Professional Documents
Culture Documents
In This Issue:
Chairs Message
Our sponsors were very pleased with
Chairs Message their location in the pre-function
ballroom area, and several of them men-
Letter From the Editor Hi everyone!
tioned that they received a lot of traffic.
Feature Article: The Audit Division Iwant to thank all of our attendees for
Exemplar Global Shares Latest
Audit Survey Findings at ASQ Audit has just wrapped up supporting our sponsors. Our sponsors
Conference, by Peter Holtmann its 24th Annual ASQ are a large part of why we are able to
Article: Risk Management in Audit Conference offer such an enjoyable conference expe-
AuditPlanning in Reno, NV, and it rience to our attendees.
Tips From the Trenches: was outstanding! The
Auditing Automated Processes, This will be my final letter as chair, as my
conference drew 287
by Shawn Rogers term will end December 31, 2015. It has
attendees from five different countries.
Article: Transition to ISO 9001:2015, been a great two years, and I have to say
by Larry Whittington We always appreciate comments from the
that it was a privilege to have the oppor-
attendees and take them very seriously.
Division News Bytes tunity to serve the Audit Division and
Conference Recap and Other News Over the years we have incorporated many
all of its members. These last two years
of the opportunities for improvement from
Article: Managing Suppliers AND have given me the opportunity to gain
Clients, by Barry Craner our attendees, and this year is no exception.
valuable experience in leading an organi-
Article: Risk-Based Thinking, For example, we heard from several people
zation whose number-one goal is to serve
by Denis Devos that you preferred one keynote speaker with
itsmembership.
different options for breakfast and lunch as
we had done in the past. Do you remember My job as chair of the Audit Division
when we had Mark Twain and some of would have been very difficult if not for
Newsletter Editor the support and advice of the entire divi-
Lance B. Coleman our futuristic speakers? Going forward,
lance@fullmoonconsulting.net we plan to have one keynote speaker and sion management team. I want to thank
incorporate different entertainment options each and every team member for the con-
Division Administrator for the remainder of the meal breaks. tributions they have made in enhancing the
Chris DeMartino
experience for our loyal Audit Division
800-248-1946 x7682 You also told us that some of the descrip-
cdemartino@asq.org members. I also want to thank our mem-
tions of the presentations on the website
bers for the support they have given to me
and the brochure did not always accurately
and the Audit Division.
describe the session content, and some of
you felt that you went into a session expect- Your new chair will be Cindy Bonafede,
ing something different from what you and I will now become immediate past
received. We plan to clarify this issue on our chair. Many of you have met Cindy dur-
speaker abstract form that we sent to pre- ing our Audit Division conferences and
senters to ensure potential presenters give an at the World Conference on Quality and
accurate description of theirpresentation. Improvement. I hope everyone is looking
forward to the next two years, and many,
We got a lot of positive feedback on the
many more years to come.
Auditor Charm School tutorial. It seems
as though everyone liked the idea of a free Thank you all,
tutorial, so this is something we will try to Nancy Boudreau
offer at future conferences. 20142015 Audit Division Chair
The Audit Report December 2015
2
The Audit Report December 2015
In my presentation at the ASQ Audit Conference in Reno, NV, in The need to attract a new generation. There is a clear age
October, I shared findings from Exemplar Globals latest survey, imbalance, an aging auditor population, and an approximate
which aims to clarify facets of the global auditor population and 10-year window of opportunity to address this imbalance.
provide insight into auditing as a viable career pathway alternative. Current challenges for the industry include leveraging job sat-
For the Auditing Profession Career Pathway, Exemplar Global isfaction and gender-neutral opportunities for career growth to
went straight to the source and invited auditors to take part in a attract personnel who possess the desired skills and personal
study via LinkedIn. More than 1,000 responses were received, attributes required to be successful auditors and leaders.
with the results published in the survey. These people would then need to be trained and retained so they
The survey presented the professional auditor as someone able have the opportunity to continue the drive of the industry toward
to skillfully manage conflictual relationships through the estab- ever-improving service levels and bringing value to the wider
lishment of strong interpersonal relationships across all levels of community in the years to come.
