Welcome to the Whittington & Associates e-Newsletter!
Visit and bookmark our web site today: http://www.WhittingtonAssociates.com

ISO has opened a new section on its web site to help small and medium-sized enterprises achieve the benefits of implementing quality (ISO 9001) and environmental (ISO 14001) management systems.

According to ISO Secretary-General Alan Bryden, “Small and medium-sized enterprises may mistakenly perceive International Standards as being only for big business and government. In fact, they too can benefit from the state-of-the-art technology and management practices disseminated by International Standards, which also open the door to export markets and participation in global supply chains.

ISO has added a number of articles<> to the frequently visited ISO 9000/ISO 14000 section on its web site to make it easier for small businesses to implement the ISO 9001 and ISO 14001 standards that were being used by some 760,900 organizations in 154 countries at the end of 2004. The articles, which first appeared in ISO Management Systems magazine, cover the following topics of interest:

1. Taking the first steps towards a quality management system

Having made the decision to implement a quality management system, small businesses are often unsure just how to get started. This article takes managers of small businesses through the first steps and is based on advice given in the ISO handbook, ISO 9001 for Small Businesses. You can order a copy at the ANSI Web Site.

2. Taking the first steps in environmental management

This article explains clearly how small businesses can implement an environmental management system so that the process is not a series of hurdles, but rather a set of practical steps towards raising environmental and business performance.

3. Quality management consultants: instructions for use

A decision to implement a quality management system may be the organization’s first real contact with the world of ISO 9000, and many turn to an external consultant for help. This article gives some helpful pointers. It was written by the leader of the group of experts that developed ISO 10019:2005, Guidelines for the Selection of Quality Management System Consultants and Use of their Services.

4. Implementing ISO 14001: do you hire a consultant, or Do-It-Yourself?

This article helps managers of small businesses answer some essential questions. Should you hire a consultant to help with environmental management system implementation, or go it alone? What are the advantages and potential pitfalls? How can you get best value for money if you hire a consultant and what are the criteria you should use for choosing one?

The term Six Sigma is widely used as an approach for process improvement and learning. It is a disciplined, structured, data-driven methodology to solving problems. Along the path to popularity, Six Sigma lost its meaning as a statistical measure and instead inherited the meaning of merely another measurement program. Organizations that intend to employ Six Sigma ought to consider which definition of six sigma is their target: a process improvement approach, or a statistical measure for variation. This article explores the significance of the differences between six sigma and Six Sigma. Read on if you dare.

When did free come to mean free after rebate? And when did Six Sigma become something other than a statistical notion? Or have you not noticed that the term Six Sigma no longer means a statistical measure for variation? For every organization that attempts to use six sigma as a statistical measure of process improvement, three other organizations use it merely to describe a process improvement effort. Most of these organizations have no intention of using six sigma statistically, but it likely impresses the folks higher up in the food chain.

Affixing lean to the term, as in Lean Six Sigma (LSS), is currently an institutional silver bullet. Do not feel left out if you have not been exposed to LSS; one Internet search found only about 125,000 LSS-related sites, but more than 1.7 million sites for Six Sigma. Very few of these sites advocate six sigma’s statistical meaning, contributing to the miscommunication regarding Six Sigma processes.
 
As with most trendy initiatives, LSS has it own status symbols: green belts, black belts, and an assortment of colors and variations depending on the accrediting organization. In addition, LSS has a lexicon, words like kaizen, kaikaku, kanban (yes, there are more than just k words). There is one more Japanese word that the LSS industry may have forgotten: it is muda, or the word for waste. Without applying statistical measurement, organizations may be wasting their process improvement resources.

The application of LSS may bring numerous well-intended results, including defect reduction, work in progress reduction, cycle time reduction, cost savings, fewer hand-offs and queues, minimized changeover time, workload leveling, and more. Organizations in pursuit of process improvement are often well-advised to consider LSS to diagnose, improve, and measure their processes.

Motorola Corporation gets much of the credit for popularizing Six Sigma and the phrase 3.4 defects per million – the battle cry of the Six Sigma world. Simply re-stated, Six Sigma has come to be synonymous with no more than 3.4 defects per million opportunities (DPMO). An opportunity might be defined as a keystroke or a mouse click, depending on whether the process being measured is developing software or writing an article.

