvalue added, but necessary. There is a better way.

Anyway, I'll cut this projection short. Back to the group...

I just wrote him out of the system.

While 4.1.3 requires “management with executive responsibility…” it does not require ALL “management with executive responsibility…” and ISO 900x does not require management commitment, although it greatly influences success. The word ‘commitment’ can be found only at 4.1.1 which requires:

…supplier’s management with executive responsibility shall define and document its policy for quality, including objectives for quality and its commitment to quality.

A registrar may be able to stretch this to a noncompliance, but I doubt it.

I have had to do a similar situation here, but not for the reasons cited above. The President of my firm is physically located in the corporate office, approximately 800 miles from the manufacturing facility. The corporate office is outside the scope of this registration. He visits manufacturing approximately six hours a month, mainly to discuss business operations. His commitment to the system is high and he demonstrates it each time he visits, but this condition did create a management review problem.

While this situation is tricky, it can be done. The procedures for Management Review were written such that the President is involved in management review but does not have to attend review meetings (Besides, review ‘meetings’ are not even required). He provides input through advanced notice of meetings, an agenda and a request to reply by return his inputs. If none, he states “none” and the meeting is conducted between myself and the VP’s. If he has inputs, there are discussed at the meeting, with myself as the President’s liaison. Afterwards, he is provided minutes of the meeting stating his involvement as outlined above, and signed acceptance of the minutes is requested by return, which he does faithfully. While 4.1.3 does not REQUIRE procedures, the above is very well documented in them, probably to the overkill point, but I wanted my FDA bases covered.

Besides, when it comes to our ISO and FDA system, I have the last and final word, not the President and the employees (including the VP’s) know this.

Perhaps a variation on the above may be useful in Michael’s situation. I would recommend not ‘writing him out,’ but rather include him indirectly through procedures.

As to Kevin’s comments regarding the negative impact of dad’s behavior, I would tend to agree in part, but I will withhold judgement without knowing dad’s involvement in operations and how seriously employees regard dad, as Tom correctly pointed out. If they know he is a ‘loose cannon’ and the son really runs the show, that should be considered as well. This was exactly the case at one company I worked for. Dad owned the company, but did not run it. His only involvement in day-to-day operations was to arrive when he wanted, smoke cigars, read the paper, sign checks and then leave when he wanted. The employees knew who ran the show (Executive VP-his son) and there was virtually no trickle down effect from dad’s behavior (other than the cigar smell from his office).

I think to assume that the registration is "smoke and mirror" is too harsh a conclusion.

I agree within the confines of the concerns and comments stated in my previous paragraph.

Regards,
Don

Don,

What if dad is breaking the rules and does not follow procedure (i.e. avoiding POs)? As CEO, he has a responsibility to the Quality Program and System, even if he does not lead the program itself (I won't go there). He must follow the program or risk creating nonconformances to be detected by the Registrar. If you were the Registrar and you found materials being ordered outside of the channels by the President, what conclusions might you reach?

I'll concede that my statement, while I think accurate to the information provided, may have been inclusive of Cigar Smoking Dads. But a whisper of cigar stench and avoidance of a documented daily work activity are different (one a comment, the other a nonconformance).

What do you think?

Regards,

Kevin

Don,

I agree with all points made, I made many assumptions based on "traditional paradigms". Perhaps our individual perspectives (mine, yours, Michael's), developed by our own preconceptions of our own experiences within our own Quality Systems, lead us to this discussion. I enjoy dsicussions like this, as it does create moments of reflection for me, that without, would probably feed into the paradigms that control the development of my perceptions. Again, no right or wrong about it so I make no apologies for that or expect them either. I hope no one feels misplaced or bad about discussions like these, as I don't think (my projection) that folks are malicious. We are all products of the Systems we inhabit and are influenced as such. Enough said on that for now.

I will make comments based on my own experiences, my own traditional views if you will, that in retrospect, illustrate the control living in a system will sometimes have on a person. Funny that it seems my pessimism draws out the blind spots. But that is part of my personal CI program, so in many ways I am grateful for these experiences.

Regards,

Kevin

I enjoy dsicussions like this, as it does create moments of reflection...

As do I, Kevin, as do I.

Regards,
Don

I will preface this with: Anyone who has read my posts knows I believe there is a distinct difference between ‘compliance’ and ‘effective systems management.’ They are entirely different and should be considered within the scope of an assessment. I did not mean to imply that Michael’s system was ideal, much less desirable, just that it may (or may not) be workable within an ISO 900x system for compliance. It is definitely undesirable within the scope of ‘effective systems management.’ And I agree with Kevin’s points that ‘quality’ begins in the board room. But as I stated earlier, ‘compliance’ and ‘quality’ are different. With that said:

From Michael:

refuses to use purchase orders

From Kevin:

If you were the Registrar and you found materials being ordered outside of the channels by the President, what conclusions might you reach?

