Top Management Quality Objectives Missing - ISO 9001:2000 5.4.1

[CliffK]

Thanks for the replies Covers!

I failed to mention in my original post that we weren't given a NC, it was just an observation listed as a "system weakness" and these "opportunities for improvement" would be reviewed at the next audit.

I thought it was something like that. Someday I will perhaps understand why some few auditors believe they have the right to tell you how to run your business.
Seems like some of them come from a planet where all the streets are marked "one way."

That's why I wanted to make sure we did indeed have a full understanding of the requirement and that we could effectively communicate that we were meeting it in a way that was meaningful to our business. I appreciate the feedback!

Opportunities for improvement aren't binding. There is no real reason to "review" them at the next audit.

Your understanding and rationale are both fine, You shouldn't have to defend them to the auditor. It's a shame he's putting you on the defensive in this way.

Paul's advice is excellent - don't hesitate to complain to the parent company if there are problems.

 

[Helmut Jilling]

I thought it was something like that. Someday I will perhaps understand why some few auditors believe they have the right to tell you how to run your business.
Seems like some of them come from a planet where all the streets are marked "one way."
Opportunities for improvement aren't binding. There is no real reason to "review" them at the next audit.

Your understanding and rationale are both fine, You shouldn't have to defend them to the auditor. It's a shame he's putting you on the defensive in this way.

Paul's advice is excellent - don't hesitate to complain to the parent company if there are problems.

Cliff, while I agree with the intent of your advice, I think you went a bit far. In today's ISO and TS world, 3rd party auditors are not just doing "compliance audits." We are trained and constrained to push the improvement aspect as well. Unfortunately, it is not always clean and simple. That's why auditors and clients have to work together.

For example, some OFI's that I have written are:

1. Your downtime is rather high, compared to similar companies. (It is their prerogative, but it is my job to inform them.

2. You have few, and basic Quality Objectives. Compliant, but you are not getting the full benefit of the purpose for this requirement.

3. Process XYZ is compliant, but appears rather complex and unncessarily complex. etc...

They don't have to do them, and they may not always agree with them. But, I am not doing my job if I don't point it out. And often, there is a lot of financial benefit in those OFIs, though they may not see it immediately.

Remember, the ISO program is about continual improvement, and good auditors see more companies in a year than most people get to see in a whole career. Unfortunately, while this tool can be valuable in the hands of a skillful auditor, in the hands of a rookie, it can be messy and ugly. Also, since communication is not always a particulary effective activity, sometimes the auditor's comments are misconstrued.

For all these reasons, OFIs are not mandatory to implement. But, for an organization that supposedly is "committed to continual improvement," (it's in your Quality Policy, remember?), it is expected that OFIs be considered by the managment team, as to whether they would provide benefit and be feasible. But it remains with the organization to decide whether to do them.

Frankly, I would drop a client that does not have an interest in hearing and considering OFI's. I work too hard to waste time on clients that are not committed to improvement based on the audit process. There are other auditors who can audit them to basics, if that is what they want.

 

[Helmut Jilling]

I'm resurrecting an old thread here, mostly because this post hit the nail on the head with my current dilemma. We're due for another surveillance audit in a couple months and I was reviewing the registrar's last report. It stated that we needed more quality objectives. Ours are:

I. Customer Confidence
(a) Orders delivered error free - percent of orders shipped without verified customer returns.
(b) Orders delivered on-time – percent of orders shipped later than the dock date originally quoted to the customer.

II. Improvements in Our Capabilities
(a)Maintain or improve our internal defect rates.

III. Employee Confidence
(a) Maintain or improve the level of employee satisfaction in both their jobs and the environment in which they perform them.


They're all measurable (measured and reported) and relate directly to our Policy. We're a small company and if any process breaks down we know where, how, and why immediately if not sooner. I can find no value in measuring, for example, if purchase orders are placed on time, if jobs are released on time, etc. We've done it, found it to be in control for a long enough period of time, and quit doing it because again, no value. I can see where a large, departmentalized company may need to know which link in the chain is causing problems and they get this info from internal metrics, but here we're all involved solely in the three listed above.

I'm sure the auditor is going to try to give my QA Director another finding, then they're going to come to me to see why top management didn't establish these lower level objectives and there'll be an hour of my life I'll never get back...

Oh yeah, and:

We never ship anything late and have exceptional customer quality ratings.
Our internal defect rates have gone down (from when I started here 19 mos. ago and implemented this QMS) and are stable.
Our employees are happy.

