Fast growing small O&G Company QMS implementation - My path forward

S

SubSeaQC

Greetings!
Many thanks to all in advance as I've been using this site for some excellent reference material.

Brief History:
Small oil and gas industry design/manufacturing firm with ~30 employees that is growing exponetially (+20% year 1-2, +300% year 2-3, forecast is +400% for 3-4 with us refusing work). I was brought on board in July of last year to compose and implement a quality program. After reviewing the business processes, I composed a "cookie cutter" ISO 9001:2008 program to have "something". I then began work on a detailed process based program. In Nov of 2011, we underwent a comprehensive audit by a potential client during which we committed to ISO certification (the previous goal was to be "compliant, yet not undergo the formal auditing".

Question 1: During the process based QMS program composition, I discovered many shortcomings as there was no process in place. Should I document these as corrective actions to present to the ISO registrar?

We did receive positive feedback from our customer audit team which provided the additional "enforcement" that I needed to get this program completed and implemented. There really isn't resistence at all to the processes as the department leads are fully integrated into the process definitions. Once the processes were complete, I held a formal "introduction to QMS" meeting with each process group. I am currently finishing up our first "formal internal audit".

Audit Results:
Control of records/documents - we are not 100% there as the electronic document control software is being integrated. Are the QMS documents controlled? Absolutely.

NCR's- Once explained, we are now starting to document our issues rather than simply fixing them and moving forward.

CAR/PAR- Processes are defined, few records at the moment.

We have identified our registrar of choice based on industry recognition. They are most certainly going to take their sweet time. I've opted for a pre-audit gap analysis in efforts to gain some additional insight in the event that I've greatly missed anything or interpreted the ISO specification incorrectly.

Question 2: Audit schedule. Is this simply a chart which shows which portions of the QMS are to be audited and when?

Question 3: What is the formal name to the document created to audit against? (I.e. the list of questions)

Process overview:
Contract Review
Design/Engineering
Purchasing
Manufacturing (we do not manufacture anything in house)
Receiving/Assembly/Test (we do however assemble and perform factory acceptance testing/certification of all equipment in house)
Quality/Continuous Improvement

I have created process flowcharts for the above showing the workflow and document flow. The meat and potatoes of the QMS manual describes the contents of these diagrams.

Question 4: Is this redundency? My thoughts were that both were needed to show the tie between the flowcharts and the ISO specification sections.

Management Review:
A meeting agenda is prepared to address Quality issues which is presented/discussed weekly at our management meeting. Currently this is to provide an updated to the QMS program implementation status. In addition, a project quality summary report is also presented and discussed in the weekly production meeting. Meeting attendees are nearly the same. Agendas/notes/sign in sheets are stored securely on the shared server. The formal audit report shall command a seperate meeting to allow for documentation of it's occurrence.

What am I missing?
I have a process and applicable forms created with revision #'s and dates, all of which are available as read/print only to all employees. Our design drawings are secured. Our engineering reports are secured. Special processes are defined (welding, coating, forging, etc.) and monitored with submittals, ITPs, internal and external inspectors. All design/engineering "product realization" files are maintained by the lead designer in a "project binder" which is an evergreen document which fulfills our interpretation of the ISO requirements.

I'm either on the boat or ears deep in sharks!

Many thanks in advance!

Robert
 

Jen Kirley

Quality and Auditing Expert
Leader
Admin
Good day Robert, welcome to the Cove!

Congratulations on your success so far! I have some answers to get this discussion started.

1) You can write nonconformances if the things you find were discovered during an audit. If you found issues through your own reviews based on management analysis, what is the point of writing NCs? A NC process is kind of a formal affair. Right now it seems to me you are still dialing this thing in, so to speak.

I would absolutely keep records of your gapanalyses, review and the results, even though they are not formal, typed etc. Once processes are formed to your satisfaction and running for some months you can schedule an audit for them. In the meanwhile your records of your reviews and gap analyses can show you are looking for and correcting issues internally.

