Meeting AS9100 Rev C Requirements - Major help wanted

[n25philly]

OK, here is the deal, the company I work for is a small precision machine shop doing mostly aerospace work. We already got our Rev C certification last year on a surveillance audit. Up until that point every auditor we've had come in has pretty much audited us completely on compliance. As long as everything in our book matched the requirements and we did what we said we did everything was good.

We have two major problems (not findings, but could turn into them if not addressed) that we need to straighten out for our next audit. #1 is out interaction of processes. Well, we've neverlooked at this from a true process standpoint (hell, we were ISO long before we got AS9100 and no auditor even looked at our interaction of processes until our first AS audit) and apparently it is wrong. Our original Interaction of processes was basically a listing of all of our procedures that was put into a flowchart that showed how work flowed through our shop. That did the job until this last audit. This time we were told any process we have needs to be measurable. Well, it's been more than half a year since the audit and I am still lost on the Interaction of processes. It seems the more I read about it the more confused I get. Can someone point me in the right direction? I don't know how to post files here, but I am certainly willing to provide copies of the old IOP and attempts I've made to revise if it helps.

The second issue I have is with internal auditing. I think it ties into the other problem as we were told that we are auditing wrong in the last audit as we are not auditing processes. The way that our audits work is that we would take each of our processes, and for each other we had a matrix that identified every paragraph in the procedure applied to it. Auditors needed to go into the procedure and the actually work being done involved with the procedure and identify that those requirements were being met as well as making observations on how effective they are. The audits are then reviewed by another auditor to verify that the requirements are met and that the auditor doing the audit provided significant evidence.

I can see how this method of auditing is not enough as by auditing every single procedure individually, it creates an audit nearly every single month (23 procedures, 3 full order audits, and 1 shop floor audit) as there are only three of us on the auditing team and we all have enough other works that it becomes overwhelming. Two of our findings on the last audit were things that should have been caught on internal audits. I think the audits would work better in process audits if they work they was I think they do (for example auditing quality assurance as one audit instead of inspection, control of non-conformities, and calibration as separate audits) I just need to figure out how we are supposed to do that. Should we be using PEARs or is that just for the auditors coming in?

I'm not looking for anyone to do this for me. I just want to get pointed in the right direction. Our next surveillance audit is in October so I need to get these things moving, but the more research I do I only get a bigger headache as it seems no one can give a straight answer on anything. It certainly doesn't help that whenever I start researching as soon as I seem to get anywhere I get pulled away for days to weeks and end up having to start over.

Any help that can be provided would be very, very much appreciated.

 

[AndyN]

Re: Need some major help with meeting Rev C requirements

I'm not sure your last auditor is correct. Certainly if all the others never made this statement, unless they were all incompetent, it's unlikely to be true.

You have many processes and some need to be measured, some monitored. Look at a car dashboard. All kinds of things COULD be measured, but just a few are really important to you, the customer!

Many processes are simply monitored. If you measured everything, you'd be overwhelmed. As a priority, take a look at what affects the customer, then what affects managements' achievement of their objectives. Why would you measure document control anyway? No, your auditor needs to get a life, or get competent!

I see nothing wrong with your process sequence and interaction, either, without actually seeing it!

If you want a tool to help audit process, look here: http ://www .nqa-usa.com/resources/articles_detail?id=39 - OBSOLETE BROKEN 404 LINK(s) UNLINKED

You'll see that by auditing a process, you can sweep the things you mentioned were done as procedures can be done all at the same time. If you notice a problem, say with calibration, next audit can be just on the calibration process (different football, though)

 

[Sidney Vianna]

Re: Need some major help with meeting Rev C requirements

I'm not sure your last auditor is correct. Certainly if all the others never made this statement, unless they were all incompetent, it's unlikely to be true.

I respectfully disagree. As you know, over the years, we've had numerous threads on "process approach". And the undeniable conclusion that thousands of organizations have attained and maintained certification to ISO 9001, AS9100, etc. without never ever understanding "process approach". The difference now, especially under the aerospace ICOP scheme, with the advent of PEAR forms, is the fact that organization and their respective CB auditors are forced to identify process and explain how their processes are monitored/measured, in order to be able to dully fill out the paperwork associated with the AS9101D audit package.

In my mind it is well established that a significant percentage of registered organizations and auditors have never understood and never will understand it. They will "learn" new paperwork and protocols, but, deep inside, they will think procedures, procedures, procedures...and the rest of a command and control approach to a QMS.

 

[Big Jim]

Re: Need some major help with meeting Rev C requirements

I respectfully disagree. As you know, over the years, we've had numerous threads on "process approach". And the undeniable conclusion that thousands of organizations have attained and maintained certification to ISO 9001, AS9100, etc. without never ever understanding "process approach". The difference now, especially under the aerospace ICOP scheme, with the advent of PEAR forms, is the fact that organization and their respective CB auditors are forced to identify process and explain how their processes are monitored/measured, in order to be able to dully fill out the paperwork associated with the AS9101D audit package.

