P-D-C-A with a Christmas Tree

As a QMII employee, I can sit and observe classes whenever I want, more so since they are virtual instructor led these days. It allows me to get a refresher on the clauses, even though it is so hard to get them. It gets me every time. When the time comes to interview auditees, I smile like a Cheshire cat; not a confident grin but one that hopefully does not betray my nervousness.  Often, I am nervous as a long-tailed cat in a room full of rocking chairs. However, my QMII ISO lead auditor training has prepared me well. I am nervous as the auditee too, even though I know audits are not about pass or fail.  While I call myself a writer and researcher my greatest struggle perhaps lies with Audit Report writing. Oh, man! QMII lead auditor training, however, well prepared me to gather all notes during an audit to present a valuable report to the auditee. Smile.

The aspect of Lead Auditor training I like is the P-D-C-A cycle because I can use that analogy anywhere in my life. I have the responsibility of putting up the tree, however, currently, my application of the P-D-C-A is not going so well. Perhaps a re-plan is needed?

So from the Lead Auditor classes that I have attended, P-D-C-A stands for the following and the task next to it is what I have to do:-

P – Planning: We have to put the tree. Also, the objective of my mission. Considerations include where are the decorations kept, do we have enough, do we need a ladder, what should be the first step, then the next (like testing the lights before we put them on the tree), and more. Most important plan the time to do it in my busy schedule!

D – Do: Now to put my plan into action! Locate the boxes, get them out, unpack, and, get my team to help me even if they don’t want to (just to cheer me on perhaps). Yay! Thanks guys, for your help! Thumbs up for that. Basically, everything else that needs to be completed before the tree is finally up and lit up and everyone is happy. The DO stage can be extremely exhausting. How about that drink to cool me down?

Note – From my Lead Auditor training and also when I am auditing my clients, I know that the ‘DO’ section of the process is where a lot of the “action” happens. Just because “you gotta do it, man, get on with it!” I feel the pain of the “Do’s” as it is easy sometimes to plan but more taxing to put the plan into action. Now getting back to my tree.

C – Check: Once the tree is up and you think the job is over, it is not. You have to wait for the others to “check” the tree out and give their opinions. Pass comments, critique your effort while you are bickering away that they didn’t do anything, but they get to analyze it. What was that? Oh yes, I agree it is just an opportunity for improvement and we love our non-conformities.

A – Act: The verdict is out. The tree looks great. Beautiful decorations. However, the lights seem to flicker at some places, we need better lights for next time. Get more decorations. Good job!

VERDICT

Plan it better next time. Stop bickering when you are doing the job. Be patient and stop being

grumpy when they are “checking” and analyzing your work. Continually Improve this process till you get your Act together – words of a wise Yoda who is enjoying the view of the Christmas tree and listening to the Christmas songs.

Can I get that drink now? Long Island, please. Merry Christmas!

Quality Without Question

 

As I was driving home from work, I noticed the following on the back of a vehicle, “Quality without question”. This got me thinking about the message that was being conveyed. Did the organization mean to convey that their quality was great and should not be questioned? That a customer should take their word just because they say so. For many of us that is exactly what we do when we purchase goods off a grocery shelf. We trust the certified organic and non-GMO ratings that we observe on the packaging. But should one question these and how should an organization decide when to?

To check or not to check

ISO 9001 is an internally accepted standard that sets out the requirements for companies looking to implement a quality management system. While ISO 9001 allows an organization to self-declare many organizations choose to go ahead and pursue certification. This is because it demonstrates to the customer an external independent validation by a subject matter expert of the organization’s ability to manage risks and enhance customer satisfaction.

In many cases though, these companies are often audited by customers especially in highly critical industries where the margin for error is very small. ISO 9001 does not require companies to audit their suppliers but asks organizations to determine the type and extent of control they intend to apply. In determining the type and extent of control, consideration should be given to the perceived effectiveness of controls by the supplier. Essentially can the system controls be trusted to effectively manage risks and deliver? This becomes the basis for the need to check or not.