Often, the value 3.4 DPMO is followed with a footnote or an asterisk; the fine print typically ignored. Six Sigma proponents claim that the 3.4 DPMO is the long-term process performance after the occurrence of a sigma shift. The sigma shift is a 1.5 sigma difference from 6 to 4.5 sigma performance. The underlying assumption is that short-term performance (of say 6 sigma) is really 4.5 sigma in the long term as entropy sets in. Sigma shift translates to more defects per million – 1,700 times more. Statistical 6 sigma is not 3.4 DPMO, it is actually 2 DPBO; that is defects per billion opportunities, a difference factor of 1,700.

Did you just get a sense of uneasiness? Remember that most companies claiming the use of six sigma for process improvement are not using either of these statistical values; they are merely targeting their processes for measured improvement.

What if performance improved over time, though, in contrast to being subject to entropy? A sigma shift for better would be a 7.5 sigma process. A 7.5 sigma process would have three defects per hundred trillion (3.1 DPhTO [Schofield notation])
.
While a 7.5 sigma process seems an unreasonable expectation, at this rate the commercial airline industry would encounter a fatal event every 17,500 years, U.S. highways would incur 23 deaths per year instead of 40,000, and three deaths per annum would be realized from prescription defects instead of 7,000.

But a 7.5 sigma performance is not unreasonable in the computing world. Consider for a moment a teraflop machine that operates at one trillion floating point operations per second. In a mere 100 seconds, three defects would be generated. Within one year, 1,246,080 defects would be generated.

It gets worse. Within the next year (or so) the petaflop machine will be released. A machine operating at that speed could generate over more than one billion defects per year if operating at 7.5 sigma. Do you feel more unease? Do not get prematurely paranoid – a petaflop machine is unlikely to appear on your desktop anytime soon.

Fortunately, hardware performs far more reliably than the sigma levels just described suggest, but that does not apply to software. Software defects cost the U.S. economy almost $60 billion a year. Of course, software defects are not limited to software. Auto companies such as BMW, DaimlerChrysler, Mitsubishi, and Volvo have all experienced software-related product malfunctions (defects) that include engine stalls, wiping interval problems, gauge illumination defects, and transmission gear errors. Software technicians in Panama were charged with murder after 21 patients died from gamma ray overdoses in just 40 months. Sorry, no sigma levels released. And yet, 62 percent of polled organizations lack a software quality assurance group.

Practicing statistical something sigma is an industry best practice. The Software Engineering Institute’s Capability Maturity Model Integration recognizes the relevance of measurements and analysis by placing it prominently as a Level 2 Process Area in its staged representation. Later in the model, there is the need to identify assignable and common cause variation at maturity Levels 4 and 5, respectively.

So, when did statistical notions become ambiguous with words like Lean and Six Sigma? Perhaps organizations should raise an alert when the term six sigma is used to investigate its contextual alignment with expectations, visions, and goals. Perhaps, too, the process improvement initiative will have an increased likelihood of success – regardless of what it is called.

Conclusion
Given the abundance of quality improvement and Six Sigma tools available to organizations today, incorporating six sigma measurements might not be that difficult – if the organization chooses to do so. For instance, brainstorming techniques for current state weaknesses could be validated with statistical data (perhaps not to a six sigma threshold, but the introduction of any statistical validation on root cause analysis might provide relevant insight into weaknesses). Root causes listed on cause and effect (Fishbone) diagrams could similarly be validated with statistical data collection. Process flow maps could use the distribution of a statistical sample in assigning hands-on and queue time measurements. Each of these uses of statistics would begin to reintroduce the use of quantitative measures into the Six Sigma movement, perhaps leading to the reemergence of six sigma quality thresholds.

Mark Twain probably was not thinking about Six Sigma when he described the three types of lies as lies, darned lies (paraphrased), and statistics, but his quote seems apropos given how Six Sigma proponents use six sigma today. Six Sigma should be reserved for, well, six sigma performance – a statistical measure for variation. Maybe then quality will translate to fewer product recalls, lower costs will mean that costs are decreased, and six sigma performance will equate to two defects per billion – maybe that is asking too much. Distinguishing between statistically measured performance and measured performance can help assess the true progress of an improvement effort. When applying Six Sigma for process improvement, do not leave out the six sigma.

