Audits VS. Inspections

There is often confusion about the difference between audits and inspections. The purpose of each may seem the same, but they are slightly different.  Audits focus on why, while inspections focus on what. The purpose of an audit is to get the confidence that processes are working well.  An audit involves various layers to answer a “why” question. It involves exploratory reviews involving documentation, risk assessments, and nonconformities, etc.  While an audit may need more effort in finding an answer, an inspection is less complicated. The answer to an inspection question will involve a straightforward yes or no answer.

Inspections focus more on the action, while audits are about the process.  Inspections review a single point in time, but an audit follows a process from start to finish.  An inspection simply looks at the product or service. The process of an inspection is quite simple, it either clears the project if it meets the requirements specification or rejects it. If it is rejected, its loss can be reworked at an extra cost. Inspections must be conducted at every step to minimize the chances of product failure.

Why are audits and inspections important to an organization?  Inspections deal with things that cause immediate accidents or other issues. Inspections protect the customer, so the customer is not harmed by a non-conforming product yet from an organization’s point of view that they are too late.  The audit is to cover the root cause of these problems. The audits provide the input and ensure continuous improvement and it is where we take on nonconformities.

Here at QMII, we provide valuable information when it comes to our auditing services. We can give insight on where your system is working well as well as the risks and suggest opportunities for improvement. QMII’s audit services reduce the fear of an audit. Some individuals fear being blamed for non-conformities and often dread the idea of an audit. Our services are to ensure auditees are put at ease while QMII auditors look to find the effectiveness of controls in the system.

Although there is often confusion when differentiating audits and inspections, it can be easier to think of it as the Plan-Do-Check-Act cycle. Inspections are a “do” while audits are a “check.”  Inspections are required to do, and the audits are the process of checking and making sure inspections have been done.

 

 

Three Steps to Reducing Human Error in Your System

Reducing Human Error in Your System

As believers in the process-based system approach to management systems, QMII encourages organizations during their root cause analysis to not ask “who” but “how” and “why” the system failed the individual. Human errors primarily occur because the system has failed. Sure, there is a human element to the process, but it is only when the system is assessed that the organisation will look beyond merely training the individual yet again or firing them. This has the added benefit of truly imbibing a no-blame culture because blaming an individual is not going to change the results.

The individual in question may be replaced but unless you assess the system for adequacy, which deemed the person competent, the change of personnel may not lead to improvements.
Where the potential for human error is identified as a risk, the organisation can also choose to put systems in place to mistake-proof in order to reduce the possibility of the individual making errors. In conclusion, when human error occurs, organisations should try to address both aspects of identifying the system failure and mistake-proofing the system.

QMII President & CEO – Dr. IJ Arora presented on the topic “Three Steps to Reducing Human Error in Your System”. The Free Webinar was positively received by participants from various industries.

Click here for the full presentation.

Read more: Implementation of management systems

Follow the official YouTube Channel: QMII

Why Safety Management Systems Fail-The Cost of Non-Compliance

Quality Management International President and CEO, Dr. IJ Arora presented on the topic “Why Safety Management Systems Fail-The Cost of Non-Compliance” at the Passenger Vessel Association MariTrends. The presentation was well received and applauded by the packed room.

The PVA Annual Convention was held at Northern Kentucky Convention Center this year on March 4-7. The convention featured a variety of intriguing sessions with various guest speakers that are leaders in the passenger vessel industry.

Click here for the full presentation.

I Don’t See Nothing Wrong

How often have we heard these words within our organization? Often the evidence is right before the persons eyes and they fail to see it. Perhaps in the hope that the failure to acknowledge it will cause it to go away. Across industries “non-conformities” have come to be recognized as something negative, to be done away with quickly. ISO 9001 2015 training teaches us that a non-conformity is the non-fulfillment of a requirement. It is the system that has failed to meet the requirements and not the individual. Admitting to something being wrong takes courageA well-implemented system can reduce the amount of courage it takes to admit to a mistake or an incorrectly implemented process. 

Why fix it if it ain’t broke 

Another common phrase you may hear across your organization. Yet another “this is how its always been done”. Humans resist change. It causes them to break out of their comfort zone. A common result of completing an ISO 9001 2015 training is personnel returning to their companies to start the mapping of their processes. In this, they may get to hear comments such as those above. Personnel does not want to capture the knowledge in their heads onto a price of paper as it puts their job security at risk. They perceive ISO 9001 as an alien document and the clauses make no sense to them. They do not see the value in audits as auditors are merely seen as policemen out to find fault in what they are doing.  

Is everything really good? 

