Quality Management Systems – FAQ
The following are the most Frequently Asked Questions I come across on a daily basis.
Image credit: Eric Rothermel
Does it take very long to implement a quality management system?
It depends on the following:
- The size of your organization;
- The complexity of your business processes and the products and services you offer;
- How much you believe needs to be documented;
- Management commitment; and
- Resources (financial, human, technology).
Some small businesses have received ISO 9001 certification after only 6 weeks, starting from scratch, with a full time dedicated staff member and a quality consultant as a mentor. To get everything developed, implemented and understood it can take anything from 3 - 12 months and is really up to management and staff making the commitment.
Do we have to document everything we do?
Apart from where ISO 9001 states you need to ‘maintain document information’, it is up to you to decide what you need to document and how to document - for example, using technology, flow charts, process maps, work instructions, photos, videos etc.
Is it a good idea to have a dedicated person planning and implementing a quality management system?
Definitely. While staff members know the processes really well and what works and what doesn’t, a trained staff member in the requirements of ISO 9001, or using a quality consultant, can give you guidance and support on the intent of ISO 9001 and assist and explain the standard in plain language.
How involved does management have to be?
VERY. The Leadership clause in ISO 9001:2015 has been strengthened to ensure leadership demonstrates commitment and support and has clear direction and resources for the organisation.
How can an organisation work out what its objectives and KPIs are?
Have your Leadership group think through the internal and external environment their organisation is involved in or affected by. Using the S.W.O.T. & P.E.S.T.L.E. models will assist the thinking, and the results should provide enough information for their focus for 12 months, with key strategic objectives and KPIs developed along with the risks that need to be managed.
The standard talks about stakeholder analysis. What does this mean?
ISO 9001 still has a focus on the customers and key stakeholders that could be affected positively or negatively. These need to be identified and their expectations noted by an organisation. This type of analysis will assist an organisation develop its QMS to include key stakeholder requirements - for example, those of customers, boards, management and staff, regulatory bodies, lobby groups, financial institutions and local government authorities.
The bottom line is: an organisation needs to achieve the standard of product and/or service expected by its stakeholders.
What and when do we need to monitor, measure, analyse & evaluate in our business?
Apart from the results of audits, non-conformances, customer feedback and management reviews, ISO 9001 leaves it up to an organisation to decide which of its processes, products, services and projects it wants to monitor, measure, analyse and evaluate.
Points to always consider when deciding MMA&E is what to analyse, when should we do this, how should we do it, who should do it and what will you do with the information you have collected; for example does the information need to go to the board, the leadership team, staff, regulatory bodies?
Do we need to do a formalised risk assessment and have risk registers to comply with ISO 9001 risk-based-thinking?
No you don’t, but having a clear, if not simple process to carry out a risk assessment makes it easier for staff to understand why they need to identify risks and what controls are to be put in place to manage the potential risks. Good business practice should have risks documented somewhere, and if not in a formal register, possibly as a process flow, flow charts, or in actual documentation to be used by staff and the customer.
Leadership needs to make sure risks identified are being managed and reported against, where required.
Some common problems!
- Someone has been given the task to develop ISO 9001 QMS and they do it without consulting staff, resulting in no buy-in or understanding of the processes staff need to follow, or why.
- System designed and then ‘business as usual’ until the auditors come around and then a mad rush to get ‘everything ready’ for the auditors.
- No benefit seen by management or staff when the above points are evident.
Christine Brown is founder and managing director of Potential Unlocked, a market leader in the design of management systems that meet compliance and business requirements. She holds a Bachelor of Arts (double major in Political Science and Public Sector Management); RABQSA Lead Auditor, DiSC 5 Behaviours of a Cohesive Team accreditation; Everything DiSC accreditation, TAE 40110 Cert IV Training & Assessment & TAELLN 411.
Due to her extensive knowledge and experience, Christine is trusted by her clients for her patience, understanding and her ability to interpret compliance requirements in a straightforward, uncomplicated way. She regularly facilitates in-house and public workshops, sharing her knowledge of designing simple processes and systems, communicating effectively as an auditor, building and leading teams, and risk management.
Christine’s clients range from small business and start-ups to large organisations and government departments. Covering a broad range of industries, her clients include Boral, BAE Aerospace, Geobrugg, Tenix, West Australian Police, and the Victorian Ambulance Service.
Christine’s new initiative, The Business Performance Program, assists businesses with all major areas of business that are essential for success
For any further information on contracting in an internal auditor to conduct your audits or auditor training please refer to more Audit Tips.
