Qooling » audit » event » QHSE

Category Archives: QHSE

Internal audit – Involve more people to get better results

On November 3th we hosted another free Workshop “Get the most out of your Internal audit”. After the feedback of last edition we decided to create more interaction to the workshop. The presentation was shortened and the actual doing was extended. We did this to increase the collaboration between the quality professionals.

Intern audit event

Internal audit

During this edition of the workshop the participants performed an actual Brown paper audit under the guidance of Emiel Kort. Emiel showed how to apply the methodology and what the added value of this type of audit can be. All the participants agree on the following added value:

  • Get a feeling for what colleagues do
  • Easy to identify the point for improvement
  • Internal audits can be more fun this way

Again the event was a great success. The participant learned a lot of new techniques from Emiel as well as their peers. Due to this success we are planning to organise more of these events so keep an eye on our linkedin page.

Published by:

Internal audit – pick the right strategy for your internal audit

Internal audits can be performed in so many different ways that it can become pretty tough to pick the best techniques for an internal audit. To name a few techniques: department based audit, employee based audit and clause based audits. Even though these techniques have their own unique advantages they all treat the processes in silo’s.

Most of these techniques make use of some sort of checklist to guide the auditor. This list allows the auditor to simply check whether or not evidence is present that the process is being followed. This is a good approach to check if the processes are followed but doesn’t say anything about the overall performance of the company with respect to the applicable norms.

This same techniques can be used to check compliance to certain standards. The compliance check is an important exercise and should definitely be performed at least once a year (depending on the frequency of changes of the different standards). However, for the company to gain insight in the added value of the processes it is important to also audits with respect to the interactions of them. This additional analysis shows the effectiveness of the process. Like when the required output from the sales process doesn’t align with the production process.

When the audits are ready, the most important activity is cross checking the outcome of those audits. The common denominator of the audits is one of the best input for improvement actions. A good example is when 8 out of 10 sales employees don’t follow a certain procedure. We would go over the procedure/process and that specific internal audit and perform a 5-why root cause analysis to see why all 8 employees break this procedure. When the root causes are clear and they are pretty similar for the entire workforce changes can be made to the procedure.

Internal audits are very important to check the effectiveness of the company but make sure they aren’t performed in separate silos and perform cross audit analysis to really gain insight into the effectiveness of the procedures. The second lesson is: apply a diversified audit strategy. Every audit technique has his own advantages. Make sure you use them all.

Published by:

Risk Management in ISO 9001:2015

Risk management is one of the basic requirements as described in the HLS (High Level Structure). This HLS applies to all standards that “are plugged into it” and the High Level Structure (HLS) of the new ISO management systems has six clearly distinguished elements:

  1. Leadership and Creativity
  2. Risk
  3. Compliance Management
  4. Process Approach
  5. Improve Management
  6. Monitoring and Detection

When integrating systems such as ISO 9001, ISO 14001 and OHSAS 18001, we have always looked at overlapping elements as “lean and mean” and their integration as much as possible. However, this blog is not so much about this radical change at first sight. A bigger change I see for yourself in the refurbishment of the elements Corrective and Preventive actions.

The elements Correction and Preventive encountered resistance in many organisations. Discovery of errors is often bad enough, administering them is like treason and investigation the root cause is insane. With this percepetion, of course, you can never keep it nice and cosy in the company. Thoughts about risks, and recording them is often experienced as an “American” experience to be able to blame afterwards.

The first two points of the HLS are therefore extremely important and elementary. New? No, not at all! Most companies estimate – prior to projects or processes – all the risks and try to eliminate them.  In the years ahead – I expect – leadership herein are key. In this time of uncertainty good leadership is essential, after all, despite all the tensions a culture that allows errors – but don’t make the same mistake twice AND be able to demonstrate a decent performed risk assessment – is necessary.

With this in mind words like creativity, leadership and risk management as described in the new standard gives a lot of homework to companies.

Actually, isn’t it is a pity that we have misunderstood the paragraph “Preventive action” for all these years?


Guest author: Robert Paul Boer

Published by:

Digital Quality and Safety Management

A question often asked is “Why would we want to use a dedicated digital solution for our quality and safety activities while Office and an intranet are working just fine?”. It indeed might work just fine, but that is also where the issue lies. Exactly in those two words: “just fine”.

Why digital?

A dedicated digital solution is defined as a solution which has the ability to manage all quality and safety related activities such as procedures, forms, issues, incidents, NCRs, CAPA and other registers. These solutions aggregate all information needed to make good business decisions and reduce business risks. They give deep insight in the cost of lack of quality and allow every employee to easily engage with the information.

