Iso 9001:2015 (Quality Management System)

Module 3: Essential Elements Of Quality Management System
 Upon completion of this module, you will be able to:


o Recognize the importance of managing organizational knowledge
o Explain how organizational knowledge can be preserved
o Discuss how companies check their management system through internal audits
o Explain how internal auditors can audit the new requirements of the ISO 9001:2015
o Discuss how top management should be involved in Management System through Management
reviews
o List the new inputs of management reviews
o Explain how management reviews can be made effective in an organization
o Compare what has changed from previous version i.e. ISO 9001:2008 to new version ISO
9001:2015 regarding management reviews
 Organization Knowledge

 The latest ISO 9001:2015 standard institutes the concept of “knowledge.”
As knowledge was not required by the former ISO 9001 standard, the concept of this topic and the
method to it are newly introduced in the standard. ISO 9001:2015 explicates obligations for
managing organizational knowledge in the following four phases, which are similar to the PDCA
cycle:

o Identify the knowledge which is mandatory for the implementation of processes and
for acquiring conformity of products and services
o Keep knowledge and make it accessible to the level needed.
o Be thoughtful of the present organizational knowledge and measure it against

contemporary requirements and trends.
o Gain the required knowledge.

 Knowledge Triangle: How data, information and analysis contributes to knowledge. And
finally knowledge converts to wisdom.

 Data

 Data can be understood as “unordered facts and figures."
The fundamental part of information in an enterprise is in the shape of data. Organizations gather,
assesses and analyses this data to recognize patterns and trends. Majority data thus gathered is
linked with the main processes of the organization.
Data are particulars and statistics which reinforce something particular about a process, but data is
not structured in any terms and it gives no further vision concerning trend, forecast and context, etc.
 Information

Each data unit is a fragment of a process transaction and does not give any information until these
fragments are structured and ordered in concurrence with other data units. The collection of data
into a meaningful context gives information. For data to be transformed to information, it must be
connected with its background, grouped, formulated and compressed where necessary. Information
therefore provides a larger picture; it is data with applicability and objective. It may transfer a
behavior in the environment, or can refer a trend of sales for a timeline. Basically, information is
revealed in responses to questions that start with words like what, who, when, where and how much.

 Analysis

The information collected in the earlier phase provides much depth. Analysis provides more value by
disconnecting or reorganizing this information. Simulations with systematic and logical processing
give practitioners the capability to evaluate information and define process, trend, etc.
 Knowledge
 Knowledge is not identical to data, information or analysis. It is because knowledge can be
generated from any source, or it can be founded on previous knowledge utilizing logical inferences.
Knowledge is related to performance and relates how to do and comprehension of a reality. The
knowledge owned by each person is an output of one’s experience, and relies on the scale by which
a person examines new inputs from his environment.
Knowledge can be determined as “an abstract mix of perceived experience, principles, socio-
economic and political context, professional awareness, and the emotional elements."
All these elements give a surrounding and mechanism for assessing and adding new information
and experiences. It initiates and is developed in the intellect of the one who knows. In companies,
knowledge is frequently built within organizational culture, norms, routine activities along with its
documentation.
 Wisdom
 Wisdom is the use of gathered knowledge to build an increased comprehension of the reality and to
optimize business functions.
 How can you record the knowledge of your organization?
 Every organization has significant knowledge that makes them gain a lead in the
competition, but how is this recorded within your organization? When this knowledge resides
with some employees and is not recorded, it is usually known as “tribal knowledge,” and if
this can be a strength, it can be at risk of being forgotten when these personals leave the
company.
So, how can you simply record the knowledge of your organization? Here are some ideas:

o Work Instructions
o Checklists
o Training Packages
o On-the-Job Training
o Knowledge Database
o Obviously, the best way to record this knowledge is with the help of instructions. If
you have a process that needs to be done in a particular way in order to avoid
problems, do so, and then this can be drafted easily for comprehension of new
recruits.
company.

o Work Instructions
o Checklists
o Training Packages
o Obviously, the best way to record this knowledge is with the help of instructions. If
you have a process that needs to be done in a particular way in order to avoid
problems, do so, and then this can be drafted easily for comprehension of new
recruits.
company.

o Work Instructions
o Checklists
o Training Packages
o At times, key points of the process needs to be recorded, and having this in a type of
training package can be an excellent idea for capturing the knowledge.
company.

o
Work Instructions
o Checklists
o Training Packages
o When the knowledge just can’t be explained in black and white, it can be helpful to
employ on-the-job training where a professional and experienced person will convey
the undocumented knowledge in an organization to others.
company.

o Work Instructions
o Checklists
o Training Packages
o Some concepts or things are learned during a project. This experience can be
captured by creating a report that discusses the successes and failures of a project,
which can then be logged in a knowledge database. Such records will help in
completing such projects effectively.
 Taking Advantage of the Recorded Organizational Knowledge
 When organizational knowledge is recorded, one should take advantage of this resource,
particularly when bringing any changes.
Implementing quality checklists and work instructions can be met with resistance, but if all concerned
personnel know how important this documentation is, implementation will be easier.
Similarly, the training requirements should be implemented as soon as they have been produced.
Systems should be upgraded to incorporate the training for the implementation of work instructions
and quality checklists. This incorporation will ensure that when a new person is recruited to the
team, he/she will be provided with the most up-to-date training to start the job.
The knowledge database is an exclusive idea in that it is a input mechanism into the design job, so
one needs to update the system of design process to make sure that design engineers are able to
take advantage from the lessons which have been incorporated into knowledge database to ensure
that no one bypasses learning or improvement that has been recognized and recorded. Personnel
should learn to utilize this system so that they may gradually progress in their jobs.
 "Where is the knowledge we have lost in information?” - T. S. Eliot


 Knowledge is often lost in information, especially when the given information is not analyzed and
applied during work.
Some organizations make use of data by ordering and converting such data forms into information.
Information provides insight about a process and the relation of data structures. But when this
information is only utilized for reports without taking appropriate actions on processes based on this
information, then a potential knowledge resource is lost.
Therefore knowledge is something beyond information that is applied to some process, machinery,
procedure, and gives a comprehensive understanding of a process subject.
 An Important Resource!

