A closer look at two difficult IATF 16949 requirements
by R. Dan Reid
The International Automotive Task Force (IATF) has released information on the most-cited IATF 16949:2016 clauses during initial audits for organizations transitioning from ISO Technical Specification (TS) 16949:2009.
One such clause—control of production and service provision—was discussed in the November 2017 Standard Issues column.1 This month’s column focuses on two more clauses generating major nonconformances in IATF 16949 transition audits: internal auditor competency and total productive maintenance (TPM).
Internal auditor competency
IATF 16949:2016, Subclause 7.2.3—Internal auditor competency generated the most major nonconformances in the transition audits performed through August 2017. Internal auditors often missed nonconformances in the quality management systems (QMS) they were auditing with alarming regularity, which may have contributed to the number of findings against this clause so far.
This may be due to a misunderstanding regarding what processes internal auditors can audit while remaining impartial. Auditors must have competency to audit the processes assigned to them, which often means they must audit their own function or department. Purchasing people likely aren’t competent to effectively audit engineering and some other functions. The standard for auditor impartiality is that auditors must not audit their own work, but they should be able to audit their own function.
Under the new standard, auditors must examine the following aspects of each QMS process as required by ISO 9001:2015, clause 4.4:2
- Outputs (intended results or intended outcomes).
- Sequence of processes.
- Interactions between processes.
- Process metrics.
- Process controls (see ISO 9001:2015, subclause 8.5.1).
- Resources (see ISO 9001:2015, clause 7).
- Specifying responsibilities and authorities (power to act, for example) (see ISO 9001:2015, subclause 5.3.1).
- Addressing risks and opportunities (see ISO 9001:2015, clauses 6.1 and 10.3).
- Process evaluation and update, as needed (see ISO 9001:2015, subclauses 9.1.1 and 9.1.3).
- Process and QMS improvements (see ISO 9001:2015, clause 10.3).3
To meet the intent of the requirements, processes must be documented to indicate the inputs, outputs and sequence of the process steps. This is referred to as the process approach. The International Accreditation Forum has communicated to its certification bodies that the use of the process approach is one of the most important requirements for a QMS.
Further, the IATF added new requirements for internal and second-party auditor competency by incorporating the process approach, among other things. Under IATF 16949, a documented process must be used to verify auditor competency. The auditor competency process must include verification of auditor competency in several specified requirements and skills.
See Figure 1 for an example of an auditor competency process based on the new IATF requirements, including the October 2017 IATF Sanctioned Interpretations that amended the original IATF 16949 auditor competency requirements.
ISO 19011 lists principles and personal attributes that are necessary prerequisites for being an effective auditor. The ISO 19011 auditing principles include integrity and fair presentation. IATF is concerned with third-party auditors adhering to these principles and attributes. For example, auditors should not call a nonconformity an opportunity for improvement (OFI). ISO 9000, subclause 3.6.9 defines nonconformity as "non-fulfillment of a requirement."4 An OFI is a conformity, but one that could be more effective or efficient. Organizations now must assess the competency of their auditors, address any gaps and retain documented information, such as records, as evidence of their auditors’ competence to avoid audit nonconformances.
Another new requirement under IATF 16949, outlined in subclause 184.108.40.206, is for an organization to maintain a "documented total preventive maintenance system." This is different from the typical requirement of a documented process or procedure. This difference in clause terminology could be causing some confusion in the transition audits. Further, because this is a new requirement, maintenance employees may not be familiar with writing effective process documentation to address the new requirements.
An IATF 16949-compliant TPM system must include the following:
- Identification of appropriate and adequate process equipment for quality and capacity.
- Availability of replacement parts (carried over from ISO/TS 16949:2009).
- Adequate resources for machine, equipment and facility maintenance.
- Packaging and preserving equipment, tooling and gaging (carried over from ISO/TS 16949:2009).
- Applicable customer-specific requirements.
- Documented maintenance objectives (carried over from ISO/TS 16949:2009).
- Maintenance metrics.
- Regular review of maintenance plan and objectives.
- A documented action plan to address corrective actions when objectives are not achieved.
- Use of preventive maintenance methods.
- Use of predictive maintenance methods, as applicable (carried over from ISO/TS 16949:2009).
- Periodic overhaul.5
This last item—periodic overhaul—may not be well understood by many organizations. IATF 16949 defines it as a "maintenance methodology to prevent a major unplanned breakdown where, based on fault or interruption history, a piece of equipment, or subsystem of the equipment, is proactively taken out of service and disassembled, repaired, parts replaced, reassembled, and then returned to service."6 This is similar to the ISO/TS 16949:2009 requirements, only more detailed.
As for using preventive and predictive maintenance methods (items 10 and 11), ISO/TS 16949:2009 defined predictive maintenance as "activities based on process data aimed at the avoidance of maintenance problems by prediction of likely failure modes"7 and preventive maintenance as "planned action to eliminate causes of equipment failure and unscheduled interruptions to production, as an output of the manufacturing process design."8 Those definitions carry over into IATF 16949:2016.
It may be unclear to maintenance organizations how best to document and address these new requirements. Also, ISO/TS 16949:2009 requirements were limited to key equipment, whereas the new requirements encompass more. QMS practitioners may need to provide assistance with this clause going forward.
Another factor that may apply for auditing TPM system requirements and other clauses is auditor competency. Many auditors have not been responsible for, or worked in, maintenance operations. It is unclear whether organizations or certification bodies require their auditors to have maintenance operation training to properly audit IATF 16949. This concern also applies to other IATF 16949 clauses, such as corporate responsibility (subclause 220.127.116.11) and purchasing processes (clause 8.4).
These are just two of many other automotive QMS requirements that are difficult to successfully implement, such as risk, contingency plans, problem solving and management review. Look for discussions of those requirements in future columns.
- R. Dan Reid, "Navigating Difficult Requirements," Quality Progress, November 2017, pp. 63-65.
- International Organization for Standardization (ISO) and the International Accreditation Forum, ISO 9001 Auditing Practices Group Guidance on Processes, Jan. 13, 2016, https://tinyurl.com/yd6cdeve.
- International Automotive Task Force (IATF), IATF 16949:2016—Automotive quality management, Subclause 7.2.3—Internal auditor competency.
- ISO, ISO 9000—Quality management systems—fundamentals and vocabulary, subclause 3.6.9.
- IATF, IATF 16949:2016—Automotive quality management, subclause 18.104.22.168.
- Ibid, subclause 3.1.
- ISO, ISO/TS 16949:2009—Quality management systems, subclause 3.1.8.
- Ibid, subclause 3.1.7.
R. Dan Reid is the principal consultant with Management Systems Consulting LLC in Farmington, MI. He is an author of ISO Technical Specification 16949, QS 9000, ISO 9001:2000, ISO IWA-1 (the first International Organization for Standardization international workshop agreement), the Chrysler, Ford, GM Advanced Product Quality Planning With Control Plan, Production Part Approval Process and Potential Failure Modes and Effects Analysis manuals. Reid was the first delegation leader of the International Automotive Task Force. He is an ASQ fellow, an ASQ-certified quality engineer and a trainer of many standards, including ISO 13485, AS9100, ISO 14001, ISO 45001 and the German automotive standard VDA 6.3.