Quality Management with ISO 9001.indd
advertisement
WHITEPAPER QUALITY MANAGEMENT WITH ISO 9001 How to implement a smart quality approach STEFAN LANGHAMMER Senior Consultant & External Auditor stefan.langhammer@sqs.com Stefan Langhammer has been with SQS since 2007. He holds a degree in Business Administration and is a Certified ISO 9001:2008 External Auditor. As Senior Consultant in the Process Intelligence Competence Centre, his responsibilities focus on the implementation of assessments and on the organisation and support of process changes for SQS’ customers. He has many years of experience as Project Manager, Process Manager, Quality Manager, and Banking Auditor, working for military organisations, IT organisations, as well as shipping and logistics companies. Over the last 15 years, he has conducted more than 200 quality audits as External Auditor. Quality Management with ISO 9001 Page 2 1 MANAGEMENT SUMMARY Many organisations, even big ones, suffer from a lack of process transparency and process control: often, process responsibilities and process interfaces are not clearly defined, and there is no systematic approach as to how processes are to be managed. Typically, appropriate process documentation does not exist, not to mention the absence of a systematic approach ensuring continual improvement. If there is no process documentation, you automatically have a lack of transparency since business and process knowledge is not available to the entire organisation but merely a privilege reserved for a select group of key players. As a consequence, process control – including the cost and management of process interfaces – is getting rather difficult and involves taking high risks. the fields of business, government and relevant organisations. ISO 9001 or ISO 9000 – which is the generic name for the ISO 9000 family of standards – was published in 1987. It had been influenced by the British Standard BS 5750 and by a series of national Canadian standards known as CSA Z299, which were already widely used at the time. (2) The number 9000 was chosen since it matched the already existing number of ISO standards and seemed memorable. Of course, organisations can be successful with no documentation at all, but systematic improvement and learning require both a clear view of the processes involved and a systematic approach. The ISO 9000 family of standards represents an international consensus on good quality management practices. It consists of standards and guidelines relating to quality management systems and related supporting standards. ISO 9001 is the only standard in the ISO 9000 family against which organisations can be certified, and it has been successfully implemented in more than one million organisations worldwide. Furthermore, there are external requirements: customer and stakeholder demands for improved controls, process compliance and risk controls are rising due to an increasing number of regulations and laws in particular in the financial sector, e.g. regulatory frameworks like the Sarbanes–Oxley Act and Basel II. (1) ISO 9001 focuses on what an organisation has to do: Fulfil the customer’s quality requirements Fulfil the applicable regulatory requirements Enhance customer satisfaction Achieve continual improvement of its performance in pursuit of these objectives In an attempt to address the aforementioned issues, many organisations started projects documenting their processes and key controls and establishing quality and process management systems. In doing so, organisations can build upon an international standard called ‘ISO 9001’. ISO standards are being developed by technical committees comprising national delegations of experts from The elements of ISO 9001 help establish a wellbalanced view of all important processes of an organisation. These processes are documented and focused on customer needs by identifying drivers and measures for cost, quality and customer satisfaction. Process controls are clearly identified including the associated responsibility for conducting and documenting the respective control activities (see Figure 1). Quality Management with ISO 9001 Page 3 Moreover, organisations can improve their external recognition with regard to customers, competitors and external stakeholders by fulfilling the ISO 9001 requirements within an external audit process in order to obtain an ISO 9001 certificate. In many markets and industrial sectors, ISO 9001 certificates are well-established and recognised standards of good practice. WHAT IS ISO? ISO = International Organization for Standardization – is the world’s largest developer of standards. ISO is a network of the national standards institutes of 163 countries, on the basis of one member per country, with a Central Secretariat in Geneva, Switzerland, that coordinates the system. This whitepaper gives an overview of the principles of quality management according to ISO 9001, of the implementation strategy for a quality management system chosen by successful organisations, and of the main steps to obtain certification based on many years’ experience in consulting and auditing organisations. Furthermore, practical examples will show how organisations can improve process transparency and quality control. Definition 1: ISO (3) Continual improvement of the quality management system ENT RESPONSIB GEM ILIT NA Y MA Input Requirements Customers REMENT, ANALYS ASU ME ND IMPROVEMEN IS T A RCE MANAGEMEN SOU T RE Customers PR ODU CT REALISATIO N Satisfaction Output PRODUCT Value-adding activities Information flow Figure 1: Model of a process-based quality management system (2) Quality Management with ISO 9001 Page 4 2 INTRODUCTION 2.1 A BRIEF HISTORY OF ISO 9001 Since 1987, the hour of birth of the ISO 9001 quality management standards, countless organisations have begun to implement quality management systems. Along with the establishment of certification bodies, a new industry emerged. Starting with just a handful of organisations dealing with ISO 9001 certifications in Germany, more than 100 accredited certification bodies are counted today. (4) At the