Authors Posts by admin



0 6864

“What’s in it for me?” is not an unreasonable question for anyone to ask, especially if you are going to ask them to spend money. If you want your business to invest in a Quality Management System such as ISO 9001 you should have some idea of what it is going to cost you and how much you will get back for your investment.

Measuring Your Quality Costs

One way to look at this is to look at the model for Cost of Quality (CoQ) suggested by Armand V. Feigenbaum. His model splits quality costs into four areas:

  • Prevention Costs: The money spent on preventing issues from occurring such as training, creation of standards, quality plans, etc.
  • Appraisal Costs: The money spent on physically checking and auditing products, and systems.
  • Internal Failure Costs: Costs incurred when a failure occurs in house; scrap, rework, time spent replacing product, etc.
  • External Failure Costs: These usually cover everything from warranty costs to lost business.

It is generally accepted that spending money on prevention is going to be a lot less expensive than dealing with an issue once it hits your customer. In most models, it is suggested that costs increase by an order of magnitude for each step as you move from prevention through to external failure costs. Therefore, it will cost your business 10 times as much to deal with an issue once it has reached the customer than if you had caught it in-house, and would cost you a tenth as much to prevent the same  issue.

How Much Can You Save?

The problem of course is that with an effective quality system you prevent the problems from occurring in the first place so you never actually “see” the benefit as the problem never occurs. This can lull some businesses into a false sense of security and lead them to think that they can cut costs by spending less on quality when times are tough. The results of this can be very expensive when a product or service of poor quality slips through to the customer.

Of course if you measure CoQ right from the start you will be able to see how spending more on prevention and appraisal helps to reduce your failure costs and will result in an understanding of what that return on your investment is. You will be able to see the effect of spending more up front lowers the cost of poor quality.

Every business is very different and the ROI that you can achieve in one industry is going to be very different to that achieved in another. As a guide, a recent study undertaken through the American Society for Quality (ASQ) showed that for every $1 spent on your QMS, you could expect to see an additional $6 in revenue, a $16 reduction in costs, and a $3 increase in profits. On average, they saw that quality management reduced costs by 4.8%.

Another study undertaken by the Harvard Business School showed that companies that adopted ISO 9001 had the following benefits:

  • Higher rates of survival
  • Increased Sales
  • Growth in employment
  • Increased wages
  • Less waste
  • Improved worker productivity

So, while it may not be easy to predict your ROI, you can be pretty sure that investing money up front on your Quality Management System is going to be an effective investment.

0 3277

The concept of risk has always been implicit in ISO 9001; this new revision only makes it more explicit and builds it into the whole management system.

In ISO 9001:2015, risk management is being added with focus on risk-based thinking.  Here a systematic approach to risk is established by considering and including it throughout the standard.

In the Introduction the concept of risk-based thinking is explained. Risk is defined as the effect of uncertainty on an expected result, where:

  1. An effect is a deviation from the expected – positive or negative.
  2. Risk is about what could happen and what the effect of this happening might be.
  3. Risk also considers how likely it is to take place.

The main goal of this quality management system is for an organization to achieve conformity and customer satisfaction. In ISO 9001:2015 a risk-based thinking is used to achieve this goal.

  • In Clause 4 (Context) the organization is required to determine the risks which may affect its ability to meet the system’s objectives. The new ISO 9001 recognizes that the consequences of risk are not the same for all organizations, and this is why every organization will need to consider risk quantitatively as well as qualitatively, depending on their context.
  • In Clause 5 (Leadership) top management is required to demonstrate leadership and commit to ensuring that risks and opportunities that can affect the conformity of a product or service are determined and addressed.
  • In Clause 6 (Planning) the organization is required to take action to identify risks and opportunities, and plan how to address each of them.
  • Clause 8 (Operation) establishes that the organization is required to plan, implement and control its processes to address its risks and opportunities.
  • In Clause 9 (Performance evaluation) the organization is required to monitor, measure, analyze and evaluate the risks and opportunities.
  • In Clause 10 (Improvement) the organization is required to improve by responding to changes in risk.

