ISO 9001:2015 – risk and opportunities

Below is an article I added to CQI’s blog in November 2015.

In the third instalment of our guest blog series in collaboration with PMI, Paul Simpson asserts that, just as there are risks and opportunities that we respond to in daily organisational life, quality professionals should focus on the opportunities for improvement presented in ISO 9001:2015.

One of the big new ideas in the 2015 edition of ISO 9001 is ‘Risk Based Thinking’ and if you are to believe the ‘Twitterati’ the concept is akin to the subject of Edvard Munch’s painting ‘The Scream’ as the quality management landscape turns vibrant orange behind them.

But before the hysteria needle hits ‘11’ let’s think back to the real world outside the quality manual.

Everyone involved in running an organisation looks at risk and opportunity – they are two sides of a coin. When an entrepreneur starts their business, risk and opportunity are always front and centre in their mind.

Wherever they have come from, they have identified an opening to start a business, make a living and grow it to the point where it gives them an income with the opportunity of a pot of gold for their retirement. This future is, however, not certain. There will be difficulties along the way and these risks, left unmanaged, could lead to a loss of income and, ultimately, to their business failing.

The entrepreneur recognises these risks come in many forms and many are related to quality:
• Do I have the right products and services for my target customers?
• Can I control production and service delivery to consistently meet those customer needs?
• Can my suppliers keep up with my demands and maintain the quality levels I need?

If I can manage those risks at that level then the business will succeed and I can grasp all the opportunities, including that elusive pot of gold.

Moving forward in time as the business continues to thrive and grow, our entrepreneur has moved upstairs to the boardroom as CEO and has managers and teams dealing with day-to-day business while they buy in high-priced consultants to lead some ‘blue sky’ strategy sessions. Strategic risks haven’t really changed – an incorrect strategy still has the capability to bring down our grown-up start-up.

Tactically the business can cope more easily with risk as it has multiple customers buying a range of products. On the downside, tactical errors can lead to an erosion of hard-earned brand reputation as all our customers inhabit the same system and talk to one another – see the earlier blog on organisational context, Context is King.

Moving out of the boardroom along to the shop floor and offices where ‘business as usual’ happens, ‘risk’ looks a little different but it is just as important it is recognised and managed.

With every order comes a risk the organisation will misunderstand its customers’ needs so, at this process level, there have to be checks and balances. Individuals working with their CEO’s delegated authority, accept orders and enter into contracts including the inherent risks that a legal contract carries.

At the same time on the shop floor, all employees are involved in managing risk. Some develop specifications and standards (perhaps in a separate design office), some manufacture products or deliver services that they believe meet those standards.

Throughout the process managing risks leads to delivered products and services meeting specification, satisfying customer needs and customers paying their bills, thereby allowing the organisation to realise the sales opportunity and contributing to our entrepreneur’s vision of a pot of gold.

If the above risks and opportunities are present in daily organisational life, why do we have concerns for the quality professional’s ability to inhabit this space? Why do we have concerns over what our certification body auditors are going to ‘do to us’?

The revised clauses of ISO 9001 create an opportunity for us to revisit and realign our processes to ensure our systems deliver what our customers and stakeholders want. There are, of course, risks with changes to the standard, but perhaps we can focus on the opportunities presented and maximise them instead.

50% time elapsed – does that equal 50% complete?

Generic transition plan
Generic transition plan

15 March 2017 has been and gone, it marked the halfway point for transition to certification to the latest edition of ISO 9001. If the project plan to have all certified organisations transition to the 2015 edition by 15th September 2018 is half complete then where are we compared with the gantt chart or resource plan?

Aside from the early adopters who went for ‘First to be certified’ on the very same day the standard was published there appears to be a huge bow wave building up in front of the 3rd party certification tanker. Do all those responsible for managing the transition project in their organisation have a plan? Have they updated their personal competence to cover those significant changes that the 2015 edition brings? Do they have buy in from all those ‘top management’ in 9001 called upon to demonstrate leadership and commitment? If the answer to any one of these questions is ‘no’ then there is a serious risk they will not be in the club of 1 million plus holding a certificate on the 16th September 2018.

As with all resource constrained systems the problem will become: ‘How to deliver transition audits in the 6 month period leading up to September 15th 2018 for those late adopters?’

At s2a2s our recommendation is in two parts: Get started on making any changes needed to your systems to demonstrate compliance with the new requirements, and; engage with your current CB and start to work on a programme of visits to cover transition and book those assessment dates in the diary.


Management Review – it’s all in the name

I was in a discussion with a very earnest young man a while back and one of the topics we covered was Management Review as part of the ISO 9001 quality management system he had responsibility for. Let’s just say the conversation was a little heated in places and that lead me to write an article for the Chartered Quality Institute’s Quality World magazine – published in 2011. I’ve been following a couple of threads on social media and was discussing terms with fellow standards developers and thought it might be interesting to revisit the subject.

