Category Archives: Quality Tools

Internal Audit, Quality Tools

Internal Audit Schedule Part 1 – How To’sday!

Leave a comment

A well-wrought Internal Audit Schedule is key to a healthy management system. It is part of one of the core elements within all the big hitters, from ISO 9001 to ISO 50001 (Energy Management), and beyond.Audit Schedule

An effective Internal Audit Schedule is the handle on the rake that finds nonconformities and potential nonconformities, and does so in a planned, repeatable way. Once found, improvement is possible – and that’s what we’re all about, right?

This can be a fairly broad topic, so in Part 1 we’ll focus on the requirements and a few other considerations, while in Parts 2 and 3 we can do a short recap and look at options for how to construct a great internal audit schedule, with useable examples.

What Needs Be Done?

Each of the more popular standards handles the requirement for Internal Audits in pretty much the same way, with slight differences reflecting that standard’s particular sector.

Let’s look at the meaty part of the requirement in ISO 9001:2008. “[… Internal audits determine if the] QMS conforms to the planned arrangements, to the requirements of this International Standard and to the quality management system requirements established by the organization…”

The 2015 version (in the last Draft) simplifies this slightly by saying “to the organization’s own requirements for its quality management system; and the requirements of this International Standard”

14001 is essentially the same as that, swapping QMS for EMS (Environmental Management System) and adding that it is also a means to provide audit results to management. 50001 does about the same as 14001 by using EnMS (Energy Management System) instead.

And, for completeness, ISO 27001‘s somewhat expanded angle is “[to] a) conform to the requirements of this International Standard and relevant legislation or regulations; b) conform to the identified information security requirements; c) are effectively implemented and maintained; and d) perform as expected”.

ISO 13485 (Medical) and ISO/TS 16949, by the way, since they contain and expand on ISO 9001, have the same text as 9001.

I’m going to make the leap and summarize that your Internal Audits have to cover two things:

  1. Your own system,
  2. The requirements of your standard of choice.

In all the standards mentioned above, if you’ve built your system according to the other requirements contained within the clauses, then you’ve covered everything else. The only concern the uninitiated would have might be 27001’s “relevant legislation or regulations” – but the requirement to consider and comply to those are in 4.2.1 “The organization shall do the following; define an ISMS …..that “takes into account business and legal or regulatory requirements…”, and similarly under control objectives and risk. And 4.3.3 under Control of Records – well, you get the point – there’s no sense making a special case for relevant legislation when it should be a preordained part of the system anyway.

So, The System and the Standard. It can’t be just The Standard, by the way, otherwise you’d miss whatever else has been deemed necessary, or helpful, along the way. And it can’t be just The System, even if it was all originally created to comply – because things, in the name of Improvement, tend to wander over time and “improve” on a requirement by eliminating it.

In-House Resources, or Hire Out?

One of those questions without a wrong answer. One common approach is to use internal resources for process-related audits and verify actual practice against what is supposed to happen (documented or not) – and to have an external resources, such as a consultant, audit against the standard.

This practice ensures associates and management stay close to the machine, while ensuring the whole ensemble stays on track.

A Few other Internal Audit Considerations

I do want to focus on the Internal Audit schedule itself, but it is worth bringing up a few of the other components to a healthy Internal Audit Program.

There’s a ISO For That

There is a secondary ISO standard specifically called “Guidelines for Auditing Quality Systems (you can buy one at ISO.org – here’s a link to ISO 19011:2011).

It covers audit program monitoring and management, audit performance and it’s various stages including reporting and follow-up. And it provides guidelines for auditor competence and evaluation. I really do recommend adding this one to your library as it is usually half of any test related to becoming an official auditor.

Becoming a Card Carrying Member

Since you’ll most likely be performing audits, it’s a wise idea to make it official; you’ll be able to use some of your internal audits as part of the requirements.

What this means is to become registered with an organization such as RABQSA or IRCA (International Register of Certificated Auditors). Both are recognized by the industry, Registrars in particular, as badges granting the qualifications to do audits. They have different levels of achievement and with them varying combinations of education and experience. One of the paths usually involves a one-week course with a test, along with a certain number of audits in particular capacities.

My advice is if you’ve got to take a course anyway – make sure it’s associated with one of the two organizations I’ve mentioned above, or sanctioned by them.

Contact the sites directly for more information and speak with a human being to start the process. The specific links are here:  RABQSA IRCA

Scope of the Internal Audit Schedule

For the sake of doing the right thing right, is important to make it clear what needs to be covered by the internal audit schedule – typically it should match the scope indicated on your ISO Certificate – at least as much.

