I've been a bit behind on the blog posts lately, and wanted to get back into the swing of things with a few ideas on one of the most central and critical components of any Compliance System, whether Quality Management, Environmental Management or Health and Safety Management. I'm talking about Corrective Action - CAR, C/A, CAPA - whatever you like to call it. Psychology states that the more names we have for something, the more important it is in our society. While society at large is not espousing the benefits of CAPA/CAR/CA/Corrective Actions, it certainly is a core piece in our business world.
Corrective Action is the way in which we go about identifying, correcting and mitigating systemic issues in compliance. I've often spoken of it as the "heart" of the Compliance system, and I still hold true to that. All things fall to a Corrective Action, and many improvements fall out of the results of the Corrective Action. In this day and age, technology comes into play when you are looking at building Compliance solutions. Corrective Action is certainly a part of this, and I would like to outline the 8 things I think Corrective Action Software should accomplish.
1. Workflow for All Types of Corrective Actions: Workflow is a core necessity when automating your Corrective Action process. Workflow, whether automated or manual, keeps the work at hand on track and ensures that you are keeping to your timeline and scope. There is a varying opinion on whether Corrective Actions should be harmonized to a single workflow, or follow multiple workflow type based on the type of Corrective Action. I would say that the answer is "yes" - you should have the ability to either use a single workflow, or multiple based on type - it all depends on the business decision. However, a Corrective Action stemming from an Internal Audit may follow a different workflow path than an External Audit or a Customer Concern. The point is that the solution should have the ability to enable different routing options or different phases in the workflow based on the type of event. Safety Events may not be treated the same as Quality Events; the key is to have the flexibility to route the process accordingly.
2. Integrating Adverse Event Data Directly with the Corrective Action: No one wants to enter data twice, especially when it comes to compliance. Any adverse event should be able to be automatically linked to Corrective Action if possible. That way, as you enter the information about the event, you can inherit the data directly from the form should you determine it needs to be opened as a Corrective Action. Furthermore, having a connection between source data and Corrective Action data provides a level of traceability within your system that will help you in reporting, and visibility into audit data. Look for a solution that either has the ability to record adverse event data (Complaints, Incidents, Nonconformances, etc.) and link directly to or import directly to the Corrective Action form. It's a time-saver, and provides you with better visibility on the back-end of the process.
3. Ability to Conduct Initial Investigations and Immediate Corrections: Not everything needs to be a Corrective Action. It's often common to create a Corrective Action for every adverse event, and this tends to cause bottlenecks in the process. You may end up with more Corrective Actions than you may need. Corrective Actions are reserved for systemic issues arising out of a critical adverse event. Corrective Action is designed as a process for correcting these types of process inconsistencies, not for occasional minimal events. Most events, if not systemic in nature, can often be corrected immediately and closed. One interesting feature to look for is the concept of a Corrective Action Investigation Record, or Corrective Action Determination. This is like a "pre-Corrective Action" that allows you to look at the event, and make a decision on whether to correct immediately or if a further investigation is required. Having this intermediary process helps to save time on a full-blown Corrective Action, and helps to minimize the number of Corrective Actions in the system.
4. Filtering Corrective Actions by Priority/Risk: Addressing Corrective Actions is an important part of the compliance process. However, many organization still use "time" as the driving factor in where to start. "What is most overdue, or approaching overdue?" is a common metric in this sense. However, you could have more critical Corrective Actions that require immediate attention, and if you are prioritizing by due date, you may not get to them in time. Look for a Corrective Action solution that will allow you to conduct a filtering process to prioritize the Corrective Actions by their criticality. In this instance, Risk Assessment works really well. Whether you use a Risk Matrix (severity and frequency), Decision Tree, or some other metric, the idea is that by assigning a level of criticality to the event, you can take action on those events that have the greatest impact - or pose the greatest risk -to the organization.
5. Building Action Plans into the Process: Corrective Actions are designed to be an efficient means of systemically looking at critical events and joining all forces to bear down and correct them in a meaningful and effective way. This does not happen with just one person; many individuals and roles may be involved in the Corrective Action process. There is a good deal of Project Management that might go on during a Corrective Action, depending on the level and type of actions being taken. Look for a system that helps to build Action Plans for completing the Corrective Action. This is a plan that enables you to set deliverables, actions, and assign roles, with business rules in place to complete the tasks set forth. That way you can ensure that you are organizing the project effectively, and keeping the Corrective Action process on track and within scope.
6. Measuring Effectiveness: Part of the Corrective Action process involves root cause analysis and corrective action, but it also focuses on measuring effectiveness. This is ensuring that what we did to correct the issue is effective in its purpose. Many times this can be a manual task (visual inspection, audit, etc), but there needs to be a way to demonstrate the effectiveness within the system. Look for a system that allows you to conduct quantifiable effectiveness on a Corrective Action. This can be direct linking to inspection or audit findings, or even a risk assessment on the process. Risk assessment is a good benchmark because it asks, "Did we reduce the risk of recurrence to within acceptable limits?" If not, we may need to go back and review to try and further minimize the risk.
7. Linking Corrective Action Results to Change Management: Corrective Actions will ultimately result in changes. Whether related to processes, products, designs, training or others, there is usually some sort of management of changes stemming from Corrective Action processes. Just as you would link source events to the Corrective Action process, so too should Corrective Actions be linked to Change Management processes. This way, you are creating a level of visibility and traceability from the Corrective Action to the changes and continuous improvement activities you've created as a result.
8. Traceability and Reporting of Corrective Actions: Last, and certainly not the least, is the ability to track and report on the Corrective Action system. As we stated earlier, a lot of data passes through the Corrective Action system, and managers need to know the overall "health" of the Corrective Action process. Having the ability to aggregate the data and look at reports related to Corrective Actions helps to give insight into the process. Overdue records, open Corrective Actions, top Corrective Action risks, and more can offer trending and analysis opportunities to provide visibility into the overall health of your Compliance efforts. Furthermore, traceability is another concept that is important to Corrective Actions. From the source event to the resulting changes arising out or a Corrective Action, there is a "story" that provides evidence on how Corrective Actions have been addressed. Having the ability to generate a report that displays the entire life of the event is a valuable method for demonstrating to an auditor on the compliance of your system. Look for a system that can generate a Corrective Action Report that provides this "unbroken chain" of events.
Each organization is different in how it approaches the Corrective Action process. Some are simple, some are more involved. Whatever the case may be, the core concepts remain clear - Corrective Action is designed to identify and correct systemic issues within the Compliance System. These are just some things to consider when you look at implementing a Corrective Action Software Solution - follow these, and you can streamline the process and help foster compliance in the organization.