 Considering organizational knowledge as a powerful resource can speed an organization into
continual improvement, which can be crucial to the long-term success of an organization.
Frequently, organizations don’t understand what crucial knowledge they had until one key employee
moves out and systems do not work properly anymore.
This can be a costly method for learning the lesson that it is important to record and regulate
organizational knowledge. To avoid this, enterprises should take advantage of the ISO 9001:2015
requirements and opt for organizational knowledge recording by making it a strategic theme. The
organization will receive the benefits of doing so.
 Types of Knowledge

 There are different types of organizational knowledge and these can be explained as:

o Tacit knowledge - Knowledge that cannot be expressed and communicated
o Implicit knowledge - Knowledge that can be expressed and communicated but it has never been
o Explicit knowledge - Knowledge that is expressed and communicated, mostly recorded in the
structure of tables, text, relationship etc.
o Procedural knowledge - Knowledge expresses itself in the form of doing some process.
o Declarative knowledge - Knowledge that comprises of methods, descriptions and things, and
written procedures (declared and followed).
o Strategic knowledge - Knowing the time of doing something with the reason of doing it.
 Business Knowledge and Resources


 Business knowledge can be found on various different platforms, some are listed below:

o Personal
o Community
o Structural
o This is a type of knowledge found within an individual, it is mostly tacit knowledge. It
can also be both implicit and explicit, but it must be personal in nature.


o Personal
o Community
o Structural
o This knowledge is found within communities but is not conveyed to the remaining
organization. Companies normally comprise of different groups (normally casually
formed) which are associated with each other by usual practice. These groups may
have some common values, semantics, ways of doing work etc. These communities
are also a bank of learning and a source for implicit, tacit, explicit, procedural
knowledge.


o Personal
o Community
o Structural
o This knowledge is present in practices and culture of an organization. This

knowledge might be understood by most of the members of the company or only by
some.
For instance the knowledge of the army schedules may not be acknowledged by the soldiers who
carry out these schedules. Sometimes, structural knowledge may be the remainder of organizational
history, else dis-remembered lessons, where the value of this knowledge exists solely in the process
itself.
 Organizational Memory
 Traditional memory is related to a person’s capability to obtain, retain, and retrieve knowledge.
Within organizations, this concept is stretched beyond the personal traditional memory, and
organizational memory thus relates to the organization’s capability to obtain, retain and retrieve
knowledge through information, analysis and proceedings.

 What is Organizational Memory?
 It is defined as the memory in which all the types of repositories are set in, where a company may
collect information.
This memory is comprised of the various official records, along with tacit and available knowledge in
people, companies’ culture, and processes.
 Stage for Processing Knowledge Through Organizational Memory

 Knowledge Addition: Organizational memory comprises of the obtained information concerning
historic judgement. This information is not mainly warehoused in a central place, but instead it is
divided across various storage units.
Each time a judgment is taken and the concerns are assessed, new information is supplemented to
the memory of the organization.
Knowledge Retention: Knowledge in an organization is retained in five different knowledge storage

areas:

o Personal: The memories of the person who remember organizational events, decisions, and issues
faced in the past.
o Shared Values of an Organization: The mode of communication and structures that are present in
an organization and form the shared values of an organization.
o Developed Systems: The developed standard procedures and official methods that the
organization uses. These official methods imitate the company’s past experiences and are
repositories for embedded knowledge.
 The Role of Leadership

 The role of a leader can never be underestimated in the development and effective
management of organizational knowledge. Usually three leadership roles are identified as
being important for the effective management of organizational knowledge.
 These are explained as below:

o Lead Designer
o Lead Teacher
o Lead Steward
o This type of leader can be described as the designer of a ship rather than just being
a captain.
The key roles played by this leader include:
 To create a shared vision with the team having common values and purpose.
 To define the high level policy, plans, and business structures that transform ideas into effective
decisions.
 To create beneficial learning methods; this will encourage the continual improvement of the
policies, plans, and business structures.

 The role of a leader can never be underestimated in the development and effective management of
organizational knowledge. Usually three leadership roles are identified as being important for the
effective management of organizational knowledge.

o Lead Designer
o Lead Teacher
o Lead Steward
o The attributes of this type of leader include playing the role of trainer, a couch and a counselor for
competing with old ideas in an organization, and correcting those old shared perceptions that resist
positive change and act as a barrier for organizational success. This type of leader convinces the
organization to change and breaks the shackles of superficial hindrances.
 The role of a leader can never be underestimated in the development and effective
management of organizational knowledge. Usually three leadership roles are identified as
being important for the effective management of organizational knowledge.

o Lead Designer
o Lead Teacher
o Lead Steward
o This quality relates to the personality of a leader. The attitude the lead steward is one
that does not benefit oneself but rather sees to the overall well-being of the
organization, business, and the long term good of the people.
All of these three attributes will help leaders to build the foundations of a system where
organizational knowledge is used in the most effective manner for the overall well-being of the
organization.
 Organization Knowledge

 End of Topic
 What is Internal Auditing?

 Internal auditing is an internal process for facilitating organizations to meet their objectives. It
is concerned with checking and improving the effectiveness of different management
systems in an organization.