My earnest friend was of the opinion that Management Review was something new and special – perhaps invented by those wise people in ISO – when it is in fact merely a term for planning – an activity that responsible businesses have been doing for years. Now I understand the need for standard terms and for ISO to define these terms so that users of these standards have a common understanding. But here’s the rub – it is not the place for standard users and in particular quality professionals to continue to use these terms in their daily life. The more we use terms like Management Review, Management Representative and, my personal favourite, Product Realization in both work conversations and management systems documents the further we take these systems away from the people that matter – the users. So once we understand the term we need to go back to our organisation and understand what process(es) we have in place that already satisfy the requirements.

You would expect the board to discuss the effectiveness of the organisation’s management system in ensuring it delivers products and services to meet customer requirements Customer feedback, internal quality measures and the status of improvement plans and programmes would be topics of interest to any managing director. All well and good so far – these topics should also address the requirements of ISO 9001:2015 clause 9.3.2. But, rather than get a regular slot on the board agenda where the responsible manager reports to the board the poor old quality manager generally calls a one off meeting called a ‘Management Review’ with a cut and paste agenda of the standard. The agenda is slavishly followed until the board is bored into submission and everyone can breathe a sigh of relief, go back to the ‘real’ job and drop quality until next year. Worse still the board avoids the meeting as a waste of time – sometimes to the extent that records of reviews are fabricated for meetings that either didn’t take place or where necessary participants couldn’t spare the time. I’ve lost count of the number of wry smiles seen when I float this seemingly ridiculous notion. It is easy to criticize top management commitment in these situations but the responsibility for making the review relevant to busy senior managers is ours. In a previous role as the new quality manager I presented the plan for management review to the board of my ISO 9001 certified company and was faced not with hostility but with blank looks. It took a full eight months of one to one discussions and translation of ISO terms into activities and ,measures they were familiar with before we completed our agenda but I am confident the outcome was much more relevant.

The real challenge for the quality professional is to keep it real and get quality up the agenda so that quality performance is seen to be a leading indicator for financial performance. Recent changes to ISO 9001 give us a real opportunity with the requirements for organization leaders to get involved in establishing meaningful objectives and for process measures to be part of regular quality monitoring – right up to board level. Until those objectives and measures are meaningful and can be seen to be the main route to a sustainable business then we are condemned to a check box approach to review.

New role for TC 176

19th May update

The first significant piece of work for my new role was to attend the ISO CASCO plenary meeting in Vancouver, Canada from the 24 – 28 April 2017.

The main meetings I attended were:

At this stage there isn’t much news on how the role will contribute to effective third party certification of quality management systems, this will develop over time. What is apparent to me is there are lots of good people working hard to improve standards, processes and the system as a whole.

There is, however, a lot of misunderstanding of what good certification to ISO 9001 looks like and the best way of getting there.

With that little teaser I’ll leave you. 🙂

Original announcement

As announced earlier on LinkedIn I’m delighted to announce that, following a resolution at TC 176’s closing plenary in Rotterdam at the beginning of this month, I have been appointed as TC 176‘s liaison with ISO/CASCO to support improved assessment and certification to ISO 9001 by 3rd party certification bodies.

Lots of fascinating work ahead, I feel. Please feel free to register and comment.

ISO 9001:2015 one year on book is selling well

One year on the book I co wrote with Jan Gillett and Susannah Clarke of business improvement consultancy PMI continues to sell well – top of the searches on the UK Amazon site for ISO 9001 and sitting at Number 4 in books on Productivity. If you’ve bought a copy please let me know what you think and if you haven’t yet looked at the preview on Amazon, please do!

The next edition of ISO 9001

You may have heard of it as ISO 9001:2015 but nobody knows when the next edition of ISO 9001 will be published. As with many things to do with the standards development process the publication date will depend on multiple factors, most of them invisible to the user  – you and I. Too much and, amazingly at the same time, too little has been said about the high level structure (HLS). Trawling around the bulletin boards and discussion groups you will have seen outraged expressions about the use of the word ‘risk’ in the committee draft (CD) and at the same time little debate about the sense in using an undemocratic / un ISO like process involving ISO’s TMB to come up with the HLS.

For me Risk is a no-brainier for anyone involved in quality. It is our raison d’être and has its roots in the evolution of quality control and quality assurance. I wrote a piece for the CQI’s Body of Quality Knowledge – here.

The HLS is another matter. National Standards Bodies were given a yes / no  vote without having seen it used in anger and the process to update the HLS is vague, to say the least.

As TC 176 goes about it’s business and the output leaks out I have to ask myself whether the output will be fit for purpose – or whatever your definition of quality is! 🙂