4.1 Management Responsibility
I liked some of Charlies responses here. He clarifies a few issues quite well IMHO.
-----snippo-----
Subject: Re: Q: Mgmt. Responsibility & Design Control/Pfrang/Scalies
Date: Fri, 18 Dec 1998 11:52:48 -0600
From: ISO Standards Discussion <[email protected]>
From: Charley Scalies <[email protected]>
Subject: Re: Q: Mgmt. Responsibility & Design Control/.../Pfrang/Scalies
> From: [email protected] (Doug Pfrang)
>
> Charley, thank you for your reply and the good questions you raise. I'll
> respond to your questions in the same order you asked them, and hopefully
> clarify my dilemma.
>
> To your first paragraph, I realize my interpretation might be somewhat
> novel, but the language of the Standard seems broad -- section 4.1.2.3
> states that the Mgmt. Rep. "shall have defined authority for...REPORTING on
> the performance of the QUALITY SYSTEM...as a basis for improvement of the
> QUALITY SYSTEM," and section 4.1.3 similarly requires "management with
> executive responsibility [to] REVIEW the QUALITY SYSTEM..." (emphasis mine).
> To me, "quality system" suggests ALL elements of the Standard that are
> applicable to the organization, including design control if the firm is
> registered to ISO-9001. Because section 4.1 applies to the entire QUALITY
> SYSTEM, I am wondering how other companies apply section 4.1 to the DESIGN
> CONTROL component of their QUALITY SYSTEM; i.e., what do others do to
> address the formal REPORTING and REVIEW requirements that I have emphasized
> in the language above?
Those companies for whom I have consulted have done two things.1. The design process owner will review his/her own system annually to ensure it continues to remain suitable and effective. He/she verifies that the review was conducted and summarizes any changes or improvements that were or will be made. 2. The internal audit function independently verifies and reports on the effectiveness and suitabilty of the design control system based upon the applicable procedures and the desired outcome of those procedures. They, too, report on any improvement opportunities.
Both these "reports" make their way to the Management Rep who in turn provides the data or summaries therof to executive management for management review.
> If, as you mention, no other company interprets the
> Standard to mean that section 4.1 applies to all components of the quality
> system, then I would be curious what the reasoning is to exclude from the
> management review something as important as design control if the company is
> registered to 9001.
That's not what I meant. 4.1 does apply to the entire standard. However the management review portion does not directed that it be done paragraph by paragraph. The "common" (my customers) practice is for executive management to review performance of the system against the quality objectives and policy. In other words, if the system is achieving the objectives and leads to realization of the quality policy, it's good. If not, it needs corrective action. Those who are interested in doing more than meeting objectives will look more deeply.
> To your second paragraph, I did not mean to suggest we were not auditing
> design control. We do -- just as we audit all other activities. My
> question is not about the extent to which Internal Audits (section 4.17)
> apply to design control; it is about the extent to which Mgmt.
> Responsibility (section 4.1) applies to design control. Specifically, how
> do the Mgmt. Reps. in other companies "report on the performance of the
> quality system" (section 4.1.2.3(b)) as regards design control, and what
> sort of issues does the "supplier's management with executive
> responsibility" evaluate when it "reviews the quality system" (section
> 4.1.3) as regards design control?
Based upon the reviews and audits of others (process owner and auditors) the executive management person or group will look at individual elements on an exception basis only. Remember, meeting ISO9000 is not the purpose of the quality system. The purpose is to achieve the policy and objectives. The ISO9000 system is one vehicle by which that can be done.
> To your third paragraph, our design process seeks, of course, various
> improvements such as time-to-market, cost-of-goods, etc. What is unclear to
> me is the extent to which this must be formally addressed, formally
> reported, formally reviewed, formally recorded, etc., as set forth in
> section 4.1. In fact, the same questions could be asked about Servicing
> (section 4.19), but Design Control (section 4.4) has such a huge number of
> requirements that I am wondering to what extent companies address them as
> formally as section 4.1 seems to require. As you point out, there is a risk
> of too much bureaucracy. On the other hand, because good design control is
> critical to good product quality, some level of formal review of the design
> control process by executive management does seem appropriate. Plus,
> section 4.1 seems to require it. Accordingly, I am wondering what other
> companies do to strike a balance.
Executive management can delve into as much detail as it wishes. If you think it's important that they examine the particular activities of improvement efforts, that's what they should do. If you think they should receive only summary reports of improvement activities, then that's what they should do. ISO9000 only requires that the results of Preventive Actions be reported and considered at management reviews. Of course, executive management should be as interested in improving the end performance of the quality system (results) as they are in improving cash flow, profits, ROI, share value, etc since one tends to impact the other. One of my accounts has, as a key element of its quality policy, "maintaining our competitive edge". Their management group has to identify how they measure this and then review to determine if it is being met. In their case, review of improvement activities, in some detail, is a must.
Hope this gives you some help.