very beginning, the ISO 9000 approach had a controversial reception. Some experts regarded ISO 9000 as too formal, too static and somehow bureaucratic. Furthermore, the set of ISO 9000 standards was very much focused on industrial needs and did not really seem applicable to service organisations. With the second revision – to the ISO 9001 standards – conducted by the ISO organisation in the year 2000, a fundamental breakthrough was achieved. The ISO 9001 standard received a new structure suitable for all kinds of organisations including the service sector, and gained a processoriented focus. The requirements of continual improvement of the quality management system and of measuring customer satisfaction became compulsory. Consequently, ISO 9001 became much more than just a heap of documentations (which somehow still remains a fundamental misconception): it turned into a rigid and customerfocused approach aimed at improving quality. THE EVOLUTION OF ISO 9000 1994 2000 First revision of ISO 9000. Emphasis was laid on failure prevention. ISO 9000:1994 was still rather focused on production environments. Second revision of the standard, now ISO 9001:2000. Substantial changes regarding process management. Applicability for service organisations was enhanced. Continuous improvement and customer focus became core principles of the revised standard. 1987 2008 Initial ISO 9000 certification standard is published as ISO 9000:1987. Latest version of the standard is published as ISO 9001:2008 with minor adjustments. 1980 1990 2000 Figure 2: Evolution of the ISO 9000 standard for quality management systems 2010 Quality Management with ISO 9001 Gloomy predictions of the early 1990s that ISO 9000 would be short-lived proved wrong. The triumphant success of ISO 9001 began with the industrial sectors, it grew when it became increasingly applicable to service organisations, and it is still going strong. Today, ISO 9001 is considered the most established quality framework worldwide. (5) However, implementing ISO 9001 in an organisation still remains quite a challenge – for quality itself with all its different aspects and influencing factors is not easy to capture. 2.2 THE QUALITY CHALLENGE When you ask employees working at different levels within an organisation to define ‘quality’, you will probably get a wide range of answers. And rightly so, for quality can be defined rather differently, depending on the point of view. The ISO 9000:2005 understanding of quality is given in the following definition: QUALITY Degree to which a set of inherent characteristics fulfils requirements Definition 2: Quality (2) So quality is about fulfilling requirements. According to ISO 9001, these need to be combined with the creation and enhancement of customer satisfaction. In fact, there is a correlation between the fulfilment of requirements and customer satisfaction, which was analysed and expressed in a model by Dr Noriaki Kano, a Japanese quality expert: (6) The Kano Model, developed in the early 1980s, shows the relation between customer satisfaction and the fulfilment of requirements (aka quality, see above) understood as a broader concept. Re- Page 5 quirements converted to offerings can be differentiated into the factors ‘delighter’, ‘must be’ and ‘more is better’: The factor ‘must be’ does not help increase customer satisfaction since it refers to criteria taken for granted – yet, on the other hand, these criteria are essential preconditions for any satisfaction. ‘More is better’ is a one-dimensional factor since it will only increase customer satisfaction as long as an over-fulfilment of requirements is ensured. The category ‘delighter’, however, includes the criteria that make the difference. ‘Delighter’ comprises the innovative and unexpected factors of quality. This means you should surprise the customer in a manner that is perceived as positive, and not achieve satisfaction only but create enthusiasm and customer loyalty. Unfortunately, from the customer’s point of view, all of these factors undergo a kind of ‘life cycle’. They change over time, and even a ‘delighter’ can eventually degenerate to fit the category ‘more is better’ or even ‘must be’ (see Figure 3). Furthermore, it is important not only to understand the full range of requirements but their respective ‘owners’ as well. Requirements can be quite different and even contradictory depending on the views of their owners. Quality has many different stakeholders: not only the customers but many other interested parties like shareholders, employees, suppliers, etc. have their stakes in it as well. For each of these stakeholders, dozens of standards, regulations or quality models could be relevant. Quality Management with ISO 9001 Page 6 MORE satisfied More is better CUSTOMER SATISFACTION Delighter included omitted Must be dissatisfied OFFERINGS MORE Figure 3: The Kano Model So regarding the quality challenge, there is much to consider: What is our view on our services, the underlying requirements and quality fulfilment regarding the Kano Model? Where are our strengths and what are our weaknesses? What are the most important areas and processes for quality improvement? How can quality and customer satisfaction be improved? How can quality be measured? Who are the stakeholders for quality? Which external needs and recognition for quality do exist for our organisation? Depending on the answers to these questions and the analysis of strengths and areas for improvement, organisations should define their individual quality approach. In this context, it is important to define the expectations and deliverables regarding quality management. This should be done by the senior management and take into account the involvement of respective stakeholders for quality (see Section 4.4). For some organisations, obtaining and keeping an ISO 9001 certificate is still the one and only target. In this case, the quality management system is more or less limited to producing just this one deliverable. On the other hand, an increasing number of organisations expect to get more value from a quality management