Poll: Should auditors promote the process approach?

[ISO 9001 Guy]

I have some questions.

If they aren't doing Product Realization, why not write it up under 7.1?

If they are doing an element-by-element approach and have a process as rquired in element 7.1, why is it getting written up as not having a process approach?

What if the output of their planning was a process called Production, into which they wrapped up the process of not only planning of production, but its inputs such as customer requirements and considerations, etc?

Is this about not meeting the requirements of the Standard, or not exhibiting doing so in a way that would give you confidence they were applying a process approach?

It would give me confidence that a QMS exhibits the process approach if the definition of the QMS is not dependent upon the requirements of the standard, but upon the processes needed for the management system.

The whole idea is to manage those processes in a process/system fashion (see the 8 principles). QMS procedures based upon the requirements do not suggest this understanding, an understanding that is clearly present--but not according to how an element-by-element system has been defined.

A first step of quality management system auditing is to verify that management has determined the processes affecting quality. Of course management has done that, but why did so many choose to define those processes according to the requirements of the standard? Merely to demonstrate conformity, apparently, thus not with managing processes as a first priority.

If managing processes were the first priority here (or if certification was not the goal), and documented procedures were required, the documented procedures would naturally describe the processes. What's the big deal? Are we afraid that these processes are not being managed? Of course they are! Element-by-element documentation suggests management commitment to certification, but at the same time it suggests a lack of commitment to sensible, systemic quality management.

The good management I know like sensible things.

Why would the definition of these processes take the structure of a standard intended to ASSESS QMSs? In pandering to the standard, element-by-element procedures fail to properly reflect a basic principle of process control: be clear about how the process works. In short: element-by-element documentation pays lip service to the requirements.

Who wins?

Not the organizations.

Not organizational personnel trying to assure quality.

Do you think the folks working in ISO 9001:2008-certified companies who use the element-by-element approach see value in the documentation?



Honestly?

Is it useful to anyone?

Want to sell it to top management? Be honest: we out-clevered ourselves x years ago when we cut and pasted those 20 procedures (or adopted those 20 procedures) to comply with the requirements. It's the wrong thing for quality management, it costs more than necessary, everybody hates it, and . . . auditors might someday actually require that we do it right.

Adopting unfamiliar procedures was never a good idea to manage processes we operate every day. Just managing compliant processes is easier than managing compliant processes AND managing needless, confusing documents. Does a compelling business case suggest to keep it the way it is? As it is, we are going out of our way to pay lip service to the standard. And it's costing us. How clever is that?

On the upside, the process-based QMS and resulting documentation will make sense to you, ISO 9001 audits will offer more value--both internal and external (?)--resulting procedures will make sense to personnel, it will be easier for us, and you will be left with a sensible management tool. Oh yeah, and it's going to save MONEY!

 

[ISO 9001 Guy]

I have some questions.

If they aren't doing Product Realization, why not write it up under 7.1?

If they are doing an element-by-element approach and have a process as rquired in element 7.1, why is it getting written up as not having a process approach?

What if the output of their planning was a process called Production, into which they wrapped up the process of not only planning of production, but its inputs such as customer requirements and considerations, etc?

Is this about not meeting the requirements of the Standard, or not exhibiting doing so in a way that would give you confidence they were applying a process approach?

I added assumptions to the scenario addressing some of your concerns. Thanks for pointing it out.

 

[Richard Pike]

Richard, thanks. Will you elaborate upon this, please?

Thanks.

Certainly: Terms and conditions were agreed at the time of entering into a contract with the CB and by inference with ISO.

If ISO formally changes the rules they must do so giving adequate notice, (which they do). If they subsequently provide guidance either to the CB or indirectly, publicly to Certified Organizations, then this does not change the contract (the rules). If any such inference was made by the CB, and that brought about loss to the Organization - they would be legally liable for such losses. You cannot change the terms of a contract unless it is done within the terms of that contract!

And all these "guidance" issues (especially for auditors) if "recommended" with any form of coercion, would be in breach of contract.

