Management Reviews: 5 Reasons Why Bosses Should Love Them

It doesn't matter whether you call it the management review, management evaluation, or the QM evaluation because these terms are synonymous. But if you don’t perform one, you’ll jeopardize your certification.

Nevertheless, bosses shouldn’t see the management review as a regulatory evil, but as a tool that can be very useful for them. For five reasons, as this article will explain.

 Tip

Further down you can find a template for download. This makes documenting your management review even easier and ensures that you meet the regulatory requirements.

A) What is a management review?

An organization’s “top management” must regularly – at least annually – assess whether the organization’s quality management system is still effective. This means bosses must check whether their QM system is working and thus ensures that:

After all, the health of patients, users and third parties is at stake.

If top management discovers that the QM system is no longer (sufficiently) effective, they must take actions immediately because standards and laws oblige them to have a compliant QM system at all times.

In addition to customer feedback, the management review is one of the most important feedback processes with which a company finds out how efficient its QM system is and whether the company is achieving its (quality) goals.

B) Whose job is the management review?

The standards speak of the "top management of the organization" responsible for the management review. To find out who is meant by this, two questions need to be answered:

  1. Who is the organization?
  2. Who is its top management?

a) Organization

The QM systems defines who the organization is. Typically, it is a company.

But sometimes, an entire group of companies has a common QM system and should therefore be understood as an organization. Sometimes only a part of a company forms this organization, for example, a department, a location or just the departments that develop, produce and sell medical devices.

b) Top management: Who has to carry out the management review?

The person or persons who run this organization form the “top management”. This is the boss, the managing director, the general manager or CEOs.

The implementation of the management review and the responsibility for it is the sole responsibility of this top management. They can get support with the preparation and follow-up. But the delegation of the management review is not allowed.

 Attention bosses!

You cannot and should not assign your brainwork or your responsibility to your employees or even to third parties. Management review is your job. And only yours. Leadership is and remains the task of leadership.

In the next section, you can read why you should never give up the opportunity that the management review gives you.

C) Top 5 Reasons for Management Review Reason

Reason 1: finally understand what is really going on

Some managers have partially lost touch with reality: with customers, employees, and suppliers. They live in a world of meetings that have sometimes become ends in themselves.

The management review helps with the reality check: "Face the brutal facts". It helps to direct one's gaze to the bare and unadorned facts and figures of one's own company and to recognize all the deficits that can no longer be found in aggregated financial figures:

  • What do customers really think of the company and its products?
  • What are the real problems with the product quality?
  • How do employees think, and what do they dare to say behind the scenes?
  • How loyal are the suppliers to the company, and what is the quality of their products?

Reason 2: better position the company, minimize risks and take advantage of opportunities

The management review forces the top management level to pause and reflect at least once a year:

  • How good are we really? Where is the competition overtaking us?
  • What weaknesses do we have in our products, processes and our culture?
  • What are the previously unknown risks?
  • Where are previously unused opportunities?
  • What goals should we strive for?
  • How could we improve our QM system so that it does not block but help achieve goals faster and more reliable?

Management review and strategy development go hand in hand.

Reason 3: Becoming an effective leader

The effectiveness of leadership stands and falls with the effectiveness of its communication. A good management review report explains in a comprehensible manner to the entire company,

  • what the company goals are,
  • where there are deficits that need to be addressed and why,
  • what is going well and should be celebrated and what the team can be proud of,
  • What actions are required and their priority levels

Coherent communication helps the entire company to align itself and thus to understand better and achieve its goals. It is precisely such communication that is a hallmark of good leadership.

At the same time, the management review justifies communicating even unpopular decisions.

Reason 4: improving and increasing value of the company

Smart management understands that the QM system is a valuable tool to structure the company and independent of individuals' heroic achievements. This, in turn, increases the value of the company, e.g. for potential buyers.

A manager who thoroughly carries out the management review signals to employees the importance of the QM system, strengthens and encourages the QM Representative, thus helps to increase conformity with the requirements of the QM system and this reduces regulatory risks and potential patient harm.

Reason 5: saving time

A good management review doesn't cost extra time. It even helps to save time:

  • The top management should communicate with the team independently of a management review, for example, about new goals and the achievement of goals.
  • Even without the management review, management should do its strategic homework. This means there is no additional effort.
  • Smart decisions save management from complex escalations.

D) Carrying out the management review properly

The management review is a procedure that, like any procedure, transfers inputs into outputs.

1. Inputs: what does top management need to know and be aware of?

Top management needs information to evaluate its own QM system and decide on the required actions.

Usually, the quality management deputy helps the top management compile and consolidate this information.

This information comes from both within and outside the company.