system than just obtaining a certificate. Regular surveys conducted by the ISO organisation indicate that both the motivation and the expectations for quality management are rising. The following section will explain this in more detail. Quality Management with ISO 9001 Page 7 2.3 MOTIVATION FOR QUALITY MANAGEMENT In the first ten years of quality management based on ISO 9001, most organisations were driven by market needs regarding the decision to establish a quality management system. Nearly all of them aimed at obtaining an external certification. The latest survey, in which more than 11,000 participants from 122 countries answered questions regarding ISO 9001 issues, was carried out by the ISO organisation in February 2011. (7) The results show that market needs and mandated customer requirements still rank highly, but the most important criterion now is customer satisfaction (see Figure 4). Regarding the applied benefits of an ISO 9001 certification, the results show that apart from increased customer satisfaction the advantages of standardised business processes, increased management commitment and business data usage are top-ranked as well (see Figure 5). The experience SQS gained in consulting and auditing organisations is in line with the results from this survey. Undoubtedly, external recognition is important for many organisations and quite often the main driver for starting quality initiatives, but there are many more expectations, especially regarding cost reduction and process efficiency. In order to express the view on quality and overall quality objectives aligned with business strategy, ISO 9001 requests a so-called ‘quality policy’: QUALITY POLICY Top management shall ensure that the quality policy – is appropriate to the purpose of the organization, includes a commitment to comply with requirements and continually improve the effectiveness of the quality management system, provides a framework for establishing and reviewing quality objectives, is communicated and understood within the organization and is reviewed for continuing suitability. Definition 3: Quality policy (2) The following quality policy was defined within an SQS quality management project and provides a good example of the management expectations for quality management and the comprehensiveness of the chosen approach (see Figure 6). WHICH OF THESE FACTORS INFLUENCE YOUR ORGANISATION IN ISO 9001 CERTIFICATION? (NO. OF ANSWERS) 4222 Customer satisfaction 3689 Market need 3290 Mandated customer requirement 2272 Self-declared conformance 500 Other 0 Figure 4: Factors influencing ISO 9001 certification (7) 4500 Quality Management with ISO 9001 Page 8 QUALITY POLICY EXAMPLE Continually maintaining and improving the effectiveness of our Quality Management System (QMS). Periodic review of current quality policy and objectives to ensure its effectiveness and suitability. Meeting or exceeding customer and organisational requirements. Constantly striving for quality products and services that meet or exceed the customer’s and / or organisational requirements. Effectively communicating up and down the ‘Supply Chain’ – effective communication of quality policy and objectives to customers, suppliers, and our employees. Hiring the best people in the industry – training those people on our systems and procedures, and focusing those people on executing our processes flawlessly. Creating and managing the best processes in the industry. These processes are documented and described in a comprehensive Quality Management System (QMS). Aligning ourselves with the most competent base of suppliers available in the industry. The ability of our suppliers to provide us with quality services is critical to our success. We will strive to achieve excellence in our supply chain with a common vision in the areas of quality, continuous improvement and excellence in customer service. Increasing process effectiveness and efficiency. Quality must provide and deliver measurable results and benefits for our organisation. Figure 6: Quality policy example The quality policy should have a direct link to the particular strategy of an organisation, for strategic goals and quality policy must interact with each other and be consistent. Furthermore, it is important to actively communicate a company’s quality policy across all organisational levels. WHAT ARE THE MOST IMPORTANT BENEFITS OF APPLYING ISO 9001 TO YOUR ORGANISATION? (NO. OF ANSWERS) Improved customer satisfaction 5889 Standardised business processes 5821 Increased management commitment 4125 Effective use of data as management tool 4112 More effective management reviews 3975 Improved customer communication 3577 Increased supplier performance 2289 It is a customer requirement 2262 Improved supplier communication 2216 Improved financial performance 1241 Other 354 No benefit at all 161 0 Figure 5: Benefits of applying 9001 (7) 1000 2000 3000 4000 5000 6000 7000 Quality Management with ISO 9001 The following statement is an example of a strategic message and its interaction with the aforementioned quality policy. It was made by the managing director of a transaction bank Page 9 and became fundamental to the realignment of the quality and process management of IT-related processes: (8) » We must recognise that we are in the software business. Our services are embedded in a technology driven business. For example, software schedule delays impact product and service delivery dates and product delivery dates drive cost, revenue and profit. Unless we can manage revenue and profit, we cannot manage our business. If we do not treat software as a critical success factor for our organisation’s future, we cannot manage software, and then we might not even be able to manage our business. « 3 MARKET – CURRENT STATUS AND OUTLOOK Since the kick-off for the first ISO 9000 certification in Germany, which took place almost 25 years ago, more than one million organisations worldwide (7) have implemented a quality management system according to ISO 9001. One might assume that large organisations, especially in the financial market industries, would