Audit Crisis - The entire management has left

D

Dan Larsen

#1
I've run across a situation that I'd like to offer for comment and input. The scenario involves a small company, currently registered to ISO 9002/QS, just finishing their first full year of registration.

In the last three months, the entire management has changed. Most recently the management representative has left. The company now faces a surveillance audit (their second). Ironically, the registrar is trying to arrange the audit for the same day the likely management representative is supposed to start.

The management is reluctant to announce the situation to the registrar, but doesn't want to fail the audit. After a very brief review of the scenario, I have a feeling that could happen. It appears that the new personnel haven't yet bought into the system, and I suspect an audit would indicate a system that has rapidly deteriorated.

My recommendations were:

1. Inform the registrar of the situation, don't hide it. Put a positive spin on it by letting them know that a replacement management rep has been hired, that an interim management rep has been designated, and that a consultant has been brought in to help smooth the transition.

2. Ask for a delay in the surveillance audit. Even a few weeks would help. The audit could be postponed up to four weeks and still be held within 15 days of the actual one-year-old registration. I say go for it…every bit of time will help.

3. Gap audit the system and immediately start coaching the new personnel in their responsibilities to the system, stressing that they have to up to speed quickly.

I'd be interested in hearing from others regarding how they would play this out. I'd also be interested in hearing from QS auditors regarding how they think the registrar will approach this.

I'll add two other observations. Personally, I don't think there ever was full company ownership of the system. I think the former management rep made it work. I also received information that would suggest that the management rep and the registrar auditor were on relatively friendly terms. This brings another question to mind…is it in the companies interest to ask for a different auditor at this (hopefully postponed) surveillance audit?

Thanks in advance.

Dan
 
Elsmar Forum Sponsor

Kevin Mader

One of THE Original Covers!
Staff member
Admin
#2
This is a tough one for sure.

When QS9000 certified, the problem goes beyond complying to an ISO9000 registration. It is no longer voluntary. You must comply.

My thinking is that the new administration needs to recognize the problem, decline the audit, and rework the System. Another Registration/Certification audit appears to me as inevitable.

Now if the circumstance is that the company may fold without the Customer Orders, then you may need to delay the audit and coach for success. The alternate is to contact the Customer, explain the situation, and take your chances.

Short on time and I have to run.

Kev
 
A

Al Dyer

#3
Talk about a rock and a hard place.

I think the only wat to go is to stall as long as possible while getting the new team up to speed then have the audit. Sure the company will take some lumps, but isn't that what is needed to get the attention of management.

As was said, there sounds like a lack of management support which might be the reason for the turnover.

A Management Representative needs to know the system but should not be expected to answer all questions during an audit, this is the role of department managers (and staff) with only support from the MR.

ASD...
 
D

DICKIE

#4
We faced a similar situation 2 years ago but had 6 weeks to prepare. Dans suggestions are right on the mark. By all means let your auditor know whats happening. Our auditor helped us delay as long as possible, and was very forgiving that first audit with the new management rep.
 
L

Laura M

#5
I jumped into a company like this a few months ago. Had about a month to prepare the learn the system and be management rep for a surveillance audit. The entire management team did not leave, but I could easily tell that the management rep force fed the majority of the work.

They were in an absolute panic when they 1st called me. Really made me realize how much they didn't know. Unfortunately the situation was clouded with overwritten procedures. I've been cleansing the system at the same time. They are seeing the light, but it's still at the end of the tunnel!

Anyway - the registrar should absolutely accomodate. There is no reason that the company has to take the date the registrar gave them, is there?
 
#6
Dan, IMO,
1- Read your contract with your registrar. Some registrars do not allow cancellation of a scheduled audit. Due to a lack of auditors it is very difficult to re-schedule. Some will also charge you a hefty cancellation fee.
2- Be up front with your registrar/auditor. Tell them exactly what has happened. I haven't come across an auditor yet that isn't willing to help out in a tough situation.
3- You can only receive a "Major" for a complete breakdown in the system. Do you see a complete breakdown?
Lack of management in itself does not constitute a complete breakdown; sometimes it helps. (sic)
4- As is the case in most companies management doesn't listen very well to the people it hires to do the job. May be that your company needs to hear the words
"effective this date you will be on probation" from your auditor.
Any way, good luck with your challenge and let us know what happens.
 
D

Dan Larsen

#7
I want to thank all for the feedback. I decided to take on the job, and we'll see how it plays out (I guess I enjoy the challenge!) I figure I'll either "crash and burn" or "create a silk purse from a sow's ear" (excuse the choice of metaphors…it's late).

