KEY CONSIDERATIONS IN IMPLEMENTING ISO 9001 IN SMEs

There are many issues that must be addressed in moving the QMS from the initial state to the desired state. For example, all organizations implementing ISO 9001 will need to consider the unique culture within the organization, its size, and the resources available. Beyond those widely discussed points, three issues that merit particular attention are (1) consideration of the QMS as a parallel function, (2) training, and (3) auditing. Key points associated with these issues are discussed below.

In the case of all of the transitions depicted, real benefits from the QMS are more

likely to be experienced if the QMS is implemented directly into the core structure of the organization. SMEs must be cautious against establishing a QMS that is run separately in parallel to its other systems. In SMEs, the parallel subsystem most commonly exhibits itself as a separate Quality Assurance, or in some cases, ISO 9001 department. Possible reasons for this may include the existence of rigid departmental boundaries in some SMEs or overemphasis on core activities. As Yauch and Steudel [10] note, SMEs tend to focus their attention on “…necessary routine activities (such as sales, production, shipping, etc.) rather than activities aimed at improving processes or systems.” If a SME insists on establishing a separate quality department, its level of effectiveness can be increased by embedding the QMS in widely-used organizational systems where practical. The integration is largely a function of how well the QMS manages to share information with other subsystems and its ability to align with the policies, norms, goals, and values in place throughout the organization.

In SMEs, training and staff development is more likely to be ad hoc and small scale because of modest human and financial resources and the absence of a specific training budget. To prevent the problems arising from lack of education and training, two things must be done:

1. Education of Top Management: The centralization of decision-making processes within many SMEs means that the management can either be the main stumbling block to change or the main catalyst for change. Therefore, any approach to ISO 9001implementation must involve considerable education for the top management of the organization to create awareness and understanding of the implementation process as a change initiative. Implementing a fully functional and documented QMS requires motivation by top management to appreciate, achieve, and implement the necessary measures to meet the standards’ criteria.

2. Education and Training of Employees: SMEs are often under pressure to quickly gain ISO 9001 registration. Meeting the requirements of the standard in a short period of time can prove a formidable obstacle for a small company. Since most SMEs do not possess the needed expertise internally, they may be inclined to hire external experts to provide the necessary technical expertise and manpower. However, having a functioning and documented QMS requires more than that. It requires ensuring that all employees in the organization clearly know what is expected of them and how they can contribute to the attainment of their organizations’ goals. This will likely require the preparation and implementation of a training plan tailored specifically to the unique characteristics and maturity level of the SME.

As emphasized throughout the paper, a QMS is not going to produce the expected results unless it is fully functional. While auditing must therefore verify the existence of the necessary documentation, it must also focus on the functionality of the QMS. The measurement of the functionality and the qualitative and financial impacts of a QMS have been the subject of several studies, including Kaynak. Among the categories used to measure functionality and performance improvement, two are particularly noteworthy for our purposes: management commitment and employee involvement. A QMS cannot be functional in the absence of those two characteristics. Therefore, as a minimum, internal and external auditors should continually verify top management’s commitment to increased company-wide quality awareness and improvement in addition to employee involvement in the design, implementation, operation, and improvement of quality related processes and procedures.

What Is New In ISO 9001:2008 Standards

The new edition of ISO 9001 is an amendment and not a revision; in other words, the changes are very small. They are broadly as follows:

- the user-feedback survey on ISO 9001:2000 revealed that there were some ambiguities and some points needing clarification. These have been tidied up, along with clarification inareas that were previously too open to interpretation.

- the new edition has improved compatibility with ISO 14001 for those wishing to integrate their ISO 14001 certification with their ISO 9001 certification.

ISO 9001:2008 – What it means to certified organizations

For certified organizations, the transition period runs from 14 November 2008 to 31 December 2009. All organizations need to be compliant with ISO 9001:2008 by the end of 2009 to retain their certification. BSI’s clients will be audited against the new edition of the standard at their next continuing assessment or re-certification visit.

Antony Barrett, product marketing manager responsible for ISO 9001 at BSI Management Systems UK, comments: “We don’t see anyone having any problems in achieving the 2008 edition of the standard.” Client managers will work with clients to manage the process.