already have had ISO 9001 quality management systems in place for years. But, in fact, this is not the case. Today, many IT organisations have not even started implementing quality management systems but do feel a growing need for better cost, process and quality management as many of them try to position themselves as a service organisation. Figure 7 gives a country-specific overview of ISO 9001 certificates. As a matter of fact, business for ISO 9001 quality management consulting is still growing. The annual growth rate of certificates is between 8 % and 10 %, as Figure 8 shows. Apart from the financial sector with banks and insurance companies, there is another rather substantial market for quality management systems in Germany: the public sector. Quality management for public administration and military organisations has become a big talking point over the last three years. This trend has been enforced by respective regulations and by the declared aim to improve process transparency and process control in order to raise efficiency and effectiveness in the public sector. (10) Quality Management with ISO 9001 Page 10 TOP 10 COUNTRIES FOR ISO 9001 CERTIFICATES – 2009 China: 257076 Japan: 68484 Russian Fed.: 53152 Italy: 130066 Spain: 59576 UK: 41193 Germany: 47156 USA: 28935 India: 37493 Rep. of Korea: 23400 Figure 7: Top 10 countries for ISO 9001 certificates (9) ISO 9001 CERTIFICATES (ABSOLUTE NUMBERS) YEAR 2004 2005 2006 2007 2008 2009 660132 773867 896929 951486 982832 1064785 Africa / West Asia 31443 48327 71438 78910 73104 77408 Central / South America 17016 22498 29382 39354 39940 36551 49962 59663 61436 47600 47896 41947 Europe 320748 377196 414232 431479 455332 500319 Far East 220966 247091 300851 345428 356559 398288 19997 19092 19590 8715 10001 10272 TOTAL North America Australia / New Zealand Figure 8: Trend of absolute numbers of ISO 9001 certificates between 2004 and 2009 (9) + 61 % + 56 % Quality Management with ISO 9001 Page 11 4 QUALITY MANAGEMENT IN PRACTICE 4.1 STRUCTURE AND PRINCIPLES OF ISO 9001 One of the main advantages of the ISO 9001 standard is that it is applicable to all organisations, no matter what size or branch. ISO 9001 does not include specific requirements for specific branches but rather generic demands which need to be interpreted by the respective organisation or business sector. In order to help organisations tailor these generic demands to their specific set-up, ISO 9004 was developed. ISO 9004 is a guideline – and therefore not mandatory in the context of certification – intended to support the application of ISO 9001 and giving practical advice how to understand and use ISO 9001 within organisations. Although ISO 9001 in general is not sectorspecific, an additional guideline was developed especially for the demands of IT organisations: standard ISO 90003. Like ISO 9004, it does not include mandatory requirements for certification, it merely gives advice how to apply ISO 9001 in the software development business. Basically – and irrespective of whether organisations decide to take advice from guidelines ISO 9004/ISO 90003 or not – ISO 9001 has five important chapters containing the requirements to comply with: Quality Management Systems Management Responsibility Resource Management Product Realisation Measurement, Analysis, Improvement Figure 9 gives an overview of the structure of ISO 9001, including the sub-chapters, starting with Chapter 4 as the concrete requirement sec- tion. (Chapters 1 to 3 are not displayed as they comprise generic explanations, the scope of ISO 9001, and the process model of ISO 9001, but no requirements.) The structure is usually reflected by the quality manual, which is a mandatory part within a quality management system. THE QUALITY MANUAL The organization shall establish and maintain a quality manual that includes (a) the scope of the quality management system, including details of and justifications for any exclusions (b) the documented procedures established for the quality management system, or reference to them and (c) a description of the interaction between the processes. Definition 4: Quality manual (2) In order to provide a practical view on the requirements of ISO 9001, the ISO Technical Committee ISO/TC 176, which is responsible for developing and maintaining the ISO 9000 standards, derived eight quality management principles. THE EIGHT ISO PRINCIPLES 1 Customer focus 2 Leadership 3 Involvement of people 4 Process approach 5 System approach to management 6 Continual improvement 7 Factual approach to decision making 8 Mutually beneficial supplier relationship Figure 10: Quality management principles (2) Quality Management with ISO 9001 Page 12 4 QUALITY MANAGEMENT SYSTEMS 4.1 General requirements 4.2 Documentation requirements 5 MANAGEMENT RESPONSIBILITY 5.1 Management commitment 5.2 Customer focus 5.3 Quality policy 5.4 Planning 6 RESOURCE MANAGEMENT 5.5 Responsibility, authority and communication 5.6 Management review 8 MEASUREMENT, ANALYSIS, IMPROVEMENT 6.1 Provision of resources 8.1 General 6.2 Human resources 6.3 Infrastructure 6.4 Work environment 8.2 Monitoring and measurement 8.4 Analysis of data 8.5 Improvement 8.3 Control of nonconforming product 7 PRODUCT REALISATION 7.1 Planning of product realisation 7.2 Customer-related processes 7.3 Design and development 7.4 Purchasing 7.6 Control of monitoring and measuring devices Figure 9: The structure of ISO 9001 7.5 Production and service provision Quality Management with ISO 9001 These principles can be used by senior management as a guidance to navigate their organisations towards an improved performance. 