Many quality managers are having a hard time getting support from management. The yearly management review is an opportunity to get the opinion of higher management when it comes to the management system. In that respect, it can be described as a yearly check of the engine.
Management review: the structure
Every company has its own way of handling the management review. There is of course the required input which is stipulated in the standard such as:
- Status of the action points from last management review
- Major changes that have an influence on the management review
- Info about the effectiveness of the management system such as:
- customer satisfaction results
- the extend to which the goals are reached
- corrective actions and deviations
- audit results
- Company defined KPIs which may include
- Number of ill employees
- Number of quality issues
- Number of safety issues
- Number of environmental issues
- The availability of required resources
- The actions taken to reduce risks
- The opportunities for improvement
Besides the review of last year a quick peek into the future is mostly part of the exercise. This covers the goals/objectives for the coming year and the major changes that are expected. These are the standards and sometimes even mandatory checks for the management review. However to really get input from different perspectives, more unambiguous question are needed. An example is:
How is the management system supported by the company overall?
This question forces management to think about how the entire company contributes to the management system, not just the quality management team. The input of every individual within the company is crucial to get an effective management system in place: the more people contribute the better. Upper management should really think about how employees perceive the management system and take away the hurdles for people to contribute to it. To achieve this it is for example important to make it easy to file issues and encourage proposal of improvements. Forcing management to think about these topics once a years isn’t that bad at all even though it might contain questions that are difficult to answer.
High Level Structure
With the new standard some new topics could be added to the management review. The management review is a great opportunity to re-evaluate the risk analysis, context analysis and the stakeholder analysis. During the management review management can check if the documents are still up to date. It could very well happen that some major market changes have occurred which introduced new risks.
Recommended is to keep the stakeholder analysis, context analysis and risk analysis active by reviewing the documents regularly. The management review is a great point in time to re-evaluate them once again.
Let us know how you perform your management review in the comments.
On November 3th we hosted another free Workshop “Get the most out of your Internal audit”. After the feedback of last edition we decided to create more interaction to the workshop. The presentation was shortened and the actual doing was extended. We did this to increase the collaboration between the quality professionals.
During this edition of the workshop the participants performed an actual Brown paper audit under the guidance of Emiel Kort. Emiel showed how to apply the methodology and what the added value of this type of audit can be. All the participants agree on the following added value:
- Get a feeling for what colleagues do
- Easy to identify the point for improvement
- Internal audits can be more fun this way
Again the event was a great success. The participant learned a lot of new techniques from Emiel as well as their peers. Due to this success we are planning to organise more of these events so keep an eye on our linkedin page.
Internal audits can be performed in so many different ways that it can become pretty tough to pick the best techniques for an internal audit. To name a few techniques: department based audit, employee based audit and clause based audits. Even though these techniques have their own unique advantages they all treat the processes in silo’s.
Most of these techniques make use of some sort of checklist to guide the auditor. This list allows the auditor to simply check whether or not evidence is present that the process is being followed. This is a good approach to check if the processes are followed but doesn’t say anything about the overall performance of the company with respect to the applicable norms.
This same techniques can be used to check compliance to certain standards. The compliance check is an important exercise and should definitely be performed at least once a year (depending on the frequency of changes of the different standards). However, for the company to gain insight in the added value of the processes it is important to also audits with respect to the interactions of them. This additional analysis shows the effectiveness of the process. Like when the required output from the sales process doesn’t align with the production process.
When the audits are ready, the most important activity is cross checking the outcome of those audits. The common denominator of the audits is one of the best input for improvement actions. A good example is when 8 out of 10 sales employees don’t follow a certain procedure. We would go over the procedure/process and that specific internal audit and perform a 5-why root cause analysis to see why all 8 employees break this procedure. When the root causes are clear and they are pretty similar for the entire workforce changes can be made to the procedure.
Internal audits are very important to check the effectiveness of the company but make sure they aren’t performed in separate silos and perform cross audit analysis to really gain insight into the effectiveness of the procedures. The second lesson is: apply a diversified audit strategy. Every audit technique has his own advantages. Make sure you use them all.
Risk management is one of the basic requirements as described in the HLS (High Level Structure). This HLS applies to all standards that “are plugged into it” and the High Level Structure (HLS) of the new ISO management systems has six clearly distinguished elements:
- Leadership and Creativity
- Compliance Management
- Process Approach
- Improve Management
- Monitoring and Detection
When integrating systems such as ISO 9001, ISO 14001 and OHSAS 18001, we have always looked at overlapping elements as “lean and mean” and their integration as much as possible. However, this blog is not so much about this radical change at first sight. A bigger change I see for yourself in the refurbishment of the elements Corrective and Preventive actions.
The elements Correction and Preventive encountered resistance in many organisations. Discovery of errors is often bad enough, administering them is like treason and investigation the root cause is insane. With this percepetion, of course, you can never keep it nice and cosy in the company. Thoughts about risks, and recording them is often experienced as an “American” experience to be able to blame afterwards.