These requirements are considered to cover the concept of preventive action (which has been replaced) and takes a wider view that looks at risks and opportunities. By understanding those risks and exploring ways in which the risks can be mitigated, the organization will also have an opportunity to drive change and improvement.

In order to effectively meet the quality management system’s goal, ISO 9001:2015 will require organizations to consider their risks as part of their management’s plan, which will call for an improved commitment and more involvement of top management.

0 2399

The internal audit process is essential for any organization that aims to maintain and improve their management system(s).  However, achieving an effective internal audit process can be a challenge, especially for small and medium-size organizations.

Audits need to be performed by trained and qualified auditors with the sufficient knowledge of the standard being used in order to ensure independence and objectivity. Some organizations do not have the time or budget to train existing workers to become their internal auditors or to employ someone with the required skills to perform these audits.

For those organizations, contracting out their internal audits is a feasible option. Some of the benefits organizations can obtain by doing so are:

  • Assure independence. Independence is likely to increase when the auditor does not belong to the organization. In some cases when a close relationship exists between auditors and auditees, independence and objectivity may be jeopardized.
  • Assure knowledge and skills. Most auditors from external organizations have years of training and experience. These auditors not only have the technical skills, but they also follow strict ethical guidelines.
  • Reduce costs. Employing an expert to perform the organization’s internal audits can be expensive. Contracting out will reduce the overall cost of internal audits.
  • Assure an up-to-date knowledge. As any other market, the internal audit market is competitive. This drives audit organizations to become more efficient and constantly improve the services they offer, which benefits the organization being audited.
  • Efficient use of time. Internal audits are time consuming. When they are outsourced, management has more time to focus on the core activities of their business.
  • Decrease the risk of disrupting internal audit. If an organization relies on one person to perform internal audits, a reliance on that person is created, which increases the vulnerability of process. This risk is reduced when the process is outsourced.

Outsourcing internal audits is an option that should be considered by small and medium-size organizations. However, each organization has its particular needs and circumstances and they should assess if it would suit them better to outsource internal audits or to create their own auditing team.

There are many organizations that offer audit services, and choosing one is a decision that should not be taken lightly. The time spent choosing the right one will assure an independent and objective audit which will contribute to the improvement of the organization’s management system(s).


0 2380

Every management system requires a way for approaching non-conformities and potential non-conformities. Although many organizations are familiar with the preventive and corrective action processes, there is still some confusion on understanding the differences between them.

Both preventive and corrective actions are developed to improve an organization’s management systems, and their main difference can be identified by taking a closer look at their definition which is found in most of the ISO standards, including ISO 9001:

Corrective action: action to eliminate the cause of a detected non-conformity or other undesirable situation.

Preventive action: action to eliminate the cause of a potential non-conformity or other undesirable situation.

The main difference is that corrective actions are those required to address a non-conformity that has already occurred. In other words, the actions necessary to “clean up the mess”, determine the root cause(s) of the non-conformity and prevent it from happening again. On the other hand, preventive actions are the ones taken to prevent a non-conformity from ever occurring.

Some of the specific actions taken on each of these processes are:

Corrective Action

  • The root cause(s) of the non-conformity needs to be identified and documented.
  • The effect of the non-conformity should be analyzed in order to determine its impact and the actions required to correct or neutralize the damage or possible damages.
  • The whole system needs to be scanned to ensure that the non-conformity does not occur in other areas.
  • Implement the actions that will prevent the non-conformity from reoccurring.
  • Follow up on the actions must be done to determine its effectiveness.

Preventive Action

  • Proactive actions, such as risk assessments, failure modes and effects analysis, must be taken to identify potential non-conformities.
  • The development of work instructions, documented procedures, training are examples of actions that are performed to prevent non-conformities.
  • Other activities that are regularly carried out and are part of the preventive action process are audits, management reviews and inspections.

The number of corrective and preventive actions in an organization reflects its maturity. If an organization has more corrective than preventive actions it is a sign that more resources are being invested on trying to correct non-conformities that have already occurred. Moreover, when the number of preventive actions are greater than the corrective ones, it’s an indication that an organization is on the right track on successfully preventing non-conformities from ever occurring.