Am I missing something here, still, or am I rightly prepared to defend my interpretation and perspective?

Thanks,

Tym Tucker
VP Ops
Cable Technologies, Inc.

I'll stand by my previous comments to Cliff's post, but I also want to comment that your objectives, at fisrt glance, are pretty good. If I were auditing, I would want to see the current performance to these. And, I would ask what the specific targets might be. However, you are complaint. And if the current performance is exceptional, I would commend you.

However, I might still look at all the other processes you have, (and I assume you measure or monitor based on cl 4.1.e), and I may ask whether you set goals and targets for any of the rest? I can't make you, but might question why you wouldn't want to.

You also said you reviewed them, in prep for your upcoming audit. I might also question whether the Mgt. team reviewed them after the audit. They are not meant to be filed away unreviewed.

But, by all means, do keep up the good performance, and keep improving.

 

[JaneB]

We're due for another surveillance audit in a couple months and I was reviewing the registrar's last report. It stated that we needed more quality objectives.

Haven't seen the exact wording, but assuming that's what it says, then I share the reservations of others. You're required to have objectives - no prescription of how many is correct (thank the Lord, as this naturally varies).

I would refuse to accept this as reasonable. I would politely insist on more information on precisely what the 'problem' is perceived to be, including references to the exact clause/s in question.

Your quoted objectives sound great to me.

We're a small company and if any process breaks down we know where, how, and why immediately if not sooner.

Wonderful. Would that some of the firms I've seen could say the same

I can find no value in measuring, for example, if purchase orders are placed on time, if jobs are released on time, etc. We've done it, found it to be in control for a long enough period of time, and quit doing it because again, no value.

Good for you. There's no point in measuring for the sake of it.

I'd recommend covering bases (if you haven't already) by making a suitable record to demonstrate that said auditor's 'finding/suggestion' has at least been consideration and then rejected, for the reasons given.

Am I missing something here, still, or am I rightly prepared to defend my interpretation and perspective?

Not from where I'm sitting, & on the basis of the info supplied. Nor does it sound as though there are any indicators of a 'problem'. Is the auditor seeing any indicators? If so, what are they?

I would debate it vigorously, using the strategies above. And if necessary discuss with the auditor's technical manager. And if you still get no joy, reconsider your particular certifier.

 

[Paul Simpson]

Cliff, while I agree with the intent of your advice, I think you went a bit far. In today's ISO and TS world, 3rd party auditors are not just doing "compliance audits." We are trained and constrained to push the improvement aspect as well. Unfortunately, it is not always clean and simple. That's why auditors and clients have to work together.

Admirable sentiments, Helmut. What we have restarted discussing in this thread is where the auditor goes beyond their remit (in the eyes of the auditee) and tries to impose their view of the QMS on the organization.

For example, some OFI's that I have written are:

1. Your downtime is rather high, compared to similar companies. (It is their prerogative, but it is my job to inform them.

2. You have few, and basic Quality Objectives. Compliant, but you are not getting the full benefit of the purpose for this requirement.

3. Process XYZ is compliant, but appears rather complex and unncessarily complex. etc...

Now I don't know the context of these OFIs but I could certainly see problems with them. Putting my devil's advocate hat on :

• 1. I might be a bit upset that you were "using" my data around the industry - didn't you say information was to be confidential?
• 2. There is a general rule of thumb that if you go beyond 5 in anything the human brain is unable to cope. So 5 (or fewer) straightforward objectives might be the way the organization ensures their continual improvement programme is sustainable.
• 3. IMHO unless you tell me why the process is considered complex (and in what areas) then I have nothing to go on

Now I don't mean to critique your OFIs per se - just to point out that there are risks to any aspect of auditing / audit reporting.

They don't have to do them, and they may not always agree with them. But, I am not doing my job if I don't point it out. And often, there is a lot of financial benefit in those OFIs, though they may not see it immediately.

I have just finished an audit where the client "ignored" a couple of observations raised at the previous audit. I was disappointed that they appeared to have swept things under the carpet (and said so at the time).

This approach was symptomatic of other problems and, to cut a long story short, they have a couple of Major NCs to deal with and an observation about company culture. Watch this space!

Remember, the ISO program is about continual improvement, and good auditors see more companies in a year than most people get to see in a whole career.