 What is auditing? Auditing is defined in international standard ISO 19011:2011—Guidelines
for auditing management systems as a “systematic, independent and documented process
for obtaining audit evidence [records, statements of fact or other information which are
relevant and verifiable] and evaluating it objectively to determine the extent to which the audit
criteria [set of policies, procedures or requirements] are fulfilled.”
 The Concept Behind Internal Auditing

 An audit can be termed as a type of inspection and testing, except that in this case the
product being inspected is the management system itself.
Similar to a product or process inspection, an audit compares “how things really are” to “how they
are supposed to be”.
Audits attempt to reveal areas that should be given attention and areas that are veiled during routine
activities; audits look at the whole process with fresh eyes, which can detect such shortcomings.
Although it is such a constructive tool in the management system, audits often evoke a level of
stress that is equivalent to the stress of completing an exam.
An positive external audit carries a lot of weight, so it is natural that there is some concern and worry
from the auditee. However, a robust internal audit cycle can minimize the stress, as an audit might
reveal the problems within department and perhaps even solve them before an external audit ever
begins.
 Comparing the Old and New ISO 9001 Standard

 All types of management standards need audits to observe and present findings on the efficiency of
the management system.
A comparison of the internal audit between the old ISO 9001:2008 and the new ISO 9001:2015 is
shared below:

o ISO 9001:2008
o ISO 9001:2015
o This internal audit process is required in one of the documented procedures mandated by ISO
9001:2008, which explicates that companies will implement a documented procedure with defined
tasks owners. The procedure should also state how internal audits will be planned, conducted and
results reported. The records should also be kept.
 Comparing the Old and New ISO 9001 Standard
 All types of management standards need audits to observe and present findings on the
efficiency of the management system.
A comparison of the internal audit between the old ISO 9001:2008 and the new ISO 9001:2015 is
shared below:

o ISO 9001:2008
o ISO 9001:2015
o ISO 9001:2015 does not mandate a procedure for Internal Audit which is supposed
to be documented. However organizations should keep an audit program and keep
documented information of the audits held, their findings and closure records.
 Phases of an Audit

 There are four phases of an audit program. Click on the following tabs to learn more:

o Audit Preparation
o Audit Proceedings
o Audit Reporting
o Audit Follow-Up and Closure
o Audit preparation contains all steps that are made in advance by concerned parties (
such as the lead auditor, the auditee, and the audit program manager) to make sure
that the audit acts in accordance with the client’s objective. The preparation part of
an audit starts with the decision to perform the audit. Preparation finishes when the
audit starts.


o Audit Preparation
o Audit Proceedings
o Audit Reporting
o This is the actual implementation phase of an audit and it is frequently known as the
evidence collection. This phase comprises of the time period when the auditor
appears at the audit location to the last closing meeting.
It comprises of audit proceedings which comprises of on-site audit organization, discussion with the
auditee, comprehending the procedures and system controls and confirming that these controls are
effective, collaborating with team members, and interacting with the auditee till closing meeting.


o Audit Preparation
o Audit Proceedings
o Audit Reporting
o The objective of the audit report is to discuss the findings of the audit proceedings. The report
should contain evidence of findings that will be operative in solving imperative organizational
matters. The audit activities are completed when the report is presented by the lead auditor or when
follow-up actions are done.


o Audit Preparation
o Audit Proceedings
o Audit Reporting
o The final phase of an Audit is verification of follow-up actions. Once the follow-up
actions are verified, the audit is considered closed.
 First, Second and Third Party Audits


o First Party Audit
o Second Party Audit
o Third Party Audit
o A first party audit is also known as internal auditing.
It is conducted within an organization to gauge strengths and flaws for an organizations own
procedures, work instruction, or external standards like ISO 9001, which are voluntarily adopted or
mandated by a regulatory body.
A first party audit is performed by auditors who are part of the organization being reviewed but who
have no interest in the falsification of audit results.



o First Party Audit
o Third Party Audit
o A second party audit is an external audit that is conducted on a supplier by a client or by a third
party organization in lieu of a customer. Second party audits usually focus on the rules of contract
law. Second-party audits tend to be more official than first party audits as the audit results could
affect the customer’s buying conditions.


oFirst Party Audit
o Third Party Audit
o A third party audit is conducted by an audit organization free from the purchaser-
provider association and is free from any conflict of interest. Impartiality of the audit
organization is an important element of a third-party audit. Third party audits may
end in recognition, award, registration, certification, license endorsement, a
reference, or a penalty given by the third party organization.
ISO 9001:2015 certification is also awarded based upon a third party audit, but this audit verifies a
system of first party audit i.e. internal audit for certification.
 Types of Audit


o Product Audit
o Process Audit
o System Audit
o This type of audit is carried out on a particular product or service to observe whether or not these
products and services conform to specifications and customer requirements.
 Types of Audit


o Product Audit
o Process Audit
o System Audit
o This type of audit is carried out on a process to check whether process parameters
are maintained within defined limits. This audit assesses an operation or technique in
comparison to guidelines or criterion. This audit may comprise of following:
• Verify conformance to prescribed requirements such as instance pressure, time, temperature,
composition, voltage, and blend.
• Observe the resources (i.e. machinery, materials, human resource) allocated to convert the inputs
into outputs, the surroundings, the standard procedures, and instructions followed, and the methods
identified to control process performance.
• Verify the capability and efficiency of the process controls formed by procedures, flowcharts, work
instructions, awareness sessions, and process specifications.
 Types of Audit


o Product Audit
o Process Audit
o System Audit
o A system audit is performed on a management system.
This type of audit is an evidence finding activity that is conducted to confirm, assess and verify that
the appropriate elements of the system are present and effective. Furthermore, this audit ensures
that elements have been aligned, recorded, and applied with stated requirements.
ISO 9001:2015 is a quality management system. Internal audits and third party external audits are
also system audits against the requirements of ISO 9001:2015.
 Internal Audit Planning

 Internal audit planning is one of the most important activity of internal audit process:

o Internal Audits should be planned at scheduled intervals to verify that the management system fulfills
requirements and that the effectiveness of the system is maintained. 'Requirements' comprise of the
standard itself, along with the organizational requirements (such as the organization’s procedures
and policies).
o One does not need to audit an entire organization at any given time. The external audit (third party
audit) can cover the complete scope of organization, but internal audits can be done by flexible
means with different departments audited at different point of times.
o The standard does not mandate a mandatory audit frequency. Instead, it endorses making your plan
on the basis of importance of the processes, their associated risks, their former past issues, and the
associated quality objectives. One can set different audit frequencies for different processes.
o If an organization is applying a new management system (such as ISO 9001:2015), then all
processes and departments covered under the management system scope should be internally
audited at least one time before third party external audit.
 Who Will Perform Internal Audit?