But we don’t have the resources to audit

This is often the case for many small businesses and perhaps even for some governmental organizations that are limited to one or a few suppliers. In these cases, the organization is still obligated to control the externally supplied process, product, or service. Companies can do this by monitoring metrics such as on-time delivery, sampling incoming items for conformity, and in some cases accepting the external organization certification. No matter the approach used, it does not ever absolve the company of ensuring control of the outsourced process/product/service.

In the case of critical items or a single supplier, they may choose to sample 100% of all items coming in and decide over time based on the results if to continue with a large sample size or to reduce to a smaller one. Here also the aspect of resources plays a part. In cases where the resources cannot be made available, the leadership must acknowledge and accept the risk.

In conclusion

Quality must always be questioned, first internally by the organization itself and checked through its processes. It must also be questioned by the customers on a case-by-case basis. Quality and systems that are left unchecked and unmonitored will over time deteriorate and perhaps result in a major incident/accident. To learn more about the requirements of ISO 9001 join QMII’s next lead auditor training.

ISO 9001:2015 – Exclusions

Exclusions to what an organization does were integral to the ISO 9001 standard prior to the 2015 version update. After all an organization cannot do all the work. Clause 7.1.1 lays the foundation on this thought by accepting that an organization must determine and provide resources. In doing so it determines the constraints and capabilities of the existing resources and what needs to be obtained from external providers. As such in previous standards, the organization, when seeking certification, requested exclusion on those processes that it did not perform.

The drawback of this was a major flaw. Over the period of time, some of these organizations, sheltered under the exclusion provision even lost the ability to pick the correct outsourced party! For example, if the organization builds highways, but outsources bridges and tunnels, then it must have the ability to be able to pick the correct vendor/ contractor who will not let the customer down. The revised 2015 version of the standard therefore in the wisdom of TC-176, removed this exclusion provision. It does not imply now the organization cannot outsource what it does not do. All that it means that the organization can review the applicability of the requirements based on its size, complexity and decide on the activities it needs to outsource.

With the exclusion provision removed, the organization would need to do due diligence in appreciating the range of its activities and the risks and opportunities it encounters as also the effect if any of the outsourced vendors not performing to accepted requirements. The organization then remains accountable for the outcome of the outsourced processes and products and services externally obtained. To ensure their consistency and levels of acceptance, it would need to take measures as required by clauses 8.4.1, 8.4.2, and 8.4.3 of the ISO 9001 in enforcing monitoring and measuring to protect its customer and clients.

This assurance that an organization can not and will not outsource those activities which by its decision will not result in failure to achieve conformity of products and services. Clause 4.3 of ISO9001 in determining the scope of the quality management system clearly requires that conformity to the ISO 9001 can only be claimed if the requirements determined as not being applicable do not have an adverse impact on the promises made by the organization. The products it provides, based on externally obtained subproducts or services must not affect customer satisfaction.

In terms of auditing, it is incumbent upon auditors that they carefully seek conformity to this requirement when auditing. Internal audits to ISO 9001 must provide the objective inputs to top management to make better decisions and appreciate the risks of outsourcing to nonperforming and or underperforming outside organizations, remembering they remain accountable and answerable for the final product or service. Ensuring the organization’s accountability for the conforming products and services whether outsourced or not is the responsibility of the organization.

QMII’s ISO 9001 EG (Exemplar Global) certified lead auditor training designed carefully to meet the objectives as envisaged in the standard.

ISO 14001 Management System Certification – Cost versus Value

The most popular type of management systems used today often depends on the type of organization, and how they run their operations.  ISO 9001:2015 Quality Management Systems is the most popular for companies selling products to the military, along with AS9000:2016 Rev D for aviation, space, and defense organizations.  Food processors lean toward ISO 14001:2015 Environmental Management Systems (EMS) and ISO 45001:2018 Occupational Health and Safety (OH&S).  The size of the organization can have a significant bearing on whether they get certified or claim to conform.  It cost less to state you conform than to conduct the number of audits needed to become, and stay, certified.