ISO 9001; Section 4.6.2(b) states, in part:

define the type and extent of control exercised by the supplier over subcontractors. This shall be dependent upon the type of product, the impact of subcontracted product on the quality of final product…

Is Dad ordering parts that affect final product? Answer: Not known with available data and further information is not available.

Is Dad ordering parts that are inside or outside the ‘extent of control exercised’ with subcontractors? Answer: Not known with available data and further information is not available.

Is Dad ordering parts without a ‘review and approv[al of] purchasing documents for adequacy of the specified requirements prior to release.’ Probably, but depending upon the answers to items one and two, this may or may not be relevant.

Findings on 4.6.2(b): None. Concerns: Three.

Comments: Requires further investigation. The President of the Company appears to function outside the quality system and scope of ISO 9001, but at this time, there is not enough objective evidence to issue a noncompliance.

The purpose of an assessor is to determine compliance, NOT noncompliance. Of course the above assessment would also have to include the organization’s procedures as required by 4.6.1, but these are not available for this exercise.

He must follow the program or risk creating nonconformances to be detected by the Registrar.

As you can see from above he has created a risk, but (using available data) not to issue a noncompliance. Besides, if Michael has been effective at ‘writing him out,’ his role may not come up in an assessment, but that is unlikely due to various portions of 4.1.

From Michael:

wanders in and out of the business

Not a noncompliance.

never attends any training sessions

Not a noncompliance.

moans about cost of implementation

As long as compliance is maintained to clause 4.1.2.2, not a noncompliance.

I will state once again, the situation described by Michael is not desirable nor does it enhance or add to an effective systems management method. Kevin’s comments and observations are perceptive and should be taken into consideration. Tom’s observations are also astute and should be given due attention. But, the system of compliance is defined by the organization, not the registrar (ISO 9001; Section 4.2.2). If more assessors realized this, things would be simpler.

Just the ramblings of an Old Wizard Warrior.

Regards,
Don

[This message has been edited by Don Winton (edited April 28, 1999).]

From: ISO Standards Discussion
Date: Thu, 17 Feb 2000 07:09:31 -0600
Subject: Re: Making Effective Management Reviews /Hitchcock/Fairchild

From: Jamie Fairchild - weld-tech-engineering.com

Al,

I'm not sure exactly what you have tried thus far, but, here's what I did for what it's worth...

I asked each manager (functional and administrative) to develop a 5 min. overview for the yearly management review that addressed the following questions:
* What have been your quality successes?
* What are your quality measures?
* Where do you see opportunities for improvement?
* What are your training goals?

In my opinion, it worked out really well. Each manager got a little uncomfortable and nervous about being held accountable for quality in front of their peers. Most of the managers talked for more than 5 min. (that's good and bad). After that review, I have seen a significant increase in the personal commitment of each manager to quality, and a sense of personal accountability.

This list of questions addresses some of the key issues here. You could develop whatever questions seem appropriate for your organization.

Jamie

Some comments from the 'masters'!
-----snippo-----
From: Michael Dillon
Subject: Re: Q: Mgt Review Checklist /Gazley/Dillon
Here are some minimum guidelines, I am sure that others may wish to add to
this list......
1. Make sure that the appropriate Managers with executive responsibility
attend the review (don't send the Security Guard to sit in for the
President or the Quality Manager.)
2. Hold the review as often as needed (you decide when and how often, just
make sure you do it when you're supposed to)
3. Decide if your quality system is effective in meeting the ISO standard
4. Decide if your system is effective in meeting your quality policy
5. Decide if your system is effective in meeting your quality objectives
6. Review any actions taken as a result of implementing preventive actions
within your quality system
7. Keep documented records of the review that show who was in attendance,
when you held the review, what you talked about, results of the review
including any action items and determination of effectiveness of the system.
How you decide if your system is effective and what tools you use to determine this is up to you. There are many who will suggest that you should talk about certain topics such as internal audits, corrective actions, training, etc.. and these topics do carry a LOT of weight when reviewing effectiveness. It is also a good idea to share the results of the review with all pertinent managers and employees.
Good Luck...
Michael J. Dillon
RAB Quality Systems Lead Auditor
GeoQuest.slb.com

------snippo---------

From: shawnmewborn
Subject: Re: Q: Mgt Review Checklist /Gazley/Mewborn
Here is the generic agenda we put together to meet both our and the ISO requirements.
I. Overview of the Quality Management Review Process and Purpose
II. Status of Action Items
III. Review of Business Unit Metrics for the Quarter
IV. Status of Actions to Reduce Client Complaints
V. Results of Internal Quality Audits
VI. Corrective and Preventive Actions
VII. Open Discussion on Quality Issues
- QMS Effectiveness
- Survey Results
Roman Numeral I. would be done only the first/second time around.
Hope this helps.
shawnmewborn

-----snippo-----

From: "Lambert, Ron"
Subject: RE: Q: Mgt Review Checklist /Gazley/Lambert
Bare bones minimum.
Meeting minutes become a record. Records show the three A's ... Agenda, Attendees, Action items. Reviews are part of the ISO continuous improvement loop (w/corrective/preventive action and internal auditing.)
Ron Lambert
Internal audit manager

-----snippo-----

From: Bill Cox
Subject: Re: Q: Mgt Review Checklist /Gazley/Dillon/Cox
One important thing I'd add that nobody has mentioned yet is Resourcing.
Look at 4.1.2.2 and add an agenda item to Mgmt. Rev. to address whether this is being accomplished. Late audits, non-timely corrective actions, delinquent procedure updates, etc. are evidence of inadequate time/priority resourcing, and suggest mgmt. commitment may not be there.

