Mind the Gap
'Why You Don’t Need a Consultant to Gain ISO 18788 Certification, or ISO 9001, or any other ‘Management System’ standard certification …..'
We are often asked if we can provide consultancy support. But I would propose, that in the first instance, a company is unlikely to need it, and if they do, then with a few simple steps they can save themselves time and money, and ensure they appoint a knowledgeable consultant who can add value and work with the company.
‘Management Systems’ standards are not black magic; never more so than now with the introduction of a uniformed layout approach (Annex SL). The area companies routinely appear to
struggle with centres on the capture of the context and risk analysis. But why?
In our experience, it often appears that people see the standards to be demanding something other than what they are already most likely doing if they want to grow their business effectively – and that starts with the BUSINESS PLAN. As part of that you do market analysis; you identify your risks and competition, you set your strategic vision and real business objectives, and then identify what you need to achieve to successfully deliver your services and products. In sum – you are doing most of the context and risk analysis and setting of objectives already. Don’t go reinventing stuff just for the sake of a lazy auditor.
So how should you approach gaining certification?
Simple – understand your business, understand how to take that business plan, that vision and intent, and translate that through your people and supporting procedures, to deliver that vision………and then just map it back to the standard to make sure you’re already doing everything it requires. As an approach, a simple excel/word table will help you undertake that analysis.
Column 1 = each clause of the standard.
Column 2 = write how/where you are already meeting the requirement - either fully, partiality, or not at all. Write this by citing your existing procedures, meetings, business language etc; make it relevant so that it supports your business, not the auditor’s. They should understand your sector; they should understand your language – if they don’t then you’re paying for someone who is incompetent and you should seek a different auditor.
Column 3 = now you’ve identified where you are or are not meeting the requirements. Make some notes on what you need to do to address any gaps you’ve identified.
Column 4 = identify who is best to lead addressing those gaps. It should be driven by the person who ‘owns’ that particular subject area, not some dislocated consultant or management representative. And set a delivery timeline.
Column 5 = identify the likely outputs / records (including for example, email direction and guidance from managers and leaders) that will be generated as a result of implementing your business processes, and as such demonstrate (to yourself in the first instance) your ‘system’ is operating effectively. This analysis provides you with a valuable feedback loop ‘harvested’ in Internal Audit that ensures you can control successful delivery of your strategic business goals. In sum, it makes implementation of the standards relevant to your bottom line.
From that analysis you will know the size of the task and whether you need to ‘surge’ expert staff support through recruitment of a knowledgeable consultant, or whether you have the capacity to do it in house. Either way – you will now be in a position that ensures the process of certification will enhance rather than encumber your business operations.
(The thoughts here are merely echoes of the rambling mind of Tony Chattin, MD, MSS Global)