Sharing an old article, as presented at a conference in 2002. The standards have changed / evolved, i.e. QS-9000 is gone now, replaced with ISO-9001:2008/TS-16949, but the concepts discussed, i.e. developing professional internal auditors, remain valid.
10th Annual International Conference on ISO-9000
Feb 25-27, 2002
Title: Harmonizing Internal
Audits to Limit Work Interruptions
QS-9000, ISO-14001, and
ISO-17025
Abstract
Since its original inception in
1996, the Internal Quality Audit process at Yazaki North America, Inc.,
established to address the requirements of QS-9000, has been consistently
successful at identifying areas of concern, as well as continuous improvement
opportunities. The process has undergone
several stages of improvement itself, and has been recognized in registrar
audit reports as providing a benchmark due to the clear and comprehensive
nature of the resulting reports and files.
When it was time to implement new standards, i.e. ISO-14001 and
ISO-17025, we chose to take advantage of this success and extend the process to
address them as well.
This paper reviews the steps
followed to harmonize these systems by establishing a comprehensive, linked
audit process. We address how resource
needs were identified and met, how a shared process could meet each standard’s
specific requirements, and how process and data ownership were established.
Our efforts proved that the
foundation for YNA’s audit process is suited to auditing in general. We can utilize the concepts and techniques
we’ve developed to conduct special process assessments, and we expect to be
able to update our audit procedural documentation with minimal effort when
needed to address new or changing standards.
Defining
Resources: Audit Experts
The Yazaki North America, Inc. (YNA)
Quality Management System (QMS) audit process has been consistently successful
at identifying areas of concern and corporate benchmarks, as well as continuous
improvement opportunities. This process
has undergone several stages of improvement itself since its original inception
in 1996. In addition to developing into
a critical function to the organization, it has been recognized in registrar
audit reports as providing a benchmark in its own right due to the clear and comprehensive
nature of the resulting reports and files.
The success of YNA’s audit process
is due in large part to the development and utilization of a limited number of audit experts, certified lead quality
auditors who perform audits and provide internal consulting services on a
full-time basis. These auditors have
developed into “experts” through regular experience and on-going training,
including attendance at conferences such as the ISO-9000 International
Conference and the ASQ-QAD Quality Audit Conference. They understand the workings and linkages of
the entire organization and are thus well equipped to assess the effectiveness
of any single function or group of functions, as well as to assess all
functions working together as a whole.
Further, their daily involvement with the YNA QMS regarding issues of
conformance serves to continuously reinforce their knowledge of standards’
requirements, helping to ensure audit reports or recommendations are always
prepared with benefit of prompt, logical and effective interpretive decisions.
Defining
Resources: Cross Training
Although the expertise of our QMS
auditors was based on a thorough understanding of the requirements of QS-9000,
we recognized that their auditing process need not be limited to any one set of
standards or requirements. With this in
mind, the decision to pursue registration to the ISO-14001 and ISO-17025
standards was followed closely by a decision to utilize the existing audit
process to cover the additional requirements rather than risk the development
of potentially divergent systems. Some
minor adjustments would likely be necessary, but were seen as productive
improvements rather than cumbersome roadblocks.
As the owners of the process, the audit experts were tasked with making
the necessary revisions and implementing an all inclusive audit system. The first obvious step would be to provide
these auditors with training on the new standards.
Clearly we could not turn quality
personnel into environmental and test systems experts simply by educating them
on the new standards. However, we
already had experts in those areas, who, conversely, could not be rendered into
audit experts simply by receiving training on the audit process.
Cross training our auditors to the
new standards and our environmental and test experts to the audit process was
the first step in establishing an effective level of communication between
these diverse groups of personnel. If we
wanted to extend our already successful audit process into these new areas with
equal success, it was vital that we get our quality, environmental and test
personnel all speaking a common language.
We’ve often found that auditors and engineers tend to speak apples to
oranges, creating a language barrier that sometimes requires the intervention
of “translators” in the form of other audit and/or engineering team members
before appropriate, effective decisions can be reached. We did not want to risk the possibility of
introducing such barriers into this new, extended process before it had even
been deployed.
Defining Process Ownership
Defining
ownership and authorities was another crucial step to ensuring the successful
implementation of a comprehensive audit system.
Singular ownership, via the existing process owner and principle audit
expert, i.e. the QMS Management Representative, would maintain the integrity of
the already proven process. However,
joint ownership, including the EMS Management Representative and the test
group’s ISO-17025 Representative, would ensure the stability of the process
throughout its deployment into these new areas, as well as ongoing, future
maintenance.
Recognizing the value of both approaches, a
compromise was established. The QMS
Management Representative would remain the direct owner of the procedure
documenting the requirements of the process, and thus the direct process or procedure owner; yet documented approval from the other two
representatives, in a shared role as process or procedure authorities would be required for the initial release of the
revised procedure, as well as for any future updated revisions.
Defining
the Shared Process
The QMS Audit Manager, working on
behalf of the QMS Management Representative, coordinated the efforts of the
audit experts in reviewing the new standards, i.e. ISO-14001 and ISO-17025, for
similarities with and differences to QS-9000.
