Posts Tagged Supplier Quality Management

The Vendor Audit Agenda: Where to Spend Your Time

This blog discusses the importance of reviewing previous quality issues, and specific areas where the author likes to spend his time during a vendor audit.

When you attend a lead auditor course, the focus is on Quality System auditing. However, when you perform a supplier audit—the Quality System is not the focus. The focus of a supplier audit can fall into two primary categories: 1) qualifying the supplier, or 2) re-evaluating the supplier.

Suppliers are not required to have a registered Quality System. Therefore, many of the things that an auditor might learn about audit agendas in a lead auditor course just don’t apply. However, one thing always applies: reviewing previous quality issues. When I audit internal auditing and supplier auditing programs, I find that one of the most common mistakes is failure to close-out previous nonconformities. Therefore, the second section of my audit report template is a review of previous audit findings. If you have no previous findings, ensure your audit report states that. If you are qualifying a new supplier, ensure that the new supplier doesn’t have the same problems you are having with current suppliers.

When you close the previous issues, there are two approaches. The first approach is close previous issues at the beginning of the audit—immediately after the opening meeting. This is the most common strategy. The second approach is to close previous issues as you audit the applicable area. For example, if you have previous issues in the area of incoming inspection and maintenance records, it might make sense to close these findings when you audit these areas. The advantage of this second approach is that it ensures that the process owner is closing the previous finding and facilitates the sampling of additional records.

What has little value in the supplier audit agenda? Auditing the Management Review process has the least value, because the supplier is not required to have a Quality Management System. In fact, subcontractor audits for BSI never include management reviews, CAPAs or internal audits—the three required areas for every quality system audit.

Most Valuable Areas to Audit?

Incoming inspection, control of nonconforming materials, preservation of product, production controls, training and process validation are the areas I typically audit. I like to start in the nonconforming material area and see which materials are on hold. Then I like to sample the incoming inspection records for those raw materials. Next, I like to see how the company is storing those raw materials—if they are accepted. I typically cover these three areas as one process audit. This also happens to be the process audit I like to use for training new auditors, because the audit of incoming inspection results in numerous audit trails in the support process areas of document control, training, calibration, etc.

The next area I will visit is the production area. For this portion of the audit, I am doing a process audit of the production process. I usually request that we schedule the audit for a time when the production area is actually running the product(s) of interest. A process flow chart is helpful in planning this portion of the audit, and I will often write some notes directly on a copy of the process flow chart.

I conclude the audit with follow-up trails in the areas of: 1) document control (to ensure the supplier has the most current versions of all documentation “we” provided), 2) calibration (to ensure that all  measurement devices used for inspection are calibrated), and 3) training (to ensure that all personnel working on “our” product are properly trained).

Since I do not have to spend time on Quality System issues during a supplier audit, I spend more time sampling records in the other areas. Therefore, I might sample 5-10 records in each of the above areas instead of 3-4 records. In fact, if the number of samples available to sample is small, I may even sample 100% of the records.

Posted in: Supplier Quality Management

Leave a Comment (2) →

Supplier Management: Who Should Be Conducting Supplier Audits in Your Company?

This blog reviews which an important supplier management issue; which personnel should be conducting specific types of audits for the company.

Today, I would like to start by asking a question: Who does supplier audits at your company?

I believe that there are three primary purposes for conducting supplier audits:

1) “For cause” audit, where the auditor is investigating the root cause of a nonconformity

2) Qualification audit, where the auditor is assessing if the supplier should be added to the Approved Supplier List (ASL)

3) Re-evaluation audit, where the auditor is verifying that the supplier is maintaining proper production controls

The problem with these three audits is that most companies send the same people—regardless of the purpose. Usually companies send a purchasing manager or a supplier qualify engineer to conduct supplier audits. Occasionally, the two will do a team audit. Resources for auditing suppliers are tight in most companies. Therefore, I do not recommend this “one size fits all” approach. Instead, I believe that each purpose should be matched up with a specific type of auditor.

