Wednesday, July 25, 2012

ISO9001: A Fresh Start Part 2 of 5

This post is is the second part of my five part series on a systems evaluation of ISO9001. These parts are extracted from a recent paper that I wrote for my DBA. The first post sparked a great discussion in the ASQ LinkedIn group and I hope that this one will do the same. I invite you to join our discussion there! My "editorial" comments for this blog are shown in [brackets].

Reliability [of the ISO9001 implementation system]

            Of the three main ways to assess the system (Management Review, Internal Audit, Analysis of Data) the most popular and well-known is Internal Audit.  An Internal Audit is conducted according to the requirements in the standard which include the assessment that the management system meets the standard and that the system is maintained (ISO, 2008).  The internal audit schedule must be done at planned intervals is typically planned for a calendar year (ISO, 2008).  Internal Audits can be of any length or scope but they must be defined in a procedure (ISO, 2008).  In the author's experience an Internal Audit typically reviews a particular process over one to two days while the number of days required for an External Audit is fixed according to industry standards.  The limited amount of time that is used for an audit means that the auditor may only review evidence of previous activities in the form of records rather than observe the actual functioning of the system in real-time.  The review of records that show past compliance with the system (assuming that the records are not adulterated) does not mean that the system is compliant at the time of the audit.  The most effective way to audit a system is to observe the functioning of the system over time.  An internal auditor should spend at least a week together with the audited function to observe the various activities including actual occurrences such as award of new business, team meetings and customer complaints.  Only by directly observing such activities can the auditor get a real sense of the status of the system.  As detailed later [in a future post in this series], the role of "auditor" would be changed to allow this type of assessment of the organization's quality system. 


ISO (2008). ISO 9001:2008 Quality management systems — Requirements. Geneva:author.

Sunday, July 22, 2012

ISO9001: A Fresh Start Part 1 of 5

Recently I wrote a paper in my Doctoral-level Applications of Systems Theory course about evaluating gaps in ISO9001 and how to fill the gaps. This series of posts is taken from that paper, including references, in order to start a conversation about the future of ISO9001 and quality in general. I welcome your comments here, let's have a great discussion!

ISO9001 has been used for more than a decade to help define and assess quality management systems in a variety of industries around the world. Various industry-specific versions of the standard exist that allow more focused attention when necessary while the main standard can be applied to virtually any type of company. Despite this widespread usage and near-universal recognition, there remain fundamental flaws in the design of the standard itself and in the implementation and maintenance of quality management systems that follow the standard. This paper will review several ways that the standard and its implementation could be improved by using system modeling.

Operational Feasibility
The ISO (2008) defines a quality management system as a series of processes with inputs and outputs that define interactions. This process approach is stated explicitly in the standard and is the foundation of the implementation of the standard. Despite the proliferation of the standard over many years, however, there seem to be few companies that actually follow this process approach in their day-to-day operations. The author has personal experience auditing or working in six different companies where it was obvious that, despite some type of ISO9001 certification, the process approach was actually not followed as part of the normal operations of the company. For reasons explained later in this paper, 3rd party auditors are not motivated to report this fundamental failure in implementing ISO9001. This author believes that the problem does not lie with the auditors or the companies but with the standard itself.

Many companies, whether they have attained ISO9001 certification or not, do not organize themselves according to the process approach as defined in the standard. Regardless of the industry or type of organization, the most common structure remains the functional department organization. This type of structure can be seen in universities, governments, private businesses and non-profit organizations. Despite the application of ISO9001 in many of these types of organizations and the widespread exposure of the process approach worldwide there remains a lack of desire to implement this approach in most organizations. This author posits that this lack of desire is due to a lack of perceived value in this approach to help the organizations meet their objectives. This represents an operational failure in the current situation and the standard should be revised to address this failure and match the prevailing structure of the majority of organizations in the world.

An ISO9001 standard that is bereft of the process approach remains useful if the various clauses and requirements are applied directly to functional departments rather than through an artificial layer of process thinking. This concept removes the process layer while retaining the underlying functional layer and the higher system layer. The clauses and requirements, reorganized, would be very similar to a checklist for the various functions to follow in their daily work. In fact, Hoppmann, Rebentisch, Dombrowski & Zahn (2011) argue that checklists can be one way to effectively document knowledge and best practices. An ISO9001 standard that consisted of the latest best practices, arranged according to functional department checklists, would be much more valuable and easy to use than the process approach. It would be the interface between the functions and the system; the specific items would be clearly defined and would form the content of the standard.

The focus on processes alone can lead to sub-optimization, particularly if the processes are the focus of improvement activity (Conti, 2011). Conti’s concern is that this sub-optimization is not limited to the processes themselves but also affect overall performance. He asserts that this sub-optimization is due to a lack of systems thinking; this may be so but the application of an artificial layer of process thinking between the functional groups and the system hardly seems to be the way to bring the system into more focus. This author believes that the direct connection of the functions to the system, through the ISO9001 defined checklist, will lead to better results.


Conti, T. (2010). Systems thinking in quality management. The TQM Journal 22(4).

Hoppmann, J., Rebentisch, E., Dombrowski, U., & Zahn, T. (2011). A framework for organizing lean product development. Engineering Management Journal, 23(1).

ISO (2008). ISO 9001:2008 Quality management systems — Requirements. Geneva:Author.

Friday, July 20, 2012

Quality and SR

ASQ CEO Paul Borawski discusses the intersection of quality and social responsibility in his blog this month. He makes the case thatm like quality, companies can learn to implement SR and save money and increase the benefit to society. He challenges quality professionals to explain what they are doing to expand SR or, if they are not, why not. I'm sad to say that I am in the "not" category at this time. Here's why:

For better or for worse the market is not demanding SR. Quality faced the same challenges 30+ years ago but then people found it valuable and demanded it. Today, quality is required to get your foot in the door in any industry. Environmental concerns also faced the same challenges years ago and the ISO14001 standard was created. This standard was rolled out and in some industries (e.g. automotive) many customers require it. Since customers required it, and indirectly paid for it, it happened. Today SR and the related standard ISO26000 are on people's minds in quality and some organizations but not in the general market. In fact, the ASQ/IBM report mentioned in Paul's blog states that many companies don't see the value in SR; the report states that this may be due to organizations not knowing how to measure its value (p. 22). I think that they don't try to measure it because they don't see the value, not the other way around. They need some kind of external motivation (e.g. consumer, customer, government) to motivate them to develop ways to measure the value, if it's possible.

Rather than finding ways to measure something to then make it appetizing to companies, let's educate our friends and families to create that demand in the general market. When consumers start to demand SR it will force companies to implement it and down to their suppliers, just like quality and environmental requirements before now. Only the market can show the true value of SR to organizations. Only the market can demand it and make it happen.