|
Juhani
Anttila
ISO 9000 STANDARDS SERIES, A CONTINUOUS
SUBJECT TO WIDE INTERNATIONAL INTEREST AND APPLICATION Abstract ISO 9000 quality management (QM) standards have a wide recognition all over the world. However, standards have flaws and also lack of clarity from the business point of view. Standards creating is an international consensus process but in standards applications organizations have responsibility and innovation is core of the process. The organizations implementing the standards are responsible to make the necessary improvements in their standards realizations. Introduction ISO 9000 quality management standards are based on a long term international standardization cooperation and broad consensus, and they have achieved a wide recognition all over the world. ISO 9000 standardization started in 1979 (ISO, 2012). After that there has been a continuous work going on in the standardization committee ISO TC 176 (Quality management and quality assurance) for updating and revising the ISO 9000 standards family and its parts on a regular basis according to the international standardization rules. In addition to the current versions of the standards, we also have always available drafts for the next editions that may be taken into consideration when organizations are developing quality approaches for their business challenges. ISO 9000 standards are applicable to all kinds of organizations, and they may be recognized as a world-wide phenomenon of the professional quality realization. Hence, we also have a broad continuous discussion how to get a maximized benefit of the standards. According to the general standardization definitions (ISO/IEC, 2004), standardization conceptually means an activity giving solutions for repetitive applications, to problems in the spheres of science, technology and economics, aimed at the achievement of the optimum degree of order in a given context. Generally, the activity consists of the processes of formulating, issuing and implementing standards. In this sense standards set particular challenges on the comprehensive understanding, taking responsibility, and innovations among the their appliers. ISO 9000 standards are aimed to be - and really can be - useful, practical, and recognized reference material for the innovative development of any organization's business performance towards the level of excellence. ISO 9000 standards also promote world-widely referred TQM (Total Quality Management) movement within organizations (Anttila, 1998a). Factually the concept QM (quality management) of ISO 9000 equals the concept TQM, although conceptually TQM is quite vague and not any more widely used in business environments (Dahlgaard-Park, 2012). It is very typical that organizations use simultaneously with the ISO 9000 standards also other general and well-known reference models of business management (figure 1), e.g. performance excellence models (quality award criteria), and Kaizen, SixSigma, lean, Balanced Scorecard (BSC), etc. practices. We have applied different methodologies as sub-domains of a comprehensive organizational business-integrated QM approach according to the ISO 9000 standards (Anttila, 2001, Anttila, 2002, Anttila, 2007). Figure 1. Organizations should use simultaneously multifarious sources of information for developing their quality approach and aiming at excellent satisfaction of all interested parties (stakeholders) in a competitive way (Anttila, 2007). ISO 9000 standards present the internationally recognized foundation for QM. The standards emphasize a continual and systematic improvement of the organizational business systems for ensuring organizations' sustainable success and providing confidence among stakeholders or interested parties (i.e. persons or groups having interest in the performance or success of the organization). However, one cannot be pleased with the standardization process and the current practice of applying the standards. There is much criticism and even cynicism against the standards, their implementation, and the achieved results. This is mainly due to intentional or accidental misunderstanding of the objectives, nature, structure, and substance of the standards, and that people are not familiar with the standards' creating process. A successful business management requires knowledge and practices of many different specialized disciplines. QM is one of those disciplines, and even within itself it has links to various areas of knowledge. In addition to the ISO 9000 standards, there are also many other different general and sector specific management standards for specialized knowledge areas of the business management. In organizational business environments all these standards should be able to be used simultaneously (Anttila et al., 2012b) although sometime we can see them competing with each others. In order to promote business integration of the management system standards ISO/IEC Directives (ISO/IEC, 2012) have recently defined a business-minded high level structure and identical core text, and common terms and core definitions that should be used in the revisions of all discipline specific requirement management standards, including ISO 9001. General management standards do not aim at striving for similar business systems. All organizations and their stakeholders have unique needs and business environments. Standards should be applied with integration, responsiveness, collaboration, and innovation (Anttila&Vakkuri, 2001). Top management’s personality has a crucial impact on the performance and development of an organization. Hence, in order to use ISO 9000 standards effectively and efficiently, the major responsibility is squarely on the business leaders, and quality experts have the role of professional facilitation. Standards realizations should be done through selecting and implementing modern, innovative and superior managerial means to strive for organizations' own business goals. Organizations should use with ISO 9000 standards also all other appropriate and useful sources (figure 1) of relevant information, especially sector specific standards, business excellence models (quality awards criteria), and benchmarking references (Anttila, 2007). In this way the real purpose of the standards will take place. The basic standards of the ISO 9000 family are ISO 9004 and ISO 9001 that form a complementary pair of standards for quality management (QM) and quality assurance (QA). ISO 9004 represents the organizational QM broadly and ISO 9001 is a part of the QM and its purpose is to provide QA to organization's interested parties. ISO 9001 cannot operate effectively or efficiently without taking into account the foundation of ISO 9004 and understanding clearly the key concepts and principles of the standards. There are additionally a lot of other related and supplementing standards in the ISO 9000 series. Standard ISO 9000 defines the main concepts that are used in the whole ISO 9000 standards family. Also the auditing standard ISO 19011 is closely related to ISO 9000 basic standards. Organizations should understand the ISO 9000 family of standards as a holistic approach. ISO 9000 standards are voluntary standards, and they can be understood and applied in many different ways depending on the needs, know-how, the degree of progress, and decisions of the organization in question. The requirement standard ISO 9001 for QA may become binding if it is referred to in a contract, other agreements, or regulatory requirements. QM is always to be applied in a multidimensional business environment. All organizations operate in complex business and social communities, and hence in the QM realizations, we should take into account phenomena related to the real and specific business networks and ecosystems of these communities (Anttila&Jussila, 2011b). In practice QM elements - including the QA aspects - are realized in business processes. Organizational business performance and hence also the performance of business-integrated QM are fuzzy concepts. In practical cases it is always question about the degree of performance. Different practices for the performance evaluation are