Professional Documents
Culture Documents
Iso 9001:2015 (Quality Management System)
Iso 9001:2015 (Quality Management System)
Iso 9001:2015 (Quality Management System)
o Discuss how companies check their management system through internal audits
o Explain how internal auditors can audit the new requirements of the ISO 9001:2015
o Discuss how top management should be involved in Management System through Management
reviews
o Compare what has changed from previous version i.e. ISO 9001:2008 to new version ISO
9001:2015 regarding management reviews
Organization Knowledge
The latest ISO 9001:2015 standard institutes the concept of “knowledge.”
As knowledge was not required by the former ISO 9001 standard, the concept of this topic and the
method to it are newly introduced in the standard. ISO 9001:2015 explicates obligations for
managing organizational knowledge in the following four phases, which are similar to the PDCA
cycle:
o Identify the knowledge which is mandatory for the implementation of processes and
for acquiring conformity of products and services
Data
Data can be understood as “unordered facts and figures."
The fundamental part of information in an enterprise is in the shape of data. Organizations gather,
assesses and analyses this data to recognize patterns and trends. Majority data thus gathered is
linked with the main processes of the organization.
Data are particulars and statistics which reinforce something particular about a process, but data is
not structured in any terms and it gives no further vision concerning trend, forecast and context, etc.
Information
Each data unit is a fragment of a process transaction and does not give any information until these
fragments are structured and ordered in concurrence with other data units. The collection of data
into a meaningful context gives information. For data to be transformed to information, it must be
connected with its background, grouped, formulated and compressed where necessary. Information
therefore provides a larger picture; it is data with applicability and objective. It may transfer a
behavior in the environment, or can refer a trend of sales for a timeline. Basically, information is
revealed in responses to questions that start with words like what, who, when, where and how much.
Analysis
The information collected in the earlier phase provides much depth. Analysis provides more value by
disconnecting or reorganizing this information. Simulations with systematic and logical processing
give practitioners the capability to evaluate information and define process, trend, etc.
Knowledge
Knowledge is not identical to data, information or analysis. It is because knowledge can be
generated from any source, or it can be founded on previous knowledge utilizing logical inferences.
Knowledge is related to performance and relates how to do and comprehension of a reality. The
knowledge owned by each person is an output of one’s experience, and relies on the scale by which
a person examines new inputs from his environment.
Knowledge can be determined as “an abstract mix of perceived experience, principles, socio-
economic and political context, professional awareness, and the emotional elements."
All these elements give a surrounding and mechanism for assessing and adding new information
and experiences. It initiates and is developed in the intellect of the one who knows. In companies,
knowledge is frequently built within organizational culture, norms, routine activities along with its
documentation.
Wisdom
Wisdom is the use of gathered knowledge to build an increased comprehension of the reality and to
optimize business functions.
How can you record the knowledge of your organization?
Every organization has significant knowledge that makes them gain a lead in the
competition, but how is this recorded within your organization? When this knowledge resides
with some employees and is not recorded, it is usually known as “tribal knowledge,” and if
this can be a strength, it can be at risk of being forgotten when these personals leave the
company.
So, how can you simply record the knowledge of your organization? Here are some ideas:
o Work Instructions
o Checklists
o Training Packages
o On-the-Job Training
o Knowledge Database
o Obviously, the best way to record this knowledge is with the help of instructions. If
you have a process that needs to be done in a particular way in order to avoid
problems, do so, and then this can be drafted easily for comprehension of new
recruits.
How can you record the knowledge of your organization?
Every organization has significant knowledge that makes them gain a lead in the
competition, but how is this recorded within your organization? When this knowledge resides
with some employees and is not recorded, it is usually known as “tribal knowledge,” and if
this can be a strength, it can be at risk of being forgotten when these personals leave the
company.
So, how can you simply record the knowledge of your organization? Here are some ideas:
o Work Instructions
o Checklists
o Training Packages
o On-the-Job Training
o Knowledge Database
o Obviously, the best way to record this knowledge is with the help of instructions. If
you have a process that needs to be done in a particular way in order to avoid
problems, do so, and then this can be drafted easily for comprehension of new
recruits.
How can you record the knowledge of your organization?
Every organization has significant knowledge that makes them gain a lead in the
competition, but how is this recorded within your organization? When this knowledge resides
with some employees and is not recorded, it is usually known as “tribal knowledge,” and if
this can be a strength, it can be at risk of being forgotten when these personals leave the
company.
So, how can you simply record the knowledge of your organization? Here are some ideas:
o Work Instructions
o Checklists
o Training Packages
o On-the-Job Training
o Knowledge Database
o At times, key points of the process needs to be recorded, and having this in a type of
training package can be an excellent idea for capturing the knowledge.
How can you record the knowledge of your organization?
Every organization has significant knowledge that makes them gain a lead in the
competition, but how is this recorded within your organization? When this knowledge resides
with some employees and is not recorded, it is usually known as “tribal knowledge,” and if
this can be a strength, it can be at risk of being forgotten when these personals leave the
company.
So, how can you simply record the knowledge of your organization? Here are some ideas:
o
Work Instructions
o Checklists
o Training Packages
o On-the-Job Training
o Knowledge Database
o When the knowledge just can’t be explained in black and white, it can be helpful to
employ on-the-job training where a professional and experienced person will convey
the undocumented knowledge in an organization to others.
How can you record the knowledge of your organization?
Every organization has significant knowledge that makes them gain a lead in the
competition, but how is this recorded within your organization? When this knowledge resides
with some employees and is not recorded, it is usually known as “tribal knowledge,” and if
this can be a strength, it can be at risk of being forgotten when these personals leave the
company.
So, how can you simply record the knowledge of your organization? Here are some ideas:
o Work Instructions
o Checklists
o Training Packages
o On-the-Job Training
o Knowledge Database
o Some concepts or things are learned during a project. This experience can be
captured by creating a report that discusses the successes and failures of a project,
which can then be logged in a knowledge database. Such records will help in
completing such projects effectively.
Taking Advantage of the Recorded Organizational Knowledge
When organizational knowledge is recorded, one should take advantage of this resource,
particularly when bringing any changes.
Implementing quality checklists and work instructions can be met with resistance, but if all concerned
personnel know how important this documentation is, implementation will be easier.
Similarly, the training requirements should be implemented as soon as they have been produced.
Systems should be upgraded to incorporate the training for the implementation of work instructions
and quality checklists. This incorporation will ensure that when a new person is recruited to the
team, he/she will be provided with the most up-to-date training to start the job.
The knowledge database is an exclusive idea in that it is a input mechanism into the design job, so
one needs to update the system of design process to make sure that design engineers are able to
take advantage from the lessons which have been incorporated into knowledge database to ensure
that no one bypasses learning or improvement that has been recognized and recorded. Personnel
should learn to utilize this system so that they may gradually progress in their jobs.
"Where is the knowledge we have lost in information?” - T. S. Eliot
Knowledge is often lost in information, especially when the given information is not analyzed and
applied during work.
Some organizations make use of data by ordering and converting such data forms into information.
Information provides insight about a process and the relation of data structures. But when this
information is only utilized for reports without taking appropriate actions on processes based on this
information, then a potential knowledge resource is lost.
Therefore knowledge is something beyond information that is applied to some process, machinery,
procedure, and gives a comprehensive understanding of a process subject.
An Important Resource!
Considering organizational knowledge as a powerful resource can speed an organization into
continual improvement, which can be crucial to the long-term success of an organization.
Frequently, organizations don’t understand what crucial knowledge they had until one key employee
moves out and systems do not work properly anymore.
This can be a costly method for learning the lesson that it is important to record and regulate
organizational knowledge. To avoid this, enterprises should take advantage of the ISO 9001:2015
requirements and opt for organizational knowledge recording by making it a strategic theme. The
organization will receive the benefits of doing so.
Types of Knowledge
There are different types of organizational knowledge and these can be explained as:
o Tacit knowledge - Knowledge that cannot be expressed and communicated
o Implicit knowledge - Knowledge that can be expressed and communicated but it has never been
o Explicit knowledge - Knowledge that is expressed and communicated, mostly recorded in the
structure of tables, text, relationship etc.
o Procedural knowledge - Knowledge expresses itself in the form of doing some process.
o Declarative knowledge - Knowledge that comprises of methods, descriptions and things, and
written procedures (declared and followed).
o Strategic knowledge - Knowing the time of doing something with the reason of doing it.
Organizational Memory
Traditional memory is related to a person’s capability to obtain, retain, and retrieve knowledge.
Within organizations, this concept is stretched beyond the personal traditional memory, and
organizational memory thus relates to the organization’s capability to obtain, retain and retrieve
knowledge through information, analysis and proceedings.
What is Organizational Memory?
