Have you ever been subjected to a 3rd party auditor who won’t answer a direct question concerning a particular aspect of your business because she sees her answer as consulting? It is a fine line, but one worthy of adhering to. Why? Well mostly because within their charter as an auditor they are not allowed to provide advice or consult with you on a solution that they may have raised. But the real trap in seeking and getting advice is that there is no PDCA cycle for such advice or at least consideration of the right way to make changes and hence the advice is taken in isolation and could be very well wrong for organisation. It also sets a precedent that the auditor then knows more about your system and organisation than you do. Do ever, let this happen.
Now you can ask them questions concerning the standard, the certification process and perhaps to some extent interpretations of these aspects, just don’t be surprised if they give the no can consult answer if you haven’t framed it correctly. And when is the best time to ask them any question concerning a finding? Well, not at the exit meeting. The best time to ask is when the matter / finding identified / discovered and you are informed that it will be recorded in the report. Get clarification. Get the exact example they will cite, be comfortable about the result. Then, after you have considered it (and not necessarily at the time it was discovered) pose a possible solution and seek a determination whether your solution would have avoided or at least mitigated the original finding. If yes, well you can start down that track. If no, don’t badger them, rethink, reformulate and pose again.
However, if your certification provider is reporting findings correctly, you should be able to handle system changes as a result of audit reports without having to consult with them. Of course, you could always seek advice from a person who is paid to do so.previous blogs; http://johnmasonstuff.blogspot.com/ http://john-mason-stuff.blogspot.com/
Monday, 29 August 2011
Monday, 22 August 2011
structure for certification
During the design process for a quality management system, I like to know who the certification body is going to be, and if possible, who the proposed auditor will be. Why? Well, like it or not there are some CBs, and some auditors who have preconceived ideas about systems and structure. And during the design phase, there are some structural issues that really don’t matter what you do, so why not ask your CB or friendly auditor what their expectations are and design accordingly. Just remember, that they are not allowed to ‘consult’ and will be quite reticent to give you any structure or direction. Similarly, some of them have some peculiar outlooks on documentation, so temper their suggestions with a google search or two for best practice around any suggestion.
But if you are clever, keep such things to the time of the document review, then they will make judgements and by default give directions of their interpretation. At the end of the day, neither you, your organisation or customers really need a particular tact, and you can always change it later, but if it smooths the certification process why not take advantage.
previous blogs;
http://johnmasonstuff.blogspot.com/
http://john-mason-stuff.blogspot.com/
But if you are clever, keep such things to the time of the document review, then they will make judgements and by default give directions of their interpretation. At the end of the day, neither you, your organisation or customers really need a particular tact, and you can always change it later, but if it smooths the certification process why not take advantage.
previous blogs;
http://johnmasonstuff.blogspot.com/
http://john-mason-stuff.blogspot.com/
Monday, 15 August 2011
change certification dates – a good idea?
Personally, to change a certification date, a precertification date or a post certification date is not best practice. In fact, to a certification body (CB) and or the friendly auditor, it hints at the priority your company is placing on either the certification process or the quality management system itself. Do it too often and the desired business relationship could be soured.
Most organisations change these dates for a number of reasons, the least being sound business judgment or external business factors (other than survival), and if it is the latter, then perhaps certification, could well be the expense that breaks the camel’s back.
Your quality management system should be able to operate no matter what the current business status is, assuming the organisation can continue to operate without key personnel for an hour, a day, a week? Second in commands, explicit instructions, pre-prepared records, audit trails, etc can all be put in place in order to meet an agreed deadline or event. Sure there will be times when calendars don’t sync, but once they do, commit and prepare. Don’t make it so low on your priorities that is the first date you think of changing when reviewing your time.
Remember, some CBs have quite heavy and intricate penalties for changing dates. Most CBs use subcontracted auditors who book such events 2, 3, 6, 12 months in advance, to chop and change them within a week, 2 weeks or more will cause lack of income that cannot be reorganised with shorter lead times. Then they may not be so accommodating with forward planning future audits or charge you more for fully flexible airfares just in case and so on.