4.2 MAIN STEPS FOR IMPLEMENTATION In order to realise the ISO 9001 principles in practice, the implementation of a quality management system according to ISO 9001 should be planned and organised as a project including corresponding project roles and responsibilities. The top management (e.g. a board member) should act as project sponsor. Page 13 Depending on the size of the organisation, complexity of processes, and available resources, the project time for achieving ISO certification readiness will require a minimum of between six and nine months. SQS experience shows that most ISO 9001 projects take between twelve and 15 months. Usually, creating the process documentation will require the most time, so there should be special focus on the methods and approaches for doing so (see Section 4.3). The following 14 steps describe the main activities SQS recommends to perform in the proposed sequence in order to implement a QM system and establish readiness for external certification. 14 STEPS 1. ESTABLISH ISO STEERING COMMITTEE Ensure top management buy-in Ensure availability of resources Conduct regular project meetings and progress report 2. BUILD UP QM KNOWLEDGE Select quality staff and ensure appropriate training Inform all staff about project goals and motivation for quality improvement 3. APPOINT QUALITY REPRESENTATIVE Define role and tasks of a quality representative Ensure direct reporting line to top management Select a ‘strong’ character with excellent communication and management skills 4. DEFINE STRUCTURE FOR QUALITY MANUAL AND PROCESS DESCRIPTION Focus on organisational and customer needs Include and describe all relevant key controls Involve internal audit and risk department For process documentation, use a modelling tool Decide about process measurements – interact with controlling department 5. INVOLVE ALL STAKEHOLDERS Identify relevant internal and external stakeholders for quality and identify their requirements Derive quality policy from strategic objectives and stakeholder requirements Derive measurable quality objectives from quality policy Set up and maintain communication processes with stakeholders Quality Management with ISO 9001 6. DEFINE AND CREATE DOCUMENTATION Create high-level process landscape Define process layers and necessary level of detail Appoint process owners and train them Conduct workshops with process owners and experts in order to draft the processes Start with process modelling using a modelling notation (e.g. BPMN) 7. WRITE QUALITY MANUAL Decide usage of quality manual (just internal or external usage as well?) Define structure Reconcile with relevant stakeholders Get formal approval by top management / board 8. ESTABLISH DOCUMENT AND DATA CONTROL Identify all relevant types of documents, forms, checklists, etc. Define and document a method for document and data control and apply it on all selected documents and data 9. TRAIN ALL STAFF IN QM Ensure that all staff get appropriate training depending on the respective organisational level and role 10. ESTABLISH QUALITY ASSURANCE TEAMS Ensure that, depending on the size and processes of an organisation, employees get special training and take responsibility for specific quality tasks (e.g. quality assurance officer, test manager, code reviewer) Page 14 Organisations with different sites should appoint quality representatives for each site Ensure that overall steering of quality is under control of the corporate quality representative 11. ESTABLISH PROCESS FOR CONTINUAL IMPROVEMENT Define appropriate method and approach for continual improvement. These could be, for example: · Regular Kaizen Workshops · Using Six Sigma Methodologies · SPICE or CMMI Assessments · Peer Reviews 12.TRAIN INTERNAL AUDITORS Select appropriate staff and focus on the following skills: · Communicative · Common-sense-driven · Persuasive · Persistent · Accurate Conduct training based on ISO 19011 Set up coaching measures for initial audits Ensure regular assignment of auditors 13. INTERNAL EVALUATION AND VALIDATION Define internal evaluation criteria and conduct internal audits or assessments Derive improvement measures Set up a management review process (at least yearly) focused on: · Results of internal and external audits · Customer feedback and measures for customer satisfaction · Stakeholder feedback Quality Management with ISO 9001 · Process performance based on facts and data · Status of measures for improvement / improvement plans · Review of quality policy and quality objectives · Necessary budget and resources for quality management Page 15 · Content for a quality management plan for further improvement of the quality management system 14. EXTERNAL EVALUATION Select appropriate certification body for the organisation (criteria are reputation and specific knowledge) Figure 11: 14 steps for the implementation of ISO 9001 Steps 8 to 12 remain relevant for the maintenance of a quality management system and thus also for annual external audits and recertification (periodically, every three years). These steps need to be enforced on a regular basis. 4.3 GOOD PRACTICES FOR ESTABLISHING PROCESS DOCUMENTATION Regarding the implementation steps described above, SQS experience shows that the most timeconsuming part of documentation and the biggest investment definitely is the creation of process documentation. This, of course, depends on the amount and complexity of the processes and the maturity of the organisation. Some organisations will stoutly resist the introduction of quality management and process documentation. Typical arguments are: It takes too much time to prepare. The customer does not pay for it. We are successful anyway. Staff is trained for what they are doing. It is too bureaucratic. It is too expensive. Others tried … and failed. This only works for big / small organisations. In practice, things are always different. It cannot be maintained in the long run. We do not have the resources to do this. We need a tool. We do not need a tool. We have the wrong tool. Though all of these ‘arguments’ can be handled, they are at least quite time-consuming and can make quality management projects fail to achieve their targets. For some organisations, quality management and process documentation means a fundamental change. Although creating or improving transparency seems to be a desirable objective from a management point of view, staff may have a completely different understanding of transparency and consider it a threat: Why should I agree to make my knowledge visible to others? Why should I be happy that things I do