There may be cases where there is a corporate requirement that is beyond the scope of your ISO registration (a slippery slope that I hope is defensible), that could be included as well. Information Security audits sometimes fall in this category, particularly for non-ISO 27001 companies.

It is a good time, however, to ensure that nothing has been left out of your process as an exclusion that should not be left out, or is not an allowed exclusion.

In 9001 , as a general rule, the only allowable exclusions are going to be Design and after-sales-service (including delivery). Occasionally the lack of what are called “special processes” will grant an exclusion, but it is hardly worth the trouble, in my opinion (simple enough to cover it, “just in case”).

Worth noting that it is very possible ISO 9001:2015 will do away with exclusions entirely as it is currently a topic of discussion – though I don’t know exactly how they will do it (seems impossible).

14001 and 50001 have a bit more leeway, so it is important to ensure the scope of your audit schedule matches.

For 27001, the only exclusions allowed are within the controls section – and these must be justified.

Next Time – Making a Great Schedule

See you next week! And thanks!

Until then – go forth, and calibrate thyself.

Sal

amazon prime

Here’s a special deal for my blog readers: Amazon Prime, 30-day FREE TRIAL gives you the ability to Instantly watch over 40,000 movies and TV episodes with titles for everyone on pretty much any device, Borrow books from the Kindle Owners’ Lending Library, and, something I take advantage of all the time, unlimited FREE two-day shipping with no minimum order size.  Clicking from here helps the site, and YOU; please do. Thanks!

14001:2015, 18001, 5 Whys, ISO 14001, ISO/PC 283, Photography, Quality Tools

Sunday Summary

Leave a comment

Hey – Hope you’re having a great weekend and resting up for whatever it is that fills your rice bowl! Wait. Isn’t that rice? Okay, resting for whatever it is that you do that lets you buy rice then. Rice money!

Work-wise, for me, it was a fairly full week with one Certification audit (they were recommended for Certification without any nonconformities – not too shabby on their part) and a Surveillance audit for some folks who always show steady improvement; long time in the game.

Both were local audits, if you consider within two hours of driving “local” –  for me, anything under four hours, one-way, is fine.

Here’s  a quick recap of the posts from last week:

Don’t forget the Facebook page and, there’s a twitter feed as well!

Thanks for playing along – leave a comment if you need something covered.

Oh, and go forth and calibrate thyself – tomorrow; take the day off from calibrating today.

Sal

5 Whys, Improvement, Quality Tools

5 Whys – How To’sday!

Leave a comment

Let’s start with 5 Whys! Why not? Welcome to the first installment of “How To’sday”.

“5 Whys” may be a basic tool, but it is extremely useful. Some of the best tools are simple – sticks are pretty good at getting termites…

5 Whys = 1 Fix

5 Whys is a problem solving tool; part of a disciplined approach to getting at the root cause of something gone wrong. Sometimes when a defect occurs, companies tend to start at the end – skipping cause entirely and instead focus on what they perceive is in their power to do. And the problem with that is they didn’t understand the cause, and are therefore possibly fixing the wrong thing. As the saying goes, “When you know how to use a hammer, everything looks like a nail”.5 Whys (okay, 4 Whys, and a How....)

Let’s look at an example: Suppose there’s been an uptick of customer complaints. One customer says they received the item with scratches, another says her display was loose in the housing, and still another says the little packet containing the user manual and some small accessory wasn’t received (they actually said it was never sent, but what do they know?).

If cause isn’t addressed we’ll not only end up sending out a new accessory packet, and having two items returned; all this hassle and expense for everyone involved – and every reason to think there will be more strangeness next week. Worse, we start complicating the lives of all concerned – because we know how to use a telephone we call vendors and tell them to stop scratching things,  and we get manufacturing to tighten up those display panels. Meanwhile they start doing that and crack bezels left and right – cutting yields; maybe Engineering can spec a thicker bezel? They can but the power requirements are a little different – hey, let’s re-spec that power supply, too.  And because we know those white gloves prevent scratches we tell production people to wear them – and take off all that jewelry! “Fiasco”, that’s exactly what it is (a nice Italian word referring to a bottle – interestingly, the English use an expression “gone pear-shaped” with a very similar meaning. Don’t worry, it won’t be on the test. And no, there isn’t a test.)

But, we’re educated adults and we know Root Cause is important – but sadly, we have no idea, in this case of scratches and loose and missing things, what the cause is.

