Get ready yet another blow to the integrity of the quality management profession, as it once again scrambles for the attention of corporate executives in move that reeks of desperation.

If you haven’t heard it already, a new buzzword is cropping up in the quality profession, but one which is easily lost between the dozens of others. It’s “QRM,” and stands for “quality risk management.” It’s far more nefarious than insipid, despite the innocuous innocence it implies.

First, let’s go back a bit. As I have written at length about, including in Surviving ISO 9001, prior quality gurus like Deming, Juran and Crosby said nothing at all about risk management, as they understood it was a separate discipline. This does not mean they rejected it, nor did they take a stance to compete with it. It was merely something that was done across the hall, and may or may not have Venn-diagrammed itself to overlap with quality management. If anything, it was a friendly co-passenger on the voyage towards overall business improvement.

Next, take a look at earlier editions of the quality standard ISO 9001. Here is how the literal words on paper appeared in the 2000 edition:

ISO made it clear that ISO 9001 was a quality management standard, and did not address risk management. A companion publication issued officially by ISO in March of 2001, entitled “Guidance on the Documentation Requirements of ISO 9001:2000” goes on to say exactly nothing about “risk” at all. At that time, there was never any doubt that risk management and quality management were entirely different concepts, and so ISO never felt the need to explain this in detail.

Then came Nigel Croft and TC 176, who faced a mandate by the ISO headquarters in Geneva to include a paragraph on “risk” written by the ISO Technical Management Board, a shadowy group of largely unknown actors who are answerable to no one. Faced with the choice of rejecting ISO’s mandate and having TC 176 disbanded, Croft and his gang of self-serving consultants not only agreed, they saw an opportunity to make a profit. Croft dreamed up the term “risk-based thinking” as a branding tool, and BSI cooked up a press release that promoted the falsehood that “risk has always been implicit in ISO 9001.

Remember, that last part is a lie, as the evidence above shows. Risk was never “implicit” in ISO 9001, it was overtly excluded as something the standard would not discuss.

Croft and his cronies then quickly rebranded themselves as “risk management” experts, and started selling related consulting services. Ka-ching.

The Emperor Has No Clothes, But Who Cares?

One of the greatest failings of the quality profession is that its practitioners are often criminally incurious. We are, to use a mixed animal metaphor, lousy with lemmings.

Quality professionals are all too willing to buy into whatever the latest fad is, whatever the latest management book says, or whatever garbage gets spewed by dubious organizations like ASQ or CQI. Then, they not only fail to ask skeptical questions about what they read, they accept it blindly and reject critical analysis of it.\

Quality professionals actually seek out “thought leaders” — one of the creepiest concepts yet invented — rather than try to develop their own independent thinking skills.

The fact that all of this flies in the face of the quality profession’s main tenet — that decisions be made through analysis of objective data — escapes them. It is just easier to have someone else do the thinking for you.

Within ten minutes of BSI’s phony press release — and ISO’s official republishing of it — quality “experts” were claiming, with a straight face, that “risk has always been implicit in ISO 9001.” Apparently, not a single one of them ever read the versions prior to the 2015 edition, yet were claiming to be gurus. It was sufficient to accept as fact a lie published by ISO and its cronies.

The consultants — often the worst of an already intellectually-diminished profession — pounced.  ASQ darling and serial spammer Greg Hutchins rebranded his entire consulting and publishing machine to claim that he invented the concept of risk management within the quality profession. US ISO 9001 author Lorri Hunt gave a presentation announcing that “risk-based thinking” would be the “biggest boon to consultants ever,” and promptly started selling expensive seminars on the subject. ASQ and CQI fired up their coal-fired publishing machines to churn out hundreds of articles on risk management, suggesting expertise on a thing they had otherwise been silent on for decades.

If You Don’t Love Me, I’ll Have to Kill You

But non sufficit orbis, and all that, so aggrieved quality managers wanted more. The ISO 9001:2015 drafts soon injected additional text into clause 5.1 “Leadership,” demanding that — as part of a standard intended for third-party conformity assessment audits — top management of companies had better damn well start treating the quality managers better, or they’d lose their certificate. So things like this gem were inserted into the standard:

Top management shall demonstrate leadership and commitment with respect to the quality management system by ensuring the integration of the quality management system requirements into the organization’s business processes.

That is nothing less than a demand that the Quality Manager be given access to the C-suite. Having failed for (literally) generations to get the discipline of quality assurance properly recognized by corporate leaders, some aggrieved quality managers at TC 176 figured they’d force the issue by inserting it into a standard that would then be enforced by an army of third-party conformity assessment auditors who would then withhold valuable ISO 9001 certification from any arrogant executive who refused.

So now we have QRM. Ironically, the term appears to have popped up first in the pharmaceutical industry, which is also where the first few instances of the term “risk-based thinking” came from, although entirely outside the quality sphere. Nevertheless, CQI just launched an article on QRM which mentions the term in passing, as if it’s already an accepted thing that everyone should be already fully cognizant of.

(In an even more irritating and nefarious turn, the article’s author Veronica Cavendish-Stephens deleted my comments to her article on LinkedIn, which were related to the points I now have to make on my own site, where she can’t delete them.)

The only thing more catnippy to lazy quality professionals than official ISO press releases (however false) are acronyms. If you brand something “LSS” or “CMQ/OE” or “SPC,” they will jump on it like cats an open tuna can. (I kept my animal metaphor un-mixed that time.)

So now, within seconds of CQI’s totally made-up article, no doubt thousands of quality professionals are claiming expertise in “QRM” — a thing that, like risk-based thinking — doesn’t actually exist. There are no standards on QRM, no accepted norms, no courses of study, no books of knowledge.

It’s another attempt to dupe quality managers into opening their pocketbooks to buy cans of air.

The solution is simple: quality managers need to apply to themselves the things they demand of everyone else: to act based on data, and not emotional tugs or fake press releases. Be skeptical. Be objective. Be independent thinkers.

Maybe cancel that CQI prescription, too. Because this QRM thing is going to get much, much worse — and expensive — before this is over.

You were warned.



ISO 45001 Implementation