Juhani Anttila
Venture Knowledgist Quality Integration
Helsinki, Finland


How to apply standards in an innovative way for organizational performance excellence and sustained success?


ISO 9000 quality management (QM) standards have a wide recognition all over the world. However, standards have flaws and also lack of clarity from the business point of view. Standards creating is an international consensus process but in standards applications organizations have responsibility and innovation is core of the process. The organizations implementing the standards are responsible to make the necessary improvements in their standards realizations.
We cannot be pleased with the current practices of applying the ISO 9000 standards. This is mainly due to misunderstanding the objectives, nature, structure, and substance of the standards. Standards should be applied with integration, responsiveness, collaboration, and innovation.
Standards ISO 9004 and ISO 9001 form a complementary pair of standards for QM and quality assurance (QA). The “Quality management principles” are the basis for the ISO 9000 standards and their use.
Successful business management requires knowledge and practices of many specialized disciplines. QM is one of those disciplines. For these areas there are various management standards. Organizations need to apply these standards simultaneously. In order to promote integration, ISO/IEC Directives have defined a high level structure and identical core text, and common terms and core definitions to be used in all discipline specific management standards.
Organizations use with the ISO 9000 standards also other well-known reference models of business management. All these different methodologies may be seen as sub-domains of a comprehensive business-integrated QM approach according to the ISO 9000 standards. ISO 9000 standards also promote TQM (Total Quality Management) movement. The concept QM of ISO 9000 equals the concept TQM.
All organizations and their stakeholders have unique needs and business environments. Today organizations operate in complex business and social communities, and hence in the QM realizations we should take into account phenomena related to the business networks and ecosystems of these communities.
ISO 9000 standards emphasize documentation of information. However, serious requirements come only from business needs. Instead of traditional documentation, flexible and collaborative information and communication arrangements are required. Effective use of advanced information and communication technology gives new possibilities.
QM is an essential part of the management of an organization. Hence, instead of particular QM evaluations we evaluate the performance of business processes and results. Strategic performance evaluations are made as self-assessments. There are two different models for these evaluations: (a)  Performance excellence models (our preference) and (b) Maturity models. Audits are more operational evaluation practices. One should make clear distinction between internal and external audits. They are very different activities with the different purposes and processes. 
The commercialized certification is in a credibility crisis, and we need new innovations for the QA in particular in applying the ISO 9001 standard.
We have two approaches to the improvements. Reactive development takes place through problem solving. However, more can be achieved when opportunities, challenges and innovations are the basis of performance development, and the organization takes proactively into account the existing strengths, competitive advantages, and  opportunities.
Every organization has always its own existing realization of QM and way to use ISO 9000 standards that can be gradually improved according to the organization's business development strategies and practices. Organizations value and worth from the QM development contributions should be weighed from the business benefit point of view.
Now in 2012 we are in the advent of the fifth revision of the ISO 9000 standards, and we have new challenges in both the new standards creation, their understanding and applying in the changing business environments. We also have a lot of new means for the ISO 9000 implementation. The aim of this paper is to serve as a contribution for ideas, discussions, and considerations when looking for challenging QM implementation solutions. We want with this paper broaden the horizon for critical discussion on important QM issues to the organizational, national, and international levels. This paper a collation of updated material from many different conferences, training courses, articles, etc. of the recent decades.


ISO 9000 quality management standards are based on a long term international standardization cooperation and broad consensus, and they have achieved a wide recognition all over the world. ISO 9000 standardization started in 1979 (ISO, 2012). After that there has been a continuous work going on in the standardization committee ISO TC 176 (Quality management and quality assurance) for updating and revising the ISO 9000 standards family and its parts on a regular basis according to the international standardization rules. In addition to the current versions of the standards, we also have always available drafts for the next editions that may be taken into consideration when organizations are developing quality approaches for their business challenges.

ISO 9000 standards are applicable to all kinds of organizations, and they may be recognized as a world-wide phenomenon of the professional quality realization. Hence, we also have a broad continuous discussion how to get a maximized benefit of the standards. According to the general standardization definitions (ISO/IEC, 2004), standardization conceptually means an activity giving solutions for repetitive applications, to problems in the spheres of science, technology and economics, aimed at the achievement of the optimum degree of order in a given context. Generally, the activity consists of the processes of formulating, issuing and implementing standards. In this sense standards set particular challenges on the comprehensive understanding, taking responsibility, and innovations among the their appliers.

ISO 9000 standards are aimed to be - and really can be - useful, practical, and recognized reference material for the innovative development of any organization's business performance towards the level of excellence. ISO 9000 standards also promote world-widely referred TQM (Total Quality Management) movement within organizations (Anttila, 1998a). Factually the concept QM (quality management) of ISO 9000 equals the concept TQM, although conceptually TQM is quite vague and not any more widely used in business environments (Dahlgaard-Park, 2012).

It is very typical that organizations use simultaneously with the ISO 9000 standards also other general and well-known reference models of business management (figure 1), e.g. performance excellence models (quality award criteria), and Kaizen, SixSigma, lean, Balanced Scorecard (BSC), etc. practices. We have applied different methodologies as sub-domains of a comprehensive organizational business-integrated QM approach according to the ISO 9000 standards (Anttila, 2001, Anttila, 2002, Anttila, 2007).

Figure 1. Organizations should use simultaneously multifarious sources of information for developing their quality approach and aiming at excellent satisfaction of all interested parties (stakeholders) in a competitive way (Anttila, 2007).

ISO 9000 standards present the internationally recognized foundation for QM. The standards emphasize a continual and systematic improvement of the organizational business systems for ensuring organizations' sustainable success and providing confidence among stakeholders or interested parties (i.e. persons or groups having interest in the performance or success of the organization). However, one cannot be pleased with the standardization process and the current practice of applying the standards. There is much criticism and even cynicism against the standards, their implementation, and the achieved results. This is mainly due to intentional or accidental misunderstanding of the objectives, nature, structure, and substance of the standards, and that people are not familiar with the standards' creating process.

A successful business management requires knowledge and practices of many different specialized disciplines. QM is one of those disciplines, and even within itself it has links to various areas of knowledge. In addition to the ISO 9000 standards, there are also many other different general and sector specific management standards for specialized knowledge areas of the business management. In organizational business environments all these standards should be able to be used simultaneously (Anttila et al., 2012b) although sometime we can see them competing with each others. In order to promote business integration of the management system standards ISO/IEC Directives (ISO/IEC, 2012) have recently defined a business-minded high level structure and identical core text, and common terms and core definitions that should be used in the revisions of all discipline specific requirement management standards, including ISO 9001.

General management standards do not aim at striving for similar business systems. All organizations and their stakeholders have unique needs and business environments. Standards should be applied with integration, responsiveness, collaboration, and innovation (Anttila&Vakkuri, 2001). Top management’s personality has a crucial impact on the performance and development of an organization. Hence, in order to use ISO 9000 standards effectively and efficiently, the major responsibility is squarely on the business leaders, and quality experts have the role of professional facilitation. Standards realizations should be done through selecting and implementing modern, innovative and superior managerial means to strive for organizations' own business goals. Organizations should use with ISO 9000 standards also all other appropriate and useful sources (figure 1) of relevant information, especially sector specific standards, business excellence models (quality awards criteria), and benchmarking references (Anttila, 2007). In this way the real purpose of the standards will take place.

The basic standards of the ISO 9000 family are ISO 9004 and ISO 9001 that form a complementary pair of standards for quality management (QM) and quality assurance (QA). ISO 9004 represents the organizational QM broadly and ISO 9001 is a part of the QM and its purpose is to provide QA to organization's interested parties. ISO 9001 cannot operate effectively or efficiently without taking into account the foundation of ISO 9004 and understanding clearly the key concepts and principles of the standards. There are additionally a lot of other related and supplementing standards in the ISO 9000 series. Standard ISO 9000 defines the main concepts that are used in the whole ISO 9000 standards family. Also the auditing standard ISO 19011 is closely related to ISO 9000 basic standards. Organizations should understand the ISO 9000 family of standards as a holistic approach.

ISO 9000 standards are voluntary standards, and they can be understood and applied in many different ways depending on the needs, know-how, the degree of progress, and decisions of the organization in question. The requirement standard ISO 9001 for QA may become binding if it is referred to in a contract, other agreements, or regulatory requirements.

QM is always to be applied in a multidimensional business environment. All organizations operate in complex business and social communities, and hence in the QM realizations, we should take into account phenomena related to the real and specific business networks and ecosystems of these communities (Anttila&Jussila, 2011b). In practice QM elements - including the QA aspects - are realized in business processes.

Organizational business performance and hence also the performance of business-integrated QM are fuzzy concepts. In practical cases it is always question about the degree of performance. Different practices for the performance evaluation are significant elements of all QM realizations. They include strategic evaluations of business units and their businesses as a whole and operational evaluations of the business processes. Monitoring, measurements, self-assessments, and audits are essential practices used in the performance evaluations. Evaluations should lead to corrective and improvement actions of the business system, business processes, and their management practices.

A key issue in improving organizational business-integrated ISO 9000 applications is to enhance awareness (figure 2) of the ISO 9000 standards and standardization, and based on that to encourage organizations to use own business-promoting innovations for standards application. In order to understand the standards one should also be familiar with the standardization process. Organizations should move from passive knowing, reproducing, and quoting knowledge produced by others to continuous learning, finding deeper meanings, composing knowledge, and assessing value and making excellent and unique choices. Purpose of this paper is to give ideas for that.
Figure 2. Enhancing awareness with regard to the ISO 9000 standards and standardization (Anttila et al., 2007).

Long term and broad-based development of the standards, problems and challenges

ISO 9000 standards have been internationally compiled and continually revised and updated during the recent decades and commonly used in more than one hundred countries and in multitude different fields of business. The standards have been translated into a lot of languages. ISO 9000 standards are bestsellers of the standardization bodies. Hence, people talk about ISO 9000 phenomenon.