Agricultural oriented small and medium enterprises (SMEs) will often opt for EMS.  Vineyards, vegetable farms, and livestock farms like ISO 14001.  Therefore, it depends a lot on the percentage of SMEs that are in those businesses.  In many cases, the percentage of organizations conforming to ISO 14001 depends on the amount of local or government pressure to conform.  In Europe and China, ISO 14001 is much higher than in the USA, in part due to government and environmentalist pressure.

Agricultural businesses and those that are getting pressure from socially responsible groups are the types of organizations that become ISO 14001 certified.  Meat packaging companies like Smithfield Ham in Virginia (now owned by a Chinese company), is ISO 14001 certified.  Only four major Ports in the USA are ISO 14001 certified (Port of Virginia is one) but many countries require the certification.  Partly due to all of the food coming into the Ports, but also due to the amount of pollution generated by boats, trains, and trucks that service the Ports. Ports are also now looking at ISO 50001 Energy Management Systems in conjunction with ISO 14001 certification.

One of the key drivers is the desire to meet ISO 14001 Standard requirements in the markets that they want to operate in or sell to.  It is difficult to open facilities in most of Europe, the Middle East, and China without having an ISO 14001 certification.  Environmental impact, energy efficiency, pollution reduction, and sustainability are considered by government permitting organizations.  This is more important for large organizations, but many SMEs also want to sell internationally.

Like other ISO Standards, it takes about a year of internal audits to be ready to claim conformity or get certified to ISO 14001.  SMEs, due to their smaller size, could take less time.  Medium-size businesses, with multiple locations, may elect to just have their headquarters certified, and state conformity for branches and suppliers.  An organization may elect to get its headquarters operation certified and use second-party audits to confirm that its other facilities and suppliers conform to the Standard.

The major cost of becoming certified involves training and multiple audits to get ready for certification.  Once ready, a third-party audit is required.  Most SMEs could be ready within a year.  The actual cost would vary depending on the number of employees trained, and the number of audits conducted before certification.

With good training and responsible staff, most SMEs can become certified.  All processes need to be in line with the goal of using environmental best practices.  In some cases, the cost of changing current processes can become a barrier.  Organizations can consider out-sourcing some processes in order to become more environmentally friendly.  Internal and second party audits can help an organization determine what, if any, processes need to be modified or out-sourced.

There are many reasons why organizations decide to become certified, but over time, reasons have changed for both small and large organizations.  With the new high-level-structure (HLS), EMS is now more similar to other standards.  Organizations that use to be ISO 18001 are now considering ISO 45001, which has OSHA embedded in it.  SMEs, like larger organizations, appreciate the value of being certified to popular standards and promote their conformity in their promotional material.  Many companies that are certified to ISO 9001 have to get the certification to sell to government agencies.  Many of the companies that get ISO 14001 certification, feel their end-users appreciate the company for having it.

To be sustainable, an organization needs to consider many factors.  These factors typically fall into one of the three pillars of Sustainability – Social, environmental and economic categories.  All organizations want to be socially responsible and do minimal damage to the environment, but they have to address the economics of operation.  The key is to strike a balance and establish a management system with processes that can be defended in the light of internal and external audits.

– by Peter Burke

Management review: A Necessity or Improvement driver

The management review is a critical step to ensure sustained success of the management system, yet this is often left to the relevant manager to document to meet the system standard requirements. A myriad of reasons is given for a management review not being done within the timeframe as defined by the organization. These include unavailability of senior management due calendar conflicts, waiting on inputs from department heads and sometimes just a lack of commitment by leadership.