The differences identified (see Table 1) were actually few in number and minimal in concept,
thus were easily accommodated with little direct impact on the existing
procedure. In order to ensure the most stringent of the requirements are always
met, regardless of the corresponding standard, we adopted these as corporate requirements for all
associated systems (i.e. the Quality, Environmental and Laboratory Management Systems, or the QMS, EMS
and LMS, respectively).
As an example, while our QS-9000 based procedure
describes levels of nonconformities utilizing the major/minor concept defined
in the Quality System Assessment (QSA) manual, neither ISO-14001 nor ISO-17025
require such prescriptive identifiers.
Nonetheless, neither the EMS nor the
LMS were allowed to be exempt from the QS-9000 requirement, which became the
new YNA corporate standard. Further,
the identification of any nonconformity in either Management System requires
the issuance of and response to formal Corrective Action Requests, ensuring
that all nonconformities are acted upon in a timely manner, and that adequate
verification activities occur to allow for timely closure.
In addition to a full procedure review and revision,
all forms and records associated with the audit process were also reviewed for
standardization opportunities. This
effort also proved highly successful, with the
single exception of specific audit checklists, each of which were
designed to address an individual standard and individual Management System
needs as determined by the associated Representative.
Table 1: Specific Audit Requirements per Standard
QS-9000 – 4.17 |
ISO-14001 – 4.5.4
|
ISO-17025 – 4.13
|
Establish,
Maintain
Documented Procedure
|
Establish,
Maintain
Programme/Procedure |
Predetermined procedure
4.2.1: Document procedures to extent necessary to ensure quality of tests/calibrations |
>to
verify whether activities & related results comply with planned
arrangements
>determine
effectiveness of quality system
|
>to determine if EMS conforms to planned arrangements
>has been properly implemented / maintained |
To
verify operations comply with requirements of quality system & ISO-17025
|
4.1.3.1: Management Review
– include all elements of the entire quality system
|
Audit procedures cover audit scope |
Address
all elements of quality system, including testing & calibration
|
4.1.1: the responsibility,
authority and interrelation of personnel who manage, perform & verify
work affecting quality shall be defined & documented
|
Audit procedures cover responsibilities & requirements for conducting audits & reporting results |
Responsibility:
quality manager to plan & organize audits
|
4.2.1.2: Identify resource
requirements & provide adequate resources, including assignment of
trained personnel
|
Audit procedures cover responsibilities & requirements for conducting audits & reporting results |
Audits
carried out by trained & qualified personnel
|
Auditors
independent of activity audited
|
* No specific requirement
regarding independence
|
Auditors
independent where resources permit
|
Scheduled
on basis of status & importance
|
>Periodic
>Audit
programme, including any schedules, based on environmental importance
|
Periodically,
predetermined schedule
|
According
to audit schedule updated annually
|
* No specific requirement
regarding completion timing
|
Cycle
should normally be completed in one year
|
Record
results
|
4.5.3: Records maintained
to demonstrate conformance to ISO-14001
|
The
area of activity audited, the audit findings & corrective actions that
arise from them shall be recorded
|
Results
brought to the attention of personnel responsible in the area audited
|
Provide
information on results to management
|
Notify clients in writing
if investigations show that the laboratory results may have been affected
|
Management
personnel for area audited take timely corrective action
|
4.5.2: corrective action
shall be appropriate to the magnitude of problems & commensurate with
environmental impact
|
The
laboratory personnel shall take timely corrective action
|
Follow
up activities shall verify & record implementation & effectiveness of
corrective action
|
* No specific requirement
regarding follow up activities
|
Follow
up audit activities shall verify & record the implementation &
effectiveness of corrective actions taken
|
Results
of audit form integral part of input to Management Review
|
4.6: Management Review
shall address possible need for changes … in light of EMS
audit results
|
4.14.1: Management Review
shall take account of the outcome of recent internal audits
|
Cover
all shifts
|
* No specific requirement
regarding shifts
|
* No specific requirement
regarding shifts
|
Increase
frequency: internal / external
nonconformities, customer complaints
|
Audit
procedures shall cover audit frequency
|
* No specific requirement
regarding frequency
|
The resulting procedure was comprehensive, as anticipated.
However, we did identify some concerns in our attempts to implement it
as a truly comprehensive process, most notably with regard to Lead Auditor responsibilities. As stated above, while an audit expert may
receive training in other Management System types and associated standards
documents, that auditor could not be considered an expert in the new systems
without first achieving a sufficient level of experience. Lacking sufficient experience and hence a
sufficient level of expertise, our audit experts would no longer possess the
key capabilities that have made our QMS audit system a consistent success. We might expect audits of the new systems to
be less thorough, and interpretive decisions would lack the knowledge-base that
provides such a firm foundation in our QMS audit reports.
We chose to address this concern by looking at the
new audit process as one that links
our Management Systems rather than as one that deigns to be
all-encompassing. Instead of assigning
one Lead Auditor to oversee the entire audit and make all relevant decisions,
we initiated a system of partnering.
