Water Industry Process Automation & Control Monthly - April 2024
ISO 9001:2015 Awareness course
1. SCE / Quality Workshop / October 2018
SCE
Quality Management
Systems Workshop
Dr Ali AL-Zubaidi PhD, BSc (Eng.), Eur. Ing., CEng, CQP FCQI, MIChemE
Integrated Management Systems Associates (IMSA)
UK
ali_al-zubaidi@imsainternational.com
!1
2. SCE / Quality Workshop / October 2018 !2
Workshop Programme
1. Two Days (Monday 15th & Tuesday 16th October)
2. Starting Time 17:00 and Finishing Time 22:00
3. Refreshment BreakS (17:45 - 18:00 & 19:00 - 19:30)
3. SCE / Quality Workshop / October 2018 !3
Workshop Content
1. What is “Quality”? Key Related Concepts
2. Quality Management Concept and Key Related Issues
3. Quality Management Principles
4. Process Management
5. Risk Management
6. Continual Improvement Management
7. Management Systems Standards
8. Organisations Management Systems
9. Project Quality Management
10. Supply Chain Management
11. Verification Management
12. Incidents Investigation & Learning
4. SCE / Quality Workshop / October 2018
!4
1. What is “Quality”? Key Related Concepts
8
5. SCE / Quality Workshop / October 2018 !5
Quality Concepts
(ISO 9000:2015)
Quality
Degree to which a set of inherent characteristics fulfils
requirements.
Characteristic
Distinguishing feature.
Requirement
Need or other expectation that is stated, generally implied or
obligatory.
6. SCE / Quality Workshop / October 2018 !6
Evolution of Concept of Quality
1900: Specifications
1930: Inspection
1950: Quality Control
1970: Quality Assurance
1980: Total Quality Management
2000: Quality Management Systems (incorporating Process
Approach & Continual Improvement)
2008: QMS (re-enforced)
2015: QMS (incorporating Risk Management)
7. SCE / Quality Workshop / October 2018
!7
Quality Control
“Part of quality management focused on fulfilling quality
requirements.”
Quality Assurance
“Part of quality management focused on providing
confidence that the quality requirements will be fulfilled.”
Quality Management
“Coordinated activities to direct and control an
organisation with regard to quality.”
Quality Concepts
15
10. SCE / Quality Workshop / October 2018 10
Quality Policy
“Intentions and direction of an organisation, as formally expressed by top
management related to quality.”
Quality Objectives
“Result to be achieved, related to quality.”
Quality Planning
“Part of quality management focused on setting objectives and specifying
necessary operational processes and related resources to fulfil the quality
objectives.”
Quality Improvement
“Part of quality management focussed on increasing the ability to fulfil
quality requirements”
Quality Management Concepts
18
11. SCE / Quality Workshop / October 2018 !11
Evolution of Concept of Quality
12. SCE / Quality Workshop / October 2018
!12
2. Quality Management Systems Concept and
Key Issues
8
13. SCE / Quality Workshop / October 2018
System
Set of interrelated or interacting elements (processes)
Management System
Set of interrelated or interacting elements of an
organisation to establish policies and objectives and
processes to achieve those objectives
XXX Management System
Part of management system with regard to XXX
Management Systems Concept
!13
14. SCE / Quality Workshop / October 2018
Quality Management System Key Issues
Quality
Management
Systems
Context of
the
Organisation
Organisationa
l Culture &
Leadership
Stakeholders
Management
Risk
Management
Continual
Improvement
Process
Management
!14
Strategic
Planning
15. SCE / Quality Workshop / October 2018
!15
▪ Combination of internal and external issues that can
have an effect on an organisation's approach to
developing and achieving its strategic objectives.
➢Objectives can be related to products, services,
investments and behaviour towards its interested
parties.
➢Can also be referred to as the “business or
organisation environment” .
Context of Organisation
35
16. SCE / Quality Workshop / October 2018
!16
▪ Understanding context of the organisation is a process.
▪ Process should determine factors which influence the
organisation’s purpose, objectives and sustainable
development.
