ISO 9001 - Gigantic waste or Beneficial? Why does ISO 9001 exist? Got data/facts?

[Marc]

I am wondering if "the implementation process...is typically valuable" or if it is more like the shops I have worked for or with where one or two people go through the facility to implement a system based on customer mandate, and the management tends to "more important matters".

Management often gets on with their business after telling one or more person to 'get it done'.

Do most companies really benefit, or are you speaking only about companies that are doing it for the right motivation?

Define what the 'right motivation' is... Loss of customers? Customer complaints? A customer requires it or the owner sees potential increased sales? Bad 'personality' companies often derive no benefit, but even with them there is typically some benefit. It's pretty hard to not find at least one thing a company can do to improve during an implementation.

But that's part of my definition of what a 'good company personality' is vs. a 'bad company personality'. A 'good personality' company acts on data and doesn't need a standard to tell them to act when there are problems.

And do most companies persue a QMS for the right reasons or by mandate? Do you or anyone have data on this?

How do you define what the 'right reasons' are? There are many threads here where the reasons why companies go through ISO 9001 (and TS and AS, for that matter) are discussed. I'm betting there is at least one with a poll, if not more than one. The consensus is always the same - Almost all companies do it because of a customer requirement or as a sales/marketing aspect.

A QMS by mandate is, as the word implies, a 'forced' compliance scheme whether mandated by a customer or even by corporate. The question is does data indicate a need or not. Most all implementations - I'm guessing at 95% - are driven by customer requirement or sales envisioning increased sales due to the popularity of the standard (advertising food). Not all, but most.

I have this 'thing' about what I call company 'personalities'. Though admittedly there are shades of gray, I typically classify a company as one or the other. A good personality company is one where they're doing the 'right' things to begin with. Implementation in these is typically more of an exercise of mapping systems and associating existing systems with the required systems. Typically the system requirements of the standard are already there. And in these 'good personalitiy' companies one finds that aspects like 'Continuous Improvement' are part of the company's 'normal' processes - ongoing and across all functions and departments. On a personal level, in 'good personality' companies I have observed other aspects, such as employee satisfaction, are high.

When I got into ISO in the early 1990's I did it for the money. When I first saw ISO 9001:1987 I laughed it off because it was so general and basic. All I saw was just good business practices that any well 'designed' and run company would be doing anyway. The gal that shared it with me told me it would be a money maker and she turned out to be right. I did very, very well during the 1991 to 2000 period. But it's all just good business practices. TS, AS and other related 'standards' are in the same boat - They're just variations on the theme with industry specific requirements (which again, industry wise the additional requirements are just good business practices for that industry).

As a last note - I have had clients which chose me after reading threads here and/or speaking with me about my opinions on ISO 9001 and how relevant it is. Clients which realized they could improve and must improve going back years - continually improving was part of their understanding of how a business must run to stay in business. Mostly they were financially motivated and had data. In some cases they realized they did not have enough data to make decisions. The point is they were in a state of Continuous Improvement to begin with and in most cases always had been because it was understood that's how a company stays in business and grows. Had it not been a customer mandate for ISO they would have done something else, such as 'Lean' or used various tools to improve. I have been lucky in that most of my clients were 'good personality' companies Not that I haven't had some that were seriously 'bad personality' companies...

 

[AllanJ]

OK,

First, I agree with Marc, it isn't necessary for ISO to continue to grow and proliferate, however these numbers (for the U.S.) show a DECLINE, and a serious one.

Second, this is a survey, and a suspect one at that.

Third, by ISO's own admisssion, there is no central registry.

Finally, why do we continue to allow this behavior without DEMANDING change?

Carl-

I am not sure one could characterize the decline as "serious". It may be serious for those whose livelihoods depend on the associated (dwindling) cash flow. But I cannot believe it is "serious" for the Quality movement.

And I am not sure why we (as quality practitioners) should demand change.
The numbers are falling because of good old market forces and for the reasons I have stated elsewhere. If someone running a business or those within a particular service sector (e.g. registrars, accreditation bodies et al) cannot respond to the voice of the market, they do not really deserve a future. Who, then, should bail them out?

It is for those offering the "service" to effect the changes needed and pay heed to what their clients want. In so doing, the really tough question they must address is one that has been discussed almost ad nauseum on the Cove: if registration was not mandated, would the clients want it?

Perhaps, as the market size falls there will be consolidation of the different registration firms - perhaps justified publicly as being "to effect economies of scale" or "to take advantage of the potential synergies" - always amusing stuff in M&A. But, smart companies (international business consulting firms) who were once in the registration business have already exited the field.