We're going to start with an audit of the system as it stands. I suspect there are going to be issues that could easily be considered "major" based on the inside info I'm hearing. I'm not sure yet about moving out the audit…that remains to be seen. It appears the company is still hesitant to "publicize" the situation by seeking a delay (or letting customers know). With the economic situation, they're trying to provide a strong appearance to the customer base.

My plans at this time are to provide a fair and honest (as always <smile>) audit of the system. If things aren't good, they'll be told, and we'll take it from there. I'm still pushing to let the registrar know the situation, but until the audit (my audit) I don't think it's going to happen.

I appreciate Carl's comments about using the same auditor, and I've been going back and forth on this. One the one hand, she knows the system. On the other, she may have a vendetta for the company (possibly well founded, but…). Granted, there are appeal channels to follow, but would the current situation taint the company's position? I'm still open to feedback on this issue.

As I said, I've accepted the task and we'll see how it plays. The feedback has been helpful and I appreciate it. I'll try to keep you all posted.
 
C

Carl Keller

#8
Dan,

The company I left in January is going to be faced with the same situation in April and I have wondered how they will handle it. Both myself as the Quality Manager and the ISO Coordinator/Management Representative left on the same day and they have not replaced us yet. Some questions I would pose as a Registrar are: Why did management not provide adequate resources? Why did it take so long to hire a replacement? This would seem to be a problem with timeliness of corrective actions. What are you going to put in place to insure that the situation does not occur again? If it has only been a short period of time, there should be little effect on a robust system. If the new personnel have not "Bought in" to the new system, then the company probably should fail the audit. I agree with most of the comments posted above, be up front with the Registrar and be ready to answer why the system is not up to 100% compliance and when you expect that it will be. I would use the same auditor and if I thought any funny business was going on, I would scream loud enough for RAB to take due notice.

Tough one, good luck to them.
 
F

Fire Girl

#9
Laura M

That's exactly how I got where I am now. This company called me and said they need a little help with their implementation. I asked if they had procedures in place, and they assured me yes. So I told them it shouldn't take me long to get them certified. They had a consultant working for them. Anyway, I didn't think they had much in place and I had a lot of work to do. I did get them certified but it was no small task, I assure you. I find that it is best to be honest with your registrar. I've called to tell them we just can't have an audit that day. They are usually quite understanding.
 
D

Dan Larsen

#10
Well, here's the update as promised.

The gap audit suggested the possibility of two areas where I felt majors could be declared...4.1 and 4.2. Management Responsibility was weak primarily because there was no one remaining from the old guard; there technically was no Management Rep and no QA Manager. Responsibilities for all sections was poorly defined and no one was clear as to what their responsibilities were. The quality system lacked because the new guard was making changes that weren't being documented. In addition, the whole quality planning system was not being followed and had stagnated for close to six months.

The company responded by assigning the NR responsibility to a young guy on the staff that interacted extensively with all levels (his assigned responsibility is an expeditor) and he seemed to have a good sense for the customer and had the internal respect needed to do the job. Another older gentleman was designated the interim QA Manager.

We reviewed and revised the policy manual to clear up responsibility assignments (a new org chart was included), and a matrix for procedural responsibilities was created. We got what I felt were key procedures out to appropriate personnel for review.

Production people were given copies of the existing control plans and FMEA's along with a crash course (one on one) as to what they were and how they are used. They immediately started reviewing existing processes against the plans that were documented.

Meanwhile, I coached the new MR in the overall value of QS and how the internal audit system and CPAR system are key elements. We reviewed all existing open CPAR's (there were about ten) and proceded to reissue them. We decided to use my gap audit as an internal audit for the first three months of the year, and issued about six more corrective actions based on my audit.

We reviewed and revised a number of procedures, concentrating on the procedures that I felt were critical (internal audit, corrective action, and all procedures for the sections that were up for audit this cycle).

The designated MR was an extremely fast learner, and he did a good job of following up on the inside.

While we were doing this, the registrar indicated they would push the audit out to the end of April or early May. We then got a gift when the auditors couldn't be scheduled for an audit until May 24th.

The six weeks were useful. Two days before the registration auditors came in, I performed a coaching audit with key personnel. I reported I felt they could expect between ten and fifteen findings, none of them major. They decided to sell the system as one in a state of flux as the new personnel were coming on-line, using the items that were strengthened as evidence of commitment.

It played to plan. Twelve audit hours by the registrar, thirteen findings (most involving minor documentation issues), no majors, and only a little bit of a threat ("Remember, you can't play the new kid excuse at the next six month audit" [paraphrased]).

All in all, a success.

Thanks for the support.

