ISO 9001 Critique
Michael Lead Auditor/ Consultant Desai
Managing Director at Australian Consulting & Compliance
ISO 9001 Critique
Critique of ISO 9001
Before I start this article, let me have a chance to boast about my credentials. I implemented first system back in 1988 and it was one of the first few organisations in Australia to achieve certification back in 1989. Since then, I have been on both sides of the fence umpteen times so to speak while working as a senior executives in different organisations. I have been self-employed for past 10 years and a freelancer auditor for systems and product certification various certifying bodies and as a consultant for small to large global organisations. Enough!
Disclaimer: Following is my understanding of the standard and I claim to have no particularly expertise. It is based on my understanding of requirements over the years of implementing and auditing hundreds of organisation in various countries around the world. You may or may not agree with me but I thought that there’s a need for robust discussion for ISO 9001: 2015 that would eventually flow on to the requirements of other standards.
In my recent visit to the US, auditing for the product certification for Australian StandardsMark, I met with a Senior Quality Engineer in a reasonably large company with an effective and practical ISO 9001 system in place. During our lunch break, we were discussing about the ISO 9001: 2015 requirements as you normally do. He made a statement that literally rocked me. He said that his certification body in the US told him apparently (I have no reason to doubt his version) that Risks and Opportunities must be defined but there’s no need to document them!! I had to repeat the question and received the same answer. Really? Lordy, how can anyone audit someone’s verbal spill without documentation? For the life of me, I can’t even fathom a system can exist without documentation and that is audited on a verbal spill. Remember objective evidence is the key for auditing and to audit a system otherwise, is not audit in my view.
We all know these ISO standards for Quality, Environment, Safety, Food, IT etc. are subjective standards. Implementing and auditing, therefore, must depend on people involved with their qualifications and experience, understanding of industry – kinda philosophical. You could have a simple, no frill system but very effective and the other extreme could be hugely expansive system but not effective at all. I’d like to use the system should be “horses-for-courses” for any type of organisation for any system and there’s no such thing as one-size-fits-all. System should be based on complexities of products, culture, education of employees, type of industry etc. but underlying requirement must be that a system must be value-adding, practical, less irritating, easy to implement & maintain and continues to improve that provides tangible benefits. Let’s be honest there is no such thing as a perfect system. But learning from second and third party auditors of their findings and taking them positively should be encouraged. Systems chuntering along are an issue with no direction for the benchmarking for achieving bigger goals.
Systems should be like populists politicians
· Speaks directly, if inelegantly;
· Almost totally devoid of jargon;
· Words reflect inner state, however disgusting;
· Feels no need to smile stupidly as it is not made for a camera
· Doesn't pretend to like or respect their opponents;
· Doesn't suck up to journalists
And why populist politicians are successful because politics has become too euphemistic, too phoney, too scripted, too full of jargon, and too bland. Same for Systems. Get the drift?
When do organisations think they are tired of Systems such as ISO 9001 and others?
· When it thinks auditors are essentially villains.
· When it thinks the systems certification is costing them fortune than it gives returns on investment
· When it thinks that systems have to be in place because of customer requirements rather than its own commitment
· When it thinks it doesn’t need to do more and let the system be status-quo
· When it thinks it needs more investment to manage the system
· When it thinks that systems are taking too much resources with no tangible benefit – like drunks refusing to leave a party will ever actually amount to anything.
In a nutshell, ISO 9001 or any other system might be considered as effective system but it has to be taken with some caution. The illusion of control has been found to contribute to the overconfidence bias. And it's a lot more common than you may think. It is, for instance, the reason people keep asking economists for their forecasts about the economy even though they know economists are hopeless forecasters. We like to delude ourselves we can control the future.
Discuss.
Owner at C & S Services International
5 年I agree with you Michael,especially "there is no one size fit"s sll". In my view the human trait of taking the easiest way,I.e. copy what some one else has done, means that people don't go back to the basic question " what are we trying to achieve in this specific instance?", and hence the innovative,creative "wordsmithing"of the system very rarely occurs. It seems that genuine creativity is rare species in the sum total of human endeavor ,of which Quality Management Systems are a part. BOB C.
MD. MPH. PhD. Public health physician and environmental health epidemiologist - Applied spatial and statistical analyses in health - Chief investigator international collaboration QUT - UQ - UDES
5 年Hi Michael, Thanks for sharing your thoughts and the clear and direct language. This is an important discussion.
Chief Human Resources Officer - Authority of Health & Medical Education Department, Iraq
7 年Agree on this
Head HR & Admin | x-Shaukat Khanum, x-PKLI & RC, x-Indus, x-Kulsoom Hospital , x-Lawyer LHC?? | People+Talent+Strategy | HR Digitalization | Employee Relations + IR | Employee Engagement | Certified Auditor
7 年agree but my small question health care organization cannot get benefit by implementing ISO, they need JCI, SO why audit firms are auditing them for ISO
CEO, PIQC Institute of Quality
7 年Legitimate concerns Michael. Juhani's article also value adding and raises similar concerns. Appreciate all views and inputs. The new standard seems to have deviated from a number of conceptual foundations laid down in earlier standard. It looks like they wanted to simplify the standard, and at the same time enhance its depth/scope; e.g. from customer to interested party (given previously in ISO 9004 theme); from narrow definition of quality to business excellence (given in other business models); from preventive action to risk based thinking (given in ISO 31000), and a few others. May be we accept these key concepts, but the problems comes when it comes to structured implementation and auditing. Secondly, it looks like the standard developers did not do enough homework to align the 2008 version with the 2015 one. 95% of the standard implementers already have 2008 version in their firms. They suddenly find many things missing (like manual, docs, MR, etc); leaving many far apart interpretations. As a result, the options vary from totally immature to mature practices while implementing, as pointed out by Michael, e.g. in risk management, context, etc. TC176 should ensure that the transition to any new version is always linked with the previous version, as well as smooth, easy and value adding; not abrupt, dis-integrated and vague from the implementers and auditors point of views as well.