anorganization. With this in mind, where will the future population of auditors
However, the skills of the individual auditor can shift audi- come from?
tees perception of the overall audit from feeling they are being For detailed insight into the health of the auditing profes-
policed, to viewing the experience as adding value. Two sub- sion, how to source and train new auditors, and how to retain
cultures emerge as a result of this construct: one that applauds skilled auditors and utilize their knowledge for the benefit
the process and one that pits the auditor against theauditee. of the industry, visit www.exemplarglobal.org/who-we-are/
There are varied paths to entering the auditing profession, with reports-media-presentations to request a copy of the Auditing
respondents revealing varied experiences. Those originating Profession Career Pathway survey white paper.
from within companies that actively support the profession
tended to find a career path easier to access and move through. About the author: Peter Holtmann is the president and CEO of Exemplar
Alternatively, those working within the quality profession expe- Global Inc., the premium provider of personnel certification and credential
rience their auditing career trajectory as a natural progression. management, and independent certification for trainingoutcomes.
Holtmann has been passionately dedicated to the conformity assessment
Regardless of their entrance point, many auditors underscore the
profession for 20 years, spending the last 10 years building Exemplar
value of access to on-the-job training, such that they could ben- Global into a world-class certification organization. As the industry has
efit from the expertise of more experienced professionals. changed so has his role, from a scientific professional to trainer and risk
However, difficulty accessing training opportunities or being a consultant, from auditor to business developer, and now as a strategist and
leader of a global nonprofit organization.
mother, young, or female were identified as barriers to entering
the profession. Holtmann sees his role as an advocate for credentialing that helps drive
career pathways to international recognition. He believes unilateral accep-
Experience emerged as a key theme in the survey, both for those tance of a persons capabilities across cultures, countries, and continents
looking to enter the auditing profession and for those already builds world trade and fosters global growth of human capital.
working as an auditor. Although experience is presented as being
highly valued, exactly what the term entails remains unclear.
Credibility is presented as being intimately entwined with the
construct of experience, with many auditors expressing the belief
that one cannot exist without the other.
The need for a clearly outlined, established career path is a key
takeaway from the survey.
Key trends identified in the survey include:
Job satisfaction. High industry retention rates and an overall
desire to stay or grow within the auditing profession displayed
by the general population signals that for the majority, auditing
is an attractive, economically viable, and rewarding career.
Gender equality. The data show increasing gender equality,
reflected not only in terms of the changing proportion of male
and female auditors over successive age ranges, but also in
terms of the near equality of remuneration offered.
3
The Audit Report December 2015
4
The Audit Report December 2015
important to have a moderator to reach a TABLE 4. Level of Readiness Matrix Table Preliminary Audit Frequency
consensus rating.
The preliminary audit frequency is then Documentation and Records
determined based on the level of readi- Monitor and 1. Not met 2. Minimal 3. Met 4. Exceed
ness matrix table (see Table 4). measure of standard
Step #3. Other Factors process
Other factors to be considered that may 1. Not met Every year Every year Every year Every year
change the preliminary audit frequency 2. Minimal Every year Every two years Every two years Every two years
include:
3. Met Every year Every two years Every three years Every three years
Management priorities with option to with option to
New/Revised processes, equipment extend one year extend one year
Changes to business environment, 4. Exceed Every year Every two years Every three years Every three years
standard with option to with option to
regulatory requirements
extend one year extend one year
Continued on page 6 Note: The year in this context refers to preliminary audit frequency.
5
The Audit Report December 2015
A three-year audit plan is then estab- Name of Department Kitchen X-Ray Call QA
Center Department
lished (see Appendix A). This audit plan
is reviewed every year to incorporate EHS EHS Risk Levels High Medium Low Low
other factors that may result in bringing Risk Level High: Use a lot of hazardous
materials; registered factory
forward an audit.