2) An audit schedule does not need to be a complex affair. There are many threads here on audit scheduling, complete with attached examples. Try a search using the yellow Search link in the blue tool bar above, and/or a search in the Post Attachments List (see the green button in the header).

3) My group schedules audits by process type such as "Document Control" or "Training" or "Corrective Action" so as to make it clear what is being covered. There is no single right or wrong method through. Whatever works for you.

4) I love flow charts, which are high level overviews, for helping the more detailed procedures/manuals make overall sense - and especially for tying multiple documents together into a subject like "Material Control" I do not think they are redundant, in fact I will often have a flow chart of a process as an attachment in the procedure itself.

5) Management Reviews don't need to always look at the same things - they don't even need to always be in-person meetings. But they do need to cover everything required by standard and your own organization within a period your organization defines. Meeting minutes aren't required, but some evidence of the decisions and who attended is expected in order to "prove" everything has been taking place. If not meeting minutes, then maybe emails and/or you could use a descriptive summary as the introduction to the subsequent Management Review. Just an idea...

From here it is hard to see what you are missing. If you want a second opinion you might reach out to peers in professional associations and see if they would like to exchange visits for the benefit of another pair of eyes. You could also contact your area university, it might have a program or interested professor who could have a look.

I hope this helps!
 
S

SubSeaQC

Jennifer,
Many thanks for taking the time to reply! I have tied a process flow diagram to most everything as a "high level" tie to the detailed content of the process/section. Glad to see that I was on the right track.

On the management reviews, as we are so new to the ISO process, we still have to cover many subjects. The plan was to discuss the highlights from there forward. Our clients are quite demanding on everything so meeting the ISO requirements is simply the foundation in their eyes.

back to work for me!

R
 

Jen Kirley

Quality and Auditing Expert
Leader
Admin
Hi again Robert,

I can't tell you how often I have wished for high level documents like flow charts, both for me and the people working directly in the processes. :agree:

There is still time for Management to set a pattern of what is regularly covered in Management Review. Indeed we can expect the subjects of review to change quite a bit depending on what is going on. But the subjects required by standard need to stay in their focus to some regular degree.

It seems to me you are well on your way. Your questions are not surprising, in fact I am encouraged about your asking "To CA/Not CA...that is the question" because you are thinking about system improvements in the context of being able to show it's being done in a method. That is good!

Keep going, please feel free to raise more questions as they arise. we are here for you and we want to hear how it is going! You are among friends.

Cheers
 
J

JaneB

I'm either on the boat or ears deep in sharks!
Definitely on the boat and what's more, heading in the right direction as far as I see. All good advice from Jennifer. At least partly, because of the excellent background you presented, and your specific, targeted questions. Doing these things invariably results in better advice being received.

Question 1: I concur with Jennifer's advice in all respects, including not writing up lots of CAs for no point other than to 'present'. Don't do your system 'for the auditor'! It's normal to leave the formality of CAs until later.

Question 2: Yes, pretty much.

Q3 The thing you audit against is your own system (which swhould meet ISO 9001). Tool/s used during audit are usually an audit plan or perhaps an audit checklist (which might be one and the same thing)

'Contract Review' Does your organisation actually use this term? I've never come across one that does, but yours might be the exception. Much better to use your own terms, eg, 'getting the job', 'project brief/kickoff?', 'business development' etc?

Question 4:
It does sound a bit redundant. Do you need to 'show the tie between the flowcharts and the ISO specification sections'? (Don't do anything like that 'for the auditor' because one of their responsibilities is to see if all the requirements are addressed. So if just the flowcharts do the job, then I'd just go with them. And, like Jennifer, I love flowcharts too.

Management Review: You're right that weekly is part of management review - don't overlook the need (probably at a future point rather than now) to 'stand back and take a helicopter view' at longer intervals (quarterly?) rather than (or even better, as well as) the week to week one.
 
Top Bottom