 There are a number of things that should be considered before selecting an internal auditor.
Moreover, there are different approaches to perform internal audit. Some things that should be
considered before selecting internal auditors for a process include:

o An auditor should be unbiased and independent. One cannot audit processes that
he/she organize or has any stakes involved in it.
o Auditors should be competent with the auditing process itself.
o Internal auditors should be aware of the requirements of ISO 9001:2015 and

organizational procedures.
 Approaches to internal auditing used by organizations include:


o Organizations can use consultants to carry out internal audits to implement a
management system.
o Some organizations employ full-time, permanent, internal auditors.
o Big organizations may utilize a team of internal auditors.
o Cross-function internal audits are also popular. These internal auditors are trained by
various departments and are allocated to audit other departments as per designated
plan.
 Requirements for Each Audit

 Audit requirements should be well studied by internal auditors before going into the audit
process. Some methodologies include:

o The internal audit plan should have previously recognized the region that one will
audit. Now the auditor needs to recognize what criteria he/she will audit. At times this
will be done with a formal checklist that has a list of relevant questions. One can also
consider the procedure and identify check points. Internal auditors will check those
records to verify.
o Findings from previous internal audits, or external audits can also help internal
auditors to identify weak areas and thus can re-audit those point to check whether
follow-up actions were effective or not.
o The criteria for internal audits should be communicated to the auditee before audit. It
is a good practice to communicate to the auditee to arrange required documents
before the audit to save time.
o Last but not the least, the use of observation and listening skills during the
questioning of the audit helps to identify gaps within the systems.
 Perform the Internal Audit


 Performing an internal audit should follow a series of steps that are based on international
protocols. These steps should be followed while conducting an internal audit:

o Step 1
o Step 2
o Step 3
o Step 4
o Step 5
o An audit normally begins with an opening meeting where the auditor interacts the
auditee(s), states the projected schedule, and informs the auditee about how the
audit will be performed.


o Step 1
o Step 2
o Step 3
o Step 4
o Step 5
o Throughout the audit, the internal auditor will work logically from the checklist or
procedure, observing evidence that the process fulfills the required criteria. It is usual
for internal auditor to write a finding summary and a finding result, which can be
defined below:
 C = compliant or fulfillment of a requirement
 NI = needs improvement or an area of potential gap
 NC = non-conformance or non-fulfillment of a procedural or standard requirement


 Performing an internal audit should follow a series of steps that are based on international protocols.
These steps should be followed while conducting an internal audit:

o Step 1
o Step 2
o Step 3
o Step 4
o Step 5
o When reporting the audit, it is vital to note what evidence was observed to institute the finding -
irrespective of the finding.
For example, while auditing the management review process, the auditor writes, "management
review conducted on 21st June 2017, an important agenda item was missed during the review i.e.
analyzing context of organization."


 Performing an internal audit should follow a series of steps that are based on international protocols.
These steps should be followed while conducting an internal audit:

o Step 1
o Step 2
o Step 3
o Step 4
o Step 5
o Commonly, the internal auditor will inform the auditee of the finding result before reporting the
results. This is to make sure that the auditee comprehends the results and to ensure that there truly
is a problem.


o Step 1
o Step 2
o Step 3
o Step 4
o Step 5
o The internal audit will end with a closing meeting where the lead internal auditor will
provide a complete summary of the internal audit and information about each audit
finding to make sure that they are agreed upon and understood.
 Audit Findings Kept as Documented Information
 Audit findings should be maintained as documented information. An external third party
auditor will give an official written report on the external audit to management a few days
after the audit and some companies do the same internal audits. However, there is no
obligation in the ISO 9001:2015 standard for an official internal audit report. Internal auditors
should make sure that the findings are documented and communicated to top management.
Auditor can just record the findings and their particulars in an organization’s non-conformance form
and the associated register.
 Auditors should keep records of the audit which will normally be available in following
forms:

o Filled-in internal audit checklists
o Observations against procedures
o Minutes on objective evidence observed, and employees cross-examined
o Audit findings which can be referenced to your non-conformance report and register
o A formal audit report
o Non-conformance report on a software managed through the cloud or the

organization's local server
 Process Improvement Through Internal Audits

 Internal audits can serve as a vital tool to maintain the effectiveness of the system and can
act as the “Check” part of the PDCA cycle. Through internal audits, organizations highlight
the failures within management system that develops over time of the implementation and
thus can address such gaps. Through internal audits process owners can also see
underlying gaps in their processes which are camouflaged as part of the process. This
provides them the opportunity to fill those gaps which they are not able to perceive due to
routine work cycles.
Organizations can make a culture of process improvement by internal audits by carrying out
the following steps:

o Step 1
o Step 2
o Step 3
o Awareness by process owners that internal audits help them to improve their
processes and that audits add value to the process. They should value the cycle of
internal audits.
 Internal audits can serve as a vital tool to maintain the effectiveness of the system and can
act as the “Check” part of the PDCA cycle. Through internal audits, organizations highlight
the failures within management system that develops over time of the implementation and
thus can address such gaps. Through internal audits process owners can also see
underlying gaps in their processes which are camouflaged as part of the process. This
provides them the opportunity to fill those gaps which they are not able to perceive due to
routine work cycles.

o Step 1
o Step 2
o Step 3
o Maintaining compliance of standard is not a big deal for organizations. However,
making use of internal audits to ensure that the processes are effective and to add
value in process streams, this is the real challenge that organizations face.
Through internal audits non-value streams in a process can be removed, saving unnecessary cost
of over processing through those non-value streams. Internal audit processes can also identify a
vital process that can increase customer satisfaction which can yield more business which means
more profitability.