Remember please; the guidance to Auditors was provided solely in an attempt to bring _incompetent auditors _ into line. There can be no official and binding change in the interpretation or application of ISO without a formal and legal Revision

ISO would be better off upholding their part of the contract - the one where they imply they will have a process in place to ensure that only "competent" auditors are let loose in the ISO / CB / Compliance arena.

From some of the comments "by auditors" here it seems they want to take over the QMS of their client. Recommended improvements - (be it Process Approach or other) are not meant to address serious flaws in the QMS -

If "recommended improvements" form more than a Minor Part of the Audit Report, then the Auditor has got it wrong!!!! there must be some serious Non-Compliance at hand - to which the Auditor is probably frighted to address in case of complaint to the CB and possible loss of business (and job)!

 

[Richard Pike]

In an ideal world, yes. I run into very few such companies. What should we do with the companies that fall way short? Should we try to help within the bounds of "value added"? I think we should.

Absolutely not ! If companies fall "WAY SHORT" :- then do what an Auditor gets paid for - highlight the weakness and decide if they warrant non-conformance! And if it is WAY SHORT you are obligated to challenge the competence of the Man Rep.

And if you are trying to - hold their hand - and HELP them you should be reported to ISO through your CB for unethical behavior.

On a softer note - in all seriousness - what type of time ratio do you allocate to value adding such an Organization that falls WAY SHORT.
If it is minimal - then you are not helping much anyway - if its substantial - then you are not sticking to your Audit Schedule!


This adding value - is mainly a marketing ploy by CB,s to compete with other CB,s. God how many times have I heard that - when CB,s are trying to elicit business! (unless you are referring to Internal Audits - which this thread is not!)

 

[dknox4]

<snip>From some of the comments "by auditors" here it seems they want to take over the QMS of their client. Recommended improvements - (be it Process Approach or other) are not meant to address serious flaws in the QMS -

If "recommended improvements" form more than a Minor Part of the Audit Report, then the Auditor has got it wrong!!!! there must be some serious Non-Compliance at hand - to which the Auditor is probably frighted to address in case of complaint to the CB and possible loss of business (and job)!

Response:

Well said. My registrar refuses to write OFI's for just this reason. OFI's are more often than not N/C's in sheeps clothing, or a veiled form of consulting (adding value). There were several times, earlier in my career, where I had an auditor make recommendations about changing something that was put in place specifically as a result of an earlier auditor "recommendation".

 

[Jen Kirley]

I asked for practical examples of what kind of evidence would have satisfied your quest for a process approach in auditees, but I am still just getting theory in your responses, ISO 9001 Guy. What objective evidence would indicate your auditees are applying the 8 principles?

I submit an element-to-element approach also suggests potentially a list of things besides a focus on simple compliance, including (there could be more) the system's growth stage, the organization's culture, pressures of the economy (some are running on skeleton crews) and so on. As an auditor I would never write an NC, OFI or observation that even hints to judgment about their devotion to quality or their intent to comply with 4.1a's intent. If companies want more than an assessment of compliance to standard, we have more appropriate sources, such as Baldrige. It occurs to me you may feel more fulfilled if you did work in that group versus auditing to standards because the Baldrige process is less constricting.

The fact is, as ISO auditors we have limits. We assess based on what the standard says, not our interpretation of definition under 4.1a. If a company does not present evidence of having a process realization process etc., say so. If an organization has all the elements covered and can show it is effective, it is not a good idea, in my view, to pass judgment on its progress, or lack of it, in process approach. I'm not about to psychoanalyze them or declare the folks working in ISO 9001:2008-certified companies who use the element-by-element approach do not see the value in their documentation. If their documentation helps them in spite of a less-than-religious view of quality, chances are good the documentation does have some value and someone in there knows why.