Medium: Use some
hazardous materials
Three-Year Audit Plan and Low: Office/Administration
Annual Audit Plan Preliminary Audit Frequency 1 year 2 years 3 years 3 years
The three-year audit plan recommended (refer Table 2)
audit frequency is established based on Level of Documentation and Records 3 3 1 3
three criteria: Readiness 1. Not met
2. Minimal
EHS risk level 3. Met
Level of readiness 4. Exceed standard
6
The Audit Report December 2015
A frustrated auditor once asked me, Is Automation increases the occurrence of An optimized deployment should yield
there anything in this factory that isnt disruptions if not implemented effectively. improvement and customer satisfaction.
automated that I can audit? The audi- Negative trends resulting from automation Gaining positive results for one process
tor was on the production floor of a such as increased scrap rate or increased under the expense of other processes
highly automated factory with very few order processing time may indicate should be a consideration in the automa-
production line personnel. Those on the erroneous or noncompatible automation tion deployment program. The impact of
production floor were either perform- deployment. Release of any automation automation should be evaluated to ensure
ing machine maintenance or engineering should include a thorough validation dur- a proper balance of benefits vs. risks
experiments. Production was monitored ing the initial release and a structured associated with the processes involved.
from a central command center. change management methodology. Automating processes may reduce
A typical auditors technique was to ver- Automated processes the need for production floor audits.
ify QMS requirements by interviewing require process control. Adapting to how the processes are imple-
production line personnel. This technique mented, maintained, and monitored, the
This sounds obvious, but sometimes auditor can verify the requirements of the
is commonly used to ensure personnel
trust in automated systems is not always QMS with minimum or no frustration.
impacting product quality are competent,
verified. Most effective automated pro-
know work procedures, and are aware of
cesses have some type of inline monitors to About the author: Shawn Rogers is a Certified
the factorys quality policy and how it
determine that the process is running effec- Quality Management Lead Auditor with more
related to their work.
tively. These inline monitors may include than 30 years experience in high-technology
But with no production personnel to attributes of the process not necessarily manufacturing and product development. He
interview, the auditor had no way to related to an end product requirement, such has extensive experience in technology startups,
verify these requirements. engineering, and business management, and
as metal sheet resistivity in a deposition
in quality systems development in both small
The fact is, automation of production process or cycle time for signature loop and large organizations. He has worked in all
and support processesfrom auto- approval in an office process. Waiting on areas of the electronics industry, including:
mobile assembly to order entry and end-point measurements, feedback from semiconductor wafer fabrication, semiconductor
delivery schedulingis a fact of work downstream processes, or even customer assembly operations, printed circuit board (PCB)
life. Continually improving processes acceptance are not effective process con- manufacturing, and multifactory manufacturing
trols. Remember, automation without a logistics. In the last five years he has conducted
often use technology to reduce direct
more than 200 quality audits in all areas of the
humaninvolvement. control system increases the frequency and
electronics industry. He has degrees in electrical
impact of a negative event such as expen- engineering and business administration.
So how does an auditor verify that the sive scrap trend or production shutdowns.
processes are properly implemented,
Automated tools require training.
documented, controlled, andeffective? Bureau Veritas
Automation almost always relies on either Certification, the
Answer: Verify the results of support
software or hardware tools for continued independent third-
processes in the QMS as indicators of the
effectiveness. The workforces under- party registrar of
automated processs effectiveness. The
standing and implementation of these Bureau Veritas Group,
following are a few key areas toverify. offers certification and
automation tools usually require exten-
sive training. This, quite often, cannot be verification to help
Automated processes require a strong clients meet the growing challenges
done on the job site, thus, documentation,
link to change control management. of quality, safety, environmental
acquisition of reference materials, or out- protection, and social responsibility.
How a process was initially automated and side technical support sources need to be Created in 1828, Bureau Veritas
maintained will likely be managed by the structured for future knowledge relay or Group has more than 61,000
change control process. Evidence of how cross-training, as needed. employees in over 1,400 offices and
the automated process will meet the prod- laboratories located in 140 countries.
uct or service requirements should be part Effective automation improves
of the change control material. Frequency overall performance. Bureau Veritas is recognized and
accredited by major national
of process changes may be an indicator Optimum deployment of automation and international organizations
of the automations capability to capture should include a measurement system around the world.
productrequirements. monitored by properly trained personnel.