Even when conducted ‘timely’ the review is often done purely out of necessity of meeting the requirements of the standard. The review, however, is a critical step for the success of the system and enables the continual improvement of the system. Leadership may, at times question, why money invested in a Quality Management System; that certification to ISO is not delivering the intended ROI. The answer often lies in their lack of commitment to the system as perceived by the users of the system.

Why are my reviews not driving improvement?

Management reviews when done out of necessity become a documentation exercise. The responsible manager collects all the data and analyzes/evaluates it for presentation to management. They proudly share these presentations with whomsoever asks about the management review. The ISO standards (e.g. ISO 9001, ISO 14001 and others) in clause 9.3 give the requirements for what shall be included in a management review. However, the review need not be limited to just these topics.

In consulting, QMII has often heard, “But we do daily reviews with our team and weekly updates with the managers”. Why not record these as a part of your management review? Do keep in mind that ISO standards ask organizations to conduct management reviews at planned intervals. It does not say it has to be a meeting or be held in a boardroom or the planned intervals need to be equally spaced. When the system is incorrectly implemented, or the standard incorrectly interpreted it often leads to a weak foundation of the system. Soon users of the system are complying and doing what has been documented rather than asking “is this really correct for us?”

With the passage of time, the lack of commitment percolates through the system to where the person tasked with championing the system, such as a quality or environmental manager, is fighting a lone battle. This lack of commitment may be apparent from the lack of decisions by management to issues presented in the review.  At times the concerned departments are trying to drive their own agendas, and this creates conflict and disconnect. Also, in recording the outputs of the review, the decision and actions from management must be recorded. QMII, often finds these missing.

How do I improve my management reviews?

To do so the organization must first understand the intent of this clause in the ISO standards. Clause 9.3 (under the high-level structure) asks management to review their systems to ‘ensure its continuing suitability, adequacy, effectiveness and alignment with the strategic direction of the system.’ This, in essence, must be the guiding principle for the management reviews.

This is the reason why these reviews must be done holistically. It is this guiding principle that will determine the intervals for the review. Clause 5.1 of the ISO standards (those aligned per the HLS) asks leadership to take accountability for the effectiveness of their systems. The management review is the platform via which they can assess if the system is effective in meeting their policy as set. The management review is also where management reviews the system and determines the required changes in the context of the organization, the needs of the interested parties to determine new risks,  if any changes to the policy / strategic direction needs to be made and resourcing needs.

Engaging Leadership and the rest of the team

There is no mantra that will deliver sure-shot success. I wish there was one, for I know many an organization that would willingly invest in it! However, educating management on the WHY of the management review has often helped. If need be consider external consultants to deliver the message. Additionally, you can consider these three steps to get more engagement:

  1. Gather review inputs from management team: This is a good method to get everyone involved. Pass around a draft meeting agenda so all system users can prepare for the review (should you be having a meeting) and can provide their inputs /items that they need management’s decision on. It is also an opportunity for them to gather opportunities for improvement from users of the system.
  2. Use a review format that works for leadership: Document how your reviews are done exactly the way they are done within your organization. Perhaps some agenda items are discussed on a quarterly basis and others on a weekly basis. The intent is not to please an auditor but to use this tool to drive improvements through the system, as needed. Remember, the guiding principle discussed above.
  3. Communicate the outputs of the review …. including leadership’s decisions. While the standard does not require this, it is implicit in ensuring continual improvement. Communication is important but the outputs of the review need not to be communicated to the entire organization. Perhaps relevant parts to the concerned managers and their teams. It demonstrates to the users of the system that management is involved, is aware of the problems and has provided decisions on various matters presented.

Management Reviews ….  Improvement Driver

When done correctly management reviews become the springboard for improvement throughout the system. It comes at the end of the ‘Check’ stage of the PDCA cycles leading into the ‘Act’ stage for continual improvement. It enables leadership to assess how well their system is doing. It delivers, in the long run, the engagement needed from users of the system and the ROI that leadership are seeking in their quality management system.