It is defined as the memory in which all the types of repositories are set in, where a company may
collect information.
This memory is comprised of the various official records, along with tacit and available knowledge in
people, companies’ culture, and processes.
Each time a judgment is taken and the concerns are assessed, new information is supplemented to
the memory of the organization.
o Personal: The memories of the person who remember organizational events, decisions, and issues
faced in the past.
o Shared Values of an Organization: The mode of communication and structures that are present in
an organization and form the shared values of an organization.
o Developed Systems: The developed standard procedures and official methods that the
organization uses. These official methods imitate the company’s past experiences and are
repositories for embedded knowledge.
To create a shared vision with the team having common values and purpose.
To define the high level policy, plans, and business structures that transform ideas into effective
decisions.
To create beneficial learning methods; this will encourage the continual improvement of the
policies, plans, and business structures.
All of these three attributes will help leaders to build the foundations of a system where
organizational knowledge is used in the most effective manner for the overall well-being of the
organization.
Organization Knowledge
End of Topic
What is Internal Auditing?
Internal auditing is an internal process for facilitating organizations to meet their objectives. It
is concerned with checking and improving the effectiveness of different management
systems in an organization.
What is auditing? Auditing is defined in international standard ISO 19011:2011—Guidelines
for auditing management systems as a “systematic, independent and documented process
for obtaining audit evidence [records, statements of fact or other information which are
relevant and verifiable] and evaluating it objectively to determine the extent to which the audit
criteria [set of policies, procedures or requirements] are fulfilled.”
The Concept Behind Internal Auditing
An audit can be termed as a type of inspection and testing, except that in this case the
product being inspected is the management system itself.
Similar to a product or process inspection, an audit compares “how things really are” to “how they
are supposed to be”.
Audits attempt to reveal areas that should be given attention and areas that are veiled during routine
activities; audits look at the whole process with fresh eyes, which can detect such shortcomings.
Although it is such a constructive tool in the management system, audits often evoke a level of
stress that is equivalent to the stress of completing an exam.
An positive external audit carries a lot of weight, so it is natural that there is some concern and worry
from the auditee. However, a robust internal audit cycle can minimize the stress, as an audit might
reveal the problems within department and perhaps even solve them before an external audit ever
begins.
A comparison of the internal audit between the old ISO 9001:2008 and the new ISO 9001:2015 is
shared below:
o ISO 9001:2008
o ISO 9001:2015
o This internal audit process is required in one of the documented procedures mandated by ISO
9001:2008, which explicates that companies will implement a documented procedure with defined
tasks owners. The procedure should also state how internal audits will be planned, conducted and
results reported. The records should also be kept.
Comparing the Old and New ISO 9001 Standard
All types of management standards need audits to observe and present findings on the
efficiency of the management system.
A comparison of the internal audit between the old ISO 9001:2008 and the new ISO 9001:2015 is
shared below:
o ISO 9001:2008
o ISO 9001:2015
o ISO 9001:2015 does not mandate a procedure for Internal Audit which is supposed
to be documented. However organizations should keep an audit program and keep
documented information of the audits held, their findings and closure records.
Phases of an Audit
There are four phases of an audit program. Click on the following tabs to learn more:
o Audit Preparation
o Audit Proceedings
o Audit Reporting
o Audit Follow-Up and Closure
o Audit preparation contains all steps that are made in advance by concerned parties (
such as the lead auditor, the auditee, and the audit program manager) to make sure
that the audit acts in accordance with the client’s objective. The preparation part of
an audit starts with the decision to perform the audit. Preparation finishes when the
audit starts.
Phases of an Audit
There are four phases of an audit program. Click on the following tabs to learn more:
o Audit Preparation
o Audit Proceedings
o Audit Reporting
o Audit Follow-Up and Closure
o This is the actual implementation phase of an audit and it is frequently known as the
evidence collection. This phase comprises of the time period when the auditor
appears at the audit location to the last closing meeting.
It comprises of audit proceedings which comprises of on-site audit organization, discussion with the
auditee, comprehending the procedures and system controls and confirming that these controls are
effective, collaborating with team members, and interacting with the auditee till closing meeting.
Phases of an Audit
There are four phases of an audit program. Click on the following tabs to learn more:
o Audit Preparation
o Audit Proceedings
o Audit Reporting
o Audit Follow-Up and Closure
o The objective of the audit report is to discuss the findings of the audit proceedings. The report
should contain evidence of findings that will be operative in solving imperative organizational
matters. The audit activities are completed when the report is presented by the lead auditor or when
follow-up actions are done.