7
The Audit Report December 2015
Larry Whittington presented ISO 9001:2015 - Plan for the leadership and accountability. They will need to align the qual-
Changes at the recent ASQ Audit Conference in Reno, NV. This ity policy and quality objectives with their business strategy.
article shares information from the transition guidance part of They may decide to hold more frequent management reviews
that presentation. to assess progress of the ISO 9001:2015 transition project.
ISO 9001:2015 was issued on September 15, 2015. Organiza The use of a management representative is not mentioned
tions certified to ISO 9001:2008 have a three-year transition in ISO 9001:2015. You could decide to keep the manage-
period to make their move to the new standard before ISO ment representative position, or disburse those duties among
9001:2008 is withdrawn. topmanagement.
As you plan for the transition, remember to obtain funding for
your transition activities. You will need to arrange for training More Transition Guidance
on the new and changed requirements, as well as possibly pay After training on ISO 9001:2015, the organization should per-
for extra audit days for your certification body to conduct the form a gap analysis against the new requirements. The results
transition audit. can be used to develop your transition plan containing specific
deliverables, assignments, and due dates.
Context of the Organization Rely upon the transition guidance that will be provided by your
Understanding the context of your organization is a new registrar. Many certification bodies have already released tran-
requirement, although some organizations may already focus sition white papers and made available transition checklists.
on their organizational environment. To transition to ISO You will need to maintain conformity to ISO 9001:2008 until
9001:2015, youll need to determine the internal and external your transition audit to ISO 9001:2015 successfully completes.
issues that are relevant to your strategic direction, and that may If you have another audit scheduled against ISO 9001:2008
affect your ability to achieve the intended results. before you are ready for the transition audit, you wont be able
In addition, you need to determine the relevant requirements of to drop items no longer required by ISO 9001:2015, e.g., the
relevant interested parties that may potentially affect your abil- quality manual and the required six procedures.
ity to consistently provide conforming products and services.
Youll have to consider these issues and interested parties Additional Transition Guidance
when determining the risks faced by your organization. If your current documents are working well, you may decide
to keep themeven if they arent required by the new stan-
Risk-Based Thinking dard. There is value in having a documented process to
A key purpose of a quality management system (QMS) is to act capture knowledge, gain agreement, train staff, and provide
as a preventive tool. ISO 9001:2015 requires an organization to operationalcontrol.
apply risk-based thinking to the planning and implementation If your documents are numbered based on the old clause
of its QMS. structure, will you stay with that numbering, although it will
You need to first determine your business risks and oppor- no longer be linked to the new clause numbers? Or, will you
tunities, and then plan the actions needed to address them. switch to the new numbers? Or, will you move to a generic
Understand your options for dealing with these risks. Plan numbering scheme that is independent of the standard clauses?
how to integrate these actions into your processes for Scan for references to the old standard and its clauses in your
ongoingprevention. existing documentation. Try to minimize these references
The effectiveness of the actions taken to address the risks must and change any remaining references to the new standard and
be analyzed and evaluated, and then considered at manage- itsclauses.
ment reviews. Guidance on risk management can be found in
ISO31000. Further Transition Guidance
You dont have to implement all the new and changed require-
Transition Guidance ments of ISO 9001:2015 during the last few months leading
One of the first transition activities will be to document the up to the transition audit. Look for requirements that can be
scope of your quality management system, as well as the adopted early and be assessed by internal and external audits in
justification for any requirements that you determine are not the cycle before the transition audit.
applicable for that scope. Be aware that your internal audits may need additional plan-
Be sure to advise top management of their expanded responsi- ning, execution, and reporting time due to the introduction of
bilities. They may have to step up to demonstrate their visible the new and changed requirements.
Continued on page 9
8
The Audit Report December 2015
Transition Starting Point to the transition audit so you have more time to complete all
the changes.
If your organization has invested time implementing ISO
9001:2008, and is almost ready for its certification audit, go As you move through the transition, use it as an opportunity to
ahead and complete the project in the next few months. Leave improve quality and your business.
yourself plenty of time to then turn around and begin your tran-
sition to ISO 9001:2015.
