What was the original objective?

When the external audits were taking place, did you feel that you were demonstrating the capability of your organization to satisfy its customers or did it feel no different than usual – a hike through the documentation, a tour round the facility and a look at the quality policy and a customer satisfaction survey? This may appear harsh but in our experience it is very near the truth. Not that any organization having such an audit would complain – they achieved their goal. They retained the badge. But what about their customers? They want to see improved communication, better response and delivery and far more occasions when the product or service actually meet their needs and expectations. They are unlikely to want customer satisfaction surveys.

The objective was to move organizations from A to B, where A was a system for producing conforming product and B a system for satisfying customers and other interested parties. Perhaps many feel this a play on words because they believed that they were doing it already – not necessarily so!

What was the success criteria?

Whatever one’s view of the changes in the standard, the assessment criteria have changed. Millions of Euros weren’t spent to produce only trivial changes. The change had to be radical because it was reflecting what industry leaders were doing in the 1990s just as the 1987 version reflected current practice in the 1970s. It’s the way standards are set. The 2000 family now consists of definitions (ISO 9000), design guidelines (ISO 9004) and measurement criteria (ISO 9001). None can be taken in isolation.

Was it successful?

The answer depends upon who is asking the question - organizations or certification bodies – customers are oblivious! Organizations had the opportunity to review their approach to quality management, certification bodies had to rethink their assessment approach. Over the last three years we have engaged with organizations and certification bodies through our book sales, seminars, training and consultancy and based on our observation we raise a number of questions.

Use of ISO 9001

Has ISO 9001 been used as a design tool rather than a measurement tool?

We have no doubt that most organizations applied ISO 9001:2000 just the same way as they applied ISO 9001:1994; they designed their system to look like the standard and not like the business.

The opportunity was there to break the mould. Gone was the requirement for the supplier to “prepare a quality manual covering the requirements of this International Standard” and replaced by a requirement for the quality manual to include a “description of the interaction between the processes of the quality management system.” An American school posted its Quality Manual on the Internet and rather than describing the processes needed in managing the school, the manual mirrors the standard and has policies on nonconforming product, calibration and product realization. How absurd! A document specifying the QMS must surely be one that describes the processes for accomplishing the organization’s purpose and how these processes are managed.

ISO 9004 clearly states “it is not the intent… to imply uniformity in the structure of quality management systems”. From our research very few in the ISO ‘94 fraternity had read the definitions in ISO 8402 or read ISO 9004 and it does appear that this situation has not changed. Had ISO merged 9000, 9001 and 9004 into one document, many of these misconceptions would not have arisen – however, we reap what we sow!

ISO 9000:2000 clause 2.3 is very clear on the approach that should be adopted in developing and implementing a quality management system - it beggars belief that this fundamental approach to system design has been ignored by so many.

Using the 8 principles

Have organizations and certification bodies used the 8 quality management principles?

When we ran IQA seminars in 1999 and 2000, we showed people how to test system robustness using the principles. This revealed many opportunities clause based auditing fails to do.

Most auditors know of the principles and weave them into the audit but only superficially. IRCA training requirements require auditors to be able to explain the principles but this is not the same as using them. When observing a process, do auditors ascertain how Customer Focus is applied or look for evidence that the process is being managed according to the Process and Systems Approach principles? Few, if any auditors validate the policy statements by seeking the processes that will deliver the policy. “You have a policy of continually reviewing your processes to improve your competitiveness –can you show me a recent process review and what changes related to competitiveness were made as a result?” Were the policies challenged or simply registered by a tick in the box?

One system

Has the organization been viewed as one system of interconnected business processes and the quality management system processes perceived as being synonymous with these?

The ISO 9000:2000 family was billed as enabling full integration of quality systems into normal business operations i.e. one system. [1]  Of those organizations we have worked with all perceived they only had one management system, once we had opened their eyes to the reality. Organisations have only one purpose, one mission, one organizational structure. It works together to produce outputs. There is no part that only serves quality and another serving only environment, safety, profit etc. The outputs and therefore the processes have to simultaneously fulfil all needs and expectations of all the stakeholders. ISO 9000 defines a system as set of interrelated or interacting elements. This appears to have led to diagrams of ISO 9001 clause headings in boxes with connecting lines and called the ‘management system’. Perhaps this was caused by a lack of ‘perception’. If you have ever been shown a picture which, at first appears to be just random shapes you will know that after someone points out the animal within the picture, you will never see that picture again without seeing the animal. And so it is here, once the ‘one system’ picture is pointed out, never again can the organization be perceived as many separate systems. It is sad that many have not had the opportunity to see the animal!

We have observed that many organizations have retained the notion of separate systems. Having now achieved ISO 9001:2000 some have expressed a need to integrate their systems – suggesting that they failed to realise that a response to a particular standard is not a system. The system is  the organisation.

