Featured Product
This Week in Quality Digest Live
Standards Features
Stephanie Ojeda
Solve problems better, faster, and with greater confidence in your operations
Kobi Leins
Building the future of AI is all about asking the right questions
It’s all about context and standardization
Jeffrey Lewis
Even after ISO 19011:2018’s release, many auditors still perform clause-based auditing
A primary standard for testing structures and calibrating force sensor systems

More Features

Standards News
Greater accuracy in under 3 seconds of inspection time
Showcasing the latest in digital transformation for validation professionals in life sciences
New models can test wide range of motor sizes on a single system
Streamlines the ISO certification process
ORNL-developed software tools to be demonstrated at Energy Bootcamp, Oct. 16–19, 2023, in Knoxville, TN
Offered as production pivots to vehicle electrification
On the importance of data governance in the development of complex products

More News

Oscar Combs


ISO 9001 As a Business Management Tool

Its true value is its process approach to management

Published: Monday, March 11, 2013 - 13:27

ISO 9001 is much more than a standard. It should be part of a company’s strategic plan rather than something to get certified to because customers require it. The guidelines and quality principles in ISO 9001 are just good business practices.

Throughout my career in quality, I’ve often been amazed by management teams that want to increase efficiency, customer satisfaction, and profitability, but rarely tap into the real power of ISO 9001. They think of the standard as something the quality department should focus on; in many cases it’s an afterthought rather than a strategic part of their business plans. Sometimes it’s only thought about when a customer asks if a company is ISO 9001-certified, or when it appears on a bid questionnaire for a project.

Here is an explanation from the ISO 9001 standard’s introduction:
The adoption of a quality management system should be a strategic decision of an organization. The design and implementation of an organization’s quality management system is influenced by:
• Its organizational environment, changes in that environment, and the risks associated with that environment
• Its varying needs
• Its particular objectives
• The products it provides
• The processes it employs
• Its size and organizational structure

Does ISO 9001 really add value?

The value of ISO 9001 certification has been debated for as long as I can remember. Organizations that continue to debate rather than take action are resigned to the prospect of poor business growth and being incapable of competing with organizations that have moved beyond debating the topic.

One of the most powerful benefits of the standard is the principle of employing the process approach to management. David Levine and Michael Toffel of the Harvard Business School published “Quality Management and Job Quality,” a paper summarizing an empirical study on the benefits realized by 916 companies that adapted the ISO 9001 standard compared to 17,849 nonadapters. Some benefits noted in the study include higher rates of survival, higher sales, higher employment growth, and increased wages. In addition to these benefits, others included: reduction in waste generation, enhanced productivity, improved attention to detail, and improvement in health and safety performance. ISO 9001 should be thought of as a business management tool for your organization to drive real value and results.

A business management tool

A business model describes the rationale of how an organization creates, delivers, and captures value for anyone or anything that is affected by the organization. The business model should outline the organization’s mission, strategies, infrastructure, organizational structure, and the operational procedures that will be used to execute the business model. An organization must deliver value to its customers and convince customers to pay for that value. Once they pay, the organization must operate in a manner that will result in profitability.

Process approach

If ISO 9001 is meant to be used as a business management tool, every employee in the organization should have a basic understanding of how the organization generates revenues, the order and flow of organizational processes, and their roles in companywide processes. Without understanding organizational processes, it’s difficult to diagnose problems, get to the real cause(s), and implement preventive or corrective actions. The process approach is based on four principles:
1. Understanding and meeting requirements
2. Considering processes in terms of added value
3. Obtaining results of process performance and effectiveness
4. Continual improvement of processes based on objective measurement

Understanding and meeting requirements

Most problems in organizations are associated with not understanding and meeting ISO 9001 requirements. Employees often underperform because they don’t have a clear understanding of their job requirements. Customers are often dissatisfied because their requirements are not being understood and met. Understanding requirements is the responsibility of both parties involved. For employees to be successful, it’s important for the organization to identify all job requirements for every position and clearly explain them to each employee.

It’s also important to educate the customer on requirements. The customer may understand what he wants, but may not understand the requirements involved in delivering what he wants. Once requirements are understood, the chances of those requirements being satisfactorily achieved are greatly increased, and the process can add value to the organization.

Consider processes in terms of added value

Your organizational processes should add value internally and externally all along the way, from capturing customer requirements to final delivery. This is when your ISO 9001 quality management system really becomes a business management tool and not a marketing tool to attract customers. Processes transform inputs (i.e., understanding requirements) into desired outputs (meeting requirements). Without controlling inputs, the organization will fail to add value when the output of the process is delivered.

