Search the Elsmar Cove!
**Search ALL of Elsmar.com** with DuckDuckGo Especially for content not in the forum
Such as files in the Cove "Members" Directory

Internal auditing - Changes after recently changing to 9001:2000

N

nicola

#1
I have recently been employed with the main function of assisting in the move from the 1994 standard to the 9001:2000 standard. I am finding it difficult to convince the management that the conversion isn't merely a documentation issue, but involves changing the way they do things (particularly with regards to the process approach, continual improvement, customer satisfaction).

An external auditor raised the issue that our internal auditing procedures need to be adapted in order to comply with the new standard. This is now my task. The problem is that I am having a challenging time trying to convince the management that they need to trust the changes that I want to make.... and their resistance is making me question whether I am approaching this correctly.

Firstly, I believe that the audit plan must extend to include every area within the company. This includes purchasing, planning, development, etc... where before auditing was only done on the manufacturing processes. Am I correct? This morning I had a discussion with my boss who said that we can't plan when an audit must be done, because we can't predict when problems occur - which is an issue on it's own because the company is working more with corrective action rather than with preventative action. In fact, there are no preventative action measures and I'm beginning to doubt their understanding of the difference between the two. They believe that preventative means to prevent it from happening again....

Secondly, Currently the internal audits only check if the procedures and work instructions are being followed. My problem is - How do we know that the procedures and work instructions are giving us the required results? and how can we continually ensure that they follow the standared? To meet this criteria, I have created a form/checklist, but am encountering resistance to the change.

Thirdly, management believe that continual improvement can be solely be covered by the auditing process and as I mentioned above, the auditing style assumes that the process is correct and only checks to see if the process is being followed... I have argued my point a number times and believe that I am making progress is changing the way of thinking (well at least within the quality department)

Essentially I believe that the problem is in the definition of a process. Currently management define 'process' as a step in manufacturing a component, but I need to open their eyes to the the fact that processes exist from when you take the order to when you get customer feedback. These process must also be measured and monitored and they also use equipment that must be included in the calibration system. I've created a process flow diagram of the entire company, now we must created a system that works around it.

I've attached an audit plan that I would like to suggest to the company as well as an audit checklist (I understand that they will still need some work, and I particularly want to double check the referances to the iso standard). I would appreciate any feedback or ideas. Most of all, I would like to know if I'm approaching this in the right way, because all this resistance is making it easy for me to doubt my approach.

Thanks
Nicola
 

Attachments

B

BEVel

#2
You may be looking at two different sides of the coin

Hi Nicola~!

It's hard for people to change, much less an organization.

First, you must win over your management's support. It's not easy to do, but at least have a meeting on a comparison between ISO 9001:2000 and 1994 requirements (like a table). That way, it'll be easier for them to see what they must change.

Second, show them a scheduled plan on how you propose to do these changes. Give them a bird's eyeview and the relevance of your actions. Don't just shove them endless checklists. they'll think these are useless surveys or paperworks from the newbie.

There are many forums here on how you can go about upgrading. Expect endless delays, but hang in there!:bigwave:
 

Joe Cruse

Mopar or No Car
#3
It sounds like they are a bit confused on continual improvement and how to do it vs the internal audit process. Internal audits are not a function of the corrective action system, although thay can be part of CA. Internal audits CAN be planned, and in fact ARE to be planned, according to the standard in section 8.2.2. It's up to your organization to determine the scope, criteria, frequency, and methods for doing this. Internal audits SHOULD be value-adding activities, not only checking conformance to the standard of your qms, but taking a look at your processes for opportunities for improvement (preventive action and continual improvement).

Look in the Auditing section of this Forum, there is a LOT of good material of the process approach and how to think and audit in this manner.

If continual improvement is only covered through the internal audit process, and your mgt thinks that audits are only for CA, that is not good thinking. Improvement should be going on without having to respond to process problems, complaints, and corrective action requests. That's not very sound business management. My take anyway.

Good luck with this.
 

