Enterprise software solutions have become commonplace, and in many organizations, quality management systems (QMS) are a strategic priority.
ADVERTISEMENT |
This article will cover five things that you can build into your QMS that will enhance your ability to extend quality to the rest of the organization. It will consider the benefit of flexibility, process traceability, risk-based thinking, and building visibility to create better reporting metrics.
1. Flexibility to adapt to your processes
One of the most important considerations is the ability of the system to adapt to your existing business processes, and be flexible enough to change as your processes improve. This may seem like a simple statement, but many times software vendors build their systems around a generic, best-practices approach that cannot be changed without substantial time and cost. These vendors want you to adapt your processes to their software, not the other way around. If your company has spent years developing and fine-tuning business processes, and upon purchasing a software system, you find yourself re-engineering your proven processes to fit within the software system’s limitations, you have compromised your efficiency. An effective QMS will mold to your business processes, not the other way around. You should not spend your time trying to adapt your processes to technological compromises.
The QMS should be configurable by the end user—you should be able to configure items like:
• Workflows and forms
• Report templates
• Audit checklists
True flexibility will give you maximum value from your investment, since it’s what allows you to make adjustments as the business evolves.
2. Traceability
Although it’s important to get people enrolled in the quality process, the process itself also needs to be connected. When speaking of things as “connected,” I mean that when we build our processes, we need to make sure that they relay information from one place to the next. What we want to make sure is that related information from one process should feed into the next so that no information is ever lost. A customer complaint is a good example. We are all probably familiar with the post-market feedback that comes into our organizations—usually complaints—that we need to address. Typically, a complaint is assessed and then handed over for investigation. In a connected process, you can inherit the information automatically from the complaint to the investigation. There’s no manual re-entering of information—it’s automatically there. If we deem this to be a systemic issue, is that information automatically moved into the corrective action process? Is the information inherited? This is all about moving information seamlessly from event detection to event correction. But it goes beyond that—once we’ve made the corrective action, how do we take that information, report on it, and drive change in the organization? These processes touch different parts of the business, but in an operationally efficient organization, it’s all connected in one “story of quality.”
In a desired state, you want the process aligned, harmonized, and standardized so that everything is connected from start to finish. No data or information is lost, and the full story is there. But what about the critical component of demonstrating this story to someone who’s looking at it, like an auditor or inspector?
This is why having a connected set of processes changes the game. In a desired state, you want an inspection-ready method, so that when an auditor asks, you need only pull up a report that shows the entire story—how the complaint came in, what did you do to investigate it and take corrective action, and what resulting actions or changes came out of it. This is what operationally excellent organizations do, and this is what’s desired.
It’s about visibility and control throughout the life cycle of quality. In other words, from the moment we detect an event (whether it’s customer-related, product-related, process-related, or customer-related) to the point at which we investigate and correct that event, to the involvement of external parties such as suppliers, to the reporting and improvement of that product or process, a system must exist to track everything keep it all in one place. Siloed and disparate information will not do, and that’s part of the dynamic of ISO standards—enrollment, involvement, and visibility.
3. A risk-based thinking approach
One of the most common things I’m asked is, “How do I start identifying my risks?” First, you need to examine your operations, seek out potential hazards within those operations, and categorize them.
How do you do this? By asking.
You can survey and audit your operations, like you normally would, but be sure to figure out the potential hazards from all areas of the business. Think about the problems that could occur, and how likely they are to occur. You’ll probably get a lot of hazards, and a host of probabilities. The key is to collect and analyze the hazards and then categorize them. This is called a taxonomy of risk—general areas of hazard types in broader categories. From there, you can make better sense of everything. Then, you can create general scales of severity of hazards and their frequency (i.e., their likelihood to occur). Then you can have more variability, but it’s the easiest and most logical way to identify and organize the overall risk levels.
The next step is to calculate your risk. There are several ways to assess risk, but the bottom line is that you’re doing the calculation on the components to quantify the risk. When doing this, keep in mind that risk evaluation and risk assessment are not automatic. Math is tricky; it doesn’t always solve the problem, especially in operations. Too often, we hear of people implementing risk assessment tools that calculate risk, and they just leave it to the tool to determine the risk. The reality is that the tool is there to help guide your decisions and risk calculations, but the ultimate decisions on how to handle risk should come from people. The tool is there as a guide, but most people will test their risk tools with real-world data. This is done by gathering as a team and reviewing risk calculations to confirm that the calculations actually reflect what would be done in the real world. Some tweaking to the math may be necessary, but the treatment of risk should be understood as a combination of people, process, and tools.
