By Tom Taormina
In part one of this series, I said that I want to help my colleagues use their ISO 9001 implementation as a profit center and to turn risk-based thinking into risk avoidance. To do this I will share a set of tools that help evolve quality management into business management.
These tools include:
• Evolving the requirements of ISO 9001’s Section 4 from merely defining the context of the organization to working with senior management to create, implement, and make shared vision, mission, and values a cultural imperative
• Redefining Section 5 to include roles and responsibilities for everyone in the organization that are measurable and inextricably tied to the key business success goals and metrics
• Including in Section 6 the tools and culture of risk avoidance
• Evolving Section 7 from support to an outcome-based, risk-and-reward culture
• Expanding the scope of Section 8 into a holistic business management system
• Redefining Section 9 from performance evaluation to an enterprisewide culture of individual and team accountability
• Expanding Section 10 from continual improvement to business excellence
In coming installments, I will provide experiential data that make compelling cases for quality as a profit center and risk avoidance. I will also provide specific suggestions for incorporating both into each clause of the standard. The theme and objective will be to sunset the limited effectiveness of traditional quality management and create an enterprisewide business management system that drives organizational excellence and shields companies from liability.
Starting with a look at Clause 4, each article in this series will present new tools for increasing return on investment (ROI), enhancing customer satisfaction, creating process excellence, and driving risk from an ISO 9001:2015-based quality management system (QMS). It will help implementers evolve quality management to overall business management.
Clause 4, Context of the organization
Clause 4 compels the organization to look objectively at both the internal and external issues that can affect the strategic objectives of the company. By systematically identifying every factor that can affect the successful operation of the organization, a matrix or process flow chart can be developed that will ensure that every critical factor in the business is identified, continually evaluated, and controlled.
Clause 4 goes on to require that the organization evaluate the needs and expectations of all “interested parties.” It exists to ensure that everyone, from employees to customers, suppliers, and shareholders, are in the loop in terms of their needs and expectations, and a that a channel exists for effective communications.
With influencers and interested parties determined and codified, the organization can more effectively determine the scope of the QMS. All these key inputs are necessary to build an effective process-based QMS.
The benefits are that senior management has formally defined processes whose outcomes can be measured and continually improved. The process owners, suppliers, and customers also have a baseline from which to interact with the organization.
4.0 and organizational excellence. This is the imperative to evolve traditional QMS into a business management system (BMS). This is the call to action to recast quality policy and objectives into vision, mission, and values that senior management must identify as the immutable core imperatives of their business.
4.0 and risk avoidance. This is the first step in evolving the context of the organization to a culture of risk avoidance. It is the imperative to move from identifying acceptable quality levels to driving the organization to zero outgoing defects. It is the cultural imperative to adopt the tools of foreseeable risk into every business process.
4.1, Understanding the organization and its context
Clause 4.1 is a new requirement of ISO 9001. It compels the organization to evaluate internal and external influences that can affect the objectives and planning of the QMS. This includes all issues that are, and may be capable of, affecting these objectives and outcomes in the future.
4.1 and organizational excellence. Unfortunately, most business leaders have never defined these imperatives, codified them, and built them into a business culture. This is a unique opportunity for quality professionals to learn the holistic operation of the organization and become the champions of business excellence.
In examining external issues, this is the opportunity to involve each segment of the organization to brainstorm the known external requirements and regulations, as well as the changing technology, competition, and economic trends, and create a matrix that is continually monitored, updated, and used to invoke corrective action. As with all imperatives, they must have meaningful metrics tied to the key organizational objectives.
Also, compliance with regulations and statutes that are mandatory are almost always an overhead expense. The philosophy of organizational excellence is to find why the requirements exist and how you can turn them into a profit center.
4.1 and risk avoidance. Most organizations are target-rich in foreseeable risk. You went through some type of procedural changes when you implemented ISO 9001:2015. In developing a culture of risk avoidance, you will build into every process the tools and tenets of risk avoidance.
Employing PESTLE analysis as a tool for determining external influences is a good first step in understanding the context of your organization. Learning risk avoidance in subsequent installments will compel you to examine each of the elements of PESTLE and inculcate risk assessments in each element.