Partnering
Through appropriate training, we
developed an auditor pool consisting of:
- experienced QMS auditors, also considered audit experts, who are trained but inexperienced in performing EMS and LMS audits, and who could share their audit expertise with EMS auditors;
- trained but inexperienced EMS auditors who could share their work experience and environmental expertise with the audit experts; and
- trained but inexperienced LMS auditors who could share their work experience and laboratory expertise as area experts.
This sharing of experience and expertise is referred
to as partnering, and applies most
directly to QMS and EMS auditors working as Co-Lead Auditors in the performance of
overall YNA corporate system audits. Our
LMS auditors are addressed slightly differently, as their audits pertain to
only a small portion of the total YNA systems, i.e. the testing laboratory.
In the planning stages of an overall
YNA corporate system audit, the QMS and EMS Co-Leads work together to ensure
all departments, locations and shifts pertinent to the subject business unit
are appropriately and efficiently scheduled with minimal work disruption. During the performance of the audit, this
typically will result in a sort of “tag-team” auditing, with one Lead
performing his/her portion of the audit, then passing the baton to the
Co-Lead. In instances where the
standards state similar requirements, the second Lead might find some of
his/her questions answered during the first half of the audit, and thus can
move on to ask only those questions which have not yet been addressed.
When the testing laboratory is
scheduled for an audit, we take a slightly different approach. The LMS auditor has requested to function as
an Area Expert partnered with the QMS
Lead Auditor, rather than as the LMS Lead.
This request came about due to his concerns about maintaining a
sufficient level of independence and objectivity. However, since the QMS Lead Auditor does not
have laboratory expertise, the LMS auditor, officially referred to as the Area
Expert, functions as a full partner during the audit, making sure all requirements
are appropriately addressed in all applicable areas.
Regardless of the system being
audited, YNA’s internal auditors take extensive notes, which are later
reviewed, classified and added to an MS Excel spreadsheet according to the
classification, including general
observations, continuous improvement
recommendations, and issues requiring follow
up (actions in process/not yet complete, questions the auditor needs to
investigate, or other issues that may require review/re-audit at a later date),
in addition to nonconformities
requiring action. This matrix is
provided to the personnel within the business unit audited, as well as to other
corporate executives, who may recognize and make decisions to act upon similar
issues within their own units.
At the conclusion of the audit,
these matrices are analyzed and summarized into a final Audit Report. The QMS Lead
Auditor takes direct ownership of completion and distribution of the Report;
however, the EMS Lead Auditor is responsible to add his/her own audit results,
and the LMS Area Expert is consulted to ensure all relevant LMS issues are
accurately identified.
The Audit Report is written at a high level to allow
a snapshot view of the audit results, with the resulting status of the audited
organization identified using red/yellow/green indicators, and key concerns and
other observations described in brief statements. Details are also provided via the matrices
noted above which are included as attachments during Audit Report distribution.
Defining
Data Ownership
While the QMS Lead Auditor is
responsible to ensure the Audit Report is completed and distributed, final
ownership of the resulting records is shared.
It may seem redundant to maintain multiple copies of the records;
however, this decision was made to ensure each Representative has direct and
immediate access to the audit results pertinent to the system he/she has
responsibility over. Further, external
audits of the Internal Audit element for either of the three standards are
performed with the responsible Representative at his/her office location. This allows for more efficient external
audits, without the auditors having to make excess treks throughout the various
buildings at our headquarters campus.
New
Standards
The foundation for the process developed at YNA is one suited to
auditing in general, rather than something unique to an ISO standards
environment. With this in mind, we
anticipate being able to utilize the concepts established here in other types
of assessments as well, such as special process assessments that extend beyond
the standards to which we currently subscribe.
In addition, the task of making continuous updates to address changing
industry requirements and even the incorporation of new standards, such as
ISO-9000:2000 or TS-16949, seems far less daunting than it otherwise might.
The concepts of auditing do
not change, though the system requirements do.
Revisions to documented procedures, forms and reports are not only
possible, they can be expected; however, the basic auditing techniques
incorporated during the planning, questioning, and reporting of audit results
remain stable. It is for this reason
that we strongly promote the development and utilization of audit experts to lead the audit process.
Deployment
in Similar/Dissimilar Organizations
The YNA audit process is adaptable.
The basic concepts developed here could be deployed in other
organizations, regardless of similarities – or dissimilarities – to YNA in
size, scope and even industry. We do
recognize that many organizations will not have the resources available to
assign full-time audit experts.
Nonetheless, personnel who are identified as auditors, even in a limited
capacity, could still be developed
through training and regular involvement in the applicable Management
System. Through such development and
partnering with area experts and/or co-leads as described earlier, even
part-time auditors could achieve a level of expertise sufficient to consistently
identify not only nonconformities, but also areas of potential concern,
continual improvement opportunities and even internal benchmarks, and thus add
greater value to any audit program.
No comments:
Post a Comment