Would you spend your own $$$ for ISO 9001 registration

[jcbodie]

A well worn phrase around ISO 9000. But just because it is popular doesn't mean it is so.

Again, I am sure this has been dealt with a hundred times in the cove but here goes again: I believe the idea is I, as the customer, can have some confidence the supplier has quality management systems and that they have been independently assessed against the requirements of an international standard.


The idea is that the system enables the product to be manufactured to your requirements or the service is delivered to your requirements because I, as the supplier, am following a defined system.


Can I sell you a car?
Again the idea is if I have a system that captures customer requirements, design products / services and plan their production / delivery and then deliver the product / service it should meet your requirements. The problems typically come at the interfaces - hence the focus on a process based approach to try and think across boundaries. Regrettably systems are not perfect. They are designed and implemented by people.


Again there are no guarantees but - as has been mentioned in other threads - your first recourse is to the registered firm to use their corrective action system, the next escalation is to the registrar for them to investigate and if that fails you can complain to the accreditation body.


As a supplier you are entitled to make your choice. If for the dollars you spend on registration you can hire employees who will make a difference or hire consultants who can put you down the right path then all power to your elbow. Many companies who are registered (such as Toyota in the UK) do not make a great song and dance about their registration (or "compliance" as you call it), probably because the majority of their potential customers are either not aware of ISO 9000 or its automotive variants. They do have it on their web site:

http://www.toyotauk.com/main/download/pdf/Awards and Accred June 2005.pdf

I am in agreement with everything Paul has said to respond to you, Wes. I will add one more thing (which I've said in other threads): Unless you are working for a company which has customers requiring you be registered, NOBODY IS FORCING ANYONE TO GET REGISTERED OR WORK FOR A COMPANY WHO IS REGISTERED. It's a choice, Wes. If you feel that it's pointless, so be it, but nobodys' holding a gun to your head to be involved with this or any Standard.

Having said that, if you don't want to be involved in ISO/Registration, Wes, that's fine. But, why do you have a problem with other people who do? If I don't like chocolate ice cream, does this mean I have to eat chocolate ice cream, when there are so many other choices, or worse yet, force/expect people to only eat the flavors I love? There's room for everyone in the world, and if you don't like, or agree with, ISO, maybe you should do like the Beatles, and just "Let It Be".

 

[jcbodie]

The harm is in the false sense of security that it (registration) creates. If we can agree that there is no measureable benefit in registration (other than keeping customers who require it happy), then what's the point?
I have seen the stifling effect that ISO registration can have on creativity and innovation when it comes to quality system design. We all know that ISO describes a minimum framework but unfortunately there are lots of people outside the quality profession who think that getting registered is like going to heaven--that something wonderful and awesome has been accomplished. After a registrar's auditor has swept through the building and pronounced that all is well, just try telling someone who has a serious issue that the auditor didn't catch that they need to change something. They look at you like you're crazy.
My own opinion is that the whole registration phenomenon has caused much more harm than good.

Sorry, can't agree. If people have a false sense of security, that's not the Standards' fault; that's the responsibility of the people supporting and using it. Who's measuring?? Because, I have clients who have their own metrics to back up the "intrinsic" value of their QMS (i.e. less rework, more flexibility in making sure employees are crosstrained so customers' get their orders as promised, better "first time/right time" product turnaround, etc). Does everyone experience this?? Maybe not. And yes, there are certainly companies that do just fine without ISO. So, what else is new. It's a choice and, unless you're in the automotive or aerospace industy, your company really has a choice of not being registered (Actually, if they've chosen to supply either of these 2 industries, then that also was a choice and the registration comes with the territory).

My God. I feel bad for you that you are obviously living a double life...you hate ISO and see no value in it (which is certainly your choice), yet you sound like you work in a company or system, which is registered and where you must smile and "walk the walk and talk the talk", even though you harbor this secret hate. This is not healthy, my friend. Life is too short. Do yourself a favor: find a job which doesn't require any involvement in ISO (certainly, there are lots of US companies to choose from) and Be Happy!

 

[Jim Wynne]

Sorry, can't agree. If people have a false sense of security, that's not the Standards' fault; that's the responsibility of the people supporting and using it. Who's measuring?? Because, I have clients who have their own metrics to back up the "intrinsic" value of their QMS (i.e. less rework, more flexibility in making sure employees are crosstrained so customers' get their orders as promised, better "first time/right time" product turnaround, etc). Does everyone experience this?? Maybe not. And yes, there are certainly companies that do just fine without ISO. So, what else is new. It's a choice and, unless you're in the automotive or aerospace industy, your company really has a choice of not being registered (Actually, if they've chosen to supply either of these 2 industries, then that also was a choice and the registration comes with the territory).

