A particular strategy to pass ISO 9001 audits (at process level)
These past weeks I’ve been participating in external audits for a sizable organization, large in number of people, as well as the number of processes and departments intersecting in their QMS.
What caught my attention throughout these audit sessions was a shared strategy among the auditees. This strategy, as it turns out, played a pivotal role in successfully navigating the barrage of questions from external auditors, ultimately leading to the organization's glowing recommendation for recertification under ISO 9001:2015.
So, what was this winning strategy?
In essence, it boiled down to a straightforward list of pre-organized topics, carefully curated before each external audit session. This list served as a compass, directing auditors toward the heart of what they needed to know. Yet, the apparent simplicity of this approach reveals its true depth upon closer inspection. Let's delve into the components of this list:
Organization
Provides context of the process in terms of “where it belongs” within the Quality Management System (QMS) of the organization. It also illustrates the hierarchical structure of the organization, highlighting the process and the overall interaction with other processes and/or departments. The auditee may provide the first hint of leadership and management support, due to the position and importance of this process acknowledged within the organization.
Quality Policy
Huge in ISO 9001:2015, not only for departmental alignment but, crucially, for showcasing how the process contributes to the Quality Policy. This contribution can be as per the nature of the process, specific defined objectives or due to initiatives for improvement. To enhance this, auditees can highlight a metric or Key Performance Indicator (KPI) that illustrates the process's alignment with the Quality Policy.
Roles and Responsibilities
Highlights the key players involved in process execution. ISO doesn't prescribe specific responsibility levels, leaving it to the needs of the process. However, certain authorities may be identified to ensure conformance, output delivery, customer focus compliance, and approvals for changes, improvements, risks, etc.
“Process” Focus Areas
In this step the auditee pointed out the purpose of the process, what it delivers and key steps. This point was particularly interesting, as it sets the tone of the audit interview, guiding the conversation toward critical areas where the auditor may focus.
Turtle Diagram
After understanding the process basics, auditees delve into details using a Turtle Diagram or SIPOC. These tools act as a roadmap for the auditor, offering a comprehensive overview of the process.
Risks and Mitigation
This company in particular, was using SIPOCs to address process risks level, along with their respective mitigation actions. Effectiveness check was verbalized, which I personally didn’t feel that comfortable due to the lack of a system to document it, but anyway, I saw evidence of the mitigation effectiveness.
KPI Performance
Dashboards everywhere, I loved this, some of those where in PowerBI, some others in ppt’s and excel, but most important, all of them had actions in place when out of targets.
One fact to remember here is that if we don’t measure, we can’t guarantee the success of the execution.
The second factor is that if we measure we can improve, as long as is over the success criteria. Do not fall into the mistake of fixing an issue, because that is not improvement, that is a corrective action.
Continual Improvement Initiatives
Auditees here presented initiatives in place to enhance specific process areas. Most of the projects had a timeline, top management support, participants, status updates and ongoing actions.
Training Records
Stresses the importance of detailed-oriented training for individuals, despite process automation. Auditees showcase skill set matrices outlining required training, frequency, and additional training for personnel development and backup.
Examining each topic item reveals that simplicity is merely the surface; beneath lies a significant amount of effort, reflecting the actual status of the Quality Management System of the organization. The auditees, in order to compile all this information, invested a substantial amount of time. They meticulously collected evidence of process execution, monitored performance through Key Performance Indicators (KPIs), addressed risks and challenges as they arose, and not only fixed them but also improved various facets of the process.
It's essential to recognize that these activities weren't solo endeavors. They happened in collaboration with multiple individuals—process users, co-owners, direct and indirect managers, VP’s—across different geographic zones. Moreover, they involved various groups and departments, each with intersecting objectives or distinct priorities.
The message in all of this: despite the organizational complexity, the technical intricacies of processes, and all the multiple variables in the equation, having a standardized baseline to simplify and align to ISO requirements, makes a significant difference in the journey of ISO Compliance.
If your organization needs assistance, don't hesitate to reach out. Together, we can create a strategy tailored to ensure the success of both you and your organization.