ISO 9001:2015 – Top management’s view

In 2014, we conducted more than 119 qualitative interviews with Danish Quality Managers based upon their thoughts of the new (at the time) ISO 9001:2015 regulations. This article will report our conclusions from these field studies and explain how some organisations were able to use ISO 9001 to improve their quality management.

At the time, many organisations had to make substantial shifts to their Quality Management to accommodate the new requirements. While others already met the requirements of ISO 9001:2015. We found that the most significant modification for unprepared businesses was often including top management. Before we go into further detail on our findings here is the specification.

The ISO 9001:2015 field study in short:

• Duration from June to December 2014.
• Contact with more than 344 Danish Quality Managers and Operation Managers.
• 1-hour semi-structured interview with 119 of them, where we talked about how they work with Quality Management Systems today and which challenges they forecast for 2015.
• 7 interviews with professionals who are mainly responsible for auditors and certification agencies.

For the sake of the participants’ anonymity, we will only be presenting general conclusions and observations.
What we uncovered was that not every organisation had progressed from quality assurance to quality management. In fact, many industries saw the purpose of quality purely to meet the expectations of external requirements such as ISO 9001:2015.

To be an ISO 9001 certified organisation quality must focus on activities and processes for cross-functional teamwork. A single page value chain diagram will no longer be enough.

This means that management has to adapt and change to reflect the daily, collective learning of the people in the organisation.

The management system and improvements are seen as two different things

The most competent organisations have integrated their processes and work instructions into one system alone. Here are the requirements from external standards as ISO 9001, ISO 27001, ISO 14001 and ISO 13485, an implicit part of the organisations’ formal work descriptions. Furthermore, they have integrated Quality Management, cross-functional improvements and sometimes also HR and CSR under the same executive.

In most of the cases has the organisations separated quality from the daily improvement work. Here the quality function works hard to catch frequent changes, which, for example, occurs in board meetings for production. The result is that work descriptions are mainly general and mostly used during audits. In this way, the quality of work is retrospective.

However, we also found many organisations where cross-functional teams meet frequently to analyse complaints and errors and define corrective actions.

A “formally owned system” apart from the organisation

Most organisations have (more or less) formally defined process owners. In practice, the process owner shall be equal to the function responsible. In this way, the manager of logistics is the process owner for supply chain processes and the sales executive is the process owner of the sales process. Hereby process orientation is more in name than in fact. We heard everywhere that process owners rarely take responsibility for the processes the system describes they should – with exception of the annual management review.

Quality Managers often handle a cross-functional perspective. Even though it is a good position, is it hard to utilise if you are seen as the “documentation boss”.

Introducing “Risk-Based Thinking”

I read an article on risk-based thinking which argued that it is natural to all of us. Therefore, including it in the ISO 9001:2015 standard is unnecessary. While this may be true on an individual basis it is very difficult to see how your actions could affect another department for instance. Systemic risk and it requires a comprehensive process overview of the people involved. People need to understand how their actions affect the overall process. This is why risk-based thinking is so important. 

Some organisations already had cross-functional risk-based analysis in place. But, for the majority, this would be an entirely new task and would prove challenging to implement in a way which measures risk across all touchpoints.

Our perspective on ISO 9001:2015

ISO 9001:2015 brings a new focus – the top management needs to be actively involved by taking an active responsibility, rather than delegating the whole task.

But, truly involving others is very hard. It requires qualified professionals to let go of knowledge. Your way may objectively be the right way but this doesn’t help if your co-workers don’t accept it as their way. Or if they can’t execute it. Confucius sums this up very well:

“Tell me and I’ll forget; show me and I may remember; involve me and I will understand.” – Confucius

Still, need to implement ISO 9001:2015? Check out how Gluu can help your organisation meet external standards here. 

This post was originally published in 2014, and revised on February 25, 2019.

Frequently Asked Questions