|
Whittington Newsletter |
|
| QMS, EMS, Information Security, and Six Sigma |
January 2007 |
|
|
Greetings!
Welcome to the Whittington & Associates e-Newsletter!
Visit and bookmark our web
site.
Our newsletters provide guidance on ISO 9001,
AS9100, ISO 13485, ISO/TS 16949, TL 9000, ISO 14001,
ISO 27001, ISO 20000, and related ISO
standards, as well as, Six Sigma.
If you have any questions about the articles
appearing in this issue, or you want to suggest
topics for future issues, please let us know.
|
|
How to Audit an Internal Audit Program |
|
How do you audit an internal audit program? Lets
begin by reviewing the definition of an audit from
ISO 9000:2005, Fundamentals and Vocabulary, clause
3.9.1. An audit is:
“a systematic, independent, and documented process
for obtaining audit evidence and evaluating it
objectively to determine the extent to which audit
criteria are fulfilled.”
In other words, an audit is a planned, organized,
and documented set of activities performed by
impartial and objective auditors. The audit process
collects evidence from an area to evaluate
conformity to the applicable requirements. Audit
evidence is factual, not based on opinion or
hearsay.
The sources of audit evidence are:
- Statements (noted during audit interviews)
- Observations (made watching the activities)
- Documents (reviewed before and during the audit)
- Records (examined to evaluate past conformity)
The primary audit criteria are:
- Standard (e.g., ISO 9001:2000)
- Company (organization’s requirements)
- Customer (as expressed in contracts and orders)
- Legal (from statutes and regulations)
According to ISO 9001:2000, clause 8.2.2, internal
audits must be conducted at planned intervals to
determine if the quality management system conforms
to planned arrangements, requirements of the
standard, and requirements of the organization.
In addition, internal audits must verify that the
quality management system has been “effectively”
implemented and maintained. The responsibilities and
requirements for planning audits, conducting audits,
reporting results, and maintaining records must be
defined in a documented procedure.
An audit program includes all the activities needed
to plan, organize, and conduct the scheduled audits.
The audit program must be planned to consider the
status and importance of the areas to be audited, as
well as, the results of prior audits.
The audit criteria, scope, frequency, and methods
must be defined. Auditors must be selected to carry
out impartial and objective audits. This doesn’t
mean that you must show organizational independence,
just that auditors can’t audit their own work.
Management must ensure that corrective actions are
taken without undue delay to eliminate the detected
nonconformities and their causes. Follow-up
activities must verify that the actions were
implemented and report the results.
ISO 9004:2000, Guidelines for Performance
Improvements, clause 8.2.1.3, suggests that an
organization:
- Establish effective and efficient internal
audits
- Assess strengths and weaknesses of the QMS
- Use as management tool for independent view
- Obtain objective evidence that requirements met
- Judge effectiveness and efficiency of
organization
- Ensure improvement actions are taken on results
- Establish flexible audit plans for internal
audits
- Permit changes in emphasis based on evidence
- Develop plans with input from areas to be
audited
- Consider planning input from interested parties
ISO 9004:2000 also recommends internal audits assess
the following subjects:
- Effective and efficient process implementation
- Opportunities for continual improvement
- Capability of processes
- Effective and efficient use of statistical
techniques
- Use of information technology
- Analysis of quality cost data
- Effective and efficient use of resources
- Process and product performance results
- Performance measurements: adequacy and accuracy
- Improvement activities
- Relationships with interested parties
And, when reporting the audit results, ISO 9004:2000
suggests you share evidence of excellent
performance, provide opportunities for recognition,
and motivate people.
Remember, these are guidelines, not requirements. A
nonconformity report can only be written against a
requirement of the standard. However, the absence of
a suggested audit practice may identify an
opportunity for improvement to include in your audit
report.
So, an audit of an internal audit program should be
able to answer questions such as:
- Are scheduled audits conducted as planned?
- Are all functional areas and shifts being
audited?