The first two points of the HLS are therefore extremely important and elementary. New? No, not at all! Most companies estimate – prior to projects or processes – all the risks and try to eliminate them. In the years ahead – I expect – leadership herein are key. In this time of uncertainty good leadership is essential, after all, despite all the tensions a culture that allows errors – but don’t make the same mistake twice AND be able to demonstrate a decent performed risk assessment – is necessary.
With this in mind words like creativity, leadership and risk management as described in the new standard gives a lot of homework to companies.
Actually, isn’t it is a pity that we have misunderstood the paragraph “Preventive action” for all these years?
Guest author: Robert Paul Boer
A question often asked is “Why would we want to use a dedicated digital solution for our quality and safety activities while Office and an intranet are working just fine?”. It indeed might work just fine, but that is also where the issue lies. Exactly in those two words: “just fine”.
A dedicated digital solution is defined as a solution which has the ability to manage all quality and safety related activities such as procedures, forms, issues, incidents, NCRs, CAPA and other registers. These solutions aggregate all information needed to make good business decisions and reduce business risks. They give deep insight in the cost of lack of quality and allow every employee to easily engage with the information.
The Office based solution might work just fine but requires many manual actions and is therefore not only labor-intensive but also prone to mistakes. A simple example is version control on procedures and processes. This administrative action can lead to employees using outdated versions. In addition, especially for companies where e-mail is used extensively, distribution is an issue and people tend to re-use wrong versions. The same goes for internal forms.
A digital solution helps companies prevent such mistakes from happening. Furthermore, the registration of for example NCRs and corrective actions can all be automated and linked. For example during an audit an NCR is identified and should be filed. This requires another form for the NCR plus the additional corrective actions should be registered. Good digital solutions have an easy to use interface where the entire registration process can be done on a single screen which saves over 75% of the time.
The next big advantage of a digital quality and safety management solution is the ability to have a good insight in what goes on in the management system. The structured data makes it easy to visualize what is valuable. Dashboards give great insight in the actions to be taken and status of certain KPIs. A good example is the ability to see which suppliers are doing great and which ones should improve.
The latest digital solutions have a mobile application. This allows for all kind of data collection which wasn’t possible in the past. Service engineers can easily report issues on the go while warehousing personnel can report issues when supplies are not delivered according to quality demands. These new streams of data weren’t reaching management in the past, because of the cumbersome process that required the reporter to be behind a desk or having the latest forms printed.
The decision to implement a dedicated digital solution to manage the quality and safety aspects of the company will add a lot of value by means of the opportunities described above.
Like to find out how a digital solution can streamline your business? Contact us firstname.lastname@example.org
The non conformance report: what’s in it for me?
In a previous blog post we gave a few tips on when to write an NCR. However, a lot of employees still don’t write an NCR even though they should. The main reasons for not writing the NCR are; 1) they don’t see the added value and 2) they are afraid to get punished for it. In this blog post we will dive deeper into these reasons.
Not seeing the Added Value
Many employees don’t write an NCR because they don’t see the added value. This is a shame, because there is a lot to gain for not only the employer but also the employee. A proper follow up and root cause of the NCR provide valuable insights into what is going wrong within the organisation. Without this analysis the company is not able to improve the way of working, which ultimately benefits the employees and should make life easier for them as well. Hence, it is very important that employees write NCR’s in order to gain these insights.
In order to get employees involved in process improvement, communication is key. Many are willing to share their knowledge when they see that management takes them and their feedback serious. Always make sure to communicate the results of a root cause analysis with involved employees and ask for potential improvements. It is even better to include them in the entire process. This attitude will prove them that they do have a voice in the improvement process of the company. Moreover the direct effect of the NCR they wrote becomes visible.
Afraid of Punishment
Surveys show a major part of the workforce marks “making errors on the job” as their number 1 fear. We are all humans, and everyone makes mistakes. A company can only learn from her mistakes when the employees are willing to write NCR’s, and therefore admit them. Particularly important is to realise that nobody makes a mistake on purpose and that sometimes a mistake actually is a flaw in the (management) system.
It is crucial that management never punishes employees for making mistakes and reporting it. Ultimately this causes the learning cycle of the company to stop. Management should guide and train the people who have direct responsibility over the root cause of the NCR’s and never punish anyone. For instance, when a particular employee is involved in a number of NCR’s it is of major importance that management has an open mind about why this happens. It could very well be that the company didn’t provide the person with the right tools or training.
Based on these two reasons we can (again) conclude that company culture plays a big role in the willingness of employees to write NCRs. When people feel happy and aren’t afraid they will be more open and share all the things that went wrong easier. Therefore it is important that management does whatever it takes to prevent a blaming and shaming culture within the organisation. Such a culture would be detrimental to a company who would like to learn from its mistakes.
Please share your experiences in the comments.