Non-conformities that are not reported when they occur do not get effective corrective action taken on them and they “magically” occur again and again. Often times a smaller non-conformity unaddressed may lead to a larger non-conformity down the road. ISO 9001 in clause 10.2 asks organizations to implement systemic corrective action by identifying if similar non-conformities can occur in other areas of the system. It asks organizations to assess the root cause(s). ISO 9001 2015 training provided to personnel will educate them on how to interpret the requirements of the system to tailor it to their organization so the changes can be minimal. Organizations can do this by capturing the system as the work is done and not a fictional one. It helps training to be provided to personnel, so they understand their role in the system.  

In conclusion, ISO 9001 2015 training is not a means to complicate the way work is done but by understanding and implementing a system that captures the “as-is” of the organization the changes can be kept to a minimum and small. Once personnel sees how the system benefits them they will learn to admit to things that are going wrong and use a systematic approach to correct them.

 

How Did September 11th Affect Security?

Two decades ago, the United States was involved in a horrendous tragedy on September 11th, 2001. On September 11th (9/11) four planes flying over the eastern US were seized simultaneously by small teams of hijackers. They were used as giant missiles to crash into well-known landmark buildings in New York and Washington, DC. This attack changed America forever.

The next terror attack will not be perhaps via airplanes, but cyber-attacks. The Department of Homeland Security has geared its focus towards cyber threats and domestic terrorism. A recent Presidential Executive Order has asked all agencies to focus on securing the cyber networks of our nation. Although the United States is more secure than twenty years ago, it is important that we keep track of our cybersecurity. The majority of security risks today are viewed as targeting the networks and hardware that planes and airlines rely on.

The most common cyber threats that we have encountered are phishing, ransomware, and supply chain attacks. It is important to make sure that your organization has a strong cyber security system. Taking an ISO 27001 lead auditor training will provide many benefits to an individual that is seeking to keep information assets secure. This standard is the only auditable international standard that defines the requirements of an information security management system. ISO 27001 contains a set of policies, procedures, and systems that manage information risks such as cyber-attacks, hacks, data leaks, or theft. This specific lead auditor training can help improve your organization’s cybersecurity strategy. Big companies, as well as small and medium firms, should be interested in the ISO 27001 standard.

At QMII, we offer an ISO 27001 (information security) lead auditor training course. Information Security is important to any business. It helps protect companies’ data which is secured in the system from malicious purposes. The goal of information security management is to ensure businesses have balanced protection of confidentiality, integrity, and availability of data. It is important to identify all potential risks to information security in your ISO 27001 risk assessment. Terrorist attacks are one of these threats. By enrolling in an information security course with QMII, students will be given an understanding of the requirements on ISO 27001 as well as how to relate those requirements to an Information Security system. Lead Auditor training gives students an understanding of the requirements of this standard and how to relate it to an Information security management system. Organizations need an effective information security management system in order to effectively manage challenges. To learn more information about ISO 27001 lead auditor training, visit our website and join us in our next course.

Quality Without Question

 

As I was driving home from work, I noticed the following on the back of a vehicle, “Quality without question”. This got me thinking about the message that was being conveyed. Did the organization mean to convey that their quality was great and should not be questioned? That a customer should take their word just because they say so. For many of us that is exactly what we do when we purchase goods off a grocery shelf. We trust the certified organic and non-GMO ratings that we observe on the packaging. But should one question these and how should an organization decide when to?

To check or not to check

ISO 9001 is an internally accepted standard that sets out the requirements for companies looking to implement a quality management system. While ISO 9001 allows an organization to self-declare many organizations choose to go ahead and pursue certification. This is because it demonstrates to the customer an external independent validation by a subject matter expert of the organization’s ability to manage risks and enhance customer satisfaction.

In many cases though, these companies are often audited by customers especially in highly critical industries where the margin for error is very small. ISO 9001 does not require companies to audit their suppliers but asks organizations to determine the type and extent of control they intend to apply. In determining the type and extent of control, consideration should be given to the perceived effectiveness of controls by the supplier. Essentially can the system controls be trusted to effectively manage risks and deliver? This becomes the basis for the need to check or not.

But we don’t have the resources to audit

This is often the case for many small businesses and perhaps even for some governmental organizations that are limited to one or a few suppliers. In these cases, the organization is still obligated to control the externally supplied process, product, or service. Companies can do this by monitoring metrics such as on-time delivery, sampling incoming items for conformity, and in some cases accepting the external organization certification. No matter the approach used, it does not ever absolve the company of ensuring control of the outsourced process/product/service.

