By Tom Taormina
Each article in this series (part one here and part two here) presents new tools for increasing return on investment (ROI), enhancing customer satisfaction, creating process excellence, and driving risk from an ISO 9001:2015-based quality management system (QMS). They will help implementers evolve quality management to overall business management. In this article we look at demonstrating and establishing various subclauses of Clause 5—Leadership, to build organizational excellence and assess risk.
Words have meaning. Throughout the history of ISO 9001, the terms “top management” or “senior management” have been used to describe an organization’s decision and policy makers. These individuals are ostensibly those who are accountable to themselves or to a board of directors for the company’s success. They have the power to hire and fire, and to establish the organization’s operational infrastructure.
In work with more than 700 companies, the term “management” was most often appropriate because those in charge were directors and benevolent dictators. Very few were true leaders of people who created an environment where everyone could achieve their highest level of success and excellence.
As a consultant and facilitator, I present to new clients the foundational tenet that they must learn to lead people and manage processes. That theme is repeated until it becomes the cultural imperative, or we reach an impasse, and I resign from the assignment. Although ISO 9001 has always promulgated “the process model,” the 2015 revision is the first to change the term from “management” to “leadership.” Unfortunately, changing the word is not going to change how those in charge will commit to the cultural imperative of top-down quality management.
5.1 Leadership and commitment
5.1 and organizational excellence. Quality is a state of mind, not an activity. Is your organizational culture one that strives for excellence, or is it continually pushing to get an acceptable product or service out the door? Are the principals “involved” in the QMS, or are they “committed” to living the quality policy? Remember, in a breakfast of ham and eggs, the chicken was involved, but the pig was committed.
Does your organization have individuals at the top who delegate effectively and hold everyone equally accountable? If not, you may find some tools in this module that will help with continual improvement, but excellence may forever elude you.
5.1 and risk. Just as the definition of acceptable quality varies between business leaders, so does the definition of risk. There are those who are highly aware of foreseeable risk because of the nature of the business, exposure to hazards, or regulatory compliance. Others are forced into a risk management program because of insurance or other industry requirements. Still others have been the target of a lawsuit and have been burned by lack of risk awareness.
Your organization’s leaders must decide what risk means to the company and its internal and external parties. Perhaps the most effective definition in the context of an organization is to borrow the imperative from the medical professionals to commit to do no harm.
5.1.1 Demonstrating leadership and commitment for organizational excellence. 5.1.1 contains a table of actions that technical committee (TC) 176 provided as an auditable checklist to demonstrate leadership and commitment. At least, that is how this subclause is traditionally interpreted for compliance auditing. The challenge here is taking each requirement and elevating its meaning to becoming a tenet of organizational excellence. For instance, 5.5.1 a) states that top management must demonstrate leadership and commitment by “taking accountability for the effectiveness of the QMS.” I would rewrite that to say, “demonstrating leadership in ensuring that the tenets of the QMS are our cultural imperative.”
5.1.1 Demonstrating leadership and commitment for risk. Subclause 5.1.1 d) requires top management to promote risk-based thinking. A more effective requirement would be to establish and model a culture of risk avoidance, and create guidelines, training, and processes for identifying foreseeable risk and removing it. This is a major paradigm shift for most leaders, who have no codified risk management plan, and it can be an enhancement for those who have implemented ISO 31000, “Risk management—Guidelines.”
5.1.2 Demonstrating leadership and commitment regarding customers and organizational excellence. Although the three requirements in this subclause are valid and necessary, the commitment should be more toward ensuring you are partners in achieving your customers’ goals. Customer focus is better defined as becoming facilitators for their success. As we will discuss in subclauses 8.2.1, 9.1.2, and 9.1.3, open communication and continual feedback with your customers can be a gold mine of information.
5.1.2 Demonstrating leadership and commitment regarding customers and risk. There is a passing reference to addressing risk in 5.1.2 b). Customers are the most clear and present risk threat that any leader can have. They are the ones most likely to send a process server to your door with a lawsuit. A lawsuit will fundamentally change the leader and the company forever. This will be covered in more detail in 6.1.
5.2.1 Establishing the quality policy and organizational excellence. The four requirements for establishing a policy for quality assumes that an environment of commitment to quality management and to the process model has been effectively established in clause 5.1. In my experience, that commitment is typically superficial and driven by the quality department.