The ultimate goal regarding these actions are to have as many that are preventive and zero that are corrective. It is easier and less expensive for any organization to prevent a problem from happening than to clean up the mess after it has occurred.

0 1889
Exploring the Pre-Assessment Audit

The implementation and certification process of a management system based on ISO 9001, ISO 14001 or any other standard requires an enormous amount of effort by everyone in an organization. Therefore, after finally obtaining the desired ISO certificate the organization will surely want to tell the world about it!

There are many ways an organization can advertise that their management system(s) comply with a specific ISO certification and that they have a certificate that proves it! Here are some ideas on how to do it:

Within the organization:

  • It is important to let all the organization’s employees know that their effort paid off. They can be rewarded with items such as mugs, coolers, t-shirts with the organization’s logo and a message such as “ISO 9001:2015 certified quality management system”.
  • A breakfast or brunch can be organized in recognition of the ISO certification achievement.
  • Sending an e-mail to all employees announcing the achievement.
  • The certificate may be displayed in the organizations front lobby.
  • A flag or banner can be displayed on the organization’s main entrance to promote the certification.

Outside the organization:

  • A press release can be distributed to the local media, industrial magazines and other newsletters to announce that the organization’s management system has been certified.
  • A letter or e-mail can be sent to customers and suppliers and even a reception can be organize to celebrate the achievement.
  • The achievement can be announced on the organization’s website, Facebook and Twitter account.
  • Messages announcing the certification can be added on the graphics of the organization’s vehicles.

There are many other ways to advertise the organization’s certification of their management system.

However, there are many mistakes organizations make when promoting their certification. An organization has to seek guidance from their Certification Body (CB) in order to avoid these mistakes. Here are some of the most common ones:

  • The International Organization for Standardization’s logo can not be used under any circumstance.
  • If it’s necessary, the advertisement should mention the scope of the certification (in the cases where one site or one process of the organization has been certified)
  • Phrases such as “ISO Certification” should be avoided; it’s essential to be specific about which standard has the organization’s management system been certified to (ISO 9001, ISO 14001, etc)
  • The organization’s certification logo can not be used in their products. These certifications certify management systems, not products nor services.

Organizations should feel proud of achieving certification of their management system and with their CB’s guidance they should find the right and the best ways to promote it.

1 11940

A Certification Audit is the first step for those organizations that have decided to undergo an assessment process with a Certification Body (CB) or Registrar to determine if their management system complies with the requirements of a given standard (ISO 9001ISO 14001OHSAS 18001, etc). This Certification Audit is divided into two stages: Stage 1 Audit and Stage 2 Audit.

These audits differ in many ways: their purpose, duration, information reviewed and sometimes even in the location where it will take place.

The objective of a Stage 1 Audit is to determine an organization’s readiness for their Stage 2 Certification Audit. Here the Registrar will review the management system documented information, evaluate the client’s site specific conditions and have discussions with employees.  The auditor will look to see that objectives and key performance indicators or significant aspects are in place and understood.  They will review the scope of the management system and obtain information on the organization’s processes and operations, the equipment being used, the levels of control that have been established as well as any applicable statutory or regulatory requirements.  Internal audits and management reviews will be evaluated to ensure they are being planned and performed and the overall level of implementation of the management system to determine if they are ready to move forward with the Stage 2 Certification Audit.

The Registrar will use the Stage 1 Audit to complete Stage 2 Audit planning, including the review the allocation of resources and details for the next phase of the audit.  Documented conclusions will be given to the organization that will outline the readiness as well as identifying any areas of concerns that could be classified as a nonconformance during the Stage 2 Audit.

Stage 1 Audit usually will be carried out in one or two days.  This audit typically occurs onsite.  For organization’s with more than one location the audit would usually be carried out at their head office location.

The Stage 2 Audit evaluates the implementation and effectiveness of the organization’s management system(s). During this audit, the Registrar will determine the degree of compliance with the standard’s requirements, and report any non-conformances or potential non-conformances that the organization will have to correct before the compliance certificate can be issued. If Stage 2 audit is successful, the organization’s management system(s) will be certified..