significant elements of all QM realizations. They include strategic evaluations of business units and their businesses as a whole and operational evaluations of the business processes. Monitoring, measurements, self-assessments, and audits are essential practices used in the performance evaluations. Evaluations should lead to corrective and improvement actions of the business system, business processes, and their management practices. A key issue in improving organizational business-integrated ISO 9000 applications is to enhance awareness (figure 2) of the ISO 9000 standards and standardization, and based on that to encourage organizations to use own business-promoting innovations for standards application. In order to understand the standards one should also be familiar with the standardization process. Organizations should move from passive knowing, reproducing, and quoting knowledge produced by others to continuous learning, finding deeper meanings, composing knowledge, and assessing value and making excellent and unique choices. Purpose of this paper is to give ideas for that. Long term and broad-based development of the standards, problems and challenges ISO 9000 standards have been internationally compiled and continually revised and updated during the recent decades and commonly used in more than one hundred countries and in multitude different fields of business. The standards have been translated into a lot of languages. ISO 9000 standards are bestsellers of the standardization bodies. Hence, people talk about ISO 9000 phenomenon. We can recognize the following mile stones and phases in the
development of the ISO 9000 standards: The long-term development
of the ISO 9000 standards in the ISO TC 176 committee has been projected according to the Horizon 2010 strategic decisions
and their updates that include the vision and strategic goals (ISO/TC 176, 2010):
These general statements that guide the development of the whole ISO 9000 standardization should be taken into account also in organizations applying the standards. The ISO 9000 standardization, and particularly ISO
9001 and ISO 9004 standards, have had an enormous impact on the development of
quality practices globally in all kinds of organizations. However, this has not
taken place without problems and drawbacks: Consensus process is the core feature of standardization practices. It is the strength of the international standardization, but in the same time it is the major reason to the problems and deficiencies of the standards. Everyone involved has possibility to voice his or her opinion and all opinions should also be taken into account. The most important consensus practices in the standardization include the following possibilities: Unsatisfactory development of the ISO 9000
standardization has negative effects: However, in all cases clever organizations have always possibilities to apply the standards in a meaningful and creative way. A key issue for that is that standards are understood as unlimited opportunities and not as specific targets ("The trampoline approach", figure 4). Quality management principles, the profound basis of the standards As such, the ISO 9000 standards don't bring about much new special measures to well-functioning organizations that already utilize an effective and efficient management and leadership approach in an innovative manner. However, the standards ought to be viewed as a recognized reference for inspiring to organization-specific superior solutions (figure 4). Regarding the standards as obligatory requirements is not according to ISO 9000's aim and cannot lead to the challenging objectives embodied in the ISO 9000 standards. When utilizing
ISO 9000 standards, one should take into account seven QMP's, which have been drawn up as a basis for the entire ISO 9000 standards
series (Anttila&Jussila, 2011c). With the help of these one can breathe the "spirit of business life"
into ISO 9000 realization and development. These principles are:
Definitely the QMP's are the essential basis of the ISO 9000 standardization, ISO 9000 standards, and the implementing the standards. However, we should be clearly aware how to understand and use them. “Principle” is a basic belief, theory, or rule that has a major influence on the way in which something is done. “Quality management principles” are a set of fundamental belief, norms, rules and values that are accepted as true and that can be used as the main basis for QM. QMP's emphasize what we should take into account in connection with ISO 9000 standards. ISO 9000 QMP's are a given or selected set of statements. They are like axioms that are not justified but assumed to be universally or self-evidently true in all contexts of the ISO 9000 standardization. QMP's form a premise or starting point of reasoning the ISO 9000 standardized aspects. QMP's provide the profound knowledge for understanding all the standard clauses. QMP's aim to capture what is specially central about them. All details of the ISO 9000 standards can be derived from them. The word principle is originated from the Latin word 'principium' that literally means, 'which is first'. Thus QMP's should be as the starting point of the standards' creation and implementation. The QMP's of the ISO 9000 standards also point out clearly how the standards aim at implementing TQM as it is considered in a lot of literature. These principles also are very similar with the basic concepts and principles of the well-known performance excellence models (quality award criteria), e.g. the American Malcolm Baldrige Model and the European EFQM Model. Thus the standards and the performance excellence models are both promoting the same issues, quality of management, and excellent business performance (processes and results) and sustained success realized in a systematic way by an organization's processes of management. ISO 9000 QMP's should be utilized together with the recognized good management principles presented by many business management thinkers and teachers from the creators of the classical school of management theory, e.g. F.W Taylor (operational management) and H. Fayol (strategic management), to today’s influential persons who have defined their own management principles according their own experiences and insights (Anttila et al., 2012a ). These may be used as references for managerial development in any organization. The standardized QMP’s may be used in this context to emphasize quality viewpoints for developing a business integrated professional approach for QM. Multidimensional business environments and different managerial disciplines QM is applied in a multidimensional business environment. Figure 5 presents our holistic view to the major factors related to the QM (Anttila&Kajava, 2010). All organizations operate in complex business and social communities, and hence in the QM realizations we should take into account phenomena related to the business networks and ecosystems of these communities. In practice QM elements are realized in the business processes of organizations' business systems. Organizations' people and particular business leaders have key roles. There are a lot of technical means that can be used to enhance efficiency of the organizational QM. Theoretical methodology of multidimensional information-based disciplines provide the foundation for all this. We should consider disciplines from both theoretical and practical viewpoints. Theoretical approach gives depth to understand individual disciplines and relationships of different disciplines. Theoretical methodology of multidimensional information-based discipline (MID) is derived from the philosophical definitions of how the real world is seen and how the information may be reached for understanding its diversity and multiple disciplines (Anttila et al., 2012b). The MID can be used for treating both substance and methodological questions in its framework. Substance questions deal with the essence and meaning of information, and how to process it. The methodology aims at managing conceptual and theoretical elements for building theoretical and practical frameworks, e.g. to cope with interrelated