Audit Closure - Assigned actions

[rubbimeister]

Come from a UK based medium sized AS9100 D approved component Part 145 and 21G Aerospace firm.

One challenge my Audit team always comes across is ownership of findings and providing RCCA/Closure within the correct timescales throughout the organisation.

My team is constantly behind on Audit closures and is forever chasing others to provide sufficient RCCA within the timescales we have communicated during closure meetings.
Because the Audit team raise the findings it is misconceived that Quality Own the problem to fix - Am sure that I'm in the right place for people to appreciate this is not the case.

The team have run monthly RCCA Clinics to better engagement and offer support however these are poorly attended if at all.

In previous years (Prior to taking accountability of the internal Audit schedules) i've noted that Audit findings have been closed out without sufficient Objective evidence the previous Incumbent, with ambiguous RC and CA statements... really poorly filled out reports that have not addressed the problem which indicates a systematic issue, maybe cultural problem within the organisation..... that is now mine!

Can I ask if there are other Professional Quality colleagues on here that can offer some direction regarding how to turn things around?

What works best for engagement and finding ownership of findings then following these through to closure with the assigned colleagues.

What works in other organisations - how do you assign and hold people accountable?

 

[Jen Kirley]

Welcome to Elsmar Cove rubbimeister!

I agree that the QA people are not responsible for fixing the problems they identify. People within the organization may, however find themselves constrained to take ownership for any number of reasons, which could include (there might be others):

• They don't understand the requirement
• They don't understand/agree with the nature of the nonconformity
• The process is poorly defined and it feels overwhelming to address
• They don't understand root cause
• They think they are too busy
• They don't understand the CAR process or think it is too difficult
• There is confusion about who this should be assigned to
• Quality has always been "someone else's job"

Corrective action can be difficult. I used to wait outside the bathroom when I noticed particular managers go in there (yes really) and ask them, as they emerged, "Hi, what is the status of CAR #XXX?" Yes that is creepy, but it was sometimes necessary.

As a full-time Internal Auditor I used to spend a good deal of time with some process owners, to help them get through the CAR process. Sometimes I helped them make flow charts with which to better define the process based on its being too complex or wordy in a document. Is that going too far? Maybe, but as far as I was concerned it was at that point QA just providing the service of technical writing. It was still their process and procedure.

There is no type of osmosis that effectively works for problem solving. It can be very confusing, including the very term "root cause" because it implies there is only one "root" whereas there may be more than one. Man-material-machine-method-Mother Nature should all get considered and they often don't. So, many times a process owner does not go far enough and does not define a fix that would actually prevent recurrence. For these people, sit-down sessions were useful: we just went through the whole root cause analysis together with the intent of no further issues because "Repeat findings would be bad." Now, as a Supplier Quality Engineer I still sometimes do this for audit and parts nonconformity SCARs I issue. This is not a time for guesswork and our process is much more rigorous than most of them are used to.

I have found that going through this effort is worthwhile because it really does reduce repeats, and CAR owners get really frustrated with the back-and-forth rejections. It is like a game of 20 Questions, something we don't have time for in situations like these.

Once this definition is done, a realistic time frame for action and effectiveness check should get established. No single figure works, especially if additional resources are needed. I have had CARs stay open for more than a year because of their complexity and the need for resources. I ensured containment was in place and then kept a record of the actions, including meetings, to show auditors if they asked why this CAR was open so long; once I did that they moved on.

I hope this helps.

 

[rubbimeister]

Thanks Jen.

I can relate a lot to these tactics! It shouldn't be the case, however, comes with the territory, I guess!

Had hoped other organisations/Professionals had a tried and tested format so im not trying to re-invent the wheel, however!

Given the wheel does appear to need inventing on this topic I've created an 'Audit Batton' Concept based around the Plan, Do, Check, Act 8D approach. Within all organisations I've worked at, Audit actions are just questions in the ether - Nothing physically passes form one person to the next to define, document and assist colleagues to document and act upon.

This consists of around 8 pages in a limited editing format word document.

• 1) Scope, agreed timescales and Investigation oversight hyperlinks/instruction, team definition and Audit findings (Problem Statement)
• 2) Containment and tempory actions taken.
• 3) Identify RC
• 4) Identify CA
• 5) Implementation plan
• 6) Validate and recognise team.

The concept is simple - this document is owned by the assigned Auditee - following closing meeting Outlook invites are sent for the Quality Clinic closest to the due dates with the logic that the sheet 'Batton' is brought along to the clinics to discuss and verify progression/closure.

Fine tuning this so any thoughts appreciated.

 

[Sidney Vianna]

so any thoughts appreciated.

In most cases this would be excessive bureaucratic. While the risk of oversimplification of the RCCA determination is real, the risk of excessive effort/bureaucracy is also real. Keeping it simple can be a virtue in most cases.

 

[Bev D]

While a piece of paper (form) can provide some guidance to the uninitiated it is not really helpful without expert guidance. Jen is correct. Corrective action is a team effort. For all but the most simple findings (that usually can be resolved with a simple correction) the causal mechanism may be complex and cross several organizational boundaries. In my experience a successful QA organization m use not be modeled on the ‘police’ model. It must be a collaborative involved party in finding and resolving non-conformances, both procedural and technical.

 

[Mike S.]

What kind of corrective action process do you have?

Audit nonconformances trigger our standard corrective action process. Our CA process is set-up to handle anything from simple, small issues that can be fixed immediately and just noted in the appropriate place (in this case the audit report) to more complex issues where a formal CAR form is issued and tracked.

CAR statuses are reported on monthly to senior management (VP-level), so if someone is being irresponsible and not completing their CARs senior management has the visibility, authority, and responsibility to address the issue. I don't fight battles I cannot win. As a mere QM or QE I don't have the gravitas to make people do things, but they do.

 

[John Predmore]

I agree with @Jen Kirley, doing corrective action investigations, and doing them well, is difficult. Some people are better at assembling pieces of a puzzle, some are better at connecting the dots to solve a mystery, both induction and deduction thinking are required. In my mind, problem-solving is like rewinding the tape and playing it forward multiple times: what did happen, what might have happened, what should have happened, how would people know what happened, what would have been different if that other thing had happened...

In my organization we use a customized 8D form. I remind people the "D" stands for Discipline. Even for small problems, a disciplined approach produces more robust, lasting results. Doing a thorough job on early steps of the 8D (problem definition, containment, root cause) makes definition and actualization of subsequent steps (corrections and corrective action) more straightforward and more effective. I remember a sign on the wall in my first job: "If you don't have time to do it right, when will you find time to do it over?" The incentive for doing a thorough job on corrective action is your people will hopefully never have to deal with that particular problem again.

 

[RoxaneB]

Similar to Mike, I come from an organization where all CARs were in one repository, regardless of the source. Crappy product? CAR. Late delivery? CAR? Internal or external audit finding? CAR.

This helps with analysis later on - patterns, trends, items to showcase - and, as Mike said, highlights responsibility and accountability. If Manager X doesn't wish to be the centre of attention at the meeting, s/he might want to reach out for help in adequately addressing his/her assigned CARs.

With that being said, I rather like Jen's solution of creeping them outside the bathroom...