Dan
 
Thread starter Similar threads Forum Replies Date
S Scheduling a Crisis Management Audit? Reasonable Request? Internal Auditing 2
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
M Supplier Audit Report - Template for second party audit wanted Lean in Manufacturing and Service Industries 1
Stefan Mundt AS9100D Major nonconformity due to recurrence of a NC during a subsequent CB audit. AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 1
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
Q ISO 9001:2015 man days for surveillance audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
F ISO 13485 - EU countries that could request another audit ISO 13485:2016 - Medical Device Quality Management Systems 2
H Layered audit updates after COVID-19 shutdowns Process Audits and Layered Process Audits 0
L How to deal with an ISO 13485 Supplier Audit nonconformance ISO 13485:2016 - Medical Device Quality Management Systems 17
M Description of the requirements of clause 9.2.2.3 manufacturing process audit- needs your feedback IATF 16949 - Automotive Quality Systems Standard 0
Armen Conflict of Interest if I audit the QC department? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
V Generic IATF 16949 Audit Checklist wanted IATF 16949 - Automotive Quality Systems Standard 3
A NB (Notified Body) Audit of Standards ISO 13485:2016 - Medical Device Quality Management Systems 3
N Audit non-compliance - API Spec Q1 9th Ed 5.6.1.2 b Oil and Gas Industry Standards and Regulations 10
M Any way to execute VDA 6.3 audit remotely? VDA Standards - Germany's Automotive Standards 1
D Audit for ISO and AS 91XX and mitigating exposure to COVID-19 AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 14
D Postpone IATF 16949 audit due to COVID-19 IATF 16949 - Automotive Quality Systems Standard 33
JoCam Certified Body Audit of MDR requirements EU Medical Device Regulations 4
D Do non-IATF customers need to be included in audit scope? IATF 16949 - Automotive Quality Systems Standard 23
Ajit Basrur Track audit findings on Excel tracker Excel .xls Spreadsheet Templates and Tools 9
N Small Company - Internal audit process - Who does the audit? Internal Auditing 4
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
Watchcat Anyone had an MDR technical file review/audit yet? EU Medical Device Regulations 13
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11
M Has anyone has been through an MDR audit? (3/2020) EU Medical Device Regulations 1
J Audit Finding For Not Retaining Test Results ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
T ISO 27001 sample audit report IEC 27001 - Information Security Management Systems (ISMS) 0
D API Spec Q1 9th Edition # Re-audit - Disputing with API AARs Oil and Gas Industry Standards and Regulations 2
Ajit Basrur Withdrawal of Audit Report Supplier Quality Assurance and other Supplier Issues 3
M Definition Open Audit - What does an Open Audit mean? Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 3
I What kind of wine best complements the Friday that you close out your external audit findings? Opinions are welcome. Coffee Break and Water Cooler Discussions 12
A IAF MD 5 - Audit Days calculator General Auditing Discussions 2
Jacquie Collins Stage 2 Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
A FDA and NB audit of Engineering Drawings in DHF and DMR. Medical Device and FDA Regulations and Standards News 1
K Counterfeit parts prevention - Audit Nonconformance - AS9100 8.2.2 AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 25
classical_quality AS9100 Surveillance Audit - advice on drafting strong responses AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 11
V Iso13485 certification vs CE technical audit ISO 13485:2016 - Medical Device Quality Management Systems 3
M MSDS process audit - Can any one give idea for checklist of the same Occupational Health & Safety Management Standards 14
shimonv Rigid rules for handling supplier audit findings ISO 13485:2016 - Medical Device Quality Management Systems 11
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
W Non-Conformance from recent Audit carried out on Purchasing AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 11
G Best Practices for IT auditing - Is a session-id necessary for a complete audit trail? IEC 27001 - Information Security Management Systems (ISMS) 0
B CQI-11 (Plating Audit) - New revision updates IATF 16949 - Automotive Quality Systems Standard 0
Raffy ISO 14001 9.2.2 Internal Audit Programme Content Internal Auditing 3
Q To raise a NC beyond the audit scope? Two signatures were missing ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
E Received a Major finding during IATF Surveillance audit for loss of BIQS Level 3 (more than 6 SPPS in 6 months)...how should we address SYSTEMIC CA? IATF 16949 - Automotive Quality Systems Standard 11
N Internal Audit Schedule – Who gets to set the schedule? Internal Auditing 16
V IATF 16949 9.2.2.1 Internal Audit Program - "Process Changes" IATF 16949 - Automotive Quality Systems Standard 11
K Differences between Manufacturing Process Audit & Layered Process Audit Lean in Manufacturing and Service Industries 4
N Customer asking if their notified body can audit us ISO 13485:2016 - Medical Device Quality Management Systems 5
Similar threads


















































Top Bottom