Unfortunately wide exposure is not a guarantee of a quality audit. Flexibility and empathy are more important in giving a good service to the client.

Unfortunately, while this tool can be valuable in the hands of a skillful auditor, in the hands of a rookie, it can be messy and ugly. Also, since communication is not always a particulary effective activity, sometimes the auditor's comments are misconstrued.

Going back to the restart of this thread the issue seems to be that the auditor's comments are misjudged. If s / he is trying to impose big company / complex objective frameworks on a simple organization then they have not understood the company.

For all these reasons, OFIs are not mandatory to implement. But, for an organization that supposedly is "committed to continual improvement," (it's in your Quality Policy, remember?), it is expected that OFIs be considered by the managment team, as to whether they would provide benefit and be feasible. But it remains with the organization to decide whether to do them.

Agreed - the company's management is telling us (Directly) that, having considered the "OFI" it would make their system worse to implement the changes the auditor is suggesting.

Frankly, I would drop a client that does not have an interest in hearing and considering OFI's. I work too hard to waste time on clients that are not committed to improvement based on the audit process. There are other auditors who can audit them to basics, if that is what they want.

Now you have said this before, my questions are:

• Are you in a position to "drop" clients? My understanding is that you, like me, are a contract auditor. I have yet to see any contract auditor in a position or wishing to choose their audits.
• Are you saying that a compliant system is not a justification for certification? Just because they don't like your suggestions is, surely, not a good enough reason to "drop" them. They do have some continual improvement activities in place, don't they?

 

[Geoff Withnell]

Thanks for the replies Covers!

I failed to mention in my original post that we weren't given a NC, it was just an observation listed as a "system weakness" and these "opportunities for improvement" would be reviewed at the next audit. That's why I wanted to make sure we did indeed have a full understanding of the requirement and that we could effectively communicate that we were meeting it in a way that was meaningful to our business. I appreciate the feedback!

Tym Tucker

Tym,
I fully agree with my colleagues that there is no nonconformance here. That said, I do believe there maybe in fact a good opportunity for improvement. This is based on the very fact that you are doing so well with your objectives. Is there an area that is not doing so well? May be you should add a problem area and track that. I'm of course speaking from very little knowledge of your specifics, but I have seen cases where most things were hunky-dory, and the objectives measured that, but some real areas of possible improvement existed, and where not measured.

Geoff Withnell

 

[CliffK]

Cliff, while I agree with the intent of your advice, I think you went a bit far. In today's ISO and TS world, 3rd party auditors are not just doing "compliance audits." We are trained and constrained to push the improvement aspect as well. Unfortunately, it is not always clean and simple. That's why auditors and clients have to work together.

Helmut, I appreciate your point of view and thank you for taking the time to express it so well. I would like you to understand that my opinions about auditors and how auditors should act come from observing auditors in action and seeing how the auditors affect clients.

I believe "pushing the improvement aspect" means determining if there is a mechanism for continual improvement and evaluating its effectiveness. I do not believe that it means becoming an engine of improvement.

I've looked at a few, not many, registrar contracts lately. The agreed-to service is to verify compliance in all the ones I've examined.

For example, some OFI's that I have written are:

1. Your downtime is rather high, compared to similar companies. (It is their prerogative, but it is my job to inform them.

2. You have few, and basic Quality Objectives. Compliant, but you are not getting the full benefit of the purpose for this requirement.

3. Process XYZ is compliant, but appears rather complex and unncessarily complex. etc...

These may be excellent. But where do you draw the line with regard to consulting? By 'partnering' with your client in this way, are you not in danger of losing your objectivity?

They don't have to do them, and they may not always agree with them. But, I am not doing my job if I don't point it out. And often, there is a lot of financial benefit in those OFIs, though they may not see it immediately.

Remember, the ISO program is about continual improvement, and good auditors see more companies in a year than most people get to see in a whole career.

That raises the point about confidentiality.

Unfortunately, while this tool can be valuable in the hands of a skillful auditor, in the hands of a rookie, it can be messy and ugly. Also, since communication is not always a particulary effective activity, sometimes the auditor's comments are misconstrued.

It's not just a matter of experience. No doubt competent auditors exist; I've had the pleasure of seeing some in action. That said, there are far too many who either sleepwalk and pencil whip the audit or play "my way or the highway."

