Leadership matters much in ISO 9001:2015 QMS. It is the core of the system. Leadership is one of the QMS principles on which ISO 9001:2015 QMS standard is based. If we read the standard, we note that clause 5 of the standard mentions leadership requirements also.
Leaders establish unity of purpose, direction and engagement of people in the organization that align organization's strategies, policies, processes in achieving quality objectives. Leaders focus on communication by listening to the people and defines a strategic plan or direction of the organization. Leaders help people to work in a team.
Leaders in an organization should create and maintain the internal environment in which people can fully engage themselves to achieve organization's quality objectives. For this top management of the organization needs to play leadership role through its commitment, action and communication. They should communicate to the people in the organization the importance of meeting requirements. They need to establish quality policy, ensure ensuring establishing quality objectives at relevant functions, levels and processes, ensure availability of resources and conduct management reviews.
The leaders of the organization should: - be proactive, - understand and respect to changes that are visible in the industry environment, - establish clear vision of the organization, - build trust, eliminate fear and motivate people.
Benefits that may be derived from the use of 'leadership' principle include: - Employee's motivation towards organization's goals and objectives - Better understanding of organization's objectives - Better communication within the organization
In this connection a leader should practice 5-E of leadership, which are as under:
1. Equality: Everyone is equal. Don't be Biased. Be fair in your acts. 2. Expectations: Be realistic at setting expectations, objectives and goals. Have an eye on expectations, objectives and goals. Understand the strengths, weaknesses and areas of improvement of your team. 3. Emotional Intelligence: Understand that people have emotions and even you do. Use them intelligently. 4. Empower: Empower your people. Be a catalyst for your team members. Be their coach and mentor. 5. Evolve: Evolve everyone of your team to work as a team member. And when they are evolved as a team, you are evolved as a leader.
Clause 5 of ISO 9001:2015 QMS standard deals with the requirements related to leadership that describes what the top management's role should be. All requirement in this section are meant for the top management. ISO 9001:2015 QMS standard requires increased role for the top management. Leadership is the central theme of the quality management system and PDCA cycle that is applied to the quality management system.
The relevant sub-clauses are as under:
5.1 Leadership and commitment 5.1.1 General 5.1.2 Customer focus
5.2 Policy 5.2.1 Establishing the quality policy 5.2.2 Communicating the quality policy
5.3 Organizational roles, responsibilities and authorities
To understand the relevant requirements, please refer to the standard.
Founder of Feedspot, Mr Anuj Agarwal has sent me an email congratulating me as selection of this blog on QMS Awareness as one of the TOP 20 Quality Management Blogs on the web. Please visit feedspot blog by CLICKING HERE.
An organization should use suitable techniques, such as SMART (setting quality objectives that are Specific, Measurable, Achievable, Relevant and Time-bound), Balance Score Cards, Dashboard, Brainstorming etc. The evaluation of results on achieving specified quality objectives should be part of management review, performance appraisals or can be done through other means, such as ongoing review, feedback meetings etc. Whenever there is any change, quality objectives should be updated or added to as necessary.
The organization should also take into consideration factors such as the organization's capabilities, constraints, customer feedback, other issues etc.
ISO 19011 is an international standard that mentions guidelines for auditing management systems. ISO 19011 was first published in 2002. ISO 19011:2002 standard was used as a guideline standard for quality and/or environmental management systems auditing. Since then a number of management system standards have increased, so there was a need to have a common approach to audit management systems. Accordingly, in 2011 the standard was revised and ISO 19011:2011 was published as a guideline standard for auditing management systems. Again in 2018, the standard has again been revised and ISO 19011:2018 has been published as guideline standard for auditing management systems.
The new standard, ISO 19011:2018, has undergone a number of changes. These changes are summarised as under:
(i) Updates and changes in terminology
Most of the terms and definitions in ISO 19011:2018 are sourced from ISO 9000:2015 QMS standard with some modifications.
The terms 'document', 'documentation' and 'records' (please refer to clause 6.3.1 and clause 6.3.4 of ISO 19011:2011 standard) have been replaced with the term 'documented information' (please refer to clause 6.3.1 and clause 6.3.4 of ISO 19011:2018 standard), but at many places (please refer to clause 5.5.7 of ISO 19011:2018 standard) the term 'records' has also been used. Instead of the term 'suppliers', ISO 19011:2018 standard has used the term 'external providers' (please refer to the 'introduction' part of the standard).