The next step is to determine what you’re going to do if there is a risk that needs to be mitigated. This is where a cross-functional team comes in handy to review the different risk outcomes, and then determine how you’re going to handle different risk levels.
Risk treatment typically falls into these broad categories:
• Acceptance. Leave it if it’s worth the risk.
• Reduction. Take steps to mitigate the risk.
• Compensation. Take steps to insure yourself against the risk.
• Transfer. Outsource the risk to a partner or supplier.
• Avoidance. Stop the process altogether.
Each company has a different way of treating risk, and it’s up to your team to determine how to properly interpret risk levels. Once you do that, you need to take action. This is where you need to incorporate your quality management processes to the dynamic. You can kick off corrective or preventive actions based on a risk level or risk treatment. You can also launch actions from risk levels, taking specific management of change, or action plans to address the issues. Finally, you want to have reporting in place to analyze risks over time, so you can see where your top risks are and how you are doing overall as an organization in mitigating risk.
4. Integration
Operational areas no longer live in silos when it comes to business systems. Whether they are production systems, financial systems, or quality systems, the ability to interact, collaborate, and coordinate across the business is key to uncovering any gaps in processes. This also creates visibility from one operational area to the next. It is of paramount importance to be able to integrate your systems; when looking to select a system, keep in mind the integration options available within the solution. Avoid solutions that claim integration, but will only do basic integration “lookups.” Although this is powerful and eliminates some degree of data double-entry, true integration will not only pull data in from production systems, but it will also push data back to those systems, such as nonconformance issues, overall cost of quality activities, and more.
Having true integration can give your business visibility into other systems within the enterprise, allowing for faster resolution of quality issues, no lost production, and better collaboration between operational areas.
5. Reporting
When you automate using a QMS, there is an enormous amount of data created. Without some means of easily accessing the data, the QMS makes it extremely difficult to derive trends and insights on the quality system. Users are left to their own devices to manually filter out the data, or even export the results into an external system for reporting. This is a time-consuming effort, and can lead to time management issues in finding, filtering, and reporting on the data. Software systems will often offer some means of search capabilities, but this comes in many ways and may require administrative intervention.
Having search capabilities is often not enough—the system should be able to search not only at the highest level, but also search on multiple criteria and within records, or even within attachments embedded in records. At the same time, reporting on the data comes in many flavors. Reporting is a driving factor in getting the right information to management. Without the ability to report on the data and create visibility into key performance indicators (KPIs), management will be blind. Reports requested by management need to be created quickly, so look for systems that let users create report templates quickly and effectively. Furthermore, make sure the system either has its own proprietary reporting tool, or seamless integration into your existing tools. Often, having systems that outsource reporting to a third party requires a separate license for the reporting tool, as well as a steeper learning curve for the administrators and users, which can drive up the cost to purchase the system.
Having a robust search is important to the success of a QMS. For reporting, the ability to have an integrated reporting tool built into the system is important, not only for ease of use and to eliminate jumping from one application to the next, but to also avoid the administrative costs associated with maintaining and upgrading the third-party tools. One test of a truly integrated reporting tool is the ability to go directly from a graphical chart generated by the report tool to the actual quality records represented by the chart with just a few clicks.
Closing thoughts
There’s a lot going on these days—we have a new level of complexity in the marketplace and it won’t get any easier. Quality management is about people and processes, but when you add the concept of technology, you now have a platform for automating the way people interact with the processes and each other. Look for a QMS that is flexible, provides traceability, incorporates a risk-based thinking approach, integrates with other systems, and provides a robust reporting tool. These five capabilities are the first steps toward meeting your quality management goals.
For more information on this topic, please join me and Quality Digest editor in chief Dirk Dusharme for the webinar, “Five Things Your Quality Management System Could Use Right Now (and Five Ways to Get It),” on Tuesday, Dec. 12, at 2 p.m. Eastern, 11 a.m. Pacific. Click here to register.
Add new comment