RoxaneB

Super Moderator
Super Moderator
#4
nicola said:
Firstly, I believe that the audit plan must extend to include every area within the company. This includes purchasing, planning, development, etc... where before auditing was only done on the manufacturing processes. Am I correct? This morning I had a discussion with my boss who said that we can't plan when an audit must be done, because we can't predict when problems occur - which is an issue on it's own because the company is working more with corrective action rather than with preventative action. In fact, there are no preventative action measures and I'm beginning to doubt their understanding of the difference between the two. They believe that preventative means to prevent it from happening again....
Audits can be planned and should be planned to ensure that the necessary resources are available to conduct the audit (both on the part of the audit team and the part of the auditee). An audit is not to be conducted just because a problem occured...an audit is to ensure conformance (or is it compliance?) between the requirements and process.

As for the definitions of corrective and preventive action, that is a whole separate thread or two. If you do a search here on the Cove, you'll have many hits on exactly this dicussion.

nicola said:
Secondly, Currently the internal audits only check if the procedures and work instructions are being followed. My problem is - How do we know that the procedures and work instructions are giving us the required results? and how can we continually ensure that they follow the standared? To meet this criteria, I have created a form/checklist, but am encountering resistance to the change.
How will the checklist assist you in determining if the required results are being attained? Ensuring that standardized processes are being followed is one thing. And you are right to want to see if the required results are being attained. Does your company use Key Performance Indicators or have metrics that are regularly updated to show if goals are being met? What about your company objectives? How do you demonstrate that those are being met?

nicola said:
Thirdly, management believe that continual improvement can be solely be covered by the auditing process and as I mentioned above, the auditing style assumes that the process is correct and only checks to see if the process is being followed... I have argued my point a number times and believe that I am making progress is changing the way of thinking (well at least within the quality department)
Provide a copy of 8.5.1 in common english to your management and provide examples of how you believe the company meets each of the stated ways to demonstrate continual improvement. Or, for a more fun exercise, provide management with a list of the ways ISO 9001 says you can demonstrate continual improvement and have them provide company examples. :)

ISO 9001 8.5.1 Continual improvement said:
The organization shall continually improve the effectiveness of the quality management system through the use of the quality policy, quality objectives, audit results, analysys of data, corrective and preventive actions and management review.


Auditing these topics will not demonstrate continual improvement. Showing that the process for establishing and maintaining and reviewing them will. Showing that concepts like the policy and objectives are dynamic will. Showing that management review is less of a presentation on your part and more of discussion with value-added outputs from them will.

Best of luck!



Essentially I believe that the problem is in the definition of a process. Currently management define 'process' as a step in manufacturing a component, but I need to open their eyes to the the fact that processes exist from when you take the order to when you get customer feedback. These process must also be measured and monitored and they also use equipment that must be included in the calibration system. I've created a process flow diagram of the entire company, now we must created a system that works around it.

I've attached an audit plan that I would like to suggest to the company as well as an audit checklist (I understand that they will still need some work, and I particularly want to double check the referances to the iso standard). I would appreciate any feedback or ideas. Most of all, I would like to know if I'm approaching this in the right way, because all this resistance is making it easy for me to doubt my approach.

Thanks
Nicola[/QUOTE]
 
#5
Getting to basics.......

Hi Nicola:

I suggest that since you're responsible for implementation, your best course of action is to get the management team on the same page. Firstly, if you have a budget to do this, get someone to do a gap assessment. I'd advise you don't use a registrar, but your call. The gap should show your management three things:-
What ISO9K2K requires but you don't do
What you have in place that ISO9K2K requires and you can leverage from the '94 version
What must be improved to be effective.

I'd also suggest they get some 'overview' training for the management from some kind of consultant or similar with a track record of helping implementation support. Make certain that the training shows you what the benefit of a good qms is, not just registration.

You should get auditor training too, if you didn't get it yet.

These are basic requirements for you and the company to be successful.

Andy
 
Top Bottom