Phases of an Audit
There are four phases of an audit program. Click on the following tabs to learn more:
o Audit Preparation
o Audit Proceedings
o Audit Reporting
o Audit Follow-Up and Closure
o The final phase of an Audit is verification of follow-up actions. Once the follow-up
actions are verified, the audit is considered closed.
First, Second and Third Party Audits
o First Party Audit
o Second Party Audit
o Third Party Audit
o A first party audit is also known as internal auditing.
It is conducted within an organization to gauge strengths and flaws for an organizations own
procedures, work instruction, or external standards like ISO 9001, which are voluntarily adopted or
mandated by a regulatory body.
A first party audit is performed by auditors who are part of the organization being reviewed but who
have no interest in the falsification of audit results.
o A third party audit is conducted by an audit organization free from the purchaser-
provider association and is free from any conflict of interest. Impartiality of the audit
organization is an important element of a third-party audit. Third party audits may
end in recognition, award, registration, certification, license endorsement, a
reference, or a penalty given by the third party organization.
ISO 9001:2015 certification is also awarded based upon a third party audit, but this audit verifies a
system of first party audit i.e. internal audit for certification.
Types of Audit
o Product Audit
o Process Audit
o System Audit
o This type of audit is carried out on a particular product or service to observe whether or not these
products and services conform to specifications and customer requirements.
Types of Audit
o Product Audit
o Process Audit
o System Audit
o This type of audit is carried out on a process to check whether process parameters
are maintained within defined limits. This audit assesses an operation or technique in
comparison to guidelines or criterion. This audit may comprise of following:
• Verify conformance to prescribed requirements such as instance pressure, time, temperature,
composition, voltage, and blend.
• Observe the resources (i.e. machinery, materials, human resource) allocated to convert the inputs
into outputs, the surroundings, the standard procedures, and instructions followed, and the methods
identified to control process performance.
• Verify the capability and efficiency of the process controls formed by procedures, flowcharts, work
instructions, awareness sessions, and process specifications.
Types of Audit
o Product Audit
o Process Audit
o System Audit
o A system audit is performed on a management system.
This type of audit is an evidence finding activity that is conducted to confirm, assess and verify that
the appropriate elements of the system are present and effective. Furthermore, this audit ensures
that elements have been aligned, recorded, and applied with stated requirements.
ISO 9001:2015 is a quality management system. Internal audits and third party external audits are
also system audits against the requirements of ISO 9001:2015.
o One does not need to audit an entire organization at any given time. The external audit (third party
audit) can cover the complete scope of organization, but internal audits can be done by flexible
means with different departments audited at different point of times.
o The standard does not mandate a mandatory audit frequency. Instead, it endorses making your plan
on the basis of importance of the processes, their associated risks, their former past issues, and the
associated quality objectives. One can set different audit frequencies for different processes.
o If an organization is applying a new management system (such as ISO 9001:2015), then all
processes and departments covered under the management system scope should be internally
audited at least one time before third party external audit.
Moreover, there are different approaches to perform internal audit. Some things that should be
considered before selecting internal auditors for a process include:
o An auditor should be unbiased and independent. One cannot audit processes that
he/she organize or has any stakes involved in it.
o Cross-function internal audits are also popular. These internal auditors are trained by
various departments and are allocated to audit other departments as per designated
plan.
o Findings from previous internal audits, or external audits can also help internal
auditors to identify weak areas and thus can re-audit those point to check whether
follow-up actions were effective or not.
o The criteria for internal audits should be communicated to the auditee before audit. It
is a good practice to communicate to the auditee to arrange required documents
before the audit to save time.
o Last but not the least, the use of observation and listening skills during the
questioning of the audit helps to identify gaps within the systems.
For example, while auditing the management review process, the auditor writes, "management
review conducted on 21st June 2017, an important agenda item was missed during the review i.e.
analyzing context of organization."
Auditor can just record the findings and their particulars in an organization’s non-conformance form
and the associated register.
Auditors should keep records of the audit which will normally be available in following
forms:
o Filled-in internal audit checklists
o Audit findings which can be referenced to your non-conformance report and register
o Step 1
o Step 2
o Step 3
o Awareness by process owners that internal audits help them to improve their
processes and that audits add value to the process. They should value the cycle of
internal audits.
