the world of management systems standards their content...
TRANSCRIPT
The World of Management Systems Standards
Their Content, Meaning and Certification
Potential meaning for social programs
Dr. Herfried Kohl
A Zoo of Management Systems Standards:
What are they good for?
13.09.2016 Dr. Herfried Kohl 3
Quality Management
ISO 9001
Environmental Management ISO 14001
Work Safety OHSAS, SCC, (ISO 45001)
Information Security
ISO 27001
Energy Efficiency ISO 50001
Anti-Bribery Management ISO 37001
Business Continuity ISO 22301
...and many others
WHAT’S THE DRIVING FORCE BEHIND THESE THINGS?
There’s JUST ONE DRIVING FORCE for dealing with the mentioned standards for
management systems and their potential certification:
THE SUPPLY CHAIN
13.09.2016 Dr. Herfried Kohl 4
Supplier 1 Supplier 2 Supplier 3
What’s a Process?
13.09.2016 Dr. Herfried Kohl 5
Process
Step 1
Process
Step 1
Process
Step 2
Process
Step 2 ….. ….. Input Output
Process
Step n
Process
Step n
Process
Step 4
Process
Step 4 Process
Step 3
Process
Step 3
Stop Stop
Roughly speaking a process is a sequence of individual steps processing an INPUT into an
OUTPUT. A process my be arbitrarily complex. Processing may involve material goods,
resources, information and others.
13.09.2016 Dr. Herfried Kohl 6
Step 1 P1 = 5%
Step 1 P1 = 5%
Step 2 P2 = 2%
Step 2 P2 = 2%
Step 3 P3 = 5%
Step 3 P3 = 5%
Step 4 P4 =
10%
Step 4 P4 =
10%
Step 5 P5 = 5%
Step 5 P5 = 5%
Stop Stop
This is to illustrate that deficiencies multiply along a process.
(1 −
𝑝𝑘
100)5
𝑘=1 = 0.7562
Means: only 75,62 % success
In this process the pk show the failure rates in each step.
As a result with the figures given, the process shows only about 75 % of reliability.
This setting would be a nightmare in production. However, it is reality in some service processes.
Illustration with high school math…..
Why processes matter…..
ISO 9001, ISO 14001, …..
They all are process oriented
Processes are at the very heart of the mentioned ISO-Standards for Management
Systems.
The organization is required to identify those processes which have a serious impact on
quality, environmental and other respective aspects.
It is expected that continuous improvement programs for those processes are
implemented and kept alive.
Risk based thinking is the essential part of these Management Systems Standards.
This leads automatically to the need to implement adequate KPIs (Key Performance
Indicators).
- ”We can manage what we measure.”
- However, avoid meaningless “cemeteries of numbers”.
…
13.09.2016 Dr. Herfried Kohl 7
Established Quality Tools and Techniques may help…
Qualit
y T
ools
Ishikawa/Fishbone
Diagram
FMEA - Failure Mode and Effects Analysis
Control Charts
Root Cause Analysis
Value Stream Mapping
Gamba Walks
+ An infinity of others
Many of the obstacles faced during the
various steps when implementing a QMS
or other module of a management system
my be treated with standard and well
established tools.
There is a continuum of tools and
approaches to choose from.
One should make a tailor-made selection
for one’s own needs.
13.09.2016 Dr. Herfried Kohl 8
PDCA-Cycle is a driving force
Plan
Do
Check
Act
The old PDCA-Cycle still describes the
main building blocks of process
management:
1. Plan the process properly
2. Implement the process and run it
3. Check the process adequately
(is it like it should?)
4. Initiate the change of a process if
you’re convinced it must be
changed
13.09.2016 Dr. Herfried Kohl 9
Tool: PDCA Cycle in Practice
13.09.2016 Dr. Herfried Kohl 10
The PDCA cycle is a fundamental way
how to look at processes: their
planning, controlling and their
improvement.
Note:
Although seemingly trivial, the art is to
really live it.
Homework:
Try to implement it in your private life!
PLAN
Define processes and
objectives to achieve
the expected output.
DO
Implement processes.
Produce output.
Measure performance.
ACT
Optimize processes
and implement other
optimizations where
necessary.
