QS-9000 System redesign - Several Major non-conformances - Where to start?

[JGEE]

Our company is currently ISO9001:QS9000 registered. Following a recent surveillance audit, the assessor informed us that he could impose several Major non-conformances. However, he did not. Since we are affiliated with the auto industry and 90% of our customer base involves a single company that is a tier 1 to GM, this audit result was very alarming.

We have been registered since 1996. The same Registrar has always performed our audits. Somehow, the previous audits did not raise the flag. This was a surprise to our lead assessor as well.

I’m looking for some advice. I started as the Quality Manager in December of 2000. I was automatically assigned the task of redesigning the QS system. We have the usual Quality Manual that is aligned with the QS9000 (1998) standard. However, the level 2 procedures seem to be lacking. In fact they are very similar, if not exactly the same as the Quality Manual. To paraphrase our assessor, they seem like a regurgitation of the manual. The assessor also felt that APQP needs a thorough review.

Does anyone have suggestions on the best starting point. My plan was to start with a group meeting of managers from all departments, with the agenda of flowcharting the activities from department to department. From this map, I was going to have the group determine inputs to process steps, followed by a determination of what level 2 procedures would be necessary to support the process step. My hope is that achieving a full understanding of processes would allow me to do a gap analysis in comparison to the QS requirements.

I have approximately 5 months to demonstrate significant improvement – or else!

 

[Dan Larsen]

I think I'd start by taking a hard look at what the auditor is saying. You've passed a number of audits since 1996 and now suddenly your system isn't right? Either there has been a change in your systems or the new auditor has preconceived notions about what and how things should be addressed (and these may not be correct for your business). It may be worth discussing with your registrar at a higher level, a quasi appeal in a way, to find out who's right and who's wrong. I think you have what could be a serious situation here, and I don't know that you should just assume that the auditor is correct. This approach assumes that all your previous auditors were wrong, which I think is a poor assumption.

Beyond that introductory comment, I'd consider the auditors concerns as constructive criticism. I think I'd start by identifying the "must" procedures according to the standard, and have those personnel responsible start taking a critical look at the procedure and determining whether it's accurate to the current system.

In conjunction with this, I'd also take a hard look at the tier 1 document. The tier 1 could be going too deep (if it starts getting into procedural issues) just as much as the tier 2 could be too shallow. I think you have to identify which is the possible problem. It may be that the tier 1 could use a revamp just as much as improving the procedures.

Five months can go fast. I'd concentrate on the "musts" first. Plan the project (Gantt chart maybe) and layout the game plan and make sure dates are held. Even if the project isn't complete in five months, but is still on track to your planner, you may avoid a hit.

 

[Dan Larsen]

JGEE,

The latest posting helps my understanding quite a bit. I think you're definitely on the right track by tackling the procedures, and your comment about "who does what when" with respect to procedures falls in line with the classic approach.

To battle the time constraint, I'd definitely tackle the "musts", the rest (if any are required) will follow.

Sounds like your auditor saw an opportunity and decided to make the most of it. It might be an example of the auditor working with the company to coordinate an overall improvement.

Good luck, and if you're in the midwest and need some help you can always give me a call

 

[JGEE]

Dan, thanks for the input.

I feel that our Quality Manual was constructed with the appropriate amount of detail. The manual simply states policies that support the QS "shall's".

I believe that the procedures are the real issue. Since they restate the manual, they really don't illustrate who does what, when. I think my predecessors had some difficulty creating the level two and three documents.

As far as the assessor, he has a history with our company. This was his third surveillence audit with us. It is my understanding that he has tried to make this company aware of the shortcomings of how the QMS was put together. He felt that there was always a political battle during audits in regards to QS interpretation.

My predecessor and another quality engineer were the system architects. Both are no longer with the company. They were called upon for all audits, and expected to defended the system they created. I've been told they could usually talk there way out of audit findings. Oh well, lesson learned by senior management!

I think your suggestion of a plan (gannt) for addressing the "must's" is on the same track with what I was planning. Thanks.

 

[outoftown]

Just to possibly shed some light on the matter because I tell many of my clients the same things your auditor said...your auditor probably didn't explain that the shift to process-focused audits have created scenarios where formerly compliant systems (all the docs were OK) is no longer sufficient to demonstrate compliance (all the processes are OK). For example, it looks a lot different when a auditor reviews a fairly new internal audit system and finds a year later that your nonconformances found have dwindled to zero. Your system hasn't changed, that's just the problem. Discuss what changes may be needed with your auditor before you spin your wheels modifying docs for no reason.

 

[barb butrym]

if it were me, i would hire a consultant that is well versed in QS (MARC???????) to come in and do an independant look at the system...you could well be the victim of a poor audit team (past) compounded with a current auditor that hasn't enough experience to flex when necessary...either/or/both or what ever....needless to say now that it is on paper it has to be addressed.
So :
1) draw the line in the sand...exactly where are you?
2) prioritize
3) then pull the management team together so you an send them out with facts, fixes and focus

Sometimes when a registrar has had lousy auditors, and suddenly 'gets religion" the clients pay dearest...which is why you didn't get the majors, cause it would look bad for them....there is no way a company can go from Ok to several majors in 6 months and be solely to blame without some signifant and obvious changes. Maybe its time to move on to 16949 and another registrar??

Actually, now that i think about it that process stuff above has a lot of merit too...but i still would not want to GUESS with so little time

[This message has been edited by barb butrym (edited 19 March 2001).]

 

[Marc]

You might also want to take a look at http://Elsmar.com/Imp/ for some ideas.

My only real comment is your registrar has significantly failed you if after 5 years they come in and tell you what you have been doing up to now is not compliant. As far as the auditor claiming they could nail you on one or more major nonconformances and didn't. I personally would start seeking out a new registrar. Some folks might even consider filing a complaint to the RAB or filing a lawsuit against the registrar.

[This message has been edited by Marc Smith (edited 19 March 2001).]

 

[Marc]

Originally posted by outoftown:

I tell many of my clients the same things your auditor said...your auditor probably didn't explain that the shift to process-focused audits have created scenarios where formerly compliant systems (all the docs were OK) is no longer sufficient to demonstrate compliance (all the processes are OK).

I disagree. Only if a company is asleep should changes within a year surprise them or their auditors. At this time, only telling us what the nonconformances were for will allow us to evaluate whether they make sense or not.

->For example, it looks a lot different when a auditor
->reviews a fairly new internal audit system and finds a
->year later that your nonconformances found have dwindled
->to zero. Your system hasn't changed, that's just the
->problem.

This sounds to me like a completely different situation than described. If the internal audit system fails the first year it is unlikely that the failure is related to a change in (evolution of) requirements of the spec.

QS hasn't changed since 1998. JGEE is saying for 2+ years the registrar has approved the system and now says it's no good.

JGEE says:
->We have been registered since 1996. The same Registrar has
->always performed our audits. Somehow, the previous audits
->did not raise the flag.

They either didn't give a darn before or sent you real stupid auditors for 3 years.

This whole scenario sounds weird to me.

->the assessor informed us that he could impose several
->Major non-conformances. However, he did not.

This alone spells fraud to me. I was not aware a registrar has a choice of not citing you for existing major nonconformances.

 

[Sam]

JGEE, You have already been certified, been through several surveillance audits and countless internal audits.
IMO tell your auditor to "write away" and let the nonconformances fall where they may.
After this many years the burden of proof rests with your auditor.
Enen tho audits are considered to be random; major nonconformances should have turned up by now.
It souds to me,since you are new, that your auditor may be playing you a little bit.