4.2.3 Control of documents

I'm not sure it's always "ownership" of a document that is the real issue. It's (frequently) the design of the management system. We read a lot about those who post "I wrote a procedure" or similar and it appears (at least to me) that this is a unilateral action, without the input of a process owner, users etc. In such a case, who would want to own it? When you see some of the formats of documentation, done in the name of "ISO", it frightens me that some expect - demand - compliance and you've got to read past all manner of nonsense to get to the relevant bit (I didn't say "useful")...

We tend to believe there's something immutable about a document which has been created to comply with ISO 9001 etc. My take is, unless it was done with collaboration and approved by the process owner for use, it's never going to be of much (practical) use.

 

While I don't disagree on the value added to an organization by having an intelligent audit program, to use said program as the "catch" to evaluate if process and documentation align through evolution is, in my opinion, reinforcing the "here come the police" mentality that many continue to feel towards auditors and those associated with a QMS.

When a process is introduced and/or revised and/or deemed obsolete, part of the change management process should be to ascertain the impact on documentation/standards. In some cases, new or additional documents may be required...or existing documents revised or rendered obsolete. The Process Owners and Subject Matter Experts should be the ones to do this.

That being said, using Paul's second scenario where the operator is slowly, over the course of time, "devolving away from what's required", again, I wouldn't rely on the traditional internal audit program to catch this. A system-wide internal audit is a snapshot in time that more than likely will not look at every documented procedure or work instruction within the organization. It takes samples from the QMS and is hopefully flexible and dynamic enough to take suitable actions based upon the results of that sampling.

However, for the daily routines performed by staff, the process owner and/or SMEs should be the ones evaluating the process, associated documentation and results. I've seen this done through an audit-like approach, regular team meetings to discuss the results of metrics, and a few other ways. While it may entail an audit, per se, it's the people who are living and breathing the process taking ownership for their own checks and evaluations, leaving the higher level internal audits to focus on more strategic and value-add approaches.

 

"Here come the police" is fostered, not by the scope/objective" of the audit, RB, but by behaviours. Behaviours based on the 3rd Party audit model most people use including, not sitting down with management to plan the scope/objective of audits, issuing a calendar of audits irrespective of business issues, paying more attention to opening/closing meetings and grades of nc reports, etc. I could go on...

 

And many organizations mirror the CB approach via their internal audit program. We've seen examples of that here and in our former home. Organizations may not be able to change how 3rd party audits go, but they can change their own behavior. I am a fairly vocal advocate that there is more value to be gained from an internal audit than an external one. We're looking at ourselves in the mirror. We have the opportunity to be our strongest critic...and strongest champion.

With New Year's quickly approaching, resolutions will soon be made by many. One of the more popular ones is "To lose weight." Having a bunch of people tell us how is all well and good, but it is up to us, as individuals, to do the work and change our lifestyle. Family and friends are a great support and they can recognize our efforts, but the actual efforts and results will only happen if we take action ourselves.

It's the same thing with an organization attempting to develop a value-added QMS. Make it work for you...not the CB.

 

^^^ So true! I'd like to see a different model of internal audit training used, but it seems that few see anything inherently "wrong" with what's been taught for the past 25+ years - yet those same people don't see that those behaviours don't get good results (unless making a CB happy is your aim).

 

As with many aspects of education - from grade school to university to professional development (such as documentation systems and auditing) - it is tailored to provide a general understanding for the majority of the users. If we are fortunate to have opportunities to test the theory - such as lab work or mock audits - great...but it's still done in a controlled environment where little innovation or self-discovery happens. Yes, I recognize that there are exceptions to that...life is full of exceptions. The point is that academia is controlled and limited and has boundaries so that we all learn the same things in the fairly consistent (and unchanged) way we are taught.

It is up to us as the students to figure out how to apply that knowledge. This is the message that is missing from those auditing courses. We're taught the fundamental tools. We're given examples of what the CBs use (and often they're the ones teaching the course). We learn the requirements. We learn the expectations. What we are NOT taught...or told...is the importance of making it work for us and our organizations. Everyone needs the tools and knowledge first...you need that foundation. But to develop a robust, sustainable and eventually mature system, a good student will question how the foundational knowledge will add value to the organization and minimize waste.

 

Probably time for another thread...