“For cause” audits need a supplier quality engineer who has strong investigational skills and will be able to identify the root cause(s) of a nonconformity. The auditor should also be capable of training the supplier on how to respond effectively to a Supplier Corrective Action Request

Qualification audits are ideal opportunities for a team approach. There are quality issues to consider, but there are also financial, scheduling and capacity issues. A cross-functional team approach works best in this case. A team also reduces the potential for biased individuals making inappropriate recommendations.

Re-evaluation audits should not be conducted by purchasing or supplier quality engineers. The reason is that neither position is typically responsible for performing incoming inspection. If you don’t perform inspections regularly, you may not be aware of all the problems to search for. Therefore, I recommend using QC inspectors for this activity. QC inspectors know exactly which quality issues have been found recently, because the QC inspectors identify the defects during incoming inspection, in-process inspections and during final inspections.

I don’t think that my approach to “For Cause” or Qualification audits is unusual. However, using QC inspectors to perform supplier audits is uncommon. There are two other reasons why I believe companies should consider this approach. First, inspectors would get a rare opportunity to go on a business trip and be reimbursed for the travel. For those employees that rarely travel, this can be an opportunity for recognition by management and a perk (i.e., – free meal, lodging and travel). Second, supplier quality engineers could easily fill in for a QC inspector to become more familiar with parts and components, as well.

Posted in: Supplier Quality Management

Leave a Comment (3) →

Taking a Risk-Based Auditing Strategy for Evaluating Suppliers

This blog makes the case for taking a risk-based auditing strategy for evaluating suppliers.

None of us has unlimited resources. In fact, the pendulum has swung so far that “do more with less” has now become “do everything with nothing.”

Here’s a familiar situation…During your most recent annual surveillance audit, the auditor gave you the bad news…“The Canadian MDR requires that you audit critical suppliers that do not have ISO 13485 certification, and these two contract manufacturers should be added to the critical supplier category.” Once your blood pressure drops enough, so that you are not in immediate danger of having an aneurism, you might think to ask your auditor how frequently these audits need to be performed. Most auditors will allow a three-year cycle between supplier audits, but this is because of the three-year recertification cycle.

Your company should really adopt a risk-based strategy for evaluating suppliers. For high-risk suppliers, an annual or six-month cycle is appropriate. For moderate-risk suppliers, biannual or three-year cycles might be more appropriate. A supplier I audited recently told me a story that illustrates this concept.

Their company noted that the FDA was inspecting them every seven years—instead of every two years (FDA’s goal for Class 2 devices). The FDA investigator explained that the local office only had enough resources budgeted to perform 50 inspections per year. Each year, they start at the top of their priority list and work their way down the list. Each year that this company fell below the 50-company cut-off, the company moved up the list for the next year. It took them about seven years to reach the top 50.

In your company, you have a limited number of Supplier Quality Engineers (SQEs) that are available to audit your suppliers. Since SQEs have lots of other job duties, in addition to on-site auditing, I recommend the “Take 5” approach. What I mean is: 1) prioritize your list of suppliers based upon risk (including how long it has been since their last audit), 2) pick the top five highest risk suppliers and schedule those audits throughout the year, and 3) hire another SQE for every fifteen suppliers (five supplier audits/year/SQE x three years/cycle = 15 supplier audits/SQE/cycle) that require onsite auditing. The number “5” is arbitrary, but “5” is in the right order of magnitude.

SQE’s are responsible for monitoring supplier performance, issuing Supplier Corrective Action Requests (SCAR), follow-up on SCARs, updating drawings, communicating revision changes to suppliers and qualifying new suppliers. If an SQE is doing more than five onsite supplier audits per year, it will be important for these suppliers to be local. Otherwise, these valuable employees will get burned out fast.

Review your own Approved Supplier List (ASL) and ensure you have properly identified “critical” suppliers. Review your supplier evaluation procedure to ensure that it gives you the flexibility to revise the audit frequency on a risk basis. Finally, review your SQE resources…hiring, recruiting and training a new SQE every two years will cost as much as adding an SQE when the ratio of supplier audits per auditor has exceeded the magical number “5.”


Posted in: Supplier Quality Management

Leave a Comment (0) →

Get every new post on this blog delivered to your Inbox.

Join other followers:

Simple Share Buttons
Simple Share Buttons