Bottom line is, we must audit to what the standard says, not what we believe its intent is. Now I'm all for helping organizations move to the next level - of course it's profitable (you're preaching to the choir there) but ISO's weak spot is the fact it is a list of shalls. The fact that those shalls add up to what should be a functioning QMS should indeed matter. We have that to operate against, and behavioral boundaries in which to do it.

Patience, patience. I have seen a lot of growth in my organization's systems in the three years since I started there, and I didn't once need to say "you need to use a process approach" because very few would have understood me. I need to give real world examples of what it would look like, what I expect registrars and regulators would appreciate, and specifically what could be done to make operations more efficient. I need to point out disconnects between authority and responsibility, and the like. Over time, it's working. The difference between me and external auditors is that I get to do these things, and they don't. Their roles are limited. Boom, that's it.

 

[ISO 9001 Guy]

I asked for practical examples of what kind of evidence would have satisfied your quest for a process approach in auditees, but I am still just getting theory in your responses, ISO 9001 Guy. What objective evidence would indicate your auditees are applying the 8 principles?

I'll be happy to indulge you here. I believe the beginnings to the answer to your question are posted elsewhere in this thread (by you). But before we snap into (accelerated) learning mode, please, will you answer a question posed more than once by me? I haven't heard a good, clear answer yet. In so many words, the question is:

"Why wouldn't quality professionals wishing to add value to their client organizations' QMSs recommend an approach that is more sensible and easier for organizations to deal with, an approach formally endorsed by ISO and TC 176?" A separate answer may be appropriate for: consultants, auditors, and CBS.

Can you help me with this? Thanks.

 

[Richard Pike]

I'll be happy to indulge you here. I believe the beginnings to the answer to your question are posted elsewhere in this thread (by you). But before we snap into (accelerated) learning mode, please, will you answer a question posed more than once by me? I haven't heard a good, clear answer yet. In so many words, the question is:

"Why wouldn't quality professionals wishing to add value to their client organizations' QMSs recommend an approach that is more sensible and easier for organizations to deal with, an approach formally endorsed by ISO and TC 176?" A separate answer may be appropriate for: consultants, auditors, and CBS.

Can you help me with this? Thanks.

Quality professionals absolutely would want to add value - however CB Auditors , whilst I hope are also professionals - play an entirely different role. The two roles are seperate and confusion as to where to draw the barrier lines are the cause of so much "discussion".

I find it very interesting that it is "predominantly" CB Auditors that keep on harping about "adding value". Most Man Reps (especially the competent ones) would prefer they did not!

 

[Richard Pike]

I asked for practical examples of what kind of evidence would have satisfied your quest for a process approach in auditees, but I am still just getting theory in your responses, ISO 9001 Guy. What objective evidence would indicate your auditees are applying the 8 principles?

Now that is the most pertinent question I have seen in this thread well done!

And as an addendum - I still would throw out any CB Auditor that challenged the "lack off" Process Approach from a time served Certified Organization.

Yes guys !

I know you have ran an effective QMS for a number of years!,

I know we haven't brought this up before!

I know I,m new to your Organization! (I must be or i would have brought it up at the last audit).

I know, my last CB fired me! but I still think I am right!

The fact is , if I complained to the CB about such a statement, (i.e. you no longer have a sufficient process approach to your QMS) and told them I am not happy, what do you think would happen?
From several experiences - I can tell you - the CB would backtrack all the way to their bank account and would also have a quite word with the Auditor.

They only way Auditors get away with such action is because the Man Rep is too weak to respond adequately. (well that's my opinion anyway - sorry if it offends anybody)

 

[Jim Wynne]

Ok, I'll give it a shot. Just for you.