Process Improvement Through Internal Audits
Internal audits can serve as a vital tool to maintain the effectiveness of the system and can
act as the “Check” part of the PDCA cycle. Through internal audits, organizations highlight
the failures within management system that develops over time of the implementation and
thus can address such gaps. Through internal audits process owners can also see
underlying gaps in their processes which are camouflaged as part of the process. This
provides them the opportunity to fill those gaps which they are not able to perceive due to
routine work cycles.
Organizations can make a culture of process improvement by internal audits by carrying out
the following steps:
o Step 1
o Step 2
o Step 3
o Maintaining compliance of standard is not a big deal for organizations. However,
making use of internal audits to ensure that the processes are effective and to add
value in process streams, this is the real challenge that organizations face.
Through internal audits non-value streams in a process can be removed, saving unnecessary cost
of over processing through those non-value streams. Internal audit processes can also identify a
vital process that can increase customer satisfaction which can yield more business which means
more profitability.
Organizations can make a culture of process improvement by internal audits by carrying out
the following steps:
o Step 1
o Step 2
o Step 3
o Internal audits can help organizations to identify barriers to some processes that would help them to
meet their quality objectives. Through this process top management can be made aware of such
barriers, which can then be removed to improve the processes.
Internal Audits for Risk Management System
ISO 9001:2015 focuses on risk management of organizational processes. The organization
is required to identify risks and opportunities for its business processes as well as for internal
processes.
An internal auditor will have to check following:
o Has the process owner identified its associated risks and opportunities?
o Has the process owner has identified the acceptable risks and opportunities which
require no further action?
o Have they indentified significant risks and opportunities for which a plan must be
made to mitigate the negative impact of the risk and maximize the positive impact of
the opportunity?
o Are the plans for risk mitigation or opportunity optimized to ensure they are
achieved?
o Does the process owner reassess the process risk if there is a change in workforce,
machinery, material, or the process after a shutdown activity begins?
o Has the internal auditor verified that the process of risk management is being
implemented?
The organizations should also identify needs and expectations of the interested parties. When an
internal auditor audits management representatives or top management for clauses related to top
management responsibilities, all requirements can be audited there.
o Process owner should understand how his/her process is linked with the
organization’s goals and the context in which it operates.
o What are the external issues that influence that process (such as the material supply
of that process)?
o What are the internal issues that influence the process (such as the work force,
support activities from other departments, machinery, internal software applications,
etc.)
o How the need and expectations of interested parties are fulfilled. For example, the
employee running the process is an internal party and they expect to be rewarded for
their hard work. Annual appraisal programs in their organization provides incentives
for their hard work.
Thus, the reliance of organizations on old employees possessing the knowledge about processes is
reduced to a level manageable by the organization. Therefore, internal audits can serve as a tool for
improving the organizational knowledge by documenting it and reduces the dependency of an
organization on just a few individuals.
Therefore, the risk of organizational knowledge being lost when the old employees leave the
company is taken care of. Internal audit will act as the "check phase" of the whole knowledge
management cycle.
Internal Auditing
End of Topic
Management Review
Click on the following tabs to learn about management review:
o What is management review?
o What is the Standard Mandated Management Review Inputs?
o Results of Audits
o Management review is a process in which top management reviews the performance
of management system. In the case of ISO 9001:2015, it is the quality management
system that should be reviewed by top management. The standard defines some
requirements for management reviews. It is again the “Check” part of the PDCA
cycle for quality management system.
Management Review
Click on the following tabs to learn about management review:
o What is management review?
o What is the Standard Mandated Management Review Inputs?
o Results of Audits
o Although other inputs could be considered as needed by the company, ISO
9001:2015 mandates a minimum list required management review inputs that top
management must review. This can support the wellbeing of the QMS and can help
in discovering regions where correction is required or should brought in so as to fix
the processes and increase customer satisfaction.
Management Review
Click on the following tabs to learn about management review:
o What is management review?
o What is the Standard Mandated Management Review Inputs?
o Results of Audits
o Customer Satisfaction
o Process Performance and Product Conformity
o Customer satisfaction is one of the most important management review inputs. As a
Quality Management System focuses on customer satisfaction, the voice of the
customer is actually reflected in customer feedback reports.
Customer feedback reports are usually collected by the Customer Services department. Moreover,
customer complaints are also considered customer feedback.