aspects between different disciplines. MID affects in organizational cases in such a way that it allows to identify (describe) the relevant factors of the topic, as well as ontological and epistemological choices. With MID one can design and implement QM applications, so that it is possible to examine in the same context the management and employee activities, and technological solutions. Practical questions of the disciplines should be considered within the business management framework from the viewpoints of various management system standards Organizations’ business systems and their processes of management cannot be standardized in general standards because they always must fulfill organizations’ specific business needs and fit to organizations’ business situations. However, aspects and requirements of specialized disciplines have become an important area of management system standardization. Quality discipline and ISO 9000 standards family are examples in this field. General international standardization for the management systems started just with ISO 9000 standards. Later a lot of other standards have been created for many specialized areas of the business management, including environmental management, social responsibility management, risk management, occupational health and safety management, information systems/service management, information security management, dependability management, asset management, etc. For these knowledge areas there are general standards but also sector specific standards, e.g. for automobile industry, software industry, aviation industry, military applications, health care, etc. There are many challenges in creating, maintaining, and applying the requirements of the discipline specific management standards in practice in organizations. All those standards are based on particular traditions of different disciplines. The experts of the different expertise - who do not often have close contacts or communication with business leaders or with each other - have been responsible for drafting and finalizing these specialized standards. Hence, those standards and also their application in organizations may become rather isolated from the business system and processes of management, and from each other. Typically organizations apply simultaneously standards of many different disciplines and integrate them within organization’s business system. Different structures and terminologies in the standards cause problems in integration, and lead to isolated discipline management systems that are ineffective and inefficient; and may even be rejected or cause disturbance in the normal business management. All disciplines must adapt themselves to the general management practices of an organization. ISO/IEC Directives (ISO/IEC, 2012) have recently defined a high level structure and identical core text, and common terms and core definitions to be used in all requirement standards of the discipline specific management. The high level structure consists of key issues of the business management that is significant for promoting the business integration in applying the standards. The Directives follow very normal business language and practices. It requires different disciplines to adapt themselves into these concepts and framework but also allows them to add their own specific requirements to this framework. The new harmonized approach will be applied in the fifth revision of the ISO 9001 standard. The harmonized approach may be of great help to organizations in their integration initiatives. However, this requires that discipline experts, e.g. quality experts, must learn organizational business imperatives and collaborate with other expert colleagues and business leaders (Anttila, et al., 2012b). The business strategies and management must be the main drivers to the discipline specific initiatives and development (figure 6). All
specialized management areas, which are analogous to QM,
should be implemented in an organization with a uniform and organization-specific systematic approach (figure 7). In this way
the general principles of the ISO 9000 standards would be applicable as a general
guidance also in the areas of e.g. social responsibility, environmental management,
occupational health and safety, information security, risks management,
financial management, etc. There is no justification for creating separate systems
only for these areas, as they should all be integral parts of organization's business
activities. Distinct systems are in fact harmful to the overall business performance. The key issue of this our integration approach is that all organizations have always only one business system to be managed and all specialized discipline issues must be embedded within this system (Anttila et al., 2012a). This integration principle is different from the model according to which the specialized disciplines, e.g. quality and environmental protection, form a single management system within an organization. Quality management and quality assurance, and integration The
ISO 9000 standards texts delineate an organizational quality approach with two principal and consistent areas
within the business management (figure 8):
Figure 8. QM and QA have two different purposes but they must be consistent with each other. ISO 9000 QM principles form the standardized foundation for the both. These two areas have differing purposes. However, QA can in practice never succeed unless QM is in proper order. Many users of the standards do not clearly understand the fundamental difference between ISO 9004 and ISO 9001. If, for example, the ISO 9001 standard only were used for developing the QMS approach for an organization, the basic purpose of ISO 9000 will not be realized and the results will remain ineffective and inefficient. Organizations need both QM internally and QA externally for operations with all stakeholders (figure 9).
Figure 9. Two principal management domains for the quality approach in organizations' business QM (as referred to in ISO 9004) and QA (as presented in ISO 9001) should in no case be distinct issues separated from one another as they should form a consistent pair of the two managerial areas. In practice this can be achieved most effectively only if both are grounded directly in the actual activities of the organization's business system and processes of management. This is the approach of quality integration that we invented as a concept and introduced to practical business solutions in the 1990's. All organizations have always a certain level of QM and QA realizations and there are always possibilities to improve the situation. ISO 9000 standards are widely used and widely misunderstood and misused When considering standardization we should look at both standards creating process and the usage of the standards. According to the general standardization definitions standardization is an activity giving solutions for repetitive application, to problems essentially in the spheres of science, technology and economics, aimed at the achievement of the optimum degree of order in a given context. Generally, the activity consists of the processes of formulating, issuing and implementing standards (ISO/IEC, 2004). Standards creating and standards applying are two very different worlds (figure 10) (Anttila&Jussila, 2011b). Standards creating is based on voluntary experts and consensus process but in standards application responsibility is on business leaders and the core of the process is innovation. Generally there have been great expectations concerning quality all around the world, and one can refer to a multitude of success stories pertaining to systematically implemented quality development projects. However, at the same time recognized experts have indicated that even the majority of development initiatives which are undertaken under the name of quality have failed. ISO 9000 standards have been for many years one of the most significant references for quality development in organizations. When subjecting results gained from these applications to critical examination, one can say that the results are, to say at least, contradictory. While others praise the standards, others are deeply disappointed and even frustrated with them. The standards applications have not necessarily had significant effects to the overall business performance. The most critical allegations concern organizations'
