Root Cause Analysis and ISO 9001
What do you folks think about this??
----------------------
From: ISO Standards Discussion
Date: Wed, 19 Jul 2000 10:36:45 -0500
Subject: Q: Cause Analysis /Naish
I have a question regarding cause analysis versus root cause analysis which is four fold.
First, I do not find the word root cause used in the current 9001 or 9002 standard. I see cause. I have had several auditors now who are indicating root cause needs to be performed. In QS it expresses a discipline as to how to get cause analysis but leaves room for the obvious. Is there a requirement in the current standard that requires root cause? If so can you tell me where to find it.
Second, I was recently involved in an audit where the auditor indicated that "all" non conformances required "root" cause analysis including all customer complaints. Is there anyone who can provide information on where this is either a requirement or even some intent of the authors of the standard?
In the standard I see "to a degree appropriate to the magnitude of the problems and commensurate with the risks encountered". This implies to me a company has the ability to decide what the magnitude is and what the risks are and then decide what to do.
Third, in the new standard DIS version I see that a method for doing corrective action is indicated but I do not see there that all non conformances need action. Is there an intent in the new standard to require all non conformances to require such actions?
Fourth, the auditor indicated he did not think the company had done an adequate job of cause analysis because the cause list was a lay-up for a part had not allowed adequate room for cutting. He indicated that that was not sufficient and that the contract review process was not sufficient if they had not done an evaluation at the time of contract review. Where does the standard allow an auditor to indicate a cause is not adequate and insert his own thought on what the cause is and what needs to be done.
The same auditor indicated that the registrar he worked for would find it unacceptable if the cause was ever listed as human error in a case where the investigation showed the employee had been properly trained and had performed the task multiple times before and since correctly.
This statement was made in spite of the fact the employee had a check sheet of the steps they processed which were all checked off and the training and a proficiency test had been performed in the last year. There is no fool proof way to ensure the person does this step except to have the reminder in front of them. Internal audits showed people were signing off the sheet as they went so it was not a rubber stamp process at the end. The client put in an additional step which requires someone else in the department to watch them do the step and sign off on the form to make the auditor happy but this seems like a non value added waste of time for a human error simply because of an auditor.
Phyllis Naish
--------------------
From: ISO Standards Discussion
Date: Wed, 19 Jul 2000 11:36:50 -0500
Subject: Re: Cause Analysis /Naish/Hankwitz
Phyllis,
From my perspective, this auditor was way out of line to make such a judgment. The only criteria he could use to make this determination is objective evidence that implementation of the corrective action did not eliminate the problem, period. It is beyond the scope of an auditor's duty to manage or try to second-guess or control your quality operations.
----------------------
From: ISO Standards Discussion
Date: Wed, 19 Jul 2000 11:55:24 -0500
Subject: Re: Cause Analysis /Naish/Scalies
From: Charley Scalies
> First, I do not find the word root cause used in the current 9001 or 9002
> standard. I see cause. I have had several auditors now who are indicating
> root cause needs to be performed. In QS it expresses a discipline as to how
> to get cause analysis but leaves room for the obvious. Is there a requirement
> in the current standard that requires root cause? If so can you tell me where
> to find it.
Unless you have found the root cause(s), you have not found the cause(s). I would no more stop looking for the root cause until I was fairly certain I had found it, than I would continue looking for something I had lost after I had found it.
> Second, I was recently involved in an audit where the auditor indicated that........
Without repeating the balance of your entire post, I offer two comments:
1. You seem to have your head screwed on straight.
2. I am too polite to tell you where I think that auditor's head is.
God save us from auditors/registrars who are either "cowboys" or who haven't a clue of what it's all about! Whenever you find an auditor - internal, external or infernal - who tells you something that sounds like it absolutely flies in the face of common sense and good business practice:
1) He/she did not explain it to you properly and/or
2) He/she hasn't got a clue! (ISO9000 -any version you like- is designed to make good business sense. Any interpretation to the contrary is uninformed or wrong-headed.)
I suspect some of my colleagues may take me to task for such sharp opinions but, while I believe that discussion and debate over the meaning and intent of the standard's requirements is a very good and healthy thing, parsing (Philadelphia Lawyering) those requirements to the point of arbitrarily imposing non value added activities (and I consider a registration certificate to have near zero real value) lies somewhere on the continuum of incompetence, malfeasance and outright theft. I have no time and even less patience for it.
Charley Scalies
-----------------------
One More.........