become measurable? Why pursue objectives now when there have never been any in the past? Why should I be responsible for an entire process – do they intend to penalise me if failures occur? Such issues are change management issues. The symptoms might become visible during the implementation phase, but the root causes are somewhere else and can only be solved by the management of an organisation. Sometimes or- Quality Management with ISO 9001 ganisations are not ready for this kind of change or are not sufficiently aware of it. In that case, quality management and creating a meaningful and reliable process documentation and management of processes cannot work. On the other hand, if this kind of change is being successfully managed, the process documentation can become the most value-adding part of a quality management system altogether. A quality management system demands descriptions of the process flows in general, as well as their interaction with each other and respective interfaces. Making these relationships visible by creating a process flow is already an achievement in itself. Process charts are fundamental to changing and improving processes. Just having a picture of a process in your mind, but not documented, does not help if you want to share your views with others and discuss a process. Furthermore, there is a special focus on all activities linked to testing, inspection and the control of process results. In these cases, respective control criteria, the control execution including responsibilities, and the results of the control should be documented. So this is all about process control. Apart from the fulfilment of these ISO 9001 requirements, SQS recommends following a broader approach to process documentation than just process visualisation in order to get maximum value from processes. For example, process documentation can be utilised to identify cost drivers, to define measure points for service level agreements, and for many other useful purposes. In order to get a clear view on the results process documentation could deliver, SQS recommends defining the general objectives of process documentation first, as shown in the following example based on an SQS project. Page 16 OUR BUSINESS PROCESS DOCUMENTATION MAINLY AIMS AT: Providing a specific definition and description of a standardised approach allowing for comparability and a consistent evaluation Providing the basis for quality management, the analysis of weak points and process improvements (also taking customer satisfaction surveys into consideration) Providing the basis for the training of new employees Providing the basis for benchmarking and process reengineering including measurement and process control data in interaction with the controlling department Supporting the departments in conducting their day-to-day business by providing them with recognised documentation standards Describing the competencies and responsibilities, and defining the ‘process owners’ within our organisation Establishing control mechanisms to ensure process execution in compliance with SOX (Sarbanes–Oxley Act) and our internal process control system Establishing the reference documentation for the internal audit department Establishing an interface between business processes and IT domains and applications Improving transparency in general which will ultimately result in an increased flexibility of business processes Figure 12: Project example of general objectives of process documentation Quality Management with ISO 9001 Depending on the particular objectives, the method used for modelling (process notation) and the selected process modelling tool, process documentation becomes a multi-purpose tool for the organisation with various stakeholders, for example: Quality Management Department (quality control, internal audit, process improvement) Managers & Employees (process control, process transparency, process improvement) Controlling Department (process data, process cost) Internal Audit (description of key controls, e.g. SOX, COSO framework) External Accountants (description of key controls, e.g. SOX, COSO framework) Sales & Customers (precondition for creation of service level agreements) IT Department (input for IT strategy and IT architecture) In order to follow a multi-purpose approach to process documentation, the usage of professional process modelling tools is recommended. Furthermore, a suitable modelling notation should be defined or selected. This could be EPC (Eventdriven Process Chain), UML (Unified Modelling Language), BPMN (Business Process Modelling Notation) or other notations, as ISO 9001 does not make any provisions regarding the usage of process management tools. An increasing number of organisations uses BPMN, which has become a de facto standard for process modelling. BPMN is independent of any process modelling tool but works with nearly all of them. (11) 4.4 STAKEHOLDER-ORIENTED QUALITY The results of the ISO 9000 Survey 2010 (7) show that the expectations organisations have with respect to quality management go much further than just being ISO 9001-compliant. Furthermore, Page 17 there are various views on quality by a number of different stakeholders. Quality management can foster the deployment of corporate strategic objectives. No doubt, quality has an impact on customer satisfaction (see above, Section 2.2), external recognition, cost and profit. Because quality management and corporate strategy interact with each other, quality measures should be derived from the corporate strategy accordingly. The following example, which is part of the SQS approach within quality management projects, shows a way to align quality management measures with corporate strategy. By means of a twodimensional matrix approach, stakeholders and so-called quality classes including all potential quality dimensions and content are combined. The vertical axis displays the stakeholders, the horizontal axis the quality classes. The questions regarding the respective intersections are: What is the ‘as is’ of quality for this particular stakeholder? What is the ‘should be’? (What should we do in future?) The gap between ‘as is’ and ‘should be’ defines the required quality measures for a particular stakeholder. As a result, a corporate view on quality can be developed and used to define and prioritise appropriate measures for a corporate quality management plan (see Figure 13). 