Auditors are trying to drive this business

[kgott]

kgott,

You have feedback from your customer. Treat it as a potential customer complaint. Your organization's preventive action should involve the customer to determine the magnitude of their concern.

Do not ask for any further input from the auditor. Build all round confidence in your management system.

Unknown to you the auditor may have had an audit objective from your customer that required audit of this particular part of your management system against criteria also unknown to you.

As part of your preventive action with your customer you may open up a channel for communicating any additional customer requirements. You can then update your management system to manage such customer-requested changes including any changes to your prices.

The customer may then tame its auditors so both parties are working to the same contract.

John

Thanks for that John, it's something I had'nt thought of. It's also just occured to me that perhaps I have read their finding the wrong way.

Perhaps what they are saying is that our documentation does not say that in the event of a significient incident an approved investigation methodology will be used, even though I have said that orally.

thanks

 

[Wes Bucey]

Thanks for that. No, the report stated "No documented evidence that all significant incidents are investigated using approved investigation methodology." -k

Interesting! What is the criterion for "approval?" Customer's approval? Is it in the contract? Is the approval an advance checklist or is it ad hoc on a case by case basis? According to a pre-agreed methodology? If so, what are the details? When was it agreed? When will the methodology be reviewed for renewal/amendment/discard?

It still all comes down to "Show me the shall!" Auditor or customer must cite chapter and verse of WRITTEN criteria to declare nonconformance. Unless the contract says in writing the supplier must adopt unilateral OFI as process (without negotiation), supplier's top management must either knuckle under or show some spine when presented with such an "or else" statement by the outsourced auditor.

 

[immaya08]

news about Apple's supplier - Foxconn were all over the dailies, 2012. your customer would just want to avoid being in the lime light, should they miss their suppliers' activities. this is part of supply chain risk management. no need to become ballistic about this finding.

 

[kgott]

Interesting! What is the criterion for "approval?" Customer's approval? Is it in the contract? Is the approval an advance checklist or is it ad hoc on a case by case basis? According to a pre-agreed methodology? If so, what are the details? When was it agreed? When will the methodology be reviewed for renewal/amendment/discard?

I found this:
[FONT=&quot]

Interesting! What is the criterion for "approval?" Customer's approval? Is it in the contract? Is the approval an advance checklist or is it ad hoc on a case by case basis? According to a pre-agreed methodology? If so, what are the details? When was it agreed? When will the methodology be reviewed for renewal/amendment/discard?

[/FONT]

[FONT=&quot][/FONT]
[FONT=&quot][/FONT]
[FONT=&quot]This is the customers documented requirement.[/FONT][FONT=&quot] - 'There must be a procedure for the management of all incidents. It must include reference to the appropriate methodologies for a) xyz and b) investigating.' I cannot find a reference to the [/FONT][FONT=&quot]'appropriate methodologies ... for b) investigating' in that same document anywhere.
[/FONT]
[FONT=&quot]
[/FONT]
[FONT=&quot]This was the auditors actual finding. ?No documented evidence that all significant incidents are investigated using approved investigation methodology.[/FONT]

[FONT=&quot][/FONT]
Unless as I said above, I have miss-read their meaning in that they are saying there is nothing in our documentation stating that in the event of a significent incident we would use an industry recognised investigation method, then I'm going to have to do some more research on the customer documentation and seek some clarifications on the customers standard which all this comes from.


One of the problems I am up against is that we are minows and the customer is a monolith and I have to take that on board but I'm just wondering how to advise the MD in this matter. I don't see that I can do much more until the MD returns and then its his call.
[FONT=&quot][/FONT]
[FONT=&quot]
[/FONT]

 

[kgott]

Interesting! What is the criterion for "approval?" Customer's approval? Is it in the contract? Is the approval an advance checklist or is it ad hoc on a case by case basis? According to a pre-agreed methodology? If so, what are the details? When was it agreed? When will the methodology be reviewed for renewal/amendment/discard?

It still all comes down to "Show me the shall!" Auditor or customer must cite chapter and verse of WRITTEN criteria to declare nonconformance. Unless the contract says in writing the supplier must adopt unilateral OFI as process (without negotiation), supplier's top management must either knuckle under or show some spine when presented with such an "or else" statement by the outsourced auditor.

After reading the customers standard I can see that I'm going to have to research their documentation more to find where the approved methodolgy is defined in the customers documentation.

One of the things the auditing company has not done is stated the 'shall' by quoting the customers text and then placed their finding near it so that we can see the 'shall' and their finding together. I see this as being a little unprofessional.

The difficulty for me is that at worst the auditing company is, IMO, drawing conclusions they have insufficient evidence to draw about our processes unless, they are referring to our documentation only. In addition I think they are trying to push us into what they regard as best practice, something they have no right to do.

The other factor as John indicates to is that we are minows and the customer is a world wide monolith and I'm sure the MD will be sensitive to.