What is added value? Value is based on the perspective of the process recipient. Value internally may mean that an employee is meeting requirements of a job description. Externally it may mean that the customer’s requirements are being met, on time and on budget.

There is nothing worse for an organization than having processes that do not add value or that are ineffective. This is so frustrating to employees and customers. A perfect example is when you call customer service, and the representative asks you a list of questions to verify your identity. Once she figures out she can’t help you, she transfers you to another representative, who asks you the same list of questions. Now they’ve spent 15 minutes verifying your identity and haven’t spent any time addressing your real problem. Having to repeat information adds no value to the customer or the organization. Value is determined at the “output point” of each process, which will be very difficult to achieve if the “inputs” to the process are not understood. It’s the principle of garbage in, garbage out.

Obtaining results of process performance and effectiveness

Once an organization understands its processes, it’s important to monitor performance to assess effectiveness. A quality management system should be a strategic part of the overall business plan, so it’s imperative to determine if the processes are assisting the organization in meeting the overall objectives of why the process was initially created. For example, the purpose of a final inspection process is to ensure that nonconforming product is not delivered to customers. To achieve the final inspection, criteria (i.e., inputs) must be defined so that the inspector can determine if the product meets requirements (output).

Every process has variation, so even an effective process won’t prevent nonconforming product 100 percent of the time. The organization may establish an objective to have a 2-percent nonconforming product rate. To monitor this on an ongoing basis, the organization would have to record each time a product is returned to be able to measure the performance and effectiveness of the final inspection process. If the process is not monitored and the nonconforming product rate goes beyond 2 percent, the organization would have to analyze the cause(s) and implement corrective action to improve the final inspection process and get the rate back in tolerance.

Driving continual improvement based on objective measurement

The reason why many organizations do not reach their full potential or remain stagnant is that they don’t have a mechanism to drive continual improvement. They simply run around putting out fires, tackling surface issues, and responding to the “problems of the day” rather than addressing process performance issues based on objective measures. This is one of the reasons that small and medium-sized companies remain small, and why big companies don’t achieve maximum profitability. ISO 9001 provides objective measures to continually drive improvement.


ISO 9001 is much more than a quality management system standard and should be used as a business management tool. Focusing on implementing a process approach will lead to a systematic method of identifying and controlling processes to ensure requirements are understood and met in an effort to add real value. Once the processes are monitored through objective measurements, an organization can focus on the actual cause(s) of process performance issues. This is the ISO 9001 standard being used as the business management tool it is intended to be.

For more information about the ISO 9001 standard, see the Quality Digest knowledge guide, “What Is ISO 9001:2015?”


About The Author

Oscar Combs’s picture

Oscar Combs

Oscar Combs is President and Senior Consultant of The ISO 9001 Group, a management consulting, auditing and training firm based in Houston, Texas. Oscar has over 25 years of experience working with management systems. Oscar has worked with clients throughout North America, South America, Europe, The Middle East, Asia and Africa helping companies manage risk and improve their business operations. He holds an MBA from the University of Houston. He is certified by Exemplar Global as a Principal Management Consultant and Lead Auditor. Oscar is also a Senior Member of the American Society for Quality and has served as the Programs Committee Chair for ASQ’s Houston Chapter 1405.


ISO 9001? .... maybe there is something better

Quality folks still banging the drum of ISO 9001, when the evidence overwhelmingly indicates its adaptation adds little but bureaucratic overhead to any organization who adopts the now Agenda 21 driven iteration.   After more than 35 years working in ISO registered companies as an implementer and auditor, I can honestly say that the system is ineffective at best and a total sham at least.  The current ISO Management system is perhaps the most antiquated and bureaucratic ever to be written.  Bridges collapse in Florida and organizations are busted by investigators for drug trafficking all of which are ISO 9001 registered.

Comparing ISO 9001 to other systems such as Toyota Production of CMMI one quickly understands the pitfalls and inadequacy of the “ISO” approach.  

Lets face the truth, ISO is nothing more than a publishing company, who sells standards and who is out to interject itself as the global standards body, so it can make lots of money by forcing its standards from each countries national level.  Why did ISO choose this path foreword?  Easy, its approach was failing in the industry and it needed a boost in sales and credibility, so it imbedded itself into the National standards bodies of key nations.

