By Julius DeSilva
ISO 9001 certifications have seen a decline during the past two years, per data from the International Organization for Standardization (ISO). Some say the standard has gotten too complicated with the introduction of organizational context, risk-based thinking, and the removal of mandatory documented procedures. Even a few of my company’s clients have considered letting their certification lapse because conformity to the new standard was perceived as too complex.
To certify or not
Let’s begin by looking at the purpose of ISO 9001. The standard provides a framework for organizations looking to put in place a system that will enable them to consistently deliver products or services that meet their customers’ requirements and enhance their satisfaction. ISO 9001 certification is external validation that the system meets the requirements of ISO 9001. However, ISO 9001 allows organizations to use the standard and self-declare conformity without incurring the cost of certification. Many argue that there is no value in doing this. This is probably correct if you are implementing a system to meet a contractual or customer requirement. In these cases, certification is a requirement.
Waning trust in the system
Organizations that implement ISO 9001 for the benefits it will deliver in improved productivity, reduction in process waste, and management of risks have seen the bottom line improve with time. (Guasch, L. J., Racine, J.-L., Sanchez, I., and Diop, M., Quality Systems and Standards for a Competitive Edge, World Bank, 2007.) If implementing the standard enables consistent quality, why then the reluctance? Perhaps the trust in the ISO 9001 certification process has declined over time. Often have we heard from quality managers of the challenges faced when they raise nonconformities in internal audits. These are often viewed as finger-pointing exercises because the certification body has already audited and “cleared” (i.e., certified) the system.
We have also heard from clients of certification bodies and auditors wanting to view documented evidence of organizational context, stakeholder needs, and risks. However, the standard does not require these to be documented and leaves it up to the organization to determine the risk of not doing so. Some auditors, however, struggle with auditing undocumented systems and auditing to the new standard. (Fonseca, L. and Domingues, P., “The Results Are In,” Quality Progress, Oct. 2017.) As a result, organizations start documenting their systems for the auditors and certification bodies, which results in a system tailored for auditors and forced on the organization. Auditors are meant to provide inputs to top management to help them make better decisions; instead, auditors and audits now have become the product. The standard’s intent to act as a preventive tool gets lost in this compliance process. The system must be designed for employees, not for auditors.
During the past two decades there have been several mergers and acquisitions leading to larger multisite organizations and (perhaps as a result) a reduction in certifications. As these organizations have grown, and maybe in part owing to the declining trust in the certification system, they have decided to conduct their own supplier audits. As such, suppliers have chosen to let their certifications lapse because they are nevertheless being audited by the customer and that is the audit that really counts for them.
Supplier audits are more focused on the customer contractual requirements. Organizations that perceive ISO 9001 as a documentation burden will then document only the parts of the system to meet contractual requirements rather than to meet the organization’s requirements based on ISO 9001. These organizations fail to see that ISO 9001 leaves the extent of system documentation up to the organization and often perceive the standard as requiring everything to be documented.
Although quality does matter, and customers are still looking to receive a quality product, oftentimes incorrect interpretation of the standard leads many to forgo ISO 9001 certification. At times other certification requirements, like CE marking, may be more desired and certification to two standards burdensome. In that case, ISO 9001 certification gets the boot.
Organizations looking to gain the benefits of a quality management system need not reinvent the wheel. ISO 9001 provides the framework that essentially reflects business 101. If you don’t need ISO 9001 certification, then you can self-declare and let the doubters come and assess your system for themselves. In the meantime, you will still gain from a well-implemented management system. Remember, you already have a system that has brought you this far; align ISO 9001 to your system, and not your system to ISO 9001.
About the author
Julius DeSilva is a senior vice president with Quality Management International Inc. A former merchant marine officer, he has assisted organizations of varied sizes across a wide spectrum of industries implement process-based management systems conforming to ISO and other standards. He is well versed in the following standards: maritime safety/security, aerospace, environmental, supply chain security, and quality. He teaches, consults, and audits in these disciplines, including process improvement and leadership-related topics. DeSilva received his MBA from the Darden School of Business, University of Virginia. He is a PECB-certified ISO 9001 lead auditor and is a member of the Nautical Institute.