1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Risks as basis for setting quality objectives

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by tony s, Apr 10, 2018.

  1. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    We've just went through our first day of our first surveillance audit and it went a bit colorful. A team of five CB auditors came to audit us. One of the CB auditors was assigned to audit our corporate planning process. This auditor criticized our approach in establishing quality objectives. He told us that when establishing objectives we must identify first the risks. Then from the identified risks, the objectives can then be determined and set.

    Of course, we defended our way of establishing objectives. We told him that we started from establishing the strategic goals of the organization (i.e. long term goals), then support the strategic goals with departmental objectives (that are annually set and evaluated) and then support the departmental objectives with the individual performance targets (that are evaluated semi-annually).

    But he kept on coercing us that his approach is the proper way and it is "how" Clause 6 requires an organization to do. Since he's hinted that he might raise an NC, we argued with him. Surprisingly, at the middle of a long argument, he declared that he's not feeling well. He called their office to notify that he can't go on with the audit and left the other members of the audit team. It's like a walk-out.

    How will you handle this kind of auditor's attitude?:eek:
     
  2. Michael923

    Michael923 New Member

    Joined:
    Apr 10, 2018
    Messages:
    3
    Likes Received:
    3
    Trophy Points:
    2
    Setting your objectives from your strategic direction is correct. - Many companies fail to grasp that....

    Clause 6 does not require you to set your objectives based on your identified risks.

    You will need to identify your risk, take action to mitigate those, and determine how effective those actions were.

    How you handle the auditor is up to you. I recommend, respectfully asking where in the standard it states objectives have to be established from the risks identified. Then I would bring it to the lead auditor's attention.

    Best Regards,
    Mike
    ISO9001:2015 Lead auditor.
     
  3. yodon

    yodon Well-Known Member

    Joined:
    Aug 3, 2015
    Messages:
    198
    Likes Received:
    115
    Trophy Points:
    42
    Good for you for standing up to a 'bully' auditor. I wonder what the others on the audit team felt of the desertion? Did the lead auditor weigh in?
     
    tony s likes this.
  4. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I wonder what qualifications the auditor was using, telling you that kind of thing? MBA? Oh, no! They simply passed a Lead Auditor course - big freakin' deal!

    Call the CB's management (after telling the Lead Auditor) and ask for the truculent one to be replaced, at no cost to you!
     
    tony s likes this.
  5. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    Today's the second day of the surveillance audit. happily the "imposing" one is not here today but was replaced by the CB Operation's Head. I hope they will not try to get even with us. I'll keep you posted once we completed the audit today.
     
  6. Golfman25

    Golfman25 Well-Known Member

    Joined:
    Nov 6, 2015
    Messages:
    816
    Likes Received:
    402
    Trophy Points:
    62
    In reality risks are why you might fail to achieve your objectives. Not sure how you could set objectives from risks. Good riddance.
     
    Andy Nichols and tony s like this.
  7. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    The second and last day of the surveillance audit was completed and we've incurred a single NC concerning control of documented information. Good thing that it's not related to the issue above. The rest of the CB auditors did not push through with the issue raised by the "imposing" auditor. Though we did not put our complaint in writing, I'm sure that we've seen the last of him.
     
  8. Serious Man

    Serious Man Active Member

    Joined:
    Oct 24, 2017
    Messages:
    79
    Likes Received:
    28
    Trophy Points:
    17
    My personal attitude is "Even idiot can ask a question, which eventually may be worth to think about."
    Strategy -> objectives -> risks -> preventive activities/no PA -> revised/additional/cancelled objectives
    I don't know. ???
     
  9. Michael923

    Michael923 New Member

    Joined:
    Apr 10, 2018
    Messages:
    3
    Likes Received:
    3
    Trophy Points:
    2



    An example of using risk to help you identify your objectives could be the following:

    Your company identified a risk of having too much of a percentage of work with a certain customer / industry. You new objective / measurable might be % of work by customer / type of industry and create a goal from there.
     
  10. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    The way ISO 9001:2015 is written is agnostic to such issues. If you understand the definition of risk from ISO 31000: it's the "effect of uncertainty". How can you know that, without setting an objective first? It makes zero sense to be conjuring risks before objectives are set.
     
    tony s, John C. Abnet and Michael923 like this.
  11. Michael923

    Michael923 New Member

    Joined:
    Apr 10, 2018
    Messages:
    3
    Likes Received:
    3
    Trophy Points:
    2
    Agreed.
     
  12. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    Just to elicit additional ideas. The auditor might have interpreted it as discussed above maybe because 6.2 Quality Objectives comes after 6.1 Actions to Address Risks and Opportunities?

    Since the auditor claimed that he's also an environmental, health and safety management system auditor, maybe he's alluding the requirements of:

    Clause 6.2.1 of ISO 14001:2015:
    "The organization shall establish environmental objectives...taking into account the organization's significant environmental aspects and...considering its risks and opportunities."

    Clause 6.2.1c.2 of ISO 45001:2017:
    "The OH&S objectives shall...take into account...the results of the assessment of risks and opportunities."​
     
  13. BradM

    BradM Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    394
    Likes Received:
    314
    Trophy Points:
    62
    Location:
    Arlington, TX
    The quality program exists to facilitate the organization to be successful; to execute the organizational strategies with excellent. The QMS is there to facilitate the organization's goals; not vice versa.
     
    tony s and John C. Abnet like this.
  14. Leonid

    Leonid Well-Known Member

    Joined:
    Jan 4, 2016
    Messages:
    164
    Likes Received:
    31
    Trophy Points:
    27
    Location:
    Moscow
    Hi there! Long time no talk.

    The organization shall determine context issues which affect its capability to achieve the intended results, i.e. objectives. These issues are considered when the organization determines risks. Without known objectives the above requirements are not doable. Thus, determination of risks follows establishment of objectives.
     
  15. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    I haven't found anything reliable that says risks must be established before objectives. There is no "shall" in there for that. If an NC had been raised to that, I would dispute it.

    His leaving the audit compels the CB to provide a replacement, probably without charge to you, to complete the audit time. It is good the question of risk/objective did not continue; it sounds specious. Exactly why he left may always be a mystery, as he is not here to defend himself. I'm just glad you had a good outcome.

    How to handle it? Complain. I was not present, but as you described it, it sounds like he stepped over the behavior line. When in a disagreement, it would have been more constructive for him to simply reiterate that if you do not agree with the nonconformity (and it had better be a clearly stated one) you have the right to dispute, and how that would happen. I've had a NC overturned fairly recently. It is a chance to re-calibrate, so to say.
     
    tony s likes this.