ISO 9001 registration has fallen off over the last decade and continues to be in decline.  It the standard was so valuable to organizations, why are many organizations ditching it?   The answer is obvious…. ISO 9001 is not effective.   Most people registered to the scheme are forced to be registered as a supplier.  Therefore, their only interest is to meet the bare minimums to retain registration.  Other organizations who adopted ISO 9001 voluntarily as taking other more effective avenues at improving their Management Systems to achieve Customer Satisfaction (TPS, CMMI as examples).   A level 3 CMMI is far better for an organization than ISO 9001 registration and far less costly.   The focal point of CMMI is to improve the organization …. The Focal point of ISO 9001 is to retain registration.

ISO registrar auditors are stepping over non-conformities and giving clients a clean bill of health, in order to retain the clientele and their registration.  This phenomenon has been voiced often by many registered organizations and auditors.  And this is where the whole ISO scheme starts to unravel, when registrars need to retain clientele.   Unlike EMS or OHSMS, a QMS has not regulatory basis and therefore no teeth to force its necessity.  All to often ISO 9001 implantation is a system of bureaucracy shoved upon an organization by its quality function, in hopes of obtaining some level of quality which exceeds “rock in a box, ready to ship” mentality.

So what is the answer to improving an organizations quality management is its not ISO 9001?  The truth in one word …. Ownership….  Executive Management needs to own what ever system of management the organization implements in order to satisfy its customers and meet the expectations of its interested parties, and improve its lot going forward.   There are no books, no secret formulas, no magic pills, no wishing wells, no profound statements, which an organization can employ to make its lot better for its customers, outside understanding completely what their customers need,  and desire, and constructing their system of business management to achieve such ends.

ISO 9001 is nothing more than a bureaucratic attempt at implementing Deming’s system of Plan Do Study Act, as a means of achieving Customer Satisfaction and continual improvement.  Any organization serious (owning responsibility for satisfying its customers) can achieve the same means by employing Deming’s system (PDSA) and adopting his focusing on the identification and reduction of variation.   Risk Afterall, is simply variation ranked by severity and the organizations ability to detect its occurrence.  One does not need an ISO legalese document to explain such a simple concept.

ISO 9001 - is a wealth generator for CBs, Consultants & TC176

Humble beginnings

ISO 9001 started life as a military supplier, shop floor quality control system. There are two stories floating about, one indicating it was created from the requirements set out by the British military and the other the American military.  Which one actually takes the prize maters little. 

In the decade of the 1960s and 70s each manufacturing corporation created its own set of supplier requirements.  The problem with this approach was a supplier who had several customers, also was required to juggle several different and often conflicting supplier requirements.  Therefore the suppliers assembled together and petitioned the manufacturers for a single supplier requirement and ISO 9001 was born. 


The scramble toward Quality Management

In the 1980s American industry struggled to keep pace with Asian industry who’s product failure rate was far lower and who’s customer appreciation was far higher. Every business scrambled onto crowded aircraft, bound for Japan, in order to discover the "Great Secret".  Every imaginable approach cropped up over a decade or so as America sought to improve its manufacturing capability with a myriad of management system programs.  Buzz words abound and those smart enough to grasp or imagine a concept, sold hordes of expert books on a wide range of subjects, many of which remain until this day. These programs are known in manufacturing business as Quality management.  Even the old industrial engineering programs which were 2 year associates degree programs, were beefed up with these latest concepts to become 4 year degree programs.  America was on its way to improvement.

The largest impact came from the automotive industry which had revised ISO 9001 into QS 9001 (AIAG).  Manufacturers scrambled to implement QS9001 or require it of their suppliers.  These alternative approaches started effecting ISO 9001 registrations, therefore TC176 was called upon to improve the "Management System Standard" (MSS) and ISO 9001:2000 was born along with a supplement of enhancement documents. The ISO MSS now included quality management for the service sector. The problem remained, that many implementations did not provide the expected result   Fingers pointed in all directions, however an industry based upon the ideal of review and improvement never turned to its own proclamations and tools to decide an effective pathway foreword.

The road foreword

ISO 9001 was on life support and it needed something to make it valuable again, therefore a unapproved guide was pulled foreword as the saving grace (ISO Guide 83 - High Level Structure, later Annex SL).  It was married with the Australian ideal of Risk Management, plus the earlier ideals of Process Management, PDCA and a good helping of global socialism (dialectical antithesis against large corporations). ISO sought and in many cases, became a global standards body, an NGO which replaced many governments own standards bodies.  How could ISO 9001 ever die if it became the law of the land (government standards requirements).  

This latest revision of ISO 9001 makes a 1/2 hearted attempt at drawing in the strategic planning portion of the business (Context).  The current revision is so confusing that It basically became a wealth generator for Certification Bodies, Consultants (including the members of TC 176) and ISO itself (publisher).  

