Dr. James Kline: Forget China and Russia, Biggest Risks to ISO are Internal

The following is a guest editorial by James Kline Ph.D.

I recently read the recent Oxebridge analysis of the ISO Survey numbers and watched Christopher Paris’ appearance on the QualityMatters podcast.

Regarding the ISO Survey, I also think the ISO numbers are suspect. I suspect they are fudging them to stay relevant and to keep the money flowing in. I thought maybe the lockdowns might have had an impact. However, when I looked at the change from 2000 to 2001 for about twenty Western countries which were substantively locked down because of COVID and compared the variation with the total change, I don’t see any substantive impact.

The question raised in the podcast debate (whether world standardization would be impacted if ISO honored international sanctions against Russia), was interesting. Like Christopher, I do not think Russia is going to impact ISO 9001 one way or the other. The greatest external impact is going to be China. Not because of their drive to control the standard, but of the blockade of Taiwan, which could very well occur next year. In which case the manufacturing sector around the world, because of the loss of high-end computer chips, will come to a near complete halt.

In such a circumstance, the issue will not be whose standard will dominate, but will anyone care about obtaining a standard at all?

My opinion is that the biggest threat to ISO 9001 is not which standard will dominate, but whether the standards will be worthless. Internally, within the quality community, there seems to be a trend toward risk management. For instance, the forthcoming ASQ conference has three basic elements. One is supply chain risk management. The second is risk management, including ESG. The third is organizational excellence with a lot of woke topics. (FYI after 15 years, I let my ASQ membership lapse. It no longer represents the quality profession in any substantive way and is becoming the Moose Lodge of the 21^st century.)

I note this because I suspect that ISO will double down on risk management in any new revision of ISO 9001. I recently wrote an article for Greg Hutchins’ risk publication where I discuss NIST’s latest cybersecurity guideline. That guideline has to do with integrating Cybersecurity Risk Management into the organization’s ERM. By Executive Order, NIST’s guides in cybersecurity are mandated for federal agencies.  This mandate will eventually seep down to lower levels of government and to private contractors. In addition, the SEC and FDIC are working on ESG mandates for financial institutions and companies which they regulate.

While the examples above are from the US, this is a trend in Europe as well.  This groupthink, and ISO’s need to stray relevant and solvent, may result in this doubling down. If this happens, there are several implications.

First, any further dilution of the emphasis on QMS, particularly if the quality of the product becomes just one of the risks the organization faces, will reduce quality overall. This will likely reduce the demand for ISO 9001 certifications.

Second, any further emphasis on risk management, as an auditable issue, will bring the quality profession into competition with internal auditors and the big accounting firms. These people have greater clout in the C- suite and, thus, they will control the auditing process.

Lastly, the general move toward Industry 4.0 will significantly reduce the need for ISO 9001 certifications. If a defect in the production line can be identified and removed before the final process, the QMS will be automated and essentially commoditized.  If that happens, the competitive value of having a certification will be almost nil.

To summarize. While I think there are external issues that could affect ISO 9001’s relevance, the biggest threat, as far as I am concerned, is internal.

---

Jim Kline has over thirty years of experience working at all levels of government. He has overseen the implementation of economic development and other construction projects, and consulted for city and county governments, small businesses, and an economic development council. He has a BA in Political Science from the University of Oregon, an MPA from the University of Georgia and an MS in Economics, and a Ph.D. in Urban Studies from Portland State University. He has published over fifty articles on risk and quality, and is the author of a number of books on risk management, including Enterprise Risk Management in Government.