External sources of information

External sources of information include:

  • New and amended regulatory requirements
  • Customer feedback including customer complaints
  • Information on the safety, performance and effectiveness of the device in the worst case from authorities
  • Information on competitors and suppliers
  • Audit reports from notified bodies

Internal sources of information

Companies have a wide range of internal sources of information:

  • Implementation of actions
    • Corrective actions, including actions taken as a result of internal and external audits
    • Preventive actions
    • Recommendations originating from the internal suggestion scheme, from internal and external audits
    • Actions defined in the previous management review
    • Training
  • Monitoring of processes and products
  • Internal changes
    • Organizational structure and process organization
    • Quality management system
    • Product range
    • Hiring and departure of employees
    • Purchase and sale of parts of the company
    • New locations
    • Quality policy, quality objectives

2. Output: the management report

The result of the management review is a report, which some call the management report or management review.

This report includes a description of:

  1. The data incorporated into the management review
  2. Who conducted the management review, when and how?
  3. The results and an evaluation of these data
  4. The actions that top management deems necessary

The management report concludes with a final of the organization’s QM system.

Findings

The management should use the data to answer the following questions:

  • How well do we meet our customers' requirements? What can we do to increase their satisfaction?
  • How satisfied are our employees?
  • Are we satisfied with our suppliers? How satisfied are they with us?
  • How compliant are we with regulatory requirements?
  • Is our company well positioned, are there untapped opportunities or risks that need to be better controlled?
  • Have we improved or got worse in the last period with regard to the above?
  • Do we need to take actions and if so, what action?

Examples of actions

Typical actions include

  • The quality management system:
    • Review of the quality objectives and the quality policy
    • Improvements in workflows, i.e., processes and procedures
    • Optimization of specification documents, e.g., work instructions and checklists
    • Improvement of the organizational structure
  • Resources:
    • Qualification and training of employees and refresher courses
    • Hiring or firing
    • Changing of responsibilities
    • Purchase, optimization or validation of IT systems and other tools
  • The products:
    • Request the development of new devices or modification of existing ones
    • Decision to withdraw existing products from the market
  • Other:

The management report

This report is a controlled document, i.e., it must be reviewed and approved and protected against unintentional modification or deletions. You can download a template for the section structure here. This will help you to document your management review even more easily and to conform with the relevant standards.

Management review section structureDownload

E) 5 tips for a successful management review

1st tip: Use the A-E-K method

The A-E-K method was created by the Swiss military. The three letters stand for:

  • Aussage [statement]
  • Erkenntnis [finding]
  • Konsequenz [consequence]

These are the three steps that a management review should go through. Companies often get stuck on the first or second part, leading to non-conformities.

Aussage [statement]: collect and describe information

Top management should ensure that they have all the necessary information and that it is included in the management report.

For example, the report should give the number of complaints and the results of a complaint analysis:

  • Number of systematic errors that were the causes of a complaint
  • Type and number of complaints that were due to supplier errors
  • Number of complaints that revealed a risk that had not been considered previously
  • Type and number of complaints that had to be classified as incidents

Erkenntnis [finding]: evaluate the information

The management should then evaluate this information and come to a conclusion about it. This should allow the management review to answer questions such as:

  • Was 25 complaints a high number or a very low number?
  • What should the target complaint rate be?
  • How did the rate change compare to the previous year? Is there a benchmark?
  • Do some customer groups complain more than others?
  • Do suppliers need to be more involved?
  • Have new risks been looked at and, if so, what was the result?

This second part is often missing or not robust enough.

Konsequenz [consequence]: derive actions from the findings

Even more often, the actions required are missing from the report, even though they are obvious and may even have been implemented already.

In the above example, possible actions would be:

  • Involving suppliers as early as the product development stage and describing this in the corresponding SOP
  • Providing service technicians with better training
  • Having development check whether a component could be replaced with a more reliable one
  • Having a new product developed
Example: FDA

The FDA is particularly rigorous when it comes to checking whether the management review actually leads to action.

FDA inspectors start the inspection with the management process according to QSIT. They want to see what corrective actions management has introduced as a result of the quality management system review.

Based on this information, they look at the other systems and verify that the management's statements and findings regarding the QMS match the results of their inspection. If not, they conclude that management is not living up to its responsibility for the system.

An example: An FDA inspector has established that the management did not think corrective actions were necessary based on the results of the management review. The inspector then has management show her last year’s corrective actions. Here, she does not find any corrective actions for devices shipped to the United States. She then looks at all the complaints concerning the organization’s biggest selling device in the USA (or alternatively, the device with the highest risk class). When she reviews the complaints, she finds that systematic, repeatable device defects have occurred and asks why

  1. these systematic defects have not resulted in a corrective action and
  2. why the results of the management review do not make any reference to these device problems

If the management can’t give a coherent answer, she concludes that the CAPA process is not working and that management is not fulfilling its responsibility for the management system. She can’t conclude from the results of the management review that management is aware of quality problems and takes action when necessary. The warning letter includes both deviations.

