1 / 40

Effective Auditing of Purchasing & Subtier Supplier Control Processes

Effective Auditing of Purchasing & Subtier Supplier Control Processes. Boston, MA July 21 - 22 , 2011 Tim Lee, BCA Supplier Quality Manager & IAQG OPMT Chairman Sidney Vianna , DNV Business Assurance & AAQG Secretary. Auditor Workshop Boston, MA July 21-22, 2011.

stormy
Download Presentation

Effective Auditing of Purchasing & Subtier Supplier Control Processes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Effective Auditing of Purchasing & Subtier Supplier Control Processes Boston, MA July 21 - 22, 2011 Tim Lee, BCA Supplier Quality Manager & IAQG OPMT Chairman Sidney Vianna, DNV Business Assurance & AAQG Secretary Auditor Workshop Boston, MA July 21-22, 2011

  2. Voice of the CustomerGeorge Buswell, Director BCA Supplier QualityRegional Operations • Why the added focus on Subtier Supplier Control? • Observations • Expectations

  3. Why the added focus on Subtier Supplier Control? • Boeing’s business model • High Level Systems Integrator • Deeper Supply Chain • More complicated incoming product • Higher percentage of defects attributable to subtier suppliers

  4. Observations – What I have seen • Failure to understand contract requirements • Ineffective incoming inspections • Poor execution of FAI • Unwarranted delegation of inspection authority

  5. Expectations – CB Oversight • Be above reproach in complying with requirements • Focus on effectiveness - Take it personally • - Go the extra mile

  6. AS9100 Rev C Criteria • 4.2.4 Control of Records - The documented procedure shall define the method for controlling records that are created by and/or retained by suppliers. • 7.1.2 Risk Management - The organization shall establish, implement and maintain a process for managing risk to the achievement of applicable requirements, that includes as appropriate to the organization and the product • 7.1.4 Control of Work Transfers - The organization shall establish, implement and maintain a process to plan and control the temporary or permanent transfer of work (e.g., from one organization facility to another, from the organization to a supplier, from one supplier to another supplier) and to verify the conformity of the work to requirements. • 7.4.1 Purchasing Process - The organization shall ensure that purchased product conforms to specified purchase requirements. • The organization shall be responsible for the conformity of all products purchased from suppliers, including product from sources defined by the customer. • The organization shall evaluate and select suppliers based on their ability to supply product in accordance with the organization's requirements. Criteria for selection, evaluation and re-evaluation shall be established. • 7.4.2 Purchasing Information - Purchasing information shall describe the product to be purchased, including, where appropriate………… • 7.4.3 Verification of Purchased Product - The organization shall establish and implement the inspection or other activities necessary for ensuring that purchased product meets specified purchase requirements.

  7. AS9101 Rev D Audit Requirements • 0.2 Auditing Approach - When evaluating an organization’s quality management system, there are basic questions that should be asked of every process, for example: • • Is the process identified and appropriately defined? • • Are responsibilities assigned? • • Are the processes implemented and maintained? • • Is the process effective in achieving the desired results? • 4.2.2.8 Special Processes - b) Monitoring, Measurement, and Control of Special Processes - For outsourced special processes, the audit team shall verify that the organization’s supplier control process addresses these items accordingly. In addition, the audit team shall review the use of customer-designated sources, as required. • 4.2.2.5 Identifying and Recording of Audit Findings - The audit team shall record detailed objective evidence (e.g., reviewed procedures, shop orders, training records, products, verification records). The objective evidence shall be recorded on a standardized form [i.e., OER (see Appendix A)] or on the CB’s own documentation. In this case, the CB document shall meet the intent of the OER. • The results of effectiveness shall be recorded on the PEAR (see Appendix C) for each audited product realization process. • Appendix A - Objective Evidence Record (OER) • 7.4 Purchasing - Questions 219 through 250 Additional Information 9100 Support

  8. “Focus on the Process”If you audit subtier supplier control processes independently there is a risk of overlooking the interrelationships. Audit results may not add value.Examples of Control of Purchasing Processes Purchased Product Inspection Project Planning Risk Analysis Supplier Selection Purchasing Supplier Quality Surveillance & Performance Customer Supplier Records Management

  9. “Focus on the Process”If you audit subtier supplier control processes independently there is a risk of overlooking the interrelationships. Audit results may not add value.Examples of Control of Purchasing Processes Purchased Product Inspection Project Planning Risk Analysis Supplier Selection Purchasing Supplier Quality Surveillance & Performance Customer Supplier Records Management

