IATF 16949 Clause 6.1.1 - My first Major NCR (Management Review)

[Warcraft]

I don't agree. I don't think you fully understand the linkage from the "Context" to the "Planning" requirements. You most certainly Do Not have to do risk assessments for all processes, according to the standard (it's simply not stated) and, hence, if your auditor left you with that NC or understanding, they are similarly incorrect.

Let me help you out: If, in understanding the internal and external issues which can affect the QMS (4.1) you determine that there's a risk in not finding sufficient skilled workers (a common theme here in the USA), your organization may chose to create a program to train their own skilled workforce. Now, looking at 6.1, the planning should address the QMS to create that training programme, since it's unlikely that your current training procedure is sufficient... Someone needs to decide to work on it, how long it will take, who else it will involve, know when it's working etc. That's how it's supposed to work.

Now, What method would You use to understand internal and external issues? SWOT could be the one, right?

 

[Sebastian]

Section is not important. Important is relation between 4.4 and 6.1.
Even no risk determined, what's evidence that it was considered for all processes.

 

[Golfman25]

I am agreeing with Andy. 6.1.1 is an ISO requirement not an IATF requirement. There is nothing in 6.1.1 that states "all processes." This looks like a situation of "automotive creep" into the interpretation of the ISO part of the standard. I can definitely see an automotive guy doing this, but it isn't really required. You might want to push back a little bit and see where it goes. Good luck.

 

[AndyN]

Now, What method would You use to understand internal and external issues? SWOT could be the one, right?

Exactly right! SWOT, PEST(LE) are both good. BTW - I've had feedback that this approach is "best in class" by an AS9100D Auditor while being audited by ANAB...

 

[Warcraft]

Section is not important. Important is relation between 4.4 and 6.1.
Even no risk determined, what's evidence that it was considered for all processes.

If I make SWOT for every process, this is evidence, right?

 

[AndyN]

If I make SWOT for every process, this is evidence, right?

Making a SWOT for each process isn't what's required and won't achieve what's intended. The thought behind section 4 and section 6 requirements is that the leadership understand the strategic direction of the organization - those internal and external issues which can influence the intended outcomes of the QMS - customer satisfaction, product quality, delivery etc. Doing a SWOT as a BUSINESS will reveal the internal issues (Strengths and Weaknesses) and external issues (Opportunities and Threats). These are NOT specific to any processes. It's the intent of the standard to have the leadership plan to develop the process(es) to manage the risk and opportunities (through the strategic planning).

 

[Golfman25]

Making a SWOT for each process isn't what's required and won't achieve what's intended. The thought behind section 4 and section 6 requirements is that the leadership understand the strategic direction of the organization - those internal and external issues which can influence the intended outcomes of the QMS - customer satisfaction, product quality, delivery etc. Doing a SWOT as a BUSINESS will reveal the internal issues (Strengths and Weaknesses) and external issues (Opportunities and Threats). These are NOT specific to any processes. It's the intent of the standard to have the leadership plan to develop the process(es) to manage the risk and opportunities (through the strategic planning).

Yeah. But it is so much easier to check a box on each process that you dealt with risk.

 

[jameshavican]

We are doing SWOTs for every process. These are living documents that get reviewed annually and updated as necessary. We also have PFMEAs but keep in mind that your process owners are going to have to speak to the risk analysis and how they use it when they are making decisions in their process. SWOTs are easy to speak to and are quick to reference. You say that your process owners don't know the process? Well if the PFMEA is your only risk analysis tool, then all of your process owners will have to speak to and understand the FMEAs during an audit. This new standard is pushing far more accountability and understanding requirements to the floor than ever before. Even operators need to understand risk factors involved for their operations.

Our SWOTs work in combination with our strategic planning process.

 

[jameshavican]

Yeah. But it is so much easier to check a box on each process that you dealt with risk.

I agree with Golfman. Why would you not want to do risk analysis for each process? This can help process owners to better understand the risk in their processes and spur innovation and improvement activities to reduce risk.

 

[Golfman25]

I agree with Golfman. Why would you not want to do risk analysis for each process? This can help process owners to better understand the risk in their processes and spur innovation and improvement activities to reduce risk.

Because some processes don't need the wasted resources. With limited resources I am focusing on the big one -- in our case making stuff.