Proper training is crucial when it comes to creating and maintaining an effective management system. Putting changes to processes on paper is easy but getting these new insights to employees is a different story. Eventually, they are the ones to work accordingly and while processes are created with the best intentions in mind they are not always well understood by everyone. This means training people is an important factor to maintain a successful management system.
To convince employees to work according to processes and procedures it helps explaining why they are as they are. Giving the purpose makes sure employees understand what risks the process or procedure mitigates or what consistency it strives for. Examples include consistency in product quality, customer approach or a smooth production process. People have the tendency to better follow the processes when they understand the reasoning behind them.
How to train people in practice?
Unfortunately there is no silver bullet in training employees. Every company has their own culture and way of doing things and thus should the training approach be in line. Despite the differences some best practices can be applied.
Regardless of company culture, training newly hired employees when they join the company is of great importance. A management system training should be scheduled to walk him/her through all the important processes for the job. Don’t go into too much detail, especially not for the lesser important processes but make sure all the key process for the job are well understood and explained properly.
Besides the training at time of joining, continuous training is of major importance as well. Processes and laws change, companies evolve, and thus continuous training is of the essence. Every change within the management system should be communicated on a regular basis and training sessions should be scheduled based on the impact of these changes. In case of for example an alteration to the core production process every employee whose job is impacted by the change should be trained and understand the new process. Again, not only the training itself is of importance but also the reason why the change has been approved. If possible try to elaborate on the NCR that caused the change. When the opportunity arises give credits to the person who noted down the NCR. This completes the communication cycle of the NCR and in addition increases employee engagement with the management system.
Identify training needs
A great instrument to discover training needs are the internal audits. The audits hold valuable information about how employees apply the process and where certain gaps are present. Whenever an employee turns out to not follow procedure, first determine whether the procedure itself is simply not functioning or just not understood. In case of a malfunctioning procedure it should be updated in close cooperation with the executing employee, and do not forget to communicate the update to others as well. For procedures that are not well understood a training can be scheduled to explain the procedure again to employees as a refresher.
Feel free to try out these techniques and let us know the results.
Certifications are often a result of customer demands, rather than a company necessity. Using certifications, like ISO9001, as a selling point, is rather a mere formality and is being utilised by more companies today. By being certified, a company shows it has certain procedures in place to provide optimal quality, but that doesn’t provide quality assurance while the actual management system does.
Qooling believes a company should not use the certificate as a selling point, but rather to use the certificate’s management system as a selling point. What better way to give potential customers insight in your operations, by showing them the management system? By example, show customers how the management system handles a complaint, and the process the system provides to resolve the issue. Additionally it is possible to give an overview of the qualified employees and how the management system ensures their knowledge is kept up to date.
We have seen users of Qooling show the procedures of their management system through the online interface to their customers. This way they prove to actually utilize the management system to their benefit, instead of just showing the certificate. Furthermore, they demonstrate how they handle incidents, perform quality checks on products and take care of customer service. The notification system ensures clients are always up to date, increasing confidence with the customer that important quality related actions won’t be forgotten.
Being transparent and giving your customers insight in the company’s management system builds trust with customers. Applying this strategy results in the management system becoming its own selling point.
Over the past months we have seen the introduction of the new ISO9001:2015 standard. To comply with this new standard we applied a strategy to introduce risk based thinking throughout the organisation with one of our customers.
The customer used the migration to this new standard as an opportunity to increase the employee engagement. This blog post describes the steps that were taken to get the employees involved in the risk assessment.
Step 1 — Explanation
Before we started actually identifying risks we explained to all employees what the new standard entails and how it may impact the way they work. The presentation covered all the changes to the norm but had a focus on risk based thinking. We elaborated on the description of what risks are and how they can affect the business negatively and/or positively. At the end of the presentation the employees were given the opportunity to ask questions.
We experienced this step as very important with the employees. These people are not into the ISO9001 content so some explanation really helped. Especially the opportunity to ask questions was important to get everyone on the same page.
Step 2 — Department based risk assessment
Every department of the organisation incorporates very specific risks. The employees of the different departments are the ones that have all the knowledge when it comes to these risks. To leverage this knowledge, we performed the risk assessments together with the employees of the different departments. It was like a brainstorm session where the input of all team members of the specific department was gathered. Doing the exercise with every department gave an enormous amount of data to structure the risk assessment.
Step 3 — Aggregation
All the outcomes of every session were combined in one big register to give an overview of the risks, their impacts and the actions taken by the company. Next, the actions that needed to be taken were handed out to the employees of the different departments. This is done to make every single employee responsible for a part of the risk mitigation strategy. The QHSE manager now only has to check if the employees are performing the actions instead of performing the complete risk assessment while employee engagement increased, because they are held directly responsible for a part of the risk management.
We applied this strategy to a relatively small company but it can be applied to bigger organisation as well. The process can exactly the same but only with middle and lower level management instead of every employee. Do remember that it is imperative to include management in the risk assessment.
The register used for this exercise can be provided to you within your Qooling account. If you would like to make use of this template please let us know.