The Stage 2 Audit will include:

  • All relevant documented information that evidences the management system’s conformity with all the standard’s requirements.
  • Key performance objective and targets, looking at performance monitoring, measuring and reporting
  • Evaluation of internal audits, management review and management responsibility for the organization’s policies
  • All relevant processes, looking at operational control and the ability to carry them out as planned

The duration of the Stage 2 Audit is determined in accordance with IAF MD5.  Depending on the size and complexity of the organization this audit can range anywhere from 1 to many days.

These are the main differences between Stage 1 and Stage 2 Audit. Nonetheless, every organization undergoing a certification process should maintain an open and clear communication with their Registrar in order to clarify any doubts that may arise before the audits take place.

0 1910
Key Performance Indicators for an ISO 14001 Management System

Why Do You Need Performance Indicators for Your Environmental Management System?

Performance Indicators are the measures that you put in place on your processes and business that provide you with the information that you need to see how well your ISO 14001 management system is performing. Each process could have a whole series of measures that will let you know how well it is performing financially, with regards to quality, H&S compliance and of course environmentally. After all, as the saying goes, “what gets measured gets done.”

Each process could potentially have many different measures that are important to it. Many of these measures will be monitored, and action taken at a local level. While others that are more important could be elevated to being Key Performance Indicators (KPIs) for the business. This ensures that those measures that are vital to your business or have a potential risk associated to them are highlighted.

What Performance Indicators Do You Need for Your ISO 14001 Management System?

Many businesses are used to implementing performance measures as part of their quality management system, however they are equally as important as part of your ISO 14001 management system. Your measures need to be selected with great care for each process within your business and only those that are truly important should be elevated as KPIs for management monitoring.

Each business is of course different as are each of your processes. Therefore, your indicators and measures will always be different to those employed by other businesses. However, some typical measures are detailed below to give you some idea as to what you should implement within your own business:

Use of Natural Resources:

  • Water, electricity, and gas usage by the business
  • The amount of paper used within the business

Discharges to Air, Land, and Water:

  • Pollutant parts per million measures
  • Weight to landfill

Incidents and Potential Incidents:

  • Number of actual and potential incidents
  • Time lost due to incidents

Proactive Measures:

  • Risk reduction measures implemented
  • Environmental audit scores

0 2194
Getting Top Management Invested in Certification

The commitment and involvement of top management is essential for the success of any management system. Top management must participate in the implementation process and must ensure the continuity and improvement of the system. Also, they are the ones that should guarantee the availability of resources necessary for the establishment and maintenance of the management system. However, in too many cases, top management’s involvement ends with the appointment of a Management Representative.

There are reasons why top management doesn’t truly commit to a management system, and one of them is that they just don’t see the value of it. They don’t see why they need to be attending management reviews, looking at audit results, and spending money on trainings and “improvements” that don’t seem to improve anything.

Because top management’s involvement is essential for the success of the management system, here are some ways to help them see the true value of any management system.

Speak their language

Management usually speak the language of money. The information presented to them should consist of a cost analysis. They want to know facts such as how the ISO management system will:

  • Help the organization use their resources more efficiently.
  • Promote improvements that reduce cost.
  • Create a work environment that will increase productivity.

Present information that motivates them.

Show them how the ISO management system is helping achieve the organization’s objectives, how targets are being improved, how customer satisfaction has increased (less complaints, increase in sales), or how the organization has received less complaints from other interested parties (regulatory bodies, community, etc). Show them what the system is doing for their business.

Make Management Reviews important to them.

Management doesn’t want to spend time on a meeting just to comply with an ISO requirement. During management reviews, present an overall picture of the organization’s performance; make sure that these meetings represent an opportunity to make important decisions regarding the improvement of processes and performance.

Explain the importance of improvements.

Among other things, top management is responsible for questioning anything that adds activities, time and requires money. When asking for resources for an improvement, show them what the nonconformity or nonvalue added activity is costing the organization, how will the improvement save them money, how will a process become more efficient and how it will help the organization achieve its goals.