▪ Should consider internal factors such as values, culture,
knowledge and performance of the organisation.
▪ It should also consider external factors such as legal,
technological, competitive, market, cultural, social and
economic environments.
▪ An organisation's purpose can be expressed through its vision,
mission, polices and objectives.
Context of Organisation
34
17. SCE / Quality Workshop / October 2018 !17
Organisational Culture
▪ An organisation focused on “quality” promotes a culture
that results in existence of behaviours, attitudes,
activities and processes that deliver value through
fulfilling the needs and expectations of customers and
other relevant interested parties (stakeholders).
▪ Quality of an organisation's products and services is
determined by the ability to satisfy customers and the
intended and unintended impact on relevant interested
parties.
▪ Not just intended “function” and “performance” but also
their perceived value and benefit.
18. SCE / Quality Workshop / October 2018 !18
Top Management Role
▪ Determining critical (core & supporting) processes and their
interactions.
▪ Determining & evaluating risks associated with processes
and interactions.
▪ Provision of adequate resources (human & infrastructure).
▪ Ensure competency of human resources and capability of
infrastructure.
▪ Implementing appropriate risks control measures.
▪ Monitoring of processes performance.
▪ Effective internal and external communication.
▪ Performing planned reviews to ensure effective
performance of implemented quality management system.
19. SCE / Quality Workshop / October 2018
!19
Interested party (stakeholder)
“person or organization that can affect, be affected by,
or perceive itself to be affected by a decision or
activity”
37
Interested Parties
(Stakeholders)
20. SCE / Quality Workshop / October 2018
!20
▪ Focus should not be solely on the customers; it is important
to consider all relevant interested parties (stakeholders).
▪ Relevant interested parties; those that introduce significant
risks (degree of uncertainty) to the organization
performance if their needs and expectations are not met,
should be identified.
▪ Define what outcomes are necessary to deliver satisfaction
to the relevant interested parties and how to manage
associated risks in order to achieve their satisfaction.
▪ Attract, capture and retain engagement of relevant
interested parties.
Stakeholders (Interested Parties)
Management
38
21. SCE / Quality Workshop / October 2018
!21
Do they include the typical ones listed below? Who else can
you add?
▪ Customers
▪ Consumers / End Users
▪ Owners / Share Holders
▪ Employees
▪ Contractors / Vendors / Suppliers
▪ Partners
▪ Regulatory Authorities
▪ Society / Community
▪ Pressure Groups
▪ Others (who are they?)
40
Interested Parties
(Stakeholders)
22. SCE / Quality Workshop / October 2018 !22
Strategic Planning
▪ Aspiration of what an organisation would like to become by
top management represents its “Vision”.
▪ Purpose for existing expressed by top management is the
organisation’s “Mission”.
▪ A “strategy” represents the organisation’s plans to achieve a
long-term or overall objective
▪ Planning is not a singular event, rather it is an ongoing
process.
▪ Plans evolve as organisations and circumstances change.
▪ Important to regularly monitor and evaluate the
performance of these plans, through carefully considered
key performance indicators.
24. SCE / Quality Workshop / October 2018
24
Process
Approach
Customer
Focus
Improvement
Relation
Management
Evidence
based Decision
Making
Involvement
of People
Leadership
Quality Management Principles
25. RSAF / Quality Workshop / October 2018
!25
Quality Management Principles
Statement
Management
Principle
Statement
Customer Focus
The primary focus of quality management is to meet customer requirements and
to strive to exceed customer expectations.
Leadership
Leaders at all levels establish unity of purpose and direction and create conditions in which
people are engaged in achieving the organisation’s quality objectives.
Involvement of
People
Competent, empowered and engaged people at all levels throughout the organization are
essential to enhance the organization’s capability to create and deliver value.
Process
Approach
Consistent and predictable results are achieved more effectively and efficiently when
activities are understood and managed as interrelated processes that function as a
coherent system.
Evidence Based
Decision Making
Decisions based on the analysis and evaluation of data and information are more likely to
produce desired results.
