Add Value to ISO 9001:2000 Audits
The standard's revision provides the opportunity to help organizations improve the way they do business
by Sandford Liebesman
Quality auditors have been criticized for not adding value to what they do for clients. The ISO 9001:2000 revision1 provides an opportunity to change this.
The ISO 9001 developers believed the revision should define a universally understood quality philosophy. The standard's development was then based on eight quality management principles that form the basis of a superior quality management system (QMS).2, 3, 4
Correspondingly, structuring audits around these principles to improve an organization's processes should improve customer satisfaction and product/service quality and reliability. These principles are not requirements of ISO 9001:2000. Organizations just bent on obtaining a certificate may not concern themselves with this higher view.
Using the principles to audit
Auditors can use the eight principles to create an organizational mind-set that views quality on a higher plane:
1. Customer focus. ISO 9001:19945 aimed to achieve customer satisfaction by "preventing nonconformity at all stages from design through to servicing." ISO 9001:2000 broadens this concept to include management responsibilities to communicate with customers, monitor and measure customer satisfaction and develop improvements related to customer requirements.
An important role required of top management is to communicate to staff the importance of meeting customer requirements. Top management must also monitor customer satisfaction information, tying it to continual improvement.
By auditing the following requirements in the standards related to customer focus, auditors add value to the process:
- Ensure customer requirements are determined and met and customer satisfaction is enhanced (customer focus, element 5.2).
- Promote awareness of customer requirements (management representative, 5.5.2).
- Provide resources to enhance customer satisfaction (6.1).
- Determine requirements specified and not stated (7.2.1).
- Communicate (includes complaint handling) with customers (7.2.3).
- Handle customer property (7.5.4).
- Monitor, measure and analyze customer satisfaction information (8.2.1, 8.4).
- Input customer feedback to management review (5.6.2).
- Take actions based on management review related to customer requirements (5.6.3).
2. Leadership. Top management's commitment to the QMS has been greatly expanded by the ISO 9001:2000 requirements. Management's role centers on fulfilling customer requirements, communicating with customers as described in the previous section, communicating with staff, and planning and assuring the continual improvement of the QMS.
Auditors should verify the major top management responsibility of assuring objectives are measurable--an important part of the continual improvement process--and tied to the quality policy. A framework must be developed for establishing and reviewing objectives.
The following requirements relate to leadership:
- Communicate top management commitment (5.1).
- Determine customer requirements and enhance customer satisfaction (5.2).
- Include commitment to continually improvement in the quality policy (5.3).
- Plan and establish measurable quality objectives (5.4).
- Assure responsibilities are defined and communicated (5.5.1).
- Appoint the management representative (5.5.2).
- Communicate the effectiveness of the QMS (5.5.3).
- Conduct management review of the QMS (5.6).
- Understand top management's role in continual improvement (8.5.1).
3. Continual improvement. A key new requirement is to improve the effectiveness of the QMS using an improvement loop (8.5.1) consisting of quality policy (5.3), quality objectives (5.4.1), audit results (8.2.2), analysis of data (8.4), corrective and preventive actions (8.5.2 and 8.5.3) and management review (5.6).
Continual improvement is at the heart of the auditor's value added activity. Does the organization use all the tools at its disposal to improve over time? The auditor should carefully review how the improvement loop is working to improve the products and processes.
The following requirements relate to continual improvement:
- Plan to continually improve the QMS effectiveness (4.1, 5.4.2).
- Plan and implement the improvement processes (8.1).
- Report on the QMS performance and the need for improvement (management representative, 5.5.2).
- Provide resources to continually improve the QMS effectiveness (6.1).
- Monitor the improvement loop (8.5.1).
4. Involvement of people. Involvement of people revolves around assuring the competency of the staff. The key requirements focus on the effectiveness of training, awareness of individual contributions and an effective work environment.
Competence has to do with the long-term capability of the organization to perform effectively. The auditor should review how the organization determines its needs and fulfills them by increasing employee capabilities. It can be difficult to assess training effectiveness.
The following requirements relate to involvement of people:
- Determine the competency needs of the organization (6.2.2).
- Determine individual competencies and qualifications based on education, training, skills and experience (6.2.1 and 7.5.2).
- Evaluate the effectiveness of training and other actions (6.2.2).
