ISO consultants love to parrot each other. One dummy will say something that sounds reasonably smart, and get picked up by everyone else until it becomes an assumed truth. This is how the meme “say what you do, and do what you say” got started. They tend to cause a lot of problems, too.
These repetitive memes are surefire ways to identify a consultant who has never really worked under ISO 9001, and only has the most bare-bones practical experience, even while they claim to have decades of it.
In no particular order:
1. “Don’t Use ISO 9001 Language in Your QMS”
This old saw sounds great if you shut off any frontal cortex activity. “Your QMS should be written based on your own practices and procedures, and not with ISO 9001 language. In fact, you should avoid ISO language entirely!”
The thinking is that you can lose people’s focus and comprehension if you obsess too much with the ISO 9001 language; that’s because ISO 9001 is written by a committee of people who all speak different languages, so the end result looks like it was written by drunk lawyers on a wobbly boat during a typhoon. It’s a fair criticism, but consultants then try to go all folksy and populist by inferring that your internal processes and procedures should rule the system, without any consideration — or even training! — on ISO 9001 itself.
That’s great if you don’t want your system to comply with ISO 9001. If so, then go for it. But at some point you will have to prove to your internal auditors, customers and possibly external auditors that you comply with ISO 9001, and the only way to do that is to know what exactly you are complying with.
While it’s not a good idea to train everyone in the company on every detail of ISO 9001, it’s important for them to understand the basics, and to have at least a few hands on deck that are very (very) conversant in translating the ISO 9001 requirements into the company’s jargon, and back again.
2. “Woe is Me! Lack of Management Commitment!”
The argument here is that any failing of a QMS can be blamed on a “lack of management commitment.” This is not only nutty, it’s self-destructive. Consultants who make this claim — and it’s nearly every single one of them (here, here, here, here, here, here, here, here, here… just for starters!) — must be dead set on not getting any business, because it’s the top management who will decide what consultant to hire. Who is going to hire a guy that disses them before even meeting them?
It’s also nonsense. The argument imagines that all consultants and QMS activities are funded by the QA Manager, who somehow holds the purse strings, and then has to convince his stupid bosses on how to do the right thing. Here’s a tip: if the boss signs the checks to pay for a QMS, that’s a pretty good indicator of some level of commitment. It doesn’t mean he’s obligated to buy the QA Manager (or the consultant) a monogrammed swimming pool.
This argument comes from the fact that consultants flee the need for an “escape clause” in the event things go awry during their contract. By arguing “you didn’t take my advice, so I’m not responsible” they think they’ve inoculated themselves from failure, but it’s indicative of the consultant’s inability to (a) properly communicate, and (b) convince management of his approach. A good consultant needs to motivate clients, win them over on things they may find unlikable, and get people on the same page.
Reality check: any failure to obtain management commitment is the fault of the consultant.
3. “QMS Templates Are Great, Really!”
ISO 9001 template documents suck. Just stop it already.
4. “You Only Need a Four Page Quality Manual”
Heck, just hire a guy to write your Quality Manual on a grain of rice!
I’ve built an entire career around simplifying ISO 9001 for clients as much as I can. But I won’t go so far as to make stupid statements that defy reality, even if they sound awesome.
Yes, technically everything that ISO 9001 literally requires could fit in a four page quality manual. That’s because all it requires is a scope statement with exclusions, overall process flow diagram and references to other procedures. Heck, use a small font and you can get it on two pages, like this guy.
But here’s the question to ask yourself: who is the intended audience of the quality manual? Normally it is not just for internal consumption. Anyone bidding on contracts may find themselves having to submit a quality manual as part of the bid, or to submit a copy for review by a customer in order to get on their approved supplier list. Will the customer share your obsession with miniaturization? Probably not. In fact, the money you save on pages will likely be lost ten-thousand fold if you lose that contract. Then let’s hope your resume isn’t as abbreviated as that quality manual was, ‘cuz you’re going to need it.
Next, what about internal consumption? Who — within the organization — will benefit from a quality manual? In that case, what would they want to see? A tiny manual is likely to gather as much dust as a huge one with too much detail.
The other downside to the micro-manual is appearances. A company that produces only the absolute bare minimum required gives the impression of a company that is also likewise to avoid taking any extra steps for anything. It projects an image of a company that is lazy, crafty, and isn’t about to expend energy on making things useful.
A customized walkthrough of the companies’ QMS requirements, including a matrix of ISO 9001 clauses (for auditors and those darn customers) is a good middle ground. I say “customized” so you don’t get into the template trap I mentioned above.
5. “All You Need is Six Procedures”
Like the mini-manual, this one is technically true if you apply only a quantum of concern over meeting the spirit of ISO 9001, and want to alienate pretty much everyone by your adherence only to the letter of it. Good luck with that.
I’m no fan of documentation at all, especially ISO 9001’s notion of it, but there are some activities that you will have a hard time controlling without some form of documentation. For example: inspection practices, calibration methods, and any complex activity where variation between operators could be fatal to the product or service quality.
Remember, one of the documentation requirements is “documents determined by the organization to be necessary to ensure the effective planning, operation and control of its processes.” By writing only the “required six,” you are telegraphing to your employees, customers, auditors and everyone else that you don’t need anything else to plan, operate and control your processes.
If your consultant uses “only six procedures” as a selling point, run. A good consultant will assess the company’s needs before making any bold proclamations about an appropriate documentation set.
6. “You Cannot Outsource The Management Representative Role”
I’ve written so much on this subject, it’s practically tattooed on the inside of my eyelids. Consultants (and registrars) insist you cannot outsource the management representative role, and point to the requirement that the MR be “a member of management.” They stop there, never bothering to ask what “member of management” actually means.