-----------------------
From: ISO Standards Discussion
Date: Wed, 19 Jul 2000 12:49:21 -0500
Subject: Re: Cause Analysis /Naish/Andrews
Phyllis wrote ;
"I have a question regarding cause analysis versus root cause analysis which is four fold. First, I do not find the word root cause used in the current 9001 or 9002 standard. I see cause. I have had several auditors now who are indicating root cause needs to be performed. In QS it expresses a discipline as to how to get cause analysis but leaves room for the obvious. Is there a requirement in the current standard that requires root cause? If so can you tell me where to find it."
Comment: Although the word "root" is not used in the Standard (ISO 9001-1994), I have always interpreted "cause" to mean "Root Cause" - else what's the point?
"Second, I was recently involved in an audit where the auditor indicated that "all" non conformances required "root" cause analysis including all customer complaints. Is there anyone who can provide information on where this is either a requirement or even some intent of the authors of the standard?"
Comment: The auditor is way off the mark on thinking that ALL nonconformances require root cause analysis. There is no such requirement in the Standard. That being said, I would certainly think that a formal customer complaint was of a SIGNIFICANT enough nature to warrant performance of root cause analysis (providing that it was a valid complaint).
"In the standard I see "to a degree appropriate to the magnitude of the problems and commensurate with the risks encountered". This implies to me a company has the ability to decide what the magnitude is and what the risks are and then decide what to do.
Comment: I agree
"Third, in the new standard DIS version I see that a method for doing corrective action is indicated but I do not see there that all non conformances need action. Is there an intent in the new standard to require all non conformances to require such actions?"
Comment: That is not my interpretation; however, others on this list may see it differently
"Fourth, the auditor indicated he did not think the company had done an adequate job of cause analysis because the cause list was a lay-up for a part had not allowed adequate room for cutting. He indicated that that was not sufficient and that the contract review process was not sufficient if they had not done an evaluation at the time of contract review. Where does the standard allow an auditor to indicate a cause is not adequate and insert his own thought on what the cause is and what needs to be done."
Comment: The auditor was WAY WAY over the line on this one.
"The same auditor indicated that the registrar he worked for would find it unacceptable if the cause was ever listed as human error in a case where the investigation showed the employee had been properly trained and had performed the task multiple times before and since correctly."
Comment: Human error is sometimes an acceptable cause - PROVIDED all of the other necessary elements (training, documentation, equipment, etc. ) have been fulfilled. The problem is that sometimes human error is used as a cause without digging further to uncover the 'true' root cause of the problem.
"This statement was made in spite of the fact the employee had a check sheet of the steps they processed which were all checked off and the training and a proficiency test had been performed in the last year. There is no fool proof way to ensure the person does this step except to have the reminder in front of them. Internal audits showed people were signing off the sheet as they went so it was not a rubber stamp process at the end. The client put in an additional step which requires someone else in the department to watch them do the step and sign off on the form to make the auditor happy but this seems like a non value added waste of time for a human error simply because of an auditor."
Comment: This last part REALLY upsets me. It highlights one of the main negative aspects of third party auditing. The poor unfortunate company has now installed an additional, ZERO value added, step into their operation just to placate this, obviously under trained, auditor. Their corrective action for this situation, if they had uncovered the true ROOT CAUSE, should have been to toss the auditor out on his/her derriere.
Ethan Andrews
--------------
Left Overs
--------------
From: ISO Standards Discussion
Date: Wed, 19 Jul 2000 12:59:26 -0500
Subject: Re: Cause Analysis /../Scalies/Taormina
From: Charley Scalies
<< I suspect some of my colleagues may take me to task for such sharp opinions but, while I believe that discussion and debate over the meaning and intent of the standard's requirements is a very good and healthy thing, parsing (Philadelphia Lawyering) those requirements to the point of arbitrarily imposing non value added activities (and I consider a registration certificate to have near zero real value) lies somewhere on the continuum of incompetence, malfeasance and outright theft. I have no time and even less patience for it. >>
Are you kidding? You don't go far enough! Those who believe that ISO 9000 is prescriptive, literal and dogmatic should be taken out and shot. The standard does not say that (for profit) companies should have a profit motive. Does that mean we have to wait until the 2005 revision to start working on quality being a value add instead of a cost center? The last time I had to use my claw hammer I used the tool for the purpose which effectively fit my application, driving nails. I did not use it to remove a fly from my friend's forehead.
Tom Taormina
What do you folks think about this??
----------------------
From: ISO Standards Discussion
Date: Wed, 19 Jul 2000 10:36:45 -0500
Subject: Q: Cause Analysis /Naish
I have a question regarding cause analysis versus root cause analysis which is four fold.
First, I do not find the word root cause used in the current 9001 or 9002 standard. I see cause. I have had several auditors now who are indicating root cause needs to be performed. In QS it expresses a discipline as to how to get cause analysis but leaves room for the obvious. Is there a requirement in the current standard that requires root cause? If so can you tell me where to find it.
Second, I was recently involved in an audit where the auditor indicated that "all" non conformances required "root" cause analysis including all customer complaints. Is there anyone who can provide information on where this is either a requirement or even some intent of the authors of the standard?
In the standard I see "to a degree appropriate to the magnitude of the problems and commensurate with the risks encountered". This implies to me a company has the ability to decide what the magnitude is and what the risks are and then decide what to do.
Third, in the new standard DIS version I see that a method for doing corrective action is indicated but I do not see there that all non conformances need action. Is there an intent in the new standard to require all non conformances to require such actions?
Fourth, the auditor indicated he did not think the company had done an adequate job of cause analysis because the cause list was a lay-up for a part had not allowed adequate room for cutting. He indicated that that was not sufficient and that the contract review process was not sufficient if they had not done an evaluation at the time of contract review. Where does the standard allow an auditor to indicate a cause is not adequate and insert his own thought on what the cause is and what needs to be done.
The same auditor indicated that the registrar he worked for would find it unacceptable if the cause was ever listed as human error in a case where the investigation showed the employee had been properly trained and had performed the task multiple times before and since correctly.
This statement was made in spite of the fact the employee had a check sheet of the steps they processed which were all checked off and the training and a proficiency test had been performed in the last year. There is no fool proof way to ensure the person does this step except to have the reminder in front of them. Internal audits showed people were signing off the sheet as they went so it was not a rubber stamp process at the end. The client put in an additional step which requires someone else in the department to watch them do the step and sign off on the form to make the auditor happy but this seems like a non value added waste of time for a human error simply because of an auditor.
Phyllis Naish
--------------------
From: ISO Standards Discussion
Date: Wed, 19 Jul 2000 11:36:50 -0500
Subject: Re: Cause Analysis /Naish/Hankwitz
Phyllis,
From my perspective, this auditor was way out of line to make such a judgment. The only criteria he could use to make this determination is objective evidence that implementation of the corrective action did not eliminate the problem, period. It is beyond the scope of an auditor's duty to manage or try to second-guess or control your quality operations.
----------------------
From: ISO Standards Discussion
Date: Wed, 19 Jul 2000 11:55:24 -0500
Subject: Re: Cause Analysis /Naish/Scalies
From: Charley Scalies
> First, I do not find the word root cause used in the current 9001 or 9002
> standard. I see cause. I have had several auditors now who are indicating
> root cause needs to be performed. In QS it expresses a discipline as to how
> to get cause analysis but leaves room for the obvious. Is there a requirement
> in the current standard that requires root cause? If so can you tell me where
> to find it.
Unless you have found the root cause(s), you have not found the cause(s). I would no more stop looking for the root cause until I was fairly certain I had found it, than I would continue looking for something I had lost after I had found it.
> Second, I was recently involved in an audit where the auditor indicated that........
Without repeating the balance of your entire post, I offer two comments:
1. You seem to have your head screwed on straight.
2. I am too polite to tell you where I think that auditor's head is.
God save us from auditors/registrars who are either "cowboys" or who haven't a clue of what it's all about! Whenever you find an auditor - internal, external or infernal - who tells you something that sounds like it absolutely flies in the face of common sense and good business practice:
1) He/she did not explain it to you properly and/or
2) He/she hasn't got a clue! (ISO9000 -any version you like- is designed to make good business sense. Any interpretation to the contrary is uninformed or wrong-headed.)
I suspect some of my colleagues may take me to task for such sharp opinions but, while I believe that discussion and debate over the meaning and intent of the standard's requirements is a very good and healthy thing, parsing (Philadelphia Lawyering) those requirements to the point of arbitrarily imposing non value added activities (and I consider a registration certificate to have near zero real value) lies somewhere on the continuum of incompetence, malfeasance and outright theft. I have no time and even less patience for it.
Charley Scalies
-----------------------
One More.........
