.jpg)
News - Stories - Ideas News - Stories - Ideas
This article is from Quality Digest:
When ISO 9001 Fails
You’ve finally gotten ISO 9001 certification. Congratulations! You’ve built your quality management system, written your procedures, trained your staff, sweated through internal and external audits, and your registrar sent you a certificate suitable for framing. Now, at long last, all of your problems are over, right?
If only.
The ISO 9001 standard isn’t magic, and it won’t make all your headaches disappear. It’s a powerful tool—don’t get me wrong. But like any tool, it’s good for some jobs but not others, and you have to use it the right way. (A hammer is great for driving nails, but not so good for sweeping floors.) So it’s helpful to understand what ISO 9001 can’t do, and also how it can go wrong if you misuse it.
The basic framework
The first question is the easiest. ISO 9001 won’t make you smarter, luckier, or less accident-prone—at least not right away. People working inside an ISO 9001 quality system can still make bad decisions or drop things. Lightning can still strike, or tornadoes, or earthquakes. That’s why the standard has regulations about how to handle defective materials and nonconforming product: Because you’ll still have both.
What ISO 9001 can do for you is to help you get better over time. If you see that certain decisions always go wrong in a certain way, your quality system should push you to build a structured process for those decisions to correct for the errors you’ve detected. If certain kinds of accidents are way too common, the system should tell you to analyze why those accidents keep happening, and then to restructure the work so they don’t. If lightning is a big problem, install lightning rods. And so on.
None of this is automatic. You still must figure out what went wrong and put in the work to prevent it next time. But ISO 9001 gives you a framework to make that happen. And so, year over year, things should get better, because whenever they go wrong you learn why and then make corrections. Naturally, it takes time.
In other words, there’s always some risk of random, one-off accidents. But if you use ISO 9001 the right way, you should see a steady drop in systemic problems. The subtler risk is hidden in that phrase “if you use ISO 9001 the right way.” Because if you use it the wrong way, it loses much of its effectiveness.
What are these “wrong ways” of using your ISO 9001 quality system?
Ignoring it
The first is to ignore it. Some companies get their ISO 9001 certificate, and then as soon as the auditor walks away, they forget all about it. Nobody follows procedures because “they don’t have the time.” Nobody analyzes failures because “we all know what went wrong, and we just need to try harder.” Nobody tracks process performance because the only meaningful metric is whether the boss is in a good mood that day. Two weeks before the next audit, they slap together a bunch of paper to show the auditor. But their plan—if that works—is to go right back to ignoring the quality system as soon as she leaves again.
Companies like this get no benefit out of their quality system. That’s not surprising, because they’re not using it. Practically speaking, they might as well have no quality system. They might have a certificate for a year or two until their auditor sees through the game they’re playing. (And she will.) But if they don’t use the system, they can’t expect to get results from it.
Never changing it
The second way an ISO 9001 quality system can go wrong is the reverse situation—when a company treats it like it’s carved in stone. This is especially a risk in a large company where people are trained to follow one specific procedure without understanding how it fits into the big picture. That one procedure might have been just the right thing 10 years ago when it was put in place. But times have changed since then, the overall inputs and outputs are no longer the same, and nobody bothered to update the procedures or to retrain the people carrying them out.
As a result, you find whole departments following zombie procedures: filling out forms that will never be read, or going through steps of a process that no longer applies. When anyone points out that these requirements are meaningless, the answer comes back, “That’s what it says in our procedures. We have to follow our procedures to keep our ISO 9001 certification. So we have to do it.”
In reality, the ISO 9001 standard itself assumes that your quality system will change and grow over time, and there are regulations for how to make those changes in a systematic way. But—again—you have to use the system as a living tool. When it’s time for change, explore to find out how far that change really goes. Talk to the people involved or affected, think through what the change will mean for them, and plan it accordingly. If you have to rewrite documents, rewrite all of them so the updated system is consistent. And then train everyone on the new way of working so no one is left behind. It may sound like a lot of work, but it’s better than leaving parts of your organization in the grip of zombie procedures.
When you look at a company’s quality problems in real life, you can sometimes see both of these failure modes reflected in different ways. For several months earlier this year, Boeing was in the news quite often because of various quality issues. While it’s beyond the scope of this article to give a complete account of Boeing’s situation, it’s useful to notice a couple of things. In the first place, despite all the attention in the news, the failure rate for airplanes is remarkably low. One journalist wrote that during the last 15 years, U.S. commercial aviation has had “a safety record of about one or two passenger fatalities per light-year traveled.” In other words—and this is the first point I make above—even when things do go wrong (as they always will), the overall quality system is still there to catch them.
As for the errors that did slip through, a recent expert panel review by the Federal Aviation Administration found that in some cases procedures had been missed or overlooked (the first failure mode I describe above), while in other cases there was confusion because obsolescent procedures had not been properly updated (the second failure mode).
So, yes, both failure modes are possible, even for companies with quality systems that are mostly intact.
Making it the wrong size
There’s a third failure mode that’s more subtle than the first two but still causes trouble. This is when a company’s quality system is the wrong size. One example is the hamburger stand with a quality system that was designed for General Motors: A company like that will be so busy filling out forms and reporting to committees that they’ll never get any hamburgers made.
The other side of the coin is a company the size of General Motors that’s still running on a quality system small enough for a hamburger stand. A company like that might as well have no quality system at all, because what it has is so skimpy that most of its operations aren’t covered.
Either way, a company with a quality system that’s the wrong size is going to have problems. What you want is a quality system that covers everything it needs to cover—but no more. But that, in turn, means you have to think about what your needs really are. Build a system that addresses your problems and risks, not somebody else’s.
ISO 9001 won’t make you infallible or invulnerable. It won’t prevent you from making mistakes. But if you use the standard the way it’s meant to be used, it will help you learn from those mistakes. In the long run, that learning will put you miles ahead.