Why do so many ISO 9001 Implementation Programs Fail?

[Sidney Vianna]

Many people believe that ISO 9001 should be categorized as a business management system standard, rather than a quality management system document. The word quality, in their opinion, confuses the users of the document and make it for a harder engagement with top management of the organization. In this very forum, I have had numerous exchanges with very clever and knowledgeable people on this subject. So, let me be as clear as I can, from the outset: I still believe that ISO 9001 (and all the other Industry sector augmentations, such as AS9100, ISO 13485, ISO/TS-16949, TL-9000, etc.) are appropriately classified as Quality Management System Standards.

The proliferation of other discipline-specific standards, such as ISO 14001 for Environmental management, OHSAS 18001 for Occupational Health & Safety management, ISO 27001 for Information Security management, ISO 22000 for Food Safety management, ISO 28000 for Security management, ISO 50001 for Energy management, etc. just prove the point that there is much more for a business to manage, other than quality. Even ISO 9001 in itself is not the end-all, all encompassing model for quality management. When we realize that ISO 9004 addresses many additional aspects of a high-performing quality management system, not touched upon by ISO 9001, we should reach a conclusion that ISO 9001 is a relatively unsophisticated approach to quality.

I have been in the management system conformity assessment business for over 20 years and acted in many different roles, such as a lead auditor, instructor, business developer, account manager and trainer, I have had the chance to work with hundreds of organizations, over these last two decades. From very small mom & pop shops to Fortune 100 organizations. From organizations in the very early steps of their quality journey to Malcolm Baldrige Award winners. From high tech to low tech to no tech. Irrespective of size, maturity, industry sector, ownership, etc., most organizations struggle with an effective implementation and maintenance of a quality management system. Most quality professionals report significant challenges in getting and maintaining top management connected to the QMS, interested, supportive and involved. Many organizations have a difficult time making a business case for maintaining ISO 9001 (or any other QMS standard) certification when economic hardship sets in. Most quality professionals resent the fact that other departments and functions don’t buy in and support ISO 9001 implementation. Why is that?

Folks, there are several reasons for this to happen, but, by and large, the primary culprit is the misunderstanding of how ISO 9001 should be implemented. Going straight to the point, most quality programs fail because organizations don’t understand the difference of managing of quality and managing for quality.

Managing for quality is the concept that the organization business processes are designed, maintained and improved to incorporate proper quality principles and practices. So, quality and customer satisfaction become the natural result of running the organization’s business processes. Managing for quality requires that each process owner will ensure their processes have the appropriate requirements for effective and efficient quality, environmental, occupational health & safety (to name a few disciplines) embedded in the process. For example, a New Product Introduction Process (which is a key process for many organizations) goes across several departments and functions and transcends the requirements of ISO 9001 section 7.3. But, instead of developing, maturing and improving the NPI process, what do many organizations do? They have a procedure to comply with 7.3 of ISO 9001. Instead of someone at the Engineering function being appointed as the NPI process owner, someone in the quality function will be responsible to baby-sit the organization for compliance against 7.3. There are tremendous implications in the different approaches. While the first approach promotes process ownership by the appropriate individuals, the second approach promotes the unsustainable path of someone from quality “policing” other departments (such as Engineering) to ensure they go through their necessary steps of planning, input, review, output, verification and validation. Such path is ineffective and can not be sustained over time.

Any organization has business process to operate. The key for effective and sustainable ISO 9001 implementation and certification is to make ISO 9001 INVISIBLE to most people working there. Comply with the standard(s) by embedding the applicable requirements into the business processes. That is the way to do it. Conformance with voluntary standards should be similar with compliance with legal requirements: it should happen as a natural deployment of a process that was designed to comply with the law. The operator on the shop floor should not be required to know the law(s) (such as FDA, EPA, OSHA, etc.). S/he should simply be required to follow the established process.

So, why don’t more organizations experience this epiphany? Unfortunately, in many cases ISO 9001 implementation and certification is misperceived by top management, as something that the quality folks can do in isolation and “in absentia” of the rest of the organization. And, in many cases, the quality professionals “tasked” with ISO 9001 implementation and certification are not proficient either in “business-process-language”.

