Richard Shearwood-Porter of The HSQE Department looks at the up and downsides of implementing ISO management systems, and highlights some common problems to avoid.
What are ISO management systems standards?
An ISO management system standard is a framework with which an organisation can manage the interrelated parts of its business in order to achieve its goals. These goals can relate to many different areas, such as product or service quality, operational efficiency, environmental performance, health and safety in the workplace and information security.
ISO standards are developed by the International Standards Organisation, which brings together panels of subject-matter experts from all over the world. Panels may spend two years or more, and publish a number of drafts, before a new standard is released. This process ensures that standards are best practise, but that they are also very useable.
For a number of years, ISO standards have been written around a template, which means that they have a large number of common requirements such as the need to understand the environment in which the organisation operates; the commitment of top management; improvement objectives; competency in the subject of the standard; and compliance. This commonality means that different standards can be integrated with relative ease.
Where standards differ is in their subject matter, which focusses on how to maximise opportunities and mitigate risks. The most widely known and commonly used management system standards are:
- ISO 9001 for quality and general business management
- ISO 14001 for environmental management
- ISO 27001 for information security
- ISO 45001 for occupational health & safety
What are the potential benefits?
A report produced for the British Standards Institution in 2015, funded by the Department of Business Innovation & Skills, found that the adoption of certified ISO management systems was responsible for up to a third of annual productivity growth and a quarter of GDP growth over decades, and that business sectors improved their annual turnover by between 1.7% and 5.4%. The report confirmed similar findings in France and Germany. Common factors that drove these improvements have been identified as:
Improved performance:
A management system ensures that all of an organisation’s processes and working practices are understood by the workforce & are driven by business objectives, which reduces misdirected effort. This can free managers and employees to carry out more important work for the business.
Management of risk:
A quality management system in particular encourages organisations to improve the consistency of the products and services they provide, which reduces the risk of costly remedial work and customer claims. It also ensures that the organisation’s supply chain and contractors are under control, reducing the chance of delay or downtime caused by materials or work being defective, delivered late or not delivered at all. Other management systems focus on compliance, to ensure that the organisation meets clients’ expectations and legal obligations that may apply, thereby also reducing the cost of both compliance and non-compliance.
Reduced operating costs:
A good management system increases the visibility of wasted time, processes and materials. This allows an organisation to put a value on poor performance and waste of all kinds so that it can prioritise programmes for improvement and increase productivity and margin. As a rule, an organisation can save 20% of turnover by doing things right-first-time-every-time.
Increased customer satisfaction:
A quality management system ensures that products and services are supplied on time & to the customer’s specification. ISO 9001 requires that customer satisfaction is measured, so that an organisation can identify & respond to adverse trends before they cause damage to reputation. ISO 9001 also ensures that an organisation has an effective response to customer complaints. Research has shown that an organisation that handles complaints well, often has a more loyal customer base than one that has no complaints at all.
Increased sales:
Certified management systems boost an organisation’s reputation and give access to customers that demand that their suppliers hold a certified quality management standard. Being able to demonstrate a credible certified management system reduces the work needed to pre-qualify and tender for large public & private sector contracts.
Improved employee performance:
ISO management systems ensure that employees are more involved in the business, leading to better morale and lower staff turnover. Skill shortages and lack of competence are identified and addressed earlier, leading to fewer mistakes and a higher rate of work that is right-first-time. Team working problems can also be readily identified.
What are the potential downsides?
Setting up and maintaining a certified management system expends resources in the shape of time and money and some organisations think solely of “an ISO” as a badge that gives them access to customers that require them. These organisations are unlikely to achieve many of the potential business benefits and, to them, the maintenance of a management system is simply an overhead.
Many organisations also struggle with the discipline of keeping up with internal audits of the management system and of carrying out reviews with their top management. This is often caused by the pressure of day to day priorities of running the business, so that workers that have been trained as auditors, and managers who are required for review meetings, keep putting them off.
A common problem is a tendency of some organisations to overcomplicate their management systems with a profusion of written procedures and forms. This leads to the management system soaking up resources and becoming a barrier to the smooth running of the business. An ISO standard specifies the minimum requirements for conformance and an experienced consultant can help the organisation to navigate these.
Finally, not all certification bodies are equal. In the UK, certification bodies are accredited by the United Kingdom Accreditation Service (UKAS) which is approved by the Government to police companies that award ISO certificates and to ensure that they meet high standards. UKAS accredited certification bodies are prohibited from offering consultancy. There are bodies that operate outside UKAS accreditation, which offer consultancy as well. They are cheaper, because they do not have to pay fees to UKAS, but they are, effectively, marking their own homework and the management systems that they offer can be ineffective. We liken this to buying a degree from the “University of the Mid-Atlantic”. Be warned – you get what you pay for.