quality system certifications made by external third parties. There are three fundamental
quality problems embedded in these certifications: (a) Lack of concrete business
integration, (b) Lack of direct linkages to the real needs and satisfaction of
customers and organizations' other stakeholders, and (c) Lack of innovations in the creation and the use of standards. Certifications and regular third party audits are also too slow way to respond to the market needs. Mostly the standards-related problems are originated in the insufficient understanding of the purpose, nature, or fundamental principles of the standards. One can find a lot of practical cases from organizations applying ISO 9000 standards where the standards are not understood in the comprehensive way as they have been defined in the standards themselves. E.g. many organizations are not at all familiar with the ISO 9004 standard. There are also many misleading articles, consultants, and training programmes. Problems
in use of the standards have also reflected to the standardization work within
the responsible committee ISO TC176. Negative effects include e.g.: According to the general ISO guidance, standard is a technical specification or other document available to the public, drawn up with the cooperation and consensus or general approval of all interests affected by it, based on the consolidated results of science, technology and experience, aimed at the promotion of optimum community benefits and approved by a standardization body (ISO/IEC, 2004). In standardization practices, it has been difficult to get the results of the recent science, technology and experience influence on the standard texts in an innovative way. However, standardization deficiencies can be corrected by the smart application in organizations. Often ISO 9000 standards are being wrongly understood as obligatory requirements,
and also standardization (or even certification) organizations are seen as some kind of official authorities
to define those requirements. Also very misleading is often heard statement that
ISO 9001 defines minimum requirements for QM. There are no arguments
for that in the standard texts. These may be reasons why companies' implementations
so often reflect passive and reactive ways to realize standard issues. That
is not the purpose of ISO 9000 standards. One should use proactive and innovative
means to realize standards clauses (figure 11). The standards set no restrictions
for that. According to the ISO 9000 standard vocabulary, QM means coordinated activities to direct and control an organization with regard to quality. Quality is an abstraction, it is related to the characteristics of the results or outputs of certain activities or processes to fulfill needs and expectations, and managing quality is not possible directly. Hence, the phraseology management of quality gives a wrong understanding to the concept of QM. QM is clearly an essential part of the management of an organization. All the activities needed for considering quality are included in the managing processes of an organization. Factually QM covers the whole area of the management of an organization. It is impossible say where is the border between business management and QM. Even within the ISO 9000 standardization community, there have been long discussions on the clarifying statement for the concept of QM. In these discussions, statements like quality for management, quality in management, and quality of management have been used without any consensus conclusion (Anttila et al., 2011a). Our conclusion is that quality of management is the most suitable and also the most practical and challenging interpretation, and we have used that approach in practical company cases, too. Hence, quality in this context is an attribute of an organizational management depicting certain favorite and successful characteristics of the management. Here the management covers all activity levels within an organization, from top management to management of operational activities and individual self-management of employees (figure 12). Quality management system (QMS), which is absolutely
central concept in the ISO 9000 standards texts, has largely been misused. According to ISO 9000, a QMS
system refers specifically to the management system, i.e. the system used for
business management and leadership, comprised of organizational structures, approaches,
processes, and resources, and which meets primarily business needs of the organization.
"Quality" is an attribute of the management system implying that appropriate
professional management and leadership principles and means are applied within
the organization's management and leadership processes in order to ensure and increase
its effectiveness and efficiency. The standards present a standardized approach and guidance
for these principles and means. ISO 9000 QMS is not determined by ISO 9001 only. One must necessarily take into account also ISO 9004 topics. Factually ISO 9001 activities are a part of ISO 9004 scope. However, either of the standards does not describe in the full what a QMS is about. ISO 9004 presents aspects of the effectiveness and efficiency and ISO 9001 general requirements of the QMS. QMS is always something more and defined only by individual organizations (Anttila&Jussila, 2011b). Here we may refer to Aristotle who says in the Metaphysics: "The whole is more than the sum of its parts" and to Russell's paradox: “Whatever involves all of a collection of objects must not be one of the collection”. QMS is always organization-specific issue. Each organization can have only one holistic business system, and when that system creates business success and fulfills relevant requirements it can be called "quality management system". In fact, the concept QMS is not at all needed for practical quality approaches in organizations. In order to differ from the others an organization could use a particular title for its QMS. An example: A company that emphasizes innovativeness in its business calls QMS IBR – Innovative Business Realization. Still many organizations use
the obsolete expression "quality system" (QS) although it does not exist any
more in the ISO 9000 standards. QMS is very different
from QS. In real
business environments the genuine QMS can never be a distinct
system. Actually, the real QMS is always seamlessly integrated
into the business system and its management processes (figure 13). Thus, it is appropriate to speak about quality
"systematicity" that is realized through business management and business
processes. The QMS is a concept of systematic approach
for quality of management. It is more a thinking model, mental system, metaphor, or even illusion than any
physical system. A distinctly built quality system can even be detrimental. Many organizations and even quality experts have difficulties to recognized the difference between standards ISO 9001 and ISO 9004 (Bird&Anttila, 2002). This mainly due to the ambiguity and lack of clarity in the standard texts. Still more problematic is to find relationships of the other models or approaches that are used in organizations simultaneously closely with the ISO 9000 standards. That includes the application of the performance excellence models (quality award criteria) (Anttila et al., 2001), Kaizen, SixSigma, lean, Balanced Scorecard (BSC), etc. All these may be seen as sub-domains of a comprehensive organizational business-integrated QM approach and ISO 9000 standards (figure 14) but this kind of understanding can even cause bitter disagreement. Standardized QM / QA elements Only
certain major topic areas, or "QMS elements", of an organization's
business system and its management are explicitly
considered in the standard texts for QM and QA realization (figure 15). This does not, however, mean that in the ISO
9000 standards QM and QA would refer solely to these issues.