The whole point being. Commit to your quality management system, commit to your certification. Give both priority and if you are only doing either for certification sake, be prepared to pay for this strategy and the baggage that comes with it.
previous blogs;
http://johnmasonstuff.blogspot.com
http://john-mason-stuff.blogspot.com/
Most organisations change these dates for a number of reasons, the least being sound business judgment or external business factors (other than survival), and if it is the latter, then perhaps certification, could well be the expense that breaks the camel’s back.
Your quality management system should be able to operate no matter what the current business status is, assuming the organisation can continue to operate without key personnel for an hour, a day, a week? Second in commands, explicit instructions, pre-prepared records, audit trails, etc can all be put in place in order to meet an agreed deadline or event. Sure there will be times when calendars don’t sync, but once they do, commit and prepare. Don’t make it so low on your priorities that is the first date you think of changing when reviewing your time.
Remember, some CBs have quite heavy and intricate penalties for changing dates. Most CBs use subcontracted auditors who book such events 2, 3, 6, 12 months in advance, to chop and change them within a week, 2 weeks or more will cause lack of income that cannot be reorganised with shorter lead times. Then they may not be so accommodating with forward planning future audits or charge you more for fully flexible airfares just in case and so on.
The whole point being. Commit to your quality management system, commit to your certification. Give both priority and if you are only doing either for certification sake, be prepared to pay for this strategy and the baggage that comes with it.
previous blogs;
http://johnmasonstuff.blogspot.com
http://john-mason-stuff.blogspot.com/
Thursday, 11 August 2011
Trust too much
Do you? You should. It makes business very pleasurable. But of course I am using a single word for a variety that you should bring to the business table. Integrity, honesty, dedication, openness and, well you get the gist. And when applying such ‘words’, do them to a fault. The point? When in business, whether you are dealing with your clients, your suppliers, your staff, when you bring trust to the table, you will evoke trust from the other. Tell someone why you want those terms, why you can’t deliver in the proposed time frame, why you have doubled their wages (lol) and so on.
However, trust does not give you an excuse for poor business practices. It doesn’t mean you can just wait for money to arrive or you don’t have employment contracts or miss service delivery expectations. Trust implies openness, trust means good faith, trust means negotiating a situation to the benefit of both parties and then as best practice dictates, you enshrine such trust in contract.
Now I said trust to a fault. If it is underpinned with best practice, there isn’t much fault other than you might just discover a little about yourself. Ready for that? Go ahead, trust my day.
previous blogs;
http://johnmasonstuff.blogspot.com
http://john-mason-stuff.blogspot.com/
However, trust does not give you an excuse for poor business practices. It doesn’t mean you can just wait for money to arrive or you don’t have employment contracts or miss service delivery expectations. Trust implies openness, trust means good faith, trust means negotiating a situation to the benefit of both parties and then as best practice dictates, you enshrine such trust in contract.
Now I said trust to a fault. If it is underpinned with best practice, there isn’t much fault other than you might just discover a little about yourself. Ready for that? Go ahead, trust my day.
previous blogs;
http://johnmasonstuff.blogspot.com
http://john-mason-stuff.blogspot.com/
Monday, 8 August 2011
Quality Objectives
When isn’t one of my blogs controversial? Well, only for those with the title ‘learned colleague’ or with CB expectations / baggage. Two whole sentences, one small sub section and it can cause so much angst.
‘5.4.Planning. 5.4.1.Quality objectives. Top management ensures that quality objectives, including those needed to meet requirements for product (see 7.1.a) are established at relevant functions and levels within the organisation. The quality objectives are measurable and consistent with the quality policy.’
So as far as I am concerned, the above does not say you have to have objectives stated in your quality policy. It does not say you have to have metrics around product characteristics and it does not say a whole lot more. What it does require is; you have objectives (plural), ‘if needed’ at least one concerning product (or service) and that when they are established, but more importantly, communicated, they are relevant to the person / function receiving the information.
Perhaps the most important process is to ensure what is stated in your quality policy can be then ‘converted’ into measurable objectives for the organisation. That means all quality policy components should have a corresponding objective and that there should not be any objectives that are not included in the policy statement. Easy. Next time I will explain the mechanics.
previous blogs;
http://johnmasonstuff.blogspot.com
http://john-mason-stuff.blogspot.com/
‘5.4.Planning. 5.4.1.Quality objectives. Top management ensures that quality objectives, including those needed to meet requirements for product (see 7.1.a) are established at relevant functions and levels within the organisation. The quality objectives are measurable and consistent with the quality policy.’