ISO 19011:2018 standard in its clause 3 has included a few new terms and definitions, such as, combined audit (3.2), joint audit (3.3), objective evidence (3.8), requirement (3.23), process (3.24), performance (3.25) and effectiveness (3.26).
Clause 3 of ISO 19011:2011 has defined a term 'guide' (3.12), but this term is not defined in clause 3 of ISO 19011:2018, however the term 'guide' has been used in the standard guidelines (please refer to clause 6.4.2 of ISO 19011:2018 standard.
ISO 19011:2018 standard refers to ISO online browsing platform (link - https://www.iso.org/obp) that provide terminological databases for use in standardization.
(ii) Addition in the principles of auditing
There are six principles of auditing in ISO 19011:2011 standard. ISO 19011:2018 standard has seven principles of auditing with the addition of a new auditing principle - 'the risk-based approach' that considers risks and opportunities during the planning, conducting and reporting phases of the audit. Although the previous version, ISO 19011:2011 standard, suggests taking into consideration of a risk-based approach (please refer to its clause ), but it did not provide clear guidelines. Thus the new standard, ISO 19011:2018, places emphasis on risks and opportunities.
(iii) Changes in the clauses
The clauses 5, 6 and 7 have undergone a few changes and ISO 19011:2018 introduced a new clause 6.4.5 - audit information availability and access.
(iv) Emphasis on auditor competence
The new standard places emphasis on auditor competence. Generic competence requirements for auditors have been expanded in clause 7 of ISO 19011:2018 standard.
(v) Additional guidance on managing an audit programme
Additional guidance for determining and evaluating audit programme risks and opportunities is provided in clause 5.3 of ISO 19011:2018 standard.
(vi) Additional guidance on conducting an audit
A new clause 6.4.5 - audit information availability and access - has been introduced in ISO 19011:2018 standard.
(vii) Changes in Annex
Annex A 'Guidance and illustrative examples of discipline-specific knowledge and skills of auditors' of ISO 19011:2011 has not been included in ISO 19011:2018 standard. Annexe B 'Additional guidance for auditors for planning and conducting audits' of ISO 19011:2011 is now Annex A of ISO 19011:2018, which has been expanded with the additional sections on process approach to auditing (A.2), professional judgement (A.3), performance results (A.4), verifying information (A.5), auditing compliance within a management system (A.7), auditing context (A.8), auditing leadership and commitment (A.9), auditing risks and opportunities (A.10), life cycle (A.11), audit of supply chain (A.12), and auditing virtual activities and locations (A.16).
Thus, we notice that the new version of the standard considers evolving technologies and more focus on risks and opportunities.
Guidelines for conducting closing meeting are mentioned in clause 6.4.10 of ISO 19011:2011 standard. A closing meeting is conducted at the end of an onsite audit with an objective to present the audit findings and audit conclusions in such a manner that they are understood and acknowledged by the auditee's management.
Participants of the closing meeting: The closing meeting should be chaired by the audit team leader and attended by the following: - audit team members, - auditee's management, - as applicable, personnel responsible for the functions/processes that have been audited, - as applicable, audit client, - as applicable, other relevant interested parties as determined by the auditee/audit client.
Introduction: The audit team leader should thank the auditee for their cooperation during the audit
Recording attendance: An attendance sheet should be retained that mentions all members present in the closing meeting.
Restate audit objectives, scope and criteria: The audit team leader should restate and confirm audit objectives, scope (auditing against ISO 9001:2015 QMS standard) and criteria of the audit during the closing meeting.
Explain situations encountered and the audit findings etc: The audit team leader should advise the situations encountered during audit, the audit findings and the method of reporting. The audit team leader should also explain that the audit only looked at a sample of the auditee's activities, therefore, the absence of recorded nonconformities does not indicate its non-existence. It may be expected that the auditee's internal performance evaluation activities will discover additional nonconformities similar to those that are found by the audit team. With regard to an action plan to address audit findings, the participants should agree on the time frame and how the audit findings should be addressed based on agreed norms. The audit team leader should also advise the degree of the effectiveness of the quality management system as per ISO 9001:2015 QMS standard in achieving the auditee's objectives, including implementation of risk-based thinking. The audit team leader should also state the familiarity of the auditee with the audit process and this will ensure communication of correct details during the closing meeting. The audit team leader should also explain (i) the possible consequences of not adequately addressing the audit findings, and (ii) related post-audit activities, such as corrective action by the auditee, review of corrective action by the audit team, addressing audit complaints, appeal process.
