1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Auditing the Engineering Project/CAPEX process

Discussion in 'Process Audits and Layered Process Audits' started by Chris Brockway, Nov 18, 2015.

  1. Chris Brockway

    Chris Brockway Member

    Joined:
    Aug 20, 2015
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sydney Australia
    I've been asked to conduct an internal audit on the Engineering Project process, from the approval of finance to the delivery of the project.

    We're a chemical supplier, so the engineering projects are not a service sold to a customer. The projects are designed to enable us to create the products that we supply to customers.

    Auditing against the internal processes is going to be fairly straightforward. Here's the process, is it being followed?

    My question is this: what parts of the ISO9001 standard should I be auditing the process against? ISO9001 goes into great depth about products and services supplied to customers, but there is little that directly references things like projects that are designed to enable the supply of products or services.

    Thanks in advance...
     
  2. Qualmx

    Qualmx Well-Known Member

    Joined:
    Oct 7, 2015
    Messages:
    464
    Likes Received:
    60
    Trophy Points:
    27
    Location:
    Mexico
    Ive been involved in Engineering/project and I know what is managed, when is needed to comply with Iso,tomorrow I,ll share information about it.
     
  3. Emmyd

    Emmyd Member

    Joined:
    Jul 31, 2015
    Messages:
    38
    Likes Received:
    38
    Trophy Points:
    17
    Location:
    Tennessee
    You have to consider the internal customers as well as external customers. With a process with no clear access to the final,outside customer, I look at a process flow of the entire process. Chances are you will find several internal customers, from purchasing to design to tooling to production. Each of these are considered internal customers. When one area's inputs are outputs from another department, you have customers. The inputs for design, for example, are the outputs from the purchasing department (prints, requirements, product definitions, etc). The outputs of design form the basis of the inputs of production's process. Not all customers are outside your organization.
     
  4. Chris Brockway

    Chris Brockway Member

    Joined:
    Aug 20, 2015
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sydney Australia
    I've picked up a copy of Craig Cochran's newly published book, ISO 9001:2015 in Plain English. It does set out clearly that the internal customer is covered as Emmyd has stated. Unfortunately, this means that the audit has grown significantly, as sections 7 through 10 will all apply, at least in part. Such is life.
     
  5. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,264
    Likes Received:
    2,622
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Surely, it depends on the scope of the audit. If you audit clauses of the standard (alone) you will end up with a Pandora's Box. A well defined scope and criteria (not ISO) will assist in keeping a focus for the audit.
     
  6. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    PDCA approach is the great starting point. I hope this helps.
    Plan (section 6 and 7 of the ISO9001:2015)
    Are methodologies defined to obtain Customer requirements? Are Customer requirements refined to indicate product requirements in objective terms?
    Are Quality, Cost, Delivery measures available with operational definition?
    Are targets fixed for QCD measures?
    Is procedure defined for New Product initiation?
    Are process deliverables defined?
    Is time plan prepared based on procedure?
    Are verification, validations planned as per procedure at appropriate intervals?
    Are standard for Verification/Validation available and approved?
    Are reviews planned at appropriate intervals?
    Is the Project Organization defined, competitive and Cross functional in nature?

    Do (section 8 0f ISO9001:2015 standard)
    Have all above been carried out as per plan?

    Check (section 9 of ISO9001:2015)
    Are Verification/Validation results, Process deliverables, etc checked against planned acceptance criteria?
    Are QCD results checked against planned target?
    Are reviews carried out against set of criteria?

    Act (section 10 of the ISO9001:2015)
    Have all the gaps identified during 'Check' stage, followed up with Correction, Containment action, Corrective action, Preventive action whichever is deemed appropriate?
    Are Lesson learned compiled and documented?
    Are design changes planned and if so, appropriate 'Plan' points as above are adhered?
     
  7. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,264
    Likes Received:
    2,622
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    With respect, this could be adding a lot of things which aren't present in the organization's process for engineering new product. Auditing to PDCA is fine, but NOT clauses of the standard. We've been supposed to audit processes for 15 years now and I see no evidence of a process based audit here. I see no mention of what the input (design brief) is nor of the output. It's almost a practical impossibility to do anything much more than hazard a guess at what the OP's engineering process requires, so we can speculate and debate all day long what an auditor MIGHT ask, but be off the mark almost all of the time... An internal auditor should, essentially, study the defined engineering process, then audit that.
     
    MCW8888 likes this.
  8. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    Then we revert to a standard checklist for Design and Development? Then we can just add the questions: How do you determine the effectiveness and how do you measure effectiveness? What is the risk to the customer and the QMS? If we cover those have we conducted an effective internal audit?
     
  9. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,264
    Likes Received:
    2,622
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    I'm not sure what you are asking here. The answer to the first question is "no". The "checklist" is developed from an understanding of the organization's engineering process firstly. The second questions are up to the organization's leadership to determine. When I worked for a major Fortune 500 company, the new product development process was measured (in part) by something you didn't include in your PDCA list. So, to have missed that would have resulted in an ineffective internal audit.
     
  10. MCW8888

    MCW8888 Well-Known Member

    Joined:
    Aug 17, 2015
    Messages:
    642
    Likes Received:
    198
    Trophy Points:
    42
    I think you knew what I was asking because your answers are what I wanted to hear. Thank you Andy.
     
  11. Chris Brockway

    Chris Brockway Member

    Joined:
    Aug 20, 2015
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sydney Australia
    I want to thank you for your input. It's been valuable.