Regards,

Bill Cox

One more for the road...

----snippo-----

From: ISO Standards Discussion
Date: Thu, 17 Feb 2000 07:09:48 -0600
Subject: Re: Making Effective Management Reviews /Hitchcock/Arbuckle

From: Don Arbuckle

This may not be the type of answer that you are looking for, but I will post it anyway...

First, if the top management team is not taking responsibility for the QMS, then you may be asking too much. Second, the fact that "***your*** present system defines ownership to the executive committee" tells me something right there... They probably view it the same way, specifically, "your" system.

I would suggest a talk with the top executive, behind closed doors. The conversation should *not* revolve about your feeling that the system is not supported, although that is where you want it to end up. Take the tack that the management reviews are not accomplishing anything productive, that they are a waste of time and no real improvement of the QMS happens there. (be prepared to explain why, using appropriate amount of detail and quotes from others...) See what he/she says. He/She will either agree or disagree.

If he/she agrees, remind them that the Mgmt Rev is an ISO requirement and that an ineffective Mgmt Rev places the registration at risk. Since it is a requirement, what can be done to make the review more effective? You might consider placing the Mgmt Rev process on the Corrective/Preventive Action system and see where it ends up. Do a *real* root cause analysis!! (suggestion: place it there as a preventive action so as not to frighten execs)

If he/she disagrees, then develop a plan to help the others on the staff "see" this person's vision. Use the previous ideas to help cement the concepts and actions into a comprehensive and effective review.

Either way, there will have to be a serious discussion with the top exec and then with the others. Explain how the QMS goes beyond QC and QA and demonstrate how improvements will add to the bottom line. $peak in terms that Top Mgmt understands - if you catch my drift!

BTW - I have used this as a consultant many, many times, but usually early on in the implementation, so we don't get part-way down the road and find out the QMS is not supported by Exec.Mgmt.

Good luck, and feel free to call if you have further questions...

Don Arbuckle
(623) 979-0732

From: ISO Standards Discussion
Date: Fri, 18 Feb 2000 05:15:45 -0600
Subject: Re: Management Review Record /Humphries/Naish/Humphries

Phyllis

> Could you please tell us what you consider to be the minimum a
> company must show for management review to show they are
> doing it and that it is effective based on the standard?

Actually, I can't. Not because I'm incapable, but because I'm unwilling to prejudge any interpretation as either complying or not.

I've seen too many ISO9000 implementations that comply absolutely with the letter of the standard, are bureaucratic monsters, totally irrelevant to the operations of the company, and totally incapable and ineffective in improving quality - some even have a deleterious effect on it. This has been particularly true for systems that match the "conventional" implementation we seem to spend so much time discussing on this list.

I've also seen some implementations that actually don't meet the words of ISO9001, yet are extremely effective, efficient, lean and relevant. For these, my approach has been to help the company express their methods in the right words to allow the auditors to see them as complying - often at a stretch.

As I've said on this thread, my normal suggestion to a client seeking to implement management review for the first time is to have meetings of defined senior managers at routine intervals, the meetings to have a written agenda based on a planned proforma, to be minuted, and to result in formal corrective actions - in fact, much what everyone else has been suggesting.

But I REFUSE to say this is THE way to do it: it's just that I haven't (yet) come across a better way. I might - and then my advice to my clients will change.

In the meantime, I will examine in detail (which I can't do in this list) every alternative system that is presented to me, and look for the opportunity to find it compliant, rather than the opportunity to prove that I know better than the client how to run their business (I don't). Where possible, I will use my skills in writing and my knowledge of ISO9000 to help the client make as few adjustments as are necessary to allow me to describe THEIR system in a way the auditors will find compliant.

I know I'm a bit of an iconoclast where it comes to conventional QA, but I can't help it; I am very suspicious about quality professionals who profess to have THE RIGHT answer - there simply isn't one.

Best Regards
Edwin

Blast from the past! (Soon to be called "This Old Thread!" for those who watch PBS)

Blast from the past! (Soon to be called "This Old Thread!" for those who watch PBS)
We used to have a yearly Management Review meeting. The agenda was lifted straight out of the ISO 9K requirements. Management saw very little value in that approach.

Today our Management Review is addressed by quarterly staff meetings held by our President. This meetings addresses QMS needs as a matter of business practice.

We'll have a chance to see how well this suits our registrar next week as we are audited for TL 9000 registration.

Jaime

Next week, eh? Good luck to you!! Make sure you let us know how it goes.