Process Approach and PDCA Cycle

========== 

Process Approach and PDCA Cycle

==========

 

Process Approach

 

ISO 9001:2015 QMS standard promotes the process approach. Clause 4.4 of the standard specifically deals with specific requirements related to the quality management system and its processes.

 

Let’s begin with the understanding the process approach. A process is a set of interrelated or interacting activities, which transforms inputs into outputs.

 

Interrelated activities = Activities having a mutual connection = Activities related to or connected to one another

 

Interacting activities = Activities that talk or deal with others = Activities acting in such a way as to have an effect on each other

 

A process uses inputs to deliver an intended (planned) result. Inputs and outputs may be tangible or intangible.

 

Tangible = A thing that is perceptible (able to be seen or noticed) by touch, such as material, component, equipment

 

Intangible = Unable to be touched, not having physical presence, such as data, information, knowledge

 

The processes of a business or an organization is the totality of all of the individual activities that the business or the organization performs. Let’s take an example. The process of an organization may include determining a customer needs, creating a product or service to meet the determined needs, defining how the product or service will be produced, operational part, measurement etc. The process approach means the establishing all above processes of the organization to operate as an integrated and complete system.

 

Process approach = The systematic management of processes and their interactions to achieve the intended results.

 

To manage a number of processes, the organization develops a management system, such as quality management system, environmental management system, etc. the management system integrates processes. It also measures processes and outputs to meet objectives. There are a number of processes in each management system. Typical processes in the quality management system includes understanding the context of the organization, performing leadership roles, planning, providing support, doing operational activities, design and development, performance evaluation, audit, improvement etc.

 

A process map is a very significant tool as part of quality management system of an organization. Creating this process map is defining the links where the process starts and where it ends, and also determining the specific activities that need to be performed, process owners for each activity and customer satisfaction measures. From the process map the organization can begin to define which QMS-related processes are involved and how the organization can flowchart them in detail, improve them, update the flowchart, and document it, if required necessary, deploy and maintain the process. A flowchart is a visual representation that uses symbols to illustrate the sequence of steps, decisions, and information flow in a process.  

 

The process approach incorporated the risk-based thinking that ensures consideration of risks when establishing, implementing and maintaining a management system, each process and each activity.

 

PDCA Cycle

 

PDCA = Plan, Do, Check, Act

 

PDCA cycle is a tool that is used to manage processes and the quality management system of an organization. ISO 9001:2015 QMS standard suggests application of PDCA cycle to organization’s processes and to the quality management system as a whole.

 

PDCA stands for:

 

P = Plan = Establish the objectives (organizational goals at each relevant functions, levels and processes needed for the quality management system) to deliver intended results. Plan include: (1) What to do? And (2) How to do?

 

D = Do = Implement as planned and control implementation

 

C = Check = (1) Monitor and measure processes and outputs, and (2) Report results (conformity, any deviation, or improvement opportunity). It involves evaluating whether the planned actions are achieving the desired results and identifying any deviations or opportunity for improvement.

 

A = Act = Take actions to (1) Improve output result, and (2) Continually improve performance of the organization’s processes. Act is the process of implementing changes based on the results and how it ties into the concept of continual improvement,

 

process of implementing changes based on the results and how it ties into the concept of continuous improvement.

 

PDCA methodology operates as a cycle of continual improvement, integrated with risk-based thinking at each stage in ISO 9001:2015 QMS.

Best wishes,

Keshav Ram Singhal

 

(This write-up is a part of a forthcoming book on ISO 9001 being written by Keshav Ram Singhal)

Risk-based thinking – An integral part of ISO 9001:2015 QMS

 

==========

Risk-based thinking – An integral part of ISO 9001:2015 QMS

==========

 

One of the key concepts in ISO 9001:2015 QMS standard is to establish a systematic approach to consider and address risks and opportunities as an integral part of the quality management system, rather than to treat ‘prevention’ as a separate need.

 

Risk is inherent in all aspects of the quality management system. All processes, functions and systems have some risks. Risk-based thinking helps to identify, consider and control all risks.