2nd tip: conduct the management review more than once a year

If you conduct the management review more than once a year:

  • You will have more practice and become quicker
  • You can choose a different focus each time and examine individual areas of the company more thoroughly
  • The hurdles are lower because you don’t have to look at a whole year
  • You will find deviations sooner, meaning you can react to them faster and ensure the safety of your devices and the conformity of your company more quickly, thus avoiding trouble
  • You communicate more regularly with your team and are better able to draw attention to goals and the extent to which they have been achieved

The DGQ has written the following on the management review for ISO 9001:

Conduct the management review more frequently: If you have developed a standard for your management review, it is a good idea to conduct it on a quarterly basis.
Integrate the management review into existing managerial or head of department meetings: use these meetings to regularly discuss the requirements of section 9.3 and the status of your QM system.

DGQ

The management review is not a QM overhead that you should try to minimize by only conducting it once a year. The management review is a strategic management task. Leadership needs to continuous – and that doesn't mean annually

3rd tip: don’t just use ISO 13485

ISO 13485 has an important but also limited focus on the conformity and, therefore, safety of the medical devices and the company’s conformity. It doesn’t care about the survival and success of the company.

But ISO 9001:2015 does take a more comprehensive view. It takes all interested parties into account and requires management to also consider the company's opportunities and risks.

It would be even more helpful to widen the scope even further and look at all aspects that are crucial for the success of a business. How about including DIN SPEC 77555-1 on innovation management or DIN SPEC 77224 on achieving delight through service excellence.

4th tip: describe the process for the management review precisely

Avoid describing the management review too generally in the quality management handbook or in the corresponding standard operating procedures, or even simply repeating the requirements contained in the relevant standards.

It is better to precisely define exactly who has to do what, when and how:

What you should establish

Tips and tools

Who is responsible for which activities? Who collects the data, who processes it, who follows up on actions?

Detailed SOPs help ensure that even a year in the future you know exactly what has to be done, which tools have to be used and how the data will be analyzed.

How often and at what time points/occasions do you conduct the management review?

A typical time point is one month before the external audit. More regular reviews would be better (see above).

What inputs do you provide for the management review?

You can use templates, in which the QMD enters all the data, for this.

How are the results and actions documented?

Again, a template helps you to quickly create the management report and to remember all the important aspects.

How are the actions tracked?

Task management tools, such as ticket systems (e.g., Jira), or project management tools, such as OpenProject, help you maintain an overview of tasks and ensure project progress.

How are the results communicated?

Examples of communication channels include staff meetings, company magazines, emails, video messages, Q&A sessions with management.

5th tip: let management tasks be the job of management

There is a reason that the standards require “top management” to conduct management reviews. It is because this evaluation is an essential management task, i.e., a management task that shouldn’t and can’t be delegated.

The QM deputy can help with preparations and follow-ups; but managers should not outsource the brainwork. If it did, management would have to ask itself why it is still there and whether the QM deputy shouldn’t be part of the management.

F) Regulatory requirements

1. Europe: MDR and IVDR

The MDR and IVDR do include requirements for a management review. However, these requirements only affect the quality management systems of notified bodies.

However, the two regulations require the:

  • “responsibility of the management” (Article 10)
  • “responsibilities of the managerial staff and their organisational authority” (Annex IX)
  • “methods of monitoring whether the operation of the quality management system is efficient” (Annex IX)

to be defined.

As manufacturers usually cite conformity with ISO 13485, which explicitly requires management reviews (see below), the obligation arises at least indirectly.

2. USA: FDA 21 CFR part 820

Legal text

In the Quality System Regulation (QSR), in 21 CFR Part 820.20 to be exact, the US Food and Drug Administration describes the requirements for the management review:

(c) Management review. Management with executive responsibility shall review the suitability and effectiveness of the quality system at defined intervals and with sufficient frequency according to established procedures to ensure that the quality system satisfies the requirements of this part and the manufacturer’s established quality policy and objectives. The dates and results of quality system reviews shall be documented.

Sec. 820.20 Management responsibility

Tips

For management assessments according to 21 CFR Part 820 QSR, companies have the right to refuse to allow inspection of the management review. At the same time, they must demonstrate that a management review has been conducted.

