1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Use of WHAT IF as the main auditing tool for Risk-Based Thinking

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by tony s, Apr 9, 2017.

  1. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    If you do, please let us know how it goes. I once had a highly placed person in my organization tell me of a wish more clients would file disputes. It sent me a message.
     
    Andy Nichols likes this.
  2. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    There's a person who doesn't understand quality management systems...
     
  3. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    Quite the opposite. The message I was getting was that she realized more clients could enforce their concerns than were already doing so.
     
    Candi1024 likes this.
  4. PSRiordan

    PSRiordan Member

    Joined:
    Dec 14, 2016
    Messages:
    13
    Likes Received:
    9
    Trophy Points:
    2
    Risks and opportunities certainly should be considered relative to context of the organization and its objectives, but the standard also requires that you consider risks and opportunities relative to the processes identified as being part of the QMS (quote, productions, purchasing etc.) This is clearly stated in 4.4.1. So considering risk/opportunities only around context of the organization isn't enough.

    That being said, Annex A has lots of "great" clarification with regard to what is required.
     
    Jennifer Kirley likes this.
  5. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Any CB management relying on clients to "dispute" their auditors' findings doesn't understand the Certification industry, clearly. Relying on your clients - who often live in fear of "retribution" and think their auditors know the correct interpretations of ISO 9001 et al is bizarre. Just yesterday, I encountered another client who does internal audits to a checklist based on the standard and even copies the CB non-conformance report! The only thing the CB auditor has ever said is "You don't have enough auditors:.. <SMH>
     
  6. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    Clients have rights that include disputes. ANAB expects them to be informed of that in opening and closing meetings. I can't vouch for the behavior of auditors you are with and I am nowhere around to see, but I can promise you we don't always get it right and the client absolutely should dispute if they think that has happened. With some of the current confusion, disputes can actually serve a useful purpose. Today I had a client assure me his top management won't be around for the audit, to be included for management responsibility. We'll see how that goes.
     
    etorresg likes this.
  7. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    Yeah and it's frustrating when your management will seem that we implemented incorrectly because CB auditors find our approach "inadequate".
    I hope our CB auditors have this prudence.
     
    Andy Nichols likes this.
  8. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    It is hard to comment when I was nowhere around at the time these described things happened. Not only am I unable to consider the context of what was said, I have no idea what the policies and procedures are for the given CBs.
     
  9. Paul Simpson

    Paul Simpson Member

    Joined:
    Aug 6, 2015
    Messages:
    41
    Likes Received:
    61
    Trophy Points:
    17
    Thanks, Tony. An observation is more than an OFI in my experience and it looks like the auditor will raise this as an NC at Stage 2 unless you take action. IMHO you have two options:
    1. Follow the auditor lead and do a lot of 'what if' and rely on you list of scenarios being longer than his / hers.
    2. Get your challenge in before Stage 2 by clearly documenting your understanding of the relevant clause(s) and force the CB to come to a decision before sending the auditor back in.
    My recommendation would be option 2.

    If you would like further views on approach perhaps you can post the wording of the Observation?
     
    etorresg and Andy Nichols like this.
  10. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    Since the audit report is confidential, Im afraid I cannot post the statement in verbatim. Let's just say they stated like this: "The FMEA-like RBT tool did not include risks like lack of resources, failure to deliver on time, task not performed".

    Our chosen tool serves as a "living document" and whenever we identify risks triggers its update. Any change in our processes requires the accomplishment of our RBT tool. Actions are required to be integrated to address risks/opportunities every time we accomplish the tool. If we're planning to install a new process, perform RBT using the tool. So it's a process of never-ending RBT for us - not a one-time event. If auditing RBT implementation is going to be a "battle of list" on Stage 2 audit, then IMHO, CB auditors fail to understand the intention of the RBT concept that is being promoted by ISO 9001:2015.
     
    etorresg likes this.
  11. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    Surprisingly, during our meeting to review the Stage 1 audit findings, one of our key personnel shared her inquiry to our CB auditor. She asked this question before the auditor leave for another audit area: "Sir if today is Stage 2 and you find our RBT tool failed to include the risks you cited, would you raise a nonconformity?". The auditor coyly answered "No".
     
  12. Niko90

    Niko90 Member

    Joined:
    Oct 12, 2016
    Messages:
    7
    Likes Received:
    2
    Trophy Points:
    2
    Location:
    Tagaytay, Philippines
    When I first heard about the changes of the 2015 version, I was really excited because, to me, this gave a 'sandbox' environment (i.e. understanding context, no requirement to use formal risk management, relatively lesser documentation) for organizations establishing and maintaining their QMS. However, based from what I've read in this thread and from our experience, it seems that some organizations are being 'railroaded' to a certain path.

    I am sorry if this seems like a rant but I just wanted to point out that not all audit clients may not be as assertive as Tony S and his organization. Those who do not share this assertiveness may be pushed to take a path just because they were intimidated by their auditors.
     
    Andy Nichols likes this.
  13. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    If assertiveness means being able to stand up for your own right/thought/understanding in a positive way, without being aggressive and, more importantly, without being passively accepting "wrong", - then this should be the way how organizations conduct themselves when being subjected for 3rd party assessment.
     
    Jennifer Kirley and etorresg like this.
  14. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    There is certainly going to be variation in how people understand the standard, the limits to which we can "interpret" the clauses and auditor personalities.

    It is also a certainty that auditors, while getting training as a part of their organizations' accreditation, are getting a diverse sort of training; not everyone is going to receive the same message every time. If I had my wish, every one of us would complete an accredited 5-day Lead Auditor class. But of course we won't. Even if we did, there is certain to be some variation in what the instructors say.

    These are the reasons why I give all my clients the hyperlink to the Auditing Practices Group web page, which is from the Technical Committee, and I insist that clients have the right to dispute nonconformities they don't agree with. The dispute process is more important now than ever. I am getting a dispute this week.

    In my view, auditors who become annoyed by a dispute should be doing a different line of work.