The Myth of the Integrated Management System

Our profession is awash with myths, told by dubious people with overt agendas and gobbled up by an unsuspecting public. The problem with myths is they usually come from cultures in decline, while progress is driven by fact and practicality. Ask the Mesopotamians how that whole Marduk thing worked out; you’ll have to dig in the ruins of Babylon to find out, since it doesn’t exist anymore.

Shmowzow!

Within the ISO standards world, we are constantly confronted with the notion of the “integrated management system” or IMS. Like the mythical griffin, Quetzalcoatl or Ancient Psychic Tandem War Elephant, the IMS is an amalgam of existing creatures, all glued together and presented as if the whole is greater than the sum of its parts. It supposes that companies opt to weld their qualty, environmental and safety management systems into one bulging mass, using ISO 9001, ISO 14001 and OHSAS 18000 to do so. The most recent versions of the myth decorate the resulting amalgam with nurnies of ISO 22000, ISO 27001 and an assortment of other standards.

Historically many organizations start with a quality management system (ISO 9001) and then add the environment management requirements from ISO 14001. They then look at their health and safety risks and add OHSAS 18001. More recently many organizations look at implementing all three standards at the same time which can be cost-effective and minimizes disruption. (Source)

The myth tells us that “many” companies are seeking integrated management systems to boost efficiency, improve their businesses, and streamline the resulting uber-system.  So prevalent is this desire, we are told, that ISO has spent the better part of the last two decades trying to figure out how to “harmonize” their various standards. In the 2000 era, it was through the implementation of similar clause structure and title headings, shared between ISO 9001, 140001 and a few other topline standards. Now it is through the Annex SL mandate, affecting all ISO management system standards from here to eternity.

ISO itself has begun to self-perpetuate the myth, going so far as to incorporate it into the New Work Item Proposal for the future ISO 45001 standard, which is set to replace the OHSAS 18000 standard (which is not an ISO standard.) That document drops the “i-word” a few dozen times.

There is particularly a need for co-ordination with ISO/TC 207, as the function of health and safety is often combined with the function for environmental management within organizations.  Additionally, there is a need for co-ordination with ISO/TC 176, as often organizations seek to combine their quality, health and safety, and environmental management systems into an “integrated” management system.

But Facts Are, Like, So Boring

The problem is that it’s utter nonsense. The facts tell us that no one really wants multiple management systems, much less an “integrated” nest of them. ISO’s own annual ISO Survey data reveals that the number of companies interested in management system standards other than 9001 is minuscule, to the point of being statistically irrelevant.

Note: the data for OHSAS 18001 could not be obtained; the most recent data publicly available is from 2009, when there were about 55,000 OHSAS 18000 certificates. A 2011 report exists, but I’ve been unable to get it (so far.) While we can assume the number is higher, we have no idea how much higher it is. Regardless, it’s still in the “statistical” noise-shadow of ISO 9001.

Consider this: the data only presents raw totals of individual certificates of each standard, and not those companies that elected to implement multiple standards and integrate them. This means the actual number of truly integrated management systems is far, far smaller.

Since we are wallowing in mythmaking, let’s play a game and make some assumptions ourselves. Let’s say that half of the ISO 14001 certificates are simultaneously integrated with 9001, a number unlikely to be anywhere near reality, but giving ISO the benefit. That would mean that there are only about 143,000 companies in the entire world with any form of “integrated” management system comprising two standards… obviously the number drops for those implementing three or more such standards.

If the market for the IMS is around the (entirely fabricated) number of 143,000, this represents only 12% of the ISO 9001 market. Now ISO 9001 itself already has barely penetrated the world’s potential user base, having cracked only about 0.7% of US based businesses, if you ignore entire sectors of potential users (like municipalities, hospitals, schools, etc.) and focus only on registered, for-profit corporations. Extrapolating the numbers further, if we assume the 12% share of IMS’s would be represented equally in the US, that means that only about 3,000 US companies have a two-pronged IMS.

Yes, that was a lot of number-crunching based on assumptions, but it’s still more data than is used to perpetrated the “Integrated Management System” myth, which is based on ZERO data.

All Good Fantasy Rides End in the Gift Shop

The question becomes, then, who stands to gain from this silly non-fact? Consultants are the primary source of the myth, insisting that everyone wants an IMS so they must therefore provide it. (Full disclosure: Oxebridge launched integrated management system implementation in 2014, too, because it’s simple to do and … why not? At least we aren’t lying and insisting that we are doing so because of some flood of demand.) A consultant who offers an integrated management system can effectively double or triple his fees for an effort that takes only a fraction of additional work.

The registrars are the second guilty party, as they can also increase their fees by offering a (sort of) simultaneous IMS certification audit event. I say “sort of” because anyone going through an integrated management system audit knows it’s like veterinary dentistry performed by circus clowns on stilts. The CB has to scramble to assemble an audit team comprising not only auditors whom are trained for each standard, but also knowledgeable in the client’s industry, which is often an impossible set of conditions. So they just cheat: they either sent unqualified auditors, or they split the alleged “integrated” audit into separate audit events anyway, eliminating the original benefit. But they make a lot of dough doing it, and offering it as a service on their website is free.

The biggest winner in all of this is ISO itself. While it is working to integrate its standards, it isn’t working to merge them into a single document under a single price tag. Admittedly, that would be impossible, but every time a company explores the idea of an IMS, it has to buy multiple ISO standards, each one at its exorbitant price with Machiavellian digital-rights restrictions. Have four employees working on integration of 9001/14001/27001? You have to buy twelve documents, for a whopping $1,700. Ka-ching!

As we’ve discovered, making the standards easier to integrate via the Annex SL mandate also bypasses some of that annoying, time-consuming consensus development process, too. Every time a publication date slips, that means lost revenue for ISO, so the less user feedback, the better.

So when considering an integrated management system, one must pursue this avenue purely out of internal needs, with a focus on how this will benefit the customer and bring value to the organization. The decision must be determined by the company, and not as a result of buying into a disproved, false argument that doing so is a modern, popular approach. It’s not, and anyone telling you otherwise is lying.

(Photo credit of totally mathematical Ancient Psychic Tandem War Elephant (c) Cartoon Network.)

(CORRECTION 26 April 2014. The chart above was corrected to read ISO 50001; the previous version incorrectly called out ISO 15000, due to a typo.)