This article is a summary of one with the same title written by Joe Schofield with Sandi National Laboratories. To see his full article, go to the CrossTalk Journal web site.

Please note that the scope of this article is internal (first party) auditors. The assumption is made that (as in many companies) internal auditors are a volunteer force of employees that hold down “real” jobs within the company (assembler, lead, service manager, etc.).  If the situation is different in your organization, some of these suggestions will require modification.

The purpose of auditing is to seek opportunities for improvement in quality management system processes. These improvements, in turn, bring the organization closer to its goals. This is a critical activity and you want to make sure the auditors are effective. In addition to familiarizing yourself with the new ANSI/ISO/ASQ QE 19011S-2004, a supplemental guideline for auditing that addresses internal audits, consider the following ideas: 

1. Hold pizza training.  It is very difficult to provide internal audit training, typically 16 to 24 hours, to a group of employees. Ongoing, recurrent training for internal auditors is practically non-existent in many organizations. One way to “make time” for continual training:  Ask internal auditors to surrender their lunch period (30 minutes) in exchange for free lunch. Adults learn best in abbreviated periods and having only a 30 minute window forces succinct topics.  Examples include:

• Active listening
• Review of “quality management system”
• Time management / Organization
• Using a digital camera (a picture is worth 1000 words and can easily be “pasted” into an audit report)
• Seven basic quality tools (cause and effect diagram, checksheet, etc.)
• Interviewing
• Writing non-conformity statements
  

Conclusion

Good auditing requires competent auditors. Competency requires continued training or external resources.  Use both to provide the best level of auditing within your organization.

. She is a lead and aerospace auditor, registered with RABQSA. She is on the Board of Directors of ASQ and holds the CQE, CQA, CQManager, and Six Sigma Black Belt certifications. She holds degrees in industrial engineering, mathematics, and an MBA in finance.

In future newsletters, look for her ideas on 1) Responsibility and authority assignments, 2) Scheduling improvements, and 3) Simplification of the program.

Would you like to reduce by up to 30% the number of auditor days spent by your registrar at your site? Then consistently meet your performance targets and talk to your certification body.

The International Accreditation Forum (IAF) provides a guidance document on the application of ISO Guide 62 for registrars (certification bodies). Issue 4 of this guidance document describes how registrars can design an individualized surveillance and reassessment program for organizations that have consistently demonstrated an effective quality management system. The result is, the registrars can develop an audit program that reduces the required auditor days based on the organization consistently meeting performance targets.

To qualify for the advanced program, the organization must demonstrate it has been operating in conformity for one complete certification cycle (including initial, surveillance, and reassessment audits). Any noncomformities raised during that certification cycle must have been successfully resolved. And, the registrar must agree with the organization on the performance indicators for judging the ongoing effectiveness of the system, as well as, ensure the organization is consistently meeting the performance targets. The performance indicators must address, at a minimum, that the organization is consistently providing product that meets customer and applicable regulatory requirements.

To apply this advanced audit procedure, the registrar must have enforceable arrangements for access to all customer satisfaction data. The registrar must verfy the organization's internal audit process is managed in accordance with the guidance of ISO 19011, with particular reference to auditor competence. The registrar must also have enforceable arrangements that enable it to increase the scope, frequency, and duration of its audits in case of a deterioration of the organization's ability to meet the agreed performance targets.

The registrar can reduce the overall audit days by up to 30% without gaining further approval from their accrediting body. However, at a minimum, each registrar visit must include:

• interviews of top mamagement and the management representative
• evaluations of management review inputs and outputs
• verification of the organization's ability to meet the agreed performance targets
• review of internal audit procedures, audit records, and auditor competence
• review of corrective and preventive actions and verification of effective implementation

The design of the advanced audit program must include the extent that the registrar will use the organization's internal audit and management review processes to complement their activities. It must also include the criteria for witnessing the organization's internal audits, including a sampling of both auditors and the processes to be audited.

Additional criteria must be established for accepting and monitoring the competence of the internal auditors and the method for reporting internal audit results. Ongoing adjustments to the assessment program must take into account the organization's demonstrated ability over time to meet the agreed performance targets. The compoenents that will be assessed at each surveillance and reassessment visit must be included in the design output.
 
This guidance was issued December 15, 2005 and has an application date of December 15, 2006. For full details, see section G.3.6.8 and Annex 5 of the IAF Guidance Document at the IAF web site: (http://www.iaf.nu).

The International Accreditation Forum (IAF) provides a guidance document on the application of ISO Guide 62 for registrars (certification bodies). Issue 4 of this document provides guidance on several subjects that may be of interest:

1. Auditing an Electronic QMS

The IAF guidance says to consider the auditor competence and information security concerns when auditing an electronic (e-based) quality management system. It goes on to say that the audit plan should identify any computer-assisted auditing techniques that will be used during the assessment. These techniques may include teleconferencing, web meetings, interactive web-based communications, and remote access to QMS documentation.  

2. Use of Certification Marks

The IAF guidance describes when the use of certification marks are allowed, or not allowed, on products and boxes. Marks are not allowed on products; meaning the product itself, the product in an individual package or container, or even a report issued by a testing and analysis service. Marks are allowed on a "larger" box used for transportation of a product, as long as it is accompanied by a clear statement such as, "This product was manufactured in a plant whose quality management system is certified as being in conformity with ISO 9001:2000." An example of a larger box would be cardboard over-packaging that can be reasonably considered as not reaching end users.  

3. Remote Auditing Techniques

If remote auditing techniques are used, such as, interactive web-based collaboration, web meetings, teleconferences, and/or electronic verification of the organization processes are used to interface with the organization, these activities should be identified in the audit plan and may be considered as partially contributing to the total "on-site auditor time". If the registrar plans an audit where the remote auditing activities represent more than 30% of the planned on-site auditor time, the registrar must obtain specific approval from their accrediting body. Electronic audits of remote sites are considered to be remote audits, even if the electronic audit is physically carried out on the organization's premises. Regardless of the remote auditing techniques used, the organization must be physically visited at least annually.

This guidance was issued December 15, 2005 and has an application date of December 15, 2006. For full details, see the IAF Guidance Document at the IAF web site: (http://www.iaf.nu).

Some states provide free environmental compliance assistance. For example, in Georgia there is a non-regulatory program, GECAP, that offers free and confidential environmental compliance assistance to Georgia businesses. GECAP provides environmentally-related technical assistance targeted to small and mid-sized companies in a manner that is accessible, useful, and understandable by:

• Translating regulations
• Being a source for environmental information
• Providing an on-site evaluation of a facility's environmental compliance status

• Comply with the appropriate regulations
• Do recordkeeping and reporting
• Determine waste streams
• Manage the environmental aspects of their business

• Storm water
• Oil Storage/Spill Prevention, Control, and Countermeasures Regulations (SPCC)
• Hazardous Waste
• Solid Waste Management
• Emergency Planning and Community Right-to-know Act (EPCRA)
• Industrial Waste Water
• Air Permitting
• Underground Storage Tanks

If you are interested in having a GECAP engineer visit your Georgia site, visit their web site at (http://www.gecap.org). If you reside in another state, then search on the Internet for your state's services. 

Note: All information is strictly confidential. GECAP does not report to any regulatory agencies.

To enroll in these public classes, you can click on the course title, go to Class Schedule at our web site, or call us at 800-404-7585.

Classes taught by Larry Whittington are shown in yellow.

• ISO 9001:2000 Auditor Update - The Process Approach (1 Day) - Course developed by Larry Whittington
• Understanding ISO/TS 16949:2002 Requirements (1 Day) - Course developed by Larry Whittington
• Understanding ISO 14001:2004 Requirements - Course developed by Larry Whittington
• Internal Quality Auditing (2 Days) - Course developed by Larry Whittington (based on ISO 19011)
• AS9100B: Requirements Beyond ISO 9001:2000  (1 Day) - Course developed by Larry Whittington

Copyright © 2000 - 2007  Whittington & Associates, LLC.
All Rights Reserved.
242 Highlands Drive, Woodstock, GA 30188
770-517-7944 or fax 770-517-7945

 
Whittington & Associates provides training, consulting and auditing services for quality systems based on
ISO 9001, ISO/TS16949, TL9000, AS9100, ISO 13485, as well as, ISO 27001, ISO 20000, ISO 22000, and ISO 14001.