Let's assume a machine shop operating an element-by-element QMS.
If directed to write it up as a nonconformity, it might look like this (on steroids):

"ISO 9001:2008, 4.1a states that, "The organization shall . . . a) determine the processes needed for the quality management system and their application throughout the organization." Because your realization processes are [. . . confirmed by whatever basis during stage 1]: Sales, Purchasing, Receiving, Production, and Shipping, while the QMS is defined (Quality manual , rev Z, x.y.z) as being composed of the following realization processes [guessing here, as they could be based on 1994 requirements!]: "Planning of Product Realization," "Customer-Related Processes," "Product Identification," "Production and Service Provision," Identification and Traceability," "Customer Property," "Preservation of Product," . . . the QMS as defined does not reflect QMS processes. [Notice an auditor really wouldn't even need to visit the organization to suspect this documentation structure if the documents were provided ahead of time.] Although the "Customer-Related Processes" procedure ("Contract Review" procedure?) corresponds to the Sales process and the Purchasing procedure corresponds to the Purchasing process, the balance of the "procedures" do not address the remaining realization processes--Receiving, Production, and Shipping--in a process approach fashion. Rather, an element-by-element approach is apparent. [The existing correlation between the two realization procedures and their respective processes appears to be coincidental, as the applicable requirements naturally pertain to these two realization processes; further, the balance of the QMS "procedures" addressing realization requirements appear to confuse activities and processes, again failing to properly determine processes needed for the management system.] Thus, by failing to determine processes needed for the quality management system, the organization has CLEARLY not met the requirements of ISO 9001:2008, 4.1a to "determine the processes needed for the quality management system." Please refer to the following guidance regarding the process approach . . . [ISO/IAF APG guidance . . . N544R. . . ISO 9000:2005 . . . ISO 9001:2008 . . . not a lot out there, really, is there? ISO 9004:2009 could be referenced, but only after organizations have adopted the process approach, it seems. Then sustain it.]

As an observation, it might look more like this: "The QMS, as defined, is in questionable conformity with the intent of ISO 9001:2008, 4.1a. [Use as much of the language from the above finding as you like to properly describe the nature of the finding.] This finding is raised as an observation pending further direction to raise it as a nonconformity. [?] And/or . . . an opportunity to streamline and simplify the defined QMS exists. And/or . . . what other opportunities for improvement might the process approach offer? Again direct the auditee to good information about the process approach.
Another thought: it seems common practice to offer thinly-veiled (and not necessarily inappropriate) advice by saying, "I've seen other companies do it successfully this way . . ." If this "commentary" is acceptable, all an auditor needs to know is one good example of a company using the process approach. "I've seen XYZ company use the process approach . . ."

First, a friendly suggestion: dense blocks of text such as those above are difficult to read on normal computer monitor, and almost impossible on something smaller. If you break it up into paragraphs and use some white space, it'll be much easier to read.

Now. One thing I've noticed as absent from all of this is a cogent, rigorous definition of the process approach that we can use to contrast with the element-by-element thing. We also don't know much about the element-by-element thing except that you don't like it (I don't either, but for different reasons). In my experience, matching documentation to the clauses of the standard isn't necessarily antithetical to the process approach; it's just a way of classifying things.

Attempts have been made to draw you out on these issues but they've come to a halt via "let's agree to disagree," which leaves significant questions hanging in the air. You've made a somewhat radical proposition, so I don't think it's too much to ask you to support it with something other than plain assertions. As I suggested in an earlier post, you've reached your conclusion but won't support it with logical antecedents such that we can see that if A is true and B is true and C is true, by logical progression D (your thesis) must also be true. Your defense of A, B and C has mostly consisted of "Let's agree to disagree," the result of which is to bring fruitful discussion to a sudden halt.

I'll make one more attempt to understand your reasoning, this time by way of a hypothetical situation. Suppose we have a company with a QMS that's been designed and documented in PA fashion, such that a competent auditor is satisfied with implementation of the PA. NOw suppose that the company decides, for their own reasons, to reclassify the documentation such that its numbering system aligns with the numbered clauses of the standard--nothing else changes. Now you are handed the company's documentation and are asked to determine--strictly from the documentation--whether or not the PA has been implemented.

Given that scenario, here are two questions:

1. Has the company, by deciding to reclassify existing documentation, voided their implementation of the PA?
2. Will you be able to tell, simply by looking at the reclassified documentation with no further history, whether the PA has been implemented or not?