Identifying stakeholder needs

Have organizations identified needs and expectations of all stakeholders and derived measurable objectives from these?

Because ISO 9001 focuses on customers, and manuals are written around the clauses, it is understandable that the only stakeholder whose needs have been identified is the customer. Therefore, most organizations have not met the intent of the standard because clause 2.3 of ISO 9000 clearly states that the development of a QMS “consists of several steps including determining the needs and expectations of customers and other interested parties”.

Most organizations have defined measurable objectives, but the word ‘quality’ got in the way again. The standard calls for quality objectives and is vague about what these are. This has resulted in a wide range of objectives - some that look like corporate objectives, others inappropriately focused such as “reducing time to respond to complaints.

The key question is - were they derived from stakeholder needs? At recent IQA branch meetings where we asked this question to people from certificated organizations. Few could answer yes. There is no doubt that ISO 9001 is unclear on this point. However once you make the linkages within ISO 9001, what becomes clear is that, “the quality policy has to be appropriate to the purpose of the organization” and the “purpose of an organization is to identify and meet the needs and expectations of its customers and other interested parties” and the quality objectives have to be “consistent with the quality policy”– therefore it follows that the objectives should be derived from stakeholder needs.

Mapping processes

Have organizations identified and mapped end-to-end processes that deliver business outputs?

Having made the link between stakeholder needs and objectives, the need to link processes to objectives is obvious – isn’t it? We were surprised by the many organizations that have not done this. They have objectives. They have processes. But they have not linked processes to objectives. We also found no auditors  testing this linkage. Some organisations have taken the main ISO 9001 headings and called them ‘processes’, so their system comprises a Management Responsibility process, Resource Management process, etc. One organization we visited early in 2001 did not have defined objectives but gained certification. However, we know organizations that have defined end-to-end processes that deliver business outputs. For example some use the three processes of Demand Creation, Demand Fulfilment and Business Management – clearly they understand the connection between results and enablers.

Perhaps the biggest change is that many organizations have lurched into process mapping without a clear idea of what they are trying to achieve. We have seen the ‘clause maps’, ‘departmental activity’ maps, maps that link the four elements of the standard and thankfully some maps of true business processes. Most we have seen are simply context diagrams of procedures and called processes.  Instead of starting with the top level objectives and identifying the key stages that needed to achieve them, some have started with their existing procedures, flowcharted the tasks and sometimes added objectives to them. In reality they have only made cosmetic changes. Others have built their system from the bottom up and failed to achieve a clear line of sight between the activities at the bottom and the corporate objectives.

Identifying competences

Have organizations identified the competences required to deliver process objectives?

Clause 2.3 links resources necessary to achievement of objectives. Although ISO 9000 does not define what resources are, most people would regard people as a resource but they might think of numbers of people rather than the competences needed to deliver objectives. Few organizations have defined this link but when pointed out, no one disagreed that it would be beneficial to make it. ISO 9001 is unclear when it comes to the identification of competences (clause 6.1). However, as objectives should be derived from stakeholder needs it follows that competences should also be traceable to satisfying stakeholder needs – but we believe few have done this.

Measuring performance

Are organizations measuring performance relative to the objectives?

There is no doubt that most organizations are now measuring performance – a positive benefit.  However, many need to focus on determining the right measures and once again the problem appears to be in the linkages. Performance measures are in place but do not necessarily relate to the organization’s objectives and less so to process objectives.  There is also confusion between measures of process efficiency and measures of process outputs.

Measurement integrity

Is the concept of testing measurement integrity fully understood?

From our observations the conclusion must be no. Many organisations and auditors seem to think that clause 7.6 is only about calibration of measuring instruments. The requirements are just as applicable to the measurement of customer satisfaction as they are to crankshaft measurement.  If we use a customer survey to measure customer satisfaction, or a teacher to examine a pupil how do we calibrate these? How do we know that the results we get are repeatable, reproducible, stable, reliable and without bias? Enough said.

Improvements

Do organizations have plans in place to improve efficiency and effectiveness?

This issue has always generated considerable confusion. However, let us adopt the popular meanings of efficiency as doing things right and effectiveness as doing the right things. If processes have been designed to deliver conforming product, fixing problems when it fails to do so can hardly be called an improvement in effectiveness - it is process control. Restoring the status quo after process variation beyond specified limits is corrective action but for many organizations, it is deemed an improvement action. It is only when the specification is changed as a result of determining it is no longer the right specification that an improvement in effectiveness can be claimed. Many organizations had, in effect corrective action plans to bring about process control rather than plans for improving process efficiency and effectiveness. There is little evidence to indicate that they checked that their objectives remained relevant to stakeholder needs even though ISO 9001 clause 5.3 requires the quality policy to be reviewed for continuing suitability.