 Internal audits can serve as a vital tool to maintain the effectiveness of the system and can act as
the “Check” part of the PDCA cycle. Through internal audits, organizations highlight the failures
within management system that develops over time of the implementation and thus can address
such gaps. Through internal audits process owners can also see underlying gaps in their processes
which are camouflaged as part of the process. This provides them the opportunity to fill those gaps
which they are not able to perceive due to routine work cycles.

o Step 1
o Step 2
o Step 3
o Internal audits can help organizations to identify barriers to some processes that would help them to
meet their quality objectives. Through this process top management can be made aware of such
barriers, which can then be removed to improve the processes.
 Internal Audits for Risk Management System
 ISO 9001:2015 focuses on risk management of organizational processes. The organization
is required to identify risks and opportunities for its business processes as well as for internal
processes.
 An internal auditor will have to check following:

o Has the process owner identified its associated risks and opportunities?
o Has the process owner has identified the acceptable risks and opportunities which
require no further action?
o Have they indentified significant risks and opportunities for which a plan must be
made to mitigate the negative impact of the risk and maximize the positive impact of
the opportunity?
o Are the plans for risk mitigation or opportunity optimized to ensure they are
achieved?
o Are the plans implemented and residual risk is acceptable?
o Does the process owner reassess the process risk if there is a change in workforce,
machinery, material, or the process after a shutdown activity begins?
o Has the internal auditor verified that the process of risk management is being
implemented?
 Internal Audit for the Context of an Organization

 ISO 9001:2015 requires organizations to identify its context. The organization should
highlight internal and external issues. The organizations should identify a list of interested
parties.
The organizations should also identify needs and expectations of the interested parties. When an
internal auditor audits management representatives or top management for clauses related to top
management responsibilities, all requirements can be audited there.
However when auditing a process owner, following the requirements of context of

organization can be addressed:

o Process owner should understand how his/her process is linked with the
organization’s goals and the context in which it operates.
o What are the external issues that influence that process (such as the material supply
of that process)?
o What are the internal issues that influence the process (such as the work force,
support activities from other departments, machinery, internal software applications,
etc.)
o How are the issues related to the processes managed?
o How the need and expectations of interested parties are fulfilled. For example, the
employee running the process is an internal party and they expect to be rewarded for
their hard work. Annual appraisal programs in their organization provides incentives
for their hard work.
 Internal Audits for Organization Knowledge


 ISO 9001:2015 also requires organization to manage knowledge. Each process owner has
an adequate amount of knowledge regarding their processes.
During an internal audit, the auditor can examine whether the knowledge possessed within that
process are documented in checklists, work instructions, or some documents related knowledge
management. Internal audit can provide a continual way for organizations to document knowledge
within those processes which are not yet documented.
Thus, the reliance of organizations on old employees possessing the knowledge about processes is
reduced to a level manageable by the organization. Therefore, internal audits can serve as a tool for
improving the organizational knowledge by documenting it and reduces the dependency of an
organization on just a few individuals.
Therefore, the risk of organizational knowledge being lost when the old employees leave the
company is taken care of. Internal audit will act as the "check phase" of the whole knowledge
management cycle.
 Internal Auditing

 End of Topic
 Management Review

 Click on the following tabs to learn about management review:

o What is management review?
o What is the Standard Mandated Management Review Inputs?
o Results of Audits
o Management review is a process in which top management reviews the performance
of management system. In the case of ISO 9001:2015, it is the quality management
system that should be reviewed by top management. The standard defines some
requirements for management reviews. It is again the “Check” part of the PDCA
cycle for quality management system.


o Results of Audits
o Although other inputs could be considered as needed by the company, ISO
9001:2015 mandates a minimum list required management review inputs that top
management must review. This can support the wellbeing of the QMS and can help
in discovering regions where correction is required or should brought in so as to fix
the processes and increase customer satisfaction.


o Results of Audits
o As internal audits are conducted at planned intervals within organization, external

audits are conducted on annual basis as surveillance audit. What are the results of
these audits? Are there any repetitive observations that are being highlighted in
audits that can potentially point to a bigger gap? What are the areas that
management needs to support for improvement? These are the questions that will be
asked when the results of audit are discussed in management reviews.
 What are the management review inputs?

Click on the following tabs to learn more:

o Customer Satisfaction
o Process Performance and Product Conformity
o Customer satisfaction is one of the most important management review inputs. As a
Quality Management System focuses on customer satisfaction, the voice of the
customer is actually reflected in customer feedback reports.
Customer feedback reports are usually collected by the Customer Services department. Moreover,
customer complaints are also considered customer feedback.
There are number of things that management should consider in customer feedback review. Is
customer feedback in the form of complaint occurring less often and positive feedback becoming
more frequent? Are customer complaints handled speedily to ensure that customer satisfaction is
not affected? Last but not the least, when analyzing the data, management should ask what
changes must be made to the processes to avoid a complaint and/or to reduce the frequency of any
complaint.
 What are the management review inputs?



oCustomer Satisfaction
o Process Performance and Product Conformity
o Process performance and product conformity are actually indicated in the number of non-
conformities that are reported due to a process or on the product itself.
For example, rejections and reworks of a process indicate that process performance is declining.
Then the question is whether the process is being fed with adequate resources or not. How are
these processes and product non-conformities affecting customer satisfaction? Which processes
should be improved to ensure product conformity and what resources should be provided to improve
such processes?
 What are the Required Management Review Inputs?


