5 Why RCA for failure to test Contingency Plan

Vader22

Starting to get Involved
Seeking help concerning External Audit Finding Root Cause Analysis. Trying to come up with a 5 why and I am struggling because it is basically something that we just didn't do. W1: Didn't fully understand the requirement in the standard. W2: We are dumb????? I know this isn't acceptable, but an audit finding can just be something that you just didn't do for no apparent reason. Thoughts...............
 

Vader22

Starting to get Involved
STANDARD CLAUSE
6.1.2.3 Contingency plans

REQUIREMENT
The organization shall:
a) identify and evaluate internal and external risks to all manufacturing processes and infrastructure equipment essential to maintain production output and to ensure that customer requirements are met;
b) define contingency plans according to risk and impact to the customer;
c) prepare contingency plans for continuity of supply in the event of any of the following: key equipment failures (also see Section 8.5.6.1.1); interruption from externally provided products, processes, and services; recurring natural disasters; fire; utility interruptions; labour shortages; or infrastructure disruptions;
d) include, as a supplement to the contingency plans, a notification process to the customer and other interested parties for the extent and duration of any situation impacting customer operations;
e) periodically test the contingency plans for effectiveness (e.g., simulations, as appropriate);
f) conduct contingency plan reviews (at a minimum annually) using a multidisciplinary team including top management, and update as required;
g) document the contingency plans and retain documented information describing any revision(s), including the person(s) who authorized the change(s).

The contingency plans shall include provisions to validate that the manufactured product continues to meet customer specifications after the re-start of production following an emergency in which production was stopped and if the regular shutdown processes were not followed.

STATEMENT OF NONCONFORMITY
The organization's process for conducting contingency plan reviews (at a minimum annually) using a multidisciplinary team including top management, and update as required, periodically test the contingency plans for effectiveness (e.g., simulations, as appropriate) was not effective.

OBJECTIVE EVIDENCE
Documented information for annual review of contingency plans and periodically testing of the plans was not available.
 

John C. Abnet

Teacher, sensei, kennari
Leader
Super Moderator
W1: Didn't fully understand the requirement in the standard. W2: We are dumb?????

Good day @Vader22 ;
Impossible for "us" to know all the details and develop the 5whys for your organization. However, I would offer...

W1- Documented information for annual review of contingency plans and periodically testing of the plans was not available.
W2- No evidence was collected
W3- No testing was performed
W4- Leadership failed to plan the required testing
W5- Responsible individual(s) were not aware of the testing requirement

W6- ?..process owner was not assigned ??
W6- ?..process owner did not communicate and roll requirements into annual planning activity??
W6- ?..process ownership had changed and change point control is missing the training aspect?
W6- ?....org chart is not linked to a list of curriculum for each position on the org chart, therefore, when process owner changed, new process owner was not made aware of work instructions/procedures specific to his/her responsibilities ???


Obviously, there are numerous guesses/assumptions being made in this example.

Hope this helps.
Be well.
 

AMIT BALLAL

Super Moderator
Ask further whys such as why this particular requirement wasn't known?

Whether this clause/few clauses were missed to understand properly.
Whether the system was designed with the help of a consultant, hence you didn't go through the standard properly.

Whether this is the first audit to IATF16949. If yes, there can be certain gaps, since it takes time for the system to get mature.

If the system is old, you can check whether the internal audit program is effective to identify such gaps earlier.


These are some sample answers to your why. Please check if any of these is the answer in your case. If yes, you can consider that reason for the further why-why analysis.
If you are still stuck up, please post for further discussion.
 

Jim Wynne

Leader
Admin
Seeking help concerning External Audit Finding Root Cause Analysis. Trying to come up with a 5 why and I am struggling because it is basically something that we just didn't do. W1: Didn't fully understand the requirement in the standard. W2: We are dumb????? I know this isn't acceptable, but an audit finding can just be something that you just didn't do for no apparent reason. Thoughts...............
You say "...it is basically something that we just didn't do" Does this mean that you were aware of the requirement, but for whatever reasons there might be, it didn't get done? Or do you mean that there was no awareness of the requirement?
 

Mike S.

Happy to be Alive
Trusted Information Resource
Consideration of, and answers to Amit's and Jim's questions will help us understand your situation better.
 
M

malasuerte

Seeking help concerning External Audit Finding Root Cause Analysis. Trying to come up with a 5 why and I am struggling because it is basically something that we just didn't do. W1: Didn't fully understand the requirement in the standard. W2: We are dumb????? I know this isn't acceptable, but an audit finding can just be something that you just didn't do for no apparent reason. Thoughts...............

Specifically to your question: No. There is a reason it was not done. So your RCA should now help to figure out the best RC.

Johns 5W above is pretty solid. You could do multiple 5W: Technical, QMS, and Management - each one may provide some insight.

Disclaimer: Random thoughts in general only! Why would you not test your contingency plans, period? How would you know they work (or up to date, or people understand what to do, etc) without testing? I am jumping, but it sounds like the co. doesn't understand what it means to have a BC or contingency program. Then maybe you extend that to the organization didn't plan correctly for it or understand the requirements and ensure expertise to implement, etc.
 
Top Bottom