The very fact that this thread has gone on so long with so many postings without answering its headline question shows we in the quality movement, drawing on our Covers' experience from all over the World are unable to definitively answer it ("gigantic waste or beneficial"). If we do not know the answer to the question, is it any wonder we are unable to persuade CEOs to stay the course or to take up registration? Is it any wonder, as competition is ever more fierce, the CEOs will not look to cutting what is perceived as a nil or negative return for the associated expenditure?

The registration industry has had over 15 years to quantify the cost benefits of its service: based on the discussion in this thread, IMO, it has failed to do so in a convincing manner. That being so, we can continue posting to this thread ad infinitum and IMO will still not answer its headline question.

 

[vanputten]

What is interesting to me about this thread is that the original question was too vague and responses have intermingled the following 3 things:

1. the standard as a document

2. The implementaiton of the requiremts / an organization's repsonse to the standard

3. Conformity assessment.

When the question is asked, "ISO 9001 - a gigantic waste of time or benficial?", I do not know if the question applies to #1, 2 or 3?

Is the document a waste of time? Is the document perceived to be a waste of time becasue businesses world wide cannot design elegant and simple processes that meet the basic requirements of ISO 9001? Or is the confomity assessment world for ISO 9001 the waste?

Many of the respones do not make this distinction. What is a waste of time or a benefit; the standard, our implemention of the requirements, or conformity assessment?

Regards, Dirk

 

[jcbodie]

I have been a Registrar Auditor for over 12 years and in the last 3 years have seen a noticeable increase in clients voluntarily dropping registration. Reasons include: being bought out by companies who are not registered and see no value in it; the primary customer who demanded registration has now relaxed their requirement for the registered supplier; and, the registered client management has once again discovered that knee-jerk/flavor-of-the-month/doing this is our salvation "quality management", doesn't work. I would be the first one to admit that the Standard is not perfect and that Registrars are also not perfect and are focused on the same thing ANY business is: making money!

However, IMHO, this thread has primarily focused on Registrars and the Registrar Auditors being the problem and being the ones who must step up to the plate and resolve it. I think another very important group deserves some of the heat of this debate. That would be the registered client/site.

Registered clients continue to demand (to a point, understandably) in-depth audits, in-depth reporting, extensive continuous improvement suggestions, while continuing to hammer Registrars (and Auditors) on cost vs benefit. This would include expecting the same in-depth audit, Post-2000 Standard, that they got before (even though there is much more to audit under the new Standard, if you are doing it right), but expecting this to happen in the same 8 hr time frame of the previous Standard Audit (and, at ever decreasing costs). This obviously puts both the Registrar and the Registrar Auditor in the middle. Folks, if the Standard adds more stuff to be audited, (particularly in the core competencies/mandatories area, which is where the majority of 2000 Standard changes occur, and which are SUPPOSED to be being reviewed by the Auditor at EACH visit for the previous time frame), you obviously can't do as in-depth an audit in the same 8 hr time frame, including everything else you need to fit in. At my Registrar, the core competencies (i.e. Management Review, CA/PA, CI, Document changes, Customer Satisfaction, etc.), if an Auditor is doing them right, typically take 2 to 4 hrs alone. That leaves 6 to 4 hrs left to cover on average 2-3 of the functional/dept areas scheduled for that visit, including the added requirements of departmental interface checks and measurable objectives, if applicable, not to mention report writing, closing meeting and addressing client questions. I can also tell you that at no time has any registered client I've ever worked with said to a Registrar: "Yeah, we understand there's more to audit and since we want our audits to continue to be thorough, please go ahead and bill us for another half day". If clients feel ISO is a gigantic waste and that audits are not as in-depth as they used to be, just maybe you need to look at how your responses and attitudes have contributed to the perception. Frankly, I see this as the customer wanting "Saks Fifth Avenue quality at a (insert your favorite discount store) price. And for those of you, who have commented that the Auditors need to be more actively accountable for this (not just Registrar management), I can assure you many of us have already been there. Two years prior to the actual implementation date of the 2000 Standard, I (and other Auditors in my company), brought the very issue of how we were expected to do more in the same time frame and still do an in-depth audit, to our managements' attention. Guess what the answer was and who it involved? If you said, the registered customer would not accept added time (and expense) and might pick up their ball and move to a different playground, you'd be right. So, basically, while many registered clients (not all) may talk about wanting a more in-depth audit, it many times comes back to the issue of price (whether dictated by the site or their Corporate) and if the other guy down the street is two cents cheaper....gone with the wind.