 Click on the following tabs to learn more:

o Status of Corrective Action
o Follow-Up Actions from Previous Management Reviews
o Changes that could affect the Quality Management System (QMS)
o ISO 9001:2015 mandates a protocol for corrective actions in processes. Corrective action request is
issued when a non-conformity has occurred.
Management needs to observe when these actions do not occur within the given timeline. What has
delayed corrective actions and why? Are there suitable resources assigned to the most serious
issues?
Management should intervene during the review to complete the critical corrective actions for their
processes. This is how management review meetings can address the status of corrective actions.



o This should occur at the beginning of a management review. The status of actions that have risen
from the last management review meetings should be addressed first.
This also shows the effectiveness of the management review itself. If management decided upon
some action plan during a previous management review, management can then follow up on those
actions and can decide whether the allocated resources were effective in dealing with the issue and
moving the organization forward. Moreover management can see whether the actions taken have
really solved the potential problems or not.



o Sometimes changes occur due to a new legal requirement or any customer requirement that may
impact QMS. Management review provides a platform to plan for such changes earlier rather than
later, so that there will not be a rush to implement these changes upon the enforcement of a new
law.


o Performance of External Providers
o Effectiveness of Actions Taken to Address Risks and Opportunities
o Recommendations for Improvements
o Management must also review the performance of their external providers such as
their suppliers, contractors, vendors and other service providers.
The performance is reviewed on the basis of service or product quality, timely delivery, and the
extent to which the organizational requirements are being met. Based on this review, management
can also take decisions.
For example, if a supplier is not performing well, is providing bad quality raw material, and as a result
a company is facing difficulties in meeting its quality objectives, then management can make
decisions to connect with another supplier who can provide a quality raw material.
Even if the cost will increase, it will be better compared to the cost incurred in product rejections,
utilities and resource utilization during reworks etc.



o Organizations as per ISO 9001:2015 are now required to manage risk and opportunities. For risk,
management will take actions to mitigate the effects of risk. For opportunities, management will take
actions to maximize the returns for that opportunities.
Management Reviews provide an opportunity to review the effectiveness of those actions which are
taken. For actions that are not active, management can propose other actions in order to meet the
necessary objectives.



o Organizations receive recommendations for improvements from employees, contractors, suppliers,
customers etc. The management needs to see whether these recommendations are taken seriously
or just ignored.
Management has to make the decision about which recommended areas for improvement that the
organization will work on in order to improve and gain advantage in the market.



o Adequacy of Resources
o Quality Policy
o Management must also review the resources that are allocated for the effectiveness of quality
management system as a whole. It is possible that due to changes in processes or the addition of
other products in the product manufacturing line, the resources requirements may have increased.
But the management cannot address such issues in daily routine.
Management review provides management with an opportunity to provide adequate resources for
such processes which have been neglected for any reason in the past. This will ensure the
effectiveness of the process and will help the management to achieve its goals.



o Adequacy of Resources
o Quality Policy
o Quality policy is a document that shows the commitment of top management to a quality
management system, as well as to the customer and other interested parties. Although it is not a
specific management review requirement as an input, management is required to review its strategic
direction regarding quality management system and thus quality policy can also be reviewed to
check if it is aligned with strategic direction.
 What are the Required Management Review Outputs?
 The three points discussed below are the compulsory outputs of Management Review.
Proceedings of the inputs need to be kept to display that management review has effectively
addressed them and produced the required outputs for the QMS. The records maintained can differ
and these records are reliant on how the management review is planned and completed. These
records are imperative not only to show to an auditor, but to record decisions for betterment of the
company, what decisions were made, and why.

o Improvement of the Effectiveness of the System
o Improvement of Product Related to Customer Requirements
o Resources Needs
o Management should make decisions as to what actions are needed to improve the
effectiveness of the system. A management review is not only meant for reviewing
things without acting. A management review means that management must make
decisions for the improvement of the system. This is similarly mandated by ISO
9001:2015.

o Resources Needs
o Management should make decisions based on customer complaints or feedback in
order to improve the product. If the product is improved based upon an action
derived from a management review meeting, it offers management an opportunity to
draw more customers. As the customer voice becomes in favor of the company,
more customers will yearn for the product.

o Resources Needs
o Last but not the least, management should identify areas from the management
review which need more resources. Management should make the decision to hire
competent resources to fill potential gaps in the processes. This is how management
review can be an effective tool for increasing the performance of the quality
management system and thus ensuring that the customer is also satisfied with the
company’s performance.
 Can Management Review be Done Without Holding a Meeting?
 While management review meeting scripts are easier for the external auditor to analyze, it is
not the concern of company management to make things comprehensible for the auditor.
Rather, management reviews are in place to ensure that their organization works well.
Many organizations conduct reviews by means of a management review meeting and generally do
so on an yearly, biannually or quarterly in an year. The standard simply mandates management
review, not a management review meeting, therefore it is up to the organization how the
management review is conducted.
For example, a customer complaint needs to be reviewed. However, if this review only occurs on a
bi-annual or annual basis in a meeting, a timely response may not be provided on customer issues.
Therefore management might review it on quarterly basis as well. Management must conduct
reviews, but how these reviews are to be done is up to management to decide. The only thing that is
required is that reviews should be effective in providing an accurate picture of a QMS and improving
the QMS, so as to achieve increased customer satisfaction.
Management Review can be a Key Driver of Improvement
Management Review is all about reviewing the presented review inputs to make sure that sufficient
resources are available so as to have customer satisfaction and increase the efficiency of the QMS
and to increase the quality of product. This is done to confirm that resources are producing the right
outputs.
 How Do Auditors Verify Management Reviews During an Audit?