Audit findings and conclusions should be presented in such a manner that are understood and acknowledged by the auditee's management. if there is any difference of opinion with regard to the audit findings or conclusions between the audit team and the auditee, the same should be discussed and resolved. If difference of opinion is not resolved then the same should be recorded.
The audit team leader should conclude the closing meeting with one more thanks to all participants present in the closing meeting. Thank them for coming to the closing meeting, and also for their cooperation and assistance during the audit.
The closing meeting in an internal audit may be short and less formal, where the audit team leader may solely communicate the audit findings and audit conclusions. The closing meeting for an internal audit can be accomplished in little more than fifteen minutes. The closing meeting in an external audit should be formal as per the guidelines mentioned above, however it is suggested that such meeting should be completed within 30 -45 minutes time. It is believed that a well-organized closing meeting adds value to the audit.
Guidelines for conducting an opening meeting for an audit are mentioned in clause 6.4.3 of ISO 19011:2018 standard. An opening meeting is conducted at the start of an onsite audit with the following objectives: - confirming that all participants (audit team and auditee) agree to the audit plan, - introducing audit team members and their roles during the audit to the auditee, and - ensuring that all planned activities of the audit can be performed during the audit.
Who should participate in the opening meeting?: The opening meeting should be chaired by the audit team leader. Audit team members, auditee's management and, where appropriate, personnel, responsible for the functions/processes to be audited, should participate in the opening meeting.
Introduction: There should be an introduction of the audit team members and auditee present at the meeting. The roles of each team members should be communicated, as necessary, during the meeting.
Recording attendance: An attendance sheet should be retained that mentions all members present in the opening meeting.
Confirmation of audit objectives, scope and criteria: The audit team leader should state and confirm audit objectives, scope (auditing against ISO 9001:2015 QMS standard) and criteria of the audit during the opening meeting.
Confirmation of audit plan: The audit team leader should state and confirm the audit plan and other relevant arrangements including (i) date/time/place for closing meeting, (Ii) any interim meetings needed, and (iii) any changes needed.
Familiarity with the audit process: The audit team leader should state the audit process so that the auditee familiarize with the audit procedures and methods. The audit team leader should also state that the audit will be a representative sampling of evidence, not a 100 percent inspection. This should be obvious to all participants, but it is important to declare this limitation before the audit begins.
Confirmation of formal communication channels and the language: The audit team leader should state and confirm (i) the formal communication channels between the audit team and the auditee, and (ii) the language to be used during the audit.
Progress reporting: The audit team leader should state and confirm progress reporting arrangements with the auditee's management.
Confirmation of audit resources and facilities: The audit team leader should mention and confirm the adequate resources and facilities available for the audit team.
Confirmation of confidentiality and information security: The audit team leader should mention and confirm matters relating to confidentiality and information security. The audit team leader should make a general commitment to maintain confidentiality related to the evidence gathered and conclusions generated during the audit.
Confirmation of access, health and safety, security, emergency and other arrangements for the auditors: The audit team leader should mention and confirm matters relating to access, health and safety, security, emergency and other arrangements, such as, security equipment, availability of other participants including observers, guides, interpreters etc and an outline of their roles.
Confirmation of activities on site: The audit team leader should mention and confirm, as appropriate, the activities on site, which can impact the auditing.
Presentation of information: The audit team leader should consider and mention, as appropriate, presentation of information relating to the audit findings reporting methods, including ant criteria for grading, for example - minor, major, observation etc.
Opportunity to ask questions: The audit team leader should provide an opportunity to ask questions with regard to the audit during the opening meeting to the participants and provide necessary clarification on the question asked during the opening meeting. The audit team leader should conclude the opening meeting with one more thanks to all participants present in the opening meeting. Thank them for coming to the opening meeting, and also for their cooperation and assistance related to the audit.