Organizations must naturally supplement the standard topics in accordance with their
own needs and circumstances, and realize them in a superior manner on the basis
of their own innovative decisions. Sector specific applications of the ISO 9000
standards, including automotive, telecom, aviation, software, military, etc. industries, may provide
useful information and details for the organization-specific solutions. The real QMS consists of all these issues being in use in an organization. In the ISO 9000 standards, very little emphasis has been given to the means on how to implement the QM / QA elements. In the ISO 9004 standard only some commonly known standard means, on which the experts of the standardizing committee have been unanimous upon, are presented at quite a general level. On the other hand, the presentation of means in the ISO 9001 standards was not allowed at all, in order to prevent anyone from interpreting them as requirements. How things are implemented in practice in an organization depends precisely on what its performance is like with respect to the needs of QM and QA. Hence it seems questionable whether e.g. the expressions "in compliance with ISO 9001" or "fulfill ISO 9001 requirements" have any real meaning with respect to an organization's performance. All ISO 9000 QM / QA elements discussed in the standards are factually parts of organizations' business system and are realized in business processes. The process-like performance model constitutes in fact the business-like basis of the ISO 9000 standards. This means that realization of the standards ought to take the business processes of an organization, and not the standards clauses, as its starting point. When utilizing ISO 9000 standards, one also should
take into account with each QM / QA element the seven ISO 9000 QMP's. ISO 9001 represents QA requirements in the ISO 9000 family of standards. The purpose of QA is to create and strengthen confidence among organizations' customers and other stakeholders. QA refers to measures, through which both customers as well as other stakeholders become convinced that the specified product requirements are being met. An overly emphasized QA issues should be avoided so that they do not turn to be excessive and expensive or superficial and not meet the real QA purpose and the relevant needs. In QA between two parties, the most natural and sound approach is to utilize QA agreements and related QA plans, for which ISO 9001 may serve as a general model. Even QA should be realized in a way that is efficient and suitable - or even excellent - in the light of the business requirements and takes into account the competitive aspects of the market-place. That is the real challenge in using ISO 9001 standard. ISO 9001 standard-text considers only effectiveness of the QA but not at all efficiency aspects. In real business cases, however, the organization itself must take very seriously also efficiency into consideration. That means particularly the "How"-issues in ISO 9001 realization. The ISO 9001 standard does not present any "How"-issues, they must be decided by the organizations themselves. A problem among the ISO 9001 application-organizations is that they wrongly understand ISO 9001 covering the whole scope of QM. That means that neither practical QA purposes nor challenging QM solutions may be achieved. Another rather naive understanding is that the ISO 9001 factually consists of six (or some other fixed amount of) requirements because the standard mentions that an organization shall have many documented procedures. Certification or registration refers to indicating with a certificate that a product is or will be in accordance with the specific requirements (e.g. according to a standard or specification). A certificate relates primarily to a product compliance and through that also to those activities of business processes determined to assure the specific product features. Certifications with regard to the QA typically adhere to the standard ISO 9001. The standard ISO 9004 cannot be used for certifications. The general kind of certification does not ensure the quality of a product or the business performance of an organization. Certification is closely linked with market and customer communication. A third party certification of a QMS apart from the product and the customer is questionable from the business benefits' point of view. When considering QA,
the needs and expectations of the interested parties should be taken into account.
In many businesses the following is typical (Anttila, 2007): External certification in connection with ISO 9001 standard - if it is really needed - should only be one of the means for QA, and it can be a by-product of an organization's holistic business-integrated quality approach. Only a part of the organizations using ISO 9000 standards are certified and many of the organizations may have no intention of ever being certified. These organizations want to utilize the standards internally in order to improve their business performance and to use them as a general agenda for QA in contractual situations. Certifications have simply been granted with too big (and even an erroneous and deleterious) role in the media. Today there is a credibility crisis in certification business, and in some areas the number of certificates has started to decrease. In fact, there are also different options for certifications. A certification can be performed by the first party (the company itself, i.e. self-certification or self-declaration), the second party (customers), or the third party (a service company specialized in certifying services). The most genuine and natural way to proceed is self-certification, which gains interest due to the flaws associated with third party certifying. However, self-certification requires a strong personal and professional commitment and visibility to QM from the top business leadership of an organization. Hence, an organization's strong focus on certification by an external third party may be a sign of weak, ineffective, and old-fashioned QM and outsourcing this important management responsibility. One cannot distinguish from the competitors only by leaning on general third party certifications. When realized seriously the self-certification may provide for remarkable strengths compared with the third-party certification. Certifications provided by customers are especially recommended, and an organization should strive towards gaining certifications from their key referring customers. With regard to third-party certifications - should this become necessary in the light of marketing efforts - it is worthwhile to examine them by restricting them only to questions pertaining to safety, health, environmental protection, and product liability. Serious criticism has been directed at certifications made by third parties due to the fact that these often entail an emphasis on the business objectives of the company (certification body) doing the certifying. This is a disadvantage of the commercialized certification. Advanced organizations may proactively get advantages from all different kinds of certifications simultaneously according to the needs of the various business cases. Many organizations understand certification as a consultancy although is not allowed in general. Confidence, the core purpose of QA, is most critical factor for success in cooperating between partnering organizations. It is also a competitive advantage because it is difficult to imitate a genuine confidence and to create it in a short term. Transparency is the core element for building confidence among cooperating organizations and individuals. Increased risks and uncertainties within the operational environment set raised requirements for confidence. Key measures for the development of situation focus on effective communication solutions. Historically
QA standardization was grounded in the requirements of major customers (e.g. defense, nuclear
energy, automotive, etc. industries). The new and modern approach is, however,
for an organization (a supplier) to view QA as a service to its customers and to seek
to provide this service in a superior manner, and at least to be better than the
competitors. The key strategy for this is the "Win / Win" partnership
between the organization and its interested parties. Thus QA can be seen as a value-adding part (a service-element) in organization's
products-offerings (figure 16). The new e-business technology creates completely
new cutting-edge solutions (e.g. "e-certificate") for QA (Anttila&Vakkuri, 2001a).
E-certificate consists of Internet site(s) or a portal solution providing for assurance
that an organization conforms to a standard or specification indicated by the certificate.