Relationship
Management
For sustained success, organizations manage their relationships with relevant interested
parties, such as providers.
Improvement Successful organizations have an ongoing focus on improvement.
26. SCE / Quality Workshop / October 2018
!26
4. Process Management
8
27. SCE / Quality Workshop / October 2018 !27
Process
Set of interrelated or interacting activities that use
inputs to deliver an intended result
• Processes are planned & managed under
controlled conditions for effectiveness & efficiency
• Outputs from processes could be inputs to other
processes & vise-versa
• Some processes (special) have outputs which
cannot be readily or economically verified
Process Management
13
28. SCE / Quality Workshop / October 2018
Process Management
!28
29. SCE / Quality Workshop / October 2018 !29
Process Approach
✓ Understanding & managing interrelated processes, as a
system, contributes to organisation's effectiveness and
efficiency in achieving its intended results.
✓ Enables control of the interrelationships and interdependencies
among the processes of the system, so that the overall
performance of the organisation can be enhanced.
✓ Systematic definition and management of processes, and their
interactions, so as to achieve the intended results in
accordance with strategic direction.
✓ Management of processes as a whole (system) can be
achieved using the PDCA cycle with an overall focus on risk-
based thinking aimed at taking advantage of opportunities and
preventing undesirable results.
30. SCE / Quality Workshop / October 2018 !30
Process Approach
Application of process approach in management
systems enables:
✓understanding and consistency in meeting
requirements;
✓the consideration of processes in terms of added
value;
✓the achievement of effective process performance;
✓improvement of processes based on evaluation of
data and information.
31. SCE / Quality Workshop / October 2018 !31
Processes Interactions
• Outputs from a process could be input for one or more
processes
• Processes and their interactions represent the
“management system”
• Processes require outputs verification and also capability
validation (special processes)
• Different Processes have both common and specific
uncertainties (risks)
• Critical Processes are of two main types:
• Core processes (production, design, etc)
• Supporting processes (such as procurement,
maintenance?, Human Resources, IT)
32. SCE / Quality Workshop / October 2018 !32
Process Management
Processes are managed for:
Effectiveness
Extent to which planned activities are realized
and planned results achieved.
Efficiency
Relationship between the result achieved and the
resources used.
33. SCE / Quality Workshop / October 2018
Process Outputs Outcomes
!33
Deviation Permit
34. SCE / Quality Workshop / October 2018 !34
▪Procedure is very different from a Process.
▪Procedure is defined as:
“Specified way to carry out an activity or a process”
▪Procedure is only one element of control of a process.
▪Procedures could be documented or not!!
▪Decision of documentation can depend on a number
of factors.
▪Form of documentation could vary depending on
circumstances.
Process Management
20
35. SCE / Quality Workshop / October 2018
!35
▪ Linking interrelated activities to transform inputs into
outputs and ensure more effective and efficient outcomes.
▪ Main focus on outcomes and optimizing process resources
and controls.
▪ Promotes continual improvement through collecting,
analyzing and acting on process performance information
▪ Enables systematic management of processes and their
interactions to achieve intended results (outcomes).
The process approach integrates processes into a holistic
system in order to achieve strategic and operational
objectives
Process Approach
27
36. SCE / Quality Workshop / October 2018 !36
Procedure Approach vs. Process
Approach
21
37. SCE / Quality Workshop / October 2018 !37
System Processes
29
Challenge - Managing Interfaces between
Processes
39. SCE / Quality Workshop / October 2018 !39
▪ Organisations face internal and external factors and influences
that make it uncertain whether and when they will achieve their
objectives.
▪ Risk is “effect this uncertainty has on an organisation's objectives”.
▪ Manage risk by identifying it, analysing it and then evaluating
whether the risk should be modified by risk treatment in order to
satisfy their risk criteria.
▪ Communicate and consult with stakeholders and monitor and
review the risk and the controls that are modifying the risk in
order to ensure that no further risk treatment is required.
▪ Develop, implement and continuously improve a framework whose
purpose is to integrate the process for managing risk into the
organisation's overall governance, strategy and planning,
management, reporting processes, policies, values and culture.