    I work for a chemical processing company. The engineering function is responsible for the infrastructure available on site. For this audit, we have chosen a project that involved the construction of a bulk liquid nitrogen tank, to replace a pipeline that used to supply the site. There will be some Design having gone into the project, no doubt of it.

    I can see the discussion that you've been having - which it seems to me is on of process based audits against the audits that are based on the clauses of the standard. I get that. However, the circumstances in play within the company are going to force me (I suspect) to conduct a clause based audit, largely because there appear to be large gaps present in the company's processes. This will probably be the first non-conformance from the audit.

    What I've been able to locate so far are procedures that revolve around safety. Specific to the engineering/CAPEX project are two: firstly there is a procedure to conduct HAZOPs, at various stages throughout the life of the project, and the second is Management Of Change, which kicks in if there are late changes in the design, after the early HAZOPs have been conducted.

    There seems to be no over-arching procedure that maps out the engineering/CAPEX project process, something that should be in place.
     
  12. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,264
    Likes Received:
    2,622
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    If you know there are gaps in compliance to the ISO 9001 requirements, may I ask why you are auditing? Are your management aware there are gaps of compliance, or is the audit going to show them the gaps exist?
     
  13. Chris Brockway

    Chris Brockway Member

    Joined:
    Aug 20, 2015
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sydney Australia
    I believe that the audit will show them that gaps exist. I've been considering that the company should have a Conformity Matrix (something like this one), in order to map the requirements in our QMS. Do you think it's worthwhile?

    [​IMG]
     
  14. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,264
    Likes Received:
    2,622
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Hi Chris - such a matrix has value in accomplishing a "picture" of the strict compliance issues. Please be careful that you don't make the mistakes that the example does - internal audits and training, for example. Sometimes these methods of laying things out end up showing how people don't understand the actual application of the requirements - analysis of data, for example, applies pretty much across the board, not in a management review (it should be being done for processes anyways).

    Have your management authorized your audit to understand the degree of compliance to the design requirements? Is this why you are doing the audit? If not, you'll need to obtain their approval and understanding what to do with the audit results. Anything else is walking into trouble...
     
    Marc Smith likes this.
  15. Chris Brockway

    Chris Brockway Member

    Joined:
    Aug 20, 2015
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sydney Australia
    Andy,
    Thanks for the warning. The Design requirements are certainly included in the audit - in my opinion.

    The audit just forms a part of the ongoing internal audit process - business as usual. From my perspective it's unusual because I've never had to audit this area before. Some people in my line of work are heavily involved in engineering. I'm not - it's a service that another department provides and I don't tend to get involved in it.

    As far as the results go, it will be business as usual as well. If there are non-conformities, they will be handled through the usual processes.

    I understand your warning, but fortunately the company expects internal audits to show non-conformances here and there. The attitude is that we want to find problems before the certifying body auditors do.
     
  16. RICHARD GALLAGHER

    RICHARD GALLAGHER Member

    Joined:
    Nov 24, 2015
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Gentlemen,

    A very interesting discussion! But might anyone be able to offer a few robust examples of a (staged) product design checklist? I am working with a medical device manufacturer and our team has been asked to revisit the current (disparate) protocols. Our task is to develop a solid product design/development checklist for the product engineers, in order to provide both specific requirements and add some needed standardization to this activity. Any help would be greatly appreciated!
     
  17. Bev Brenton

    Bev Brenton New Member

    Joined:
    Sep 11, 2015
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Washington State
    Regarding the above matrix, it's my understanding that Improvement must be taken into consideration for every process defined as well. --continual improvement anyway.
     
  18. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,264
    Likes Received:
    2,622
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Not really. It's management responsibility to decide where improvement is justified. It's a common myth that auditing is about improvement - it isn't (really). The RESULTS of audits are put on the table with other performance factors for management to review and to decide where their money is to be budgeted and spent on improvements.
     
    Last edited: Feb 17, 2016
    Marc Smith likes this.
  19. Chris Brockway

    Chris Brockway Member

    Joined:
    Aug 20, 2015
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sydney Australia
    After much delay, the audit is complete - well as much as I can do anyway. The problem is that the folder containing most of the work has disappeared. I don't see this as deliberate. It will be either (a) sitting on somebody's desk or (b) misfiled to the wrong area. What do I do? Ask them to locate the file? Threaten a non-conformance? Go along with their assurances that the work has been done? I will acknowledge that the project has been completed and the results are acceptable at the very least, so I have no reason to believe that the work wasn't carried out in accordance with the QMS.
     
  20. RoxaneB

    RoxaneB Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    926
    Likes Received:
    1,081
    Trophy Points:
    92
    Location:
    Ontario, Canada
    Were you auditing the process using one project as the example to determine if there was conformance to the process?

    I'm a bit surprised that it's a hard copy folder with most of the work. There's no electronic back-up?

    Here's how I look at records - which is what this folder is - it's Vegas...rule of odds applies. If the very first record you look at has an issue (or, in your case, has disappeared), odds are there is an issue with the majority of the records. This poses a problem - if records disappear, how does your organization have traceability within the project or product?

    Threatening them with a nonconformance adds little value to the audit process and, let's face it, you want to have a good relationship with these people.

    Ask them to locate it. If that folder contains evidence that is required to support conformance to the process, trusting them isn't doing the audit any favours.

    If they cannot locate it, audit another project. If that folder is also missing, there is the possibility of a systematic issue with records....and/or leadership.
     
    Last edited: Jul 4, 2016
    Marc Smith and Andy Nichols like this.