On-site Supplier Audits

In my recent post in March on Supplier Evaluations, I addressed supplier self-assessment questionnaires.  Questionnaires are good, but sometimes it is good to visit the customer.  What should one do when on-site at the supplier?

A client recently asked me how to conduct an on-site process audit of a supplier.  He was visiting the supplier anyway, so it made sense to him to conduct a process audit while there.

When doing such an audit, I like to start with known purchase orders (open and closed) and follow those orders from the point where the PO is received by the supplier to the point where the product ships.  Asking the supplier to retrieve records about a closed order also helps to assess the supplier’s record keeping.

To assist the client, I came up with 10 areas of questioning.   The questions follow a customer purchase order through the sales order, design, procurement, production and inspection processes.  They offer a pretty good idea about the supplier’s processes and how well aligned with the standard they are.  Such an audit can be conducted in a couple of hours and give a pretty good idea of the supplier’s compliance with ISO 9001 requirements.

You can find the questions here , in the advice section of my web site.  For questions, or additional information, visit www.rosehillsystems.com.

Training Requirements

ISO 9001 Section 6.2.2 Competence, training and awareness identifies five requirements:

1. Determine necessary competence
2. Provide training
3. Evaluate training given for effectiveness
4. Assure that personnel are aware of the relevance of their work
5. Maintain training records

1. Consider creating job descriptions. Job descriptions identify the skill set a qualified employee must possess to perform the functions of the job. Larger companies have them because they are used as a mechanism for determining the value of, and hence the wages paid for each job, but they also identify the training requirements for the employee.


2. With a job description in place, it is easy to do a gap analysis for an employee to determine what additional training he or she should be offered. Some training must be provided to all employees, and some training must be repeated periodically. Safety training is an example of training that in many cases is required to be given periodically. Most employees are not skilled in the requirements of ISO 9001, or quality in general, so some form of general quality training is normally required for all employees.


3. There are many ways to evaluate the effectiveness of training. One way is a periodic performance review. These are usually attached to pay increases, and, done properly; they also identify skills weaknesses that can be corrected by additional training. Perhaps the most effective method of determining training effectiveness is testing.


4. Employees want to do a good job. They know how to perform the tasks of the job and usually do it consistently well. But many manufacturing employees have no idea how what they are making or how the product they are making will be used. Explain to employees how the work they perform affects the quality of the products and services the organization supplies, and what the product does for the customer.
   
   Not explaining how the organization’s products are used can have unintended consequences. The Space Shuttle booster rockets were stored in a dry nitrogen environment prior to use. A component we produced helped circulate nitrogen in the storage container. We all watched the launch of the Challenger. When the Challenger space shuttle exploded on takeoff, the employee who assembled this component started crying because she believed that the product she produced had failed and caused the explosion. Of course this was not the case.


5. Each employee should have a training plan. A training plan outlines the training that a person is required to have. The training plan should be in alignment with the job description, and any other company or regulatory requirements for training. ISO 9001 requires that records of training performed be maintained. Training records can be compared to the required training and used to identify any required training which needs to be performed.

Finally, for those senior managers who believe that training is unnecessary, or a wasteful expense, I offer this question: How many incompetent people do you want working for you?

For more information visit www.rosehillsystems.com.  In the tools section you will find some PowerPoint presentations that can be used as a basis for ISO 9001 training.  Steal shamelessly.

Nonconforming Product

ISO 9001 section 8.3 Control of nonconforming product states: “The organization shall ensure that product which does not conform to product requirements is identified and controlled to prevent its unintended use or delivery.”  The standard requires that a specific procedure be written that describes how nonconforming product is controlled.

Simply put, the standard is saying: Don’t mix the good stuff with the bad stuff.  Defective material should be placed in an area specifically designated for nonconforming product.  That area should be segregated from good product and specifically labeled as nonconforming product.

The product placed in that area must be labeled, and its nonconformances identified.  It is common for organizations to generate a report that identifies and describes the defective product.  These reports go by many names such as Discrepant Material Report (DMR), Nonconformance Report (NCR), etc.  They typically identify the product, the discrepancy or discrepancies, and the number of pieces involved.  The form is also used to identify the actions taken, who authorized the actions, and what the final disposition of the material was.  The standard allows the following actions:

• Rework the product to specification
• Use as is (“authorizing its use, release or acceptance under concession”)
• Scrap
• Re-grade for some other purpose

My personal opinion is that ‘Use as is’ should be avoided if at all possible.  It has the following problems:

• An inferior product is gets shipped to customers
• A message is sent to employees that defects are acceptable

When product is reworked, it must be inspected for the defect originally identified. 

