by Peter Theobald
Although the ISO/TS 16949 technical specification isn't scheduled to change until at least 2009, in a very real way it's changing today. Why? Because registrars' understanding and interpretation of the specification has evolved. Lessons learned by registrars, clients and the International Automotive Task Force during the past three years are now filtering down to the way audits are conducted.
Differences to expect from registrars when conducting audits against the requirements of the technical specification are:
• Greater emphasis on the process approach to auditing and supplier adoption of process-oriented management systems
• Focused auditing on customer expectations and additional specific requirements
• A higher percentage of time spent on off-shift activities (i.e., shifts that aren't being performed during the organization's core business hours)
• A more comprehensive stage one readiness review with strictly defined criteria
The IATF will ensure that this refocusing of auditor resources is accomplished in a structured and consistent manner through the following three initiatives: first, the new IATF requalification training requirements for all technical specification auditors; second, the additional emphasis that the IATF is placing on registrars to continually train and develop their audit staff; and third, the recent introduction and consequent retraining of all ISO/TS 16949 audit personnel on the new stage one readiness review criteria outlined in FAQ 32 of the "Rules for Achieving IATF Recognition, Second Edition," published by the IATF. These initiatives are among the first visible effects of IATF's efforts to refocus and drive home the interpretation of those requirements into process-oriented auditing.
Auditor competence isn't the sole reason behind the challenges that face the certification process for ISO/TS 16949. If, in the true spirit of the technical specification, we attempt to establish a root cause analysis, then auditor competence is merely a symptom. It may be closer to the truth to say that the automotive industry understands the letter of the technical specification while failing (in some cases) to grasp its spirit. However, the registrars, as the "gatekeepers" of ISO/TS 16949 certification, have the responsibility to ensure that only those companies that comply with both the requirements and the meaning of ISO/TS 16949 achieve certification. Consequently, root cause analysis comes back to auditor competence or, more precisely, the auditor's interpretation of compliance with the spirit of the standard and how that 's consistently applied.
But what's the perceived divergence between the requirements and the spirit of the technical specification? The story starts right at the beginning of the technical specification itself, which requires an organization to determine the sequence and interaction of its processes. Ever since the launch of ISO 9001:2000, companies have been fulfilling this requirement with varying degrees of success. Yet the requirement is a fundamental stepping stone in establishing a process-oriented management system. Compliance with the requirement for doing this is easy enough. By adopting the process-based quality management system model outlined in clause 0.2 of ISO 9001 with some appropriate process-related labels, compliance with the words of the standard will be achieved. This generic approach satisfies all the requirements of the standard but misses the spirit of what it's trying to accomplish. Properly identifying processes facilitates an organization's ability to structure its management systems around those processes. This assists in clearly identifying the appropriate monitoring methodology and process interactions. Improper or generic identification of an organization's processes will create a ripple throughout the management system, which can be counterproductive to an organization's attempt to establish a process-oriented management system. This potential divergence between compliance with the written word and the adoption of the philosophy or spirit of the technical specification is at the heart of the initiative' s probable success or failure.
This movement to ensure that auditors understand processes, how to audit them, and the benefits to organizations in structuring their management systems around them is a fundamental part of the IATF ISO/TS 16949 requalification training. During this training, it's apparent that both the original equipment manufacturers (OEM) on the IATF board and the IATF oversight officers are placing greater emphasis on auditor competence with regard to the process approach to auditing. To pass the training, all auditors will need to demonstrate a thorough understanding of the process approach and be able
to demonstrate that understanding in an audit situation.
But the IATF is not just focusing on process auditing. There is a continual emphasis on ensuring that suppliers are meeting and exceeding customer expectations and applicable customer-specific requirements. Where less than 100-percent compliance is seen, auditors will expect a reaction plan to be in place with any risk to the OEM customer immediately contained. In addition, subsequent root cause analysis must be detailed with corrective action emphasizing error proofing and defect prevention.
The requirement of audit programs to fully encompass all processes and customer requirements, including all shift patterns and off-shift activities, has also been reinforced at the requalification training. Auditors are expected to spend a good portion of their planned audit time covering off-shift activities. This is a direct result of recent OEM feedback, which indicates that a majority of part quality issues originate during off-shift production. Greater emphasis will be placed on establishing whether companies truly understand their own internal sequences and the interaction of processes. The auditor will expect process owners to be identified and processes to be monitored, measured and analyzed to determine their effectiveness. This process-focused approach to auditing will ultimately put organizations under much tighter scrutiny during initial and ongoing audits by their registrar. OEMs can expect more attention to be placed on performance, improvements and measures, as well as customer satisfaction and cost reduction.
The initiatives outlined above are supported by IATF's earlier introduction of FAQ 32, which details the requirements for a readiness review. FAQ 32 states:
"Readiness is judged by two basic criteria:
i. Are the requirements of Rules Second Edition Annex 1 met?