In QMS implementations or upgrades that I have facilitated, the first activity is a management retreat. We do not disband until the principals have defined a vision for their business that has realistic goals. This vision must be shared with everyone. Next, they must develop a mission plan to implement the vision. Finally, we draft a set of values that will become the irrevocable ground rules for conduct and personal accountability. I call them the “always and nevers.” The “always” are standards of conduct that must be followed every day. The “nevers” are behaviors that are the unequivocal grounds for punitive action or termination.
To be truly effective, revisiting the vision, mission, and values becomes part of the management review agenda.
5.2.1 Establishing the quality policy and risk. Establishing a quality policy under the guidance of 5.2.1 does not contain a mandate for it to be followed unilaterally. A quality policy with no remedies for it not being followed is meaningless. 5.2.1 c) “includes a commitment to satisfy applicable requirements.” If traffic laws were written in this form, there would be chaos on the highways. A quality policy must include provisions for universal compliance and risk avoidance.
5.2.2 Communicating the quality policy and organizational excellence. Communicating an effective quality policy can only lead to organizational excellence if it is lived by everyone. In fact, I urge enlightened leaders to replace the concept of the quality policy with the company’s vision, mission, and values. That means continually communicating them to employees, suppliers, customers, and other interested parties. They should be modeled in written and interpersonal communication. They should be reviewed in meetings that deal with company policy, organizational change, or growth. They should be an integral foundation for root cause analyses and failure mode and effects analysis (FMEAs).
5.3 Organizational roles, responsibilities, and authorities
5.3 and organizational excellence. “Top management shall ensure that the responsibilities and authorities for relevant roles are assigned, communicated, and understood within the organization” has always been one of the most obtuse clauses in the ISO 9001 and one of the most difficult to audit. In the pursuit of organizational excellence, operational procedures and roles and responsibilities must be included in a master plan of harmonized documents that have measurable outcomes and consequences. The requirements of 5.3 are geared to compliance, not effective execution. Any individual who executes any role must be trained and certified as competent before executing the role. We will discuss this further in clauses 7.2 and 7.3. There is also guidance available in ISO 10018.
5.3 and risk. If roles and authorities are not clear, concise, and enforced, the potential for foreseeable risk is rampant. Critical nonconformities are an eventual outcome of clause 5.3’s requirements not being followed. Ensuring that “responsibilities and authorities for relevant roles are assigned, communicated, and understood” is a critical step in risk avoidance.
Leadership and organizational excellence. We have added another poorly understood term to the ISO 9001:2015 revision: leadership. There are multimillion-dollar industries that attempt to define and teach leadership, yet what does this term mean in running an organization? True leadership is creating a healthy learning community. It is developing a meaningful vision, mission, and values that are modeled and shared with everyone. It is being a teacher and facilitator. It is giving trust and expecting accountability. It is genuine dialogue at all levels. What it is not is being the passive steward of a quality policy.
Leadership and risk. Risk is another grossly misunderstood term. When I was working on projects Gemini and Apollo for NASA, we knowingly and volitionally took assumed risks by combining new technologies in highly volatile environments. The Apollo 1 launch pad fire was an example of untested systems being assembled for the first time, leading to the death of three astronauts. Conversely, the Challenger explosion was a foreseeable risk. “Managers” decided to launch a rocket outside the established parameters for safety. They chose to launch in temperatures that quality professionals had established as unsafe, instead of incurring the expense of aborting the launch and having to defuel the rocket.
Although the risks in your organization may not, on the surface, be life-threatening, becoming skilled in identifying foreseeable risk must be the cornerstone of quality management. I have a library of case studies where seemingly innocuous products failed and led to catastrophic outcomes and loss of life.
I was commissioned to write my 11th book, Foreseeable Risk , by Lawyers and Judges Publishing in 2011. Its primary theme is helping attorneys make compelling cases in product liability and organizational negligence litigation. The book also contains the tools for business leaders to proactively implement risk avoidance in their organizations.
About the author
Tom Taormina, CMC, CMQ/OE, is a subject matter expert in the ISO 9000 series of standards. He has written 10 books on the beneficial use of the standards. He has worked with more than 700 companies and was one of the first quality control engineers at NASA’s Mission Control Center during Projects Gemini and Apollo. He is also an expert witness in products liability and organizational negligence.