Risk Management Concepts
45. SCE / Quality Workshop / October 2018
Improvement can be realised through the PDCA Cycle
Continual Improvement
Plan
set objectives and define processes necessary to
deliver required outcomes
Do implement and manage processes planned
Check
(Verify)
measure and monitor processes performance against
set objectives
Act
take actions to improve processes performance and
generated outcomes
!45
46. SCE / Quality Workshop / October 2018 !46
42
Correction
“Action to eliminate a detected nonconformity.”
Corrective Action
“Action to eliminate the cause of a nonconformity and to
prevent recurrence.”
Preventive Action
“Action to eliminate the cause of a potential nonconformity or
other potential undesirable situation.”
Continual Improvement Actions
Reactive
Proactive
47. SCE / Quality Workshop / October 2018
!47
7. International Management Standards
8
48. SCE / Quality Workshop / October 2018
▪ Standards are documents that provide requirements,
specifications, guidelines or characteristics that can be used
consistently to ensure that materials, products, processes
and services are fit for their purpose.
▪ ISO International Standards designed to ensure products
and services are safe, reliable and of good quality.
▪ Should be considered as strategic tools to reduce costs by
minimizing waste and errors, and increasing productivity.
▪ Should enable access to new markets and facilitate free
and fair global trade.
International Standards (ISO)
!48
49. SCE / Quality Workshop / October 2018
Standards Expressions of Provisions are:
▪ Requirements – “Shall” or “Shall not”
▪ Recommendation – “Should” or “Should not”
▪ Permission – “May” or “May not”
▪ Possibility & Capability – “Can” or “Cannot”
▪ External Constraint – “Must” (not specified in standards
themselves)
ISO/IEC Directives, Part 2, 2016
!49
50. SCE / Quality Workshop / October 2018
ISO Management Systems Standards
▪ ISO 9000 Family
➢Help develop Quality Management Systems
▪ ISO 14000 Family
➢Help develop Environmental Management Systems
▪ ISO 45000 Family (ex. OHSAS 18000 Family)
➢Help develop Occupational Health & Safety Management Systems
▪ ISO 22000 Family
➢Help develop Food Safety Management Systems
▪ ISO 27000 Family
➢Help develop Information Security Management Systems
▪ ISO 50000 Family
➢Help develop Energy Management Systems
▪ ISO 55000 Family
➢Help ensure Asset Integrity Management System
▪ ISO 31000 Family
➢Help manage Risks that affect Performance
▪ ISO 37100
➢Helps implement a management system for sustainable development
!50
51. SCE / Quality Workshop / October 2018 !51
Annex SL
Management
Systems High Level
7. Support6. Planning
5.
Leadership
10.
Improvement
8.
Operations
9.
Performance
Evaluation
4. Context of
the
Organisation
of
52. SCE / Quality Workshop / October 2018
Annex SL
Management Systems
High Level Structure
7. Support6. Planning
5.
Leadership
10.
Improvement
8.
Operations
9.
Performance
Evaluation
4. Context of
the
Organisation
7.1 Resources
7.2
Competence
7.3 Awareness
7.4
Communication
7.5 Documented
information
4.1 Understanding
the organization
and its context
4.2
Understanding
the needs and
expectations of
interested parties
4.3 Determining
the scope of the
XXX management
system
4.4 XXX
management
system and its
processes
5.1 Leadership
and
commitment
5.2 Policy
5.3
Organizational
roles,
responsibilities
and authorities
6.1 Actions to
address risks
and
opportunities
6.2 XXX
objectives and
planning to
achieve them
8.1 Operational
planning and
control
9.1 Monitoring,
measurement,
analysis and
evaluation
9.2 Internal
audit
9.3
Management
review
10.1
Nonconformity
and corrective
action
10.2 Continual
improvement
!52
53. SCE / Quality Workshop / October 2018
Quality Management
System standard (ISO
9001)
7. Support6. Planning
5.
Leadership
10.
Improvement
8.
Operations
9.