For all these reasons, OFIs are not mandatory to implement. But, for an organization that supposedly is "committed to continual improvement," (it's in your Quality Policy, remember?), it is expected that OFIs be considered by the managment team, as to whether they would provide benefit and be feasible. But it remains with the organization to decide whether to do them.

Exactly. But when the auditor tells a client, "we'll review these next time around" there's a warning, maybe even a threat. Some clients, especially those new to the game, are easily swayed by these statements and often do unnecessary work.

I do think it's legitimate for an auditor to use an OFI to put a client on notice that there's an NC lurking in the future, but only when the NC can't be fully pursued during the current audit -- maybe it's too far off-scope, or the auditor is out of time.

Frankly, I would drop a client that does not have an interest in hearing and considering OFI's. I work too hard to waste time on clients that are not committed to improvement based on the audit process. There are other auditors who can audit them to basics, if that is what they want.

I wish I could do that, but the cats come around demanding to be fed and I've spoiled my family by allowing them to live indoors. Unfortunately, the perfect client doesn't really need my services in the first place. But that's another story.

 

[Roland Cooke]

Just to simplify things....

Our top management established three Quality Objectives which are applicable to ALL levels (including top management) :

1) Continually improve our processes and our Quality Management System
2) Attend all of our clients requirements
3) Reduce our internal costs and delivery times.

IMO, it´s as simple as that... they are all measureable, and every level of the organization and process is directly involved in each objective.

Of course you can get by with complying with the letter of the standard. And I would agree that the wording that you've given is indeed quite useful as education for others.

But to my mind I'm not 100% sure I buy your response. Those "objectives" seem so ephemeral that I would argue that they are, in reality, actually aspects of the Quality Policy. After all, any company that doesn't include those three things is going out of business sooner or later anyway.

Surely the objectives should detail how those three "policies" are intended to be achieved in a more specific way. (I do appreciate that there would be a lot of supporting information - clearly, doing the "routine stuff" as good or better than usual is indeed an objective, and an important one at that.)

For myself, in addition to that, I tend to ask Top Management what are their most important projects over the next 24 months, and then track how that is translated through the company.

 

[Paul Simpson]

Roland, Not sure if you meant to quote the (much earlier) post by tedschmitt or the response by Tym Tucker that we have all piled in to.

I have copied an edited version (sorry Tym) below your post just in case you wanted to review again.

I believe Tym's company meets the spirit and intent of the standard.

Of course you can get by with complying with the letter of the standard. And I would agree that the wording that you've given is indeed quite useful as education for others.

But to my mind I'm not 100% sure I buy your response. Those "objectives" seem so ephemeral that I would argue that they are, in reality, actually aspects of the Quality Policy. After all, any company that doesn't include those three things is going out of business sooner or later anyway.

Surely the objectives should detail how those three "policies" are intended to be achieved in a more specific way. (I do appreciate that there would be a lot of supporting information - clearly, doing the "routine stuff" as good or better than usual is indeed an objective, and an important one at that.)

For myself, in addition to that, I tend to ask Top Management what are their most important projects over the next 24 months, and then track how that is translated through the company.

It stated that we needed more quality objectives. Ours are:

I. Customer Confidence
(a) Orders delivered error free - percent of orders shipped without verified customer returns.
(b) Orders delivered on-time – percent of orders shipped later than the dock date originally quoted to the customer.

II. Improvements in Our Capabilities
(a)Maintain or improve our internal defect rates.

III. Employee Confidence
(a) Maintain or improve the level of employee satisfaction in both their jobs and the environment in which they perform them.


They're all measurable (measured and reported) and relate directly to our Policy. We're a small company and if any process breaks down we know where, how, and why immediately if not sooner. I can find no value in measuring, for example, if purchase orders are placed on time, if jobs are released on time, etc. We've done it, found it to be in control for a long enough period of time, and quit doing it because again, no value. I can see where a large, departmentalized company may need to know which link in the chain is causing problems and they get this info from internal metrics, but here we're all involved solely in the three listed above.

Oh yeah, and:

We never ship anything late and have exceptional customer quality ratings.
Our internal defect rates have gone down (from when I started here 19 mos. ago and implemented this QMS) and are stable.
Our employees are happy.

 

[Roland Cooke]

It was the earlier post I was responding to, I really like Tym's listing.

I would add that Tym makes clear that his company is small enough that those would indeed likely describe the most important day-to-day and year-to-year concerns of the whole company.

With a larger company, some cascading / refocussing would possibly be required.