Quality Management: Effective ISO/TS 16949 Audits
Problems with QS-9000The changes in ISO/TS 16949: 2002 stemmed from the dissatisfaction of the industry in how QS-9000 was being implemented. The general feeling in the automotive industry was that there were many organizations registered to QS-9000 that were not at a QS-9000 level. The IATF tried to improve the overall situation with two important institutional changes: creating its own oversight body and scheme, and reducing the number of registrars that could audit to ISO/TS 16949: 2002 from several hundred to approximately 55.
Evaluating this structural change of oversight bodies and registrars, one notices that 80% of the organizations did not change registrar and auditor. So the vital few companies supplying the automotive industry were not drastically affected by this change. The reduction of registrars and auditors resulted in a marked change in the 20% of the trivial many companies that had many registrars and auditors who really did not understand automotive standards.
IAOB and rules for accreditationAnother major change that resulted in overall quality improvement in registration is the quality of the audits of registrars by the International Automotive Oversights Bureau (IAOB) in the United States and the Oversight Scheme Rules. The IAOB in the United States gets high marks for the quality of the audits and the nature of corrective action, or systemic change, that they are driving.
When ISO/TS 16949: 2002 was introduced, the IATF also announced an automotive approach to process audits. Process characteristics, customer-oriented processes (COPS) and turtle analysis, or process analysis, were announced as well. These changes driven from an audit and auditor requirements perspective had severe repercussions on organizations' implementation and design of ISO/TS 16949: 2002. In 2002 and 2003, these requirements were implemented sporadically by auditors who were not sure whether they could mandate these changes. A confusing aspect of ISO/TS 16949: 2002 has been having the check step of the Plan-Do-Check-Act cycle mandate these changes. In other words, why are these requirements not clearly stated in the ISO/TS 16949: 2002 Technical Specification or in its appendix? Having these requirements presented in a roll-out meeting and taught to third-party auditors as an auditing technique was a confusing aspect of the ISO/TS 16949: 2002 roll out.
In December 2004, the IATF revised the Rules for Oversight and clarified the automotive approach to process audits by creating a five-step auditing process and also by including terms such as COPs, octopus and turtle analysis directly in the rules document. This was a much-needed change, providing legitimacy to these requirements that were introduced in 2002. Furthermore, the Rules for Oversight finally realized the need to improve internal audits as well. They asked for internal audits to be process-based and for the automotive approach to process audits to be used.
In August 2005 another major change was announced, this time driven by the Europeans. This change heralded a standardized process for ISO/TS 16949: 2002 with 113 different skills and knowledge requirements for third-party auditors. This latest change clarifies and improves auditor expectations and what they should be auditing in various steps of ISO/TS 16949: 2002. Again, the auditing standards drove new requirements and expectations in ISO/TS 16949: 2002.
The IATF and the IAOB have to be applauded for the needed changes that they are driving in improving third-party auditors and audits. One of the favorite sayings is that "organizations rise to the level of their auditor." In fact, it is difficult to consult in high quality if the auditor comes in with low expectations. Both internal quality organizations and consultants have come to a full halt when a third party has "blessed" a system partially implemented. The ISO/TS 16949 oversight process is still not perfect, however, giant strides are being made.
Auditor competencyThe 113 auditor competencies identified by the IATF will drive the next round of improvement in the ISO/TS 16949: 2002 audit scheme. These competencies do not duplicate requirements in ISO 19011: 2002, which teaches the mechanics of auditing. It instead hones in on the quality requirements of each auditing step. For example, in a step within the Stage I audit (Readiness Review) "Confirm Customer Satisfaction and Complaint Status (customer report and scorecards) are Available," the auditor is asked to do five specifics, according to the Certification Body Auditor Competency Criteria for auditing to ISO/TS 16949: 2002:
- Verify the organization has a defined process for the identification and analysis of customer satisfaction and complaint status information.
- Determine from the list of customers which customers issue customer satisfaction and complaint status reports.
- Verify that the organization has accessed and reviewed the current reports.
- Verify that customer satisfaction and complaint status information, where applicable, is downloaded from the relevant Web site during the readiness review.
- Verify that customer objectives and reporting formats scorecard data are used.
This is the most improvement in the automotive scheme since the inception of automotive standards from the days of Q-101, SQA Guidelines and Targets for Excellence in the 1980s.
Performance auditingInternal and third-party audits need to add value in the supply chain. If audits and auditors do not add value, then they are a part of the nonvalue-added cost in the supply chain. One of the key changes in the ISO/TS 16949: 2002 automotive approach to process audits is the five-step auditing process. Three of those steps are conducted in the readiness review, when customer data and organizational data are evaluated to identify performance weakness and potential processes that are causing them. This is the key structural change which, when correctly performed, can add real value to organizations. Not only should third-party audits improve, these third-party changes needed to be applied to internal auditing. Internal audit problems start with how they are designed and also may result from the choice of auditors. Key problems with internal audits include how they are structured, auditor knowledge, corrective action and audit report write-ups, the audit focus and their overall execution. See the table, "Audit Effectiveness."
Auditor improvementThe ISO/TS 16949: 2002 scheme is making many structural changes to improve the overall audit process. These much-needed changes are slowly improving the overall third-party audit process. At the same time, these changes are not filtering into the internal audit process. Organizations are not putting enough thought into the purpose of the internal audit. Many times, audits are poorly designed and audit training consists of one auditor training class. Internal audit improvement starts with the correct choice of auditor, correct audit process and sequential training for the internal auditor.
Changes in the third-party scheme usually seem to filter down to the internal audits as well. That would be good in the current situation. Internal audits and auditors need to be the focus of the next big push in ISO/TS 16949: 2002.
For more information, visit www.omnex.com.
Quality Tech tipsThe changes in ISO/TS 16949: 2002 stemmed from the dissatisfaction of the industry in how QS-9000 was being implemented.
- The IATF tried to improve the overall situation with two important institutional changes: creation of its own oversight body and scheme, and by reducing the number of registrars that could audit to ISO/TS 16949: 2002.
- When ISO/TS 16949: 2002 was introduced, the IATF also announced an automotive approach to process audits.
- Internal and third-party audits need to add value in the supply chain.
- Internal audit improvement starts with the correct choice of auditor, correct audit process and sequential training for the internal auditor.