The organization shall provide the following documentation to the audit team for review, and for use in planning the audit (see format in IATF guidance to ISO/TS 16949:2002):
• Description of processes showing the sequence and interactions, including key indicators and performance trends for the previous 12 months, minimum
• Evidence that all requirements of ISO/TS 16949:2002 are addressed by the organization's processes
• Quality manual (for each site to be audited)
• Internal audit and management review planning and results from previous 12 months
• List of qualified internal auditors
• List of customer-specific requirements
• Customer satisfaction and complaints status, including customer reports and scorecards
ii. Does the organization meet the requirements of ISO/IEC DIS 17021 Annex A.2.F.?
The stage one audit shall be performed to evaluate if the internal audits and management review are being planned and performed effectively and that the level of implementation of the management system substantiates that the client organization is ready for the stage two audit.
If the required items from Rules Annex 1 are not present and complete, then the stage one audit shall judge the organization 'not ready.' If during the stage one audit obvious major nonconformances with respect to the organization's effective implementation of the management system are found, the organization shall be judged 'not ready.'
Nonconformities shall not be raised during the stage one readiness review. The stage one audit answers the question: 'Shall the stage two site audit be conducted?' If the answer is negative, then the organization returns to stage one.
The certification body should identify, as part of its stage one audit report, any areas of concern that could be classified as nonconformity during the stage two audit."
Essentially, this FAQ states that a negative recommendation from a stage one readiness review can fall under any of the following scenarios:
• The company hasn't completed its internal audits against the requirements of ISO/TS 16949 (e.g., system, product or process).
• The company hasn't performed a management review against the requirements of ISO/TS 16949, included in which were the results of its internal audits.
• If any of the key performance indicators aren't available for review by the auditor
• If any of the documentation specified in the bullet points in section i. of FAQ 32 aren't available and/or effectively implemented at the time of the stage one review
• If any major issues with respect to the organization's effective implementation of the management system are found, then this should also be deemed as reason to fail the stage one visit.
Additionally, a mere plan to achieve any of the above is not acceptable. For the stage one audit to be successful, these actions must have been completed prior to the readiness review.
A negative recommendation for a stage one readiness review will require the organization to undergo further stage one reviews until such time as a successful or positive recommendation can be made. This is a far stricter interpretation of the stage one readiness review requirements than previously existed.
The IATF imposed these Draconian requirements upon its contracted registrars, and hence organizations trying to achieve certification, largely for two reasons.
First, witnessed audit findings indicated that ISO/TS 16949 stage one assessments weren't effective in establishing an organization's preparedness for a stage two audit. As a result, a considerable number of stage two assessments were resulting in noncompliances and/or negative recommendations.
Second, those organizations that have failed to embrace a process-oriented management system can be identified at the earliest possible stage and thus not be put forward to a stage two audit.
The hope is that these measures will increase the success rate of stage two assessments and consequently reduce the financial effect of the ISO/TS 16949 certification process to the industry as a whole, while also supporting the overall goal of the IATF in ensuring that only companies with truly process-oriented management systems achieve certification.
Even after successful completion of the IATF requalification exam, auditors will face further oversight and review by the registrars to ensure that the requalification program has been successful. Ongoing reviews will ensure that continued development is proving effective. In short, far greater emphasis is being placed on an auditor's competence and on a registrar's ability to develop and enhance that competence.
ISO 9001:2000 Clause 0.2 states, "An advantage of the process approach is the ongoing control it provides over the linkage between the individual processes within the system of processes, as well as their combination and interaction." This is the underlying driver behind ISO 9001:2000 and, consequently, ISO/TS 16949:2002. In the rush to achieve conformance, it can be easy to forget this founding principle. The IATF never forgot this, and its continual support and enthusiasm for organizations to adopt the process approach should be commended. This latest initiative to inject consistency and diligence into third-party auditing is welcomed by all registrars.
ISO/TS 16949, when properly implemented, can transform a company. It's the responsibility of the registrar to ensure that only companies that have truly grasped the concepts of process-based management systems, and hence the philosophy of ISO/TS 16949, achieve certification.
In conclusion, the technical specification is unlikely to change in the near term. Its success or failure will be judged by supplier performance to the OEMs in terms of defect rates and cost-reduction dollars. It's too early to tell whether or not these will meet expectations. Either way, the final results may well be reliant upon the suppliers' ability to adopt process-oriented management systems and auditors abilities' to "guide" them in the right direction.
Peter Theobald is an IATF-qualified automotive auditor and the automotive technical manager for NQA-USA. His responsibilities include being one of the designated "veto powers" for NQA-USA ISO/TS 16949 certification activities. He has spent the last five years in the certification industry, focusing on the technical interpretation of standards and specifications and their subsequent implementation by registrars.
|