A member of management must be an employee; this much we know. What ISO 9001 does not say — nor could it ever — is what constitutes an “employee.” In today’s environment, employees can be full time, part time, temporary, temp-to-perm, contract, subcontract, piece-work, commission based, apprenticed, union, non-union, probationary or even “at large.” ISO 9001 cannot tell a company who to hire, nor how to hire, lest it run afoul of a million labor laws. What if the only valid candidate is a retired, minority woman who requires a wheelchair, but can only work part time? How is that going to look if some consultant or ISO auditor tells them to fire her? Will they pay for the avalanche of discrimination lawsuits?
Today in many companies, nearly the entire workforce may not even be “employed” by the company itself, but instead by a payroll processing company such as ADP or Paychex. Employees may be hired by an outside headhunting firm, and remain employees for that firm for the first year before “transitioning” into employment by the actual company. Does this mean the all the workers are ineligible for their roles too?
One of my clients was being managed by a CFO who was on temporary contract, because the previous CFO had passed away. The contract was only for six months, while the company recruited a new CFO. The auditor did not blink when auditing this “part timer” despite the fact that it was clearly a subcontracted role. Why does the ISO MR position get higher scrutiny than the senior-most executive?
Truth: a company can hire a “member of management” in any capacity it wants, so long as that person is granted the responsibilities outlined by the standard. End of story.
7. “ISO 9001 Has Always Been About Risk.”
No. No it hasn’t. Shut up already.
This new meme is prompted by the upcoming inclusion of “risk based thinking” in ISO 9001:2015, trotted out by ISO consultants who never studied actual risk management in the fields where it is most mature (finance, insurance, pharma, etc) and thus don’t actually know what risk management is. So they repackage preventive action as “risk” and throw in a Failure Mode Effects Analysis spreadsheet to show how smart they are. Risk management is a complex discipline that one can get a university degree in. It’s not CAPA 2.0, and anyone saying so is a complete newbie on risk.
If a consultant says this, ask them to show you their risk assessments on vetting new customers, or for the design of their implementation programs. Expect a whole handful of nothing.
8. “You Need a Gap Analysis Before Starting”
The “gap analysis” is one of the biggest consulting scams running. If you are new to ISO 9001, then here’s your gap analysis:
You don’t comply with ISO 9001. There. Done. And entirely for free.
Consultants may charge as much as a week’s work to conduct a “preassessment” audit, the results of which everyone already knows. It’s like a patient going into the dentist and the dentist conducting a series of tests just to decide if the patient has teeth.
The resulting report — which the consultant will charge for, too — is equally useless. It will list all the areas you do not comply, which is only useful to the consultant and of no use to the client. The client wants to know what to do moving forward, not where they have failed for the past few decades.
Instead, it’s better for a consultant to spend time learning the company’s activities, and assessing them silently in his or her head for compliance. Then the consultant can prepare an implementation plan based on the level of compliance, and just get on with the business of consulting and implementing. Extending this activity into a formal audit, with a formal report, wastes the client’s time and money.
9. “You Have to Calibrate All Measurement Equipment”
This one costs clients a lot of money. ISO 9001 is explicit on where calibration of equipment is required: for devices used “to provide evidence of conformity of product to determined requirements.” (Emphasis added.) This means anything used to “buy off” product as part of an inspection or test.
Process equipment does not require calibration unless it is used to also measure the product and determine whether the product passes inspection. This means that temperature gauges, pressure gauges, flow monitors, etc. do not ordinarily require calibration. Furthermore, if you have a series of similar devices that inspect the product in serial, only the final one needs calibration, because it’s the one determining final buy-off.
Now this is not to say that calibrating process equipment is a bad idea. On the contrary, it’s a great idea. But it’s not a requirement. And that means you get to decide what to calibrate, not the consultant.
With calibration, you want to do what’s smart. Just be sure to identify any equipment you do not calibrate with a proper identifier (“no calibration required”) — not because it’s a requirement, but merely to fend off any questions.
10. “There’s a Difference Between ‘Continuous’ and ‘Continual’ Improvement”
When your consultant starts to spout this one, understand it probably plays well at all his high society balls and drawing room parties. Or not. Either way, it’s pretentious and nonsensical.
And just because I like to give away stuff, here’s a free eleventh dumb thing consultants say:
11. “I’m an Expert, Because I Wrote A Book”
In the age of the internet, everyone’s an expert. After all, if I say so on the internet, then it must be true, right? We all know nothing gets published on the internet that isn’t true.
In the age of the internet, however, self-publishing is more prevalent than ever. While this is often awesome — it gets previously unheard-of writers in the hands of eager readers, a reality which would never happen in the previous age of the transom — it comes with a downside. Anyone with the patience to write a book (meaning they have nothing better to do, because they are under-employed) can be an overnight expert by having Amazon or some other online self-publishing outlet sell a book for them. These books aren’t edited, often not even proofread, and are not published by reputable publishing houses.
Full disclosure: after 25 years in this business, in 2015 I finally intend to write a book and have it published by some fly by night organization, without editing or proofreading, and having written it utterly unsober. But you know what? I earned it.
Chris Paris working on his “book.”
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 35 years’ experience implementing ISO 9001 and AS9100 systems, and helps establish certification and accreditation bodies with the ISO 17000 series. He is a vocal advocate for the development and use of standards from the point of view of actual users. He is the writer and artist of THE AUDITOR comic strip, and is currently writing the DR. CUBA pulp novel series. Visit www.drcuba.world