My God. I feel bad for you that you are obviously living a double life...you hate ISO and see no value in it (which is certainly your choice), yet you sound like you work in a company or system, which is registered and where you must smile and "walk the walk and talk the talk", even though you harbor this secret hate. This is not healthy, my friend. Life is too short. Do yourself a favor: find a job which doesn't require any involvement in ISO (certainly, there are lots of US companies to choose from) and Be Happy!

First, you'll note that I spoke no ill of the standard. Why would you assume that I "hate ISO"? What's not to like? The standard is fine, and any conscientiously applied quality system would resemble it, even if no one had ever seen it before. It has its limits, but it's an acceptable starting point. It's registration I was talking about. Registration adds no value, unless, as I said, it's required by a customer. Even then, the only value is meeting the customer requirement. It does nothing to insure quality designs, or quality products, or efficacious processes. It also does nothing to help improve products, which is the most important competitive goal.
No need to feel bad for me, my friend. I have a job I like, and yes, in an ISO-registered company. I'm not at liberty to say much more than that about it, but I will say that there has been a serious look at the value of registration lately.

 

[Denis9001 - 2007]

JSWO5 - I'm not sure what you don't like. You have no problem with the standard. Do you see no value in independent audits. Surely at the very least opening your doors and books to inspection reduces the chance of shady practices. I'm sure Nike's 10 year old staff make quality shoes. Or is it the certificate you don't like. It's the same as a medical certificate, auditor or inspection report. A piece of paper to confirm what was inspected and the result.

I agree the trumpet blowing that comes from certified companies is misplaced but thats the company fault. Personally I see certification like having the annual accounts certified by a CPA or newspaper having their circulation figures audited. No big deal but mention should be made.

If anything I would prefer the word quality be dropped and the audit be broader so it encompasses more operational affairs. At present there is a move to "integrated audits" but not integrated standards. A company could be faced with needing/wanting 9001/14001/HACCP(22000)/SA8000 and god knows what more.

 

[Denis9001 - 2007]

JSWO5 - My registrar requires me at the closing meeting to explain/stress that the audit was based on sampling and that because no noncompliances were found doesn't mean that that none exist. If they look at me like I'm crazy I list the 101 errors/problems I commented on but did not raise formal NCNs for.

Also, now auditors are required not to just spot NC's but to make observations for improvement (OFI's). So the client should see that although certification is not affected his system is far from perfect. Hey how about that for value added. You get free business consulting advice thrown in.

 

[Paul Simpson]

My circular argument detector is beeping gently but I'll give this a go

Which is indicative of what, other than itself? I think the point is that being registered doesn't make for reliable predictions of anything with regard to output. .

As has been covered elsewhere ISO registration is not a guarantee but is an indicator that a supplier has systems in place you can rely on. It is an indicator but if you don't do a good job of communicating your requirements and the supplier doesn't do a good job of reading between the lines the product / service may not be what you want. You then have recourse to an established corrective action system.

If you have data to the contrary, I'd love to see it.

Don't the ASQ have a Quality 500 index that outperforms the Fortune, or is that my memory playing tricks. The problem with data is that there is no control group you can test again and there is no control over the base sample. There are some organizations out there with excellent quality systems who don't go for registation and similarly there are some organizations with poor systems who have registration - again there is no control group of registrars and auditors.

That may be the idea, but it makes no sense. Products were being manufactured to requirements for a long time before ISO (or BSI even). It's possible to follow a defined system and make nothing but "dreck" as Wes put it..

The old "concrete life preserver" argument. I agree, in an ideal world ISO registration would be a guarantee but unfortunately the amount of time a registrar spends in a company can only give an indication of how the system is performing,

Sorry Paul, but this is, as Mr. T would say, "jibba jabba."

Unfortunately I am not familiar with the writings of Mr. T, where can I pick up his latest tome?

How do you define "interface"? Is an interface somewhere between processes? In my experience, the "interface" is the safest place to be. Problems happen within processes.

No an interfcae is something between groups of people, departments typically, and this is where the issues arise. So within my department I manage the process effectively and then I toss it over the wall without telling you it's urgent so it still ends up late at the customer. The thing about the process approach is that the interfaces are not the place to hide anymore - they are the areas for focus.

The harm is in the false sense of security that it (registration) creates. If we can agree that there is no measureable benefit in registration (other than keeping customers who require it happy), then what's the point?