Clients also offer "mixed signals" as to what they expect. (Please see parallel comments I've noted under the thread discussing if 3rd Party Registrars should provide recommendations). For example, with the possible exception of small, privately owned sites, there are really 2 customers a Registrar Auditor is dealing with during any visit: the Corporate site (not necessarily registered and who has their own agenda) and the Registered site you're actually visiting. As illustration, I work with a major customer who's CORPORATE site has told my companys' Auditors that we should be finding something EVERYTIME we visit the registered site and does not feel they are receiving benefit from ISO nor that the Auditor is doing their job, if we don 't have any findings. This attitude is 360 from the registered site, who typically wants a "clean bill of health" and is not happy about ANY Auditor comments, because it reflects negatively on the ISO Rep and may impact their Performance Review (which, in one case, I was told included punishment for less than perfect ISO visit results, WHICH WAS IDENTIFIED AS A MBO BY THE CORPORATE SITE, WHO WAS DEMANDING THE REGISTRAR AUDITOR ALWAYS FIND SOMETHING!!) I even had one Plant Manager flat-out tell me (one-on-one, of course) that Corporate expected the site to pass and if I didn't pass them, the ISO Rep/Quality Manager would be out on Route 66 (Route has been changed to protect the innocent). I like to call this situation "being expected to meet mutually exclusive, but simultaneously demanded, requirements". (Just for the record, I step back, do the job I'm supposed to do, and let them have the cat fight. Additionally, the expectation of the Corporate group to "always find something", flies in the face of my companys' attitude, which is we should be assuming innocence, until proven guilty and that we are there to work WITH the client, not against).

If people/companies think there is no benefit to this or its' a gigantic waste, maybe the entire problem doesn't lie with the Registrar or the Standard. I would suggest we ALL step back and examine our own motives. Until we ALL do that, none of this will be resolved. And KUDOS, to those registered companies who don't play games and understand that it's not a perfect system and we all need to accept responsiblity for changing it.

JMHO and experience.

 

[Wes Bucey]

That was certainly an interesting viewpoint. Any other working 3rd party auditors like to comment from their POV?

As a long-time business executive and one of the "suits" folks (including me) often rail against, I can tell you the dichotomous views between corporate and auditee site about the expectation of a third party audit is NOT commonplace. If the differing views DO exist, it is most likely due to an erroneous interpretation of a casual remark from a CEO which gets repeated and magnified as it passes down the chain of command.

A Quality Manager who finds himself under such pressure from a middleman supposedly interpreting the CEO's dictum merely needs to ask for a clarifying memo countersigned by the CEO. My own experience is the "taboos" encountered verbally rarely get transferred to paper, once someone realizes the potential for being cut by his own sword.

Make no mistake, the politics of working in a large multi-site corporation can be deadly. It can be even more deadly to the technician (as most of us Quality geeks are considered), who believes himself to be "above such petty politics."

FIRST BIG NEWS FLASH: The politics isn't petty, it's serious and needs to be treated as such. The guy who finds himself out on Rte 66 doesn't get fired because the Quality didn't cut the mustard, he gets fired because he lost the political battle he may not have realized he was in.

We ALL know the main rule:

dichotomous adj : divided or dividing into two sharply distinguished parts

 

[AllanJ]

I have been a Registrar Auditor for over 12 years and in the last 3 years have seen a noticeable increase in clients voluntarily dropping registration. Reasons include: being bought out by companies who are not registered and see no value in it;

That is the subject of this thread: if firms are seeing no value in it - WHY?

Registered clients continue to demand (to a point, understandably) in-depth audits, in-depth reporting, extensive continuous improvement suggestions, while continuing to hammer Registrars (and Auditors) on cost vs benefit.
:

What's wrong with that? The client lives in that world as well as the registrar.

The remaining argument about what can or cannot be done in an 8 hour time frame seems to me pure sophistry.

The commercial world expects all firms to do more for less and in less time. That is customers expect improving value for money and greater productivity.

When I am asked to do an audit, I estimate the time required. If my client does not understand or agree to the time I believe is required, I try to explain why I believe it is necessary. If my client then will not agree to the time either the scope is reduced to meet the time he will allow or I decline the assignment: if I cannot do an audit properly, I would rather turn down the assignment than ruin my standing.

Of course, there will be someone willing to do a job for two cents less. But, Is not that person also a registrar? And, if there are such registrars around it reflects on the registration marketplace as a whole. The remedy is in the hands of the registrars themselves.

If at the outset they had better developed a formula for calculating the minimum time to audit processes and included that as the standard for their audits, the clients may have grumbled but, if they want the paper would pay for the time. In the auto sector there is a table of minimum time and I was asked to comment on it. It is based on the number of employees: not on the number of processes/ tasks to be audited. Small wonder they get it wrong. I have written my formula in my book Management Audits. It was developed in the mid 70s when I reviewed my overall performance in doing my audits - process audits; even though the standard for compliance was based on the old 18 criteria, as forerunners to BS 5750 types and then the first two ISO 9Ks. I realized the typical amount of time I needed to audit a single process and thereafter calculated the audit duration accordingly.