Performance
Evaluation
4. Context of
the
Organisation
7.1 Resources
7.2
Competence
7.3 Awareness
7.4
Communication
7.5 Documented
information
4.1
Understanding
the organization
and its context
4.2 Understanding
the needs and
expectations of
interested parties
4.3 Determining the
scope of the quality
management system
management system
4.4 Quality
management
system and its
processes
5.1 Leadership
and
commitment
5.2 Quality
Policy
5.3
Organizational
roles,
responsibilities
and authorities
6.1 Actions to
address risks
and
opportunities
6.2 Quality
objectives and
planning to
achieve them
8.1 Operational
planning and
control
9.1 Monitoring,
measurement,
analysis and
evaluation
9.2 Internal
audit
9.3
Management
review
10.2
Nonconformity
and corrective
action
10.3 Continual
improvement6.3 Planning of
changes
8.2 Requirements
for products and
services
8.4 Control of
externally provided
processes, products
and services
8.5 Production
and service
provision
8.6 Release of
products and
services
8.7 Control of
nonconforming
outputs
8.3 Design and
development of
products and
services
10.1 General
!53
54. SCE / Quality Workshop / October 2018
Annex SL & Management Systems Standards
Annex SL
Environmental
Management
Systems (ISO
14001)
Occupational
Health & Safety
Management
Systems (ISO
45001)
Quality
Management
Systems (ISO
9001)
Energy
Management
Systems (ISO
50001)
Asset
Management
Systems (ISO
55001)
Food Safety
Management
Systems (ISO
22000)
Information
Security
Management
Systems (ISO
27001)
!54
55. SCE / Quality Workshop / October 2018
Quality Management Systems (QMS) Standards
ISO 9000:2015
Quality Management Systems - Fundamentals and Vocabulary
ISO 9001:2015
Quality Management Systems – Requirements
ISO/TS 9002: 2016
Quality Management Systems - Guidelines for the application of
ISO 9001:2015
ISO 9004:2018
Quality Management Systems – Quality of an Organisation -
Guidance to achieve sustained success
!55
56. SCE / Quality Workshop / October 2018 !56
ISO 9001:2015, in line with Annex SL
stipulations, uses following verbal forms:
▪ “shall” indicates a requirement
▪ “should” indicates a recommendation
▪ “may” indicates a permission
▪ “can” indicates a possibility or a capability
ISO 9001:2015 Family Standards Provisions
36
57. SCE / Quality Workshop / October 2018 !57
Leadership
(5)
Improvement
(10)
Support (7) &
Operation (8)
Planning (6)
Performance
Evaluation (9)
Plan Do
Check
Act
ISO 9001:2015 Standard Model
58. SCE / Quality Workshop / October 2018 !58
Implications of Annex SL on Sector-specific
Management Systems Standards
Annex SL
Quality
Management
Systems (ISO
9001)
Oil & Gas,
Petrochemical Quality
Management Systems
(ISO 29001)
Automotive Industry
Quality Management
Systems (???/TS
16949)
Aviation, Space &
Defence Quality
Management Systems
(BS/EN 9100)
59. SCE / Quality Workshop / October 2018 !59
Annex SL
ISO 9001
(QMS)
AS 9100 AS 911O AS 912O AS 9115
Quality Management Systems Standards
– Aviation, Space & Defence Industries
60. SCE / Quality Workshop / October 2018 !60
125
Clause 1
Scope
• New process model
• Added a PDCA model
• Added “Risk-based thinking”
• Emphasis on defining context of
organization
Clause 2 ISO 9000:2015 referenced
Clause 3
Terms &
Definitions
ISO 9001 terms & definition from ISO 9000.