ISO 9001:2015 places customers and investors on an equal footing with social dissidents, and regulators, calling them all "Interested Parties" and giving them all equal value.  It additionally takes a 1/2 hearted approach toward risk assessment, calling it risk based thinking.  ISO 9001:2015 is simply a mish mash of concepts which in collusion do not create the desired effect.   Not one consultant, expert, or auditor interprets the current revision with clarity and consistency.  The topic of risk alone produces a myriad of interpretations.  

The American automotive sector divorced itself from ISO and now prints its own set of requirements under IATF as 16949.   At the seminar in Nashville TN earlier this year, it was stated that less than ten percent of the currently registered companies had moved to register to ISO 9001:2015.   With the end of ISO 9001:2008 a little over one year away, it appears as thought this latest revision of ISO 9001 is bound for the dust bin before it lifts off the ground.   Many assume ISO will extend the re-registration period another two to three years or completely revamp the 2015 revision altogether. TC 176 should have taken its ques for revision from the Environmental group who’s approach to a management system was far better than the result put forth by the quality management sector.  

The question 

Should a currently registered company switch to ISO 9001:2015?  The answer to that question is directly related to the requirement being voluntary or required by the customer and legal requirements for countries in which an organization sells it goods.  The organization should however have a deep discussion related to the value ISO 9001:2015 provides.  It will most likely come to the same conclusion as many other companies.  ISO 9001 is a Management System Standard, just as ISO 14001 and 45001, why therefore is it necessary to have so many Management System Standards?   Does the organization need multiple management systems?  This is where most management becomes confused with ISO who sends those signals of confusion.

Organizations need only one management system, it should be a system which includes Strategic, Tactical and Operational planning, execution, review and improvement in a PDCA (or PDSA) format.  The management system should include the determination of necessary risks and controls for its Processes, which allow the organization to successfully meet the expectations of its customers, investors, and other interested parties who are factual stakeholders in the business.   This simple approach to management is the purpose of all businesses having a long-term Strategy.   However, this simple business concept was sorely missed by TC 176, giving the subversive radical in the street equal footing with the end user of the product of service being provided by an organization. 

Any organization who is considering registering to the revision of ISO 9001:2015 ought have their legal department or representation actually read that MSS before agreeing to become bound by it.  The legal team or representative should be the voice of reason which assists the business in defining reasonableness related to the terminology "Interested Parties", and how they are determined relevent.   The mere fact that I would mention this approach should lean those who volunteer to be registered to 9001 to have grave concern as to its legal repercussions.  The interested parties clause (4.2) of ISO 9001 can pose vast legal risk to any organization if not properly handled as it opens Pandora’s box so to speak, to every sort of unscrupulous attorney seeking monetary gain for any reason no matter how unreasonable the issue.  Since the term interested party is not wrapped in exclusive definition, it quite literally means everyone or anyone.  Therefore the Interested Parties clause could become a haven for vast quantities of legal action against an organization for just about any reason conceivable. 

Those considering registration to the 2015 revision of ISO 9001 need to consider other viable options which have been proven over tome to add value to an organizations bottom line while providing satisfaction to its customers and stakeholders. 

Nice article

Dear Mr.Oscar Combs

Thanks for publishing very nice article which really should open the eyes of many organisations who work only for getting the  ISO 9001 certificate.Since such organisations definitely do not establish sound QMS based on thorough understanding of principles and requirements of ISO9001 std,the can't enjoy the benifit by implementing it.Finaly they blame ISO 9001 std .

According to me if we establish sound QMS,it will further help to fine tune the processes for brining continual improvement by using tools like lean and six sigma as both of these break through improvement tools require robust process in place.



I Totally Agree

Hello Aravind,

I totally agree with your points and thank you for them.  Together we can change this mindset.  Oscar

Opponents to 9001

I know a fair number of people (none in quality roles, obviously) who sort of sneer at the ISO 9001 process in general because they view it as a system in which companies can set their own rules, and as long as they follow those rules, they fulfill their obligations and satisfy auditors.  I'm personally quite new to the whole quality realm, so I don't have a succint answer to this sort of objection.  Any advice on how to answer the doubters?