In the case of critical items or a single supplier, they may choose to sample 100% of all items coming in and decide over time based on the results if to continue with a large sample size or to reduce to a smaller one. Here also the aspect of resources plays a part. In cases where the resources cannot be made available, the leadership must acknowledge and accept the risk.

In conclusion

Quality must always be questioned, first internally by the organization itself and checked through its processes. It must also be questioned by the customers on a case-by-case basis. Quality and systems that are left unchecked and unmonitored will over time deteriorate and perhaps result in a major incident/accident. To learn more about the requirements of ISO 9001 join QMII’s next lead auditor training.

Is your organization ready for MDSAP?

Quality is important in all industries but perhaps more so in the medical industry and for those organizations producing medical devices. Apart from ISO 13485 that defines the requirement for medical device quality management systems, medical device manufacturers have to also comply with the regulations of the country their devices are going to be used within. In an effort to streamline the program for manufacturers the Medical Device Single Audit Program (MDSAP) was devised. The MDSAP program is an audit done of the company to the regulations of five participating countries. It is thus much longer than a regular ISO audit as it has to assess the system against multiple regulatory requirements.  

As your company prepares for this new audit scheme perhaps the easiest thing to do is a self-assessment. Use the MDSAP audit model guide to assess whether the company processes meet all the requirements. Conduct a gap assessment and then work to fill in the gaps including keeping records as needed by MDSAP. Just because an organization undergoes MDSAP does not mean that it will not have an ISO 13485 audit as these are two separate schemes. In the conduct of the assessment ensure that the person conducting it is competent to do so. This will avoid any last-minute surprises. Make note that the MDSAP model grades non-conformities differently and so use the same scoring scheme to know what are the priorities that need to be addressed immediately.  

Is the leadership prepared? Often in preparing an organization focuses on the lower echelons as also on the processes involved in the design and manufacturing processes. Ensure the leadership is briefed on the model guide and understands the expectations from them. As a part of each audit, the AO focuses on the management and assesses their commitment to the system. The leadership once committed will drive the rest of the organization to follow suit. This will make it easier for those implementing the system and assessing it internally.  

Make sure personnel are trained and understand well the expectations. QMII offers a variety of MDSAP offerings that are tailored to meet the requirements of the organization with training for each level of the organization. In addition, QMII also offers ISO 13485 lead auditor training. Organizations must recognize that participating in MDSAP will not exclude them from regulatory audits from other organizations. While the audit program may seem cumbersome at first there are benefits from participating in it that include reduced costs and a streamlined audit process.  

How will ISO 22301 Benefit you?

What is ISO 22301?

ISO 22301 is an international standard for Business Continuity Management Systems. This standard is designed to protect, prepare for, respond to, and recover from unexpected incidents when they arise. When your organization has a Business Continuity Management System, it is prepared to detect and prevent unforeseen threats.

ISO 22301 applies to all organizations no matter the size or industry. In 2012, when this standard was first developed, it was the world’s first international standard for implementing and maintaining effective business continuity plans, systems, and processes. It was revised in late 2019 to bring it up to date with current best practices and is based on the High-Level Structure (HLS).  Consequently, it aligns well with many other internationally recognized management system standards including ISO 9001 (quality management) and ISO 14001 (environmental management).

What are the benefits of being ISO 22301 certified?

There are many possible threats that organizations face including supply chain issues as we saw in the recent pandemic, or natural disasters such as earthquakes, floods, hurricanes, and tornadoes, and even cyber-attacks such as the recent news with the ransomware attacks on the oil and gas and food industries. These are major threats, but there are even other types of risks, such as the loss of skilled labor, power outages, and IT breakdowns that can cause disruption to a business.

How is a certification in ISO 22301 beneficial to an individual?

With a certificate in ISO 22301, you will be able to help your organization meet its business objectives and gain the necessary knowledge to manage a team in the implementation of this standard.

If your organization does not have a Business Continuity plan, then they may be at risk.  It is important to take these plans seriously or your business could suffer consequences. Some impacts of not having a plan include business failure, damaged reputation, loss of data and clients, and business interruption.

 What will students learn about ISO 22301 from QMII?

During ISO 22301 five-day training at QMII, students will understand how to respond effectively based on the procedures that apply before, during, and after an event. It is important for an organization to implement a Business Continuity plan because it shows that you are prepared for the unexpected. This assures that your business will continue to operate without any major impacts or losses. Our training enables you to develop the necessary expertise to perform a Business Continuity Management System (BCMS) audit by applying widely recognized audit principles, procedures, and techniques.

 

Problem Solving : The QMII Way

What is problem solving?