In my mind it is well established that a significant percentage of registered organizations and auditors have never understood and never will understand it. They will "learn" new paperwork and protocols, but, deep inside, they will think procedures, procedures, procedures...and the rest of a command and control approach to a QMS.

I absolutely agree, but would take it a step further. Those responsible for drafting ISO 9001 (most likely Technical Committee 176) have never discovered the need to more fully define what they are after in terms of just what a process is and what is expected in the description of the interaction of them.

Until that is addressed, this ship will remain adrift.

 

[AndyN]

If he has a flow chart which shows how the work flows through the shop, how isn't that a "process approach"? He's got his procedures linked to the flow diagram, which seems to make sense to me. From what the OP has said, I could reasonably assume the AS auditor has done what I've heard/read others are doing - interpreting what they thought they heard in a course.

We've already read here at the Cove that Turtles have been demanded! Of course, without seeing the actual process interaction, we cannot strictly say one way or another. Maybe the OP will sanitize it and share it.

If his internal auditors have only audited procedures, then clearly he does have an issue, which is why I posted the link.

 

[Sidney Vianna]

If he has a flow chart which shows how the work flows through the shop, how isn't that a "process approach"?

I would submit that true process approach is much more than a flowchart. I have linked this ISO document numerous times: ISO 9000 Introduction and Support Package: Guidance on the Concept and Use of the Process Approach for management systems Section 5 of the document, Implementing the process approach is split into :
5.1 Identification of the processes of the organization
5.2 Planning the process
5.3 Implementation and measurement of the process
5.4 Analysis of the process
5.5. Corrective action and improvement of the process

In my opinion, the BIGGEST thing missing in the process approach literature is the emphasis on the concept that, for the most part, and contrary to what ISO 9001 and AS9100 says, we have very few quality management processes. What we REALLY have are BUSINESS PROCESSES, WHICH MUST be managed concurrently for many disciplines, including QUALITY. So, ISO 9001 and AS9100 must be understood as providing requirements for the quality (discipline) management of BUSINESS PROCESS.

The result of that realization is the fact that ISO 9001/AS9100 implementation and certification transcends the quality department and extends to the core processes of the organizations and the respective process owners (OUTSIDE of the quality department) will have to MANAGE their respective process and be accountable for the conformance to the requirements of the standard, as it applies to them.

 

[AndyN]

Yup, I'm familiar with the document.

However, since the term 'flow-chart' doesn't really help until we actually see what the OP has, we can't say much on the subject!

I don't disagree, Sidney, with your position, but then a good 95% of organizations (IMHO) are likely to have struggled with this (how many have used the guidance?), so it seems a bit 'harsh' to me that - suddenly - this CB (auditor) now makes an issue of it? Isn't the CB culpable in regard to letting it go so long without their auditors being made aware of what should be in place?

 

[Big Jim]

Yup, I'm familiar with the document.

However, since the term 'flow-chart' doesn't really help until we actually see what the OP has, we can't say much on the subject!

I don't disagree, Sidney, with your position, but then a good 95% of organizations (IMHO) are likely to have struggled with this (how many have used the guidance?), so it seems a bit 'harsh' to me that - suddenly - this CB (auditor) now makes an issue of it? Isn't the CB culpable in regard to letting it go so long without their auditors being made aware of what should be in place?

The CB's have been struggling with educating the auditors about the process approach for several years. In many cases, the audit workbooks have undergone dramatic changes to help with this, especially with the encouragement (or stronger) to use KPI. I've sat through several of those training sessions, and they seem to ratchet up the process approach most every year.

The problem is, in my mind, just how far can you go without an adequate definition.

 

[AndyN]

The CB's have been struggling with educating the auditors about the process approach for several years. In many cases, the audit workbooks have undergone dramatic changes to help with this, especially with the encouragement (or stronger) to use KPI. I've sat through several of those training sessions, and they seem to ratchet up the process approach most every year.

The problem is, in my mind, just how far can you go without an adequate definition.

Maybe you should ask the auditor who is telling the OP...

 

[Sidney Vianna]

, so it seems a bit 'harsh' to me that - suddenly - this CB (auditor) now makes an issue of it? Isn't the CB culpable in regard to letting it go so long without their auditors being made aware of what should be in place?

Somehow someone sometime must start the accountability process of demanding registrants to understand and implement a QMS using the proper approach.

Our collective failure to do so allowed organizations to attain and maintain certificates for over a decade now, without having to demonstrate understanding and application of fundamental aspects covered in ISO 9000 and 9001.