Make sure they understand their responsibilities.

Top management needs to understand their role within the ISO management system. They need to know its requirements, the benefits it may bring if it is implemented correctly and what is most important, they need to understand that without their participation, any management system will fail to bring success to the organization.

0 2496

Have you ever stood staring at a range of products in a supermarket trying to make up your mind which one to buy?  They all look quite similar, but one stands out and you buy it.  Why?  It’s got a sign on the shelf and a logo on the product to tell you that it’s won an award for quality.

So you’ve just based your purchase on Quality – Your customers are making the same decision every day!

Quality is more than just finished product, it’s the processes, systems and people that are behind the product.   Quality is everybody’s responsibility.

Quality is the pursuit of excellence, striving to be the best we can and getting ahead of our competitors.  It is meeting the needs and expectations of all stakeholders – our customers, our suppliers, our staff and the community at large.

How can we ensure that we are exploiting all avenues to be the very best?  A recognized standard such as ISO 9001 certification promotes the use of quality tools in business.   The ASQ (American society for quality) estimates that for every €1 spent on a quality management system, such as ISO 9001, returns €6 in revenue, €16 in cost reduction and €3 in profit – that’s €25 for every €1 spent!

93% of organisations agree that the implementation of a quality management system such as ISO9001 was a significant driver of success and most would agree that without it they could not justify their pricing to customers.

If you are looking at ways to improve your ROI by improving your quality then consider ISO certification.   Using an expert to help you implement a quality management system will ensure ISO 9001:2015 accreditation which will in turn help you make significant improvements and lead to significant growth.


This post has been a guest posting from Joann O’Brian over at our friends at CG Business Consulting Ireland .

0 2206
standards moving forward.

All management systems require a periodic review by the organization’s top management. The purpose of such a review is to evaluate if the management system is performing as intended and if it’s producing the desired results as efficiently as possible. While in review, there are steps that can be taken to make sure your organization’s management review process goes smoothly.

The management review inputs may vary from standard to standard; however, there are some key characteristics that all management reviews should have to ensure its success. These are:

Top management is involved. In order for this process to have the expected outputs, top management needs to attend; they are the ones that decide where the resources – people, time and money- will be placed to improve the management system.

All the required inputs are presented in a simple and clear manner. Every standard is specific about the review’s inputs. This information can sometimes be extensive, therefore, it’s fundamental that it’s presented in an easy to follow way and that it gives an overview of the systems current status, its weaknesses and possible areas for improvement. Here are some examples of the information that needs to be highlighted:

  • Internal and external audit results. Number of audit findings. Their current status. Are audit findings increasing or decreasing compared with the year before?
  • Corrective and preventive actions. Current status of corrective/preventive actions. Are resources available to effectively close them? Possible trends (are there fewer corrective and preventive actions compared to previous years?)
  • Legal compliance. Is the organization complying with all applicable requirements?
  • Process performance. Are targets/objectives being reached and maintained?
  • Communications and complaints. Has positive or negative feedback been received from interested parties?
  • Upcoming changes. Are there any changes that can affect the effectiveness of the system (staff changes, new projects or standards, efficiency improvements, etc.)? What actions/decisions need to be taken?

Outputs are recorded. It is essential to record, as a minimum, the date of the review, participants in the review, decisions taken, deficiencies found in the system and recommendations for improvement or corrective actions. The actions and recommendations to be taken should stipulate deadlines, resources needed and the individuals responsible for the actions.

Management review outputs are monitored. The results of this review should be monitored over time, and if problems persist, more frequent reviews should be scheduled.

Management review is held frequently enough. This review is required at least once a year. It is recommended that during the first two years of the management system, this review is held more frequently (twice a year), and after the system has “matured” it can be performed once a year. However, if it’s considered necessary, a specific topic (audit findings, corrective actions, process performance, etc.) can be reviewed on a more frequent basis.

Broadly speaking, a successful management review process provides top management and everyone responsible for the effectiveness of the management system, a diagnosis of the system’s current situation so deficiencies can be identified, changes and/or actions can be established to correct these deficiencies and recommendations for improvement can be made.