ISO 9000 Certification– milestone or millstone?

As the world continues to shrink under the twin influence of globalisation and new technology, the work of the International Organisation for Standardisation assumes ever-greater importance. Many businesses know of their work through the famous ISO 9000 family of standards for Quality Management Systems. With over 300,000 companies registered across the globe in widely differing industrial and commercial sectors, it is arguably the most successful standard ever developed on the face of the planet. Its universal acceptance has prompted the development of a similar ISO standard to address Environmental Management Systems (ISO 14001). The approach has been further extended into Occupational Health & Safety with the release by BSI and NSAI of OHSAS 18001 which is closely modelled on ISO 14001.

As ISO prepare to release the next revision of the quality systems standard (ISO 9000:2000) before the end of the year, we take a closer look at first the costs and then the benefits of ISO 9000 certification. Much of what follows can be readily extended to the other standards.

Implementation costs

Implementation costs usually begin with training in the requirements of ISO 9000. Quality managers, document controllers and internal quality auditors need several days of training to fulfil their functions efficiently. Staff in general (including top management) need at least a few hours of training to understand their roles and responsibilities in the use and improvement of the quality system and its documented procedures.

Closely tied to training costs is the cost of consultancy services, especially in the early stages of getting the system off the ground. On-site training and consultancy charges can vary between a few hundred to a few thousand pounds a day. Hopefully you get what you pay for.

Then there is the time and effort involved in documenting the various operations of the business – a quality manual and appropriate documented procedures to cover the requirements of the Standard.

Other costs include the creation or acquisition of suitable tools for the quality system. These include issue-tracking systems for handling objectives, customer complaints, audit findings, preventive actions, quality plans etc as well as systems to manage the controlled documents that make up the quality system. The sophistication of these tools will reflect the size and complexity of the business. Many companies can get by quite adequately with paper systems or with fairly simple electronic spreadsheets. Others invest large amounts of money in sophisticated third-party software.

Finally there are the hidden costs resulting from changes to normal practice as the new procedures are "put through their paces" and tweaked to fit the natural work-flow of the business. This includes the cost of debugging the system (through the internal quality audit programme) and implementing corrective actions when anomalies are identified..

Certification costs

The certification process involves two main areas of expense. Registrars such as the National Standards Authority of Ireland charge an application fee of between £250 and £580 (depending on the number of employees in the company). The charge for the Registration Audit is based on about £500 per auditor-day..

Maintenance costs

Following successful registration a pattern of regular "Surveillance Audits" will be established, typically 2 or 3 times a year. NSAI rates are about £500 per auditor-day. An annual Registration fee is also charged. This varies between £265 and £600 depending on the size of the company.

Added to this are the ongoing costs in time, manpower and money needed to maintain the system. These costs arise from internal quality audits, implementing corrective actions, updating documents, ongoing training etc as well as the basic administration of the system (meetings, measuring performance against objectives, management reviews etc).

And the benefits…?

The benefits associated with implementing ISO 9000 are as long as a piece of string. Certification is not a universal panacea. There is no obvious reason why documenting your activities will make them better. Or why maintaining quality records will improve performance. Mechanical compliance with the requirements of ISO 9000 may well be sufficient to get the cert on the wall. But to achieve the real benefits of an effective system (see Inset 1), the focus needs to shift beyond compliance to systematic continual improvement.

Benefits of an Effective ISO 9000 System

MANAGEMENT

STAFF

ORGANISATION

CUSTOMER

Inset 1

No football team ever won the league simply by complying with the rules of the game. The requirements of ISO 9000, like the rules of football, provide a framework for success only if the "team" is committed to achieving real "goals". Once the initial euphoria of certification dies down the system will either slip into maintenance mode or go on to become a genuine driver for continual improvement.

What makes the difference?

ISO 9000 certification can end up as a milestone on a journey to increased business effectiveness or as a millstone around the neck of the organisation as it struggles to "get on with the real business". The difference depends critically on the approach of top management. How they articulate the purpose of the exercise will have a fundamental influence on the design, implementation and long-term future of the system. In many cases, top management are ill-prepared for this challenge.

The oldest "system"

Most companies that apply for ISO 9000 certification arguably don’t need it. They must already be doing something right. Otherwise they would never afford the overhead in time, manpower and money described earlier. What brought them the success necessary to even contemplate "going for ISO"? It’s called the MTPS system, the oldest business system in the world. It stands for "Muddling Through - with Professional Skill". Arguably it is the key to survival and growth in many companies. Its most effective practitioners tend to rise to positions of management and are often wary of ISO 9000 as a result. They fear it might "cramp their style".

Parallel universes

The resulting tendency for business and quality to form "parallel universes" is both widespread and unnecessary. MTPS is at its best in dealing with unpredictable issues. It is characterised by flexibility, creativity, heroics, getting results. A wonderful skill - and a scarce resource in any company. It deserves to be protected for the issues that cannot be handled in any other way.

ISO 9000, on the other hand, is at its best in dealing with predictable issues. It is characterised by structure, process, repeatability, systems. Properly deployed, it protects the organisation from predictable time-bombs and allows MTPS to focus on appropriate, creative issues.

Business Model

Diagram 1 illustrates the increasingly complementary relationship that MTPS and ISO 9000 can share over time. At certification, most ISO 9000 systems do not compare in effectiveness with what can be achieved by MTPS. If things are left at this stage, the scene is set for the onset of "maintenance fatigue" and the emotional abandonment of the quality system (and its manager), often with top management leading by example.

The alternative is to consciously integrate the two approaches to build a system that exceeds the effectiveness that either could achieve on its own. In such a "Business Model" (see Diagram 1), there is little or no distinction between quality and how the organisation does its business. This is the challenge facing the quality system – and top management.

Dual objective

Many companies have learned to their cost that "getting the cert on the wall" is a very poor objective for the quality system. It places an undue emphasis on "what the auditors want to see", rather than "how can we make quality an integral part of how the business is run?".

An enlightened management will establish from the very start a dual objective for the quality management system:

Documentation

The first objective is addressed mainly through documented procedures. However, the Standard offers little guidance on how documented procedures should be structured or what they should contain. The old battle-cry of "say what you do and do what you say" can easily lead to over-documented systems which fail to gain the hearts and minds of the staff.

To avoid the resulting "maintenance fatigue" the documented procedures should concentrate on the key checks/inspections/reviews/approvals/signoffs (ie Key Decision Points) that protect the organisation from predictable time-bombs. Unless something changes, the procedures should ensure a consistent level of quality in the day-to-day running of the business.

But things do change. In either an organised or a haphazard way. To an increasingly large degree, quality depends on how effectively the organisation manages change. This is where the second objective comes in. And this is where management has a lot to gain from an effective system for tracking significant changes to the point where new practices can be stabilised and captured in documented procedures.

Action tracking system

Traditional implementations of ISO 9000 include a system of "CARs" (Corrective Action Requests). By definition such a system is entirely reactive. As a result, at top management level significant changes are often decided and initiated on little more than the back of an envelope, with none of the tracking and control that a more general action tracking system could provide. For this reason some companies have changed the acronym "CAR" to represent Controlled Action Request. Such CARs are used to track pro-active as well as reactive issues at all levels of the organisation.

New Standard

The new revision of the Standard (see Inset 2) emphasises the key role of top management in setting the direction for the long-term future of the quality system. A well-designed system should become a key driver for continual improvement in all aspects of the organisation’s activities. To a large extent ISO 9000:2000 addresses "the quality of the management system" as much as "the management of the quality system". And not before time.

©Copyright Rody Ryan 2000