ISO 9001 — a way of managing for conformance

Quality assurance, according to the Standard, is a way of managing that prevents non-conformance and thus “assures quality”. This is what makes ISO 9001 different from other standards: it is a management standard, not a product standard. It goes beyond product standardisation: it is standardising not what is made but how it is made. To use standards to dictate and control how organisations work was to extend the role of standards to new territory. To take such a step we might have firstly established that any such requirements worked — that they resulted in ways of working which improved performance.

Yet the plausibility of this Standard, and the fact that those who had an interest in maintaining it were (and still are) leading opinion, prevented such enquiries. In simple terms the Standard asks managers to say what they do, do what they say and prove it to a third party.

ISO 9000 (1994) paragraph 1: “The requirements specified are aimed primarily at achieving customer satisfaction by preventing non-conformity at all stages from design through servicing.”

To put it another way, the Standard asserts that preventing non-conformance achieves customer satisfaction. But does it? Of course it matters to customers that a product works. But there is no guarantee that the Standard will ensure even that. Furthermore, customers take a total view of an organisation — how easy it is to do business with — in respect of all things of importance to each and every customer.

ISO 9001 requires managers to “establish and maintain a documented quality system as a means of ensuring that product conforms to specified requirements”. Loosely translated this is “say what you do”. Management is supposed to “define and document its policy for quality . . . including its commitment to quality”.

What management would not declare its commitment to quality? But would they know what it means? Would they argue (as they should) that quality management is a different and better way to do business, or would they believe that ISO 9000 will take care of quality? The Standard encourages managers to think of “quality” and “business as usual” as separate and distinct. It helps managers avoid the revelation that quality means a wholly different view of management. Instead, the organisation “shall appoint a management representative who, irrespective of other responsibilities, shall have defined authority and responsibility” [for ISO 9000]. At a practical level this means only one executive might decide he or she had better learn a thing or two about quality. However, would being responsible for ISO 9001 lead to learning about quality or simply enforcing the ISO 9000 regime in an organisation?

Key to the regime is auditing. The Standard requires organisations to conduct internal quality audits to “verify whether quality activities comply with planned arrangements”. This can be loosely translated as “do you do as you say?” and the purpose of the audit is to see that you do. It was not until the 1994 review that the words were changed to “quality activities and related results”. It was a Standard which was rooted in the philosophy of inspection: fifteen years after its initial promulgation the promoters sought to extend the focus to results. But results or improvements assessed by what means? Inspection. By the time the Standard was adopted world-wide, quality thinking had moved a long way from the philosophy of inspection. It is now understood, at least by a few, that quality is achieved through managing the organisation as a system and using measures which enable managers to improve flow and reduce variation (which we explore in chapters 5 and 7). The defenders argue that there is nothing stopping a company having ISO 9000 and implementing methods for managing flow and reducing variation, but where are such companies? Few of the companies we researched, formally and informally, knew anything about this thinking. The Standard does not talk about it; moreover, the Standard effectively discourages managers from learning about it by representing quality in a different way.

According to ISO 8402 (quality vocabulary), quality is:

“The totality of features and characteristics of a product or service that bear on its ability to satisfy stated or implied needs.”

Everything we have learned about ISO 9000 suggests that the people who created this definition were thinking about the things which need to be controlled, those things which “bear on its ability . . .”. The builders of the Standard assumed that customer needs would be listed in contractual agreements between the supplier and customer. ISO 9000 has a “make” logic — procedures for “how you do what you do” — and a “control” logic — check to see that it is done. It is a relic of the era when contractual agreements were perceived to be an important device for regulating the behaviour of suppliers. In these ways, ISO 9000 encouraged “planning for quality”.

Planning for quality sounds plausible, but it assumes many things: that the plan is the right plan, that it is feasible, that people will “do it”, that performance will improve. It is an approach which, paradoxically, leads to poor decisions. Planners of quality systems, guided by ISO 9000, start with a view of how the world should be as framed by the Standard. Understanding how an organisation is working, rather than how someone thinks it should, is a far better place from which to start change of any kind