QMS for Life Sciences
Elsmar Cove Forum Sponsor

Auditing Top Management - Meeting Competency Requirements and Questions to Ask

L

LMills

#1
Hello to all, I'm currently an auditor in training for both ISO 9001 and ISO 14001. Worked extensively as internal audit in former company but learning how to work with third party registrar.

One area i've had a bit of a problem with in meeting competency requirements. In 5 Management clauses i can obtain evidence via interviews with QMR and others, reviewing QMS requirements as per 4.1, quality policy, quality objectives, etc. But in interviewing top management to discern their commitment what is the best approach for obtaining evidence--of course you can ask if they are committed to the QMS but not wanting a yes/no answer, need to have them elaborate. Any suggestions? Thanks!:bigwave:
 
#2
One area i've had a bit of a problem with in meeting competency requirements.
IMHO - Process owners do their process. Top management designs the process to meet requirements. Internal Audits challenge the plan's ability to meet requirements, and then further challenges the process.

I hope to ensure that the process owners at my organization are aware of the tools in our QMS, including Process Identification and Interaction, Quality Policy, and Quality Objectives, and to be able to identify their process within the identification method (in our Quality Manual), and identify their relevant Objectives on the Objective Report.

I hope process owners can point to the strategic goals, as discussed in management review. I hope they are aware of their process's impact on the other processes.

I hope process owners can explain their process controls, as spelled out in our documented information, and demonstrate adherence to requirements of our procedures, and creating sufficient documented information as objective evidence.

If the process is found to be non-conforming to requirements, we as top management, with me in the lead, failed to plan and assess the process in accordance with all the requirements.
 

howste

Thaumaturge
Super Moderator
#5
The ISO 9001 Auditing Practices Group (APG) has a guidance document on auditing top management. It can be found on their website here (search for "top management") or here is a direct link to the document.

I tend to ask a lot of open-ended questions to get them talking about the company, their role, and their commitment and support for the required activities. As far as specific questions to ask, there are too many to list, but here are a few to start with:

What do you consider to be the most important metrics that you look at?
What do you see as the purpose of the QMS in your company, and how does it fit into the business?
How's business?
What challenges are you facing right now?
What do you see as your role in the QMS?
What are you personally doing to support the QMS?
Are you getting the information that you need from the metrics and internal audits? (If not, what would you like to see?)
I noticed that the trend for the X metric is going the wrong way - what is being done to get it back on track? (You can also ask specific questions about any issues identified in management review, internal audits, or recent metrics...)
Are there some (ISO 9001/14001) required activities that you'd get rid of (they don't see as value-added), if given the option?
Etc...
 
L

LMills

#6
Those are great questions to start with...thanks! I have used the APG guidance documents before on a number of topics, they have been very helpful. :)
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#7
Listen to Howste. :agree1: And consider pursuing your competency requirement verifications for those with more direct impact on product/service quality. Top management can be dealt with in accountability and adequate resourcing.

That said, the organization is not off the hook as the new standards (you did not specify which one you were referring to) are including a blurb about managing change and that does include organizational change; and then there's risk management, which is absolutely a factor when the organization places poorly qualified persons in responsible positions. For this I would audit the process and ask if there is a means to identify, assign and prepare managers for succeeding in key roles.

This could include soft skills, though that wouldn't merit more than an OFI if a gap is recognized without clear affect on QMS performance or product/service quality, or system compliance with regulations. Too often I have seen people get promoted based on their technical prowess and stink at leadership & management.
:2cents:
 
L

LMills

#8
Thanks Jen--I'm referring to the ISO 9001:2008 standard, will be a candidate auditor next week for 2.5 day surveillance and and recert for ISO 9001:2008 for 3.5 days after that. And yes, i have seen first hand evidence of people promoted with tech skills but completely lacking leadership and management capabilities :)
 
#9
Audit the top management as a process - following process approach.
Process map / Turtle chart specified in Quality manual of your organization might help. Otherwise you can prepare a turtle chart by collecting following information. And then audit each element of the turtle chart finalized.

Start with asking about which activities being performed by top management (Might be like Business planning, budgeting, etc.). - This will become part of your process. [PROCESS]

Then ask what are the outputs out of the process/activities. (Outputs would be like Business plan for business planning, Budget for YearXXX, etc.) [OUTPUT]

Then ask/determine what inputs are required in order to perform the activities. (Inputs would be like Balanced scorecard for Business planning, Financial statements of previous year for Budget of current year) [INPUT]

Then ask how these activities are being done. Eg. How do you do Business planning, which elements are being considered. [PROCEDURE].

Then ask how effectiveness and efficiency of their process is being measured.
[MEASURES]


:2cents:

Thanks,
Amit
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#10
Thanks Jen--I'm referring to the ISO 9001:2008 standard, will be a candidate auditor next week for 2.5 day surveillance and and recert for ISO 9001:2008 for 3.5 days after that. And yes, i have seen first hand evidence of people promoted with tech skills but completely lacking leadership and management capabilities :)
I am wondering if we are talking about two separate things: commitment and competency in upper management.

The higher the level in the organization, the less competency evidence will resemble that of the people at the process level. Let's keep in mind 6.2.2 says "determine the necessary competence for personnel performing work affecting conformity to product requirements."

Commitment is reviewed in a triad of documentation, verbal inputs by auditees and what auditors physically observe. When interviewing top management, one can ask what's new since the last audit, what has been done that they are most proud of, and what they see for challenges ahead. What they say can be compared to how the rest of your auditees verbalize - you can ask them how their managers make sure they get what's needed to do a good job - and what you see when you go about the place. If these things tend to "line up" then one can say one has verified management commitment.
 
Top Bottom