by Russell T. Westcott with Sandford Liebesman, Ph.D.
This article, which is published in two parts, approaches four management systems that have enough links to consider integrating them within an auditing process called linked management systems (LMS). The focus is on the four systems: an ISO 9001-based QMS, an ISO 14001-based environmental management system (EMS), a financial management system, and an information technology-based system.
This article draws heavily upon the research, insights, and writing of Dr. Sandford Liebesman, as discussed in his book, Competitive Advantage: Linked Management Systems (Paton Professional, 2011). A tutorial will summarize the key principles, issues, and actions required to launch such an integrated auditing process. A second source is a book published in 2008 by the International Organization for standardization (ISO).
Four major systems and their relationships in linked management systems
Four major systems are commonly found in most organizations: strategic plans, risk assessment and management, the Sarbanes-Oxley Act (SOX), and other laws and regulations. They are among the most common parts of an organization and generally are audited separately.
Looking closely at the four systems under consideration yields a significant number of similarities and redundancies. Unfortunately, most organizations don’t recognize these factors, which result in a higher cost of operations and poor internal communication. By re-organizing the internal audit function, these organizations will begin to communicate with each other and redundancies will be found and eliminated.
A key that drives linkage consideration is the broad requirements of SOX. These requirements focus on the accuracy and integrity of an organization’s financial reporting. In addition, by realizing that SOX and ISO 9001 are related, many redundancies can be identified. Liebesman’s article in the September 2005 issue of Quality Progress discussed these redundancies.
Auditing LMS–A brief tutorial
The following items are key inputs to the development of the auditing function for LMS.
- The separate auditing functions now responsible for quality, environmental, financial, and IT systems management audits should be combined under one top management position. This most certainly will be a major cultural change and must be part of the organization’s strategy.
- The basic auditing tenets of preventing auditors from auditing functions for which they are responsible and confidentiality, proprietary processes and information, and fraud prevention are just some of the issues that must be resolved before forming a LMS auditing function.
- If the organization has been doing business for a long time, the organizational values, modus operandi, and cultural norms might seem to be embedded in cement and most will need major changes or redirection. A start-up organization faces a less-strenuous journey in this regard because it can incorporate the values and cultural norms leading to linked management systems as it grows.
- A very strong, long-term, and earnest commitment and visible involvement are required of top management. Real and imaginary obstacles must be overcome.
- Systems thinking must replace fragmented thinking. Everyone in the organization must assimilate the concept that everything is connected in some way with everything else. People in the organization must become aware of the potential effects of their actions on the entire environment in which they function.
- Auditor training and their performance evaluations require clear definition and clarification. Content of training, protocol modifications, and procedural changes will be needed.
- Continual environmental scanning to identify and monitor all the critical forces that can affect an organization should be instituted and maintained. Especially critical to watch are proposals for new laws, regulations, and standards.
The following knowledge is critical to auditing LMS:
- An overall understanding of the key elements and the effect these elements have on the organization’s stakeholders.
- Overall understanding of the legal and regulatory requirements affecting the organization and the extent to which these requirements permeate the operational and supportive subsystems.
- Competency in assessing/auditing one or more of the management systems within the LMS.
- Understanding how the four key management systems overlap and interact.
- Thorough knowledge of the applicable protocols and practices constituting an effective assessment/audit of the LMS.
Key issues to address when auditing the organization’s LMS include:
- Is top management’s support and involvement in promulgating the LMS strategy and practices visible, believable, consistent, and enthusiastic?
- Has the overall organization’s culture been described and are the culture changes needed to address the LMS strategy identified and prioritized?
- Are the core values of the organization undergoing scrutiny and continual enhancement to provide a solid foundation for achieving effective LMS?
- Are the actionable change plans treated as strategic objectives, measurable, and supported with adequate resources?
- Are the new LMS practices acknowledged and treated as ongoing continual improvement efforts?
- Is continual concern for and attention to LMS principles and practices evident in the agendas of all organizations and embedded in the design and implementation of organizational change efforts?
- Are there education, training, and communication actions planned and/or implemented to ensure that the journey toward LMS embraces every stakeholder of the organization?