 External and internal auditors will try to verify the requirements of ISO 9001:2015, which are almost
the same to that of ISO 9001:2008, except with few changes.
The auditors will check how the management review inputs are prepared for the review. The auditor
will try to establish evidence that the organization has conducted a review on the inputs of
management review. They will also check the outputs of the management review.
ISO 9001:2015 Transition

o Auditors are being counselled to ensure that planned management reviews are establishing that the
management system association is aligned with organization's strategic themes. The particular
requirements added in the latest version of ISO is concerned with the context in which the
organization operates and the related actions to address risks, which will also be checked by auditor
as Management Review inputs.
o The bigger emphasis in the 2015 edition of ISO is on top management’s involvement with the
management system. This will certainly lead to the amplified inspection of the management review
process, which will authenticate its incorporation into an organization's business processes.
o The auditor can also verify the depth of review, suitably scheduled frequency of reviews, timeliness
of conducting reviews, suitable attendance and results worked on. Auditor can verify these elements
of management review by checking records and interviewing the top management.
 Changes Between the Old and New Version of Standard

 As the ISO 9001:2008 called for the evaluation of the quality objectives and their
appropriateness to the quality management system in the management review, the ISO
9001:2015 entails an evaluation on changes in the industrial environment and how these
elements of change might disturb the strategy of the business.
 The ISO 9001:2008 asks in simple terms:

o Kindly demonstrate changes and improvements that have happened
o How they associate with the Quality Management System
o How the management reacts to changes


 The ISO 9001:2015 wants organizations to demonstrate in below
terms:

o Please show evaluation (in management reviews) of business strategy to attain
organizational quality objectives in the environment where your business operates
o Please show how changes in this business environment are evaluated in

management reviews
o Please show evaluation in reviews regarding these changes impacting QMS
o And if changes impacts QMS what actions are taken in management reviews
 Now, Standard relies upon how strong or old-standard oriented the external auditor is; if he is
tenacious and updated, he might need to evaluate the business environment, how
company’s strategy is relevant to it, and its association with the QMS.
 Management Review Relation with PDCA
 Performance Evaluation is a necessary part of ISO 9001:2015. The “Check” phase of the
PDCA cycle relates to Performance Evaluation. Performance Evaluation comprises of
management review, internal audits and monitoring, measurement analysis.

 Queries about Management Reviews



o Why Carry Out Management Reviews?
o How Frequently Should an Organization Hold Management Reviews?
o Who Takes Part in Management Reviews?
o Management reviews are carried out in order to ensure that the requirements of the management
system and its effectiveness are evaluated. The reviews need to evaluate present management
performance statistics and make sure that improvement opportunities have been identified and
taken care of.


o
Why Carry Out Management Reviews?
o The standard requires that reviews should be carried out at “planned intervals”. This
can be once-a-month, three-monthly or once a year. It is strongly recommended that
these should be conducted as per a defined plan on a regular basis. The schedule
also needs to be shared with relevant stake holders in order to hold management
reviews appropriately.


o
Why Carry Out Management Reviews?
o The appointed personnel for managing management reviews is usually known as the
management representative. He should chair the meeting with concerned senior
managers, line managers and top management representatives, like the CEO or
members from the board of directors. Sometimes, vendors are also invited to take
part in reviews sessions regarding the performance of external providers.
 Records for Management Reviews
 Records of management reviews can be kept in various forms. As the standard says to
maintain documented information, it means the requirements of standard can be attained
with the help of any format that has got the provisions to address standard requirements.
 Normally management review records are available in following forms and can also be
maintained to fulfill standard requirements:

o Management Review Meeting Minutes
o Management Review Outputs
o This should comprise of particulars of attendees, summarized notes of the
conversations or review proceedings, as well as action managers and offered action
due dates for completion.
 Records for Management Reviews
 Records of management reviews can be kept in various forms. As the standard says to
maintain documented information, it means the requirements of standard can be attained
with the help of any format that has got the provisions to address standard requirements.
 Normally management review records are available in following forms and can also be
maintained to fulfill standard requirements:

o Management Review Meeting Minutes
o Management Review Outputs
o Minutes can also have the review output form. However, it can be managed
separately as well. Outputs of the management review is founded on judgments and
proceedings concerning to:
 Enhancement of the business / operations
 Enhancement of the usefulness of the overall quality management system
 Enhancement of product associated to customer requirements
 Issuances of appropriate corrective actions, when needed
 Decisions on Resource addition as per needs identified in review
 Three Steps to More Effective Management Reviews

 Following are the three steps required for the effectiveness of management reviews:

o Top management involvement
o Speak in their terms

o Distribute the responsibility
 Top Management Involvement
The top management (chief operating officer, chief executive officer, managing director, general
manager and chief financial officer) are all concerned about the organizational financial and
accounting management system and all believe that the performance of the financial system is vital
for company’s growth and success.
Similarly, the quality management system should also be taken into the same spirit, where all among
the top management should believe that quality is an integral part of organizational success. This
belief will drive the top management involvement which is needed to accelerate the business
processes.
In the same way, top management must understand and behave as though quality is an essential
element in the organization’s victory. Furthermore, they must believe that every single manager and
member of organization has a role in the success of quality management systems.
Therefore, quality should be taken as a critical business activity. Management reviews are
imperative to meet the goals of an organization and all participants of top management must and
should show ownership and engagement in the system to make it effective.
 Speak in their terms