Set The Target

Hello and thanks for taking out time to comment on my article.  Many of these individuals are from the previous generation of ISO 9001 when there were many misconceptions formed back in the 1990's.  I've even had people say that if we say we produce bad product and we produce bad product, we meet ISO 9001.  Well obviously that is not the spirit or intent of the ISO 9001 standard.  The standard is to assist in continual improvement and driving out nonconformities within the organization.  The best way to show doubters is normally in the results of a good QMS and establishing key performance indicators and measure them prior to and after implementation.  For instance is x amount of waste is generated prior to ISO 9001 and it is reduced by 20% after its implementation, we could make a strong case for ISO 9001.  Hope this helps.  Oscar

Convincing the doubters

I will take a shot at answering your question, BLANCHDM. In my opinion, the goal of ISO 9001 (any management system standard, in fact) is to establish a cultural language to define and improve a process or a group of processes for an organization. If a team doesn't undertake improvement efforts from a common starting point, there is bound to be chaos and confusion. ISO 9001 allows everyone to understand the target before you draw back the bow. One other thing I will mention: The idea that ISO 9001 is intended to make people "fulfill their obligations and satisfy auditors" is just wrong. The standard is there to guide organizations in improving outcomes for customers; the certification on the wall is the result of those improved outcomes, not an end unto itself. The doubters most likely have an unstated objection of some sort, quite possibly a fear of change in general. I have found that fear to be the single biggest obstacle for those trying to improve organizations...

Words of Wisdom

Yes, indeed, Mr. Combs. Pity that too many Accreditation Bodies and Registrars have made of it a "Temple of Jerusalem", that is, only good for business, for making money. There's another point, too: ISO 9001 and its mother, or father, ISO 9000 don't distinguish between management and leadership, while the two roles are profoundly different. I hear ISO 9001:2015 will focus risk management: I sincerely hope that the ISO Technical Committee will not repeat the same mistake. ISO has published Guidelines on risk management, but it never published any guideline on how to decipher its "process approach" hieroglyphics. To many Organizations this is still a mystery, and this may explain the whys of the continuous  downturn of ISO 9001 registrations: Companies only register when they are compelled to. And if you add to this ISO 9001's mania for documentation, in times like these when Companies spare any cent they can ... the question whether ISO 9001 is an effective management tool makes sense, if it does not raise more inquieting doubts. Thank you.

Documentation is not a mania

I think that this idea that ISO 9001 has a "mania for documentation" is a demonstration of how many people do not understand the standard. The standard, for the most part, does not require that much documentation. It actually states very clearly, that the level of documentation and approvals depends on your organization's size, complexity, and competence of your workforce. The level of documentation management is defined by YOU.

I think the problem here are the huge variation in knowledge among auditors, who often, and roguely, define the requirements erroneously, and then create an environment of panic among companies. I think ISO 9001 defines some very basic principles, really, that even a bakery should adopt, and simply apply the discipline to keep up with it and improve upon it.

Great Point

Great points and thank you for commenting on my article.  You are in deed correct that ISO 9001:2015 will focus heavily on risk management for organizations.  I truly hope that organizations are able to achieve the true benefits of the standard and see it for what it really is.....a tool to improve operations and reduce risks.  Oscar

The problem with QMS Standards

I have been dealing plenty with maintenance and implementation of QMS standards such as 9001, 13485, 9100, etc. with many organizations. Dealing with enough managers and employees about this topic, and plenty of information and committees out there, I have come to conclude the root cause of misalignment from the spirit of QMS standards among organizations that are still trying to find meaning.

1) First, is the title. QUALITY Management System. This is the main reason that the implementation and management of the QMS is often assigned to the Quality Department. When you read through the standard itself, it's easy to see that most of it are requirements for all departments, including the top chief at the organization. The name itself is misleading. Yes, many argue that it is the quality of management, not the management of quality. But why do we have to find ourselves in the need to forever educate top management about this? QMS ownership should be a cultural and academic requirement for managers; whether they grow into it, or the get to it by completing an MBA. I heard through the vines that the ISO committe was going to change the title from QMS to BMS - Business Management System. I guess they chickened out.

2) Sad to say, but most of the blame goes to ASQ. I understand that ASQ is a great group, with a great mission, with great resources. However, the existence of the group itself and the method of existence is directly counterproductive to its mission. By its existence, and its idea of promoting the idea of "quality professionals" or being a reource for "quality professionals", it creates the problem that many non-quality-focused organizations have. That the quality of the product is the responsibility of the quality group or quality professional; not the responsibility of all employees, starting with top management. The quality "tools", principles, and philosophies are great, but those tools shall be used by all levels of the organization: top management, process engineers, maintenance engineers, HR, marketing, sales, etc. Instead, these ideals and tools should be promoted through process, engineering, and management groups.

One of the best quality-focused companies I have ever worked in my life did not have anyone with the word "quality" in their title. The CEO was the quality representative and demanded that all managers implemented and maintainted a healthy QMS with proper utilization of proper tools out there. Did I mention that I have the word "Quality" in my title?