Presentation Handouts
If you are just starting your implementation of a quality man- If you are interested in receiving a copy of the following hand-
agement system, then skip the use of ISO 9001:2008 and begin outs, send an email to larry@whittingtonassociates.com.
with ISO 9001:2015. Save yourself the later transition effort. 1. ISO 9001:2008 to ISO 9001:2015 Clause Map (2 pages)
2. ISO 9001:2015 to ISO 9001:2008 Clause Map (3 pages)
Transition Timing
3. ISO 9001:2015 Clause Quick Reference (2 pages)
Registrars will suggest you schedule the transition audit for
4. Required Documented Information (4 pages)
your next recertification audit. The transition audit will be a
full system audit, so planning it for a recertification audit will 5. Quality Management Principles (4 pages)
add fewer audit days (and less cost) than if you synchronize it 6. Risk Assessment Worksheets (4 pages)
with a shorter duration surveillance audit.
About the author: Larry Whittington is president of Whittington &
However, if you decide the recertification audit date is too soon
Associates, located in Canton, GA, and Orlando, FL.
for you to complete the transition, you can convert the next
He is a certified Exemplar Global and IRCA Lead Auditor. He has success-
surveillance audit to be the transition audit. And, if your recer-
fully completed the ISO 9001:2015 exam and transition requirements. His
tification audit is too late in the three-year period, you can use auditor scope now includes the new standard.
the prior surveillance visit as the transition audit. Or, you can
His monthly newsletter on quality and auditing topics has been published
arrange a special visit to schedule the transition audit in your for more than 15 years and is read by thousands of subscribers.
preferred timeframe.
Whittington has a bachelors degree in electrical engineering and a mas-
If you are currently assessed twice a year by your registrar, you ters degree in engineering from the University of Florida. He is an ASQ
may want to shift to an annual audit for the period leading up Certified Quality Auditor (CQA) and Software Quality Engineer (CSQE).
9
The Audit Report December 2015
10
The Audit Report December 2015
This article is for YOU. If your company buys from another confidential, reliable, and their word must mean something!
company, builds for another company, or makes its own compo- They work with you during unforeseen circumstances and
nents or devices, you manage suppliers and need to think about events. Also, dont start dealing with a supplier or client without
the consequences of your operational decisions. a mutual nondisclosure agreement (MNDA)never. Trust but
Your clients and suppliers have similar needs, whether they pur- verify. I have seen companies almost fold because of misplaced
chase your services and products or you purchase theirs. trustno MNDA, no relevant or even peripheral information
given or taken.
How do you select suppliers and even clients (you sign the
contracts, so you have a choice)? What Is Contract Design/Manufacturing?
Who do you trust and not trust (this is a topic we are loath to Contract design/manufacturing can range from the design of a
discuss, but it is important), and how can you be sure you can device to full design control, or the design of component(s) of a
trust your clients and suppliers? final product, or even feasibility or process development, or to
How do you ensure you have the parts, subassemblies, and the manufacturing component, part, or all of the product.
processes to meet client needs?
How do you select pivotal contract suppliers, and when do you Why Use Contract Design/Manufacturing?
go outside for design or manufacturing? One reason to use contract design/manufacturing is that a virtual
What are the needs of both contract design and manufacturing? company cannot afford long-term staff. Also, in-house design/
manufacturing is a long-term salary commitment, and resources
Choosing Clients are limitedmaking contracting ideal for short-term needs
and when fast and unfamiliar technology startup is needed.
First, consider YOU have a say in who you say yes to. If Lastly, this is when centers of competence are needed and can
you are aware of the need to consider a client to sell a major out- becontracted.
put of your production, you need to contribute to that discussion.
You probably know facts that need to be said. For instance, are What about other considerations, such as performance cost of
they hard to deal with? Do they pay on time? Are they flexible, goods, or the look and feel of a device? Other considerations
reasonable? Does anyone you know well (or in your company) are time to market, feasibility only (no long-term design com-
work(ed) there, and what do they know? Do you have a checklist mitment); is this a single process/component/full product; is it
in selecting clients? Use it! after-market service; is it start-up cost concessions to supplier
(part molds, process development, etc.)?
Choosing Suppliers
What About Due Diligence?
