ISO 9000’s prescription
for quality management systems was developed with the expectation
that it would standardize such systems globally while providing
consistent quality in goods and services. Unfortunately,
although the standard has become a global one, it certainly
hasn’t succeeded in ensuring consistent quality. This
article attempts to pinpoint the causes that contribute
to this problem--and emphasize that ISO 9001 is definitely
capable of producing the desired results.
Worldwide, ISO 9001 registrations have exceeded the half-million
mark. Great Britain, which is only slightly bigger than
California, is home to more than 70,000 organizations registered
to ISO 9001, compared to the United States’ 50,000.
But Britain’s 40-percent registration lead hasn’t
necessarily enabled it to produce significantly better products
and services than those of the United States. Developing
countries such as India and China each have in excess of
10,000 organizations registered to ISO 9001. Although they’ve
seen significant increases in their exports, much of this
can be attributed to nonstandard-related policies and other
developments. These countries haven’t necessarily
earned adequate returns on investment from registering to
Thus, the question is, “Does ISO 9001 really help
to improve quality?” The answer is a definite “Yes,
but…” This “but” refers to the quality
of a registered organization’s QMS. Consider the following
Have you developed a QMS that satisfies the intent, not
just the letter, of ISO 9001?
Is your QMS aligned with your strategic goals or is it a
parallel management system creating nonvalue-added bureaucratic
Does the system make sense to you or have you established
it because, in somebody’s opinion, ISO 9001 “requires”
you to do it?
Is it driven by top management or just the quality manager?
Does your external auditor perform a tough and demanding
surveillance audit, or does he or she simply go through
the motions without prodding you toward continual improvement?
A sizable minority, if not a majority, would respond unfavorably
to these questions. The fact that ISO 9001 continues to
spread, albeit at a much slower pace, is due largely to
marketplace pressure. However, at this juncture, after half
a million registrations, the standard’s survival depends
upon it evolving into a cultural phenomenon driven by internal
needs rather than external pressure. Unfortunately, examples
of this are few and far between. Assuming this current trend
continues, it won’t be long before ISO 9001 registrations
show negative growth.
Five main groups compete in the game of implementing and
maintaining ISO 9001 quality management systems. They include:
Organizations that develop, implement and maintain the QMS
in accordance with the standard
Registrars accredited and authorized to issue certificates
that legitimize organizations’ ISO 9001 compliance
The Registrar Accreditation Board, which is the nonprofit
governing body that oversees registrars, their auditors
and the organizations
ISO 9001 training providers
Consultants who assist organizations in understanding, developing,
implementing and maintaining their QMSs. (Note that consultants
can be internal or external.)
Let’s examine the role of each of these players
Many organizations implement ISO 9001 because they must.
And, due to their leaders’ sketchy experience dealing
with QMSs, not many of those companies understand ISO 9001’s
considerable effect on them. This is why they often join
the game reluctantly or maintain their QMSs as extra burdens.
In many cases, the QMS remains the quality manager’s
program. This is also why an alarming number of organizations
have either decided to drop, or are seriously considering
dropping, ISO 9001:1994 registration instead of upgrading
to ISO 9001:2000. In most cases, the management representative
is relegated to the role of “necessary evil”
rather than the important facilitator that he or she should
It’s not this article’s intent to point an
accusatory finger at executives. This group is fairly willing
to provide proper resources and support to the QMS process.
However, many internal and external consultants falsely
assume that executives wouldn’t be interested anyway
and, thus, don’t bother involving them. Consultants
design the QMS based on minimal, rather than adequate, executive
participation, which marginalizes the system from the beginning.
It’s also true that the ivory tower occupants haven’t
been trained to think of quality as a strategic issue. For
the most part, they’re unaware of the important role
a QMS can play in their organization’s survival and
Close to 80 registrars compete for clients in the United
States. As with any other group, this one consists of members
who vary in ability. The variation, unfortunately, is significantly
greater than what can be tolerated. This is an alarming
As if this weren’t bad enough, variation exists
among auditors from the same registrar. Auditors’
training appears to be ineffective in an unusually large
number of cases. Although ISO 9001:2000 requires organizations
to verify effectiveness of training, registrars are apparently
exempt from verifying the effectiveness of their own auditors’
Pleading inadequate resources, the U.S. RAB hasn’t
adequately monitored registrars, their auditors and the
organizations that are consequently registered. As a result,
many marginal and even noncompliant QMSs are recommended
for registration. Such marginalization undermines the standard’s
credibility and encourages organizations to abandon this
very important approach to business and product/service
Add to this the issue of registrars that offer a comprehensive
package of consulting and registration services. Although
this practice is frowned upon on paper, it’s happening,
and the RAB largely ignores what amounts to a travesty of
basic certification integrity.
The RAB’s method for qualifying lead auditors has
resulted in keeping more qualified people out while ushering
in marginally qualified individuals. The board’s chief
concern, presumably, is overseeing auditors. If such a requirement
isn’t in the RAB’s charter, it should be. In
the absence of monitoring by the RAB, the registrar is expected
to send its management personnel to monitor its own auditors.