The discrepancy report, indicating the actions taken and the final disposition is a record which must be maintained.  Periodically records of nonconforming product should be analyzed.  Analysis might identify possible preventive actions that could reduce nonconformances in the future.

For more information visit www.rosehillsystems.com .

Supplier Evaluations

ISO 9001 section 7.4.1 states: “The organization shall evaluate and select suppliers based on their ability to supply product in accordance with the organization’s requirements.  Criteria for selection, evaluation and re-evaluation shall be established.  Records of the results of evaluations … shall be maintained.”

Some customers use site visits to assess the capabilities of the supplier, but ISO 9001 does not specifically require this practice.  Most customers send potential suppliers a self-assessment questionnaire.  Self-assessment questionnaires can be simple or complicated to complete.  Be aware that the likelihood of receiving a response to a questionnaire is inversely proportional to the questionnaire’s complexity.

I’m not in favor of complicated multi-page questionnaires in most cases.  If the organization intends to place a small order with a supplier it is not likely to use often, it is unlikely that a complex questionnaire will be returned in a timely manner, if it is returned at all.  A simple, short questionnaire is more likely to be completed and returned.

If the supplier is to be a key supplier with a significant business opportunity, and a likely long term business arrangement, it may be better to visit the supplier and complete a complex questionnaire yourself in an on-site audit.  Meeting the players creates a better, more lasting relationship with the individuals involved.  These relationships make problem solving over the phone or by e-mail more likely to be successful.   As to what questions to ask, Govind Ramu presents an interesting perspective, in the Expert Answers section of   Quality Progress March, 2013 where he addresses questions to ask and not to ask a supplier.

Consider establishing (and documenting) multiple criteria any of which will qualify the supplier.  Examples might be:

·         ISO 9001 certified

·         Over one year experience with the supplier with few product rejections

·         Franchised supplier (for distributors)

As you collect supplier qualification data, consider storing the responses in a database.  The database facilitates contacting suppliers when quality problems arise and provides a tool for re-evaluating the supplier.  I recommend contacting the supplier near the time when his certification expires, and if it is not certified, annually.  A database can facilitate and automate this work.

Key suppliers, those suppliers who get most of your business, should be rated by some rating system routinely.  The ratings should be fed back to the supplier.  Examples of such ratings might be:

·         On time delivery percentage

·         Number of lots rejected divided by the number of lots received.

·         A multiple of the two above.

For an example of a simple questionnaire visit www.rosehillsystems.com and click on Tools.

Preventive Action

Preventive Action

Many get confused with corrective and preventive actions.  While corrective action deals with existing nonconformances (defects), preventive actions deal with nonconformities that haven’t occurred, but might occur in the future. 

In section 8.5.3 Preventive Action, ISO 9001 states “The organization shall determine action to eliminate the causes of potential nonconformities in order to prevent their occurrence.”  Potential problems are usually identified from the analysis of metrics, or from audits.

For example, an organization has a metric for on time delivery, and will take corrective action when delivery falls below 95% on time.  The metric is above the limit, but examination of the metric chart shows that on time delivery has decreased each month for the past 5 months.  A corrective action is inappropriate because the metric hasn’t fallen below the requirement (95%).  In this case, preventive action is more appropriate.

Whereas corrective action requires that action be taken, preventive action does not.  Consider a control chart for a machine tool.  The chart indicates that the tool is wearing and may need to be replaced soon.  Do we change the tool now or wait until the control limit is exceeded?  An economic analysis might suggest that we wait for the control limit to be exceeded because the cost of the tool is high or the cost of lost production is high.   The customer may be in critical need of the product and we can’t afford to shut down the machine now.  A decision to continue production would close the preventive action.

 A decision to take action would allow the machine tool to continue operation while a plan is developed for implementing a replacement.  In contrast, if this were a corrective action, the tool would be shut down until a replacement is available.

Once the decision to take preventive action has been made, the process becomes very similar to corrective action.  An action is selected, usually by a team.  A plan is developed to implement the preventive action selected, and the implemented action is monitored for effectiveness.

Some organizations use one form for both preventive and corrective actions.  In the case of a preventive action, there is no evidence of nonconformance, and there is no containment plan, since a nonconformance has not occurred.  Root cause analysis still occurs because there may be many choices of actions to take.