There are number of things that management should consider in customer feedback review. Is
customer feedback in the form of complaint occurring less often and positive feedback becoming
more frequent? Are customer complaints handled speedily to ensure that customer satisfaction is
not affected? Last but not the least, when analyzing the data, management should ask what
changes must be made to the processes to avoid a complaint and/or to reduce the frequency of any
complaint.
oCustomer Satisfaction
o Process Performance and Product Conformity
o Process performance and product conformity are actually indicated in the number of non-
conformities that are reported due to a process or on the product itself.
For example, rejections and reworks of a process indicate that process performance is declining.
Then the question is whether the process is being fed with adequate resources or not. How are
these processes and product non-conformities affecting customer satisfaction? Which processes
should be improved to ensure product conformity and what resources should be provided to improve
such processes?
Management needs to observe when these actions do not occur within the given timeline. What has
delayed corrective actions and why? Are there suitable resources assigned to the most serious
issues?
Management should intervene during the review to complete the critical corrective actions for their
processes. This is how management review meetings can address the status of corrective actions.
This also shows the effectiveness of the management review itself. If management decided upon
some action plan during a previous management review, management can then follow up on those
actions and can decide whether the allocated resources were effective in dealing with the issue and
moving the organization forward. Moreover management can see whether the actions taken have
really solved the potential problems or not.
o Performance of External Providers
o Effectiveness of Actions Taken to Address Risks and Opportunities
o Recommendations for Improvements
o Management must also review the performance of their external providers such as
their suppliers, contractors, vendors and other service providers.
The performance is reviewed on the basis of service or product quality, timely delivery, and the
extent to which the organizational requirements are being met. Based on this review, management
can also take decisions.
For example, if a supplier is not performing well, is providing bad quality raw material, and as a result
a company is facing difficulties in meeting its quality objectives, then management can make
decisions to connect with another supplier who can provide a quality raw material.
Even if the cost will increase, it will be better compared to the cost incurred in product rejections,
utilities and resource utilization during reworks etc.
o Performance of External Providers
o Effectiveness of Actions Taken to Address Risks and Opportunities
o Recommendations for Improvements
o Organizations as per ISO 9001:2015 are now required to manage risk and opportunities. For risk,
management will take actions to mitigate the effects of risk. For opportunities, management will take
actions to maximize the returns for that opportunities.
Management Reviews provide an opportunity to review the effectiveness of those actions which are
taken. For actions that are not active, management can propose other actions in order to meet the
necessary objectives.
o Performance of External Providers
o Effectiveness of Actions Taken to Address Risks and Opportunities
o Recommendations for Improvements
o Organizations receive recommendations for improvements from employees, contractors, suppliers,
customers etc. The management needs to see whether these recommendations are taken seriously
or just ignored.
Management has to make the decision about which recommended areas for improvement that the
organization will work on in order to improve and gain advantage in the market.
o Adequacy of Resources
o Quality Policy
o Management must also review the resources that are allocated for the effectiveness of quality
management system as a whole. It is possible that due to changes in processes or the addition of
other products in the product manufacturing line, the resources requirements may have increased.
But the management cannot address such issues in daily routine.
Management review provides management with an opportunity to provide adequate resources for
such processes which have been neglected for any reason in the past. This will ensure the
effectiveness of the process and will help the management to achieve its goals.
o Adequacy of Resources
o Quality Policy
o Quality policy is a document that shows the commitment of top management to a quality
management system, as well as to the customer and other interested parties. Although it is not a
specific management review requirement as an input, management is required to review its strategic
direction regarding quality management system and thus quality policy can also be reviewed to
check if it is aligned with strategic direction.
What are the Required Management Review Outputs?
The three points discussed below are the compulsory outputs of Management Review.
Proceedings of the inputs need to be kept to display that management review has effectively
addressed them and produced the required outputs for the QMS. The records maintained can differ
and these records are reliant on how the management review is planned and completed. These
records are imperative not only to show to an auditor, but to record decisions for betterment of the
company, what decisions were made, and why.
o Improvement of the Effectiveness of the System
o Improvement of Product Related to Customer Requirements
o Resources Needs
o Management should make decisions as to what actions are needed to improve the
effectiveness of the system. A management review is not only meant for reviewing
things without acting. A management review means that management must make
decisions for the improvement of the system. This is similarly mandated by ISO
9001:2015.
What are the Required Management Review Outputs?
The three points discussed below are the compulsory outputs of Management Review.
