The Quality Hub Podcast
Listen Below. Learn More.
ISO Certification –Effective Management Reviews
Episode 11 – ISO Certification –Effective Management Reviews
Episode 11 – How to Conduct Effective Management Reviews
In this episode, we’re joined by our guest Joe Hill who shares his invaluable insights on conducting an effective management review. Joe discusses the key purpose of the review and outlines strategies for involving pertinent stakeholders such as representatives from various departments. We delve into the critical risks and requirements that management must address to achieve optimal results.
Core Business Solutions publishes ISO Certification podcast episodes weekly. You can find more episodes here.
Episode 11 Key Content
Hello, everyone, and thanks for listening to the Quality Hub Chatting with ISO experts. I’m your host, Xavier Francis. I’m here with Joe Hill, manager of Audit Services here at Core Business Solutions. So glad you could be here with us again, Joe.
Thank you so much, Xavier. Glad I could be here today.
Today’s show entitled “Yeah, it would be great if you could get us those reports” where we will discuss How to Conduct an Effective Management Review. We’re going to look at leadership, stakeholders, corrective actions, and other aspects of the management review. If you’ve listened to the Quality Hub before, you may be familiar with Joe, but in case you haven’t, let’s just learn a little bit more about him. Can you tell us more about your quality journey here, Joe?
Sure. Well, I’ve been in quality for probably about 20 years now. I started out working for a certification body, one of the ones that issued the certificates. I was the quality manager there and worked for about 12 years in that industry. I always had a vision on the other side of the fence in the consulting world. So the opportunity arose and I joined CORE on the consulting side of the industry.
Been with CORE for about six years now. I work with ISO 9001, ISO 14001, and ISO 45001 and I’m also involved in the aerospace standards AS9100 and 9120 and right now I’m pretty much doing primarily the auditing.
Awesome. That’s great. Well, I know you and I started almost the same time. You’re a little bit before me, so I remember meeting you the first time when you were in the office. And it’s just been great ever since. So to get us started today, what is the real purpose of management review in assisting the leadership team?
Well, I’ve always considered management review to be one of the most critical elements of the management system. It’s the opportunity for the management team, the management rep, or the process owners to report on the performance of their processes and the overall system, provide data that may support acquiring additional resources, etc. And then for top management, it’s that opportunity to review if their investment in the management system appears to be aligned with and appropriately supporting their strategic direction of the organization and the overall business goals.
So you’re sort of getting a picture of the entire business from a quality management standpoint and any needs you might have in different sections of the business that are from the process owners of those things.
Exactly.
That’s good to know. So that’s leadership. How do you ensure that the management review process involves all the relative stakeholders?
Management review, It’s all about top management. So the standard requires that top management review the organization’s management system. So the primary participants would depend on who you define as the top management in your organization. Generally speaking, it would be anyone who falls under that C-suite, you know, the CEO, the CEO, the CFO, etc.. But the standard also dictates what information needs to be reviewed, which we will cover here in a little bit.
That will also help define who would be the appropriate people to participate and present that information. So in summary, the meeting is typically facilitated by the person with the overall responsibility for the management system attended by top management and others may need to be included to discuss particular issues where more detail is required.
Should all the relative stakeholders be present for a meeting?
You know, there have been some questions related to whether all of those relevant stakeholders need to be present and generally speaking, it’s a best practice and my recommendation. But you may be surprised to hear that a formal meeting is technically not a requirement.
That’s interesting. So they don’t say to have a management review meeting. They say to have a management review.
Exactly. And the word meeting does not appear in the standard under the management review clause. I’m not sure that’s a rabbit hole we want to dive into today. However, the standard only requires that top management review the management system and it provides the information that is required to be part of that review. However, the standard also requires that there be a record of these reviews.
So when you read it all and put it all together, a formal meeting with documented minutes is the best way to address those requirements.
So we’re not saying it has to be a meeting, but it should be a meeting.
Exactly. Exactly.
And we’re not saying it’s aliens, but it’s aliens. All right. You know, I mean, I guess there are other ways you could review it if you had to probably get everybody in one room or on one Zoom meeting or a combination of the two is the best way to do it, because you’re all going to be there and present and being able to have real-time back and forth.
Right. And in that perfect world, all relevant stakeholders would be available for a meeting. But if there are people who cannot be present, you just want to make sure that you’re able to share the minutes and any of the information that was presented with them and get their feedback and their input to include in the minutes.
Been talking with Brian Smith when we talked about the first part of the management review. Your outputs from a meeting are going to be your inputs at your next one. So anybody who has to do something is going to have to answer that.
Exactly. And, you know, one of the required outputs or inputs to the meeting is any actions that may be identified. And of course, those actions should have a responsible person assigned to them. So of course those people would need to be involved making sure that they’re closing out their actions, etc.. Yeah, there’s a there’s a lot that goes into the management review.
So to put it in a nutshell, people need to either be present or have some information from the management review that they can review, look at, and take any actions that they need to before the next meeting that you have. What documentation record should you be reviewing during the management review?
So again, the standard identifies what those inputs are that are required to be considered as part of the management review, and it includes six primary topics. First is a review of any actions that were identified at the previous management review.
So that was a be the outputs of that meeting are going to come into the inputs of this one day.
Exactly. So there’s just a running list of actions usually, but there should be a list of those identified actions generally captured in the minutes somewhere.
Right.
We also need to review your identified context issues for any changes. Now, this is going to relate to clause 4.1 in the standard that requires organizations to determine internal and external issues that are relevant to their organization and that affect its ability to achieve the intended results of the management system. So whatever method you have used to identify those relevant context issues should be brought to the meeting and reviewed for continued adequacy as well.
Okay. So basically it’s saying you need to make sure you’re looking at what you said you’re going to look at.
Exactly. Just make sure nothing’s changed for continued adequacy, accuracy, and suitability. That’s really what that’s about.
Okay. So when you get back to some of those stakeholders, some of the things you might be reviewing from them might be, do you have enough resources, machinery, equipment, humans?
Oh yeah. Oh yeah, Yeah, exactly. And it’s it is one of the required outputs that the standard has from the meeting is the adequacy of resources. So it should be discussed as one of the inputs as well as machinery, equipment, software, and human resources. Do we have enough resources in place right now? We also need to review your current risks and opportunities and the effectiveness of any actions taken to address those risks.
Now, this generally takes the form of some type of FMEA, which is a failure mode and effects analysis or a SWOT analysis which stands for strengths, weaknesses, opportunities, and threats. Or it can simply be a spreadsheet that identifies those relevant risks and associated action plans.
So you’re looking at again from a high level, hey, we just discovered some of these weaknesses in our systems. We’ve got a new player that’s doing exactly what we do. How are we going to manage these threats, these concerns, these needs in a formal way?
Exactly. Because the standard does require under clause 6.1 for organizations to identify risks and opportunities. Now, it’s a little tricky because technically if you read the annex of the ISO standard, it does not require a formal approach to risk management.