 

Earlier version, ISO 9001:2008 QMS standard, has a separate clause stipulating requirements on preventive action. But this version, ISO 9001:2015 QMS standard, uses risk-based thinking, where consideration of risk is integral. It is now a proactive action, rather than to be reactive, as it appeared in the earlier version of the standard.

 

Risk-based thinking is something like we do automatically and regularly ever day. When we cross a road, we look both sides and assess the situation of risks (traffic, accident) and of opportunity to cross the road.

 

Risk-based thinking has always been in ISO 9001; however, this standard builds it into the whole management system from the beginning and throughout the system. Now preventive action, present in risk-based thinking, is inherent to planning, operation, analysis and evaluation activities. Process approach also includes risk-based thinking. Risk-based thinking is evident and mentioned in the following Para and clauses of ISO 9001:2015 QMS standard:

 

·       Introduction: Introduction of the standard in brief explains the concept. Para 0.1 and Para 0.3.3 describe risk-based thinking. It emphasizes that risk-based thinking empowers and authorizes: (1) the organization to define those factors that could matter or influence the organization’s processes and the quality management system. The influence could be deviation from intended results, (2) to take control decisions and actions to minimize the negative effects of the defined factors, and (3) to take suitable benefits of the opportunities encountered.

 

·       Clause 4: This clause of the standard stipulates requirements that the organization needs to address risks and opportunities in accordance of the requirements.

 

·       Clause 5: As per requirements of this clause, the top management of the organization needs to (i) promote use of risk-based thinking (5.1.1), and (ii) ensure determining and addressing the determined risks and opportunities that can affect the quality of products and services (5.1.2).

 

·       Clause 6: As per requirements, the organization needs to: (i) determine risks and opportunities, (ii) plan actions to address determined risks and opportunities, (iii) ensure action taken are in proportionate to the potential impact on the quality of the products and services (6.1).

 

·       Clause 7: As per requirements, the organization needs to determine and provide necessary resources for the quality management system (7.1). Risk is inherent in all aspects of the quality management system.

 

·       Clause 8: As per requirements, the organization needs to manage operational processes (8.1). Risk is inherent in all aspects of the quality management system including in its processes.

 

·       Clause 9: As per requirements, the organization needs to analyze and evaluate data and information with regard to the effectiveness of actions taken to address determined risks and opportunities (9.1.3). Management review includes consideration of the effectiveness of the actions taken to address risks and opportunities (9.3.2).

 

·       Clause 10: As per requirements, the organization needs to correct, prevent or reduce undesired effects (10.1) and update risks and opportunities determined during planning, if necessary (10.2).

 

Benefits of using risk-based thinking

 

Let’s understand the benefits of risk-based thinking. As individuals, if our thinking would not have been risk-based, we would have to deal with security and safety issues every day. Similarly, the organization would have suffered a lot due to not having risk-based thinking, its processes would not have been operated correctly, the products and services produced would not have been of quality. There are many benefits to an organization having a risk-based thinking.

 

Risk-based thinking:

 

·       Promotes proactive culture in the organization that improves organization’s governance

 

·       Assists the organization to comply legal requirements

 

·       Assures consistency of the product and service quality

 

·       Improves customer confidence and satisfaction

 

 

An organization that embraces risk-based thinking often experience significant benefits, such as:

 

·       Enhance quality: Proactively addressing risks lead to improvement in the organization’s products and service quality and reducing defects.

 

·       Reduce customer complaints: Enhanced quality of products and services leads to reduced number of customer complaints and enhancement in customer satisfaction.

 

·       Increase operational efficiency: Identifying and mitigating risks helps streamline processes, leading to reduced downtime and increase operational efficiency.

 

·       Proactive regulatory compliance: Risk-based thinking assists the organization to comply regulatory requirements, thus no penalties imposed on the organization.

 

Relevance of internal and external issues to identifying risks

 

Internal and external issues are factors that affect an organization’s ability to achieve its intended outcomes or desired results. These issues play a crucial role in identifying risks and opportunities as they provide context for understanding potential influences on the organization’s processes. As an example of an internal issue, high employee turnover rate in the organization could lead to knowledge gaps, reduced productivity, and potential quality issues. As an external issue, economic recession could result in decreased customer demand, financial constraints, and supply chain disruptions.