Sadly the problem is not just confined to those managing the system, third party auditors are equally susceptible to mistaking corrective action for improvement.

Approach to auditing

Have certification body auditors changed their approach?

We wish that we could be positive here but in our experience the certification body auditors have not materially changed their approach. This is increasingly being confirmed by reports we receive from other organisations. IRCA claim that QMS 2000 qualified auditors have the “ability to conduct process-based audits against ISO 9001:2000 for clients worldwide” but we have yet to witness a third party audit in which the auditor has covered the issues raised in this paper. The clause approach still taken by many auditors puts clauses on a timetable and looks for evidence of compliance during the tour of the department. We still have too many industrial tourists.

In our paper to QW in January 2001 we posed the question “will the Certification Bodies rise to the challenge?” The evidence suggests that they have not. At the grass roots it is the lonely auditors who must make the call. If they have not had the appropriate guidance, training, mentoring and competence assessment, one cannot blame them.

Understanding the process approach

Have certification body auditors understood the process approach?

For many auditors, the process approach appears to mean following a trail through departments or selecting a contract and chasing it through the system to verify that all the right connections were made. This isn’t the process approach or process auditing but transaction auditing. Processes are different. They produce results, measurable against process objectives that are derived from stakeholder needs. It is these linkages that the auditors should be checking rather than following trails. The one thing that the process approach makes an auditor do is to hold his or her focus on the goals so as to avoid being dragged down holes that lead nowhere important.

In 2000 we published ‘ISO 9000:2000 Auditor Questions using the Process Approach’. It was adopted and translated by the Japanese, Italian and Spanish Standards organisations and continues to sell well, particularly to auditors. It is not a set of questions based on the clauses but a methodology for establishing whether an organization is managing its processes effectively. The essence of the process approach is ’linkage’ between purpose, objectives, processes and results but few auditors in the UK have understood this simple concept.

TC 176 has recently completely rewritten their guide on the use of the process approach, which in principle now aligns with the approach we have been promoting for many years. [ii]

We had pointed out to TC 176 in February 2002 that the 2000 version of the guide was misleading. At last we feel vindicated but the message from ISO came too late for the transition programme. We repeat our question “Will certification bodies rise to the challenge” and now change their approach.

Conclusions

In her December Quality World Editorial, Nicky Farmer questioned whether those successfully achieving the transition “have embraced the standard to improve processes and continually improve”. From our experience we wonder whether the report that 95% of organizations successfully made the transition is masking reality.

An international survey we carried out relative to these questions showed than up to 50% of auditors did not explore how processes were being managed – they seemed to stop the questioning once they had established that there were a set of objectives and few flow charts. Fewer than 10% of auditors followed through and sought evidence of performance and improvement.

From our perspective there are two main conclusions. Firstly the certification bodies may have made it too easy by adopting a lenient interpretation designed to retain clients rather than challenge, raise standards and add value. As a result, some organizations believe that the certification bodies have lost their credibility. For those organizations using ISO 9001 certification to achieve a competitive advantage there is little solace in knowing that their less able competitors did not have to change a thing to win a place on the tender list. Secondly, many organizations may have failed to take the opportunity to genuinely improve the manner in which the organization is managed and therefore its performance.

Three years ago we placed a page on our web site titled the “Most important Clause” in the family of standards. Through this article we have referred to this clause because it does hold the essence of intent – what ISO 9000 is all about. ISO 9000 Clause 2.3 Quality management systems approach says it all.

At the start of the transition period we wrote in QW suggesting that mindsets had to change – we believe there is still some way to go! We are convinced that many organizations and certification bodies don’t understand what it is all about. For certification bodies and their respective accreditation bodies they have to review their position as their credibility may be at risk. For organizations there is one consolation. The one thing about management system is that the description of the how the organization operates can be changed. As Kofi Anan said recently changing words on paper is easy and changes nothing, changing action is what counts. Therefore those organizations that have jumped into the documentation and described processes before establishing their objectives or linking these to stakeholder needs need not be depressed. In practice very little may have changed on the ground. They can start again and adopt a goal driven approach that will bring more clarity. It involves and helps people to understand what they are trying to do and how they make it happen. They will therefore be more committed and equipped to undertake meaningful improvements that will bring real business benefits.

[i] HB 10181:2001 Transition to ISO 9001:2000 Guidance on ISO 90001:2000 Quality Management Systems - Requirements

[ii]  ISO/TC 176/SC2/N544R2 Guidance on the concept and use of the process approach for management systems. 4 December 2003

For publications that will help you resolve the issues raised in this article go to our bookshop

If you need help on any of the issues raised in this article please contact us Now