4.5 QUALITY IMPROVEMENT As outlined in Section 4.2 (see Figure 9, Step 11), continual improvement of the quality management system needs to become a fundamental part of said system. This requirement has been incorporated since the year 2000 as part of a major revision of the standard. Quality Management with ISO 9001 Page 18 QUALITY CLASSES Targets & Strategy Business Map Plans Measure- Benchmarking & ments Assessment & Certification Contracts Standards Methods & Policies Customers Prospective Customers Employees QUALITY ITEM What sort of quality activities are we undertaking? (Quality Classes / Quality Activities) STAKEHOLDER TYPES Shareholders Who are the recipients of these quality activities? (Stakeholder Types) Governance Bodies Outsourcing Organisation Corporate Audit External Regulators What kind of ‘as is’ for what cost? What kind of ‘should be’ for what cost, timeline, owner? Regular reporting on the way from ‘as is’ to ‘should be’ Auditors Suppliers Professional Bodies Competitors Public / Media Figure 13: Stakeholder-based view on quality How do we do a quality activity? What are the costs / efforts? Quality Management with ISO 9001 SQS experience shows that some organisations find it extremely difficult to realise improvements within their quality approach. There are various reasons for that, but one crucial issue is the way in which objectives are defined and managed. Many so-called ‘objectives’ do not fulfil the basic requirements for objectives, meaning they are neither measurable nor time-bound. Improvements can hardly be controlled without having properly defined objectives. Quality objectives should be ‘S-M-A-R-T’, meaning: Specific Measurable Achievable Relevant Time-bound Furthermore, organisations need appropriate methods for quality improvement. Compared with service businesses, the industrial sector is very much ahead in this respect. For example, the FMEA (Failure Mode and Effects Ana lysis) (12) method or statistical process control have been well-known methods in the industrial field for decades but are almost unknown or considered unsuitable within the service sector. As a consequence, many service organisations struggle to employ the appropriate quality methods and do not succeed in developing their quality management system accordingly. This can become crucial for the entire quality system. If the management expects a quality management system to deliver not just an ISO certificate but a measurable value to the company, the whole undertaking might be stopped as soon as commercial concerns arise. Page 19 In fact, almost all known industrial methodologies for process analysis and improvement work for service businesses as well. Their employment is mainly dependent on appropriate training and the availability of respective tools. Successful organisations clearly recognised that the dedicated training of staff in quality methods is a key factor for quality improvement. Just having a quality department and making them responsible for quality definitely is not enough. Ultimately, in an organisation, each and every one is responsible for quality. So once again, there is a mind change. Quality no longer is just expert knowledge represented by a few colleagues in the quality department. It needs to become common knowledge, part of the way people think and how they interact with each other and with their customers. 4.6 OBTAINING VALUE FROM EXTERNAL CERTIFICATION The final step (see Section 4.2, Step 14) for implementing a quality management system is about external certification. And as already outlined above, most organisations take this step. On the other hand, SQS experience shows that some organisations decide to establish a quality management system but do not target certification. These organisations do not have any external requirements or incentives to seek certification. They are just convinced of the value of a quality management system in itself and do not want to focus too much on an external certificate or external audits. These concerns are understandable as there is a risk that quality might be ‘reduced’ to a mere certificate – as a matter of fact, there are organ- Quality Management with ISO 9001 isations that do have rather limited quality objectives, only focused on obtaining the certificate. Nevertheless, SQS strongly recommends doing both: implementing a quality management system and obtaining external certification. This is for the following reasons: An external audit can strongly support the quality objectives of an organisation. External auditors may deliver valuable input. They are well-trained experts in their field, have a neutral view on the organisation and usually have broad experience regarding good practices. Audit results provide a good overview of the QMS's implementation status, conveying information about the strengths and weaknesses of an organisation. External audits are conducted on a regular (yearly) basis and thus support the process of continual improvement. External audits enforce management and staff commitment regarding the quality objectives of an organisation. Finally, the ISO certificate is a visible result and achievement not only for external stakeholders but for internal ones as well. To ensure a well-prepared initial audit process, SQS recommends to consider the following steps: Select a generally well-known (with regard to your business and customers), respected and independent certification body. Conduct preliminary talks with representatives of the certification body in order to identify a suitable external audit team providing specific necessary business know-how. Conduct a stage 1 audit (a kind of pre-audit for preparation purposes) in order to check preconditions for ISO 9001 and create a detailed audit plan. Page 20 Inform and train all