Communicational QA services give also an opportunity to personalize and create partnership-dedicated efficient solutions with collaborative extranet technology or social software. These solutions may facilitate flexible real time and bilateral multi-media communication between cooperating partners according to the principle of "Enterprise one to one" (figure 17). With these means an organization may act individually to fulfill QA needs of separate stakeholders. ISO 9001 standard can be a reference model in these cases. Performance measurements, evaluations and improvements are very central areas of the organizational business development (Anttila, 1998c, Anttila&Jussila, 2011a). ISO 9004 considers the topic in a broad sense to strive for increasing effectiveness and efficiency of the business processes and the business system as a whole. The QM requirements of the ISO 9001 standard are complementary to the requirements for products. The standard enables an organization to demonstrate its ability to consistently provide product that meets customer and applicable statutory and regulatory requirements, and thus to enhance customer satisfaction. This is the purpose of a traditional QA. Evaluating the performance of QM or QMS is a problematic issue. QM aims at results or outputs of business activities or processes to fulfill needs and expectations of all stakeholders and through that ensure sustained success of an organization. QM is an essential part of the management of an organization. All its activities are seamlessly embedded with the business system and processes of an organization and their management. QM covers the whole area of the management of an organization from top management to management of operational activities (business processes) and individual self-management of employees. It is impossible say where is the border between business management and QM. Hence, instead of QM evaluations we carry out comprehensive evaluations of the performance of business processes and results. If needed there are analytical methods to find out impact of individual QM practices on the overall performance of the business processes or the whole business system (figure 18). Situation with the contractual QA requirements (e.g. based on ISO 9001) is different from QM because the requirements must be specific and unambiguous, and an organization either fulfills the requirements or does not fulfill them. This may be verified through objective auditing. In addition to that organizations may be interested in how efficiently the requirements are fulfilled. This is an issue of internal auditing. The overall business performance of an organization is a broad concept including four categories of performance (NIST, 2010): In practice, both business performance and performance of QM are fuzzy concepts (figure 19) (Anttila, 1998). This implies that an overly simplified ON/OFF way of thinking - implying that there is or isn't a QMS - is not a fruitful approach. Business performance information as such is not enough for successful business management. One needs challenging references. Excellence means excelling, surpassing the references, including: Performance management includes that business performance is evaluated internally by organization's own resources for performance improvement and also for QA. In general performance evaluation practices include measurements, monitoring, self-assessments, and auditing. Both strategic evaluations and operational evaluations are needed. Strategic performance is related to the whole business system and the business vision and strategy of the organization, and particular interest is in change management. For strategic performance management we have used a balanced strategy card methodology that we have developed from well-known balanced scorecards and some other methods. We have also used this methodology for cascading strategic targets and means down to the particular business processes according to the idea of Hoshin Kanri. Measurements and monitoring are typical operational performance management activities. The methods used for collecting information and data regarding key performance indicators should be practicable and appropriate to the organization. Needs for the operational performance evaluations are for daily management and are focused on diagnostics and analysis for corrective, preventive actions, and improving business activities or processes. For those purposes there are available effective and efficient monitoring and analyzing procedures, and technological solutions, e.g. OLAP (online analytical processing) software tools, for considering relevant process performance indicators. Analytical methodology is needed to understand measured data in the relevant business context (Davenport&Harris, 2002). Many of the quality tools are for data analyses (Anttila&Jussila, 2011a). Analyses refer to activities to extract larger meaning from data and information to support evaluation, decision making, testing, improvement, and innovation. Analysis entails using data to determine trends, projections, and cause and effect that might not otherwise be evident. Two different methodologies are in general available for considering and evaluating the performance of the individual business processes or process systems as a whole especially as strategic self-assessments: (a) Evaluations based on maturity models, and (b) evaluations based on performance excellence models (quality awards criteria). The first one is to assess performance against certain specified maturity levels, and the latter - that is our preferred approach - is emphasizing continual performance growth based on learning, refining, and integrating. Strategic evaluations are made as self-assessments by the management teams of the units. Also ISO 9004 suggests a simple method for a self-assessment of an organization's QM approach. Audits are empirical evaluations of the business performance. It is useful to carry out internal audits per business processes (Anttila, 1997) that are the operational elements of the business system and the "carriers" of the QM and QA elements. Audits are more operational than self-assessments. Audits are made by people who are independent from the processes being audited. Internal auditing is very different compared with external, e.g. third party, auditing. It should cover both QM and QA issues and emphasize organization's comprehensive business needs (as covered e.g. by ISO 9004). In external auditing one is interested in QA (as covered e.g. by ISO 9001) issues and customers' viewpoints. External third party certifications assure the performance only in a weak manner (figure 19). Auditing is based on the ISO 19011 standard definition and principles. Internal auditing is a comprehensive task that should be both reactive and proactive by nature. Its purpose is not only to search for nonconformities (non-fulfillment of specified requirements) or defects (non-fulfillment of intended usage requirements or reasonable expectations under the existing circumstances) but there is a broader business related scope. Also performance strengths of the processes must be noted in internal audits. The both methods, self-assessments and audits, support well each other. The most important purpose of the performance measurements and evaluations is that they make possible a fact-based improvements. Figure 20 demonstrates that there are lots of different kinds of business related facts of different business phenomena and especially in business processes. The facts are often hidden in the business activities. If you apply appropriate measurement means, you may get data describing interesting and relevant facts. After that data may be analyzed with suitable analysis methodology in order to get information that is meaningful to the acute business case and situation. Information may be used for managerial actions to the operations and business processes. However, the deliberation and decisions of the business leaders are always starting points to the actions. That means that empirical fact-based information must be combined with the skills, knowledge and even the wisdom of the business management (Anttila&Jussila, 2011a). A strategic objective for the organization is the continual improvement to enhance benefits to the interested parties and to increase efficiency. This is done through improving business process performance. There are two different fundamental improvement methodologies: a) Strategic breakthrough projects, which lead to revision of existing processes or the implementation of new processes usually carried out by cross functional teams outside routine operations. b) Continual small step improvements (“Kaizen”) made by natural work teams within existing processes. Information and knowledge for QM QM is strognly related to the usage and management of business information and knowledge (Anttila, 2008a). The organization needs to share information and knowledge between employees and the interested parties, locate information and knowledge sources, push information to users, or create a central location to navigate through data that one can benefit from. Business management and the QM are