 One of the best methods for getting top management enthusiastically involved in management
reviews is to speak in their terms, which is in business linguistics. It means convincing them that bad
management system can increase the cost of running the business and an effective quality
management system can save internal inaccuracies in the processes that can result in profitability of
the business.
What have the quality management systems supported to the organization outside audits,
inspections, and system certificates placed on the wall? Quality managers and management
representatives must speak in the language understood by top management, similar to that of
finance and accounting managers when discussing the company’s monetary achievements.
Top management should be provided with eyes to see how the organization’s economic activity and
the effectiveness of its management systems are connected. The management review is an ideal
method for validating the business value that quality management systems have given to the
organization.
For example, if the organization has improved its market share following the application of its quality
management system, it is reasonable to attribute this success to the quality management system.
This attribution follows the cause-and-effect principle.
For example: before the quality management system was applied, the business had “X’ of the
market share, but three years after its implementation, the company has expanded with “1.5 X”
percent of the market share. This means that the company has grown in three years and the
implementation of the quality management system is one of the key reason for this expansion.
 hree Steps to More Effective Management Reviews


 Distribute the Responsibility
It is common for the quality manager to have impressions that they are only accountable for the
company’s management systems. However, quality is the concern of every executive and member
of organization, even if it occurs on different levels. It is agreed that the quality manager is
responsible for the whole routine operation of the quality management system, but all executives,
members and their teams are also liable for system to be operational.
Thus it is wisely said, “quality is every one’s responsibility”.

Quality managers must exert efforts to transfer responsibilities to the appropriate department
managers, that way responsibility can be shared.

 End of Topic
 The main points from this module are as follows:
 ISO 9001:2015 introduced a new concept to Quality Management System. The concept
speaks about the management of organizational knowledge.
The standard mandates that complying organizations must:

o recognize the knowledge areas that are necessary for the effective operations of
processes and the conformity of product/service;
o maintain this knowledge and keep it accessible where necessary;
o recognize the changing trends for knowledge and compare it with current
organizational knowledge;
o and attain the required knowledge if necessary.
 The knowledge triangle involves: the collection of data, the grouping of data to create
information, the analysis of information, which then creates knowledge for the organization.
Following this, repeatedly applying knowledge to improving processes will result in wisdom.
 Organizational knowledge is recorded in work instructions, checklists, training packages, on-
the-job training, and knowledge databases.
The organization uses the knowledge sources to create advantage in their processes.
Knowledge is often lost in information if information is not analyzed and worked upon.
Knowledge should be considered as an important resource. Some types of knowledge are tactic,
implicit, explicit, procedural, declarative, and strategic.
Business knowledge exists among personnel, organizational communities, and the structure of an
organization.
Processing of knowledge from organizational memory comprises of knowledge addition, retention,

and retrieval.
 Internal auditing is the inspection of a management system itself.
Phases of an audit comprise of audit preparation, audit proceedings, audit reporting, and audit
follow-up and closure.
An audit is done by first party (internal audits), second party (customer audits) and third
party (external certification audits).
Types of audit are product audit, process audit and management system audit. Internal audit
against ISO 9001:2015 is a management system audit.
Following the revision of ISO 9001, internal audits will now be conducted to assess risk
management systems, context of organization, and organizational knowledge.
 Essential Elements Of Quality Management System - Lesson Summary


 End of Topic

Iso 9001:2015 (Quality Management System)

Uploaded by

Copyright:

Available Formats

You might also like

Iso 9001:2015 (Quality Management System)

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Iso 9001:2015 (Quality Management System)

Uploaded by

Copyright:

Available Formats

Module 3: Essential Elements Of Quality Management System

 Upon completion of this module, you will be able to:

o Explain how organizational knowledge can be preserved

o List the new inputs of management reviews

o Explain how management reviews can be made effective in an organization

o Keep knowledge and make it accessible to the level needed.

o Be thoughtful of the present organizational knowledge and measure it against

o Gain the required knowledge.

 Business Knowledge and Resources

o This knowledge is present in practices and culture of an organization. This

 Stage for Processing Knowledge Through Organizational Memory

Knowledge Retention: Knowledge in an organization is retained in five different knowledge storage

 The Role of Leadership

The key roles played by this leader include:

 The Role of Leadership

 Comparing the Old and New ISO 9001 Standard

 First, Second and Third Party Audits

 Internal Audit Planning

 Who Will Perform Internal Audit?

o Auditors should be competent with the auditing process itself.

o Internal auditors should be aware of the requirements of ISO 9001:2015 and

 Approaches to internal auditing used by organizations include:

o Some organizations employ full-time, permanent, internal auditors.

o Big organizations may utilize a team of internal auditors.

 Requirements for Each Audit

 Perform the Internal Audit

 Perform the Internal Audit

 Perform the Internal Audit

o Observations against procedures

o Minutes on objective evidence observed, and employees cross-examined

o A formal audit report

o Non-conformance report on a software managed through the cloud or the

 Process Improvement Through Internal Audits

 Process Improvement Through Internal Audits

o Are the plans implemented and residual risk is acceptable?

 Internal Audit for the Context of an Organization

However when auditing a process owner, following the requirements of context of

o How are the issues related to the processes managed?

 Internal Audits for Organization Knowledge

o As internal audits are conducted at planned intervals within organization, external

Click on the following tabs to learn more:

 What are the management review inputs?

Click on the following tabs to learn more:

 What are the Required Management Review Inputs?

 What are the Required Management Review Inputs?

 What are the Required Management Review Inputs?

Click on the following tabs to learn more:

 What are the Required Management Review Inputs?

Click on the following tabs to learn more:

 What are the Required Management Review Inputs?

Click on the following tabs to learn more:

 What are the Required Management Review Inputs?

Click on the following tabs to learn more:

 What are the Required Management Review Inputs?

Click on the following tabs to learn more:

Management Review can be a Key Driver of Improvement

 How Do Auditors Verify Management Reviews During an Audit?