Therefore, if the FDA asks for your management review as part of an inspection, you should have the following documents ready:

  • The attendance list for the management review – make sure that the date of the management review has been documented
  • The management review agenda
  • A short summary that discusses the findings of the management review
  • Corrective actions in your CAPA list derived from the management review

Be sure to reference the QSR (21 CFR Part 820 QSR) in all documents as well, not just ISO 13485.

3. Global: standards

General standards: ISO 9001:2015

ISO 9001 is the basic standard. It sets the requirement that the top management of an organization must evaluate the performance of a QM system.

In section 9.3.1 it requires:

Top management shall review the organization’s quality management system, at planned intervals, to ensure its continuing suitability, adequacy, effectiveness and alignment with the strategic direction of the organization.

ISO 9001:2015 section 9.3.1

ISO 9001 also specifies:

  • The aim and purpose of the management review
  • The top management's obligation to conduct the management review on a regular basis
  • The inputs it must take into account
  • The outputs it must generate

A lot of other standards specific to this topic and sector also include these requirements, sometimes word for word.

Sector-specific standards

Of the sector-specific standards, ISO 13485 is the most relevant for medical device manufacturers. Its requirements are very similar to those of ISO 9001, e.g., the following:

Top management shall review the organization’s quality management system at documented planned intervals to ensure its continuing suitability, adequacy and effectiveness.  The review shall include assessing opportunities for improvement and the need for changes to the quality management system, including the quality policy and quality objectives.

Standard

Title

ISO 13485

Medical devices — Quality management systems — Requirements for regulatory purposes

ISO 15189

Medical laboratories — Requirements for quality and competence

ISO 80079-34

Explosive atmospheres — Part 34: Application of quality management systems for Ex Product manufacture

DIN EN 9100

Quality Management Systems – Requirements for Aviation, Space and Defence Organizations

DIN EN 15224

Quality management systems – EN ISO 9001:2015 for healthcare

ISO 22000

Food safety management systems – Requirements for any organization in the food chain

ISO 29990

Learning services for non-formal education and training — Basic requirements for service providers

Topic-specific standards

For medical device manufacturers, the quality management standard ISO 13485 is of particular importance. But a lot of many manufacturers use other topic-specific standards. The focus of the management reviews differs accordingly. For example, it could be on:

  • Quality
  • Safety and efficacy of medical devices
  • Occupational health
  • Information security
  • Innovation

Standard

Title

ISO 17025

General requirements for the competence of testing and calibration laboratories

ISO 14001

Environmental management systems

ISO 50001

Energy management systems

SCC

Safety Certificate Contractors

ISO 27001

Information technology — Security techniques — Information security management systems — Requirements

ISO 10012

Measurement management systems — Requirements for measurement processes and measuring equipment

ISO 19600

Compliance management systems – Guidelines

DIN EN 60300-1

Dependability management – Part 1: Guidance for management and application

DIN SPEC 77224

Achieving Customer Delight Through Service Excellence

ISO/IEC 17021-1 

Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 1: Requirements

ISO/IEC 17011

Conformity assessment — Requirements for accreditation bodies accrediting conformity assessment bodies

ISO/IEC 17043

Conformity assessment — General requirements for proficiency testing

ISO/IEC 17065

Conformity assessment — Requirements for bodies certifying products, processes and services

ISO 17034

General requirements for the competence of reference material producers

ISO 22301

Security and resilience — Business continuity management systems — Requirements

ISO 41001

Facility management — Management systems — Requirements with guidance for use

ISO 31000

Risk management — Guidelines

ISO 37001

Anti-bribery management systems — Requirements with guidance for use

ISO 45001

Occupational health and safety management systems — Requirements with guidance for use

ISO 55000

Asset management — Overview, principles and terminology

DIN SPEC 77555-1

Innovation Management – Part 1: Innovation Management System

G) Conclusion

The management review shouldn’t, under any circumstances, be seen merely as a burdensome regulatory duty by top management. Instead, management should use the management review as a powerful management tool.

A company rots from the head down if its management does not perform its leadership duties or even believes that it can delegate the management review to QM deputies.

The quality of the QM system stands and falls with the quality of the management review. And the quality of the company and its products stands and falls with the quality of the QM system.

For top management, this means: do your job!


If you need help with your management review then get in touch with us using the contact form: The Johner Institute’s advisors will be happy to help you design your management review and align your quality management system with your goals so that you can safely pass audits and become even more successful as a company.

Author:

Astrid Schulze

Find out what Johner Institute can do for you
Starter-Kit_rot_dunkel

A quick overview: Our

Starter-Kit

Learn More Pfeil_weiß
blog_rot_dunkel

Always up to date: Our

Newsletter

Learn More Pfeil_grau
X

Privacy settings

We use cookies on our website. Some of them are essential, while others help us improve this website and your experience.