So, in summary, I contend that if you want to have an effective ISO 9001 conforming QMS, make ISO 9001 invisible to most of the workforce. A few people should be aware of the requirements, in order to ensure that the business processes comply with the standard, but most of the workforce should not have to be exposed to ISO 9001, just like most people in a company are not trained in regulatory and statutory legal requirements which must be adhered, by the organization.

Comments, anyone?

[Jennifer Kirley]

I have met many, many people whose view of their world is defined by their perceived role and expectations placed upon them. These people understand their fields very well, but resist the suggestion to stray into someone else's field - in my case that means "quality is for QA people."

With such people the business case will be about outcomes, not about how they achieved the outcome - unless they want to focus on failure to achieve. Research on failure to achieve will tend to be based on tangibles: things that can be counted or inspected. Expanding the investigation into "how we do stuff" and why we do the things we do is a kind of voodoo medicine, subject to suspicion because it's so poorly understood.

Too often expectations don't include enough about "how we do stuff" but that the countable or inspectable outcome is produced. When this happens people aren't encouraged strongly enough to form good discipline in revision control or process tools like FMEA/MSA. When the organization rewards people based on countables/inspectables and not "how we do stuff" we may make wonderful product but be among the worst companies to work for. Groups are not working in sync with each other; technical top performers may act like tyrants within their groups. Bad behavior is tolerated because "He/she really gets results."

All of that is often hard to detect because again, people tend to have a narrow view. They will focus on things within their specialty and less so on impacts on their internal customers in dependent or downstream processes.

Standards are supposed to provide a framework so that all of this gets addressed. However, very often the elements are viewed as a list of requirements and a good deal of effort is expended to ensure those requirements don't intrude on what it is they really think they should be doing. That effort ranges from simple willful ignorance to maintaining a dual set of processes: one is a "dog and pony show" while the other one, which actually produces the outcomes, is favored and maintained.

I have also seen lots and lots of people who are poorly assigned roles. We hire/assign people based on what we expect out of the job, not about what the person is best positioned to deliver. They may not be given resources to do the job well, or they may not feel enough concern to press for resources, or they might not have (or believe they have) enough authority to press for these resources.

Lastly, though it should be listed first, we very often have a top management team that doesn't understand these things and how they work together to form dysfunction, or believe they should understand.

[Jim Wynne]

While I agree wholeheartedly with the idea of doing away with "ISO" systems as you suggest, the problems are far deeper and much more intractable than just misbegotten implementation.

When it first became evident that Japan was doing a much better and faster job of new product introduction, the response wasn't to emulate, it was, by and large, a simple and simplistic acceleration of everything. It seems that the thought was that we could do it just as well as the Japanese, we just had to do the same things we had been doing, but faster. Big mistake.

The result has been demands on the part of OEMS for supply chains to get "leaner" and for price concessions from suppliers, while expecting suppliers to do more work in less time. The general idea of APQP as a conscientious practice has gone out the window because OEMs (in all industries) are demanding lightening-fast turnarounds on RFQs, and devil take the hindmost. If you're a job shop owner you know that if you don't accept a job almost blindly, that someone else will, so you have to take your chances.

Then there's the problem of OEMs talking out of both sides of their mouths. They nibble away at quotations until there's practically nothing left, opting for the cheapest way out they can get, and then complain bitterly when their "strategy" backfires. Case in point: in quoting a job for a zinc-plated metal stamping, the initial quote includes charges for rack plating. The customer balks at the price, and is told that the parts can be barrel-plated, but the process isn't as controllable as rack plating, and some small percentage of defectives is almost inevitable given the quantities involved. "Give us the barrel plating," they say, and all is well until the first defective piece appears on their production line, and then they go into "zero defects" mode and demand corrective action and completely refuse to listen to reason. The amount of money that's wasted every day over this kind of stupidity is staggering.

American manufacturing, in general, is designed to force things through the system as quickly as possible, at the lowest possible price (never mind cost), and everyone is so busy doing the work of three people (Moe, Curly and Larry) that things like ISO 9001 just become more meat for the sausage grinder.

[Icy Mountain]

Quote:

In Reply to Parent Post by Sidney Vianna

The key for effective and sustainable ISO 9001 implementation and certification is to make ISO 9001 INVISIBLE to most people working there.