You need parts/subassemblies to meet client (your) needs.
Here are some major considerations in choosing companies (big/
Again, consider YOU have a say in who you say yes to. If little): nondisclosure, quality systems, audits, regulatory sta-
you are aware of the need to consider a supplier from which to tus, contactor selection and management, amount of contractor
buy a major input to your production, you need to contribute to work (do you need a clean doc package?), subcontractor selec-
that discussion. You probably know facts that need to be said: tion (one out of qualified group), negotiation with contractor
Are they hard to deal with? Do they deliver quality goods on (step or all at once), status of document package, and matching
time? Are they flexible, reasonable? Does anyone you know competencies with need (hardware, software, materials, goals,
well (or in your company) work/worked there, and what do personnel, experience, culture considerations, etc.), cost, time,
they know? Do you have a checklist in selecting suppliers? etc. Remember, this list is not exhaustive! What are other con-
Useit! cepts you need to consider?
Who Do You Trust and Not Trust? Selecting Contractors: Due Diligence
Why are we loath to discuss this? It might be we will miss One of the most important decisions you will make will come
some business or be ostracized by your peers/superiors for facts out of your due diligence process. If you have an acquisi-
shared. However, if so and you have your facts straight, remem- tion checklist (a list senior managers use for mergers and
ber trust in your clients and suppliers is important, and that you acquisitions), considerations may include a visit to potential
have nothing if you dont have trust. So, what do you have to contractor site and documentation (this is a supplier selec-
lose to check them out first? tion). Supplier audit materials apply hereprepare for this
What is important when considering trust? First, working with supplier. Referencing can be a dominant tool using your previ-
clients and suppliers must be a mutual win-win. Second, you ous medical device experience. Always consider the flavor for
need to trust your partners in business because they must be Continued on page 12
11
The Audit Report December 2015
your potential partnership feasibility personnel, competence Your unwitting good will may be rewarded with a substantial
in core technologies, team feasibility between major players, theft of your business.
similar or complementary missions/visions between your com-
pany and your potential supply partner, and similar previous Purchase Order: Both Ways
designexperience. You may not be thinking about this, but POs often have multiple
requirements printed on the obverse, one of which allows no
changes to parts, materials, and processes unless authorized in
writing. Remember: A PO is a contract. This is paramount in the
cases of regulated products. Other requirements should include
order cancellation terms, meeting current specifications only,
and what will happen in case of breach of contract (terms, pat-
ents, designs, IP disclosure, delivery, etc.). Also to be considered
in your contracts are access into supplier production facilities,
that the signed contract is binding (changes only in writing/
approved), and that the material/supplies inspection are always
an option for the client. One must also agree on who supplies or
owns tooling, molds, machines, and processes.
12
The Audit Report December 2015
history (validation, software development life cycle system)? These lists have a wide variety of origins, including product
Do they use a waterfall, a V, or an agile software development questions and answers for/from focus groups, for regulatory/
philosophy? Do they have adequate software configuration con- audit purposes, for various phases of product development to
trol (it should be mandatory)? help in phase planning, for product specifications (to remember
Do they have a good manufacturing history? Are they compli- important, even minor aspects of the product), design reviews,
ant where they need to be? Do they have experience developing manufacturing processes (again to remember before your pro-
cess is fully developed and would require significant cost and
similar devices? Are there past partnership references?
time to revise). Do you know of other checklists you have and
Remember to audit before you chose, and certainly before you need to follow, or revise as they are used each time?
sign the contract (a contract is a contract)!
Consultant Lists for Short-Term Contracting
Design Control Management/Documentation:
When engaging consultants for any reason, be sure to keep them
BigIssues in your approved supplier/contractor list, and if not engaged, at
Other very relevant concepts requiring agreement are who least a list of potential consultants. They can be acquired (cre-
controls/approves changes? Who attends design reviews? Who ated from focus group), from finders of esoteric consultants like
assembles/retains the documented history of the design process? Teltech (fee for finding who you need for hard-to-find experts
How do you ensure your activities/processes are compatible on materials, alarms, nuanced regulatory issues, etc.). These con-
both those of the contractor and client? sultants can be experts in reliability, safety, and electromagnetic
compatibility (EMC), quality systems (design control, manage-
Also, what documents are turned over (when, what format)?
ment reviews, etc.), clinical trials, good laboratory practices,
Who is responsible for verification activities? Who is respon-
software development process/procedure, software development
sible for specification development? Are there other issues in
resources, manufacturing (design for manufacturability), and
design to consider?
other sources/lists for such expertise.