Yes, you were quite right to bring to the attention of whoever (some committee or other) that you would need more time, but the registrars en masse had the power in their hands to set the standard. If it was not set, that is not the fault of the client. If it was set on the basis of "we are more frightened of losing business than in insisting on the level of thoroughness really required to properly assess compliance with the standard", such a decision in itself ensures the clients will receive a less than thorough audit (service) and increasingly feel they are not getting value for money. The registration industry deserves to reap according to what it has sown in the interest of maintaining its cash flow. At that point the registrars should to use your words "examine [its] own motives".

 

[qualitytrec]

this thread has primarily focused on Registrars and the Registrar Auditors being the problem and being the ones who must step up to the plate and resolve it. I think another very important group deserves some of the heat of this debate. That would be the registered client/site.

jcbodie,
I am not sure that I have come to the same conclusion as you with this. And I am not sure that the majority of fingers are pointed at those in your profession tho' maybe they are. My opinion on this is that it is not your fault as the 3rd party registrar. But think about it to truly be a third party should you not be hired by the second party. I think the biggest issue with the registration being a "joke" for many companies is that they choose the registering company to audit them. the same company that is being audited is footing the bill. I do not see how an audit can be truly objective in this situation. It is a conflict of interest IMO for you to "objectively" audit the people who keep your lights on. Not because of auditor integrity mind you but because of a conflict of business goals. I blame the current system.
Mark

 

[jcbodie]

Mark:

Thanks for your thoughts. Interesting comments. I suppose a registered site could have THEIR client pick the Registrar, but still "bill" the registered site, but what if you had many different clients? Who would make the final choice? As I've always said, this is not an easy problem to solve and it involves ALL parties.

Unfortunately, recent posts here have seemed to conclude that all the blame (and therefore, the responsibility for correction) lies with the Registrars and Auditors. I finally felt compelled to jump into the fray. As I've said, we ain't perfect....but neither is anyone else.

You may take comfort in the fact that some clients dump their Registrar anyway, if they don't like what they are being told, and the Registrar actually stands their ground and lets them go. I've also seen where the same client comes back to the original Registrar, when the new Registrar takes the same stance. So, part of the problem maybe that there are still some "paper mill" Registrars out there, willing to rubber stamp things. BUT, as in my other threads, this comes back to my statement that some of the blame has to be dished out to some (not all) registered clients who play these games and look for "path of least resistance". The Registrars and Auditors have no control over clients who elect to do this.

I'm happy to say that, overall, I have pretty reasonable clients which, most of the time, makes my job both interesting and rewarding. When it becomes otherwise, it's probably time to move on!

Thanks for your professional and balanced remarks.

 

[jcbodie]

AllanJ:

FYI, Registrar Auditors don't schedule or negoitate the time for an audit, as a Consultant would. I can assure you, that if that were the case, I would do exactly what you noted you do, i.e. re-negotiate or refuse the job if I felt the time was unreasonable.

While you may feel this is entirely in the hands of the Registrar, my point is, if Registrars want the business they agree to some of these time restraints. Unfortunately, that's the way it is and Auditors AND Registrars are just trying to find balance in that world. What makes it bad are the "paper mill" Registrars, who force reputable Registrars to make the kinds of decisions I described. BUT, certainly one of the reasons they are forced to do this is because the marketplace (i.e. registered clients or potential clients) drive this issue. Some SAY they want an in-depth audit, but don't want to pay for the time necessary to do it and head to the lowest bidder. If there were not clients out there like this, the "paper mill" Registrars would not exist and maybe, the lack of in-depth audits or value of ISO as a discussion would cease. That's all I'm saying: All participants need to take responsiblity.

 

[jcbodie]

AllanJ:

FYI, Registrar Auditors don't schedule or negoitate the time for an audit, as a Consultant would. I can assure you, that if that were the case, I would do exactly what you noted you do, i.e. re-negotiate or refuse the job if I felt the time was unreasonable.

While you may feel this is entirely in the hands of the Registrar, my point is, if Registrars want the business they agree to some of these time restraints. Unfortunately, that's the way it is and Auditors AND Registrars are just trying to find balance in that world. What makes it bad are the "paper mill" Registrars, who force reputable Registrars to make the kinds of decisions I described. BUT, certainly one of the reasons they are forced to do this is because the marketplace (i.e. registered clients or potential clients) drive this issue. Some SAY they want an in-depth audit, but don't want to pay for the time necessary to do it and head to the lowest bidder. If there were not clients out there like this, the "paper mill" Registrars would not exist and maybe, the lack of in-depth audits or value of ISO as a discussion would cease. That's all I'm saying: All participants need to take responsiblity.