- Are the auditors competent and impartial?
- Do audit reports show the audit procedure is
followed?
- Is the audit schedule adjusted based on past audit
results?
- Is more audit attention given to the high risk
areas?
- Do audits examine both conformity and
effectiveness?
|
|
Avoiding Workplace Safety Complacency |
|
Every day in the United States, 15 workers on
average lose their lives as a result of injuries or
illnesses related to their work. These people leave
behind families, friends, and co-workers. The single
most common cause is complacency - an attitude that
"it won't happen to me."
Too often individuals and companies become
complacent when it comes to safety. Managers are
satisfied with mediocre safety performance and do
not work to improve the environment by raising
safety awareness and eliminating the potential for
injury. Employees are content and are not attentive
to their work environments. They become convinced
that management is not concerned about safety. They
begin to think they are not responsible for their
own safety. Over time, the entire organization gives
little meaningful attention to safety.
The result is that employees begin to get in a hurry
and take shortcuts on the job. They are more focused
on production and getting the job done than getting
it done safely. That attitude becomes an
organizational norm. Near misses go unreported. No
one wants to take the time to fill out forms and
employees don't understand the connection between
sharing information and eliminating injuries.
Managers do not pay attention to reports, so they
become unimportant. The number of injuries increases
and they become more severe. Everyone becomes
frustrated. Employees blame management and
management blames employees, yet no one is willing
to take action to improve the situation.
Unfortunately, it often takes a fatal injury to
cause everyone to focus on safety. Don't let this
happen to your organization.
Don't Become Distracted By Pressing Issues
Research shows that many incidents occur because
people are distracted and do not pay attention to
their environment and what is going on around them.
Managers often fall into the same trap - they become
distracted by pressing issues such as the
organization's need to increase productivity,
improve quality, and raise profits. They stop paying
attention to the importance of safety in the
organization and become blinded to the fact that the
lack of attention to safety performance is injuring
the organization in the long run. In other words,
they become complacent.
When managers and supervisors do not make safety a
top priority in the organization, it is easy for
employees to make personal safety a low priority.
Then incidents and injuries occur with increasing
frequency. There are two things that must happen to
avoid this potentially deadly situation:
1. Managers must renew their commitment to the
safety process.
2. Employees must get involved in meaningful safety
activities.
Managers - Get Committed!
It takes more than just saying you are committed to
safety - you have to put actions behind your words.
Managers can demonstrate their commitment to safety
in a number of ways. First and foremost, managers
must follow the company's safety rules. Then,
regularly attend safety meetings. Also, consider the
following ideas:
- Take time to walk around and talk to employees
- Make it a point to personally review all reports
of near misses and injuries
- Integrate safety into all aspects of management
planning
- Enable employees to get involved in the safety
process
Managers at all levels of the organization can have
a profound effect on the safety culture of an
organization by following these suggestions. Once
they see their supervisors and managers taking
safety seriously, employees in turn will be more
committed than ever. And, nothing energizes an
organization's safety improvement efforts more than
employee involvement.
Get Employees Involved
First, make employees aware of how they can get
involved in the safety process. Involvement can come
in many different forms. Encourage employees to get
involved in:
- Reporting all unsafe conditions
- Attending safety meetings
- Serving on employee safety committees
- Planning and leading a safety meeting
- Participating in incident investigations and
facility walk-throughs
- Engaging in conversations with management to
share improvement ideas
Employees whose ideas and involvement are valued
will increase safety performance faster than
employees who are just simply following the rules.
Create opportunities for employees to contribute
ideas and information that will lead to safety
improvement.
Stamp out Complacency
To create a culture in your organization where
injuries are a thing of the past, remind everyone
that complacency is a dangerous thing - it's a
killer. Find ways to generate interest in finding
ways to make safety improvements. Create motivation
for positive change in the organization by believing
that it's possible to have zero injuries in your
organization and communicating that belief to
employees. Show employees the relevance of working
safe to their jobs, careers, paychecks, and, most
importantly, their families. This will create an
environment where everyone at every level in the
organization will increase their commitment and
their involvement in making the workplace
injury-free. The result is that everyone can go home
every day to their families without injury.