- Have metrics been established, tested, and implemented that clearly contribute actionable information to help guide management in achieving the organization’s strategic LMS objectives?
- Does every employee of the organization understand the intent and benefits in growth and value of LMS?
- Are the people who are tasked to design and implement the LMS practices trained adequately to apply project planning and project management techniques and tools?
- Have contacts been made with organizations that have successfully launched LMS with positive, measurable outcomes?
- Have the lessons learned from these contacts been documented, analyzed, and disseminated to project teams charged with the responsibility of developing LMS?
Changes from auditing QMS to auditing LMS are:
- The auditors/assessors involved in auditing LMS must receive special training and acclimatization to C-level perspectives and challenges. LMS reach is throughout the organization as well as beyond to the whole environment in which the organization functions. It’s broader and deeper than the “BIG-Q” philosophy of the quality improvement and management initiatives.
- For those who remember early total quality management (TQM) efforts, three key elements were often missing: elevation of TQM to a top-level strategic objective with sufficient resources, a process for effectively and efficiently implementing TQM, and the identification and measurement of outcomes from the initiative. LMS initiatives must not suffer the same confusion and neglect.
- It’s necessary to have an executive-level champion responsible for overseeing organization-wide LMS objectives.
- LMS project teams must be multifunctional and multidiscipline experienced. Auditors must assess the diversity and adequacy of the composition of the project teams relative to achieving LMS objectives.
- Innovative metrics must find or be invented to measure results as well as furnish actionable information for management to effectively guide the direction of the organization. Input to a meaningful balanced scorecard is desirable. Auditors must assess the timeliness, completeness, accuracy, and overall usability and effectiveness of the measurement processes.
- As a last caution, auditors should remember that a LMS initiative is a major culture change. As such, basic systems such as employee compensation, selection and hiring, training and development, supplier relations, stockholder relations, customer relations, public relations, and other practices may require overhaul to achieve LMS objectives.
- Suggestions about auditing tools and techniques include:
- Taking the process approach starting with identifying the key process in each management system.
- This includes identifying the processes that are part of more than one management system and are requirements in multiple functional units.
- Checklists are fine but focus should be on assessment and effectiveness evaluation more than just compliance.
- Review any documentation that purports to support claims of LMS such as:
- Metrics, especially return-on-investment (ROI)
- Verify that the claims made directly support one or more of the strategic sustainability objectives.
- Assess the legitimacy of the claims and their effect on the stakeholders.
- Review the content and effectiveness of the dashboards/balanced scorecards used by management in their decision making.
- Discuss each finding with the employees involved and their management.
The second half of this article appears in the January—February 2012 issue of The Auditor. It will include two case studies and three tables identifying topical areas to address, potential audit questions, and potential measurements.
About the authors
Russell T. Westcott is an ASQ Fellow, certified quality auditor, and certified manager of quality/organizational excellence. He edited The ASQ Certified Manager of Quality/Organizational Excellence Handbook, Third edition (ASQ Quality Press, 2005), and was a co-editor of the ASQ Quality Improvement Handbook. Westcott authored Simplified Project Management for the Quality Professional (ASQ Quality Press, 2005), and Stepping Up to ISO 9004:2000 (Paton Professional, 2003). He is active in ASQ’s quality management division and the Thames Valley, Connecticut section management.
Westcott instructs the ASQ certified manager of quality/organizational excellence refresher course nationwide. He writes for Quality Progress, Quality Digest, The Quality Management Forum, The Auditor, and other publications.
Westcott is president of R.T. Westcott & Associates, founded in 1979 in Old Saybrook, Connecticut. He guides clients in implementing quality management systems, applying the Baldrige criteria, strategic planning, and project management practices.
Sandford Liebesman, Ph.D., has more than 35 years’ experience in quality at Bell Laboratories, Lucent Technologies, Bellcore (Telcordia), and KEMA Registered Quality. He has presented seminars and published articles on linking management systems and QMS/EMS support of SOX and led the team that developed the 2005 and 2006 ASQ SOX conferences. He taught statistics, quality control, quality management, and operations research at Rutgers University. He is a past chair of the ASQ Electronics and Communications Divisions and a Fellow of ASQ.