Responsibility and Authority
Management should define who is supposed to do what and who is in trouble if they don’t!
This is usually covered by a straightforward (or more complex) organisation chart which may or may not look like the process map we spoke of earlier. An external auditor should be looking to identify the key processes of the business and then wanting to talk to the person responsible for it, if this isn’t clearly defined, it makes their job harder and they won’t be happy. If they aren’t happy, you probably aren’t doing it right and making certification more difficult. If it’s hard to define a process owner, how can you expect a process to be effectively managed, reviewed and improved?
(The quality manager)
Management selects a suitable quality manager help them implement the QMS and report performance relating to both objectives and audit. Remember that quality isn’t something you just do when the auditors are in, it should be just an ordinary day demonstrating how you work, not how you think they want you to work. The ISO 9001 standard wants quality and continual improvement what you do, the management representative helps the management team achieve this, but they should all be involved in making this happen, appointing a management rep is not a fire and forget exercise, expect to be asked questions when an auditor comes to visit.
Management communication both up and down must be sufficient – this is usually demonstrated by audit – such as what is your policy?
In an electronic age anyone ought to be able to communicate policy to everyone within an organisation, if you are small you could leave policy by the kettle! Sticking this on your intranet might help, but think about effectiveness-does everyone really know what you are trying to do here?