We can recognize the following mile stones and phases in the development of the ISO 9000 standards:
- Incoherence in international QM / QA practices in the 1970's
- The committee ISO TC 176 (Quality management and quality assurance) founded in 1979
- The first series of ISO 9000 (General introduction), 9001/9002/9003 (QA), 9004 (QM) and ISO 8402 (Vocabulary) published concurrently in 1987
- Many supplementary standards published to the series ('ISO 9000 family')
- Large distribution and usage of the standards in various countries, industries, and business branches ('ISO 9000 phenomenon')
- Overly emphasized QA and crisis of the certification due to the erosion of the credibility of quality system certificates
- Uncontrolled proliferation of the creation of the standards family and countermeasures for it ('ISO 9000 family planning')
- The second version of the basic standards: Corrections and 'cosmetic' clarifications in 1994
- Criticism to quality of the standards and standardization process. Problems due to many different sector-specific QM standards and management standards of many other management disciplines (proliferation), and commercialization of the certification
- Strengthening the work of ISO TC 176 and clarifying user needs and expectations in 1995
- 'Vision 2000' of the ISO 9000 standardization in 1999
- Publishing the quality management principles (QMP's) for the foundation of the ISO 9000 standardization and standards (2000)
- The third version of the standards: Renewal of the whole ISO 9000 family, simplification and emphasis of the - consistent pair of QM / QA standards, and a new understanding of the standards in 2000, the vocabulary standard ISO 8402 was combined with the standard ISO 9000
- The vision and strategy for the ISO 9000 standardization: 'Horizon 2010'
- The fourth version of the standards: Amending ISO 9001 (2008) and revising ISO 9004 (2009) with no more concurrency and clear consistency in the ISO 9004 and ISO 9001 development. In rewriting the standard ISO 9004 also the title was expanded to "Managing for sustainable success - A quality management approach" providing a new emphasis, sustainable business success, into the standard.
- Revising the QMP's (2012)
- Starting (in 2012) the work of the fifth generation of the ISO 9000 family. The first task is the revision of the ISO 9001 standard and adopting in the standard the new high level structure and core text, and common terms and core definitions of the new ISO/IEC Directives that should be used in all management system standards of the different managerial disciplines.

The next revision of the ISO 9001 standard is planned to be published in 2015. It has very challenging targets to reflect the changes in the environment in which it is used and ensure the standard is fit for its purpose. The revision is planned to:
- take account of changes in QM practices and technology since the last major revision to ISO 9001 (in the year 2000) and to provide a stable core set of requirements for the next 10 years or more.
- ensure that requirements in this standard reflect the changes in the increasingly complex, demanding, and dynamic environments in which organizations operate.
- ensure that requirements are stated to facilitate effective implementation by organizations and effective conformity assessment by 1st, 2nd and 3rd parties.
- ensure that the standard is adequate to provide confidence in those organizations meeting the standard’s requirements.

The long-term development of the ISO 9000 standards in the ISO TC 176 committee has been projected according to the Horizon 2010 strategic decisions and their updates that include the vision and strategic goals (ISO/TC 176, 2010):
- To sustain a product and marketing support system of dynamic, world-class QM standards, related publications and other supporting resources that anticipates business and market needs, facilitates positive results, and satisfies the users.
Strategic goals:
- Product – strategies focused on the successful delivery and support of the products that anticipate and satisfy business and market needs.
- Process – strategies focused on successful development and deployment of the key processes required to drive the operational activities of ISO/TC 176 in the fulfillment of its strategic plans.
- People – strategies focused on the effective and efficient engagement of the people that make up the voluntary membership of ISO/TC 176 as the primary resource.
- Interested parties – strategies focused on engaging the interested parties and liaisons to ISO/TC 176 in an effort to maximize the satisfaction and benefits to the users of the products.

These general statements that guide the development of the whole ISO 9000 standardization should be taken into account also in organizations applying the standards.

The ISO 9000 standardization, and particularly ISO 9001 and ISO 9004 standards, have had an enormous impact on the development of quality practices globally in all kinds of organizations. However, this has not taken place without problems and drawbacks:
- People do not understand clearly the differences of ISO 9001 and ISO 9004. ISO 9001 is overly emphasized and the use of ISO 9004 is limited.
- There has been stagnation in the development of the ISO 9001 standard. Factually there has been no essential contents development during the recent 20 years in the standard. However, organizational business environments and communities are changing at increasing pace.
- Standard ISO 9004 is too general, vague, and customary and therefore hardly can provide enough practical guidance or support for organizations' business development. There is better other literature available for this purpose. Assessment model in the standard is theoretical and does not reflect the needs of organizations. It cannot compete with the recognized performance excellence models (quality awards criteria).
- ISO 9000 standardization process is too slow and poorly managed and cannot follow the general development and trends of business environments and society at large (figure 3).
- Standardization bodies have very weak means to control the use of the standards. The use of the standards is directed strongly by commercial consulting and certification business but not by genuine business needs.

Figure 3. A crisis of ISO 9000 standardization, ability of the ISO 9000 standards to adapt to business and societal environments (Anttila, 2011)

Consensus process is the core feature of standardization practices. It is the strength of the international standardization, but in the same time it is the major reason to the problems and deficiencies of the standards. Everyone involved has possibility to voice his or her opinion and all opinions should also be taken into account. The most important consensus practices in the standardization include the following possibilities:
a) Someone’s proposal is accepted although it is not the best possible solution or not even similarly understood by different experts.
b) A text is edited together in a working group (or by the opposites) in order to get consensus although the compromises are not necessarily any improvements.
c) “Competing” alternative texts are included in the standard although they may be contradictory and hence confusing.
d) Disputed issues are not mentioned in the standard at all.
Users of standards should be aware of these practices.

Unsatisfactory development of the ISO 9000 standardization has negative effects:
- ISO 9000 standards and even more generally the quality discipline are losing their attraction and interestingness.
- There are disappointments towards quality professionalism.
- Commercialized certification business based on stagnant ISO 9001 has endangered diversity and proactive innovations in QM and QA.
- There is threat to the future of the whole QM thinking and ISO 9000 standardization.

In spite of all the existing problems one may also see some weak signals of the new views in ISO 9000 standardization. That relates to the following aspects that have been under consideration during the recent standardization work:
- Striving for business integration through harmonization of the different management system standards
- Considering the simultaneous use of ISO 9000 standards and performance excellence models
- Mapping organization profile to find out an organization's identity as a basis for organization-dedicated and comprehensive performance development
- Incorporating time, speed and agility, and related aspects like networked collaboration, complexity, knowledge, learning, serendipity, etc., to the ISO 9000 standardization
- Considering the concepts and ideas for the future revision of ISO 9001

However, in all cases clever organizations have always possibilities to apply the standards in a meaningful and creative way. A key issue for that is that standards are understood as unlimited opportunities and not as specific targets ("The trampoline approach", figure 4).

Figure 4. The "trampoline approach" for applying the standards

Quality management principles, the profound basis of the standards

As such, the ISO 9000 standards don't bring about much new special measures to well-functioning organizations that already utilize an effective and efficient management and leadership approach in an innovative manner. However, the standards ought to be viewed as a recognized reference for inspiring to organization-specific superior solutions (figure 4). Regarding the standards as obligatory requirements is not according to ISO 9000's aim and cannot lead to the challenging objectives embodied in the ISO 9000 standards.

When utilizing ISO 9000 standards, one should take into account seven QMP's, which have been drawn up as a basis for the entire ISO 9000 standards series (Anttila&Jussila, 2011c). With the help of these one can breathe the "spirit of business life" into ISO 9000 realization and development. These principles are:
1. Customer focus
2. Leadership
3. Engagement and competence of people
4. Process approach
5. Improvement
6. Informed decision making
7. Relationship management

Definitely the QMP's are the essential basis of the ISO 9000 standardization, ISO 9000 standards, and the implementing the standards. However, we should be clearly aware how to understand and use them. “Principle” is a basic belief, theory, or rule that has a major influence on the way in which something is done. “Quality management principles” are a set of fundamental belief, norms, rules and values that are accepted as true and that can be used as the main basis for QM.

QMP's emphasize what we should take into account in connection with ISO 9000 standards. ISO 9000 QMP's are a given or selected set of statements. They are like axioms that are not justified but assumed to be universally or self-evidently true in all contexts of the ISO 9000 standardization. QMP's form a premise or starting point of reasoning the ISO 9000 standardized aspects. QMP's provide the profound knowledge for understanding all the standard clauses. QMP's aim to capture what is specially central about them. All details of the ISO 9000 standards can be derived from them. The word principle is originated from the Latin word 'principium' that literally means, 'which is first'. Thus QMP's should be as the starting point of the standards' creation and implementation.

The QMP's of the ISO 9000 standards also point out clearly how the standards aim at implementing TQM as it is considered in a lot of literature. These principles also are very similar with the basic concepts and principles of the well-known performance excellence models (quality award criteria), e.g. the American Malcolm Baldrige Model and the European EFQM Model. Thus the standards and the performance excellence models are both promoting the same issues, quality of management, and excellent business performance (processes and results) and sustained success realized in a systematic way by an organization's processes of management.

ISO 9000 QMP's should be utilized together with the recognized good management principles presented by many business management thinkers and teachers from the creators of the classical school of management theory, e.g. F.W Taylor (operational management) and H. Fayol (strategic management), to today’s influential persons who have defined their own management principles according their own experiences and insights (Anttila et al., 2012a ). These may be used as references for managerial development in any organization. The standardized QMP’s may be used in this context to emphasize quality viewpoints for developing a business integrated professional approach for QM.

Multidimensional business environments and different managerial disciplines

QM is applied in a multidimensional business environment. Figure 5 presents our holistic view to the major factors related to the QM (Anttila&Kajava, 2010). All organizations operate in complex business and social communities, and hence in the QM realizations we should take into account phenomena related to the business networks and ecosystems of these communities. In practice QM elements are realized in the business processes of organizations' business systems. Organizations' people and particular business leaders have key roles. There are a lot of technical means that can be used to enhance efficiency of the organizational QM. Theoretical methodology of multidimensional information-based disciplines provide the foundation for all this.

Figure 5. A comprehensive approach to QM. Behavior models and memes (learned cultural items in brains) of employees and business leaders have an essential impact on the organizational realization of QM.

Business leaders have the responsibility to cope with all managerial branches of knowledge, “disciplines”, required in their business and used within their organization’s business processes. QM is one of these specialized disciplines that  are handled practically in various international management system standards for directing and guiding the development of organizational practices.

We should consider disciplines from both theoretical and practical viewpoints. Theoretical approach gives depth to understand individual disciplines and relationships of different disciplines. Theoretical methodology of multidimensional information-based discipline (MID) is derived from the philosophical definitions of how the real world is seen and how the information may be reached for understanding its diversity and multiple disciplines (Anttila et al., 2012b). The MID can be used for treating both substance and methodological questions in its framework. Substance questions deal with the essence and meaning of information, and how to process it. The methodology aims at managing conceptual and theoretical elements for building theoretical and practical frameworks, e.g. to cope with interrelated aspects between different disciplines. MID affects in organizational cases in such a way that it allows to identify (describe) the relevant factors of the topic, as well as ontological and epistemological choices. With MID one can design and implement QM applications, so that it is possible to examine in the same context the management and employee activities, and technological solutions. Practical questions of the disciplines should be considered within the business management framework from the viewpoints of various management system standards

Organizations’ business systems and their processes of management cannot be standardized in general standards because they always must fulfill organizations’ specific business needs and fit to organizations’ business situations. However, aspects and requirements of specialized disciplines have become an important area of management system standardization. Quality discipline and ISO 9000 standards family are examples in this field. General international standardization for the management systems started just with ISO 9000 standards. Later a lot of other standards have been created for many specialized areas of the business management, including environmental management, social responsibility management, risk management, occupational health and safety management, information systems/service management, information security management, dependability management, asset management, etc. For these knowledge areas there are general standards but also sector specific standards, e.g. for automobile industry, software industry, aviation industry, military applications, health care, etc.

There are many challenges in creating, maintaining, and applying the requirements of the discipline specific management standards in practice in organizations. All those standards are based on particular traditions of different disciplines. The experts of the different expertise - who do not often have close contacts or communication with business leaders or with each other - have been responsible for drafting and finalizing these specialized standards. Hence, those standards and also their application in organizations may become rather isolated from the business system and processes of management, and from each other.

Typically organizations apply simultaneously standards of many different disciplines and integrate them within organization’s business system. Different structures and terminologies in the standards cause problems in integration, and lead to isolated discipline management systems that are ineffective and inefficient; and may even be rejected or cause disturbance in the normal business management. All disciplines must adapt themselves to the general management practices of an organization.

ISO/IEC Directives (ISO/IEC, 2012) have recently defined a high level structure and identical core text, and common terms and core definitions to be used in all requirement standards of the discipline specific management. The high level structure consists of key issues of the business management that is significant for promoting the business integration in applying the standards. The Directives follow very normal business language and practices. It requires different disciplines to adapt themselves into these concepts and framework but also allows them to add their own specific requirements to this framework. The new harmonized approach will be applied in the fifth revision of the ISO 9001 standard.

The harmonized approach may be of great help to organizations in their integration initiatives. However, this requires that discipline experts, e.g. quality experts, must learn organizational business imperatives and collaborate with other expert colleagues and business leaders (Anttila, et al., 2012b). The business strategies and management must be the main drivers to the discipline specific initiatives and development (figure 6).

Figure 6. Both managerial, and technical decisions and actions are needed for QM solutions for the business needs.

All specialized management areas, which are analogous to QM, should be implemented in an organization with a uniform and organization-specific systematic approach (figure 7). In this way the general principles of the ISO 9000 standards would be applicable as a general guidance also in the areas of e.g. social responsibility, environmental management, occupational health and safety, information security, risks management, financial management, etc. There is no justification for creating separate systems only for these areas, as they should all be integral parts of organization's business activities. Distinct systems are in fact harmful to the overall business performance. The key issue of this our integration approach is that all organizations have always only one business system to be managed and all specialized discipline issues must be embedded within this system (Anttila et al., 2012a). This integration principle is different from the model according to which the specialized disciplines, e.g. quality and environmental protection, form a single management system within an organization.

Figure 7. The Finnish model for integrating different specialized areas of business management

Quality management and quality assurance, and integration

The ISO 9000 standards texts delineate an organizational quality approach with two principal and consistent areas within the business management (figure 8):
- Quality Management, QM, which is for the internal use of an organization and the goal of which is to develop business performance towards excellence and sustained success. In fact, QM equals the quality of management. Standard ISO 9004 provides guidelines for the effectiveness and efficiency of the QM. The aim of this standard is to enhance the performance of the organization through awareness of the organization's environment, the effective management of opportunities and risks, learning from experience, and the application of improvement and innovation, and to enhance satisfaction of customers and other interested parties over the long term and in a balanced way.
- Quality Assurance, QA, the purpose of which is to provide the customer with factual information when an organization needs to demonstrate its ability to provide products that fulfill customer and applicable regulatory requirements and aim to enhance customer satisfaction. That is especially needed in the situations of orders and contracts to generate confidence in the organization's business operations. Standard ISO 9001 defines general QA requirements for organizations' QM. QA is a part of QM.

Figure 8. QM and QA have two different purposes but they must be consistent with each other. ISO 9000 QM principles form the standardized foundation for the both.

These two areas have differing purposes. However, QA can in practice never succeed unless QM is in proper order. Many users of the standards do not clearly understand the fundamental difference between ISO 9004 and ISO 9001. If, for example, the ISO 9001 standard only were used for developing the QMS approach for an organization, the basic purpose of ISO 9000 will not be realized and the results will remain ineffective and inefficient. Organizations need both QM internally and QA externally for operations with all stakeholders (figure 9).

Figure 9. Two principal management domains for the quality approach in organizations' business

QM (as referred to in ISO 9004) and QA (as presented in ISO 9001) should in no case be distinct issues separated from one another as they should form a consistent pair of the two managerial areas. In practice this can be achieved most effectively only if both are grounded directly in the actual activities of the organization's business system and processes of management. This is the approach of quality integration that we invented as a concept and introduced to practical business solutions in the 1990's. All organizations have always a certain level of QM and QA realizations and there are always possibilities to improve the situation.

ISO 9000 standards are widely used and widely misunderstood and misused

When considering standardization we should look at both standards creating process and the usage of the standards. According to the general standardization definitions standardization is an activity giving solutions for repetitive application, to problems essentially in the spheres of science, technology and economics, aimed at the achievement of the optimum degree of order in a given context. Generally, the activity consists of the processes of formulating, issuing and implementing standards (ISO/IEC, 2004). Standards creating and standards applying are two very different worlds (figure 10) (Anttila&Jussila, 2011b). Standards creating is based on voluntary experts and consensus process but in standards application responsibility is on business leaders and the core of the process is innovation.

Figure 10. Standards creating is based on consensus and application on innovation.

Generally there have been great expectations concerning quality all around the world, and one can refer to a multitude of success stories pertaining to systematically implemented quality development projects. However, at the same time recognized experts have indicated that even the majority of development initiatives which are undertaken under the name of quality have failed. ISO 9000 standards have been for many years one of the most significant references for quality development in organizations. When subjecting results gained from these applications to critical examination, one can say that the results are, to say at least, contradictory. While others praise the standards, others are deeply disappointed and even frustrated with them. The standards applications have not necessarily had significant effects to the overall business performance.

The most critical allegations concern organizations' quality system certifications made by external third parties. There are three fundamental quality problems embedded in these certifications: (a) Lack of concrete business integration, (b) Lack of direct linkages to the real needs and satisfaction of customers and organizations' other stakeholders, and (c) Lack of innovations in the creation and the use of standards. Certifications and regular third party audits are also too slow way to respond to the market needs.

On the national level, there is not necessarily any justified relationship between the number of certified companies and the general competitiveness in terms of economic performance, and no significant difference between certified and non-certified suppliers with respect to reliability of deliveries and the number of complaints. There are good and poor certified organizations, and also good and poor non-certified organizations. Furthermore, certification does not seem to guarantee high quality of goods or services. In cases with positive effects of ISO 9000 applications there are normally no experiences about the other possible alternative - and even better - approaches and means. In fact, in very early and undeveloped phases of an organization's quality approach, all systematic means are normally seen useful. In the real business cases, it is not possible in practice that an organization carries out several different trial approaches and after that selects the best according to certain criteria.

Mostly the standards-related problems are originated in the insufficient understanding of the purpose, nature, or fundamental principles of the standards. One can find a lot of practical cases from organizations applying ISO 9000 standards where the standards are not understood in the comprehensive way as they have been defined in the standards themselves. E.g. many organizations are not at all familiar with the ISO 9004 standard. There are also many misleading articles, consultants, and training programmes.

Problems in use of the standards have also reflected to the standardization work within the responsible committee ISO TC176. Negative effects include e.g.:
- Contradictory opinions and understandings of the standards within the committee experts
- Being up with irrelevant issues
- Stagnation of the development of ISO 9001 standard
- Confusion and illogicality in terminology, definitions, and standard texts
- Trivialities in the standards interpretation activity

According to the general ISO guidance, standard is a technical specification or other document available to the public, drawn up with the cooperation and consensus or general approval of all interests affected by it, based on the consolidated results of science, technology and experience, aimed at the promotion of optimum community benefits and approved by a standardization body (ISO/IEC, 2004). In standardization practices, it has been difficult to get the results of the recent science, technology and experience influence on the standard texts in an innovative way. However, standardization deficiencies can be corrected by the smart application in organizations.

Often ISO 9000 standards are being wrongly understood as obligatory requirements, and also standardization (or even certification) organizations are seen as some kind of official authorities to define those requirements. Also very misleading is often heard statement that ISO 9001 defines minimum requirements for QM. There are no arguments for that in the standard texts. These may be reasons why companies' implementations so often reflect passive and reactive ways to realize standard issues. That is not the purpose of ISO 9000 standards. One should use proactive and innovative means to realize standards clauses (figure 11). The standards set no restrictions for that.

Figure 11. Innovation means that new things are done and old things are done in new ways. In ISO 9000 context this means that standard issues should be supplemented and adjusted by organizations by their own unique business related "What" and "How" elements. From organization's performance point of view "How" is more important than "What" (Anttila, 2007) .

It is unfortunate that mainly due to the working resources and practices of the standardization committee (especially voluntary basis of the experts, many committee experts are not - or no more - directly working in business organizations, and the consensus principle in working practices), the existing ISO 9000 standards are not particularly clear, neither with respect to their form nor their contents. One can find a lot of practical cases from organizations applying ISO 9000 standards where the basic objectives, structure, and fundamental principles of the standards series are not understood clearly. Of course one reason is the text of the standards because in many places it seems to be artificial and unpractical from many real organization's business points of view. Thus, standards texts and their backgrounds are difficult to understand. In addition, translations into different languages make the situation still more troublesome.

According to the ISO 9000 standard vocabulary, QM means coordinated activities to direct and control an organization with regard to quality. Quality is an abstraction, it is related to the characteristics of the results or outputs of certain activities or processes to fulfill needs and expectations, and managing quality is not possible directly. Hence, the phraseology management of quality gives a wrong understanding to the concept of QM. QM is clearly an essential part of the management of an organization. All the activities needed for considering quality are included in the managing processes of an organization. Factually QM covers the whole area of the management of an organization. It is impossible say where is the border between business management and QM.

Even within the ISO 9000 standardization community, there have been long discussions on the clarifying statement for the concept of QM. In these discussions, statements like quality for management, quality in management, and quality of management have been used without any consensus conclusion (Anttila et al., 2011a). Our conclusion is that quality of management is the most suitable and also the most practical and challenging interpretation, and we have used that approach in practical company cases, too. Hence, quality in this context is an attribute of an organizational management depicting certain favorite and successful characteristics of the management. Here the management covers all activity levels within an organization, from top management to management of operational activities and individual self-management of employees (figure 12).

Figure 12. Organizational management covers activities and responsibilities over the whole organization (Soin, 1992)

Quality management system (QMS), which is absolutely central concept in the ISO 9000 standards texts, has largely been misused. According to ISO 9000, a QMS system refers specifically to the management system, i.e. the system used for business management and leadership, comprised of organizational structures, approaches, processes, and resources, and which meets primarily business needs of the organization. "Quality" is an attribute of the management system implying that appropriate professional management and leadership principles and means are applied within the organization's management and leadership processes in order to ensure and increase its effectiveness and efficiency. The standards present a standardized approach and guidance for these principles and means.

Also the management system may be confusing because organizations are managed by people, business leaders, and not by systems. In fact, an organization is a system to be managed through systematic processes of management.

ISO 9000 QMS is not determined by ISO 9001 only. One must necessarily take into account also ISO 9004 topics. Factually ISO 9001 activities are a part of ISO 9004 scope. However, either of the standards does not describe in the full what a QMS is about. ISO 9004 presents aspects of the effectiveness and efficiency and ISO 9001 general requirements of the QMS. QMS is always something more and defined only by individual organizations (Anttila&Jussila, 2011b). Here we may refer to Aristotle who says in the Metaphysics: "The whole is more than the sum of its parts" and to Russell's paradox: “Whatever involves all of a collection of objects must not be one of the collection”. QMS is always organization-specific issue. Each organization can have only one holistic business system, and when that system creates business success and fulfills relevant requirements it can be called "quality management system". In fact, the concept QMS is not at all needed for practical quality approaches in organizations. In order to differ from the others an organization could use a particular title for its QMS. An example: A company that emphasizes innovativeness in its business calls QMS IBR – Innovative Business Realization.

Still many organizations use the obsolete expression "quality system" (QS) although it does not exist any more in the ISO 9000 standards. QMS is very different from QS. In real business environments the genuine QMS can never be a distinct system. Actually, the real QMS is always seamlessly integrated into the business system and its management processes (figure 13). Thus, it is appropriate to speak about quality "systematicity" that is realized through business management and business processes. The QMS is a concept of systematic approach for quality of management. It is more a thinking model, mental system, metaphor, or even illusion than any physical system. A distinctly built quality system can even be detrimental.

Figure 13. A typical structure and the major management elements of a business system of any organization. In practice this is always in its details an organization-specific solution. This structure is the basis for integration of the QMS. In the real situation one cannot see any distinct QMS justified. (Anttila et al., 2004)

Many organizations and even quality experts have difficulties to recognized the difference between standards ISO 9001 and ISO 9004 (Bird&Anttila, 2002). This mainly due to the ambiguity and lack of clarity in the standard texts. Still more problematic is to find relationships of the other models or approaches that are used in organizations simultaneously closely with the ISO 9000 standards. That includes the application of the performance excellence models (quality award criteria) (Anttila et al., 2001), Kaizen, SixSigma, lean, Balanced Scorecard (BSC), etc. All these may be seen as sub-domains of a comprehensive organizational business-integrated QM approach and ISO 9000 standards (figure 14) but this kind of understanding can even cause bitter disagreement.

Figure 14. Seeking differences between the performance excellence models (PEM), Kaizen, SixSigma, Lean, Balanced Scorecard (BSC) and the standards ISO 9001 and ISO 9004 according to their roles in a business system.

Standardized QM / QA elements

Only certain major topic areas, or "QMS elements", of an organization's business system and its management are explicitly considered in the standard texts for QM and QA realization (figure 15). This does not, however, mean that in the ISO 9000 standards QM and QA would refer solely to these issues. Organizations must naturally supplement the standard topics in accordance with their own needs and circumstances, and realize them in a superior manner on the basis of their own innovative decisions. Sector specific applications of the ISO 9000 standards, including automotive, telecom, aviation, software, military, etc. industries, may provide useful information and details for the organization-specific solutions. The real QMS consists of all these issues being in use in an organization.

Figure 15. ISO 9000 QM / QA elements within an organization's business system. Factually QM covers the whole area of the management of an organization. It is impossible say where is the border between business management and quality management. (Anttila, 1998b)

In the ISO 9000 standards, very little emphasis has been given to the means on how to implement the QM / QA elements. In the ISO 9004 standard only some commonly known standard means, on which the experts of the standardizing committee have been unanimous upon, are presented at quite a general level. On the other hand, the presentation of means in the ISO 9001 standards was not allowed at all, in order to prevent anyone from interpreting them as requirements. How things are implemented in practice in an organization depends precisely on what its performance is like with respect to the needs of QM and QA. Hence it seems questionable whether e.g. the expressions "in compliance with ISO 9001" or "fulfill ISO 9001 requirements" have any real meaning with respect to an organization's performance.

All ISO 9000 QM / QA elements discussed in the standards are factually parts of organizations' business system and are realized in business processes. The process-like performance model constitutes in fact the business-like basis of the ISO 9000 standards. This means that realization of the standards ought to take the business processes of an organization, and not the standards clauses, as its starting point.

When utilizing ISO 9000 standards, one also should take into account with each QM / QA element the seven ISO 9000 QMP's.

Challenging excellence in the QA services

ISO 9001 represents QA requirements in the ISO 9000 family of standards. The purpose of QA is to create and strengthen confidence among organizations' customers and other stakeholders. QA refers to measures, through which both customers as well as other stakeholders become convinced that the specified product requirements are being met. An overly emphasized QA issues should be avoided so that they do not turn to be excessive and expensive or superficial and not meet the real QA purpose and the relevant needs. In QA between two parties, the most natural and sound approach is to utilize QA agreements and related QA plans, for which ISO 9001 may serve as a general model.

Even QA should be realized in a way that is efficient and suitable - or even excellent - in the light of the business requirements and takes into account the competitive aspects of the market-place. That is the real challenge in using ISO 9001 standard. ISO 9001 standard-text considers only effectiveness of the QA but not at all efficiency aspects. In real business cases, however, the organization itself must take very seriously also efficiency into consideration. That means particularly the "How"-issues in ISO 9001 realization. The ISO 9001 standard does not present any "How"-issues, they must be decided by the organizations themselves.

A problem among the ISO 9001 application-organizations is that they wrongly understand ISO 9001 covering the whole scope of QM. That means that neither practical QA purposes nor challenging QM solutions may be achieved. Another rather naive understanding is that the ISO 9001 factually consists of six (or some other fixed amount of) requirements because the standard mentions that an organization shall have many documented procedures.

Certification or registration refers to indicating with a certificate that a product is or will be in accordance with the specific requirements (e.g. according to a standard or specification). A certificate relates primarily to a product compliance and through that also to those activities of business processes determined to assure the specific product features. Certifications with regard to the QA typically adhere to the standard ISO 9001. The standard ISO 9004 cannot be used for certifications. The general kind of certification does not ensure the quality of a product or the business performance of an organization. Certification is closely linked with market and customer communication. A third party certification of a QMS apart from the product and the customer is questionable from the business benefits' point of view.

When considering QA, the needs and expectations of the interested parties should be taken into account. In many businesses the following is typical (Anttila, 2007):
- Consumers: They expect good service performance and low price; they are not interested in formal QA issues.
- Business-to-business customers: They expect confidence relating to company-dedicated advanced solutions and for them very general ISO 9001 standard and third party certifications are too vague for a real QA. They are interested in customer-tailored QA solutions. This is also valid in professional supplier partnerships.
- National authorities: They are responsible about the minimum national performance level of basic services. In competitive business environments fulfilling only the regulatory requirements is not enough for business competitiveness.
Conclusion in these kinds of business situation is that there are no justification and no needs for a general third party certification of the QMS. That even could hinder an innovative development of customer-focused QA approaches.

External certification in connection with ISO 9001 standard - if it is really needed - should only be one of the means for QA, and it can be a by-product of an organization's holistic business-integrated quality approach. Only a part of the organizations using ISO 9000 standards are certified and many of the organizations may have no intention of ever being certified. These organizations want to utilize the standards internally in order to improve their business performance and to use them as a general agenda for QA in contractual situations. Certifications have simply been granted with too big (and even an erroneous and deleterious) role in the media. Today there is a credibility crisis in certification business, and in some areas the number of certificates has started to decrease.

In fact, there are also different options for certifications. A certification can be performed by the first party (the company itself, i.e. self-certification or self-declaration), the second party (customers), or the third party (a service company specialized in certifying services). The most genuine and natural way to proceed is self-certification, which gains interest due to the flaws associated with third party certifying. However, self-certification requires a strong personal and professional commitment and visibility to QM from the top business leadership of an organization. Hence, an organization's strong focus on certification by an external third party may be a sign of weak, ineffective, and old-fashioned QM and outsourcing this important management responsibility. One cannot distinguish from the competitors only by leaning on general third party certifications.

When realized seriously the self-certification may provide for remarkable strengths compared with the third-party certification. Certifications provided by customers are especially recommended, and an organization should strive towards gaining certifications from their key referring customers. With regard to third-party certifications - should this become necessary in the light of marketing efforts - it is worthwhile to examine them by restricting them only to questions pertaining to safety, health, environmental protection, and product liability. Serious criticism has been directed at certifications made by third parties due to the fact that these often entail an emphasis on the business objectives of the company (certification body) doing the certifying. This is a disadvantage of the commercialized certification. Advanced organizations may proactively get advantages from all different kinds of certifications simultaneously according to the needs of the various business cases. Many organizations understand certification as a consultancy although is not allowed in general.

Confidence, the core purpose of QA, is most critical factor for success in cooperating between partnering organizations. It is also a competitive advantage because it is difficult to imitate a genuine confidence and to create it in a short term. Transparency is the core element for building confidence among cooperating organizations and individuals. Increased risks and uncertainties within the operational environment set raised requirements for confidence. Key measures for the development of situation focus on effective communication solutions.

Historically QA standardization was grounded in the requirements of major customers (e.g. defense, nuclear energy, automotive, etc. industries). The new and modern approach is, however, for an organization (a supplier) to view QA as a service to its customers and to seek to provide this service in a superior manner, and at least to be better than the competitors. The key strategy for this is the "Win / Win" partnership between the organization and its interested parties. Thus QA can be seen as a value-adding part (a service-element) in organization's products-offerings (figure 16). The new e-business technology creates completely new cutting-edge solutions (e.g. "e-certificate") for QA (Anttila&Vakkuri, 2001a). E-certificate consists of Internet site(s) or a portal solution providing for assurance that an organization conforms to a standard or specification indicated by the certificate.

Figure 16. QA is based on factual process-based information for customers' confidence. It can be understood as a communicational service-element to the customer. Modern Internet facilities may be used for QA communication.

Communicational QA services give also an opportunity to personalize and create partnership-dedicated efficient solutions with collaborative extranet technology or social software. These solutions may facilitate flexible real time and bilateral multi-media communication between cooperating partners according to the principle of "Enterprise one to one" (figure 17). With these means an organization may act individually to fulfill QA needs of separate stakeholders. ISO 9001 standard can be a reference model in these cases.

Figure 17. Customer's differentiation and organization's capabilities for an "enterprise one to one" approach is a challenge for QA (Peppers&Rogers, 1999).

Evaluating and improving the QM performance, performance management

Performance measurements, evaluations and improvements are very central areas of the organizational business development (Anttila, 1998c, Anttila&Jussila, 2011a). ISO 9004 considers the topic in a broad sense to strive for increasing effectiveness and efficiency of the business processes and the business system as a whole. The QM requirements of the ISO 9001 standard are complementary to the requirements for products. The standard enables an organization to demonstrate its ability to consistently provide product that meets customer and applicable statutory and regulatory requirements, and thus to enhance customer satisfaction. This is the purpose of a traditional QA.

Evaluating the performance of QM or QMS is a problematic issue. QM aims at results or outputs of business activities or processes to fulfill needs and expectations of all stakeholders and through that ensure sustained success of an organization. QM is an essential part of the management of an organization. All its activities are seamlessly embedded with the business system and processes of an organization and their management. QM covers the whole area of the management of an organization from top management to management of operational activities (business processes) and individual self-management of employees. It is impossible say where is the border between business management and QM. Hence, instead of QM evaluations we carry out comprehensive evaluations of the performance of business processes and results. If needed there are analytical methods to find out impact of individual QM practices on the overall performance of the business processes or the whole business system (figure 18).

Figure 18. EEM - Enabler-Effect Map that may be used for understanding business benefits of the different QM contributions (Holopainen et all., 2001)

Situation with the contractual QA requirements (e.g. based on ISO 9001) is different from QM because the requirements must be specific and unambiguous, and an organization either fulfills the requirements or does not fulfill them. This may be verified through objective auditing. In addition to that organizations may be interested in how efficiently the requirements are fulfilled. This is an issue of internal auditing.

The overall business performance of an organization is a broad concept including four categories of performance (NIST, 2010):
- Customer-focused performance: Organization’s performance seen by the customers
- Operational performance: Organization-internal performance including hard business process performance (e.g. cost efficiency, throughput or lead time) and soft performance (e.g. workforce skills)
- Product performance: Characteristics of the products (goods and services)
- Financial and market performance: E.g. operational costs, productivity, competitiveness, and market share
All these performance dimensions are important also from the QM point of view, and they depend squarely on the performance of the business processes. Financial performance is the foundation for the organizational survival and development and hence it is also an important area of QM (Jussila et al., 2012).

In practice, both business performance and performance of QM are fuzzy concepts (figure 19) (Anttila, 1998). This implies that an overly simplified ON/OFF way of thinking - implying that there is or isn't a QMS - is not a fruitful approach.

Figure 19. Performance of a business system as a whole and of the individual business processes is a fuzzy concept within the continuum of the extremes of vague/anecdotal and proven/excellent levels. Development of the situation takes place through consecutive evaluations, decisions, and improvement actions by the business management. External third party certifications assure the performance only in a weak manner.

Business performance information as such is not enough for successful business management. One needs challenging references. Excellence means excelling, surpassing the references, including:
- Exceeding own performance goals and targets
- Succeeding in business performance within own industry branch (in average or among the best competitors)
- Evidencing World Class performance (benchmarks and best practices) that means an organization's good reference value even outside its own business branch.
Only performance excellence can ensure sustained success of an organizations.

Performance management includes that business performance is evaluated internally by organization's own resources for performance improvement and also for QA. In general performance evaluation practices include measurements, monitoring, self-assessments, and auditing. Both strategic evaluations and operational evaluations are needed.

Strategic performance is related to the whole business system and the business vision and strategy of the organization, and particular interest is in change management. For strategic performance management we have used a balanced strategy card methodology that we have developed from well-known balanced scorecards and some other methods. We have also used this methodology for cascading strategic targets and means down to the particular business processes according to the idea of Hoshin Kanri.

Measurements and monitoring are typical operational performance management activities. The methods used for collecting information and data regarding key performance indicators should be practicable and appropriate to the organization. Needs for the operational performance evaluations are for daily management and are focused on diagnostics and analysis for corrective, preventive actions, and improving business activities or processes. For those purposes there are available effective and efficient monitoring and analyzing procedures, and technological solutions, e.g. OLAP (online analytical processing) software tools, for considering relevant process performance indicators.

Analytical methodology is needed to understand measured data in the relevant business context (Davenport&Harris, 2002). Many of the quality tools are for data analyses (Anttila&Jussila, 2011a). Analyses refer to activities to extract larger meaning from data and information to support evaluation, decision making, testing, improvement, and innovation. Analysis entails using data to determine trends, projections, and cause and effect that might not otherwise be evident.

Two different methodologies are in general available for considering and evaluating the performance of the individual business processes or process systems as a whole especially as strategic self-assessments: (a) Evaluations based on maturity models, and (b) evaluations based on performance excellence models (quality awards criteria). The first one is to assess performance against certain specified maturity levels, and the latter - that is our preferred approach - is emphasizing continual performance growth based on learning, refining, and integrating. Strategic evaluations are made as self-assessments by the management teams of the units. Also ISO 9004 suggests a simple method for a self-assessment of an organization's QM approach.

Audits are empirical evaluations of the business performance. It is useful to carry out internal audits per business processes (Anttila, 1997) that are the operational elements of the business system and the "carriers" of the QM and QA elements. Audits are more operational than self-assessments. Audits are made by people who are independent from the processes being audited. Internal auditing is very different compared with external, e.g. third party, auditing. It should cover both QM and QA issues and emphasize organization's comprehensive business needs (as covered e.g. by ISO 9004). In external auditing one is interested in QA (as covered e.g. by ISO 9001) issues and customers' viewpoints. External third party certifications assure the performance only in a weak manner (figure 19).

Auditing is based on the ISO 19011 standard definition and principles. Internal auditing is a comprehensive task that should be both reactive and proactive by nature. Its purpose is not only to search for nonconformities (non-fulfillment of specified requirements) or defects (non-fulfillment of intended usage requirements or reasonable expectations under the existing circumstances) but there is a broader business related scope. Also performance strengths of the processes must be noted in internal audits.

The both methods, self-assessments and audits, support well each other.

The most important purpose of the performance measurements and evaluations is that they make possible a fact-based improvements. Figure 20 demonstrates that there are lots of different kinds of business related facts of different business phenomena and especially in business processes. The facts are often hidden in the business activities. If you apply appropriate measurement means, you may get data describing interesting and relevant facts. After that data may be analyzed with suitable analysis methodology in order to get information that is meaningful to the acute business case and situation. Information may be used for managerial actions to the operations and business processes. However, the deliberation and decisions of the business leaders are always starting points to the actions. That means that empirical fact-based information must be combined with the skills, knowledge and even the wisdom of the business management (Anttila&Jussila, 2011a).

Figure 20. Organization's actual business situation is composed of facts in the business processes. Management's decisions and interventions are based on information from these facts combined with the management's previous information and tacit knowledge (understanding). Managerial knowledge develops mainly through the collaborate learning. "Ba" is a Japanese name for collaborative knowledge creating and learning environment.

There are two approaches to the improvements. Reactive development is achieved through problem solving. Often it may be necessary for the business continuity. However, more can be achieved when opportunities, challenges and innovations are the basis of performance development and the organization takes proactively into account the existing strengths, competitive advantages, and opportunities. The reactive method in its backward-looking nature is never as effective as the future-orientation. The improvement is carried out through utilizing well established methods including e.g. performance analyses, corrective and preventive actions, innovations, and benchmarking (see figure 21).

Figure 21. A comprehensive QM approach for establishing foundations of continual improving business performance

A strategic objective for the organization is the continual improvement to enhance benefits to the interested parties and to increase efficiency. This is done through improving business process performance. There are two different fundamental improvement methodologies: a) Strategic breakthrough projects, which lead to revision of existing processes or the implementation of new processes usually carried out by cross functional teams outside routine operations. b) Continual small step improvements (“Kaizen”) made by natural work teams within existing processes.

Well-known and popular systematic approaches to the business process improvement are SigSigma and lean methodology. SixSigma is a process focused methodology designed to improve business performance through improving specific areas of the strategic business processes. It is typically used in large scale and financially significant improvement projects in organizations that have a strong SixSigma culture. Lean methodology aims at eliminating useless process activities and waste. It consists of a large and quite vague collection of improvement tools. Also benchmarking methodology is used in the context of process performance improvement.

Information and knowledge for QM

QM is strognly related to the usage and management of business information and knowledge (Anttila, 2008a). The organization needs to share information and knowledge between employees and the interested parties, locate information and knowledge sources, push information to users, or create a central location to navigate through data that one can benefit from. Business management and the QM are squarely based on information and knowledge.

Documentation is the traditional way of managing information and knowledge. Documentation should be a dynamic value adding activity. Documented information is needed for achieving required performance targets, for evaluating the business system and processes with regard to effectiveness and efficiency of operations and the level and trend of the results, for providing QA for customers' confidence, and for facilitating performance improvement. Documented information that is particularly relevant for QM consists of:
- Descriptions of the organizational identity and business environments including purpose, mission, vision, and goals
- Procedure documents, e.g. process plans
- Master data that typically include common data about customers, suppliers, partners, products, materials, accounts, etc.
- Operational records, e.g. current information on process performance
ISO 9000 standards are often said to place stress on quality documentation. However, serious requirements for documentation come only from business needs, not from standards, which present only guidance or general models. Different members of the organization have different needs of documentation contents and form. Business documentation fulfills all the needs of QM and QA, and thus no distinct quality documents, e.g. manuals or procedure documents, are needed.
Documentation practices have developed from passive and separate documents to dynamic and flexible information and knowledge systems for leveraging collaborative group work within an organization. Traditional solutions of the documentation (Anttila&Jussila, 2012) (which however are still used in many organizations) include:
- Loose and fragmented paper documents
- Copied or printed manuals, procedure documents, record reports, and certificates or awards
- Fragmented documents in information technology (IT) systems
- Semi-structured IT systems or intranets with variable share of Office and HTML documents

In today's dynamic business environments stable and stiff documentation structures are no more adequate but instead flexible and collaborative information and communication arrangements are required. Mobility is a crucial requirement for business process activities today, and that should be taken into account in documenting information. Many business processes today utilize advanced geographic information systems (GIS) and web applications that combines data and/or functionality from more than one source (Mashups, hybrid web applications).

In order to manage the business information more efficiently organizations have invested in various IT solutions. However, the development and use of these solutions have been problematic. IT applications with data sources, systems, and applications located throughout the organization have often made the jobs of people more complex and difficult rather than simplified their work.

Corporate-wide IT systems are often complex and designed for a specific purpose and function, hence it is required to deploy different and often unrelated applications and IT modules to meet the information and processing needs of the different business processes and the entire organization. A lot of training is needed for employees to learn effectively use such a complex suite of applications in order to complete the assigned responsibilities.

Corporate intranets were originally designed and implemented to meet the needs for shared information. Using the intranet, employees are able to access corporate information and by using web browser find forms, applications to perform their jobs, and review a customer's project status, and for many other activities. The intranet solution provides navigation to different enterprise systems and documents. As intranet sites grow larger, a new set of problems creates chaotic situations with information access, knowledge sharing, and security.

Effective use of advanced information and communication technology gives new possibilities by especially strengthening applications in the area of tacit knowledge that covers the most important and biggest part of business knowledge. These new solutions include:
- Portals and portlets
- Collaborative work and social networking infrastructures based on Web 2.0 technology

A portal is a single, Web-based interface into the world of heterogeneous and incompatible information and knowledge sources distributed across the telecommunication network. The negative matter is that portals are expensive and difficult to maintain, and hence suitable primarily for big organizations.

In our recent applications we have used Web-operated social networking applications (Web 2.0) that have proved simple and inexpensive solutions (Anttila, 2008b). Their particular strengths come from easily customizable applications that allow process groups to work simultaneously on sharing individual knowledge and to create new mutual knowledge inside and globally outside the organization. (figure 22)

Figure 22. Social media tools to be used for a QM knowledge work environment (KWE): "Raw material" for QM conversations is got via participants' blogging and automatic aggregation-feedings. Resulting new knowledge is published in wiki and further shared e.g. in organization's information blogs.

Today many human activities within business processes have been replaced by automatic IT solutions. Process automation is an important challenge in using IT in the development of business processes and their management. We have evaluated benefits of those investments from enhancement of customer value, cost reduction and growth of productivity, and “real option” value due to new business opportunities from established investments of process automation. SOA (Service Oriented Architecture) applications have been developed for automating many manual and paper based activities of business processes. They can be useful for responding to agility requirements in business processes:
- To increase process responsiveness in dynamic business environments
- To facilitate fast changes in business process development by providing incrementally automated activities to business processes with standardized interfaces.

Businesses simultaneously face several transitions that are strongly information and knowledge related, including organizational, geopolitical, economic, individual, technological, and societal challenges.  All these factors reinforce expanding the new facilities of information technology to all processes and business areas.  Cloud computing is a new technology that drives the change of organizational practices, culture, and behavior. The cloud shapes the forms of organization and is intertwined with technology and culture. It can dramatically lower the transaction costs of doing business. As companies decentralize various layers, including IT, R&D, marketing, and sales processes, they empower a new form of organization, “the company as a cloud”, to emerge. That is not only related to the documentation or information but remarkable parts of the business processes will operate in clouds. Cloud applications are an important area in IT and information security management standards but have not yet taken into account in the QM standards.

It is essential from the management’s point of view that the business leaders are able to combine the explicit performance information measured/monitored from the processes with their tacit understanding of the business situation as a whole. People need to act and make decisions in situations where causality is poorly detectable, there is considerable uncertainty, and people hold different beliefs and have personal biases. Knowledge workers – who factually today include all workers and business leaders of the organization – have to negotiate in order to understand what they face. A mix of stimuli always surrounds people. The stimuli have no meaning apart from what the individuals make of it. In other words, the organizational environment is the outcome of the persons, not something outside of the persons. The reality is not an objective set of arrangements outside us, but is continually constructed in daily interaction. (Arina&Viitamäki, 2011)

People need to create shared meanings in various business contexts; they need to talk about their experience in close proximity to its occurrence and have common platforms for conversation. Especially business crises are challenging QM situations of both threats and opportunities (Anttila, 2009). Many meetings that are directed to the problems of ambiguity fail to handle the situation because autocratic leadership silences potentially rich views and principles that encourage harmony, or there is reluctance to admit that no one has any idea what is going on. Business dedicated solutions of social media technology are new possibilities for improving the situation.

Leadership language has an important role in organizations. Common mutual understanding is an essential issue in both strategic and operational management. An organization is a living organism (Dubberly et al., 2002). It is a set of conversations among people. Language is a medium for organizational growth and change. Narrowing language increases efficiency. A common shared language helps the organization arrive at decisions more efficiently. However, narrowing language increases ignorance. Constrained by a limited vocabulary, the organization becomes unable to adapt to fundamental changes in its environment. It is possible for an organization to learn and grow only if it creates conditions that help generate new language. Taking this into account in managing business is technically and intellectually demanding and, consequently, often dismissed in organizations and management references and standards.

A lot of sensitive information is dealt with in many business processes. This includes confident business information, customer and partner information, or employee related information. Hence, information security should be taken seriously. It includes information confidentiality, integrity, and availability (Anttila&Kajava, 2010). Information security is closely related with the privacy questions. Information security management is very analogical managerial discipline with the QM. 

Complexity and uncertainty of the business networks, managing risks

It is difficult in the world wide standardization to follow general development and trends of business environments and society at large. That sets more challenges to the standards appliers to make situational adaptations according to their real business needs. We are, however, concerned about a shortage of innovative QM solutions for modern business environments that are distinguishingly emphasizing speed, change, agility, complexity, and diversity, which are today’s realities in the business environments. These aspects are big challenges to QM and the other disciplines.

The society has moved from the certainty and predictability to uncertainty and ambiguity. This includes the following significant aspects that have strong impact to business management and also to the QM (Anttila, 2008c):
- Emerging and self-organizing business networks
- Occurrence of many heterogeneous global actors in networks
- All actors are linked with everything but all links are not known
- Paradoxical freedom of the actors (”both-and” instead of ”either-or”)
- Significance of immaterial issues (information, knowledge, services)
- Informal learning and serendipity
- Increased speed of activities and change
- Significance of transaction phenomena and the cost of transactions
- Complex responsive processes of relating
- Simultaneous agility and maturity requirements
- Immense pressure / stress of business leaders (Anttila&Kajava, 2009)
Moreover today we also continually confront impacts of the highly improbable phenomena (“The Black Swan“).

Business processes are the basis for the QM realization in practice. According to Stacey the organizations’ business processes are today complex responsive processes of relating (Stacey, 2002/2003). He examines management possibilities of the complex responsive processes of relating and their activities through identifying management measures on two dimensions: the degree of certainty and the level of agreement (figure 23) (Stacey, 2004). The organization's business processes are functionally multifaceted and all aspects of the Stacey Matrix come up in all processes in all organizations.

Figure 23. Organizations’ process management in accordance with the Stacey Matrix: Effects and effectiveness of the agreements depend on the nature of the process and its activities. Certainty is associated with predictability, strength of cause-effect relationships, and uniqueness and arbitrariness of the process activities.

Rational control that is typically based on the managerial structures and that is also the basis of current QM standards may be effective and efficient only in a small part of real process activities. Rational control is carried out through various processes of management and documented procedures. Operational control is a fact-based activity. Too tight rational control does not give way to situational solutions, not even to the use of "common sense".

Political decision making and control highlight various alliances, negotiations and compromises, which are very typical of the organizations’ business management. Instead of rationality, management is often based on the power and status of the leading people, intuitions and post wisdom or explanations afterwards. This may also include compromises between different disciplines

Agreement is high but certainty is low in the area of judgmental decision-making. Contextual information is utilized in decisions. Risk management aims at coordinating activities to direct and control situation with regard to the effects of uncertainty. Rational risk based decision making is often related to different kinds of experiments and projects. This area is the traditional area of structured and continuous development. In this case the future is built on traditional models and rational knowledge base. Issues are generally agreed, although there is no clear certainty about the achievement of results. Risk management measures should be emphasized in the QM.

The complexity area is very important for the success of organizations. Creativity and innovation originate in this area and transition to the new forms of activity is made here possible. Operation in complex situation cannot only be lead by rational control and based on facts. According to Ashby (Ashby, 1957), a successful operation in complex circumstances requires acceptance of differences and diversity (“Requisite variety”). The organization can get benefit of such effects particularly through the wide range of external networks. This area has been weakly understood in the QM.

Chaotic phenomena are burdensome for management in many organizations, because they can neither be managed by traditional means nor entirely avoided. Business threats are often caused by these situations. In modern business networks we are always accompanied by the agents and operators, of which we are not even exactly aware, and which may even be hostile. Individuals’ awareness as well as management flexibility and speed are useful in these difficult situations.

For sound development, a new culture in the QM and also in the corresponding standardization should be recognized through accepting the existing realities according to the Stacey Matrix, and new principles, and operational and organizational procedures should be developed on this basis. The corresponding standardization should adapt itself to this development by creating appropriate new solutions for all areas of the Stacey Matrix. These should also be taken into account in applying standards in organizations.

Organizations operate in business networks that consist of different kinds of parties. Moreover, an individual organization should take into account networks of regional and global operators, and business clusters in its business. Even competitors are in these networks. Also people of organizations operate in internal and external networks, e.g. expert networks and science communities. Genuine business networks are primarily unplanned, emergent entities. Their growth is sporadic and self-organizing. All network members are independent actors and they have their own needs and expectations. Nobody manages networks as a whole but each actor has its own impact to the network. Through network principles we are able to approach to the quality of the whole societies (Anttila, 2004).

Traditional QM practices are not applicable to networked business environments. QM in networks originates from network members, structure and phenomena, and their characteristics. All network members have their own needs and expectations and they produce something to and get something from the other network members. Network members may get benefit also from the whole network through the general recognition or privileges of the network.

Coase introduced his concept of transaction cost that is an important factor in the development of modern business networks. Firms are endogenous entities to economic systems and their existence is justified by the transaction costs. Individuals may be participants in many enterprises. Firms are more formed around events and transactions than decisive measures. Transaction costs related to the QM may include costs of threats, incidents, problems, etc. as well as costs of countermeasures.

In the networked business environments (Anttila, 2010) there are new forces that are wreaking havoc on value chains of even superior companies. The organization’s strategy can no longer be based on tinkering with today’s value chain - but on finding ways of value networks to alter it radically. Achieving competitive advantage is more demanding now. Surrounding the traditional five forces of Porter, i.e. buyers, suppliers, substitutes, competitors, and new entrants, there are three new forces, digitalization, globalization, and deregulation. These new forces are particularly creating pressures on organizations’ businesses by networking and are also strongly related to QM questions.

The idea of the ecosystem is that each involved business affects and is affected by the others, creating a constantly evolving relationship in which each business must be flexible and adaptable in order to survive. The concept of business ecosystem (Moore, 1996) first appeared in 1993 and is now widely adopted particularly in the high tech community. By their very nature, ecosystems are exceedingly complex networks of organizations. Today, the business ecosystem replaced the traditional concepts of industry and market with business communities of interacting organizations that together create, deliver and consume goods and services. These ecosystems consist of complex networks of players that go far beyond traditional competitors, customers, and suppliers. Ecosystems set new requirements for traditional QM practices, e.g. risk management, but also requires new approaches, e.g. relating to trust and collaboration among business partners. Cloud computing is a challenging new business opportunity in the environment of ecosystem. It is also a very acute issue in the international information technology standardization and closely related to ubiquitous information technology.

It is necessary that the development and expertise of the QM move from the reactive systems based culture and activities of the past to new innovative formats that effectively and efficiently take into account needs and expectations of the modern business environment. Of course, this should reflect to the standardization work, too. According to Naidoo (Naidoo, 2005), in complex business situations, which also relate to QM questions, one could turn into interactive practices and methodology by identifying the involved parties and understanding the nature of interactions and communication between them.

It is not expected that very significant improvements or major operational changes in the QM standardization could take place in the next few years. Therefore to achieve the benefits, individual organizations applying the standards should highlight responsibility of their own business leaders and experts. They are required to have greater awareness and knowledge, and innovation and the courage to make useful solutions for applying the standards. Fortunately, the standards do not prevent this, but even invite to do it.

Organizations face risks that are effects of uncertainty on objectives (ISO, 2009). Very typically risks relate to various issues of the business environments. In the context of QM, the objectives may deal with the performance of the business system as a whole, its processes, structures, activities, or results. An effect is a positive or negative deviation from the expected objectives. Risk management aids decision making in both strategic and operational activities. It must be systematic, structured, timely, and tailored to the specific needs of the organization's business arrangements and situations, and integrated with normal processes of management. Risk aspects have been an significant managerial element in the standard ISO 9004. However, the four first versions of the standard ISO 9001 have not considered risk issues explicitly but in the fifth version risk management will be an essential requirement element.

Organization's management model for a comprehensive ISO 9000 integration

Every organization has always its some kind of existing realization of QM that can be gradually improved according to the organization's business development strategies and practices. The integration of the QM can be made more effective if the business management infrastructure of the organization is clearly defined, and the organization has adopted its own QM approach within its management infrastructure. This is also a natural basis for excellent ISO 9000 applications.

Both strategic and operational integration of QM issues with business management is needed. This takes place in a natural way at four levels of the leadership (figure 24) (Anttila, 2007):
- The normative and cultural level (corporate or business community at large), where the shared principles ("the common insight"), goals, common tools and practices concerning quality are created, including how these principles are to be applied in practice on the basis of the organization's business requirements. At this level the organizatio's superior insight of ISO 9000 standards and their application with other beneficial tools are established and articulated. Responsible person is always the CEO or president of the organization. This responsibility cannot be delegated.
- The strategic level (strategic business areas and units), where decisions are made by the general manager of the business unit and the other top business leaders, and measures undertaken concerning the entire particular business and especially the future competitiveness of the business and management of the whole business system are addressed. The business system is composed of the interrelated business processes. Very often in corporations there are different business areas that may be at different development stages. All these need different strategic QM approaches but they may operate within one corporate culture.
- The operational level (individual business processes), where decisions and measures concerning daily management are made and undertaken, and products (goods and services) are realized in real time for customer needs, just "now and here". Responsible person is the process owner.
- The human level (people and teams), where the personal contribution of each member of the organization's personnel (including the top management) is provided in natural working environments. Responsibility is on the person him/herself.

Figure 24. A comprehensive organization-wide model for QM integration including the implementation of the ISO 9000 family of standards

Within these levels, the management tasks include business planning, control, improvement, and assurance that should all be realized in a harmonized and systematic way and in accordance with the organization's business objectives and leadership practices. Integration of QM will not take place unless its elements have been included within these normal leadership tasks. Also with QA - e.g. application of ISO 9001 - the factual information from all these infrastructure levels and management activities can be used to create and strengthen confidence among the customers and other interested parties.

Management at all these levels means coordinated activities to direct and control related business entities to achieve objectives efficiently. A well-known and simple model for all management is the PDCA (Plan - Do - Check - Act) model. The PDCA model describes how the management consists of four consecutive activities:
- P: Planning activities what should be done and what results should be achieved
- D: Doing duties according to the plans
- C: Checking what was done and what results achieved
- A: Acting rationally for taking into account the observations and results of the checking
PDCA model is the foundational managing model, on which also ISO 9000 standards are based, although the model is not explicitly referred to in the recent standard versions.

In organizational environments the PDCA model is applied in three different management scopes (we call it as “Triple” PDCA model) (Anttila&Jussila, 2012):
- Control: Managing daily operations in business processes in order to achieve the specified results. Normally rectifying nonconformities is carried out in connection with control.
- Operational improvements including prevention: Solving acute problems, preventing nonconformities, and finding / implementing operational step by step improvements in business processes
- Breakthrough improvements: Innovating and implementing strategically significant changes in the way of doing business, transforming organizations’ business processes as a system

Comprehensive refinement of a QM approach

The ultimate goal of the QM is to ensure controlled and continually improved business performance, competitive products, and confidence and satisfaction among organization's interested parties, and through that to strive for excellence and sustained success in business. We have used the model of learning organization (Senge et al., 1995 ) (figure 25) as a basis our thinking and action for developing our approach to the organization-wide QM.

Figure 25. A comprehensive model for the organizational QM realization based on the principle of learning organization: The three cornerstones of the Domain of action, i.e. the existing business activities, are improved continually through the “Improvement pump” effect of the Domain of change.

Our model covers both running the current business ("Domain of action") and improving the overall business performance ("Domain of change"). An organization has always a particular status with regard to the three cornerstones of the “Domain of action”: Guiding ideas and principles, managerial tools and methodology, and managerial infrastructure. There are always possibilities to improve these core elements of the “Domain of action”.  “Domain of change” aims at changing the way to act to improve the performance of business processes and their structures, and management practices. What is required includes sensibility to new awareness, changes in attitudes and beliefs, and training and education for new skills and competences.

Introducing a consistent QM approach into an existing organization does not start from a “Tabula rasa”, "blank slate", but it is applied for an organization that has already certain business principles, managerial tools, and management infrastructure. From that starting point, implementation of a refined process approach consists of strategic development projects that incorporate research, development, and learning elements. Start-up companies have not yet comprehensive established business structures. They can, however, proceed step-by-step in their development without building too rigid systems. A consistent business process development is beneficial in these business cases if it is done in an appropriate way. This may also naturally follow the ideas of the above presented QM realization model.
We have analyzed and synthesized QM implementation projects in a systematic and comprehensive way by using a heuristic “Vee” methodology  (Wheeldon&Åhlberg, 2012) (figure 26). This methodology assists one to plan, implement, and evaluate the development activities through directing to understand how events, processes, and objects are meaningfully related. Hence, thinking, doing, and evaluating can be consistently and effectively interrelated throughout the development.

Figure 26. Analyzing and synthesizing a QM development initiative and establishment by using heuristic Vee methodology

In this paper we have broadly considered the elements of the Vee methodology from many different viewpoints in the context of QM realization. For an organization’s specific QM development initiative, the focus question could be: How could we enhance our business capability by refining our QM approach? Interested events or objects in this case could deal with the organization’s QM comprehensively integrated with the business system and the strategic and operational management of the organization, also identifying the contribution of the individual QM elements? Findings from our studies and practical experiences can act as a profound basis for conceptual/theoretical thinking that is a necessity for a consistent and effective development and investment in improving the organizational QM. Methodology to be applied depends a lot on the organization’s business situation and development targets. Worth and value that may be expected from the contributions include (Holopainen et al., 2001):
- Improved fulfilling of the customers’ needs and expectations and increased satisfaction
- Solved problems in the business processes and their interfaces and responsibilities
- Reinforced awareness of the business integrated quality among the leaders and employees
- "Real option” benefits by building new business opportunities on QM innovations, operations and results


In order to realize all ISO 9000 standards' opportunities one should use the whole ISO 9000 standards family in a consistent and innovative manner. Commonly defined guiding ideas of QM, especially the seven ISO 9000 QMP's, and tools should be employed in a natural and modern fashion integrated with organization-specific emphases. This implies e.g. the following for an organization's quality approach:
- Aiming at business performance and excellence issues instead of particular quality-labeled items
- Applying flexible quality of management and leadership practices instead of formal and distinct QM
- Approaching systematically for the quality of leadership instead of distinct quality systems
- Setting stretched business objectives instead of following minimum standard requirements
- Striving for proactive and broad organizational learning instead of reactive continual remedies or improvements originated only by noted non-conformities
- Emphasizing innovative and unique solutions instead of stereotyped systems
- Using effectively internal performance self-assessments instead of trusting only on third party audits and certifications of quality systems

Taking the ISO 9000 standards as a general framework for an organization’s comprehensive QM implementation will be useful because:
- The standards take into account in a logical way the needs of the organization's internal quality management (QM) and external quality assurance (QA) requirements from the customers.
- The organization's own already existing QM related procedures can easily be located ISO 9000 framework.
- The standards provide diverse opportunities for the organization to apply their own creative implementation solutions.
- Also other useful quality methodologies may be realized within this framework in a natural way.
- Standards are a well-known and respected reference for QM.

Basically, effective implementing the ISO 9000 standards equals an excellent business management and amounts to the same thing as a business-integrated TQM. Standards application should be seen as a strategic issue of the organization. ISO 9000 standards do not call for any extra measures or investments, but the standards can function as reference material for measures pertaining, for example, to enhancing strengths and overcoming weaknesses revealed through a self-assessment performed by using performance excellence models (quality award criteria). Organization should not start any development actions only due to the ISO 9000 standards, but to do that on the basis of actual business needs and their own quality enlightenment.


  1. Anttila, J. (1997), “Internal auditing as a TQM instrument incorporating ISO 9000 and quality award principles” in proceedings of the 41st EOQ Congress, Trondheim, Norway
  2. Anttila, J. (1998a), "What TQM is and what should it be?", In Sinha, M.N. (Ed.) The Best on Quality, Vol. 9, International Academy for Quality, ASQ Quality Press, Milwaukee, USA
  3. Anttila, J. (1998b), "Managing and assuring information security in integration with business management of a company", in Information security, Small systems security & information security management proceedings of IFIP WG11.2 Conference, Vienna, Austria and Budapest, Hungary
  4. Anttila, J. (1998c), "Creating a corporate culture that embraces performance measurement - A case study from Sonera Corporation, Finland", Focus on Change Management, Issue 46, July/August
  5. Anttila, J. (2001), "Getting ISO 9000 happened more efficiently without a quality system and third party certificates", In Ahluwalia, J.S. (ed.), Changing role of TQM in the knowledge economy. Institute of Directors, New Delhi, India
  6. Anttila, J. (2002), "Using performance excellence models for developing an organization's business" in proceedings of the Business excellence models for success in 21st century Conference, Mumbai, India available at: http://www.qualityintegration.biz/MalcolmBaldrige.html
  7. Anttila, J. (2004), "Innovating regional quality",in proceedings of the 48th EOQ Congress, Moscow, Russia, available at: http://www.qualityintegration.biz/RegionalQuality.html
  8. Anttila, J. (2007), "A creative business-integrated application of the ISO 9000 standards in Sonera Corporation, Finland", In Moosa, K. and Shariff. I. (Eds.), Practical guide to ISO 9000:2000 Quality management system, Ibrahim Publishers, Lahore, Pakistan available at: http://www.qualityintegration.biz/Business-integrated%20quality%20management%20-%20A%20case.htm
  9. Anttila, J. (2008a), "Tacit knowledge - the essence of quality management systems", CSI Communications (Computer Society of India) July, available at: http://www.qualityintegration.biz/TacitKnowledge.html
  10. Anttila, J. (2008b), ”Advanced Web 2.0 based interactive technology to support informal learning for enhancing quality of business management” in proceedings of the ICELW Conference, New York, USA, available at: http://www.qualityintegration.biz/Mumbai2006.html
  11. Anttila, J. (2008c), "Qua vadis quality profession? - Challenges of the information society to quality management" in proceedings of the 13th International Conference on Productivity and Quality (ICPQR) Conference, Oulu, Finland, available at: http://www.qualityintegration.biz/Oulu2008.htm
  12. Anttila, J. (2009), "Business crises, threat and opportunity for quality management", in proceedings of the 53th EOQ Quality Congress, Dubrovnik, Croatia
  13. Anttila, J. (2010), "Integrated quality approach in business networks", in proceedings of the 54th EOQ Congress, Izmir, Turkey
  14. Anttila, J. (2011), "Innovations in quality management Prerequisites, needs, and realization", in Sharing best practices in business excellence proceedings of Middle East Quality Association (MEQA) Conference, Abu Dhabi, United Arab Emirates
  15. Anttila, J., Aune, A., Hartz, O. and Jönson, K. (2001), "Contributions of ISO 9000 and Quality Awards", In Sinha, M.N, (ed.) Best on Quality, Vol. 12: International Academy for Quality, ASQ Quality Press, Milwaukee, USA
  16. Anttila, J. and Jussila, K. (2011a), “'You get what you measure. Or not?' Challenges for fact-based quality management”, in Quality for Excellence proceedings of the International Symposium on Quality in Osijek, Croatia,
  17. Anttila, J. and Jussila, K. (2011b), "Standardization and integrated management systems Business-practitioners’ viewpoints", in Navigating Global Quality in a New Era proceedings of the 55th EOQ Congress, World quality congress, Budapest, Hungary
  18. Anttila, J. and Jussila, K. (2011c), “From the quality management principles to the good management principles” in Quality, Innovation, Inclusive growth proceedings of the International Symposium on Quality in Shanghai, China
  19. Anttila, J. and Jussila, K. (2012), "An advanced insight into managing business processes in practice", in From LearnAbility and InnovAbility to SustainAbility proceedings of the QMOD Conference, Poznan, Poland
  20. Anttila, J., Jussila, K. and Kajava, J. (2012a), “Reinforcing business integration in managing specialized disciplines in organizations, Management system standards viewpoints” in Quality and social responsibility proceedings of the International Symposium on Quality in Solin, Croatia
  21. Anttila, J., Jussila, K., Kajava, J. and Kamaja, I. (2012b), "Integrating ISO/IEC 27001 and other managerial discipline standards with processes of management in organizations", in proceedings of The 7th International Conference on Availability, Reliability and Security (ARES), Prague, Czech Republic
  22. Anttila, J. and Kajava, J. (2009), "Haste in Knowledge-Intensive Work: A Major Threat to Information Security Management in Business Environments", in proceedings of The 6th International Conference on Availability, Reliability and Security (ARES), Fukuoka, Japan
  23. Anttila, J. and Kajava, J. (2010), "Challenging IS and ISM standardization for business benefits", in proceedings of The 5th International Conference on Availability, Reliability and Security (ARES), Krakow, Poland
  24. Anttila, J.,Kajava, J. and Varonen, R. (2004), "Balanced integration of information security into business management", in proceedings of the Euromicro Conference, Rennes, France
  25. Anttila, J., Savola, R., Kajava, J., Lindfors, J. and Röning, J. (2007), “Fulfilling the needs for information security awareness and learning in information society” in proceedings of the 6th Annual Security Conference, Las Vegas,USA
  26. Anttila, J.and Vakkuri J., (2001a), "Business Integrated e-Quality", in Frontiers of e-business research proceedings of the FeBR 2001conference , Tampere, Finland, available at http://www.qualityintegration.biz/TampereFeBR2001.html
  27. Anttila, J. and Vakkuri, J. (2001b), ISO 9000 for the creative leader, Sonera Corporation, Helsinki, Finland
  28. Arina, T. and Viitamäki, S. (2011), “Cloud company”, available at: http://www.cloudcompany.cc/book/
  29. Ashby, W.R. (1957), An introduction to cybernetics, Chapman & Hall, London, UK
  30. Bird, M. and Anttila, J. (2002), "Using ISO 9004 to achieve excellence", In Cianfrani, C.A., Tsiakalis, J.J. and West, J.J. (eds.), The ASQ ISO 9000:2000 handbook, ASQ Quality Press, Milwaukee, USA
  31. Dahlgaard-Park, S.M. (2012), "A Snapshot of 25 years quality movement (1987-2011). Diagnosing and reflecting the past, prognosing and shaping the future", in From LearnAbility and InnovAbility to SustainAbility proceedings of the QMOD Conference, Poznan, Poland
  32. Davenport, H.D. and Harris, J.G. (2007), Competing on analytics: The new science of winning, Harvard Business School Press, Boston, USA
  33. Dubberly H., Esmonde P., Geoghegan M.C and Pangaro P. (2002), Notes on the role of leadership and language in regenerating organizations, The little grey book, Sun Microsystems http://pangaro.com/littlegreybook/ 2002
  34. Holopainen, S. Lillrank, P. and Paavola, T. (2001), Linking IT to business, Studentlitteratur, Stockholm, Sweden
  35. ISO (2009), "ISO 31000 Risk management - Principles and guidelines", ISO, Geneva, Switzerland
  36. ISO (2012), "TC 176 Quality management and quality assurance", available at: http://www.iso.org/iso/iso_technical_committee?commid=53882
  37. ISO/IEC (2004), "Guide 2 Standardization and related activities - General vocabulary", ISO, Geneva, Switzerland
  38. ISO/IEC (2012), "Directives, Part 1, Consolidated ISO Supplement – Procedures specific to ISO, Annex SL, Proposals for management system standards", ISO, Geneva, Switzerland
  39. ISO/TC 176 (2010), "Strategic Plan", N1000 PD(TC176)-001.000, ISO, Geneva, Switzerland
  40. Jussila, K., Anttila, J. and Gylling, M. (2012), Enhancing financial performance in global operations, Aalto University School of Science BIT Research Centre, Unigrafia Ltd., Helsinki, Finland, available at: http://www.valuenetworks.fi/fileadmin/Tiedostot/Globenet/GlobeNet_WB_Enhancing_Financial_Performance.pdf
  41. Moore, J.F. (1996), The Death of Competition: Leadership and Strategy in the Age of Business Ecosystems, HarperBusiness, New York, USA, (http://www.amazon.com/Death-Competition-Leadership-Strategy-Ecosystems/dp/0887308090)
  42. Naidoo, M. (2005), “I am because we are (A never ending story). The emergence of a living theory of inclusional and responsive practice”, available at: http://www.actionresearch.net/naidoo.shtml
  43. National Institute for Standards and Technology (NIST) (2010), Malcolm Baldrige national quality award, Award criteria, NIST, Washington, USA, available at: http://www.nist.gov/baldrige/publications/upload/2011_2012_Business_Nonprofit_Criteria.pdf
  44. Peppers, D. and Rogers, M. (1999), Enterprise one to one. Tools for competing in the interactive age, Currency Doubleday, New York, USA
  45. Senge, P., Roberts, C., Ross, B. and Kleiner, A. (1995), The fifth discipline fieldbook, Nicholas Brealey Publishing Limited, London, UK
  46. Soin, S. (1992), Total Quality Control Essentials: Key elements, methodologies and managing for success, McGraw-Hill New York, USA
  47. Stacey R. (2002/2003), "Organizations as complex responsive processes of relating", Journal of Innovative Management, Vol. 8, No. 2 Winter
  48. Stacey, R. (2004), "Complex adaptive systems", available at: http://www.siliconyogi.com/andreas/it_professional/sol/complexsystems/StaceyMatrix.html 2004
  49. Wheeldon, J. and Åhlberg, M. (2012), Visualization social science research, Sage Publications, Los Angeles, USA

[This material has been presented in different forms in different international seminars, conferences, or education programmes, e.g. in Vaasa, Finland 1999, Mumbai, India 2000, Budapest, Hungary 2000, Lahti, Finland early 2000's (several times), New Delhi, India 2001, Antalya, Turkey 2002, Cape Canaveral, USA 2002, Ostrava, Czech Republic 2002, Kashira, Russia 2003, Fribourg, Switzerland several times in 2004-2011, and Hail, Saudi Arabia 2013. This text has been updated regularly and on the case by case basis and in accordance with the standards development.]



Work in the international standardization committee for creating and maintaining the ISO 9000 standards