When the action(s) have been identified, a plan for implementation is developed.

My steps of preventive action look like this:

1.       Problem statement

a.       State the requirement

b.      State the evidence of potential nonconformance

2.       Root cause analysis

3.       Preventive action plan

a.       What action(s) will be taken?  NOTE: The plan might be to do nothing.

b.      When will they be implemented?

4.       Follow Up

a.       Were the actions taken effective?

In contrast, my 5 steps of corrective (See my August 2012 blog) are

1.       Problem Statement

a.       State the requirement

b.      State the nonconformance

c.       State the objective evidence of the nonconformance

2.       Containment Plan

a.       When did the problem start?

b.      What are we doing to control the bleeding while we are looking for a solution ( short term fix)

3.       Root Cause Analysis

4.       Corrective Action Plan

a.       What will be done to eliminate the root cause(s)?

b.      When will they be implemented?

5.       Follow Up

a.       Was the implemented corrective action effective?

b.      Was the short term fix removed?

 

For more information visit www.rosehillsystems.com

Production Control

ISO 9001 section 7.5.1 states:  “The organization shall plan and carry out production and service provision under controlled conditions.”  It goes on to state that controlled conditions means availability of product specifications, work instructions, equipment, and test equipment etc.

In an audit I was conducting recently, I came across a work instruction that instructed the technician to ‘use the custom jig.’  This raises the question:  Does ‘controlled conditions’ mean that jigs and fixtures should be identified and controlled?  It’s an important question from the auditor’s point of view.  If the fixtures are not controlled, should I write a corrective action?

To me, control means the same thing for a tool that it means for a document or  inspection equipment.   It should be identified, it should have a revision, changes to it should be approved prior to issue, and it should be inspected periodically to assure it is viable for use.

I raised the question of controlled tools with other quality professionals, and they all seemed to think the standard is moot on this point.  They all agreed that it makes prudent sense though.  Other standards such as AS9100 (the aerospace equivalent of ISO 9001) clearly state the requirement for tool and jig control.

Consider the potential problems:

·         A fixture used in production wears out over time and must be replaced.  Without a drawing, how do we make a new one that works the same as the last one?

·       The fabricator of the fixture leaves the company, or worse, we need to use the tribal knowledge of the person who made it to make another (assuming he or she remembers how).

·         A technician trainee doesn’t know what ‘use the custom jig’ means and doesn’t use the one we’ve fabricated for the purpose.

The standard leaves many things to interpretation by the external auditor.  Regardless of what the standard says, or how it is interpreted, be sure to document all production tooling with a tool number or other identifier, revision level, and a controlled drawing.  Inspect the tooling periodically to assure it has not worn to the point where it should be replaced.  It may make your ISO 9001 implementation a little easier.

For more information go to www.rosehillsystems.com

On Inspection

ISO 9001 section 8.2.4 states “The organization shall monitor and measure the characteristics of the product to verify that product requirements have been met.”   The standard goes on to say “Evidence of conformity with the acceptance criteria shall be maintained.”  It fails to point out though that quality cannot be inspected into the product.

Many organizations fail to achieve high quality, because they rely on inspection in the belief that they can inspect quality into the product.  Point 3 of Edward Deming’s 14 points states “Cease dependence on inspection to achieve quality.  Eliminate the need for inspection on a mass basis by building quality into the product in the first place.”  Phillip Crosby’s second absolute of quality says it differently: “The way to cause quality is through prevention not appraisal [inspection]”.

For a good example of what can happen when inspection is used as the only means of assuring quality read Austin, A L (2013) “Failure of Inspection The consequences of layering on quality checks” Quality Progress, January 2013.

In an audit I performed recently, the customer was inspecting welds using dye penetrant testing.  I issued a corrective action because no evidence that the tests had been performed was available.  The test reports didn’t include a place for the technician to indicate that the testing had been performed.  When inspection is performed assure that the results of inspection are recorded. 

Keep in mind that even 100% inspection is not 100% effective.  Inspectors make mistakes too.  Focus on mistake proofing production processes and designing quality into the product, not inspecting quality into the product.  Inspect when you must.  Select inspection points to occur just before high cost processes occur.  This assures that the product conforms to requirements before high cost is added to the product.  When you inspect assure that the results of inspection are recorded.

For more information go to www.rosehillsystems.com