Here are some excerpts from an Ebook..
thought this part might help you
Certification Audits
13.4.1 You Cannot Fail
It is impossible to fail certification (unless you quit). The worst thing that can
happen is that it might take a little longer and cost a little more.
The final point that we wish to make in our discussion of the direct
sequence manual is that you cannot fail an initial assessment, unless you simply
quit. The worst thing that can happen is that is might take longer and cost
more. This is an established fact for the initial systems assessment (certification
assessment). One does not fail a third-party assessment; it is a part of the ISO
mythology. One does get nonconformances that need to be corrected. The
worst case is a major finding that could delay the certification process by up
to three months and cost some more to pay the registrar’s lead assessor to
come back and clear the nonconformance. But that is it. This is the primary
reason that so many consulting groups will agree to guarantee certification/
registration [6].
The steward’s task is to make sure that there are no major findings possible.
This is accomplished via in-depth internal audits by well-trained auditors.
The audits should be evenly distributed throughout the creation process and
not left to the last moment prior to the document review. The audits not only
increase the probability of a major nonconformance-free certification assessment,
but they form the base of a dynamic corrective and preventive action
program.
220 Leadership
Inevitably there will be minor findings at the initial systems assessment,
the first surveillance, the second surveillance, the recertification assessment,
and the re-recertification assessment. That is what continuous improvement is
all about. I still come up with nonconformances with clients that I have
audited for over 8 years.
Organizations undergo all manner of change over 3 years (e.g., top management
changes; mergers; acquisitions; moves to new facilities; market ups
and downs; national and international tragedies, including war, floods, and
fires). Without sufficient audits, the documentation falls behind reality and
even the act of auditing begins to evaporate. It is equivalent to firing the sales
staff because sales are down. Find the root causes, make the necessary
changes to match the changed scenario, and move forward.
There, of course, can be major findings. By major findings we mean, for
example, an ineffectual management review, a poorly managed training program,
a lack of internal quality audits, a corrective and preventive action program
that is uncertain and loosely managed. The stewards must pay close
attention to these areas. One of the traps in the management review process is
for the top manager to use the management review as a “rah rah” session
instead of focusing on the enterprise’s deviations from its planned goals based
on firm and quantitative metrics. You say, “Never happens”? It does.
Another danger area is the loss of internal auditors due to downsizing,
burnout, disinterest, and promotion. It is important to maintain a constantly
trained group of auditors to cover such contingencies. A safe level of auditors
depends on the organization’s size in both people and square footage and the
degree of outsourcing. Today, we have situations where the organization consists
of one person in the site and everything else is outsourced. Your registrar
will work with you to cover this event. It does happen and people get certified.
13.4.2 Audit Focus
An experienced assessor pays special attention to the requirements in the
following:
◗ Section 4: Quality Management System—In this set lies the superstructure of
the QMS and where change is controlled, especially with regard to
processes and continual improvement.
◗ Section 5.4: Planning—This determines how closely quality objectives are
planned and measured.
◗ Section 5.6: Management Review—This somewhat prescriptive set of paragraphs
contains the review of continual improvement drivers of internal
13.4 Certification Audits 221
audits, customer feedback, process performance, product conformity,
preventive and corrective actions taken, and the manner in which
top management responds to required change and opportunities for
improvement.
◗ Section 7.3: Design and Development—Special attention is to be directed to
the design review, verification, and validation functions.
◗ Paragraph 8.2.2: Internal Audit—This looks especially at whether all areas
of the organization have been audited against all appropriate paragraphs
and the audits have included all pertinent regulatory requirements.
◗ Paragraph 8.5.2: Corrective Action—This applies especially the management
of customer complaints.
◗ Paragraph 8.5.3: Preventive Action—This requirement indicates clearly the
degree to which the organization is either reactive to nonconformances
(e.g., performs root-cause analysis on a set of nonconformances
reported during corrective action) or takes a proactive perspective (e.g.,
performs risk analysis and designs in safety and introduces best practices
to all operating groups based on improvements in one group to prevent
nonconformities [7]) not only during the initial assessment but at every
subsequent surveillance assessment. It is customary for registrars to
require management review, design and development, internal audits,
review of customer complaints, and review of QMS document changes
to be mandatory for some percentage of the surveillance audits (e.g.,
every 6 months for internal audits and every 12 months for the design
and development).