 

[Wes Bucey]

After reading the customers standard I can see that I'm going to have to research their documentation more to find where the approved methodolgy is defined in the customers documentation.

One of the things the auditing company has not done is stated the 'shall' by quoting the customers text and then placed their finding near it so that we can see the 'shall' and their finding together. I see this as being a little unprofessional.

The difficulty for me is that at worst the auditing company is, IMO, drawing conclusions they have insufficient evidence to draw about our processes unless, they are referring to our documentation only. In addition I think they are trying to push us into what they regard as best practice, something they have no right to do.

The other factor as John indicates to is that we are minows and the customer is a world wide monolith and I'm sure the MD will be sensitive to.

It certainly sounds as if the auditor was taking his role as the CUSTOMER'S AGENT to heart, in which case they do have a "right," perhaps even an obligation, in the customer's own self-interest, to push suppliers into best practice. I did with MY suppliers, but I was a lot more "diplomatic" in making it seem as if I was "HELPING" them become more efficient and thus more profitable.

Frankly, without being on the spot to observe for myself, the most I see this auditor guilty of is being rude and insufficiently documenting his reasoning. He may very well be wrong. The one thing missing from your account is a transcript of the Q & A session during the closing meeting at the end of the auditor's visit, where many of the ambiguities might have been eliminated BEFORE the report was written. If there was no closing meeting, why was the auditor allowed to leave? I have suggested a course of action in responding without ranting in one of my earlier posts.

Remember, this is ONLY a report, not a cancellation of a supplier contract. There has been no injury, except to your sense of fair play. You are given a chance to respond in manner which makes your case and you may, after due consideration, even adopt some of the suggestions, albeit with some heavy editing.

 

[Big Jim]

Something to temper your thoughts as you deal with is the old bromide of "the customer is always right", which most of know isn't completely true. Handle this situation somewhat carefully, because as often restated "the customer isn't always right, but he is always the customer".

Find a diplomatic way to deal with this that doesn't jeopardize your relationship with the customer.

Does the auditor expect you to reply directly to the observations before he returns? If not, one possible solution would be to create a response for your records showing your extensive investigation, including the fact that you could not find a requirement for what he cited, and show some reasonable logic for why it doesn't fit your companies needs.

That way, the auditor may see it at his next visit (if he returns, those things tend to change), he will see that you have done your homework, and he will need to decide if he is willing to push for something that he is mistaken about. He would probably dig a pit for himself if he tried.

Best of luck with this. Find the least obtrusive way to deal with it, put it to bed, and quite loosing sleep over it.

 

[kgott]

Something to temper your thoughts as you deal with is the old bromide of "the customer is always right", which most of know isn't completely true. Handle this situation somewhat carefully, because as often restated "the customer isn't always right, but he is always the customer".

Find a diplomatic way to deal with this that doesn't jeopardize your relationship with the customer.

Does the auditor expect you to reply directly to the observations before he returns? If not, one possible solution would be to create a response for your records showing your extensive investigation, including the fact that you could not find a requirement for what he cited, and show some reasonable logic for why it doesn't fit your companies needs.

That way, the auditor may see it at his next visit (if he returns, those things tend to change), he will see that you have done your homework, and he will need to decide if he is willing to push for something that he is mistaken about. He would probably dig a pit for himself if he tried.

Best of luck with this. Find the least obtrusive way to deal with it, put it to bed, and quite loosing sleep over it.

Thanks for that, what I have done is defined a 'significient incident' in our documentation. The problem is that the customer has also defined "significient incident' in their documentation which I have to find and read. My fear is, is that next time round it will be a case of "you have to comply with the customers definition of 'significient.'

I know this is also wrong but what is happening here is that the big players are effectively pushing their systems on their suppliers. These big players are saying 'we only want to do business with suppliers who are in close alignment with our goals and objectives (read as 'use our systems'.)

For example; the big international O&G and mining players are big on behaviour based safety so in order for a supplier to demonstrate they are in alignment with the big customer, they have to take on behaviour based safety and begin doing 'safety observations' within their own busienss. There is even some pressure to push it onto ones own suppliers.

Our problem is that we cannot run multiple management systems for each client so we try to have a system that incorporates the requirements of most customers. We then use a management plan to account for the differences in each client.

By developing our own definition of 'significent' I am trying to hold the line.

 

[somashekar]

By developing our own definition of 'significent' I am trying to hold the line.

For me continued business is the most significant aspect I will work for, and in the process if I have to match to higher or stringent levels, I will strive to do it.

 

[Bretto]

@kgott

Sorry to come in late and somebody may have already said this and I have missed it.

The way I interpreted the auditors first comment was not about the fact that you had no significant incident in the last 12 months but you did not seem (at least to the auditor) have any documentation of exactly how you will investigate should an incident actually occur.

Is this the case or have or the auditor missed something?