So as far as I am concerned, the above does not say you have to have objectives stated in your quality policy. It does not say you have to have metrics around product characteristics and it does not say a whole lot more. What it does require is; you have objectives (plural), ‘if needed’ at least one concerning product (or service) and that when they are established, but more importantly, communicated, they are relevant to the person / function receiving the information.
Perhaps the most important process is to ensure what is stated in your quality policy can be then ‘converted’ into measurable objectives for the organisation. That means all quality policy components should have a corresponding objective and that there should not be any objectives that are not included in the policy statement. Easy. Next time I will explain the mechanics.
previous blogs;
http://johnmasonstuff.blogspot.com
http://john-mason-stuff.blogspot.com/
Wednesday, 3 August 2011
What not to do
When ‘growing up’ in my professional life, I worked for a number of organisations and a number of people who taught me what not to do. I didn’t really have to decide whether what was happening was right or wrong, I just had to sit back, watch others decide and gauge their reactions. I certainly reacted, especially in my youth, but was it the right reaction? The other reactions, rants, opinions, etc would give me balance to my own. And the jewels, the pearls of these were the very things not to do.
I have a long list, a very long list of things I just don’t even contemplate doing in business because of this strategy. Here is just one of them. When a person breaks a code of conduct, professional, personal, perceived or otherwise, the last thing that is needed is an official policy, supported by procedure, followed by training, followed by an appellant process, and blah, blah, blah. In fact, if just one of the above is brought in, you lose, the company loses, the staff loses.
Why not invest the time with that person to discuss, to understand, to agree and get on with it. Leave everyone else out of it and don’t penalise them with the bureaucratic blur that would accompany the former outcome.
Is there something you could learn not to do?
previous blogs;http://johnmasonstuff.blogspot.com
http://john-mason-stuff.blogspot.com/
Monday, 1 August 2011
Triennial cycles
Did you know your certification is based on a triennial cycle. That’s 3 years for us non certification types. Triennial cycles are a requirement of JAS-ANZ. So don’t try and ask your certification body (CB) to extend it or to ignore it. They can’t. So what does this mean? Not much other than an ‘every three’ gouge of your pocket.
The complete certification cycle is approximately the following sequence. As always it is unique to you circumstance, complexity, risk and CB. So take this as a guideline only.
Document review (1); precertification audit (1); certification audit (1); post certification audit; (1 every 6, 9 or 12 months) and recertification audit (triennial audit, once every 3 years.).
The terminology changes between CBs and the frequency of post audits is dependent on the maturity, risk and complexity. However, just remember, you negotiate a certification plan within the parameters of JAS-ANZ and your CB. But the recertification / triennial audit is not negotiable. Whilst the requirement of the first three years of certification is a sample of the system split over the three years, the triennial now requires the entire quality management system to be audited in full in one fell swoop. What value this ads to the process, especially since you are doing it the 6th time, beggars me. But it is part of the process. Just plan for it, experience it, deal with it.
previous blogs;
http://johnmasonstuff.blogspot.com
http://john-mason-stuff.blogspot.com/
The complete certification cycle is approximately the following sequence. As always it is unique to you circumstance, complexity, risk and CB. So take this as a guideline only.
Document review (1); precertification audit (1); certification audit (1); post certification audit; (1 every 6, 9 or 12 months) and recertification audit (triennial audit, once every 3 years.).
The terminology changes between CBs and the frequency of post audits is dependent on the maturity, risk and complexity. However, just remember, you negotiate a certification plan within the parameters of JAS-ANZ and your CB. But the recertification / triennial audit is not negotiable. Whilst the requirement of the first three years of certification is a sample of the system split over the three years, the triennial now requires the entire quality management system to be audited in full in one fell swoop. What value this ads to the process, especially since you are doing it the 6th time, beggars me. But it is part of the process. Just plan for it, experience it, deal with it.
previous blogs;
http://johnmasonstuff.blogspot.com
http://john-mason-stuff.blogspot.com/
Subscribe to:
Posts (Atom)