The Office based solution might work just fine but requires many manual actions and is therefore not only labor-intensive but also prone to mistakes. A simple example is version control on procedures and processes. This administrative action can lead to employees using outdated versions. In addition, especially for companies where e-mail is used extensively, distribution is an issue and people tend to re-use wrong versions. The same goes for internal forms. 

A digital solution helps companies prevent such mistakes from happening. Furthermore, the registration of for example NCRs and corrective actions can all be automated and linked. For example during an audit an NCR is identified and should be filed. This requires another form for the NCR plus the additional corrective actions should be registered. Good digital solutions have an easy to use interface where the entire registration process can be done on a single screen which saves over 75% of the time.

The next big advantage of a digital quality and safety management solution is the ability to have a good insight in what goes on in the management system. The structured data makes it easy to visualize what is valuable. Dashboards give great insight in the actions to be taken and status of certain KPIs. A good example is the ability to see which suppliers are doing great and which ones should improve.

The latest digital solutions have a mobile application. This allows for all kind of data collection which wasn’t possible in the past. Service engineers can easily report issues on the go while warehousing personnel can report issues when supplies are not delivered according to quality demands. These new streams of data weren’t reaching management in the past, because of the cumbersome process that required the reporter to be behind a desk or having the latest forms printed.

The decision to implement a dedicated digital solution to manage the quality and safety aspects of the company will add a lot of value by means of the opportunities described above.

Like to find out how a digital solution can streamline your business? Contact us nick@qooling.com


Published by:

Non conformance report: what’s in it for me?

The non conformance report: what’s in it for me?

In a previous blog post we gave a few tips on when to write an NCR. However, a lot of employees still don’t write an NCR even though they should. The main reasons for not writing the NCR are; 1) they don’t see the added value and 2) they are afraid to get punished for it. In this blog post we will dive deeper into these reasons.

Not seeing the Added Value

Many employees don’t write an NCR because they don’t see the added value. This is a shame, because there is a lot to gain for not only the employer but also the employee. A proper follow up and root cause of the NCR provide valuable insights into what is going wrong within the organisation. Without this analysis the company is not able to improve the way of working, which ultimately benefits the employees and should make life easier for them as well. Hence, it is very important that employees write NCR’s in order to gain these insights.

In order to get employees involved in process improvement, communication is key. Many are willing to share their knowledge when they see that management takes them and their feedback serious. Always make sure to communicate the results of a root cause analysis with involved employees and ask for potential improvements. It is even better to include them in the entire process. This attitude will prove them that they do have a voice in the improvement process of the company. Moreover the direct effect of the NCR they wrote becomes visible.

Afraid of Punishment

Surveys show a major part of the workforce marks “making errors on the job” as their number 1 fear. We are all humans, and everyone makes mistakes. A company can only learn from her mistakes when the employees are willing to write NCR’s, and therefore admit them. Particularly important is to realise that nobody makes a mistake on purpose and that sometimes a mistake actually is a flaw in the (management) system.

It is crucial that management never punishes employees for making mistakes and reporting it. Ultimately this causes the learning cycle of the company to stop. Management should guide and train the people who have direct responsibility over the root cause of the NCR’s and never punish anyone. For instance, when a particular employee is involved in a number of NCR’s it is of major importance that management has an open mind about why this happens. It could very well be that the company didn’t provide the person with the right tools or training.

Based on these two reasons we can (again) conclude that company culture plays a big role in the willingness of employees to write NCRs. When people feel happy and aren’t afraid they will be more open and share all the things that went wrong easier. Therefore it is important that management does whatever it takes to prevent a blaming and shaming culture within the organisation. Such a culture would be detrimental to a company who would like to learn from its mistakes.

Please share your experiences in the comments.

Published by:

The importance of training employees

Proper training is crucial when it comes to creating and maintaining an effective management system. Putting changes to processes on paper is easy but getting these new insights to employees is a different story. Eventually, they are the ones to work accordingly and while processes are created with the best intentions in mind they are not always well understood by everyone. This means training people is an important factor to maintain a successful management system.

To convince employees to work according to processes and procedures it helps explaining why they are as they are. Giving the purpose makes sure employees understand what risks the process or procedure mitigates or what consistency it strives for. Examples include consistency in product quality, customer approach or a smooth production process. People have the tendency to better follow the processes when they understand the reasoning behind them.

How to train people in practice?

Unfortunately there is no silver bullet in training employees. Every company has their own culture and way of doing things and thus should the training approach be in line. Despite the differences some best practices can be applied.

New employee

Regardless of company culture, training newly hired employees when they join the company is of great importance. A management system training should be scheduled to walk him/her through all the important processes for the job. Don’t go into too much detail, especially not for the lesser important processes but make sure all the key process for the job are well understood and explained properly.