Charley
--
Charles J. Scalies/2000+
https://pobox.com/~scalies
I liked some of Charlies responses here. He clarifies a few issues quite well IMHO.
-----snippo-----
Subject: Re: Q: Mgmt. Responsibility & Design Control/Pfrang/Scalies
Date: Fri, 18 Dec 1998 11:52:48 -0600
From: ISO Standards Discussion <[email protected]>
From: Charley Scalies <[email protected]>
Subject: Re: Q: Mgmt. Responsibility & Design Control/.../Pfrang/Scalies
> From: [email protected] (Doug Pfrang)
>
> Charley, thank you for your reply and the good questions you raise. I'll
> respond to your questions in the same order you asked them, and hopefully
> clarify my dilemma.
>
> To your first paragraph, I realize my interpretation might be somewhat
> novel, but the language of the Standard seems broad -- section 4.1.2.3
> states that the Mgmt. Rep. "shall have defined authority for...REPORTING on
> the performance of the QUALITY SYSTEM...as a basis for improvement of the
> QUALITY SYSTEM," and section 4.1.3 similarly requires "management with
> executive responsibility [to] REVIEW the QUALITY SYSTEM..." (emphasis mine).
> To me, "quality system" suggests ALL elements of the Standard that are
> applicable to the organization, including design control if the firm is
> registered to ISO-9001. Because section 4.1 applies to the entire QUALITY
> SYSTEM, I am wondering how other companies apply section 4.1 to the DESIGN
> CONTROL component of their QUALITY SYSTEM; i.e., what do others do to
> address the formal REPORTING and REVIEW requirements that I have emphasized
> in the language above?
Those companies for whom I have consulted have done two things.1. The design process owner will review his/her own system annually to ensure it continues to remain suitable and effective. He/she verifies that the review was conducted and summarizes any changes or improvements that were or will be made. 2. The internal audit function independently verifies and reports on the effectiveness and suitabilty of the design control system based upon the applicable procedures and the desired outcome of those procedures. They, too, report on any improvement opportunities.
Both these "reports" make their way to the Management Rep who in turn provides the data or summaries therof to executive management for management review.
> If, as you mention, no other company interprets the
> Standard to mean that section 4.1 applies to all components of the quality
> system, then I would be curious what the reasoning is to exclude from the
> management review something as important as design control if the company is
> registered to 9001.
That's not what I meant. 4.1 does apply to the entire standard. However the management review portion does not directed that it be done paragraph by paragraph. The "common" (my customers) practice is for executive management to review performance of the system against the quality objectives and policy. In other words, if the system is achieving the objectives and leads to realization of the quality policy, it's good. If not, it needs corrective action. Those who are interested in doing more than meeting objectives will look more deeply.
> To your second paragraph, I did not mean to suggest we were not auditing
> design control. We do -- just as we audit all other activities. My
> question is not about the extent to which Internal Audits (section 4.17)
> apply to design control; it is about the extent to which Mgmt.
> Responsibility (section 4.1) applies to design control. Specifically, how
> do the Mgmt. Reps. in other companies "report on the performance of the
> quality system" (section 4.1.2.3(b)) as regards design control, and what
> sort of issues does the "supplier's management with executive
> responsibility" evaluate when it "reviews the quality system" (section
> 4.1.3) as regards design control?
Based upon the reviews and audits of others (process owner and auditors) the executive management person or group will look at individual elements on an exception basis only. Remember, meeting ISO9000 is not the purpose of the quality system. The purpose is to achieve the policy and objectives. The ISO9000 system is one vehicle by which that can be done.
> To your third paragraph, our design process seeks, of course, various
> improvements such as time-to-market, cost-of-goods, etc. What is unclear to
> me is the extent to which this must be formally addressed, formally
> reported, formally reviewed, formally recorded, etc., as set forth in
> section 4.1. In fact, the same questions could be asked about Servicing
> (section 4.19), but Design Control (section 4.4) has such a huge number of
> requirements that I am wondering to what extent companies address them as
> formally as section 4.1 seems to require. As you point out, there is a risk
> of too much bureaucracy. On the other hand, because good design control is
> critical to good product quality, some level of formal review of the design
> control process by executive management does seem appropriate. Plus,
> section 4.1 seems to require it. Accordingly, I am wondering what other
> companies do to strike a balance.
Executive management can delve into as much detail as it wishes. If you think it's important that they examine the particular activities of improvement efforts, that's what they should do. If you think they should receive only summary reports of improvement activities, then that's what they should do. ISO9000 only requires that the results of Preventive Actions be reported and considered at management reviews. Of course, executive management should be as interested in improving the end performance of the quality system (results) as they are in improving cash flow, profits, ROI, share value, etc since one tends to impact the other. One of my accounts has, as a key element of its quality policy, "maintaining our competitive edge". Their management group has to identify how they measure this and then review to determine if it is being met. In their case, review of improvement activities, in some detail, is a must.
Hope this gives you some help.
Charley
--
Charles J. Scalies/2000+
https://pobox.com/~scalies