staff members – everyone should understand the external auditor’s approach and be happy to present his / her process and how to manage it. After successfully passing the external audit: plan and conduct internally and externally focused marketing measures (i.a. press releases, internal newspaper, Internet, intranet, business paper with certification logo, brochures). And last but not least: celebrate your success with all employees and selected customers and suppliers. The revolving annual external audits should be prepared with the same accuracy. The experience of many organisations shows that in order to strengthen the quality focus and quality thinking of staff, it is sensible to involve them appropriately. In the end, involvement and engagement is important to ensure getting maximum value from the external audit. As outlined above, external auditors are seasoned experts with respective business knowledge. Therefore, it makes sense to let the auditors approach a good number of employees, giving them the opportunity to learn and benefit from the auditors’ experience. Quality Management with ISO 9001 Page 21 5 CONCLUSION AND OUTLOOK For almost 25 years, ISO 9000/9001 has been providing a framework for quality management. Within this period of time, the standard received several changes. ISO 9001 remains successful: deployment rates are still rising, especially in the services sector. The secret of success of ISO 9001 probably is its wide range of applicability and surely its comprehensiveness. It is not focused on specific parts of an organisation or specific processes. Quality management covers the entire organisation, and using a stakeholder-oriented approach makes it an instrument to identify and deploy strategic initiatives. On the other hand, there are some aspects about ISO 9001 that are questionable: ISO 9001 still is based on the results of the revision in the year 2000. The last revision in the year 2008 did not produce any relevant changes regarding its content (see Figure 1). The next revision is expected for 2015. (13) Maybe it is in the nature of standards that they should stay stable for a certain period of time, but in view of the increasing and sometimes swift changes organisations need to face, it may be doubted that ISO 9001 will stay up to date. For some businesses, it is already out of date. The automotive industry reacted by supporting a different standard. ISO/TS 16949 was originally based on ISO 9001 but includes several additional requirements. (14) Other organisations achieved remarkable improvements through their quality management over time and wish to make these visible to stakeholders. External certification cannot help in this matter because the ISO 9001 require- ments are static. There are no maturity levels – so, once the goal of achieving ISO certification is reached, there is no ‘new challenge’. Nevertheless, SQS experience clearly shows that organisational maturity, especially in the services sector, often is a far cry from fulfilling the ISO 9001 requirements. Meeting the existing requirements of ISO 9001 rather than those of the future, already is a big challenge. For countless companies, ISO 9001 was the first step they made to achieve a quality basis from which further improvements and developments could be undertaken. The idea behind ISO 9001, expressed by the eight ISO principles, still is up to date. There are no processes which are not relevant for quality – quality is everywhere in an organisation. And last but not least, quality is a people’s business, so management commitment and involvement of staff are absolutely indispensable. » The hard stuff is the easy stuff. The soft stuff is the hard stuff. Total Quality is 90 % a people deal. « Tom Malone, President, Milliken Mills, 1st Year Malcolm Baldrige Award Bibliographical References 1 United States Securities and Exchange Commission, 2009. http://www.sec. gov/news/studies/2009/sox-404_study.pdf. [Online] 2009. [Cited: 18/11/2011.] 2 International Organization for Standardization, Geneva. ISO 9001:2008. Germany: Beuth Verlag, Cologne, 2011. 3 ISO, International Organization for Standardization, 2011. About us, ISO Org. [Online] 23/11/2011. [Cited: 23/11/2011.] http://www.iso.org/iso/about.htm. 4 Deutsche Akkreditierungsstelle GmbH (DAkkS), List of Accredited Organisations for Quality Management Systems (2011). www.dakks.de. [Online] 03/11/2011. [Cited: 03/11/2011.] http://www.dakks.de/content/verzeichnisseakkreditierterstellen. 5 British Standard Institution (BSI Group), 2011. www.bsigroup.com. [Online] [Cited: 21/11/2011.] http://www.bsigroup.com/en/Assessment-and-certification-services/management-systems/Standards-and-Schemes/ISO-9001/. 6 Wikipedia and Noriaki Kano, 2011.en.wikipedia.org/wiki/Noriaki_KanoIm Cache- Ähnliche Seiten. Wikipedia, the free encyclopedia. [Online] 2011. [Cited: 23/11/2011.] 7. 7 ISO 9000 User Survey Report (2010/11), Secretariat of ISO/TC 176/SC 2. www.iso.org. [Online] 19/07/2011. 8 Bernd Sperber. Quality within European Transaction Bank. Frankfurt: 2004. 9 ISO 9000 User Survey Report (2009), Secretariat of ISO/TC 176/SC 2. www.iso.org. [Online] 2009. [Cited: 19/11/2011.] http://www.iso.org/iso/survey2009.pdf. 10 European Institute of Public Administration, May 2005. Study on the Use of the Common Assessment Framework in European Public Administrations. Luxembourg: 2005. 11 BPMN, Object Management Group (2011). OMG. [Online] 15/11/2011. [Cited: 15/11/2011.] www.omg.org. 12 Wikipedia. FMEA. Wikipedia, the free encyclopedia. [Online] 23/11/2011. [Cited: 23/11/2011.] de.wikipedia.org/wiki/FMEA. Page 22 Bibliographical References 13 Der Qualitätsmanager aktuell, 2010. Gesellschaft für Wirtschaftsinformation. Der Qualitätsmanager aktuell. [Online] 2010. [Cited: 23/11/2011.] http:// www.qm-aktuell.com/newsletterarticle.asp?his=2833.2233.7104&id=13001&y ear=0. 14 Wikipedia and 2011. de.wikipedia.org/wiki/ISO/TS_16949. Wikipedia, the free encyclopedia. [Online] [Cited: 23/11/2011.] Page 23 SQS Software Quality Systems AG Phone: +49 (0)2203 9154-0 Stollwerckstrasse 11 51149 Cologne / Germany www.sqs.com