Although interaction with customers is discussed in other clauses, it is advisable to include customers into examining external issues. Foreseeable risks with customers must include assessing how customers can use your products and services badly or for the wrong purposes.
In understanding the organization, it will be advantageous to compare risk avoidance with traditional overhead risk management tools and requirements, and discard nonvalue-added processes.
4.2, Understanding the needs and expectations of interested parties
Clause 4.2 requires that the organization identify individuals and organizations within and without the company that can affect all aspects of operations and products/services. These may include customers, suppliers, employees, and shareholders. Also to be identified are regulations, standards, and legal issues that are requirements which must be followed in realizing the products and services.
Once all interested parties and regulations are identified, you must determine the needs, expectations, and requirements of each, and how the requirements will be enacted within the QMS.
4.2 and organizational excellence. Assessing the needs and expectations of interested parties is a key element of the journey to business excellence. Assessing the needs of customers is mandatory. Turning customers into referrals, instead of liabilities, is the first step of understanding their needs. Understanding the motivations of employees will turn them into accountable process operators and owners and will immediately enhance key business metrics. Understanding the needs of shareholders will be the impetus to transition from quality management to whole business management. Again, better understanding of why governmental agencies and NGOs impose specific requirements will help transition implementation of those requirements from an overhead burden to imperatives for process optimization. Transitioning suppliers into partners is critical. Inviting them into the design and development process is crucial to you understanding their capabilities, and for them to contribute to product reliability and continuity of the supply chain.
4.2 and risk avoidance. Understanding the needs and priorities of interested parties is key to risk avoidance. Understanding the needs and expectations of customers is fundamental to avoiding warranty issues and lawsuits. Similarly, defining the needs and expectations of employees will make them more accountable for the outcome of their work product. Understanding the needs of the shareholders is critical to prioritizing goals. You may also expose them to the tenets of risk avoidance and foreseeable risk to help them plan and lead. Understanding the expectations of governmental organizations and NGOs will turn into innate conformance. Understanding the needs of your supply chain is a first step in ensuring that risk is not introduced through component parts or external services.
4.3, Determining the scope of the quality management system
Traditionally, determining the scope of the QMS means codifying a framework based on clauses 4.1 and 4.2. This framework must include all the requirements of the standard. It includes the processes that are mandatory for an effective QMS. It also includes a scope statement that is required for certification.
4.3 and business excellence. To evolve the scope from a QMS requirement to a business management framework requires adding the imperative to include key business requirements. This is a paradigm shift from process management and metrics to a framework of cohesive and value-add content within the scope.
4.3 and risk avoidance. Similarly, the scope must identify the areas of foreseeable risk in each process and procedure. It will become the outline for the risk-avoidance tools defined in subsequent modules.
4.4, Quality management systems and their processes
Traditionally, this clause defines the process-based organization and the interaction of the processes.
4.4 and organizational excellence. To include the tenets of quality as a profit center, each process must be evaluated for ROI and how effective it is interacting with other processes. This definition is the evolution from a QMS to a BMS.
4.4 and risk avoidance. In defining the processes and their interactions, include the tenets of risk avoidance into the process. In later parts of this series, we will discuss the benefits of developing the workflow into a culture of accountability among the process owners and operators.
The context of the organization and organizational excellence. When defining the infrastructure of the organization and the QMS, these tools provide enhanced methods that turn quality management from an overhead expense to a profit center. It more clearly defines the interaction of all internal and external factors so they can be measured and continually improved. For this to be effective, quality professionals must enhance their skill sets and become champions of the success of the entire organization.
The context of the organization and risk avoidance. When ISO 9001:2015 introduced the requirement for risk-based thinking, it opened a Pandora’s box of confusion. Risk and risk management have a plethora of definitions and actionable processes. In the context of your organization, you must decide what risk means to your company and its internal and external parties. Perhaps the most effective definition in the context of an organization is to borrow the imperative from the medical professionals to do no harm.
About the author
Tom Taormina, CMC, CMQ/OE, is a subject matter expert in the ISO 9000 series of standards. He has written 10 books on the beneficial use of the standards. He has worked with more than 700 companies and was one of the first quality control engineers at NASA’s Mission Control Center during Projects Gemini and Apollo. He is also an expert witness in products liability and organizational negligence.