Risk Management Process: Now Key in All Major
Some Final Recommendations
QMS Standards
Remember to have MNDAs executed, engage contractors early,
Is this emphasis needed for this product/part? Is there sufficient and invite them to design reviews, even if in early phases and
client risk management experience? Are risk management SOPs to significant verification activities. Be sure to stipulate your
in place? Do they have the needed ISO 31000, or 14971:201, or expected timeframes for subcontractor corrective and preventive
AS9100c, experience? Is there a subject matter expert (SME) on actions (CAPAs), your requirements for your product docu-
site? When you review their risk management process, do you mentation specs, contractor approval requirements for major
find it sufficient? Are there deficits to fill, or other risk manage- documents, agreements on specs and test methods (as practical
ment considerations? and appropriate). Ensure you as a client have reasonable access
to your contractor records. Dont forget to add your client or
Third-Party Contractors contract design company to your design plans, and include
Without going into further details on third-party contractors appropriate interfaces.
(those suppliers to your contractors), what quality system fea- You can have successful client/contractor relationships when
tures are needed? Will audits by other second-party contractors you are purposeful and engage with your partners. These are
suffice? What is the criticality of parts and/or processes? What very important affiliations, some of the most important you will
are the third-party certifications to quality systems and certifi- have. Take them seriously and you will succeed.
cation history? Consider it important to be consistent in your
process of handling these third-party suppliers with thoughts About the author: Barry Craner has nearly 40 years of experience in
about suppliers, parts, materials, and process criticality. the management of scientists and engineers in applications of aerospace,
Internet technologies, medical devices, and medicine. He has written several
design control systems for companies and has consulted in areas of reli-
Acquisition of Standards (List) ability engineering, risk management, design control, and quality system
This is a simple area, but be sure to synchronize the organiza- development. He has audited many medical device companies from first-,
tions and your standards, use only standards required (a starting second-, and third-party perspectives. His advanced degrees are in cardiac
physiology and business management with a computer information systems
place, enough to do to get and stay rolling, but not so many to
emphasis, and he has the equivalent of an electrical engineering minor. He
tangle the effort). Be sure to keep the organizations/your stan- is an ASQ Certified Quality Engineer (CQE), Reliability Engineer (CRE),
dards archived, easy to locate, and up to date. Quality Auditor (CQA), and Biomedical Auditor (CBA), was on the found-
ing team to create the Body of Knowledge and examination questions for the
Checklists new ASQ CQA-Biomedical Auditor certification program. In 2008, he was
awarded the Simon Collier Quality Award by Los Angeles ASQ Section, and
Here is an opportunity not to miss process actions in any process on the MDDI list of 100 Notable People in the Medical Device Industry.
you or your suppliers use. Checklists are lists shared by all who In May 2010, Craner was awarded the Marvin Rosenbaum Distinguished
want to reduce work/waste, and who are not in competition. Service Award by the ASQ Biomedical Division.
13
The Audit Report December 2015
14
The Audit Report December 2015
If the risk assessment includes creating a set of TABLE 1 A Risk Table for Capturing Outputs of the Team
flowcharts, then any format, such as the Risk is the
CompassTM model (Devos, 2006)8 can be easily Process Name
adapted to fulfill this role. Risks are simply recorded Hiring and Orientation Process
beside each box on the existing flowchart. Customers: External and Internal
When considering types of process risks or categories Internal departments that have a need for a new employee
of risks, it can be helpful to consider those risks along Needs of Other Interested Parties (owners, employees, community, etc.)
the dimensions of the basic Ishikawa or fishbone dia- Owners have a need for the best talent at a reasonable wage. The community has
gram in its consideration of man, machine, materials, a need for satisfying employment for its citizens. The new hire has a need for fair,
challenging work.
methods, and measurement (5M).