What is problem solving? Problem solving is defined as the act of defining a problem, Identifying, prioritizing, and selecting alternatives for a solution and then implementing a solution. A problem – solving process is necessary for all business #management-systems. Why? Because #leadership wants to see continual improvement in their systems and identifying solutions that will effectively prevent recurrence of a problem will enable this. #Leadership needs to ensure their employees are provided with the appropriate training in problem solving techniques to develop and enhance this skill set. Identifying an effective solution can be accomplished by following the proper methodology.

At #QMII, our Problem-Solving workshop  teaches a team-based approach to eliminating root causes through effective corrective action using the eight-discipline problem solving (8D) methodology.

 

What is the Eight Discipline (8D) methodology?

The Eight Discipline Methodology (8D) is a problem-solving approach that we most used in various industries. Originally developed by the Ford company, The purpose of this methodology is to identify, correct, and eliminate recurring problems, making it useful in product and process improvement.  It consists of 8 steps: Create a team, Define the Problem, Contain the problem. Identify the Root Causes, Choose Corrective Actions, Implement and Validate Corrective Actions, Take Preventive Measures, and Thank the Team.

 

Define the problem

Although problems are initially a part of life, we as humans often make the mistake of trying to find a solution right away. We tend to forget that solutions are at the end and not the beginning of a structured process. Often too little time is spent on defining the problem statement well. Time is focused on fixing the issue and dealing with the consequences. Often then, organizations move on to fighting the next fire and a quick problem-solving effort is conducted to “justify” a pre-determined root cause. A well-defined problem is the beginning of a corrective action.

 

The QMII Way

QMII has over 35 years’ experience in systems approach and have successfully applied the 8D approach to problem solving. While there are many approaches to Problem Solving the 8D methodology encompasses the five whys and this is easy for all to understand and then implement. QMII connects the problem-solving approach to the system and in our workshop, we teach students where root cause analysis may lead to other tools as FMEA, Mistake Proofing, and Causal Analysis.  While the workshops help students identify the problem it also helps them understand and implement the remaining steps in the 8D methodology.

Our goal at QMII is educate students/clients on how to identify/appreciate the root causes of the problem to prevent further issues and to address the cause(s), which ultimately leads us to the outcome that should be a conforming product/service/output.  Good management systems ensure that processes remain the focus and result in conforming outputs.

THE BENEFITS OF ISO 9001

Quality! Why is it so important? Quality can be defined as the standard of something as measured against requirement; the degree of excellence of achieving the requirement. Each day we read through hundreds and thousands of reviews just so we can buy a quality product or service. Even individuals searching for an ISO 9001 training are looking to identify a training provider that will provide quality training.

What is ISO 9001?

ISO 9001 is an international standard set by the International Organization for Standardization (ISO) that defines the framework for a quality management system.  Organizations that seek to deliver a quality product or service can use the framework to build a management system that would help attain this goal.

ISO 9001 Benefits

Even though many people have never heard of ISO or even ISO 9001, one might ask why do we need it?

Why not rely on this framework of reviews. However, those who relied on reviews will find that they are not a sure-shot formula to guarantee success in decision making. ISO 9001 also need not necessarily guarantee this. However, ISO 9001 is not meant for the customer, but for the organization implementing it. Although it is centered around the customer requirements, which primarily focuses on the customer, the benefit is to the organization implementing it.

There are many ways an ISO 9001 certificate can be beneficial.  When an individual obtains this certificate, the benefits are internally and externally. Customer satisfaction is the primary focus of the ISO 9001.  A quality system that Is implemented properly will result in customer satisfaction and a positive reputation for an organization.

ISO 9001 Training

ISO 9001 training provides an in-depth overview of the standard and how it is to be implemented.

ISO 9001 has come to signify a global base minimum for a quality management system. Inherent in the certification that customers see is a commitment from the organization to continually improve, to identify and segregate non-conforming outputs and to design controls to ensure the process can deliver per requirements. An organization purchasing from another halfway around the world has some level of confidence now in their assessment and purchase. ISO 9001 training will demonstrate that ISO themselves say don’t just rely on certification. Determine the type and extent of control on the outsourced provider based on their impact to your processes.

ISO 9001 training can be tailored for all levels of the organization. For management who want to understand their role in the system as also why they should invest in it. The workforce wants to understand how it benefits them and why they should adapt to the changes as they take place. Auditors need to understand the interpretation so they can assess if the system is being well run. So, while an organization may not need ISO 9001 certification, they can surely benefit from ISO 9001 and ISO 9001 training.

Here at QMII, we provide ISO 9001 lead auditor training in a unique format that allows all levels of the organization to attend the same class and leave when their relevant section is complete. Please Join us in one of our classes to learn more about ISO 9001 and how it can better your future.