I have recently conducted an audit at one of my clients multi-site company. So I get to see how the various local mangement representatives prepares for my audit. This one site managers management of the audit processes stands out.
When I arrive on site, he has printed all the applicable corrective actions for his site, not that many, and he also has any continuous improvement project data readily available.
Also, he printed a copy of my last audit report, along with detailed notes of how he has addressed every corrective action and any opportunities for improvement.
After that, he has his quality objective data out and how the site is performing against those metrics.
In addition, he has questions on how to make his system better. He is connected and engaged.
After I left I felt like he could give a class on how to prepare for an audit, and thus this blog was born.
Yes, Riverside California, you make an auditor smile! :-)
Friday, August 6, 2010
Sunday, April 25, 2010
What makes a good auditor?
What makes a good auditor?
I got into this business after dealing with a pretty bad auditor. It's funny that was my inspiration. I dove into this field, without any of the research that you are supposed to do.
Back to the subject: What makes a good auditor? Here is one of my client testimonials on the subject:
This is our third year of working together and we happy to have you as part of our internal auditing team. You made our internal auditing program very easy and efficient by being always truthful, fair and open-minded. You have also helped to make our internal audits more effective. People started to look at the audits with more positive attitude because of your ability to communicate effectively with others. Your great experience has made our internal audit program transparent and very convenient for our business."
Everything said above refers to the outcomes of a great auditor. A auditor needs to make people feel at ease, I view audits as opportunities to get to know the people and the processes. An auditor needs to know the standard that they are auditing agaiinst. They also need to pick their battles, and write up non-conformances that are important, systemic issues.
Another characteristic that an auditor needs is inquisitiveness, ask why why why why, and then show me.
Johnson George added to this linked in blog by writing: Make the auditee team comfortable
- Explain your purpose of audit, make them feel it is the system you are auditng and not the person
- While you write notes, let them see what you are writing (or else they are going to be scared - are you upto giving an NC?)
- Summarise and agree on all the NC's
- Do write a clear report so that they can respond to your NC with effective Correction, Root Cause and Corrective Action
- Offer to help find root cause (this works)
Edward Doss added: As per ISO 19011:2002 (E), 7.2 Personal attributes
Auditors should possess personal attributes to enable them to act in accordance with the principles of auditing described in clause 4.
An auditor should be:
a) ethical, i.e. fair, truthful, sincere, honest and discreet;
b) open-minded, i.e. willing to consider alternative ideas or points of view;
c) diplomatic, i.e. tactful in dealing with people;
d) observant, i.e. actively aware of physical surroundings and activities;
e) perceptive, i.e. instinctively aware of and able to understand situations;
f) versatile, i.e. adjusts readily to different situations;
g) tenacious, i.e. persistent, focused on achieving objectives;
h) decisive, i.e. reaches timely conclusions based on logical reasoning and analysis; and
i) self-reliant, i.e. acts and functions independently while interacting effectively with others.
and finally any auditing mechanism is not an fault finding activitiy rather its an fact finding methodology..
So what did we miss? What makes a good auditor?
I got into this business after dealing with a pretty bad auditor. It's funny that was my inspiration. I dove into this field, without any of the research that you are supposed to do.
Back to the subject: What makes a good auditor? Here is one of my client testimonials on the subject:
This is our third year of working together and we happy to have you as part of our internal auditing team. You made our internal auditing program very easy and efficient by being always truthful, fair and open-minded. You have also helped to make our internal audits more effective. People started to look at the audits with more positive attitude because of your ability to communicate effectively with others. Your great experience has made our internal audit program transparent and very convenient for our business."
Everything said above refers to the outcomes of a great auditor. A auditor needs to make people feel at ease, I view audits as opportunities to get to know the people and the processes. An auditor needs to know the standard that they are auditing agaiinst. They also need to pick their battles, and write up non-conformances that are important, systemic issues.
Another characteristic that an auditor needs is inquisitiveness, ask why why why why, and then show me.
Johnson George added to this linked in blog by writing: Make the auditee team comfortable
- Explain your purpose of audit, make them feel it is the system you are auditng and not the person
- While you write notes, let them see what you are writing (or else they are going to be scared - are you upto giving an NC?)
- Summarise and agree on all the NC's
- Do write a clear report so that they can respond to your NC with effective Correction, Root Cause and Corrective Action
- Offer to help find root cause (this works)
Edward Doss added: As per ISO 19011:2002 (E), 7.2 Personal attributes
Auditors should possess personal attributes to enable them to act in accordance with the principles of auditing described in clause 4.
An auditor should be:
a) ethical, i.e. fair, truthful, sincere, honest and discreet;
b) open-minded, i.e. willing to consider alternative ideas or points of view;
c) diplomatic, i.e. tactful in dealing with people;
d) observant, i.e. actively aware of physical surroundings and activities;
e) perceptive, i.e. instinctively aware of and able to understand situations;
f) versatile, i.e. adjusts readily to different situations;
g) tenacious, i.e. persistent, focused on achieving objectives;
h) decisive, i.e. reaches timely conclusions based on logical reasoning and analysis; and
i) self-reliant, i.e. acts and functions independently while interacting effectively with others.
and finally any auditing mechanism is not an fault finding activitiy rather its an fact finding methodology..
So what did we miss? What makes a good auditor?
Tuesday, February 16, 2010
A closer look at Quality Records
Control of Quality Records is probably one of the least glamourous sections of the ISO 9001 standard.
What the ISO 9001 standard requires: 4.2.4 Control of records
Records shall be established and maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system. Records shall remain legible, readily identifiable and retrievable. A documented procedure shall be established to define the controls needed for the identification, storage, protection, retrieval, retention time and disposition of records.