Added a number of definitions, including
“Product Safety” & Counterfeit parts”
Clause 4
Context of the
organization
• Maintained documented information is
required, can be named Quality Manual
▪ Justified exclusions not limited to
Realization/Operations processes
▪ QMS processes have performance
indicators
Clause 5
Leadership
▪ QMS compatible with strategic direction
▪ QMS requirements integrated into
business processes
▪ Processes deliver their intended Outputs
Clause 6
Planning
• When planning the QMS, determine
the actions needed to address
opportunities and risks (prevention)
•Increases requirements for planning of
changes
Clause 7
Support
• Determine knowledge management
requirements
• Awareness on product conformity,
product safety, ethical behavior
Clause 8
Operation
• Planning for product obsolescence
• Plan activities needed to assure
product safety
• Prevention of counterfeit parts
•Process to validate test reports for raw
material based on risks
• Release of products and services
Clause 9
Performance
evaluation
• Assess performance of QMS
processes
• Added Note to evaluate performance
indicators on internal audits
Clause 10
Improvement
Consider human factors in
nonconformity / corrective action
AS 9100:2016 Structure
ISO 9001:2015, Additional Requirements
61. SCE / Quality Workshop / October 2018 !61
Risk
Merges current AS 9100 series (operation) risk management requirements
with new ISO 9001:2015 requirements on risk-based thinking, which permeate
the entire management system (merged current 9100 requirements with new
ISO requirements and emphasis on risks in operational processes).
Configuration management
Clause clarified and considerably improved to address stakeholder needs to
specify requirements in more simplified terms for physical and functional
attributes during the product life cycle (clarified and improved to address
stakeholder needs).
Product safety
Plan, implement and control processes needed to ensure product safety during
the entire life cycle, as appropriate to the organization (added in a separate
clause and in selected areas).
AS 9100: 2016 New Features
149
62. SCE / Quality Workshop / October 2018 !62
Counterfeit parts
Introduces prevention of counterfeit or suspected counterfeit parts in carefully
selected areas to establish basic requirements appropriate to the product
(added in a separate clause and in selected areas).
Awareness
Reinforces requirements for awareness of the individual contribution to product
or service conformity, contribution to product safety and importance of ethical
behavior (reinforced requirements for awareness of individual contribution to
quality).
Human factors
Organizations should consider human factors when determining causes of a
nonconformity to ensure a true root cause is identified and nonconformities do
not recur (factors included as a consideration in nonconformity / corrective
action).
AS 9100: 2016 New Features
150
63. SCE / Quality Workshop / October 2018
!63
8. Organisations Management Systems
8
64. SCE / Quality Workshop / October 2018
NOT ONLY
MS ≠ Standards
MS = Standards+++++
Standards are Generic
while
MS is Specific
Standards
(Requirements
& Guidelines)
Stakeholders
Requirements
(Needs &
Expectations)
Statutory &
Legal
Requirements
Specific
Business
Requirements
Management
Systems
(MS)
Management Systems vs. Management Standards
!64
65. SCE / Quality Workshop / October 2018
Management Systems Key Elements
Context of Organization
Stakeholders Needs
Process
Management
Risk
Management
Continual
Improvement
Management
!65
66. SCE / Quality Workshop / October 2018
Process Management
A desired result is achieved more effectively and efficiently
when activities, related resources and controls are
managed as a process
Risk Management
Coordinated activities to direct and control an organisation
with regard to risk
Continual Improvement Management
Recurring activity to increase the ability to fulfil
requirements
Management Systems Key Elements
!66
67. SCE / Quality Workshop / October 2018 !67
QMS Development
▪ A quality management system should be dynamic;
evolving over time through concept of continual
improvement.
▪ Every organisation has “inherent” quality management
activities; however, these need to be planned and
managed in a systemic way.
▪ Developing a quality management system enables
organisation to focus on activities that really add value to
it and its stakeholders.
▪ Such a system provides framework for planning,
executing, monitoring and improving performance
activities within organisation.
69. SCE / Quality Workshop / October 2018
Project Characteristics
▪ Unique, non-repetitive phases consisting of processes and
activities
▪ Have some degree of risk and uncertainty
▪ Expected to deliver specified (minimum) quantified results with
predetermined parameters
▪ Planned start and finishing dates with clearly specified cost and
resource constraints
▪ Personnel maybe temporarily assigned to a project
organisation for the duration of the project and maybe subject
to change as the project progresses
▪ Maybe of a long duration and subject to changing internal and
external influences over time
!69
70. SCE / Quality Workshop / October 2018
• Project scope includes a description of project’s deliverables, their
characteristics and how they are to be measured and assessed.
