Internal Auditing, Auditors and Registrars

How did you handle this topic in the registration during your implementation?

  • Juniper - Internal Audits and Auditors

    Juniper Networks is in the process of implementing TL 9000 with expectations of obtaining registration in early 2004. They are a relatively small company with about 1500 employees. They were not previously registered to ISO and are implementing both ISO 9000:2000 and TL 9000 simultaneously. One of the main issues with their implementation early on was that their senior leaders did not appreciate the extent of involvement, participation and messaging to the rest of the organization required of them by the TL 9000 standard. They, at first, committed their support and buy-in, but then left the details of the implementation to others. As a result, the implementation efforts at first were difficult with people in the company thinking that this was an extra effort over and beyond "real work". Thus it was difficult for people to allocate resources to the extent needed for something viewed as "extra". This also impacted their ability to obtain and train an adequate internal auditor pool.

    They started out training 10 part time auditors from the Quality Department. They trained the auditors early so that they would perform process audits to understand the gap between existing operations and TL requirements and metrics. Once the senior leaders' participation and commitment became more robust, they were able to recruit about 20 other people. They expect to have an auditor pool of about 30 ongoing. About 10 of these people will be in the central quality group with the auditing responsibilities as part of their job and annual objective. The rest of the pool will be decentralized, and voluntary. This combination of a pool made up of centralized (part of their job) and decentralized voluntary gives them a great deal of flexibility. It provides a stability and level of SME expertise with the centralized people and flexibility, reduction in travel expenses, and a network of local advocates and SMEs in the decentralized portion of the pool. They also did not want a totally centralized auditor pool made up of people from the quality group because they did not want the auditors to be viewed and as “police force” of outside people. They wanted the function integrated within the business operations and something that the managers would use to help identify improvement areas.

    They have a single audit approach, strategy process and tools and aids that is maintained by the central quality department. This ensures consistency in results and focus even with the decentralized and voluntary auditors. They also use a mentorship program for new auditors to improve skills.

    They share audit findings across the auditor pool and with senior leaders at management reviews. The intent is more toward identifying best practices and replicating them in other parts of the organization. They have two types of audits—both audits on individual processes for TL conformance and effectiveness, but also whole system audits. Prior to registration they are concentrating more on the process audits-and will transform to more audits on the whole system after registration.

    Read the complete interview (PDF,20KB)

  • Lucent - Registrars

    In light of Lucent's initial registration strategy where decisions to register for TL were made locally, there were relationships established with multiple registrars. As part of the supply chain and then Lucent registration consolidation initiatives, Lucent changed to having a single registrar.

    The selection criteria included more than just cost:

    • What's important to the business (i.e., Lucent is global, therefore registrar should have a global reach).
    • Reputation
    • Years of experience
    • Was have a relationship already established with any of our units
    • Flexibility
    • Cost
    • Any existing relationship and potential risks/costs to discontinue
    • Registrar's knowledge of the company to waylay any issues due to complexity

    The process involved issuing and Request for Quote (RFQ) to a number of registrars; meeting with the respondents to clarify requirements and answer any questions and a final meeting with the finalists before the selection was made.

    Use the registrar often for confirming assumptions about requirements, testing logic and to see if there are any flaws in the company’s logic about TL 9000.

    Read the complete interview (PDF,20KB)

  • Siemens - Internal Audit

    Siemens ICN utilizes a centralized Internal audit approach. The Corporate Quality System Manager is responsible for leading the Internal audit team as well as assigning lead auditors. Internal auditors are drafted from each of the major organizations such as Engineering, Sales, HR etc. The Corporate Quality System Manager develops the audit schedule for each quarter. New audits are added to the schedule if a new program is deployed. An automated in-house Lotus-based, web-accessible system is used to track corrective/preventative actions. The responsible individuals address findings from internal audits. The auditor is responsible for reviewing the effectiveness of action/s taken and close the finding.

    Read the complete interview (PDF,17KB)