By popular demand I have responded to requests to explain why I think section 5 of ISO 9001 is a total dog’s dinner and why ISO 14001 and OHSAS 18001 do “top management” quite a bit better
What’s eating Shaun?
Unlike most of my “quality” peers I do not come from an engineering background. I am aware of spanners, yes, but I am unsure under what circumstances one would use such an implement safely. I actually come from an HR and management background, and spent a not inconsiderable time collecting a range of qualifications in that field. That means I like to think I can express a relatively informed opinion on the “people” type things in management standards. Like section 5 of ISO 9001 for instance
Before I start dissecting section 5 clause by clause I’ll start with the big stuff, because I not only think that that the clauses are badly written, pointless, unenforceable or whatever, I actually think to a large extent it has missed the point completely. I have written on the subject of top management/quality department dislocation in the past and I could suggest that if the quality department were to use section 5 as its primary tool for engaging top management, that could well be one of the major problems. In my experience there are few idiots occupying top positions. There are also few “uncommitted” individuals at that level as their livelihoods depend on being successful, so to suggest top management are fools for not understanding “quality” or accusing them of not being “committed” is not only usually a bad career move, it is usually just plain wrong
Shaddap! Leave me alone! Give me some peace!
One of the problems is that top managers usually have a flock of department heads underneath them and they all have one thing in common. They each believe the planet (not just the company) revolves around their department. The HR manager thinks the world revolves around HR and that every problem has an HR solution, the sales manager likewise, same with purchasing, same with IT, same (if we see it from their perspective) with quality. The functions that get the ear and the support of top management are the one’s who make the most persuasive case, and in boardroom language that usually means that the case usually needs to be expressed clearly in cost versus benefit terms. Section 5 completely by-passes the importance of this critical dynamic. It does not so much as acknowledge that it exists
When higher quality is a bad thing?
Understanding the financial side of “quality” is a critical principle that has to be understood within the organisation. There is a point in the life-cycle of every product and service when “higher quality” is a bad thing. I often find senior execs understand this better than their quality people, and it certainly does not feature in ISO 9001, which is a major, major omission
What is “top management”?
Fundamentally, in management system terms, top management has three critical responsibilities
1. Define and communicate direction
2. Provide the resources people might need to make it happen
3. Personal intervention, when required, to make it happen
Let’s go through those three items one by one
Define and communicate direction
People need to know what they are supposed to do. They need to know in which direction the company is headed. One of the weaknesses of ISO 9001 is that it more or less assumes that this will always be predominantly quality driven, which often it is not. Management of an organisation (boiled down to its bare essentials) is little more than making the best use of what resources you have to try to make the best of a set of circumstances, and managing risk. That can often mean trying to make insufficient resources go as far as they possibly can, and make a bad situation less bad than it could have been
Personally I find the mandatory inputs of clause 5.6.2 less than appropriate in many situations. I see no reason why things like results of audits and product/process issues etc can’t be analysed and managed away from the boardroom. Many senior managers like to keep strategic review strategic and the MR requirement restricts that approach. Additionally, to have the primary output of this review to be determined as “quality objectives” doesn’t help anyone. In reality (in large and successful corporations that don’t go near ISO 9001) the company may express strategies at the top level and then translate those into what we could describe as “quality objectives” at the operational planning stage. In this case I like the way ISO 14001 clause 4.3.3 handles objectives as it does not allow for the documentation of woolly aspirational objectives supported by ill-defined “plans”. It requires something far more substantial and, if we are to assume that these so-called “quality objectives” are the most important quality issue a company faces, they should be expressed clearly, properly project managed and appropriately disaggregated into personal goals and targets, with a system of review that operates at each level, not just “MR”
The Quality Policy requirement is a complete nonsense. That is not to say that I don’t believe that policies in general are nonsense, just that the thing that clause 5.3 requires is not substantial enough to be called a “policy” by any right thinking person. It is, at best, a statement of intent, and if we are grown up about it, it never impacts anybody’s work. Ever. So it either needs to be changed into something that COULD be described as a policy or ditched. I get embarrassed every time that the policy gets audited during a third party audit because everybody (apart from the auditor usually) knows that it simply does not matter. That does not mean the company may not be serious about quality, you understand, just that it is a pointless document that for some reason this chap obsesses over
Provision of resources
Clause 5.1 and 5.2 of ISO 9001 as they are written are extremely difficult to audit objectively, maybe impossible even. In fact 5.1 is expressed in a way that can best be described as “potentially inflammatory” to say the least. Management support (commitment if you want to call it that) is important, but let’s be more practical about what that means. Forget about the quality policy. It does not matter. So far as support and commitment is concerned it is time and money. The most practical way to test support is to follow the money. If resources are not provided to make things happen it is both a top management issue and a serious problem. That’s the money side.
The “time” side relates to whether or not they are prepared to intervene personally to make things happen. That could mean banging the heads of two department managers together to make them play nicely or, to take Deming’s view, to try to make it easy for people to do the right thing. To actively try to seek out the barriers to quality and take them away. Active rather than passive involvement, real stuff with a point to it
Involvement of People … where are you?
Involvement of people is a stated quality principle of ISO 9001. I do not have a problem with that and the concept is supported by Deming among others. I am heartened that the ISO 9000 series has acknowledged the importance of it, but I struggle to find a smoking gun in amongst the clauses of ISO 9001. Quite simply “where is it?” This just looks to me like a half-finished job, and when it came to defining requirements, the matter was simply ducked
So what could have happened? Well, back to Deming again, what we are trying to achieve is the most efficient application of the potential and expertise of our workers. That relies on one thing above all else. A good upward communication process or problem reporting process. In the last section I mentioned that top managers should, among other things, act as a remover of barriers. For this to happen they really need to know what the barriers are. If the upward communication doesn’t work, it won’t happen
So what would I do? I could make the solution complex, but I won’t. If the solution is too complex it won’t get done. The ISO review of standards process is change averse, so baby steps is the order of the day. What I would do is to structure ISO 9001 in a PDCA way and bring it more into line with OHSAS 18001 and ISO 14001. Not only would it improve the application of top management stuff considerably, but it would also make a heck of a lot of sense to people
My view as always. It may change tomorrow, that’s the trouble