In such cases of self-monitoring, where “the fox is
asked to guard the chicken coop,” weak enforcement
is almost inevitable.
Auditors have also noted the striking difference between
how Britain’s RBA and the United States’ RAB
monitor their auditors. Those auditing under the British
RBA registration scheme are far more likely to be monitored
by an independent observer than auditors working under the
U.S. RAB scheme. In fact, several auditors have confirmed
that, while working under the U.S. RAB, they’ve never
been monitored by an independent observer.
Moreover, no mechanism exists for monitoring and correcting
auditors’ behavior during audits. Occasionally, some
auditors do come across as arrogant or downright wrong.
In such cases, clients fearing reprisal prefer to keep quiet,
although this sours them on the process as a whole. In the
end, ISO 9001’s reputation and validity suffers more
than just the registrar’s reputation.
Unavoidable conflict of interest is another issue: The
audited organization is also the client that pays the auditor’s
bills. The latter’s commercial interests collide head
on with his or her responsibilities as an ethical auditor.
Some can walk this fine line carefully and successfully,
but an alarming number don’t. It’s another example
of how marginal QMSs get recommended for registration. When
these systems fail to produce desired results, ISO 9001
is blamed, not the auditors.
Training providers, the fourth group of players, are divided
into two broad categories: private companies and educational
institutions such as universities. The former usually do
a respectable job of conducting training, but the same can’t
be said for universities. I’ve come across quite a
few ISO 9001 instructors whose knowledge of an ISO 9001
QMS is purely academic. In my opinion, this is akin to an
instructor who teaches swimming without ever having jumped
into the water.
The ISO 9001 standard is a strategic exercise. It’s
designed to effect a cultural change in an organization
so that everyone breathes and thinks quality in every business
process. When a consultant fails to understand this basic
premise and instead concentrates on mere compliance to the
letter of the law, a marginally compliant system is born.
The consultant has an obligation to understand the standard,
the basics of various business processes and the relationship
between the two.
A marginal system produces marginal results and loses
credibility in the eyes of executives, whose commitment,
involvement and provision of resources ultimately support
a successful QMS. Systems that fail to impress executives
are delegated to lower levels of management for maintenance,
where they become bureaucratic burdens rather than strategic
What should be done?
The American Society for Quality and ANSI-RAB must promote
ISO 9001 as a strategic business tool worthy of being discussed
in executive suites and boardrooms.
ASQ must develop consultant certification criteria to weed
out marginal advisors.
Special courses must be offered to corporate executives
that explain ISO 9001:2000’s strategic importance
and suggest implementation strategies. These courses should
be specific about top managers’ roles.
Training providers must possess certain basic qualifications--including
practical experience--before leading others in QMS development.
A certification program for management representatives must
be established. Additionally, more stringent guidelines
must be developed concerning management representatives’
positions and authority in organizations, along with criteria
for verifying that top management effectively supports management
Minimum basic qualifications must be established for auditors
from different registrars.
Auditor training must include standardized information in
Registrars must measure the effectiveness of auditor training
and practice continual improvement in their auditing methodologies.
A committee of registrar representatives, working with RAB,
must develop criteria and a methodology for measuring and
monitoring auditor performance. A parallel system must be
developed to verify the auditor’s effectiveness.
Registrars must monitor auditor performance more closely.
If an auditor consistently produces “zero defect”
audits, such trends should be investigated and corrected.
It’s impossible to create a flawless QMS.
Renewed emphasis must be placed on surveillance visits.
Annual surveillance audits should be increased to a semiannual
Proof of continual improvement must be demanded during each
surveillance visit, and major discrepancies should be considered
if the QMS fails to produce continual improvement on significant
RAB must develop a system of monitoring auditors’
behavior during audits. Clients should have the means to
report on auditors’ unprofessional or unethical behavior
easily and without fear of reprisal.
RAB must evaluate its system of qualifying auditors so that
it effectively filters out marginal performers and attracts
more qualified individuals.
Every auditor must be observed in action by an independent
observer at least once every three years. A detailed report
must be kept on file.
RAB must monitor registrars’ conflicts of interest
RAB must prohibit registrars from offering cash incentives
to consultants for referral.
RAB must prevent registrars from offering a “guarantee
RAB must induce registrars to establish a more transparent
as well as effective system for handling and resolving clients’
grievances against auditors.
RAB must be more proactive in combating registrar violations.
Ashok M. Thakkar is president and CEO of the Roswell,
Georgia-based consulting firm ITTI LLC. Since he assumed
company leadership in June 1993, ITTI has helped 112 clients
in four countries and three languages register to various
ISO standards. Thakkar has worked with more than eight leading
registrars and 60 different auditors internationally. A
provisional auditor for eight years, in January 2001 he
returned his card to RAB due to the reasons identified in
this article. Letters to the editor about this article can
be e-mailed to email@example.com.