We’ve been conducting Quality Management System (QMS) audits since 1987. A very long time.
We’ve seen every manner, shape and form of quality audits.
BIGGEST CHALLENGE TO QUALITY AUDITING
The biggest challenge we’ve seen in quality auditing over the years is that these important assessments don’t get the visibility they deserve.
What do I mean? Take a look at the figure below (lower left side). Most management system (QMS, EMS ISMS, etc.) tend to go to a first or second level quality systems manager. Or at most, they go to a quality director. Yes, I know there are exceptions to this general observation. But in most companies, this is what we’ve observed.
ISO 9001:2015 requires risk assessment of the ability of the certified organization to meet QMS objectives. Executive management and the Board of Directors’s want operational and supply management transparency of risks that impede the achievement of critical business objectives. Now, quality management systems will be able to provide executive management and the Board the risk information they want in the form in which they want it.
The Chief Audit Executive (CAE) and Internal Auditing already conduct these risk assessments that report dotted line to executive staff and solid line to the Board of Diectors’s Audit Committee. See figure above.
What most folks don’t realize is that ISO 9001:2015 risk requirements seem to have been explicitly written so that executives and Board members receive similar consolidated risk information as the current internal control over financial reporting and IT, but now should also receive ISO management system reports in the same form.
From my point of view, the #1 reason for the adoption of risk in the new standard is a higher level reporting of ALL management systems.
Bio:
Greg Hutchins PE and CERM (503.233.101 & GregH@QualityPlusEngineering.com) is the founder of:
CERMAcademy.com
800Compete.com
QualityPlusEngineering.com
WorkingIt.com
He is the evangelist behind Future of Quality: Risk®. He is currently working on the Future of Work and machine learning projects.
He is a frequent speaker and expert on Supply Chain Risk Management and cyber security. His current books available on all platform are shown below: