by Dennis Arter
Management systems are evolving as part of a larger trend toward risk management and sustainability. We are entering the fourth era of organization management. First came the control era, where the focus was on defining and controlling characteristics, conditions, and contaminants. Then came the assurance era, where the focus was on defining and following processes. Recently, we entered the management era, where separate systems were established and often certified. Some of these systems promoted good, while other systems minimized evil. We are now entering the management systems integration era, where quality, safety, environment, security, etc. provide a holistic approach for business and government. Of course, we don’t reject our past tools and technologies. We will continue to use the proven control, assurance, and management methods, but in our new journey to identify and manage risk—in all its many forms—and promote sustainability.
With a little imagination, we can see how the classic plan-do-check-act (PDCA) model can apply to all management systems. First, we define the desirable state and how to get there. Then, we implement these plans. Next, we need to assess our progress. Finally, we need to close the gap and try to do things better, safer, and cleaner.
The quality profession is quite mature in applying these PDCA concepts. The ISO 9000 family of standards started with the MIL-Q-9858 foundation of the 1950s. Aviation, food, medical device, and pharmaceutical regulations emerged from this early foundation. We see a great deal of harmonization in these quality methods around the globe.
Environmental management approaches were defined in the 1980s as it became obvious to citizens and government that pollution was harmful and unacceptable. The ISO 14000 family of standards took the quality base and added risk management concepts. We must define the sources of air, water, and ground pollution. Then we must assess the effects of these identified pollutants. Unacceptable pollutants must be avoided, transferred, or mitigated. Next, we see how well we are doing and close the gap.
Occupational safety and health management has classically been implemented through control (inspection) and assurance (procedures) methodologies. Recent events and international trade have demonstrated a need to apply systems principles here too. The publication of OHSAS 18001 by ISO/ILO in 2007 was not warmly received in most countries. In the United States, government regulation in process safety management has had some influence in the oil, gas, and chemical industries. In general, occupational safety and health is a growth profession.
Security management has recently been in the news. Information security, homeland security, cyber-warfare, bio-terrorism, and business continuity are all discussed in the boardrooms and legislative halls. Despite—or perhaps because of—its relative newness, the security profession has applied PDCA concepts and systems principles from the beginning. This is also a growth industry.
Government initiatives and international standards activities have suggested that professionals like us will play an increasingly important and rather different role in these integrated management systems. Around the world, companies and regulatory bodies are examining the evolving roles of audits, security, safety, transparency, environment, and green initiatives. Professionals and their societies are expected to widen their scope of activities. Corporate, government, and community stakeholders are all demanding more for less.
This coalescence is often called “sustainability” or “social responsibility.” People, planet, and profit all matter. Cultural attitudes also matter. Corporate governance, also known as governance, risk, and compliance (GRC), may also be moving in this direction.
This is certainly not your father’s kind of auditing!
About the author
Dennis Arter is an author, consultant and trainer from Kennewick, Washington State, USA. He earned a bachelor’s degree in chemistry from the University of Illinois and became a nuclear submarine officer. After military service, Arter wrote Quality Audits for Improved Performance, a best seller published by ASQ Quality Press. He teaches and publishes on auditing, management systems, and risk. Arter is an ASQ Fellow, Certified Quality Auditor, and former member of the Board of Directors. Over 10,000 people have learned to audit from his teachings.