Ongoing training

Besides the training at time of joining, continuous training is of major importance as well. Processes and laws change, companies evolve, and thus continuous training is of the essence. Every change within the management system should be communicated on a regular basis and training sessions should be scheduled based on the impact of these changes. In case of for example an alteration to the core production process every employee whose job is impacted by the change should be trained and understand the new process. Again, not only the training itself is of importance but also the reason why the change has been approved. If possible try to elaborate on the NCR that caused the change. When the opportunity arises give credits to the person who noted down the NCR. This completes the communication cycle of the NCR and in addition increases employee engagement with the management system.

Identify training needs

A great instrument to discover training needs are the internal audits. The audits hold valuable information about how employees apply the process and where certain gaps are present. Whenever an employee turns out to not follow procedure, first determine whether the procedure itself is simply not functioning or just not understood. In case of a malfunctioning procedure it should be updated in close cooperation with the executing employee, and do not forget to communicate the update to others as well. For procedures that are not well understood a training can be scheduled to explain the procedure again to employees as a refresher.
Feel free to try out these techniques and let us know the results.

Published by:

Management system as selling point: practice what you preach

Certifications are often a result of customer demands, rather than a company necessity. Using certifications, like ISO9001, as a selling point, is rather a mere formality and is being utilised by more companies today. By being certified, a company shows it has certain procedures in place to provide optimal quality, but that doesn’t provide quality assurance while the actual management system does.  

Qooling believes a company should not use the certificate as a selling point, but rather to use the certificate’s management system as a selling point. What better way to give potential customers insight in your operations, by showing them the management system? By example, show customers how the management system handles a complaint, and the process the system provides to resolve the issue. Additionally it is possible to give an overview of the qualified employees and how the management system ensures their knowledge is kept up to date.

We have seen users of Qooling show the procedures of their management system through the online interface to their customers. This way they prove to actually utilize the management system to their benefit, instead of just showing the certificate. Furthermore, they demonstrate how they handle incidents, perform quality checks on products and take care of customer service. The notification system ensures clients are always up to date, increasing confidence with the customer that important quality related actions won’t be forgotten.

Being transparent and giving your customers insight in the company’s management system builds trust with customers. Applying this strategy results in the management system becoming its own selling point.

Published by:

ISO9001:2015 – A practical guide for risk assessment

Over the past months we have seen the introduction of the new ISO9001:2015 standard. To comply with this new standard we applied a strategy to introduce risk based thinking throughout the organisation with one of our customers.

The customer used the migration to this new standard as an opportunity to increase the employee engagement. This blog post describes the steps that were taken to get the employees involved in the risk assessment.

Step 1 — Explanation

Before we started actually identifying risks we explained to all employees what the new standard entails and how it may impact the way they work. The presentation covered all the changes to the norm but had a focus on risk based thinking. We elaborated on the description of what risks are and how they can affect the business negatively and/or positively. At the end of the presentation the employees were given the opportunity to ask questions.

We experienced this step as very important with the employees. These people are not into the ISO9001 content so some explanation really helped. Especially the opportunity to ask questions was important to get everyone on the same page.

Step 2 — Department based risk assessment

Every department of the organisation incorporates very specific risks. The employees of the different departments are the ones that have all the knowledge when it comes to these risks. To leverage this knowledge, we performed the risk assessments together with the employees of the different departments. It was like a brainstorm session where the input of all team members of the specific department was gathered. Doing the exercise with every department gave an enormous amount of data to structure the risk assessment.

Step 3 — Aggregation

All the outcomes of every session were combined in one big register to give an overview of the risks, their impacts and the actions taken by the company. Next, the actions that needed to be taken were handed out to the employees of the different departments. This is done to make every single employee responsible for a part of the risk mitigation strategy. The QHSE manager now only has to check if the employees are performing the actions instead of performing the complete risk assessment while employee engagement increased, because they are held directly responsible for a part of the risk management.

We applied this strategy to a relatively small company but it can be applied to bigger organisation as well. The process can exactly the same but only with middle and lower level management instead of every employee. Do remember that it is imperative to include management in the risk assessment.

The register used for this exercise can be provided to you within your Qooling account. If you would like to make use of this template please let us know.

Published by:

The non conformance report: When to create one?

Last week I had a very interesting discussion with a QHSE manager regarding Non conformance report (NCR). While working on improvements on their management system we tried to come up with a clear definition of when to write an NCR.

They form a valuable source for a company to learn from and discover room for improvement, however it is often unclear when to write an NCR. Therefore, we discuss a few situations which should lead to an NCR.

