ISO 9001 4.4.1 "...shall determine the processes needed..."

[John C. Abnet]

Hey all-
Let us kick a sleeping dog and burrow into this subject...shall we?

We have all seen organizations go to great length (complex turtles, matrices, etc..etc...), attempting to satisfy the certification body registrar in an attempt to fulfill this requirement. Sadly, most of the efforts I have seen add no benefit to the organization. I have seen simple organizations have up to 30 listed processes. While this is not "wrong", it begs the question, ...
* what is expected by the CB?
...More importantly,...
* what is beneficial to the organization?

What all needs listed as a "process needed" ?
Most companies invoice customers. Does "invoicing" need listed ? Most companies have a purchasing agent and pay suppliers. Does "accounts payable" need listed? "accounts receivable" ? What about maintenance ? ...The list goes on and on.

Example:
A pizza shop opens and wishes to become ISO 9001:2015 registered. They make a simple one page flow diagram, which sequentially lists the following processes.....

- Build
- Bake
- Cut
- Package
- Deliver

The process owners are identified via osmosis and corollary documentation.

Sufficient?

What say all of you ???

 

[Kronos147]

Hey all-
...the following processes.....

- Build
- Bake
- Cut
- Package
- Deliver

- Build
- Bake
- Cut
- Package
Those may be sub processes of the pizza making process, but no, you can't have a successful system with only those listed 'processes'.

Here are some things to consider.

Planning - you need a menu of available pizza's, no?

Customer service - you need to accept, and verify the order. You need to possible answer the call "where is my pizza?" You need to potentially respond to customer complaints.

Support - you need to keep the ovens running, right?

Purchasing - You may need some cheese, tomato paste, and flour. You may need to assesses the suppliers to know who to but what from.

Inventory control, data analysis. How much cheese etc. to you buy at a time? Too much cheese, it goes bad before you use it, not enough, you run out and can't take orders.

Internal Audits, Corrective Actions, Management Review - what process manages these requirements?

Training - how does one know how to do all of the above?

 

[John C. Abnet]

- Build
- Bake
- Cut
- Package
Those may be sub processes of the pizza making process, but no, you can't have a successful system with only those listed 'processes'.

So then....
"accounts receivable" needs to be a listed process? (got to charge the customer PROPERLY)
"accounts payable" needs to be a listed process? (got to pay your suppliers correctly/on time)
"management review" ? (in this homemade scenario, there are a total of 5 people working here, so obviously "Management review" must be a stated process)
" Control of non-conformance" ?
" Corrective action"?
" Continuous improvement" ?
* Document control ? (Don't want an outdated menu)
" Change point control"?
"transportation" ? ( delivery from suppliers, to customers...)
"information technology"? (gotta' have a web site, with on line ordering and billing services)
"Process environment" ? (lighting, associate stress, building temperature )
"traceability" ? (what if a bad pepperoni gets through?)
"communication"? (shall determine the necessary internal and external) ......

Not trying to be facetious @Kronos147 , simply trying to get multiple looks at this from multiple possibilities.

Keep in mind, I am not indicating that the above activities are not necessary and important. What I am prompting is discussion regarding when, exactly is it "enough" when identifying the "...processes needed..." to meet the requirement (intent) of 4.4.1?
Endless, really.


Be well

 

[John C. Abnet]

can't have a successful system with only those listed 'processes'

So, without listing all potential activities with inputs/outputs (endless possibilities), the management system will fail?

Let us be reminded that the intent of the management systems is to serve the organization and its customers (not the auditor) in a manner that meets the requirements of the governing international standard. Specifically, the scope of ISO 9001 is (paraphrased)....
- provide conforming product
- continuously improve

Is it really necessary to "list" (remember, it doesn't actually state "list" or "write them down", it simply states "identify the processes needed...inputs...outputs...sequence...interaction", etc..etc...)

Food for thought.

Be well.

 

[Ninja]

FWIW..."Shall determine" and "Shall list" are two different things.
My reply is over in QFO...

 

[Sidney Vianna]

Hey all-
Let us kick a sleeping dog and burrow into this subject...shall we?

We have all seen organizations go to great length (complex turtles, matrices, etc..etc...), attempting to satisfy the certification body registrar in an attempt to fulfill this requirement. Sadly, most of the efforts I have seen add no benefit to the organization. I have seen simple organizations have up to 30 listed processes. While this is not "wrong", it begs the question, ...
* what is expected by the CB?
...More importantly,...
* what is beneficial to the organization?

I think the real problem is the fact that ISO 9001 is concocted by a bunch of academics who can't relate to the real world and the ISO-ese language they use is counterproductive for an easy understanding of the intent. They fail to explain risk based thinking, the process approach, QMS processes, etc... in a way that users easily understand, which is against their declared Vision and Mission.

Our vision is:

• That our products should be recognized and respected worldwide, and used by organizations as an integral component of sustainable development initiatives.

Our mission is:

• To develop, maintain and support a portfolio of products that enable organizations to improve their performance and to benefit from the implementation of a robust quality management system.
• To establish generic quality management system requirements that provide the foundations to build confidence in products and services delivered throughout the supply chain to organizations and people worldwide.
• To provide guidance and support, where needed, to ensure the continued credibility of our products.

What I understand the standard intends to require is:

Identify the business processes in your organization that can affect customer satisfaction and/or product conformity. That's why ISO 9001:2015 5.1.1.c requires the INTEGRATION of the QMS with the business processes. Once you identify the business processes that have an impact on customer satisfaction and/or product conformity, then, THEY ARE an integral part of your quality system.