Special attention to these requirements ensures that the continuous
improvement cycle is maintained throughout the life of the ISO 9000 program.
When the Shewhart cycle is enforced, the odds are very high that the
supplier will derive the benefits inherent from an effective QMS [8].
13.4.3 Assessor Role
Indeed, the role of the assessor is to teach and clarify. If this goal is met, the
assessor feels fulfilled at the end of a long and intense audit, and the client feels
that the effort was worth it. Alternately, if the assessor feels that the goal is to
catch the client, both parties will end up with a feeling of uselessness, and the
client will begin to seek out other registrars [9]. That the audit findings must be
substantive, and of value to the client, is the foundation upon which the ISO
third-party schema will either continue to expand or eventually decline.
222 Leadership
In the search for added value, my most effective rule is to ask the gutoriented
question: does the method sound stupid? If it sounds stupid, it is—try
another approach. This works every time. I always consider whether my finding
will be of economic value to the enterprise. There is a fine line between
conformance to the Standard and worth to the client. No system is perfect to
start with, and no system becomes perfect in the process. Organizations are in
constant change through new products, new technologies, acquisitions, mergers,
the vagaries of markets, and the potential horrors of nationalistic power
mania.
It is vital that the organization continually stretch its processes for
improvement but not stretch beyond its economic boundaries. The auditor
can play an important role in this scenario. It is best to try to get inside the
mind of the top executive and see what makes sense within the strategic
parameters of the operation. Auditors with this perspective will find themselves
welcomed back more times than not.
13.4.4 Structure of the Audit
To carry out an effective audit of the Standard requires that we apply the pertinent
clauses of the Standard against every enterprise process. This also
means that we also ensure that each subprocess is covered in detail. Table 13.5
uses the same core competencies as shown in Figure 1.2.
Our example, shown in Table 13.5, is based on a small organization hierarchy.
We have assumed that the departmental processes contain the following
subprocesses:
1. Executive: business plan, management review, and steering committee;
2. Marketing and sales: servicing, product managers, marketing, sales, and
distributors;
3. RDT&E: research and development, design, product support, engineering
change, and document and engineering records control.
4. Operations: QA&RA, manufacturing, production control, purchasing,
inventory control, and shipping and receiving;
5. QA&RA: ISO management representative, document and record control,
metrology, corrective and preventive action, audits, quality
control inspection, reliability, and data analysis and trending;
6. Finance: human resources, management information systems, financial
control and analysis, and cost of quality support;
13.4 Certification Audits 223
Human resources: hiring, training, and employee development;
8. Servicing: customer service, repair, and installation.
The chart suggests which clauses to apply to which process and thereby suggests
which employees are to be interviewed. The planned date of the audit and
auditors could also be placed in the box instead the star. Other usual audit
activities are also implied, such as auditing the distribution of documents
throughout the facility, auditing records in various file cabinets, asking employees
what they believe the quality policy means and who they think is the ISO
9000 management representative, and examining the status of training.
Unfortunately, there is no end of concern with regard to the manner
in which we are to audit either (1) the requirement that no procedure is
required for many clauses, or (2) the sometimes extremely descriptive language
of some clauses (e.g., Clause 7.5.5: Preservation of Product). This clause
is about as short and sweet as you can get with regard to a most complex and
extensive issue that includes electrostatic discharge protection, shelf-life control,
and a number of different types of preservation coatings as well as packaging
and delivery. Fortunately, the topic of audit management has received
wide recognition and many authors offer sensible ideas on how to approach
the subject [10].
To formulate such an audit structure, it is important to realize that this
process-oriented scenario has an intrinsic hierarchal structure of the type
shown in
If you want more material- the Ebook
Send me your mail ID and Ill send it to you
regards
Ken