How to Tame the Compliance Beast

The trend in today’s global marketplace is a growing demand for registration to the internationally recognized ISO 9001 standard. Companies that are not ISO-certified may want to start thinking about getting certified.

Many companies, however, view the ISO 9001 certification process with skepticism, anticipating a costly waste of time they must endure in order to please customers. What they fail to realize is that ISO certification done right is an opportunity to lock in real, continual improvement to a company, raise customer satisfaction, and increase profitability.

The secret of taming the compliance beast lies in the way companies approach the certification process. On the one hand are those who view ISO 9000 certification as nothing more than a trophy hunt. These companies go through the motions of the process with little thought to its long-term consequences. On the other hand are those who are committed to making quality a centerpiece of their company-wide mission. For them, the process of certification is a long-term investment in their company’s future.

Regardless of which approach a company chooses, ISO 9000 is here to stay. Therefore, it makes sense for a company to get as much value as it can from the resources it commits to the process.

What can “value” mean in terms of numbers? According to one of our client companies, their ISO registration efforts resulted in a 65% drop in customer returns, a 15% increase in on-time delivery, and a 21% increase in inventory turns. There are never any guarantees, but the possibilities for a committed company are unlimited.

The following are five proven ways to make ISO a worthwhile investment. With these conditions in place, the process of ISO registration will yield not only a framed certificate, but also a quality management system that contributes to the bottom line.

1. Include only value-added processes.

Value-added processesISO 9000 provides the structure for standardized work processes and procedures. This is a valuable aspect of ISO—when applied correctly. The key is to avoid documenting a picture of operations to please the auditor at the expense of processes that contribute to the company’s success.

Weak implementation creates a monster that employees will have a difficult time maintaining. One company’s president, who was frustrated with the lack of progress towards ISO, finally halted operations for a week and ordered employees to write procedures. The result was successful registration, but the system created was a hodgepodge of forms and paperwork that strangled day-to-day activities. Since registration is for a three-year period with surveillance visits by the registrar every six months, the company had no choice but continue feeding the beast it had created. Just as with products, lousy design always results in additional headaches down the line.

2. Aim for simple and concise documentation (more is not better).

ISO documentationDocumenting the company’s quality system is usually considered to be the most excruciating part of the registration process. However, documentation done properly allows companies to move beyond mere compliance and achieve excellence as well as greater profitability.

The process of documentation begins by recording current operational processes. Then, the company analyzes, improves, and assesses those processes to the ISO 9000 standard. Finally, the company documents the streamlined processes. This is not the end, however. Writing down procedures is a powerful tool for pinpointing where there is room for improvement—continual improvement.

3. Integrate all ISO 9000 activities into the company’s day-to-day business.

Companies should drop the term “ISO 9000 quality system” from their manuals and simply call it their “business system.” In today’s hectic environment, it is challenging enough to keep one system going. Imagine how much more energy a company needs to manage two systems.

When ISO is seen as a separate entity it competes for scarce resources. In fact, there is a common fear among companies facing the prospect of becoming certified that registration means having to hire a permanent employee just to oversee the ISO quality system. This fear is needless for companies that take an integrated approach to registration. An Underwriters Laboratories, Inc. (UL) lead auditor once stated that companies holding “ISO 9000 meetings” are a red flag to her because this signals they have not integrated the ISO 9000 requirements into their day-to-day business activities.

4. Make sure senior executives are committed and involved.

Some of the best ISO successes have been in companies where a senior executive serves as the “management representative.” In this type of situation, management studies and understands the ISO standard, then interprets and applies it to the company’s unique situation.

In one such success story, one of our clients named their executive vice president as the management representative. He kept his copy of the ISO 9001 standard, which was full of his highlights and notes, with the company’s quality management system (QMS) manual. He understood the ISO 9001 standard and the corresponding sections of the company’s QMS that addressed the requirements. Because his position allowed him to see the big picture of his company, he could readily discern all the ways in which they were already compliant with the ISO 9001 standard as well as what areas needed improvement.

When a company designates as its management representative a lower-level manager in a more specialized position, that person will possess a much narrower scope of company knowledge than a high-level executive. It is the top executives’ extensive knowledge of the company that helps prevent third parties, such as customers or the ISO registrar, from erroneously asserting that the company is not compliant in a certain area.

5. Engage a registrar with excellent credentials and auditors.

To become ISO 9001 certified, companies engage the services of a third-party registrar, which determines if the company meets the standard. Some ISO 9001 experts maintain that the third-party registration scheme is an inherently flawed one, pointing out examples such as Firestone, a company with one of the worst quality-control disasters in automotive history. Prior to that debacle, a registrar had deemed Firestone worthy of QS 9000 certification, which at that time was widely acknowledged as one of the most challenging of all the industry-specific variants of the ISO 9000 standard. There became increased pressure on ISO auditors to be more strict. Standards such as TS 16949 and AS9100 Rev. C increased the auditor’s required scrutiny level of a company’s Quality Management System competence and compliance.

Companies need to focus on finding the right registrar.  Care is needed to select a registrar with ISO 9001 auditors who will audit from the perspective of the Company’s system and processes.  The ideal registrar has seasoned auditors with excellent business skills and verified credibility with the company’s key customers. It also needs accreditation with the United States-based ANSI-ASQ National Accreditation Board (ANAB) as well as with ANAB’s counterparts in other countries where the company does business.

The right registrar is not necessarily the cheapest, nor is it the one that will rubber-stamp a company through the registration process. One company in a high-tech aerospace industrial park tells of a shop down the street that sells copies of their quality manual with an ISO 9000 certificate. That kind of certification may be cheap and easy, but it would have little currency with a customer like Boeing.

So if you are wondering, how do I get ISO or AS9100 certified? Remember, as in any long-term business investment, the greatest returns from ISO registration go to those companies that invest wisely, plan ahead, and are the most informed.

By AEM Consulting Group, Inc.