  10. “Focus on the Process”Focus on auditing using a “Process approach” and the “hand offs”Examples of Interrelationships - Control of Purchasing Processes Purchased Product Inspection Project Planning Risk Analysis Supplier Selection Purchasing Supplier Quality Supplier Records Management Project Planning Risk Analysis

  11. “Focus on the Process”If you audit subtier supplier control processes independently there is a risk of overlooking the interrelationships. Audit results may not add value.Examples of Control of Purchasing Processes Buy Decisions Product Info Results Purchased Product Inspection Project Planning Risk Analysis Supplier Selection Purchasing Supplier Quality Surveillance & Performance Customer Supplier Records Management Audit Trail All Processes interact and process performance is dependent on effective “handoffs”

  12. Planning for an “Effective” subtier supplier control auditSidney Vianna, DNV Business Assurance & AAQG Secretary • Audit Planning: Provide guidance on planning an effective subtier supplier control audit • Audit Conduct: Establish audit trails, Know what to look for, focus on customer unique requirements, use lessons learned

  13. Planning for an “Effective” subtier supplier control auditAudit Planning • An effective audit requires upfront planning prior to conduct. • You must have an understanding of the client’s processes • How much product is purchased? • Raw material, COTS or complete end item • Inspection and Verification methods • How does supplier performance drive decisions

  14. Audit Planning Input Step 1 Step 2 Step 3 Step “N” Output • Do not forget the value stream approach to effective auditing: INPUT Customer who has a need OUTPUT Customer who has a need met

  15. Planning for an Effective Audit • Focus on the parts of the purchasing processes that relate to subtier control • For example, OASIS feedback loops, customer requirements, key characteristics management, critical items, outsourced processes, work transfers, notification of changes, reporting of nonconformities, doc control transmittal to subtier suppliers, etc… • Obtain process approach information and use this when planning the audit and establishment of audit trails

  16. OASIS feedback loops • From AS9101D

  17. Understand Subtier Control Requirements “…flow down to the supply chain the applicable requirements including customer requirements,”

  18. Remember: • For the subtier supplier to be able to perform adequate 7.2, the organization must perform 7.4 well… • In other words, without adequate purchasing information by a customer, contract and product requirements review will suffer…

  19. Customer requirements • It starts at contract review • The organization must perform effective contract review, including special attention to Customer Specific Requirements, as it relates to subtier control. • As a CB auditor, you must verify that “flown down-able” requirements are identified and the interface between review of requirements and purchasing is effective.

  20. 6081 SOFTWARE QUALITY PROGRAM PLAN REQUIREMENTS Customer requirements (sub-tier)

  21. Customer requirements (sub-tier)

  22. Customer requirements (sub-tier)

  23. Key characteristics & Critical Items

  24. Review of Supplier Performance • Are levels of control, e.g., increased incoming inspection, supplier audit, source inspection, etc. based on the periodic review of supplier performance? • Is data on supplier performance available? (AS9100C 8.4.d) • Is Risk being considered when selecting and using suppliers? (AS9100C 7.4.1.f)

  25. AS9131 might be invoked Customers may have specific reporting requirements Notification of NC’s

  26. Notices of change • notify the organization of changes in product and/or process, changes of suppliers, changes of manufacturing facility location and, where required, obtain organization approval First Article Inspection • FAI AS9102 Requirement

  27. Outsourced processes • The organization has to demonstrate that it exercises sufficient control to ensure that this process is performed according to the relevant requirements of AS9100, and any other requirements of the organization’s quality management system. • The nature of this control will depend on the importance of the outsourced process, the risk involved, and the competence of the supplier to meet the process requirements. Based on the nature of the control, it should consider the processes referred to quality management system for management activities, provision of resources, product realization and measurement, analysis and improvement. • Control MUST go beyond stipulation of requirements in a P.O. • The outsourced organization does not necessarily have to have a certified Quality Management System, but it has to demonstrate the capability of the previously mentioned processes.

  28. Outsourced processes • Remember that outsourced processes go beyond manufacturing processes and can include design development, verification and validation testing, prototyping, software development, warehousing and distribution, packaging (crating), etc… • Flowdown of requirements is CRITICAL. • Special processes must be validated and revalidated as necessary.