• Project scope is concerned with:
• Concept definition and development
• Scope boundaries control
• Definition of corresponding activities, and
• Control of activities
• Project related processes aim to:
• Translate customers’ and other stakeholder’s needs and expectations into
activities to be carried out to achieve the objectives of the project and to
organise these activities
• Ensure that personnel work within project scope during realisation of
these activities, and
• Ensure that activities are carried out in the project meet requirements
described in the scope
!70
Project Characteristics
71. SCE / Quality Workshop / October 2018
Project Processes
▪ Project Processes & Phases are two different
concepts.
▪ Projects may be divided into independent phases and
processes to enable planning and realisation of
objectives and assessing related risks.
▪ Project processes are those that are necessary for
realising the project and its outcomes.
▪ Processes consist of two types; core and supporting
processes.
▪ Processes are grouped according to their affinity to
one another.
!71
72. SCE / Quality Workshop / October 2018
Project Processes Management
• Project management processes includes:
• Planning
• Organisation & Execution
• Risk Identification & Control
• Performance Monitoring
• Analysis & Review
• Improvement Actions (Correction, Corrective & Preventive
Actions)
• Project quality management system should be aligned with
organisation’s quality management system.
• Documents should be created to ensure effective planning,
implementation and control of the project & its processes.
!72
76. SCE / Quality Workshop / October 2018
Suppliers /
Vendors /
Contractors
Planning &
Coordination
Function
Purchasing
Function
Finance
Function
Contracts
Function
Verification
Function
Customers
Challenge: Managing Functional Interfaces
Supply Chain Management Process
!76
77. SCE / Quality Workshop / October 2018
Cumulative Risk
Annual
Spend
(2017)
Criticality of
Provider
Criticality of
Product /
Service
Frequency
of Use
Cumulative
Risk
10% 40% 25% 25% 100%
!77
81. SCE / Quality Workshop / October 2018 !81
Policy &
Objectives
Planning & Implementation
of Operational Controls
Commitment,
Leadership &
Accountability
Communication
Organisational
Structure
Risk
Management
Verification
Activities
Correction,
Corrective &
Preventive Actions
Management
Review
Management Systems Elements
82. SCE / Quality Workshop / October 2018 !82
Verification Activities
Audit
Systematic, independent and documented process for obtaining
audit evidence and evaluating it objectively to determine the
extent to which audit criteria are fulfilled
Inspection
Conformity evaluation by observation and judgement
accompanied as appropriate by measurement, testing or gauging
Review
Activity undertaken to determine the suitability, adequacy and
effectiveness of the subject matter to achieve established
objectives
83. SCE / Quality Workshop / October 2018 !83
Verification Activities Linkage
Process Performance
(KPI’s)
Process Customers
Feedback
Technical
Inspections
Audits
(Processes)
Review
84. SCE / Quality Workshop / October 2018 !84
Process Verification vs. Validation
Verification
Confirmation, through the provision of objective evidence, that specified
requirements have been fulfilled.
➢Verification results, in the form of objective evidence, can be obtained either
by performing certain activities other forms of determination, such as
performing alternative calculations or reviewing documentation such as
records
➢Such activities can include testing
Validation
Confirmation, through the provision of objective evidence, that the
requirements for a specific intended use or application have been fulfilled.