Organizational Objectives Related to the Process
Hire the best employee at the best wage; achieve a low turnover; achieve a high
FIGURE 1 The basic fishbone diagram
degree of fit of the employee and a high level of job satisfaction.
Required?
Step 1 Man Job requirements may be Requisition
No
vague form
Machine Method Measurement
Hiring Material No
manager
Methods The requisition form may Requisition
4. Conducting a Qualitiative fills in a job
not address the type of form No
requisition
Process-Level Risk Assessment: job being filled
Without a Flowchart Machine No
In many cases, the risk assessment team may choose Measurement Timing may be too None
not to list risks on the flowchart itself, but brainstorm short to find a suitable No
candidate
a list of process risks instead. To do that, a simple
table can be used to guide the thought process. The
Step 2 Man Skills may be in high None
sheet could look like the example in Figure 2 below. No
demand
Enter the name of the process, the internal and exter-
nal customers for the process, and the stakeholders Requisition is Material No
reviewed and
or interested parties in the header. Then the table Methods There may not be a Annual
approved by
can prompt for the name of the process step (which HR manager
sufficient budget or strategic plan No
can be derived from the flowchart for that process) forecast for the position and budget
and allow space for risks to be collected from the Machine No
group. The risk table can be broken up into the same Measurement There is not a disciplined Manager
5M categories as suggested by the fishbone in Figure way to determine the provides a No
1 above. Note that the risk categories can also be veracity of the need justification
anything that the team desires. For example, in a
production process, the risk categories might be parts
largely as a result of educated guesses by group, it can be just as
inspection, paperwork/reporting, raw materials,
valid to skip this step and simply decide whether or not the risk
packaging/labeling, etc.
warrants additional process controls.
In the chart above, the analysis is qualitative rather than quan-
titative. The quality of the risk analysis is dependent on the 5. Next Steps: Evaluation of Actions
composition and rigor of the team performing the analysis. One Taken During Management Review
will note that there is no scoring associated with this method as
there would be with a failure mode and effects analysis (FMEA) As required by Clause 9.3.1 of ISO 9001:2015 (see Section
or a risk matrix. In both an FMEA and risk matrix, the critical- 1.0 above), the effectiveness of actions taken as a result
ity/severity of the failure and the probability of occurrence are of the risk analyses will be brought forward for review by
ranked on a scale between 1 and 10. Then these two scores can seniormanagement.
be added together or multiplied together to derive a combined Therefore, after the assessments are completed, one of two next
risk index or risk priority number. If the group determines that steps can take place. The first course of action could be to take
a quantitative ranking of severity and probability is useful, then a list of proposed process improvement actions to management
it would be very easy to add these thin columns to the risk table review for discussion and endorsement, after which the actions
in Figure 3 above. However, since these numbers are derived would be taken. The second half of this course would then be
Continued on page 16
15
The Audit Report December 2015
16
The Audit Report December 2015
17
The Audit Report December 2015
Ray Crawford
George Callender Nancy Boudreau TCC Group 1
Chair Facilitator
Immediate Past Chair
Nominang Audit Division Cindy Bonafede Glenda West Mary Chris Easterly Bruce Knutson Lawrence Mossman
Commiee Awards Chair-Elect Secretary Treasurer Financial Audit Chair Membership Chair
Open
Mark Tegart Open Ann Azroff Ted Williams
Social Media Chair Cerficaon Liaison IT
February 2015
4
ASQ Canada
Washington Maine
Maind
Montana
North Dakota Minnesota
Vermont 1
Oregon Idaho
12 Wisconsin
10 2 New Hampshire
6
Massachusetts
Wyoming South Dakota New York Rhode Island
Michigan
5 3
Connecticut
Nebraska Iowa
13
Ohio Pennsylvania New Jersey
8
Nevada
Indiana Delaware
Illinois
9
Utah West Maryland
California Colorado Virginia Virginia
Kansas
11
Missouri
Kentucky
14 Mississippi 15
Georgia
Texas
Louisiana
Florida
Alaska
6 Hawaii
25
International
18 18
The Audit Report December 2015
19