  29. Work transfers • Work transfers also present a challenge related to subtier supplier control. Especially because, many times, the transfer is done to a sister plant (within the same organization). • AS9100C 7.1.4 The organization shall establish, implement and maintain a process to plan and control the temporary or permanent transfer of work (e.g., from one organization facility to another, from the organization to a supplier, from one supplier to another supplier) and to verify the conformity of the work to requirements. • AS91007.4.2g) notify the organization of changes in product and/or process, changes of suppliers, changes of manufacturing facility location and, where required, obtain organization approval

  30. Planning for an Effective Audit • The type and extent of control applied to the supplier and the purchased product shall be dependent upon the effect of the purchased product on the subsequent product realization or the final product. • Criteria for selection, evaluation and re-evaluation shall be established.

  31. Reflection – What have we learned That’s right it’s time for a:

  32. Quiz • As you audit an organization’s supplier evaluation process, you notice that the only type of oversight they do onto their suppliers is an annual, one-page, self-directed survey, with basic questions about their QC program. • Some of the products this organization buys contain Critical Items. • Is this method of subtier supplier control adequate?

  33. Quiz Organization XYZ (a build to print shop) accepted a contract from an AAQG Member Company to manufacture a Pulley Bracket Assembly that also included a casting detail part. Since the organization did not have capability to produce castings, they planned to purchase this detail part. The source selection team decided to use a local casting supplier they have used in the past for their John Deere tractor contracts. “They have an excellent quality rating!” Note: The casting required NDT (Penetrant Inspection and Radiographic Inspection) prior to part acceptance. • Can a commercial subtier supplier be used to fabricate this product? Why or Why not? Any concerns? • What flowdown requirements would you expect to see in the contract to this subtier?

  34. Quiz • Client Acme Tool and Die has accepted a contract from an AAQG Member Company to manufacture a chrome plated shaft part. The member company has included an AS9102 FAI requirement in the contract. Since the organization did not have capability to chrome plate the part, they planned to use an approved plating source and perform the FAI inspection activity after receipt of the part from the subtier. • What flowdown requirements would you expect to see in the contract to this subtier? • Any issues with the FAI being completed after processing?

  35. Quiz • Upon review of ABC’s management review records the CB auditor noted that they had completed an improvement project in their Receiving Inspection Department. The problem statement related to improvement of flow time and assuring timely delivery of purchased product to the shop floor. When asked about performance, the QA Manager stated: • “We hired a sharp QE that helped us implement statistical sampling inspection strategy and a new supplier delegation program”. • “We implemented these two changes and we reduced our bottlenecks by 95%” • “The product doesn’t sit in a box on the dock, it goes straight to the shop floor” • Do these methods conform to AS9100? • What are some of the audit trails you would follow to verify conformance?

  36. Lessons Learned • Change is constant and this includes Client’s purchasing activities and changes at their subtier suppliers • Outsourcing due to Cost Pressures increase risk (Use of Foreign Sources) • Quality representatives may not be actively involved in the purchase contract process, therefore adequate quality requirements may not be flowed to suppliers. • The organization’s supplier quality team may not be conducting contract reviews with their subtier suppliers to ensure that the subtier supplier understand requirements. • Additional focus on three critical areas will help an organization mitigate the potential risk for Non-conforming Product being received from a subtier. They include: • Requirements Flow down- Requirements are understood and flowed down to the appropriate levels of the supply chain, including critical subtier suppliers • Supplier Selection- Suppliers must have the right capability and capacity to understand and perform the work and/or manage their subtiers (tier 2, 3,4) to do so • Verification of Purchased Product- Organization must perform regular oversight of their suppliers to verify requirements are being meet, including a review of the Supplier’s subtier control process

  37. Auditor Resources • Supply Chain Management Handbook • Chapter 2 Contracts Reqmts Flowdown • Chapter 8 Supplier Quality • ISO 9001 Auditing Practices Group • Auditing the Procurement • and Supply Chain Processes • Customer Web sites • Boeing - Doing Business SCMH 9001 Practices Boeing Doing Business

  38. Summary • Upfront planning is key to success • Focus on the “process” • Use results data to drive your audit trail • Understand customer flow down expectations • Add value to the organization by conducting an effective subtier supplier control audit • Continue the “Learning Journey” use the resources

  39. Good Luck! • May “The Force” be with you…..

  40. Good Luck! • May “The Force” be with you…..

More Related