Proceedings of the inputs need to be kept to display that management review has effectively
addressed them and produced the required outputs for the QMS. The records maintained can differ
and these records are reliant on how the management review is planned and completed. These
records are imperative not only to show to an auditor, but to record decisions for betterment of the
company, what decisions were made, and why.
o Improvement of the Effectiveness of the System
o Improvement of Product Related to Customer Requirements
o Resources Needs
o Management should make decisions based on customer complaints or feedback in
order to improve the product. If the product is improved based upon an action
derived from a management review meeting, it offers management an opportunity to
draw more customers. As the customer voice becomes in favor of the company,
more customers will yearn for the product.
What are the Required Management Review Outputs?
The three points discussed below are the compulsory outputs of Management Review.
Proceedings of the inputs need to be kept to display that management review has effectively
addressed them and produced the required outputs for the QMS. The records maintained can differ
and these records are reliant on how the management review is planned and completed. These
records are imperative not only to show to an auditor, but to record decisions for betterment of the
company, what decisions were made, and why.
o Improvement of the Effectiveness of the System
o Improvement of Product Related to Customer Requirements
o Resources Needs
o Last but not the least, management should identify areas from the management
review which need more resources. Management should make the decision to hire
competent resources to fill potential gaps in the processes. This is how management
review can be an effective tool for increasing the performance of the quality
management system and thus ensuring that the customer is also satisfied with the
company’s performance.
Can Management Review be Done Without Holding a Meeting?
While management review meeting scripts are easier for the external auditor to analyze, it is
not the concern of company management to make things comprehensible for the auditor.
Rather, management reviews are in place to ensure that their organization works well.
Many organizations conduct reviews by means of a management review meeting and generally do
so on an yearly, biannually or quarterly in an year. The standard simply mandates management
review, not a management review meeting, therefore it is up to the organization how the
management review is conducted.
For example, a customer complaint needs to be reviewed. However, if this review only occurs on a
bi-annual or annual basis in a meeting, a timely response may not be provided on customer issues.
Therefore management might review it on quarterly basis as well. Management must conduct
reviews, but how these reviews are to be done is up to management to decide. The only thing that is
required is that reviews should be effective in providing an accurate picture of a QMS and improving
the QMS, so as to achieve increased customer satisfaction.
Management Review is all about reviewing the presented review inputs to make sure that sufficient
resources are available so as to have customer satisfaction and increase the efficiency of the QMS
and to increase the quality of product. This is done to confirm that resources are producing the right
outputs.
o Auditors are being counselled to ensure that planned management reviews are establishing that the
management system association is aligned with organization's strategic themes. The particular
requirements added in the latest version of ISO is concerned with the context in which the
organization operates and the related actions to address risks, which will also be checked by auditor
as Management Review inputs.
o The bigger emphasis in the 2015 edition of ISO is on top management’s involvement with the
management system. This will certainly lead to the amplified inspection of the management review
process, which will authenticate its incorporation into an organization's business processes.
o The auditor can also verify the depth of review, suitably scheduled frequency of reviews, timeliness
of conducting reviews, suitable attendance and results worked on. Auditor can verify these elements
of management review by checking records and interviewing the top management.
o And if changes impacts QMS what actions are taken in management reviews
Now, Standard relies upon how strong or old-standard oriented the external auditor is; if he is
tenacious and updated, he might need to evaluate the business environment, how
company’s strategy is relevant to it, and its association with the QMS.
Management Review Relation with PDCA
Performance Evaluation is a necessary part of ISO 9001:2015. The “Check” phase of the
PDCA cycle relates to Performance Evaluation. Performance Evaluation comprises of
management review, internal audits and monitoring, measurement analysis.
o Management reviews are carried out in order to ensure that the requirements of the management
system and its effectiveness are evaluated. The reviews need to evaluate present management
performance statistics and make sure that improvement opportunities have been identified and
taken care of.
Queries about Management Reviews
Click on the following tabs to learn more:
o
Why Carry Out Management Reviews?
o How Frequently Should an Organization Hold Management Reviews?
o Who Takes Part in Management Reviews?
o The standard requires that reviews should be carried out at “planned intervals”. This
can be once-a-month, three-monthly or once a year. It is strongly recommended that
these should be conducted as per a defined plan on a regular basis. The schedule
also needs to be shared with relevant stake holders in order to hold management
reviews appropriately.