Automotive, Medical and Aerospace may have additional requirements as well.
For the typical company adhering to ISO 9001 requirements there are a variety of Quality Records which must be kept to provide evidence that the company is complying with the requirements of the standard
Electronic Record Retention
During my audits I am finding that Quality Records Tables or Master Lists of Records do not account for the electronic side of record retention. Typially sales inquiries are kept on e-mail, but we don't mention sales orders, inquiries, etc on the Quality Records Table. Or the quality records table will say that these records are kept for 2 years. Well a quick comparison to what the IT folks are regulating turns up a different story. E-mails quickly deleted after six months. Well happens as evidence of conformity if we are only keeping our records for six months.
A quick way to ensure that your Quality Records Table contains everything that the QMS standard requires is to go through the standard for each requirement and keep track of each reference that requires "records". Then double check that against your quality records table.
Confidentiality
The Quality Records Process should also include how we are going to keep information confidential. If we dispose of a computer, reformatting the hard drive - is that enough to ensure that any customer specifications or personnel records are protected? Does your organization understand that erased data on an old computer drive may still be retrievable? A report "Skeletons on your Hard Drive" by Matt Hines for CNET News.com shows that just because a hard drive was reformatted - the information can still be found. Something to consider when making computers obsolete.
What the ISO 9001 standard requires: 4.2.4 Control of records
Records shall be established and maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system. Records shall remain legible, readily identifiable and retrievable. A documented procedure shall be established to define the controls needed for the identification, storage, protection, retrieval, retention time and disposition of records.
Automotive, Medical and Aerospace may have additional requirements as well.
For the typical company adhering to ISO 9001 requirements there are a variety of Quality Records which must be kept to provide evidence that the company is complying with the requirements of the standard
Electronic Record Retention
During my audits I am finding that Quality Records Tables or Master Lists of Records do not account for the electronic side of record retention. Typially sales inquiries are kept on e-mail, but we don't mention sales orders, inquiries, etc on the Quality Records Table. Or the quality records table will say that these records are kept for 2 years. Well a quick comparison to what the IT folks are regulating turns up a different story. E-mails quickly deleted after six months. Well happens as evidence of conformity if we are only keeping our records for six months.
A quick way to ensure that your Quality Records Table contains everything that the QMS standard requires is to go through the standard for each requirement and keep track of each reference that requires "records". Then double check that against your quality records table.
Confidentiality
The Quality Records Process should also include how we are going to keep information confidential. If we dispose of a computer, reformatting the hard drive - is that enough to ensure that any customer specifications or personnel records are protected? Does your organization understand that erased data on an old computer drive may still be retrievable? A report "Skeletons on your Hard Drive" by Matt Hines for CNET News.com shows that just because a hard drive was reformatted - the information can still be found. Something to consider when making computers obsolete.
Tuesday, February 9, 2010
Social Media
I am wondering how our use of social media relates to the better mousetrap theory. Build it and they will come - (the customers of course). Yesterday, I have been working with the web designer, newsletter designer, twitter, etc, and I am on social media overload. Yesterday I checked my competitors key words to see what they are using and they all seem to be clueless, which is strange because their sites rank sometimes better than mine.
Linked in
My favorite media so far is linked in, my only gripe about that is when marketing types add discussions which are basically SPAM. So instead of SPAM in my e-mail I get SPAM in my groups. So I am ready for someone to design a SPAM filter for social media. Linked In Spammers have no clue on building a reputation or networking. I quit my local linked in group because a realter would spam me everytime he had a listing. Am I missing anything when I left? I am not sure. All I know is that I am NOT missing any real estate listings.
So what are your thoughts? Are we relying on Social Media too much? Or is it another tool to communicate and establish relationships with potential customers.
Linked in
My favorite media so far is linked in, my only gripe about that is when marketing types add discussions which are basically SPAM. So instead of SPAM in my e-mail I get SPAM in my groups. So I am ready for someone to design a SPAM filter for social media. Linked In Spammers have no clue on building a reputation or networking. I quit my local linked in group because a realter would spam me everytime he had a listing. Am I missing anything when I left? I am not sure. All I know is that I am NOT missing any real estate listings.
So what are your thoughts? Are we relying on Social Media too much? Or is it another tool to communicate and establish relationships with potential customers.
Friday, February 5, 2010
Somestimes fixing the problem is more important that what you label it
Somestimes fixing the problem is more important that what you label it
I call it: Common Sense Auditing. What are you thoughts?
I received a call from a client today having trouble with root cause analysis for a non-conformance I wrote regarding "No defined frequency for Product Audits". To satisfy that requirement in TS 16949 I would expect to see a schedule or a paragraph in the procedure which talks about how often/when/etc.
Because TS breaks out Product Audits separately, the procedure referring QMS audits are done at least once per year didn't cover the topic Product Audits so a NC was issued during the audit. Not a major deal; something that can be address easily.
You say Tomato - I say To-Mat-O
After talking to my client we decided to call it an opportunity for improvement, clearing the way to get passed the root cause analysis and fix the issue.
Because TS breaks out Product Audits separately, the procedure referring QMS audits are done at least once per year didn't cover the topic Product Audits so a NC was issued during the audit. Not a major deal; something that can be address easily.
You say Tomato - I say To-Mat-O
After talking to my client we decided to call it an opportunity for improvement, clearing the way to get passed the root cause analysis and fix the issue.
It was a simple problem which can be corrected easily. We skipped the root cause analysis for this, and sometimes that is ok. Not for the big stuff though.
I call it: Common Sense Auditing. What are you thoughts?
Subscribe to:
Posts (Atom)