The opening meeting in an internal audit may be short and the audit team leader may (i) communicate conducting an internal audit, and (ii) explain the nature of the audit. The opening meeting for an internal audit can be accomplished in little more than five minutes. The opening meeting in an external audit should be formal as per the guidelines mentioned above, however it is suggested that such meeting should be completed within 20 - 30 minutes time. It is believed that a well-organized opening meeting leads to a successful audit.
Short Note - ISO 19011:2018 - Guidelines for auditing management systems - Changes in the principles of auditing - Specific reference to risk-based approach
The previous edition of ISO 19011:2011 had suggested taking into consideration the adoption of a risk-based approach, but it (please refer to clause 5.3.4 - ISO 19011:2011) provided limited guidelines on the matter. ISO 19011:2018 standard document has placed an improved and enhanced focus. Now adoption of risk-based approach will essentially be a critical determinant while planning, conducting and reporting of the audit. It has added a new principle 'the risk-based approach' that provide guidelines to auditors to consider risks and opportunities during auditing at every phase while planning, conducting and reporting. Clause 5.3 of ISO 19011:2018 standard document specifies guidelines for determining and evaluating audit programme risks and opportunities. It is better for an auditor to understand risks and opportunities related to the context of the auditee that may affect achievement of audit objectives. The people, involved in managing an audit, should identify and consider (i) the associated risks and opportunities, and (ii) resource requirements, when developing an audit programme. These identified risks and opportunities, and resource requirements should be communicated to the audit client so that these are addressed suitably.
Risks may be associated with: (i) planning, (ii) resources, (iii) selection of auditor(s) for the audit, (iv) communication, (v) implementation, (vi) control of documented information, (vii) monitoring the audit programme, (viii) reviewing the audit programme, (ix) improving the audit programme, (x) availability of auditee, (xi) cooperation (and coordination) of auditee, and (xii) availability of evidence to be sampled.
Opportunities may be available that can improve the audit programme. Such opportunities may relate to: (i) multiple audits in a single visit, (ii) minimizing time and distances involved in travelling of audit team members, (iii) availability of competent audit team members, and (iv) aligning audit dates with the availability of relevant key auditee.
The application of risk-based approach in auditing management systems will serve as a tool for risk prevention. It will optimize efficiency and effectiveness of the audit process and audit outcome.
Thus, the new standard (ISO 19011:2018) places improved emphasis on risks, opportunities and auditor competence.
Short Note - Developing and implementing ISO 9001:2015 QMS in an organization
It is a strategic decision for an organization to adopt ISO 9001:2015 QMS standard. Once the top management of an organization takes a decision to develop and implement ISO 9001:2015, following step-by-step process may be useful: Step 1 - Leadership and Commitment from Top Management Step 2 - Assigning responsibilities and authorities Step 3 - Establishing a steering committee Step 4 - Establishing a task force Step 5 - Appointing a QMS consultant Step 6 - Obtaining Information about QMS and ISO 9000 Family Step 7 - Start 'ISO 9001:2015 QMS Awareness' Programme Step 8 - Formulate an Action Plan Step 9 - Training and Guidance Step 10 - Conducting Initial Status Survey Step 11 - Establishing and Developing Quality Policy and Quality Objectives, and Creating and Updating Documented Information Step 12 - Implementation Step 13 - Conducting Internal Audit Step 14 - Conducting Management Review Step 15 - Arranging Pre-assessment Audit Step 16 - Going for Certification
Short Note - Understanding the organization and its context
Clause 4.1 of ISO 9001:2015 QMS standard provides the requirements related to captioned matter.
The organization needs to (i) determine internal and external issues (positive and negative factors or conditions) relevant to the organization's purpose, strategic direction and that can affect organizational ability to achieve intended results or desired outcomes, and (ii) monitor and review information (data) about the determined external and internal issues (positives and negative factors or conditions).
We should have a clarity that there are many issues that can help or make easier the understanding the external context of the organization and such issues may arise from legal, technological, competitive, cultural, social and economic environments and that can be global, national, regional or local. There are many other issues that can help or make easier the understanding the internal context of the organization and such issues may relate to the organization's values, culture, knowledge and performance.
To know more on the understanding the organization and its context, please refer to the following relevant articles: - ISO 9001:2015 QMS - Understanding organization and its context - Source of information about internal and external issues - CLICK HERE. - Understanding the organization and its context - CLICK HERE. - ISO 9001:2015 QMS - Understanding the organization and its context - CLICK HERE.