squarely based on information and knowledge. Documentation is the traditional way of managing information and knowledge. Documentation should be a dynamic value adding activity. Documented information is needed for achieving required performance targets, for evaluating the business system and processes with regard to effectiveness and efficiency of operations and the level and trend of the results, for providing QA for customers' confidence, and for facilitating performance improvement. Documented information that is particularly relevant for QM consists of: In today's dynamic business environments stable and stiff documentation structures are no more adequate but instead flexible and collaborative information and communication arrangements are required. Mobility is a crucial requirement for business process activities today, and that should be taken into account in documenting information. Many business processes today utilize advanced geographic information systems (GIS) and web applications that combines data and/or functionality from more than one source (Mashups, hybrid web applications). In order to manage the business information more efficiently organizations have invested in various IT solutions. However, the development and use of these solutions have been problematic. IT applications with data sources, systems, and applications located throughout the organization have often made the jobs of people more complex and difficult rather than simplified their work. Corporate-wide IT systems are often complex and designed for a specific purpose and function, hence it is required to deploy different and often unrelated applications and IT modules to meet the information and processing needs of the different business processes and the entire organization. A lot of training is needed for employees to learn effectively use such a complex suite of applications in order to complete the assigned responsibilities. A portal is a single, Web-based interface into the world of heterogeneous and incompatible information and knowledge sources distributed across the telecommunication network. The negative matter is that portals are expensive and difficult to maintain, and hence suitable primarily for big organizations. In our recent applications we have used Web-operated social networking applications (Web 2.0) that have proved simple and inexpensive solutions (Anttila, 2008b). Their particular strengths come from easily customizable applications that allow process groups to work simultaneously on sharing individual knowledge and to create new mutual knowledge inside and globally outside the organization. (figure 22)
Figure 22. Social media tools to be used for a QM knowledge work environment (KWE): "Raw material" for QM conversations is got via participants' blogging and automatic aggregation-feedings. Resulting new knowledge is published in wiki and further shared e.g. in organization's information blogs. Today many human activities within business processes have been replaced by automatic IT solutions. Process automation is an important challenge in using IT in the development of business processes and their management. We have evaluated benefits of those investments from enhancement of customer value, cost reduction and growth of productivity, and “real option” value due to new business opportunities from established investments of process automation. SOA (Service Oriented Architecture) applications have been developed for automating many manual and paper based activities of business processes. They can be useful for responding to agility requirements in business processes: People need to create shared meanings in various business contexts; they need to talk about their experience in close proximity to its occurrence and have common platforms for conversation. Especially business crises are challenging QM situations of both threats and opportunities (Anttila, 2009). Many meetings that are directed to the problems of ambiguity fail to handle the situation because autocratic leadership silences potentially rich views and principles that encourage harmony, or there is reluctance to admit that no one has any idea what is going on. Business dedicated solutions of social media technology are new possibilities for improving the situation. Leadership language has an important role in organizations. Common mutual understanding is an essential issue in both strategic and operational management. An organization is a living organism (Dubberly et al., 2002). It is a set of conversations among people. Language is a medium for organizational growth and change. Narrowing language increases efficiency. A common shared language helps the organization arrive at decisions more efficiently. However, narrowing language increases ignorance. Constrained by a limited vocabulary, the organization becomes unable to adapt to fundamental changes in its environment. It is possible for an organization to learn and grow only if it creates conditions that help generate new language. Taking this into account in managing business is technically and intellectually demanding and, consequently, often dismissed in organizations and management references and standards. A lot of sensitive information is dealt with in many business processes. This includes confident business information, customer and partner information, or employee related information. Hence, information security should be taken seriously. It includes information confidentiality, integrity, and availability (Anttila&Kajava, 2010). Information security is closely related with the privacy questions. Information security management is very analogical managerial discipline with the QM. Complexity and uncertainty of the business networks, managing risks It is difficult in the world wide standardization to follow general development and trends of business environments and society at large. That sets more challenges to the standards appliers to make situational adaptations according to their real business needs. We are, however, concerned about a shortage of innovative QM solutions for modern business environments that are distinguishingly emphasizing speed, change, agility, complexity, and diversity, which are today’s realities in the business environments. These aspects are big challenges to QM and the other disciplines. The society has moved from the certainty and predictability to uncertainty and ambiguity. This includes the following significant aspects that have strong impact to business management and also to the QM (Anttila, 2008c): Rational control that is typically based on the managerial structures and that is also the basis of current QM standards may be effective and efficient only in a small part of real process activities. Rational control is carried out through various processes of management and documented procedures. Operational control is a fact-based activity. Too tight rational control does not give way to situational solutions, not even to the use of "common sense". Political decision making and control highlight various alliances, negotiations and compromises, which are very typical of the organizations’ business management. Instead of rationality, management is often based on the power and status of the leading people, intuitions and post wisdom or explanations afterwards. This may also include compromises between different disciplines Agreement is high but certainty is low in the area of judgmental decision-making. Contextual information is utilized in decisions. Risk management aims at coordinating activities to direct and control situation with regard to the effects of uncertainty. Rational risk based decision making is often related to different kinds of experiments and projects. This area is the traditional area of structured and continuous development. In this case the future is built on traditional models and rational knowledge base. Issues are generally agreed, although there is no clear certainty about the achievement of results. Risk management measures should be emphasized in the QM. The complexity area is very important for the success of organizations. Creativity and innovation originate in this area and transition to the new forms of activity is made here possible. Operation in complex situation cannot only be lead by rational control and based on facts. According to Ashby (Ashby, 1957), a successful operation in complex circumstances requires acceptance of differences and diversity (“Requisite variety”). The organization can get benefit of such effects particularly through the wide range of external networks. This area has been weakly understood in the QM. Chaotic phenomena are burdensome for management in many organizations, because they can neither be managed by traditional means nor entirely avoided. Business threats are often caused by these situations. In modern business networks we are always accompanied by the agents and operators, of which we are not even exactly aware, and which may even be hostile. Individuals’ awareness as well as management flexibility and speed are useful in these difficult situations. For sound development, a new culture in the QM and also in the corresponding standardization should be recognized through accepting the existing realities according to the Stacey Matrix, and new principles, and operational and organizational procedures should be developed on this basis. The corresponding standardization should adapt itself to this development by creating appropriate new solutions for all areas of the Stacey Matrix. These should also be taken into account in applying standards in organizations. Organizations operate in business networks that consist of different kinds of parties. Moreover, an individual organization should take into account networks of regional and global operators, and business clusters in its business. Even competitors are in these networks. Also people of organizations operate in internal and external networks, e.g. expert networks and science communities. Genuine business networks are primarily unplanned, emergent entities. Their growth is sporadic and self-organizing. All network members are independent actors and they have their own needs and expectations. Nobody manages networks as a whole but each actor has its own impact to the network. Through network principles we are able to approach to the quality of the whole societies (Anttila, 2004). Traditional QM practices are not applicable to networked business environments. QM in networks originates from network members, structure and phenomena, and their characteristics. All network members have their own needs and expectations and they produce something to and get something from the other network members. Network members may get benefit also from the whole network through the general recognition or privileges of the network. In the networked business environments (Anttila, 2010) there are new forces that are wreaking havoc on value chains of even superior companies. The organization’s strategy can no longer be based on tinkering with today’s value chain - but on finding ways of value networks to alter it radically. Achieving competitive advantage is more demanding now. Surrounding the traditional five forces of Porter, i.e. buyers, suppliers, substitutes, competitors, and new entrants, there are three new forces, digitalization, globalization, and deregulation. These new forces are particularly creating pressures on organizations’ businesses by networking and are also strongly related to QM questions. The idea of the ecosystem is that each involved business affects and is affected by the others, creating a constantly evolving relationship in which each business must be flexible and adaptable in order to survive. The concept of business ecosystem (Moore, 1996) first appeared in 1993 and is now widely adopted particularly in the high tech community. By their very nature, ecosystems are exceedingly complex networks of organizations. Today, the business ecosystem replaced the traditional concepts of industry and market with business communities of interacting organizations that together create, deliver and consume goods and services. These ecosystems consist of complex networks of players that go far beyond traditional competitors, customers, and suppliers. Ecosystems set new requirements for traditional QM practices, e.g. risk management, but also requires new approaches, e.g. relating to trust and collaboration among business partners. Cloud computing is a challenging new business opportunity in the environment of ecosystem. It is also a very acute issue in the international information technology standardization and closely related to ubiquitous information technology. It is necessary that the development and expertise of the QM move from the reactive systems based culture and activities of the past to new innovative formats that effectively and efficiently take into account needs and expectations of the modern business environment. Of course, this should reflect to the standardization work, too. According to Naidoo (Naidoo, 2005), in complex business situations, which also relate to QM questions, one could turn into interactive practices and methodology by identifying the involved parties and understanding the nature of interactions and communication between them. It is not expected that very significant improvements or major operational changes in the QM standardization could take place in the next few years. Therefore to achieve the benefits, individual organizations applying the standards should highlight responsibility of their own business leaders and experts. They are required to have greater awareness and knowledge, and innovation and the courage to make useful solutions for applying the standards. Fortunately, the standards do not prevent this, but even invite to do it. Organizations face risks that are effects of uncertainty on objectives (ISO, 2009). Very typically risks relate to various issues of the business environments. In the context of QM, the objectives may deal with the performance of the business system as a whole, its processes, structures, activities, or results. An effect is a positive or negative deviation from the expected objectives. Risk management aids decision making in both strategic and operational activities. It must be systematic, structured, timely, and tailored to the specific needs of the organization's business arrangements and situations, and integrated with normal processes of management. Risk aspects have been an significant managerial element in the standard ISO 9004. However, the four first versions of the standard ISO 9001 have not considered risk issues explicitly but in the fifth version risk management will be an essential requirement element. Organization's management model for a comprehensive ISO 9000 integration Every organization has always its some kind of existing realization of QM that can be gradually improved according to the organization's business development strategies and practices. The integration of the QM can be made more effective if the business management infrastructure of the organization is clearly defined, and the organization has adopted its own QM approach within its management infrastructure. This is also a natural basis for excellent ISO 9000 applications. Both
strategic and operational integration of QM
issues with business management is needed. This takes place in a natural way at
four levels of the leadership (figure 24) (Anttila, 2007): Management at all these levels means coordinated activities to direct and control related business entities to achieve objectives efficiently. A well-known and simple model for all management is the PDCA (Plan - Do - Check - Act) model. The PDCA model describes how the management consists of four consecutive activities: In organizational environments the PDCA model is applied in three different management scopes (we call it as “Triple” PDCA model) (Anttila&Jussila, 2012): Comprehensive refinement of a QM approach The ultimate goal of the QM is to ensure controlled and continually improved business performance, competitive products, and confidence and satisfaction among organization's interested parties, and through that to strive for excellence and sustained success in business. We have used the model of learning organization (Senge et al., 1995 ) (figure 25) as a basis our thinking and action for developing our approach to the organization-wide QM. Our model covers both running the current business ("Domain of action") and improving the overall business performance ("Domain of change"). An organization has always a particular status with regard to the three cornerstones of the “Domain of action”: Guiding ideas and principles, managerial tools and methodology, and managerial infrastructure. There are always possibilities to improve these core elements of the “Domain of action”. “Domain of change” aims at changing the way to act to improve the performance of business processes and their structures, and management practices. What is required includes sensibility to new awareness, changes in attitudes and beliefs, and training and education for new skills and competences. Conclusion In order
to realize all ISO 9000 standards' opportunities one should use the whole ISO
9000 standards family in a consistent and innovative manner. Commonly defined
guiding ideas of QM, especially the seven ISO 9000 QMP's,
and tools should be employed in a natural and modern fashion integrated with organization-specific
emphases. This implies e.g. the following for an organization's quality approach: Taking the ISO 9000 standards as a general framework for an organization’s comprehensive QM implementation will be useful because: References
[This material has been presented in different forms in different international seminars, conferences, or education programmes, e.g. in Vaasa, Finland 1999, Mumbai, India 2000, Budapest, Hungary 2000, Lahti, Finland early 2000's (several times), New Delhi, India 2001, Antalya, Turkey 2002, Cape Canaveral, USA 2002, Ostrava, Czech Republic 2002, Kashira, Russia 2003, Fribourg, Switzerland several times in 2004-2011, and Hail, Saudi Arabia 2013. This text has been updated regularly and on the case by case basis and in accordance with the standards development.] ---------------------------------------------------------------------------------------------------------- Annex |
| |
|
|
|
