George Harris, President, Harris Consulting, Lexington, MA 02173, 617/674-0041.
If you haven't heard about or received literature on the ISO-9000 standards, you have probably been on a information sabbatical or taken a leave of absence. The ISO standards are hot . . . . Why? Because they provide a set of guidelines, which if used correctly, can form the basis of a quality system for your department, your plant, or your company. To top it off, you can become a registered company, sometimes referred to as certified, which could be a requirement of an international customer or provide the basis for a sales initiative here in the United States. It can also be modified to serve as a standard for purchasing quality system design. At least that was our premise as we sought to apply the standard to purchasing operations. The balance of this paper will describe the purchasing guidelines and an audit program which can be used to assess a given purchasing department.
There are three different standards under which registration can be achieved:
The ISO-9001 series is then the most difficult standard to be registered under due to the need to demonstrate design to manufacture to service interfaces and integration which normally is accomplished by three distinct organization, located in different locations.
ISO registration is being pursued by companies to introduce more standardized, repetitive processes which are followed in production or service delivery. ISO-9001 involves 20 specific categories ranging from management-, responsibility to use of statistics to document control.
APPLYING THE STANDARDS TO PURCHASING
Our initial step was to rewrite the standards to make them specifically apply to purchasing departments. In some cases, the revisions were minimal; in others, the changes were significant. As revised, the various categories can be graphically displayed as follows:
QUALITY SYSTEM GUIDELINES
An example of the revised text for the initial guideline entitled Management Responsibility is provided below for examination. We found that little revision to the ISO-9001 published guidelines was necessary because the intention of this guideline was applicable to any layer of management or to any manager in an organization. Specifically, a quality policy statement regarding subcontractors (the words used to describe suppliers in the guidelines) must be developed, and the organization established to implement the policy including responsibilities and authority must also be present. Adequate personnel and resources must be made available by the organization for implementation and improvement followed by periodic management review and involvement in the process to ensure success.
1.1 SUBCONTRACTOR QUALITY POLICY
Management shall define and document its policy and objectives for, and commitment to, subcontractor quality. The supplier shall ensure that this policy is understood, implemented, and maintained at all levels in the organization.
1.2.1 RESPONSIBILITY AND AUTHORITY
The responsibility, authority, and the interrelation of all personnel who manage, perform, and verify work affecting quality shall be defined; particularly for personnel who need the organizational freedom and authority to:
1.2.2 VERIFICATION RESOURCES AND PERSONNEL
The supplier shall identify, have access to, and participate with personnel responsible for in-house verification requirements, provide adequate resources, and assign trained personnel for verification activities (see 17).
Verification activities shall include inspection, test, and monitoring of the design, production, installation, and servicing of the process and/or product/service shall be carried out by personnel independent of those having direct responsibility for the work being performed. A feedback and communication linkage shall be established between the buying organization and verification personnel.
1.2.3 MANAGEMENT REPRESENTATIVE
The supplier shall appoint a management representative who, irrespective of other responsibilities, shall have defined authority and responsibility for subcontractor quality management are implemented and maintained.
1.3 MANAGEMENT REVIEW
The quality system adopted to satisfy the requirements of this Standard shall be reviewed at appropriate intervals by the supplier's management to ensure its continuing suitability and effectiveness. Records of such reviews shall be maintained (see 15).
Note: Management reviews normally include assessment of the results of internal quality audits, but are carried out by, or on behalf of, the supplier's management, namely management personnel having direct responsibility for the system (see 16).
As mentioned earlier, each of the guidelines was revised in this fashion. A significant amount of effort was made to ensure that the guidelines were integrated well, and as such, did not include ambiguities or redundancies.
AUDITING THE GUIDELINES FOR EFFECTIVENESS
As part of the registration process, a company must first provide a copy of its quality policy, quality manual, and its policies and procedures including work instructions used. Once this is done, the ISO registrar (chosen by the company to actually audit their processes, provide feedback, and ultimately issue the registration certificate) employs a number of auditing tools and techniques to ensure that the individuals in the company not only understand the policies and procedures but also perform their work in accordance with those same policies and procedures.
In order to ensure that the guidelines as rewritten for purchasing apply and are appropriate, we developed a series of questions and audit points which can be used to assess a specific purchasing organization's compliance with the guidelines. Eighteen pages of such questions were developed to help ascertain a particular group's compliance. The example below indicate the types of questions and issues relating to compliance with Guideline 1: Management Responsibility provided earlier.
Each one of the guidelines, then, can be reviewed in this context and fashion, and the results provided to senior management of the company. Action plans can then be put in place to ensure compliance, beginning with the worst performing area.
Our research will focus on using these guidelines in three different sized companies in three different industries. Results of the usefulness and applicability of the guidelines and audit results will be presented at the convention.