Wouldn’t it be cool if it was all just one cause? If we just had to do one thing for all three?

shillelagh

Our enlightened Quality Toolbox has more than just hammers, it also has 5 Whys – along with a slew of other things we can talk about on another Tuesday (“slew” is a nice Irish Gaelic word, btw – as is “shillelagh” which is an excellent Irish hammer).

Seems simple: just ask “Why?”. “Why why why why why!” –  in general, after the 5th, we’ve come to either a broken process, or one that doesn’t exist. If you’ve stopped at something beyond control (“it was raining”, “gravity”) then either you’ve gone too far, or not far enough.

Asking the Why is only part of 5 Whys.

The questions lead to investigations, investigation leads to more questions. This is where I want to draw your focus away from 5 Whys being about just asking Why – the real trick to 5 Whys is twofold – asking the question from the right perspective; asking the right people and investigating.

We try asking production or shipping department:
1) “Why was the the accessory bag missing?” – “Oh, I guess we just forgot to put them in the box.”
We ask, “Don’t we have a process for that? Those cut-outs we made in the foam”, or “That check list?”

The response, “Yeah, we have that, and Quality does those random out-of-box audits”

Well. That wasn’t particularly fruitful, we only got to 1 Why of the 5 Whys. The first why revealed that a process exists, even sounds like a nice poke yoke process (another Tuesday) – and there’s an inspection step. We might investigate with Quality to see what kind of results their samples have been getting.

What if we started at the beginning? 5 Why TIP: Start closest to the problem first – and do it as quickly as possible.

The customer reported the failure – ask them. “Excuse me, customer, we’re investigating your recent issue and we’d like to keep it from occurring in the future, did you personally handle the package in question?”

They may or may not be amenable to this kind of thing, but it can only help to ask – and they’ll know you really have their best interest in mind.

It is possible you end up dealing with someone in receiving; follow the trail. Just because the question is simple, doesn’t mean the answer has to be.

We might ask, “Have you looked everywhere in the packaging?”

Receiving replies, “Of course I did, even looked twice.” There is a pause, “But you know, I did notice that the box had a seam that was opened a little. Probably too tight for something to squeeze out of, I didn’t mention it to anyone.”

Well then. That could be something.

Let’s look at the scratch now. If you start with the production line – your own process, it may take hours or days following the product along and identifying where the scratches could have occurred. Hey! Let’s turn that into a kaizen event (ask me on a Tuesday). Then based on that, instituting corrective measures all along the line that increase complexity and could potentially lead to other errors.

BUT if you start with the customer – again, explaining as above (the larger or more sophisticated customers will expect this anyway); maybe they send you a picture of the scratches.

Maybe you end up at their receiving department and you hear, “You know, that box was pretty beat up, but the [awesome widget] looked fine to me.”

Would be nice to get some pictures of that box, wouldn’t it?

Father of the 5 Whys
Sakichi Toyoda

You could easily imagine the same scenario with the loose display. That box has been in a fight and it seems to be losing.

Let’s look at that as if we had investigated properly, starting closest to the problem, and gathered the facts.

1) Why is the display loose? Repeated blows during shipment.

2) How did those blows occur? HOLD ON A SECOND! Did you see that? I didn’t say “Why” I said “How”. Forgive me for this slight, and maybe controversial sidebar. The thing is, in Japanese, the word for Why and the word for How are very similar (なんで  or  “nande” ). And the gentleman who invented the 5 Whys technique was in fact Japanese – Sakichi Toyoda – you’ve heard of his company or maybe driven one of his cars. Somewhat inconsiderate of me to throw that at you in your first example, but – there it is; “How” can occasionally be used in place of “Why”.

Anyway. 2) How did those blows occur? During shipment, the box did not provide adequate protection.

Not a big leap there, we do have a trend of what could be explained as failed packaging.

3) Why didn’t the box protect the contents? It wasn’t the correct rating for the weight of the product.

4) Why wasn’t the box correctly rated? We never checked.

5) Why didn’t we check? It is a new product and well, what do you know, it’s heavier than our usual product – we don’t really have a step in our process where we consider packaging.

Voilà! A missing step in our process. Now, if it’s a new product, we do a packaging evaluation.

All three problems solved with the help of not just 5 Whys, but good investigation using the proper perspective. Remember, simple questions don’t necessarily yield simple answers.

Thanks for reading about 5 Whys! Now, why not Go forth and calibrate thyself?

Sal