 

Risk criteria for evaluation

 

Risk criteria are parameters used to assess the significance of a risk. These criteria kelp prioritize risks based on their potential impact on the organization’s objectives.

 

Examples of risk criteria

 

·       Likelihood: Probability of the risk to occur, rare, unlikely or possible

 

·       Impact: Consequences of the risk, if it occurs, minor, moderate, major or catastrophic

 

·       Detectability: Is the risk easily detectable, moderately detectable or difficult to detect?

 

·       Strategic importance: Risk alignment with the organization’s strategic goals, critical, important or minor.

 

·       Needs of resources: Needs of resources to manage the risk, low, moderate or high.

 

Using risk-based thinking

 

First question comes in our mind, how to use risk-based thinking in the quality management system. Simple, we need to identify, understand and then address risks. Risk analysis is the important step of identifying potential problems.

 

There are several tools and techniques for risk identification and analysis of identified risks. Here-in-below is a list of such tools and techniques that are easy to use and don’t require complex understanding:

 

1.     SWOT Analysis: SWOT = Strengths, Weaknesses, Opportunities, Threats. The SWOT analysis helps identify an organization’s internal strengths and weaknesses, as well as external opportunities and threats. This tool is typically used for strategic planning; however, it can be used to highlight potential risks and opportunities.

 

2.     Brainstorming: The brainstorming is an effective group technique. A note on this technique is provided in this write-up separately.

 

3.     Checklist: A checklist involves using predefined lists of potential risks and evaluating their relevance to the organization. This technique is useful for making sure common risks are not overlooked. A note on this technique is provided in this write-up separately.

 

4.     Cause and effect diagram (Fishbone or Ishikawa diagram): This technique helps identify potential causes for a specific effect or problem. It can be used to uncover risks that might contribute to undesirable outcomes.

 

5.     Failure Modes and Effect Analysis (FEMA): One commonly used method of risk identification and risk analysis is known as ‘Failure Modes and Effect Analysis’ (FEMA) that is done during the design of a product or process. The purpose of FEMA is to identify all potential problems that could arise in the product or process, identify criticality of the risk and decide what to do about it. A note on this technique is provided in this write-up separately.

 

6.     Process mapping: The process mapping visually represents the flow of a process that can be used to identify areas where risks could occur or opportunities for improvement could happen.

 

7.     Risk mapping: The risk mapping involves plotting identified risks on a matrix based on their likelihood and impact to help prioritise identified risks for further analysis and action.

 

8.     Pareto analysis (the 80/20 rule): The pareto analysis involves focusing on the most significant risks that contribute to the majority of potential negative impacts. This tool is used to identify the vital few problems or causes of problems that have the greatest impact on the process.

 

9.     Scenario analysis: The scenario analysis involves exploring different scenarios that could impact the organization and assessing their potential consequences. This helps prepare a range of possible outcomes.

 

10.  Expert interview: Experts are source of valuable information and conducting interviews with subject matter experts can provide valuable insights into potential risks anBenchmakingd opportunities based on their experience and knowledge.

 

11.  Benchmarking: This involves comparing the organization’s practices and processes to those of others in the industry to which the organization belongs to identify potential gaps and areas for improvement.

 

The above list is indicative. There may be more tools and techniques for risk identification and analysis of risks. The organization should adapt the tool and technique that suits the organization’s specific needs and context. It is always useful to use a structured and systematic approach to risk identification and its analysis.

 

Brainstorming

 

Brainstorming is an effective group technique, which can be used to generate a large number of ideas quickly. It can be an important part of identification process of risks and opportunities for applying risk-based thinking in a management system (such as ISO 9001:2015 QMS). The generated ideas can provide solutions to a specified problem in a variety of situations. In the process of brainstorming, members of the group are encouraged to put forward their ideas concerning the problem. All ideas generated in the group are recorded for subsequent analysis. Brainstorming technique may be formal and informal. Formal brainstorming is more structured.

 

Brainstorming process may be described as under:

 

·       Identify a problem, for example determination of risks and opportunities in a particular process and proposed solutions.

 

·       Call a brainstorming meeting of a group. Brainstorm as a group.

 

·       Ask each member of the group to put forward their ideas.

 

·       Record all ideas.

 

·       Identify areas of improvements.

 

·       Design solutions to the identified problem.

 

·       Develop an action plan to execute designed solutions.

 

If you wish to generate a good number of ideas, then as convener of the brainstorming session, you should encourage all participants of the group to put forward their ideas. You should not criticize or make any adverse comments during the session. You should record all ideas. An openness of the convener will be able to bring out hidden ideas during the brainstorming session. A lot of good information and a number of ideas can be discovered, if the brainstorming team is a diverse and have experience in the identified problem area.

Brainstorming is generally used in conjunction with the cause-and-effect diagram tool. The cause-and-effect diagram identifies many possible causes for an effect or a problem. It can be used to structure a brainstorming session.

 

Checklist

A checklist is a list of things that can be checked off as completed or noted. When we certain steps to do for a work or process, we make a list of all of them and we check them off as we accomplish each of them. A checklist is a type of informational job aid used to reduce failure by compensating for potential limits of human memory and attention. It helps to ensure consistency and completeness in carrying out a task. Check-lists are simple form of risk identification technique that provides a listing of typical uncertainties which need to be considered. Check-lists are developed usually from experience - either from previous risk assessment result or from past failure result. A check-list can be used to determine hazards and risks. It can be used to assess the effectiveness of the controls applied. Check-lists can be used at all stages of the life cycle of a product/service or system. They may be used independently or as a part of other risk assessment techniques. A well-designed check-lists may be used by non-experts and help ensure that common problems are taken care.

Typical daily checklist for boiler maintenance may be as under:

 

·       Inspect around and under the boiler equipment for leaking water

 

·       Ensure that the area around the boiler equipment is free of materials that may cause obstruction

 

·       Check and ensure temperature readings are within the designed range

 

·       Check and ensure pressure readings are within the designed range

 

·       Watch closely all display panels and ensure no error codes or service codes

 

·       On watching any error codes, ensure to send for service

 

·       Ensure vent termination is not blocked or obstructed

 

·       Inspect and ensure the combustion air opening with no blockage

 

·       Always listen closely for any unusual noises or vibrations

 

To prepare a checklist for a particular process, make a small team of identified people who should be asked to prepare check points of the known issues that can affect conformity of the product/service (risks) and have the ability to enhance customer satisfaction (opportunities).

For writing of a checklist, the initial process is to carry out a thorough investigation of the task to accomplish. A good checklist starts with a thorough investigation into what and why of whatever it is you are trying to accomplish. Understand objectives of what you want to accomplish. Before you start making your checklist, you must understand what you want to accomplish. Do some research. Find out what others are doing. Write down all points. Get everything documented what you want to accomplish. Brainstorm on your own each point of the process and note down them. You must know the value of each task. Write down in simple language to include a fully detailed description by organizing all your points.

 

Failure Modes and Effect Analysis (FEMA)

 

One commonly used method of risk identification and risk analysis is known as “Failure Modes and Effect Analysis” (FEMA) that is done during the design of a product or process. The purpose of FEMA is to identify all potential problems that could arise in the product or process, identify criticality of the risk and decide what to do about it.

 

FEMA process has following four steps:

 

(1)   Identify your risks: It can be done in a brainstorming session from different areas of the organization by listing all potential problems that could arise.

 

(2)   Determine how critical each risk is: You should assess the each risk against probability of occurrence, severity of occurrence and chance of detection of occurrence.

 

(3)   Rank the risk: You should decide the rank of each risk, whether the risk is acceptable or unacceptable.

 

(4)   Determine actions: After understanding the risk, determine your actions, what should be done. Plan actions to address identified risks.

 

FEMA process is simple. It is easy to use. FEMA process gives results that are easy to determine acceptability, and thus provides a framework to assign resources to risk reduction that is easily supported. You should clearly understand that FEMA is a way of dealing risk analysis, and it is no way mandated by ISO 9001:2015 QMS standard that you must use it. Any methods you find useful, relevant and efficient can be used.

 

After FEMA process, you need to address each risk that has following steps:

 

(1)   Implement the plan: Take action

 

(2)   Check the effectiveness of the action: Whether risk is mitigated, what is the result of action taken.

 

(3)   Improve your action: Improve your action on the basis of check results.

 

Effective Communication of Risks and Opportunities

 

The organization should implement effective internal communication about risks and opportunities within the organization. Clear and effective communication helps ensure that all relevant stakeholders particularly the employees are aware of the potential risks and opportunities and can take appropriate action.  

 

Suggested reading:

 

(1)   Guidance document on ‘Risk-based thinking in ISO 9001:2015’ published by International Organization for Standardization.

 

(2)    ISO 31000:2018, Risk management - Guidelines

 

Best wishes,

Keshav Ram Singhal 

(This write-up is a part of a forthcoming book on ISO 9001 being written by Keshav Ram Singhal)

Developing and implementing ISO 9001:2015 QMS – 12 – Implementation

Developing and implementing ISO 9001:2015 QMS – 12 – Implementation

=========

After creating necessary documented information, conducting various trainings and performing initial status survey, the organization’s personnel are now equipped with the knowledge of the ISO 9001:2015 QMS standard requirements and the gaps that need to be addressed to achieve compliance. The organization must now focus on closing these gaps identified in the initial status survey of the organization. This involves allocating resources, defining and delegating roles, responsibilities and authorities and establish a final timeline for completing the required actions. To ensure clear guidance and compliance, the individuals involved in implementation process should refer to the ISO 9001:2015 QMS standard as a crucial reference document.

 

Implementing the quality management system according to the documented information developed and maintained by the organization is a best practice. Depending on the organization’s size, implementing the quality management system may be more effective if done in phases or as a whole. In larger organizations, a phase approach can enable the evaluation of system effectiveness in specific areas. While in small organizations, the quality management system is often implemented as a whole. An initial focus should be on areas with high a high likelihood of positive compliance can bolster confidence in both management and staff regarding the merits of ISO 9001:2015 QMS implementation.

 

The steering committee, responsible for overseeing and controlling the ISO 9001:2015 QMS implementation process, should consider the following factors:

 

-        Integrate risk-based thinking and take proactive measures to address identified risks and opportunities

 

-        Develop and implement a comprehensive communication plan to keep all stakeholders well-informed about the progress, changes and their respective roles during implementation  

 

-        Assess whether additional documented information, such as procedures, work instructions, forms, are needed and develop them accordingly

 

-        Incorporate performance metrics and key performance indicators (KPIs) to regularly measure and monitor the effectiveness of the quality management system implementation

 

-        Promote active participation of employees, obtain their feedback, and promptly address any issues to facilitate a seamless implementation process

 

-        Emphasize the culture of continual improvement, identifying areas for enhancement and taking appropriate actions

 

-        Consider seeking external support for the implementation process if deemed necessary by the steering committee

 

-        Throughout the implementation, reinforce the organization’s commitment to customer focus among all staff members

 

-        Ensure that all requirements of ISO 9001:2015 QMS standard are fulfilled

 

As the quality management system takes root over a period, such as three to six months, the steering committee should anticipate the next phase: conducting internal audit. For details on the upcoming internal audit step, please refer to the forthcoming write-up.

 

Best wishes,

Keshav Ram Singhal  

 

Please have your comments / reaction.

 

To train your employees with ISO 9001:2015 QMS Awareness, please supply them “TRAINING HANDBOOK ON ISO 9001:2015QMS AWARENESS” (ASIN: B093YFFY7Z), which is available worldwide at Amazon. Please search this Training Handbook in Amazon Website of your country. 

 

 You may also supply your employees following eBooks - (i) A Concise Guide on Creating and Updating Documented Information (eBook) https://store.pothi.com/book/ebook-keshav-ram-singhal-concise-guide-creating-and-updating-documented-information/ (ii) Applying Risk-based Thinking in an Organization Implementing ISO 9001:2015 QMS (eBook) https://store.pothi.com/book/ebook-keshav-ram-singhal-applying-risk-based-thinking-organization-implementing-iso-9001-2015-q/

 

Thanks.