This article was summarized from an article by Deb
Porter at The
Sideroad.
|
|
QMS Customer Satisfaction Survey |
|
The Independent Association of Accredited Registrars
(IAAR) is an association of accredited management
system registrars operating in North America. The
results of their satisfaction survey on the reasons
for, and benefits of, quality management standards
are posted at their web site.
When asked if their present certification had been a
positive experience, 96% said yes. More than 2500
customers responded to questions such as:
Select the one main reason your organization
obtained certification to a quality management
standard.
| Improve quality |
14% |
| Reduce cost |
1% |
| Risk management |
1% |
| Customer mandate |
29% |
| Corporate mandate |
9% |
| Legal reasons |
1% |
| Competitive pressure or advantage |
17% |
| Implementation and control of best practice |
10% |
| Continual improvement based on customer
requirements |
16% |
| Other |
4% |
| Total |
100% |
To see the complete survey results, go to the IAAR
Web Site.
|
|
The Ultimate Satisfaction Question |
|
Have your customers quit responding to your lengthy
satisfaction surveys? Are your response rates too
low for adequate analysis and action?
Well, you can’t just give up. You need to know what
your clients are thinking. And, you also need to
meet the requirements expressed in ISO 9001:2000,
clause 8.2.2, Customer Satisfaction.
Fortunately, there is a simpler way of surveying
your customers. A measurement tool, called Net
Promoter Score (NPS), uses only one question:
On a scale of 1 to 10, how likely is it that you
would recommend our company to a friend or
colleague?
A study by Satmetrix Systems, in partnership with
Fred Reichheld of Bain & Company, determined this
single loyalty question can judge individual
customer purchase and referral patterns across
seemingly disparate industries.
If customers reported they were likely to recommend
a particular company to a friend or colleague, then
these same customers were also likely to actually
repurchase from the company, as well as, generate
new business by referring the company by word-of
mouth.
If customers reported they were not likely to
recommend a company, they were also less likely to
engage in actual repurchase or referral behaviors.
To see a white paper published on this study, go to
the Satmetrix
Systems web site.
Ultimate Question
One simple question - Would you recommend us to a
friend or colleague? - allows companies to track
promoters and detractors and produces a clear
measure of an organization's performance through its
customers' eyes.
Promoters
Promoters are customers who are so enthusiastic
about a firm or brand that they not only increase
their own purchases, but also refer their colleagues
or friends. Promoters are customers with ratings of
9 or 10 and exhibited the highest rates of purchase
and referral behaviors.
Passives
Passive customers are those that were somewhat
likely to recommend a company, i.e., ratings of 7 or
8, and exhibited moderate rates of purchase
and referral behaviors.
Detractors
Detractors are customers who feel so badly treated
that they cut back on purchases, switch to the
competition, and warn others to stay away from the
company. Detractors are customers with ratings of 1
thru 6 and exhibited the lowest rates of purchase
and referral behaviors.
Net Promoter Score
In industry after industry, the "Net Promoter Score"
- the percentage of Promoters minus the percentage
of Detractors - provided the single most reliable
indicator of a company's ability to grow.
Of course, there is more to profitably growing your
company than just calculating a score. A successful
Net Promoter program includes 5 elements:
- Metrics proven to link to growth;
- Leadership practices that instill customer
focus, passion, and values;
- Organizational strategies to ensure adoption;
- Integration with core business processes, and
- Operational systems to support the initiative.
For more information, go to www.netpromoter.com
or www.theultimatequestion.com
|
|
Class Schedule |
|
| Quick Links... |
|
|
|
|
|
|
Forward email
|
|
|
Powered by
|
Whittington & Associates, LLC | 242 Highlands Drive | Woodstock | GA | 30188
|
|
|