- Ensure employees are aware of their contributions to the quality objectives (6.2.2).
- Determine and manage the work environment (6.4).
- Assure awareness of requirement changes (7.2.2).
5. Factual approach to decision making. The use of information in decision making starts with measurable quality objectives and requires the objectives be consistent with the quality policy. Data must be gathered, analyzed and assessed against the objectives.
At issue for the auditor are the analysis and use of data. The data should be available and used for measuring and improving processes, product quality and reliability, and customer satisfaction. Many organizations gather data but do not use them effectively for improvement. Customer satisfaction data are especially difficult to gather and use effectively.
The following are requirements relating to a factual approach to decision making:
- Document the quality objectives (4.2.1).
- Ensure objectives are measurable and consistent with quality policy (5.3, 5.4.1 and 5.4.2).
- Assess the need for changes to the quality objectives (5.6.1).
- Determine the objectives and requirements for the product (7.1).
- Assess improvements in customer satisfaction, product quality, processes, suppliers and the QMS in general (8.4).
6. Mutually beneficial supplier requirements
ISO 9001:2000 simplifies supplier management requirements. Note, too, that control of outsourced processes is different from management of suppliers and must be identified in the QMS.
The following requirements relate to a factual approach to decision making:
- Control suppliers and purchased products based on their effect on the final product (7.4.1).
- Select, evaluate and re-evaluate suppliers (7.4.1).
- Assess requirements prior to communication to suppliers (7.4.2).
- Use data analysis to improve suppliers (8.4).
- Control outsourced processes (4.1).
7. Process approach. The elements of a process are inputs, outputs, controls and resources. A process, constrained by the controls, converts the inputs into outputs using the resources. The major structural change to ISO 9001 is the creation of four superprocesses and the requirement to identify, monitor, measure, analyze and improve all QMS processes.
A fundamental issue for auditors is to determine the organization's understanding of processes. Auditors also must identify the methods of managing outsourced processes--a key in today's contract manufacturing environment.
Six processes must be documented: control of documents, control of records, internal audit, control of nonconforming product, corrective action and preventive action. How do you audit a process that is not documented? One solution is to interview some process users and look for consistency. The auditor can also review the process records.
The following are requirements relating to the process approach:
- Identify and control processes needed in the QMS, including outsourced processes (4.1).
- Include process performance in management review as an input and actions to improve processes as an output (5.6.2 and 5.6.3).
- Ensure consistent planning of product realization (7.1).
- Monitor, measure, analyze and improve processes (4.1, 8.2.3).
- Analyze data to provide information on characteristics and trends of processes (8.4).
8. System approach to management. A QMS is a system of processes linked to effectively manage the quality of products and services. A main requirement is to determine the sequence and interaction of these processes.
A second major consideration is the issue of exclusions allowed only in section 7. The auditor has a role in reviewing the exclusions and determining whether or not they are justified.
The following requirements relate to the system approach:
- Determine the sequence and interaction of processes (4.1).
- Justify exclusions (1.2).
- Ensure processes needed for the QMS are established, implemented and maintained (management representative, 5.5.2).
- Plan and develop the processes and records to show the realization processes and products meet requirements (7.1).
- Manage customer related processes (7.2), design and development processes (7.3), purchasing processes (7.4), production and service provisions (7.5) and monitoring and measuring devices (7.6).
- Plan and implement monitoring, measurement, analysis and improvement processes (8.1).
It is clear auditing has grown in complexity. Auditors can no longer simply go through the standard element by element.
The eight quality management principles transcend the basic elements and must be identified and continually improved within an organization. While this may add challenge to the job of auditing, it also leads to many opportunities for auditors to be value added suppliers.
4. Jack West, "Quality Management Principles: Foundation of ISO 9000:2000 Family," Quality Progress, February 2000, pp. 113-116.
SANDFORD LIEBESMAN, former ISO manager for corporate quality and customer satisfaction at Lucent Technologies, is now a consultant in the standards area. He is a member of ISO/Technical Committee 176 and the QuEST Forum. Liebesman is also a Registrar Accreditation Board certified lead auditor, a certified TL 9000 lead auditor, author of Using ISO 9000 To Improve Business Processes and co-author of the ASQ Quality Press book TL 9000: A Guide for Measuring Excellence in Telecommunications.