➢Objective evidence can be result of a process “qualification” or reviewing the
validity of planned arrangements
➢Validation can be “real” or “simulated”
86. SCE / Quality Workshop / October 2018
!86
21
Audit Planning
• Establishing Audit Objectives, Scope & Criteria
• Communication with Concerned Parties (Client, Auditee & Team)
• Agreeing Composition of Team & Allocation of Tasks
• Conducting Document Review
• Creating Audit Plan & Schedule
• Creating Checklists
Audit Execution
• Collecting information to Establish Body of Evidence
• Arriving at Audit Findings
Audit Reporting
• Creating Audit Reports and documenting Audit Findings & Conclusions
Audit Follow-up
• Verifying Effectiveness of Actions taken by Audiee as a response to Audit Findings
Audit Process Phases Activities
87. SCE / Quality Workshop / October 2018
!87
Audit Findings
33
Audit Finding
Positive
Practice Observation Non-conformity
Opportunity for
Improvement
88. SCE / Quality Workshop / October 2018 !88
40
▪ Defined as non-fulfilment of a requirement not a
clause
▪ Should contain:
➢ Details of relevant evidence
➢ Specific requirement (shall) from audit criteria
▪ Should provide clear indication of concern being raised
▪ Provide clarifications but try not to be drawn into a
long debate or suggest required response actions
▪ Make auditee management aware of findings prior to
closing meeting
Nonconformity
89. SCE / Quality Workshop / October 2018 !89
Process Review & Improvement
Evidence collected through:
Process KPI’s – process to demonstrate the ability to fulfil specified
requirements.
Process Customers Feedback – ability to satisfy not only the
requirements of the customer but also the needs of the
process customers.
Process Inspections – determination of conformity to specified
requirements.
Process Audits – systematic, independent and documented process
for obtaining audit evidence and evaluating it objectively to determine
the extent to which audit criteria are fulfilled .
90. SCE / Quality Workshop / October 2018
!90
Follow-up Phase
38
Agreeing response actions timeframe
Root causes investigation
Formulation of relevant response actions
Communication & coordination between audit team, audit client & auditee
Findings close-out
Implementation of required actions
Auditee verification of implemented actions
92. SCE / Quality Workshop / October 2018 !92
46
•Can you see the issuance of NCR as adding value or just a
reflection of non-conformance / non-compliance?
•What are the responsibilities of the auditor when determining
and documenting a non-conformity with respect to the
following:
✦Attributes of the evidence collected and documented
✦Does the auditor need to refer to the audit criteria. If so,
should he refers to a clause or a specific requirement
(shall)?
✦What should become clear when the reader compares the
evidence against the requirement (specific shall)?
•What kind of actions are required in response and by whom?
•What is the role of the auditor when closing a non-conformity?
Best Practice Auditing
93. SCE / Quality Workshop / October 2018 !93
45
•Are audits just a tool of compliance or both compliance and
improvement?
•If you agree that it is about ensuring improvement in the system,
is it just the auditor who contribute to improvement realisation?
•Can we remind ourselves of the differences between the following
actions:
• correction
• corrective action
• preventive action
• To arrive at corrective actions, do we need to identify root causes?
• Can we determine root causes without conducting required root
causes investigations?
Best Practice Auditing
96. SCE / Quality Workshop / October 2018
!96
Determining
Root Causes
Identifying
Required
Actions
Formulating
Required
Actions
Data
Gathering
Investigation
Team
Selection
Implementing
Required
Actions
Verifying
Effectiveness of
Implemented
Actions
Review of
Effectiveness of
Implemented
Actions
Embed Learning
Agree & Formalise
System &
Operational
Changes
Investigation & Learning Process
Communicate and
Monitor System &
Operational Changes
End
97. SCE / Quality Workshop / October 2018
“Why Why” Analysis
• Also referred to as “tree diagrams”
• “Why Why” Analysis provides guidance on the
likely cause of a problem
• Used with structured brainstorming and analytical
discussion
• Sometimes referred to as ‘5 Whys’ – reflecting
the 5 rounds of vertical and not horizontal
questioning
!97
98. SCE / Quality Workshop / October 2018
“Why Why” Analysis
!98
Why?
Why?
5
4
3
6
1
Original
Problem
Most Strongly
Scored
“possible” root
cause is now
taken further 2
Why?
Why?
Why?
Why?
99. SCE / Quality Workshop / October 2018 !99
Why?
Why?
Why?
Why?
Why?
1
Why?
Original
Problem
Why?
Why?
Why?
Why?
100. SCE / Quality Workshop / October 2018
Cause & Effect Analysis
(Fishbone or Ishikawa Diagrams)
!100