So, if you ask should be billing be a process identified in the QMS? Funny that you ask Should the billing process be part of ISO 9001:2008?

 

[John C. Abnet]

I think the real problem is the fact that ISO 9001 is concocted by a lot of academics who can't relate to the real world and the ISO-ese language they use is counterproductive to eas understanding of the intent.

So, if you ask should be billing be a process identified in the QMS? Funny that you ask Should the billing process be part of ISO 9001:2008?

Good day @Sidney Vianna ;
Thanks for the feedback. As for the link you provided to previous discussion....EXACTLY ! Noted by some of the abstract responses and the nearly spit (55% vs 45%) pole response, this topic is not to be "resolved" any time soon.

I believe you and I are on the proverbial same page. Here is a response I gave elsewhere on the same topic...

My professional opinion (based on experience and the text of the standard) is that since the "organization shall determine", any reasonable approach should be acceptable. No actions and/or controls needed to meet the requirements of the standard are contingent upon how this is approached....i.e. regardless of the approach, it is certainly possible to meet the requirements of the standard (more importantly, the organization and the customer) n the form of a well functioning and sustainable management system.

This action ("...shall determine the processes needed...") CAN (should), however, be done in a way that is very beneficial to an organization, assuming it is approached that way.

Thanks again for your input.

Be well.

 

[Kronos147]

So then....
"accounts receivable" needs to be a listed process? (got to charge the customer PROPERLY)
"accounts payable" needs to be a listed process? (got to pay your suppliers correctly/on time)
"management review" ? (in this homemade scenario, there are a total of 5 people working here, so obviously "Management review" must be a stated process)
" Control of non-conformance" ?
" Corrective action"?
" Continuous improvement" ?
* Document control ? (Don't want an outdated menu)
" Change point control"?
"transportation" ? ( delivery from suppliers, to customers...)
"information technology"? (gotta' have a web site, with on line ordering and billing services)
"Process environment" ? (lighting, associate stress, building temperature )
"traceability" ? (what if a bad pepperoni gets through?)
"communication"? (shall determine the necessary internal and external) ......

...What I am prompting is discussion regarding when, exactly is it "enough" when identifying the "...processes needed..." to meet the requirement (intent) of 4.4.1?

It's your system, right? Is it effective for your organization? That is the key.

As for AP\AR, ISO 9001 doesn't really discuss finance. Your organization may have a QMS and a financial management system. That can be set up by describing your scope and boundaries and declaring finance out of scope.

Corrective action and continuous improvement, maybe your system sees these as sub-processes to Quality, Management, or Support. Same for IT, maybe it falls under the support umbrella. Control of Documented Information, does it have an owner, does it have KPI's, do you have to review the risks and opportunities associated with it, or again, is it a sub-process of Quality, Management, or Support?

So, without listing all potential activities with inputs/outputs (endless possibilities), the management system will fail?

Let us be reminded that the intent of the management systems is to serve the organization and its customers (not the auditor) in a manner that meets the requirements of the governing international standard. Specifically, the scope of ISO 9001 is (paraphrased)....
- provide conforming product
- continuously improve

Is it really necessary to "list" (remember, it doesn't actually state "list" or "write them down", it simply states "identify the processes needed...inputs...outputs...sequence...interaction", etc..etc...)

Food for thought.

Be well.

What if top management goes to lunch and plays the lottery. They win big, never come back. Is it still effective, or are some of the assumptions going to affect the customer when the new management team come in?

FWIW..."Shall determine" and "Shall list" are two different things.
My reply is over in QFO...

"4.4.2 To the extent necessary, the organization shall:
b. retain documented information to have confidence that the processes are being carried out as planned."

If the internal audit is planning to assess all of the processes of the organization, should they determine the processes in a vacuum, or should the plan be in alignment with the process identification?

If the internal auditor finds that the process identification is not effective, what is the root cause? 'We assumed that..."

 

[John Broomfield]

Discussion with the pizza shop owner/manager.

Please describe how you determined the processes you need in your organization/system?

We have a list.

Is see this list omits purchasing, is that process vital to the success of your organization?

Yes it is but I thought ISO was concerned about the quality of my pizzas.

Thinking about what the auditor wants has us missing the point.

I’d rather the pizza shop understood what they did to convert the needs of their customers into cash in the bank. So, perhaps that should’ve been my first question.

 

[Big Jim]

Hey all-
Let us kick a sleeping dog and burrow into this subject...shall we?

We have all seen organizations go to great length (complex turtles, matrices, etc..etc...), attempting to satisfy the certification body registrar in an attempt to fulfill this requirement. Sadly, most of the efforts I have seen add no benefit to the organization. I have seen simple organizations have up to 30 listed processes. While this is not "wrong", it begs the question, ...
* what is expected by the CB?
...More importantly,...
* what is beneficial to the organization?

What all needs listed as a "process needed" ?
Most companies invoice customers. Does "invoicing" need listed ? Most companies have a purchasing agent and pay suppliers. Does "accounts payable" need listed? "accounts receivable" ? What about maintenance ? ...The list goes on and on.

Example:
A pizza shop opens and wishes to become ISO 9001:2015 registered. They make a simple one page flow diagram, which sequentially lists the following processes.....

- Build
- Bake
- Cut
- Package
- Deliver

The process owners are identified via osmosis and corollary documentation.

Sufficient?

What say all of you ???

You missed a big one. Nothing in that list covers the management related activities.

You may find the webinar from one of the certification bodies helpful. Follow the link: