Simplifying ISO9001 Auditing by using PIs (Performance Indicators)

[Brian Hunt]

I'm doing procss improvement work in an organisation that has previouisly created procedures for everything that can be thought of. So there are over 350 documented procedures which is far too much! And a lot of associated auditing which tends to take a compliance approach both in internal and external (BSI) forms

I think that defining process capability and performance indicators would mean that if the metrics showed that the process was under control, the need for documented procedures (other than the six mandatory ones) and audits would be significantly reduced.

In other words, if the right outputs are being achieved, then the proces is under control.

Is anyone else taking this approach and what learning points can they share?

 

[deephsd]

Re: Simpliying ISO9001 auditing by using PIs

We follow a similar approach of monitoring the outputs. Continual improvement of the performance indicators and raising the benchmark is something that you can look at if you have not already.

350 procedures definitely seem a LOT, although I'm not sure of the size or complexity of that organization you are referring to.

Thanks,
Deepak

 

[John Broomfield]

Brian,

Your 350 procedures may not have benefited from the application of clause 4.1c (and clause 4.2.1d).

But relying on measuring the outputs of processes is not preventive.

Get the inputs right and the process right and the outputs are bound to be right.

Corrected cost of quality curves, from the fifth edition of Juran on, tell us that only by investing in prevention do we get the lowest cost.

John

 

[Marcelo]

This seems to me like one past client that was not really sure what to document and so documented everything, and after years, always said that it was required by "someone", be it a regulatory agency, certification body, everything.

Worse, the procedures were usually not really needed and most where out of date related to current practice because, between us, to really maintain 350 procedures you would need some people focused 24/07 on then.

My solution at the time was to remap the processes and system (they did?t do that before, there was no system planning, they though planning and creating the quality system meant to create the procedures - very common mistake), but in the end we did not even finish that because people had a lot of trouble with the concept of process mapping and they wanted to KEEP a lot of the procedures, even if they were not using or updating them correctly.

But in my opinion we could have removed some 80 % or more or all the procedures.


Also, take a look at this post: http://elsmar.com/Forums/showpost.php?p=558952&postcount=6

 

[Brian Hunt]

Re: Simpliying ISO9001 auditing by using PIs

Hi Deepak - It's a public sector organisation that maintains existing facilities and does some new projects. Not pushing the frontiers of technology.

 

[Brian Hunt]

Hi John. My approach is measure, analyse, improve. So that addresses preventative action and continuous improvement. But the organisation also needs the right culture and approach. Too many see quality as a tick box activity

 

[Brian Hunt]

Hi Marcelo

This seems to me like one past client that was not really sure what to document and so documented everything, and after years, always that it was required by "someone", be a regulatory agency, certification body, everything.

Yes - this is the case here. A 'consultant' (spit) told them to document everything and then bought in an army of his buddies to do this. Then the external auditor (BSI) backed up this approach - even though a process approach is supposed to be followed.

Worse, the procedures were usually not really needed and most where out of date which current practice because, between us, to really maintain 350 procedures you would need some people focused 24/07 on then.

That's what happens
My solution at the time was to remap the process and system (they did?t do that before, there no system planning, they though planning and creating the quality system meant create the procedures - very common mistake), but in the end we did not even finished that because people had a lot of trouble with the concept of process mapping and they wanted to KEEP a lot of the procedures, even if they were not using of updating them correctly.

Yes - tear it up and start again. My initial findings suggest that only about 20% of these are needed - if that.

But in my opinion we could have removed some 80 % or more or all the procedures.

 

[AndyN]

Brian:

Don't take it out on the consultant - blame the people who foster a "say what you do, do what you say" approach to management systems! But you are right, and it's actually quite normal to over document - clients do it without any outside help, too!

Internal auditing SHOULD take into consideration the "planned arrangements" - from objectives, customer requirements, inputs, process, outputs and results, of course. Simply looking at results isn't going to be validation of the process however - or the need for any documents to define the process and its control.

Don't overlook the fact that as an auditor, you are there to validate management choice of process/controls etc.

 

[John Broomfield]

Hi John. My approach is measure, analyse, improve. So that addresses preventative action and continuous improvement. But the organisation also needs the right culture and approach. Too many see quality as a tick box activity

Brian,

Yes, I wondering how your improvement cycle would work if the process-based management system focused only on process output.

I am sure your colleagues could agree that their management system is meant to help them to determine and meet requirements.

Through this focus on requirements they can eventually understand the true nature of quality but let them realize this for themselves.

Quality is personal. Commitment to deliver quality has to come from within.

Best wishes,

John

 

[RoxaneB]

I look at both documented processes and the metrics.

As much as I believe that documentation is not always needed, the organization I am with currently lacks in the area of standardization and effective training, so we're going down the route of documenting our core activities.

When it comes to evaluating metrics, I look beyond the "hitting target or not" trait. I also look for a positive historical trend over several years, if the site is the benchmark, if their metrics is aligned with the company metric, etc.

To keep this simple, I essentially plot a location's conformance to process and achievement of metric requirements. If they fall in the upper right (excellent performance in both), life is great! If they conform to process but aren't achieving metric requirements, we discuss things like technology, outliers, etc.. If they are achieving metric requirements but are not following the process, we discuss what they are doing differently and why (and corporately, we decide if that will become the new standard). And if they are not excelling in either area, we have really big discussion.

To audit only metrics does not allow for a in-depth discussion on procedure accuracy and applicability. To discuss only the procedure means results are ignored. The two together are what (hopefully) result in a good output for and from a process.