Queries about Management Reviews
Click on the following tabs to learn more:
o
Why Carry Out Management Reviews?
o How Frequently Should an Organization Hold Management Reviews?
o Who Takes Part in Management Reviews?
o The appointed personnel for managing management reviews is usually known as the
management representative. He should chair the meeting with concerned senior
managers, line managers and top management representatives, like the CEO or
members from the board of directors. Sometimes, vendors are also invited to take
part in reviews sessions regarding the performance of external providers.
Records for Management Reviews
Records of management reviews can be kept in various forms. As the standard says to
maintain documented information, it means the requirements of standard can be attained
with the help of any format that has got the provisions to address standard requirements.
Normally management review records are available in following forms and can also be
maintained to fulfill standard requirements:
o Management Review Meeting Minutes
o Management Review Outputs
o This should comprise of particulars of attendees, summarized notes of the
conversations or review proceedings, as well as action managers and offered action
due dates for completion.
Records for Management Reviews
Records of management reviews can be kept in various forms. As the standard says to
maintain documented information, it means the requirements of standard can be attained
with the help of any format that has got the provisions to address standard requirements.
Normally management review records are available in following forms and can also be
maintained to fulfill standard requirements:
o Management Review Meeting Minutes
o Management Review Outputs
o Minutes can also have the review output form. However, it can be managed
separately as well. Outputs of the management review is founded on judgments and
proceedings concerning to:
The top management (chief operating officer, chief executive officer, managing director, general
manager and chief financial officer) are all concerned about the organizational financial and
accounting management system and all believe that the performance of the financial system is vital
for company’s growth and success.
Similarly, the quality management system should also be taken into the same spirit, where all among
the top management should believe that quality is an integral part of organizational success. This
belief will drive the top management involvement which is needed to accelerate the business
processes.
In the same way, top management must understand and behave as though quality is an essential
element in the organization’s victory. Furthermore, they must believe that every single manager and
member of organization has a role in the success of quality management systems.
Therefore, quality should be taken as a critical business activity. Management reviews are
imperative to meet the goals of an organization and all participants of top management must and
should show ownership and engagement in the system to make it effective.
What have the quality management systems supported to the organization outside audits,
inspections, and system certificates placed on the wall? Quality managers and management
representatives must speak in the language understood by top management, similar to that of
finance and accounting managers when discussing the company’s monetary achievements.
Top management should be provided with eyes to see how the organization’s economic activity and
the effectiveness of its management systems are connected. The management review is an ideal
method for validating the business value that quality management systems have given to the
organization.
For example, if the organization has improved its market share following the application of its quality
management system, it is reasonable to attribute this success to the quality management system.
This attribution follows the cause-and-effect principle.
For example: before the quality management system was applied, the business had “X’ of the
market share, but three years after its implementation, the company has expanded with “1.5 X”
percent of the market share. This means that the company has grown in three years and the
implementation of the quality management system is one of the key reason for this expansion.
It is common for the quality manager to have impressions that they are only accountable for the
company’s management systems. However, quality is the concern of every executive and member
of organization, even if it occurs on different levels. It is agreed that the quality manager is
responsible for the whole routine operation of the quality management system, but all executives,
members and their teams are also liable for system to be operational.
Management Review
End of Topic
The main points from this module are as follows:
ISO 9001:2015 introduced a new concept to Quality Management System. The concept
speaks about the management of organizational knowledge.
o recognize the knowledge areas that are necessary for the effective operations of
processes and the conformity of product/service;
o recognize the changing trends for knowledge and compare it with current
organizational knowledge;
The knowledge triangle involves: the collection of data, the grouping of data to create
information, the analysis of information, which then creates knowledge for the organization.
Following this, repeatedly applying knowledge to improving processes will result in wisdom.
Organizational knowledge is recorded in work instructions, checklists, training packages, on-
the-job training, and knowledge databases.
The organization uses the knowledge sources to create advantage in their processes.
Knowledge is often lost in information if information is not analyzed and worked upon.
Knowledge should be considered as an important resource. Some types of knowledge are tactic,
implicit, explicit, procedural, declarative, and strategic.
Business knowledge exists among personnel, organizational communities, and the structure of an
organization.
Phases of an audit comprise of audit preparation, audit proceedings, audit reporting, and audit
follow-up and closure.
An audit is done by first party (internal audits), second party (customer audits) and third
party (external certification audits).
Types of audit are product audit, process audit and management system audit. Internal audit
against ISO 9001:2015 is a management system audit.
Following the revision of ISO 9001, internal audits will now be conducted to assess risk
management systems, context of organization, and organizational knowledge.