Absolutely! That's why both of my ISO 9001 implementations have worked so well. The only part of our quality system where we regularly consult the Work Instruction is our Product Development Control Process, because we are working the investigation and development toward a set of very specific deliverables (e.g. specifications, cost, etc.)

The rest of the company is doing what they do (and in most cases what they've always done) and, since it is compliant, we just documented the processes. Oh sure, we've got a few new things, like a formal corrective action system with a tracking database (stop making the same mistakes over and over), a strict approved suppliers list (stop buying the cheapest part from cheapest supplier regardless of quality or legitimate origin), and tight control of drawing revisions (stop building to incorrect, incomplete or misleading prints, we revised it for a reason). However, all of these things that weren't compliant before our registration effort were costing us a fortune in doing things a second time that could easily have been done correctly the first time, except nobody was sure what "correctly" was.

[ScottK]

While I agree with most of what you write, I disagree that it should be invisible to the general populace.
My experience with leading QMS implementations is open communication and active participation with some level understanding of the what's and why's at every level of the company is a necessity.
This has been particulary important in the companies where I've worked that must follow cGMPs or EU directives because it provides a reason for doing things consistently or in a cartain manner other than "because it's what management tells you". "Because Daddy says so" is not effective with kids and it's not effective with adults either, it teaches nothing.
Giving "the people" a basic understanding allows them to take greater ownership in what they do and ultimately allows them contribute to improveing their processes in reasoned manner.

Yes, you can do all this with or without a standard or even showing the standard to most people... but people want a flag to follow. I think standards and regulations help provide that flag to the leader of the effort - whether it's implementing or continuing improvement.
Don't make it invisible... make the QMS easy to compljy with, but toot your horn and give your people something to celebrate when you get or maintain your various certification/registrations.

Now keep in mind I work in small-medium companies where I can get a whole shift of a facility together in a large lunch room for training and Q&A's... might be another story in a larger corporation.

[Sidney Vianna]

Quote:

In Reply to Parent Post by ScottK

"Because Daddy says so" is not effective with kids and it's not effective with adults either, it teaches nothing.

In my experience, people will follow the processes when they realize that they are the organization's way of running the business. They pay my wages. As long as I work here, I should follow their process. I think it goes beyond "because daddy says so". Irrespective of ISO 9001, organizations that don't have process definition and discipline are, for the most part, ineffective.

Quote:

In Reply to Parent Post by ScottK

but people want a flag to follow. I think standards and regulations help provide that flag to the leader of the effort - whether it's implementing or continuing improvement.

The problem with that concept is the fact that this "flag" becomes the quality assurance flag because ISO 9001 is a quality management system standard. So, other functions in the organization don't see that flag as their flag nor something they should preoccupy themselves with.

[howste]

Quote:

In Reply to Parent Post by ScottK

This has been particulary important in the companies where I've worked that must follow cGMPs or EU directives because it provides a reason for doing things consistently or in a cartain manner other than "because it's what management tells you". "Because Daddy says so" is not effective with kids and it's not effective with adults either, it teaches nothing.

To me, using the directives as motivation is like saying "because BIG Daddy says so." They don't motivate people to do things better any more than management ordering them to do it.

Also if managers tell people to do things one way, then reward them for taking shortcuts, the louder message they hear is that they should cheat when they're not being watched.

In my view, people should be doing things consistently and properly because they have been shown that they achieve consistently good results that way - and leaders need to reward the right activities.

[Colin]

Wow Sidney, this should have been a post for those long winter nights, it could be a long one! Great question but I would want to clarify what you mean by 'fail'. If the intention of an ISO 9001 project is to change people's whole attitude towards the way they work (culture?) then I agree that most projects fail but if the objective was to put a better structure in place for achieving quality then I think many do work.

Don't get me wrong, I agree that there is a long way to go any many clients I audit have a 'paper thin' approach to retaining certification (witness their internal audits and management reviews) but having that certificate gets them work so how can that be a failure?

As for keeping ISO 9001 invisible to the masses (I think I can see your tongue firmly in your cheek there), there are many people driving cars who don't have a clue as to what is under the bonnet/hood (forgive the English) but they can use their car successfully each day. However, they can only call for help from a specialist if something goes wrong. This is where I define the difference between being trained to do something as opposed to be educated to understand something.