I am sure you will understand this is an area we won't agree on. The benefit of registration (as opposed to the idea of audits adding value above and beyond registration which is the topic of this thread) is to have an independent person come in to evaluate the efficiency and effectiveness of the system and compliance with the standard.

I have seen the stifling effect that ISO registration can have on creativity and innovation when it comes to quality system design.

Any examples?

We all know that ISO describes a minimum framework but unfortunately there are lots of people outside the quality profession who think that getting registered is like going to heaven--that something wonderful and awesome has been accomplished. After a registrar's auditor has swept through the building and pronounced that all is well, just try telling someone who has a serious issue that the auditor didn't catch that they need to change something. They look at you like you're crazy.

There you have a problem. Your message to the company needs to be the same as Denis has been saying. The auditor is taking a sample - he / she can't be expected to find everything in their 1 day visit. If you have an auditor who is doing a poor job - just skimming the surface then I would complain to your registrar and request an audit who can give you the value your audit dollars deserve.

My own opinion is that the whole registration phenomenon has caused much more harm than good.

Your opinion. I agree with some of the points you make and there is a need to fix the registration process and get more consistency between registrars and auditors. I can feel another thread coming on.

 

[Denis9001 - 2007]

Paul - Well said..here here. You summed it all up great.

I think the problem many have is not the benefit of independant audits or certificates to show that the system has been audited. It's what happens in reality. Finicky auditors missing the point of whether quality is effected, consultants with off-the-shef template solutions, overemphasis by companies on their certification, failure of accreditation bodies to consider customer concerns and market practices, hangers-on cashing in on a ISO9001 milk-cow and CB's (I'm guilty) under commercial pressure.

I look at it this way. Do you go to universty to do the minimum and crash study to get a degree so you can get a job or do you go to get an education and the degree is just confirmation you got it but not the end-product. You get out of it what you want to put in. My uni degree is in a load of junk with my swimming certificate not on my wall. I got what I wanted. But I do need to dig it out every once in a while as evidence.

 

[Rob Nix]

My blood pressure monitor, hooked up to this thread, shows an alarming increase! What started out as a relaxed discussion of the original question (i.e. would you spend your own money for registration?) seems to have become a heated defense of individual domains, as also indicated by Paul's "circular argument meter".

Please read the first dozen or so posts that started this thread. Also, note the current poll results: about two-thirds of the people responding would not spend their own $$.

Bottom line is this: The ISO standard is a good framework for a business system. Registration to it (with indepedent third party auditing) is a choice. The choice is based on whether there is an advantage to it (e.g. customer requirement, marketing tool, or the need for an unbiased look at your system - with possible "value-adding"). If your customers do not require it, there is no marketing advantage, and you have access by other means to skilled and knowledgeable business planning expertise, then why pay for an embossed 8 x 10 gold foil lettered piece of paper?

Does it go any deeper than that?

 

[Paul Simpson]

Scary!

Paul - Last year UKAS made moves to track this. They compared number of NCNs issued against CB application office and auditor. Theory being almost as you said. If few NCNs raised then the audit wasn't thorough.

Talk about an encouragement to nit pick! There was me believing that with 9k2k there would be more "observations" about efficiency and effectiveness of systems and fewer "non complainces" relating to document control etc.

Ah well. I will have to get out of my touchy - feely "Value Add" mode and put my "compliance" leathers back on.

 

[Jim Wynne]

JSWO5 - My registrar requires me at the closing meeting to explain/stress that the audit was based on sampling and that because no noncompliances were found doesn't mean that that none exist. If they look at me like I'm crazy I list the 101 errors/problems I commented on but did not raise formal NCNs for.

Also, now auditors are required not to just spot NC's but to make observations for improvement (OFI's). So the client should see that although certification is not affected his system is far from perfect. Hey how about that for value added. You get free business consulting advice thrown in.

Denis, What I was referring to is what happens after the auditor leaves the building. No one should expect that an outside auditor will catch everything. The problem is that people have been put under a great deal of pressure for months in anticipation of the registration audit--they've done a lot of hard work, and the work that they've put into building the system has detracted from their regular work, which means a lot of people have been spinning and furiously chasing their tails and they think that when the imprimatur of the registrar has been bestowed, they've reached some sort of summit. It's a very rude awakening when it's learned that someone is taking continuous improvement seriously, and the work isn't really done.

There's been a recurring theme here--that ISO registration is a choice and if you don't like it, don't do it. But the obvious problem with that is that for the people who actually have to do the work, there is no choice--the registration process has been thrust upon them by people who don't want to be bothered with real leadership and doing the work needed to actually fix the problems that cause all of the trouble.