Change of the PDCA
cycle may be needed:
change its scope.
CHECK
Analyze performance
data collected in “DO”.
Statistical process
analysis may be used.
Tool: Root-Cause Analysis with ISHIKAWA-Diagrams
13.09.2016 Dr. Herfried Kohl 11
Evolution and Specialization of Standards for Management
Systems
ISO 9001
ISO 14001
OHSAS/SCC
ISO 27001
ISO 50001
TS 16949
TL 9000
AS 9100
. . . .
13.09.2016 Dr. Herfried Kohl 12
The first edition of ISO 9001 back in 1987 wasn‘t received with welcome everywhere.
Meanwhile, however, there is a global acceptance of the standard.
The need was felt to supplement it with:
Industry specific QMS like for
Automotive, aerospace, telecommunications
Healthcare industry
Food, agriculture, forestry
Other modules for
Environmental management and work safety
Energy efficiency
Information security
History Path of ISO 9001
13.09.2016 Dr. Herfried Kohl 13
ISO 9001:1987
ISO 9001:1994
ISO 9001:2000
ISO 9001:2008
ISO 9001:2015
The “architecture” of the ISO 9001 changed fundamentally from version to version.
Since its edition in the year 2000 a process oriented thinking has been implemented.
The current edition (2015) shows in addition the “high level structure”.
This will be the common structure for all Management Systems standards.
High Level Structure (1)
Context of the organization
• Understanding the organization and its context
• Needs and expectations of interested parties
• Scope of the QMS
• QMS and its processes
• Understanding the organization and its context
• Needs and expectations of interested parties
• Scope of the QMS
• QMS and its processes
Leadership
• Leadership and commitment
• Policy
• Organizational roles, responsibilities and authorities
• Leadership and commitment
• Policy
• Organizational roles, responsibilities and authorities
Planning
• Actions to address risks and opportunities
• Quality objectives and planning to achieve them
• Planning of changes
• Actions to address risks and opportunities
• Quality objectives and planning to achieve them
• Planning of changes
Support
• Resources
• Competence
• Awareness
• Communication
• Documented information
• Resources
• Competence
• Awareness
• Communication
• Documented information
13.09.2016 Dr. Herfried Kohl 14
High Level Structure (2)
Operation
• Operational planning and control
• Requirements for products and services
• Design and development of products and services
• Control of externally provided processes, products and services
• Production and service provision
• Release of products and services
• Control of nonconforming outputs
• Operational planning and control
• Requirements for products and services
• Design and development of products and services
• Control of externally provided processes, products and services
• Production and service provision
• Release of products and services
• Control of nonconforming outputs
Performance evaluation
• Monitoring, measurement, analysis and evaluation
• Internal audits
• Management review
• Monitoring, measurement, analysis and evaluation
• Internal audits
• Management review
Improvement
• General
• Nonconformity and corrective action
• Continual improvement
• General
• Nonconformity and corrective action
• Continual improvement
13.09.2016 Dr. Herfried Kohl 15
Advantages of the New High Level Structure
Harmonization of structure and requirements of the ISO Management Systems
Standards
User friendliness for those who want to implement integrated management systems
Even greater emphasis on processes and their control
Focused on risk relevant topics
Stricter requirements on performance evaluation and control
Explicit requirement of knowledge management
Emphasis on change management
…..
13.09.2016 Dr. Herfried Kohl 16
Case Study: Cleaning Company
Client Reqiurements
Client Reqiurements
Industry Requirements
Industry Requirements
Overall Management
Overall Management
Central management
Central management
Industry sector 1 Industry sector 1
Clients and objects
Clients and objects
Clients and objects
Clients and objects
Industry sector 2 Industry sector 2
Clients and objects
Clients and objects
Clients and objects
Clients and objects
Industry sector n Industry sector n
Clients and objects
Clients and objects
Company profile:
The company offers cleaning services for
very different industries and in very
different environments:
- Public areas like metro stations
- Offices and hotels
- Hospitals (all departments)
- Industrial facilities
- Building industry
No. of employees: 5000 with a yearly stuff
turnover of about 60 %.
Operation in Germany only.
13.09.2016 Dr. Herfried Kohl 17
Case Study: Hotel
Ho
tel M
an
ag
em
ent
Ho
tel M
an
ag
em
ent
Reception Reception
Sales Sales
Rooms Rooms
Banquet Banquet
Restaurants and Bars
Restaurants and Bars
Housekeeping Housekeeping
Facility Management
Facility Management
..... .....
Company profile:
Hotel category: 5 Stars
600 rooms, several banquet areas
What is a quality management good for and
what are potential main targets?
Where do targets for a QMS derive from? Who
defines them?
What would be targets for an environmental
management system according to ISO 14001?
13.09.2016 Dr. Herfried Kohl 18
Myths and Facts About an ISO 9001 Quality Management
System
13.09.2016 Dr. Herfried Kohl 19
Myth 1
It’s mainly about the documentation of
things. And that documentation is not really
reflecting the real world.
Myth 2
Although the upper management initiated
the implementation of the QMS, many of
their daily decisions and doings are
contradicting the principles of that QMS.
Myth 3
QMS was implemented to get a certificate.
This has nothing to do with the real life in
the company.
Distinguish clearly:
Certification of Management Systems, Products and Personnel
It is important to distinguish clearly
between the different forms of
certification.
A certification of the quality management
system of a company doesn’t include the
certification of its products or its
personnel.
The different modules of certification
may be combined in some cases.
13.09.2016 Dr. Herfried Kohl 20
Certification of Management Systems
• Quality
• Environment
• Work safety
• .....
Certification of Products
• Safety
• Usability
• Environmental aspects
• .....
Certification of Personnel
• Auditors
• Technical skills (e.g. welding)
• .....
Combinations of the other three modules
• Quality management system and product aspects
…..
In General: What Makes an Audit or Certification Scheme?
Auditor qualification and experience should be
fixed in detail.
Auditors should undergo sort of a calibration to
make audit results comparable.
In most schemes auditing time is correlated to
the number of employees of the organization to
be audited. However, the number of headcounts
is not a measure for the complexity of an
organization.
Schemes should contain measurable
requirements, as only then they may be used to
measure status quo and improvements as well
as deviations from defined requirements. Where
this is lacking, the range of interpreting the
standards is too wide.
To fix an adequate design of the audit scheme
is an art and must be done with great care.
Specific customer focused selection and
preparation of the audit team may help in
complex cases (client together with certification
organization.
13.09.2016 Dr. Herfried Kohl 21
Auditing and certification
scheme
Auditor proficiency
Design of the audit scheme
Requirements of the
audit/certification standard
Relationship between
Accreditation and certification body and owner of certificates
Accreditation Body
• Grants accreditation to certification body and conducts surveys of the certification body
Certification Body
• Issues certificates and surveys the owner of certificates
Owner of Certificates
• Complies with the requirements of certifications during the period of validity of the certificates.
13.09.2016 Dr. Herfried Kohl 22
Certification Body for Management Systems
Requirements of ISO 17021-1:2015 and Beyond
Impartiality Impartiality Competence Competence Responsibility Responsibility
Openness and Confidentiality Openness and Confidentiality
Legal Responsibility
and Certification Agreement
Legal Responsibility
and Certification Agreement
Human Resources:
Auditors and Others
Human Resources:
Auditors and Others
Information Management Information
Management
Processes Application
Review
Processes Application
Review
Processes Plaining and
Conduction of Audit
Processes Plaining and
Conduction of Audit
Processes Certification
Decision
Processes Certification
Decision
Processes Surveillance
Audits
Processes Surveillance
Audits
Internal Management
System
Internal Management
System
ISO 17021-1:2015 defines general
requirements for organizations auditing
and certifying management systems.
These requirements are concretized by
accreditation bodies, the IAF
(International Accreditation Forum) and
scheme owners.
Several industry specific auditing and
certification schemes define specific
requirements on auditors and processes.
13.09.2016 Dr. Herfried Kohl 23
13.09.2016
4. Principles
4.1 General
4.2 Impartiality
4.3 Competence
4.4 Responsibility
4.5 Openness
4.6 Confidentiality
4.7 Responsiveness to complaints
4.8 Risk-based approach
5. General requirements
5.1 Legal and contractual matters
•Legal responsibility
•Certification agreement
•Responsibility for certification decisions
5.2 Management of impartiality
5.3 Liability and financing
6. Structural requirements
6.1 Organizational structure and top management
6.2 Operational control
7. Resource requirements
7.1 Competence of personnel
•General considerations
•Determination of competence criteria
•Evaluation processes
•Other considerations
7.2 Personnel involved in the certification activities
7.3 Use of individual external auditors and external technical experts
7.4 Personnel records
7.5 Outsourcing
8. Information requirements
8.1 Public information
8.2 Certification documents
8.3 Reference to certification and use of marks
8.4 Confidentiality
8.5 Information exchange between a certification body and its clients
•Information in the certification activity and requirements
•Notice if changes by a certification body
•Notice of changes by a certified client
9. Process requirements
9.1 Pre-certification activities
•Application
•Application review
•Audit program
•Determining audit time
•Multi-site sampling
•Multiple management systems standard
9.2 Planning audits
•Determining audit objectives, scope and criteria
•Audit team selection and assignment
•Audit plan
9.3 Initial certification
•Initial certification audit
9.4 Conducting audits
•General
•Conducting the opening meeting
•Communication during the audit
•Obtaining and verifying information
•Identifying and recording audit findings
•Preparing audit conclusions
•Conducting the closing meeting
•Audit report
•Cause analysis of nonconformities
•Effectiveness of corrections and corrective actions
9.5 Certification decision
•General
•Actions prior to making a decision
•Information for granting initial certification
The Modules of ISO 17021-1:2015
Dr. Herfried Kohl 24
International network of accreditation bodies....
IAF IAF
EA EA
DAkkS DAkkS
UKAS UKAS
... ...
IAAC IAAC
ANAB ANAB
OAA OAA
... ...
PAC PAC
CNAS CNAS
JAB JAB
... ...
13.09.2016 Dr. Herfried Kohl 25
The international network of accreditation bodies bundled by regional
surveillance organizations and IAF is designed to create harmonization
of accreditation approaches.
Recall: Accreditation = Assign competence to an organization.
This is a prerequisite for the mutual recognition of certificates.
In practice, however, this goal isn‘t reached thoroughly and differences
exist between the approaches of the individual accreditation bodies.
Therefore, the full equivalence of certificates and the market may be
questioned.
Popular recent example: Requirements for the upgrade of auditors for
ISO 9001:2015 are not really harmonized.
Some Critical Remarks.....
Even after 25 years of history of systems
certification, by far not all users of the
management standards deploy them as a
real practical working tool in their daily
business.
Due to high degree of variance in the level of
implementation of standards and in the
auditing processes of certification bodies,
reliance on certified management systems is
often limited.
The development of industry specific
standards have the potential to improve this
development by
- Defining specific measurable means for
the user of a management system and
- Directly controlling the activities and
performance of the certification bodies.
Almost all industries with high requirements
on their supply chains follow exactly this
path.
Certifications like ISO 9001 being considered as
old products on the market, show the tendency
to decreasing prices.
This almost inevitably leads to a decrease in
quality and reliability of auditing and certification
processes.
Auditing and certification organizations show
different policies how to adapt to this
development.
Growing requirements from industry specific
high level standards will lead to a concentration
process in the auditing and certification industry.
13.09.2016 Dr. Herfried Kohl 26
Case Study Peru Project
Background- Quality Management in Peruvian Public
administration
In 2013 by means of Supreme Decree No. 004-2013 of Prime Minister Office was
defined the Implementation of Process Management in whole Peruvian public
administration.
The Guidelines defined for this process is according with PDCA cycle and according
with the spirit of International Standard ISO 9001:2008.
The principles of the Peruvian Public process management considered :
Leadership
Citizen Focus
Public Ethics and transparency
Process approach and continual improvement
Mutualy beneficial supplier relationships
13.09.2016 Dr. Herfried Kohl 28
2002- It is created 27658 National Law of Modernization of Peruvian state
management
Background- Quality Management in Peruvian Public
administration
13.09.2016 Dr. Herfried Kohl 29
Stages of Management Process Methodology
PRECONDITIONS: • Leaders establish unity of purpose and direction of the organization.
• Organization objective's clearly define
• Assure resources for the implementation
• Defined and create organizational structure for this purpose
•
Present- Quality Management in Peruvian Public
administration
13.09.2016 Dr. Herfried Kohl 30
Implementation and certification of Quality Management Systems in Peruvian
Public Administration
At the end of July 2016 in more than 60 public institutions and certain state driven
projects in Peru has been implemented and certified a Quality management system of
their core process.
Due to the benefits and improvements of the performance of Public Sector, the last
National Quality Award, granted by Private associations, was awarded in their most
part to public administration.
As a part of these the Ministry of Social Inclusion and Development (MIDIS) already
has certified two of their most important social programs of which main beneficiaries
are the poorest citizens.
Programa Nacional de Apoyo a los mas Pobres JUNTOS
Programa Nacional de Alimentacion Escolar QALIWARMA
PERUVIAN STATE PROGRAMS
AND THEIR CERTIFICATION PROCESS
Quality Management System Certification
Programa Nacional de Apoyo a los Mas Pobres- JUNTOS
The main objective of this program is to promote
and dinamize in the poorest regions of Peru the
use of social services as health, nutrition and
education through an economic incentive in order
to brake the poverty intergenerational transfer.
The scope of their certification involve their
process of transfer and delivery of economic
incentive and the verification of compliance
responsibilities of the beneficiaries.
It include a Central Head Office in Lima and
18 Regional sites in whole country.
The beneficiaries are about 768,000 families
and about 1,925 employees are involved in
the operative process
13.09.2016 Dr. Herfried Kohl 32
Brief Description
Quality Management System Certification
Programa Nacional de Apoyo a los Mas Pobres- JUNTOS
13.09.2016 Dr. Herfried Kohl 33
Benefits of certification process according with Client experience
Standartisation of operative processes
Transparency
Validation by an independent third party
of the veracity of beneficiaries information
Improve the performance of payment
process
Improve the quality of beneficiaries
attention
Quality Management System Certification
Programa Nacional de Alimentacion escolar- QALIWARMA
The main objective of this program is to provide
quality and balanced food services to Children's
during the whole school year as complement of
the Public educational services in order to reduce
school dropout and promote better feeding habits
The scope of their certification involve their
process of transfer of financial resources to
purchase committees ( formed by civilians and
public and private stakeholders) and verification
of payments to suppliers of food services.
It include a Central Head Office in Lima
The beneficiaries are about 3,600,000
children's and about 2,000 employees are
involved in the operative process
13.09.2016 Dr. Herfried Kohl 34
Brief Description
Quality Management System Certification
Programa Nacional de Alimentacion escolar- QALIWARMA
13.09.2016 Dr. Herfried Kohl 35
Benefits of certification process according with Client experience
Standartisation of operative process
Transparency
Validation by an independent third part
of the payments to suppliers
Improve the development of purchase
committees
Improve the performance of payment
process
Improve the quality of Beneficiaries
attention
13.09.2016 Dr. Herfried Kohl 36
On a certificate you’ll typically find two
legal entities:
• The certified organization and
• The certification organization
A certificate is typically valid three
years. The date of expiration of the
certificate is mentioned on the
certificate.
Within that period two surveillance
audits take place.
A certificate contains the “Scope of
Certification”. This is important, as a
legal entity may be certified for a part of
its organization or activities only.
Certification of a Management System:
That’s the way it goes
13.09.2016 Dr. Herfried Kohl 37
Quotation from your registrar
Quotation from your registrar
Contract with your registrar
Contract with your registrar
Planning of audit
Planning of audit
Audit on spot
Audit on spot
Certification Certification
Yearly surveillance
Yearly surveillance
How to Select an Auditing and Certification Organization
Demonstrate the relevant accreditations where needed.
Demonstrate its ability to deliver at the quality and service level needed.
In some cases these requirements should be fixed individually.
Demonstrate its organization and actions to achieve independence, objectivity and
integrity.
...be given the chance to demonstrate to the professionals of the client that prices
for its services are adequate.
The auditing and certification company
should....
13.09.2016 Dr. Herfried Kohl 38