My approach to management systems implementation

My experience is that most organisations that have been successfully trading for a number of years probably have many of the management system requirements in place already (but probably do not realise this). My approach is to use these existing processes wherever possible and only modify or change where absolutely necessary.

Adopting this approach introduces minimal change to the organisation and the minor improvements that the standard dictates to be necessary should be readily accepted.

Invariably there will be some processes missing and I have a wide range of tried and tested procedures, flowcharts and records that can be tailored to suit each particular client.

Some consultants have a set of off-the-shelf procedures that they impose on a client and request that the client changes all their existing business processes to suit the consultant’s method of working. This is a recipe for disaster as the procedures will invariably not reflect the true needs of the organisation and will certainly not be followed.

My preferred method of documenting processes is by use of flowcharts. Microsoft Visio is an excellent flowcharting package and enables flowcharts to be stored electronically on a client’s intranet. The flowcharts can be hyperlinked to enable navigation between them and to associated records and other relevant documents. Read-only access and password control can be implemented to cover many of the requirements for document control.

Example flowchart detailing the internal audit process

Other than six mandatory documented procedures, ISO 9001 requires processes to be controlled – this does not necessarily mean a documented procedure is required. My policy is to document a process as a last resort, if this is the only method of control. For example many business processes are computer controlled and the software will not allow unauthorised or inadequate use. A documented procedure for such processes is somewhat superfluous and does not add any value to the organisation.

Regarding choice of certification body, many clients ask me to make a recommendation but I will not do this as this important business decision must be made by the organisation and, for reasons of impartiality, I cannot be seen to be favouring any particular certification body. I will only work in partnership with UKAS accredited certification bodies (my terms & conditions make this quite clear) so will, initially, direct clients to the UKAS website www.ukas.com which includes details of approximately ninety certification bodies that offer ISO 9001 certification in the UK (slightly fewer for other management systems). Clients are often (understandably) confused by this plethora of bodies so ask whether there are any that I can recommend. My response is to name a small selection (typically 4-6) of bodies that I am currently working with or have worked with recently. This is a diverse selection, some well known; some more obscure but all will be known to me and will have given good service in the past. If requested, I will assist the client to obtain application forms and quotations but insist that the final decision is made by them (I will be happy to work with whoever they choose, otherwise I would not have recommended them!)

Certification bodies do engage consultants (such as myself) to carry out subcontract auditing (obviously the consultant would need to be suitably competent i.e. IRCA registered and not have any consultancy interests in the organisation being audited). For many consultants this subcontract work is an important revenue stream but I made the policy decision when I commenced consultancy to not offer my auditing services to any certification body therefore retaining total impartiality. My interests are purely one-sided, preparing an organisation for assessment, not carrying out the assessment process.