-----------------------
From: ISO Standards Discussion
Date: Wed, 19 Jul 2000 12:49:21 -0500
Subject: Re: Cause Analysis /Naish/Andrews
Phyllis wrote ;
"I have a question regarding cause analysis versus root cause analysis which is four fold. First, I do not find the word root cause used in the current 9001 or 9002 standard. I see cause. I have had several auditors now who are indicating root cause needs to be performed. In QS it expresses a discipline as to how to get cause analysis but leaves room for the obvious. Is there a requirement in the current standard that requires root cause? If so can you tell me where to find it."
Comment: Although the word "root" is not used in the Standard (ISO 9001-1994), I have always interpreted "cause" to mean "Root Cause" - else what's the point?
"Second, I was recently involved in an audit where the auditor indicated that "all" non conformances required "root" cause analysis including all customer complaints. Is there anyone who can provide information on where this is either a requirement or even some intent of the authors of the standard?"
Comment: The auditor is way off the mark on thinking that ALL nonconformances require root cause analysis. There is no such requirement in the Standard. That being said, I would certainly think that a formal customer complaint was of a SIGNIFICANT enough nature to warrant performance of root cause analysis (providing that it was a valid complaint).
"In the standard I see "to a degree appropriate to the magnitude of the problems and commensurate with the risks encountered". This implies to me a company has the ability to decide what the magnitude is and what the risks are and then decide what to do.
Comment: I agree
"Third, in the new standard DIS version I see that a method for doing corrective action is indicated but I do not see there that all non conformances need action. Is there an intent in the new standard to require all non conformances to require such actions?"
Comment: That is not my interpretation; however, others on this list may see it differently
"Fourth, the auditor indicated he did not think the company had done an adequate job of cause analysis because the cause list was a lay-up for a part had not allowed adequate room for cutting. He indicated that that was not sufficient and that the contract review process was not sufficient if they had not done an evaluation at the time of contract review. Where does the standard allow an auditor to indicate a cause is not adequate and insert his own thought on what the cause is and what needs to be done."
Comment: The auditor was WAY WAY over the line on this one.
"The same auditor indicated that the registrar he worked for would find it unacceptable if the cause was ever listed as human error in a case where the investigation showed the employee had been properly trained and had performed the task multiple times before and since correctly."
Comment: Human error is sometimes an acceptable cause - PROVIDED all of the other necessary elements (training, documentation, equipment, etc. ) have been fulfilled. The problem is that sometimes human error is used as a cause without digging further to uncover the 'true' root cause of the problem.
"This statement was made in spite of the fact the employee had a check sheet of the steps they processed which were all checked off and the training and a proficiency test had been performed in the last year. There is no fool proof way to ensure the person does this step except to have the reminder in front of them. Internal audits showed people were signing off the sheet as they went so it was not a rubber stamp process at the end. The client put in an additional step which requires someone else in the department to watch them do the step and sign off on the form to make the auditor happy but this seems like a non value added waste of time for a human error simply because of an auditor."
Comment: This last part REALLY upsets me. It highlights one of the main negative aspects of third party auditing. The poor unfortunate company has now installed an additional, ZERO value added, step into their operation just to placate this, obviously under trained, auditor. Their corrective action for this situation, if they had uncovered the true ROOT CAUSE, should have been to toss the auditor out on his/her derriere.
Ethan Andrews
--------------
Left Overs
--------------
From: ISO Standards Discussion
Date: Wed, 19 Jul 2000 12:59:26 -0500
Subject: Re: Cause Analysis /../Scalies/Taormina
From: Charley Scalies
<< I suspect some of my colleagues may take me to task for such sharp opinions but, while I believe that discussion and debate over the meaning and intent of the standard's requirements is a very good and healthy thing, parsing (Philadelphia Lawyering) those requirements to the point of arbitrarily imposing non value added activities (and I consider a registration certificate to have near zero real value) lies somewhere on the continuum of incompetence, malfeasance and outright theft. I have no time and even less patience for it. >>
Are you kidding? You don't go far enough! Those who believe that ISO 9000 is prescriptive, literal and dogmatic should be taken out and shot. The standard does not say that (for profit) companies should have a profit motive. Does that mean we have to wait until the 2005 revision to start working on quality being a value add instead of a cost center? The last time I had to use my claw hammer I used the tool for the purpose which effectively fit my application, driving nails. I did not use it to remove a fly from my friend's forehead.
Tom Taormina