Procedure deviation

There is the situation when an employee deviates from a procedure. This is a clear NCR. The company created the procedure to streamline business activities and to define what people should do. Some of these procedures are even implemented to prevent frauds or breaking the law. Whenever an employee deviates of a procedure an NCR should be written. A good example is when a mechanic purchases some goods without approval by the financial manager. Due to rules set by financial auditors it is important that the financial manager signs the purchase orders. In this situation it is important that an NCR is written and the mechanic is trained on the reasons why the financial manager has to sign off on a purchase order.

Product deviation

What if a product is finished but not according to the specification of the customer, which is noticed before delivery? The customer hasn’t seen the product yet so no problem right? Wrong actually. When this NCR is not noted down the company can not investigate what went wrong in the production process. The NCR gives the company the opportunity to find out where the mistake was made and take the measures needed to prevent it from happening again.

Deviation from customer expectation

Inline with product deviation is the deviation from customer expectation. The most obvious deviation is just a customer complaint. But in addition, customers might also have expectations that haven’t been addressed in previous discussions. Though the product has been produced as per contract it could very well be that the customer is not satisfied. As an organisation it is important to notice such situations by discussing the satisfaction with the customer, preferably as soon as possible. Early detection of deviation from customer expectation is especially important because rework can get very costly in later stages of the project.

Qooling -- QHSE tooling

Unsafe situation

Another great example of an NCR which should be written is an unsafe situation. However, in practice the definition of an unsafe situation is unclear to a lot of people. Some might say that almost hit by a car was a near miss and should be registered while others don’t experience it as an unsafe situation. To get the definition consistent within the organisation, clear communication and proper training is required.

Deviation against statutory or regulatory requirements

It is always good to check if an employee acted within company values and of course within the law. It might happen that an employee acted within the boundaries of a procedure but did break with the company’s core values. Employees should never deviate from those values even when the employee acts according to a procedure, because they represent what the company stands for and breaking them causes harm to the integrity of a company. The same can obviously been said about the law.


In the end, there are thousands of reasons for when to write an NCR and when not. However, it is important that everyone within the organisation writes them down. In order to facilitate this it is crucial that the company clearly communicates the criteria the company has for an NCR. This could be elaborated by providing certain cases of when to write a NCR with the employees.

If you have any experience with this, please share it in the comments.

Published by:

The right tools for your QHSE management

As with all tools, QHSE tools should be making your life as a QHSE manager easier. As of today still a lot of companies use the Microsoft office package as a tool to manage their QHSE management system. The choice for using Office is pretty reasonable at first sight because of the convenience and the wildly accessible resources available on the internet. Moreover, most people possess the skills required to work with Office. However, the use of Office does have some limitations which more often than not boil to the surface during the audit by an External Certified Body.

Version control

Keeping track of versions can be a though job with office documents. At the same time, most norms are very strict on document control: the company should be able to show the latest version of the document at any time and prove that employees do not use obsolete documents.

QHSE management tools mostly automated the mundane task of increasing versions of documents and making sure obsolete documents are not shown to the employees. This helpful feature prevents organisations from making administrative mistakes.

Document Distribution

In line with version control is the distribution of the revised documents. When the document is updated it is important that the latest version is distributed amongst the employees and that they start using this latest version. At a lot of companies the distribution is mainly done by just dropping the document on a particular part of the server and notify employees. Some companies might have their own document system for this but the result is the same.

To make sure that employees can only use the most recent documents the server requires time consuming (manual) configuration. In contrast, proper QHSE management tools enables companies to have one central place where they can stores all the documents. Also do these tools only show the latest version of the documents to the users. No more business risks of using wrong templates or procedures.

Access Rights

Once downloaded, office documents have the issue that they can be altered by everyone (even in PDF). This can partly be prevented by adding passwords or “locks”, but there are plenty of ways to work around such measures. The right QHSE management tool allows organisations to give an employee the precise access rights he or she needs. Configuring who is allowed to view or edit documents is at the base of such a tool. In addition, the approval of documents by the person responsible (e.g. management) is supported as well. The document owner first has to approve a document before it can be used by others: this process increases the data integrity of the documents and reduces administrative overhead.

Broken links

Many office-based systems use the file structure of windows as their architecture. Within these QHSE systems a single Excel file has been developed which holds a lot of links to different documents. This works perfectly until somebody replaces a document without updating the Excel file, introducing a broken link within the document. The lack of validity checks allows broken links to start creeping into the system over the years, which essentially cripples the system and makes the whole system less effective.


QHSE management tools take away a lot of the mundane activities of maintaining the QHSE management, like updating registers, updating documents, fixing broken links and setting proper access rights. These tools don’t take away the need for people who manages these system but they help these managers to get the obligatory administrative activities done and done right. This allows the managers to put more time into improving the system.

Qooling is a QHSE management tool which allows you to benefit from all the points discussed above. When you are interested in having a better aligned QHSE management system feel free to contact us.

Published by: