By Robert Wallace
Key Requirements of ISO/TS 16949:2009
ISO/TS16949:2009 focuses on the effective linkages between the company's business plan, quality policy, quality objectives and measures, planning on how objectives can be achieved, and deploying objectives throughout the organization. The standard and its series of support manuals can be purchased through the Society of Automotive Engineers International at http://www.iso.org.
Some of the key additional requirements include the need for:
• Top management involvement including establishing and implementing a business plan, including linkages to clearly defined measurable quality objectives.
• Clear definition of responsibilities, including shift activities and authority to stop production to correct quality problems.
• Top management review of the performance of the quality system, including reporting and evaluation of the cost of poor quality.
• Human Resource management including processes for defining competence requirements, providing training (including on the job training for employed and temporary and agency personnel), and verifying effectiveness of actions taken.
• A process to achieve quality objectives and continual improvement, creating an environment to promote innovation.
• A process to measure the extent to which personnel are aware of the relevance and importance of their activities and how they contribute to the achievement of the quality objectives.
• Focus on product and process design.
• Use of automotive core tools (Statistical Process Control (SPC), Failure Mode Effect Analysis (FMEA), and Measurement System Analysis (MSA).
• Development of suppliers using ISO/TS16949:2009.
• Controlling production processes by use of control plans including provision of adequate work instructions.
• Ensuring effective control of internal and external laboratories.
• A process for measurement of customer perception and satisfaction.
Organizational Benefits of ISO/TS 16949:2009
• One quality system to meet multiple customer quality requirements
• Documented operational and quality system
• Ability for increased business
• Improved utilization of time and materials
• Improved efficiency and profitability
• Increased customer satisfaction
• Quality improvement and timely delivery
• Improved control of quality and processes
• Improved performance from suppliers
• Responsibilities of personnel clearly defined
• Documented system provides useful reference
• Lower reject rates, rework, and warranty costs
ISO/TS 16949 Pitfalls
Robert Wallace finds that more than 10 years after the adoption of the technical specification governing quality systems in the automotive industry, too many companies, unfortunately, are making the same mistakes and, consequently not achieving the full benefits of their pursuit of quality. The following article points out the most common failures associated with implementation of ISO/TS 16949 (TS-2).
Key Know and Go Points:
• Quality systems should be dynamic, but usually they are not. Management should be reviewing results and putting processes in place that continually improve performance. The failure mode and effects analysis (FMEA) and control plans, in particular, should be up-to-date.
• Both levels of responsibility and limits of authority should be clearly defined in job descriptions. Employees should understand when to ascend the chain of command, and when to take full responsibility for addressing issues.
• Management should know which processes require training for employees to achieve goals, provide this training in a timely manner, and test the competence of employees to ensure effectiveness.
• For plans to be truly effective, organizations should monitor the requirements of customers and the behaviors of suppliers. Supply chain management is a critical success factor.
• Finally, quality managements systems can deliver valuable information that allows organizations to take preventive actions, quickly address crises, and achieve desired levels of efficiency and effectiveness. The most common pitfall, ultimately, is the failure to keep documentation current and available at the worksite so it can be used to keep action aligned with the process, and the process aligned with continual improvement goals.
Even though standards governing quality management systems were instituted more than a decade ago, consistent areas of weakness in the application of the automotive process approach still exist. The technical specification ISO/TS 16949¡ª¡°Quality management systems ¡ª Particular requirements for the application of ISO 9001:2000 for automotive production and relevant service part organizations¡± is based on ISO 9001. This leaves considerable latitude in how an effective and efficient quality management system can be achieved.
Despite this freedom of design, examination of the results of dozens of third-party registration and surveillance audit events shows that many organizations fail to address common issues that could be easily remedied.
Auditing to the process approach requires that the key processes identified by the organization must be presented on a process matrix. The matrix cross-references between the key processes and the related clauses and subclauses of the technical specification; these ¡°links¡± are often the support processes to the key processes, and it is expected that auditors check as many of the links as time permits. This article is intended to highlight common ¡°decouplings.¡±
The following summary, organized by ISO/TS 16949 subclause number, presents typical areas of nonconformance or audit weakness ¡ª and some easy fixes.
• 4.1 General requirements.
Organizations should implement actions necessary to achieve planned results and continual improvement of the processes.
Often process owners do not have detailed remedies in place to address the failure to meet measurable quality objectives. Even when the objectives are met, there is often no continual improvement project triggered to raise performance beyond the stated goals of the process.
• 4.2.3 Control of documents.
To avoid product/process issues, only the current documents are allowed at the work site.
Organizations are expected to regularly review, carefully scrutinize, and, if necessary, revise process documentation available to personnel. Auditors often discover obsolete documents because memos and post-it notes are used as ¡°band-aids¡± for revised documents.
• 4.2.4 Control of records.
Organizational records should be regarded as company assets and be managed to protect the company in the event of a product liability law suit.
Archival records practices are often poorly organized, and electronic media controls are not fully followed. For example, not all fields on a form have been completed, handwritten changes to records are not traceable to the individual who made the changes, and the master list of electronic records is incomplete.
• 5.3 Quality policy.
The policy is intended to serve as a guiding principle to be understood throughout the organization.
Employees can¡¯t follow the quality policy if they can¡¯t remember it, or if they don¡¯t understand how to follow it. When the policy statement is not well crafted or succinct, employees have difficulty using it as a guiding principle.
• 5.5.1 Responsibility and authority.
In most companies responsibility statements abound, but the definition of authority is regularly overlooked.
Clarifying the extent of each employee¡¯s power promotes timely and correct action. Look closely at job descriptions or procedural statements to ensure that both responsibility and limits of authority are clearly defined.
• 5.6 Management review.
Organizations should recognize that management review is usually a layered approach with daily, weekly, and monthly management oversight that should be documented.
The most common failure in this area is the lack of documentation of assumptions and conclusions in meeting minutes. Whether a meeting covers tactical, detailed reviews on the more dynamic aspects of the system, or strategic reviews of year-to-date performance, when documentation fails to provide detail of the discussions and conclusions, inefficiency can occur and quality can be compromised.
• 6.2.2 Competence, awareness, and training.
Organizations must record which quality procedures require training, that timely training occurs, and that employees demonstrate competence in all quality procedures.
Most organizations do not provide a clear definition of what training is required on quality system procedures, or if competence has been achieved in all procedures, particularly if they are new or revised.
Which policies, procedures, and instructions require training for each position? A simple training matrix or position checklist can easily address this. Records should demonstrate that each person has been provided initial training on these documents and given additional training when revisions are made.
Another area of concern is the absence of defined competency criteria for every position of the organization that affects product quality; employee records should note that evaluations not only occur as warranted, but also that actions address any deficiencies. Look at how often training is an action within your corrective action responses, when the training has been provided, and when it has corrected the issues.
• 6.3.2 Contingency plans.
Organizations should explain procedures for all reasonable crises.
What most organizations consider contingency plans are simply phone chains of whom to call in case of emergency. In fact, not all reasonable disasters are considered. ISO/TS 16949 anticipates that not only are detailed plans established, but that these plans are also tested for effectiveness before being rolled out. Personnel should be trained to act immediately, first to protect personnel, and then to safeguard the customer¡¯s supply chain. Periodic reviews and amendments should take place as circumstances change.
• 6.4 Work environment.
Inconsistent application of housekeeping standards are quality and safety issues.
Organizing the work site, then taking a photograph to record expectations, is one simple solution. Observing employees who do not consistently wear their personal protective equipment is another issue that can be easily policed.
• 7.2 Customer-related processes.
Organizations must determine all customer-specific requirements.
The onus is on the organization to determine all customer-specific requirements during the contract review process. A robust knowledge of a customer¡¯s needs and even potential requirements is an essential prerequisite for achieving customer satisfaction.
• 7.3.1.1 Multidisciplinary approach.
The failure mode and effects analysis (FMEA) tool and the process control plan must align.
The FMEA is rarely seen as a living, breathing document that captures all related improvement efforts to drive down the risk priority numbers. One cause of the underutilization of this tool is that training is not sufficient for process owners, engineers, quality personnel, and internal auditors on these five core tools: advanced product quality planning and control plan, FMEA, measurement system analysis, statistical process control, and production part approval process (PPAP).
• 7.3.6.3 Product approval process.
PPAP should extend to key suppliers.
Organizations generally follow their customer PPAP submission requirements, but they don¡¯t extend the procedure through to their key suppliers. The effective use of this tool can clearly communicate expectations to suppliers and get assurance from them of their capability to satisfy these expectations.
• 7.4.1.2 Supplier quality management system development.
Organizations should measure the quality systems of their suppliers using ISO/TS 16949.
The organization¡¯s plans to bring supplier systems in line with the same requirements that it is measured against is an important strategy. Supply chain management is an important factor in your manufacturers¡¯ success.
• 7.5.1.1 Control plan.
All system changes should be reflected in the control plan.
Control plans are excellent high-level descriptions of your operational controls; only when they reflect actual methods can they be the basis for problem solving and improvement efforts. Too often, auditors find weaknesses in the completeness of the control plan and in keeping plans current with all of the system changes.
• 7.6 Control of monitoring and measuring devices.
Organizations should review calibration procedures, particularly when conducted by outside laboratory services.
If controls over devices are not strong, a company may make faulty decisions about whether to change a process or product or leave it alone. Auditors see devices with past-due calibration, records not capturing the ¡°as found¡±/¡°as left¡± readings, and a lack of complete action when devices don¡¯t conform to requirements. In addition, calibration records provided by outside laboratory services are not always reviewed by the organization and appropriate actions taken.
• 7.6.1 Measurement systems analysis.
Organizations make potentially costly ¡°accept or reject¡± decisions when the inherent error in measurement systems is not fully considered.
Understanding the inherent error in your measurement systems leads to a full appreciation of the risks to customer satisfaction. These statistical studies are vital to assess the credibility of ¡°accept or reject¡± decisions, yet typically they have flaws for which little consideration is given. First, not all measurement systems (variable and attribute devices) listed on the control plan have been studied. Second, there are technical issues with them, such as not studying the devices across the working range, out-of-control ranges with no action to resolve them, and excessive error identified but no effort taken to address this risk.
• 8.2.2 Internal audit.
Organizations should use their audits strategically and avoid under-auditing.
Third-party audit findings and those of internal auditors often are not in sync. Third-party auditors find weaknesses that internal auditors do not find. One factor: Internal auditor training is typically weak, with insufficient initial and ongoing training. In many cases, these auditors are volunteers and the allocation of time to schedule, prepare, conduct, report, and follow-up is undervalued. With ISO/TS 16949 and the automotive process approach to auditing, we see internal auditors who do not understand the process approach and continue to audit by the element or clause, instead of assessing the links to other related or support procedures of the process under examination.
• 8.2.3.1 Monitoring and measurement of manufacturing processes.
Organizations should manufacture according to customer requirements.
Management should be vigilant in monitoring this clause. Auditors¡¯ samples of current capability compared to the capability submitted in the PPAP may find that short-term and long-term process capability (Cpk/Ppk) has deteriorated with no reaction.
• 8.5.1.1 Continual improvement of the organization.
Organizations should establish a project management structure to capture information from each continual improvement project and incorporate those findings into future efforts.
ISO/TS 16949 requires the organization to have a format or process for continual improvement projects. Each effort employs a stepped approach in which the organization forms teams to achieve a certain gain; then the project ends until a new team is formed to raise the bar further. Earlier project records serve as a springboard for new projects in the same area of improvement. Don¡¯t squander the resource.
• 8.5.2 Corrective action.
Because errors and changes ripple through the organization¡¯s cost structure,corrective action should be based on an effective problem-solving approach.
When an organization is not able to address an issue effectively, the problem recurs. A thorough root cause analysis leads to better decisions. Many organizations view corrective actions as unwelcome and inhibit the issuance of corrective actions. Remember that corrective action is simply one of the tools of subclause 8.5¡ª¡°Improvement.¡±
• 8.5.3 Preventive action.
Organizations should take time to look at the characteristics of processes over time, as well as any negative trends, as the basis of preventive action steps.
Preventive action deals with ¡°time series of data¡± issues and not ¡°one-off¡± events where corrective action is taken. Longer-term negative trends or the analysis of process characteristics over time, as subclause 8.4¡ª¡°Analysis of data¡± explains, is where opportunities for preventive action reside. There are many organizations that do not clearly define the conditions or triggers for the issuance of these actions and few if any of these actions are initiated.
The examples provided in this article are certainly not the only weaknesses most often observed; nonconformance can come from any process and all of the ¡°shall¡± requirements of ISO/TS 16949. However, take a closer look during your internal audits to see if you are at risk in these common pitfall areas.
» More Information 
