This piece is a new feature for CERM Risk Insights. It is a dialogue with authors who have significant insights on risk and quality management. The intent is to give these authors an opportunity to expand upon important risk and quality topics.

Our first author is Milt Dentch. He is the author of The Rise and Impending Demise of ISO 9001. Below is our review of the book (available on Amazon).

“Using autobiographical examples and detailed analysis, honed by years of conducting quality audits, Milt pulls back the ISO 9001 façade and examines its major components. He walks the reader through the development of ISO 9001. He discusses the roles of the Certification Bodies and the technical committees. He assesses the changes made to ISO 9001. He shows how these changes have resulted in the decline in ISO 9001 certifications. Using his experience and assessment of the needs of companies, he sets forth several recommendations which will stem the decline in ISO 9001 certifications.”

Why do you feel this book is needed?

After I completed my third ISO implementation handbook for ASQ, the Quality Press Acquisitions Editor, suggested I consider a book on Total Organization Management, integrating ISO certification with the other business management systems and quality support tools. I thought the concept was a great idea. Many companies are embracing the concept of an integrated-business management system (BMS).

The suggestion inspired me to write a history of the ISO certification process, chronicling my various experiences over the last thirty years with ISO 9001. Most ISO 9001 publications provide guidance on the implementation of ISO—or promotion of the benefits of the ISO certification process. My book covers the history, organization, and administration functions of the ISO certification process as a reference source for individuals new to quality management systems. Additionally, I wanted to record my experiences where the ISO 9001 certification systems functioned well and not-so-well, providing suggestions, I believe could help restore ISO 9001 to relevance.

As you see them, what are the challenges to ISO 9001:2015?

I believe the initial issue of ISO 9001 in 1987 helped companies who became certified to the ISO 9001 standard improve the quality and consistency of the products they manufactured by documenting customer agreements, specifications and worker instructions. When the ISO documentation became more important than performance results, ISO 9001 was expanded in 2000 to include customer focus and process management. I thought adherence to the ISO 9001:2000 requirements (ISO 9001:2008 contained no new requirements) provided certified companies the framework to maintain a quality system that supported their ability to provide products that met customer expectations, while providing a baseline for improvements.

I was quite disappointed when the authors of ISO 9001:2015 attempted to establish the ISO 9001 standard as the major driver of the company’s business—a serious mistake—and not achievable in my opinion. ISO 9001 is a quality support tool that defines the requirements to support the fulfilment of customer purchases. ISO 9001 does not have the breadth and depth of requirements required to allow auditing of the company’s total business.

I believe the establishment of Annex SL by the leadership of ISO to harmonize all ISO management systems to facilitate the integration of multiple management system also was a mistake. The environmental standard, ISO 14001 and the Occupational Health and Safety standard, ISO 45001 do not have as much in common with ISO 9001 as assumed by ISO leadership. Forcing near identical clause requirements among the three standards weakened all three standards. ISO 9001:2015 created under Annex SL guidance was poorly conceived, formatted, and written by the technical committees in my opinion.

The Rise and Impending Demise of ISO 9001 records my analysis of the various factors that have caused the decline in the number of companies certified to ISO 9001—with my recommendations on the adjustments and management changes required to return ISO 9001 to relevance. 

You have three additional quality related best sellers. These were published by ASQ. This book is with a different publisher. Why is that?

I had an excellent experience working with the ASQ -Quality Press. ASQ had published three of my books: The ISO 14001:2015 Implementation Handbook, The ISO 9001:2015 Implementation Handbook and The ISO 45001:2018 Implementation Handbook. ASQ Quality Press had awarded me their “Golden Quill” award in 2017 for my book The ISO 9001:2015 Implementation Handbook.

In December of 2019, I submitted The Rise and Fall of ISO 9001- An Auditor’s History of the Quality Management System Standard to the Quality Press of ASQ for publication.  The new editor at Quality Press responded with the following observations and questions:

“Some in ASQ may not want to hear about “the fall” part of ISO 9001 as our U.S. standard is a leading seller.  Do you have a response to this? Also, I haven’t read your book cover to cover, so I ask: Do you propose actions or solutions to the reader? Do you show the value / competitive advantage of the standard? Do you take any sides or is this a neutral history?”

I was disappointed that a book title submitted to ASQ’s publishing arm would be screened for impact on ASQ financial income before the “peer” reviewers provided an assessment of the factual content of the book.” I had previously submitted articles to the Quality Progress Magazine published by ASQ, outlining my concerns with Annex SL and ISO 9001:2015. One of the QP reviewers of my article suggested “The overall tone of the article is very negative and contains a lot of PR for the author”. The articles were rejected.

I contacted another publisher. At the suggestion of a colleague and peer reviewer of the draft manuscript, I revised the title to the less foreboding title The Rise and Impending Demise of ISO 9001.

What would like people to take away from your book, what would it be?

I hope my analysis of the reduction in companies certified to ISO 9001, as reported by the ISO Survey: 2018, would support the contention that acceptance of ISO 9001 is in serious decline, particularly in the United States. Currently, only 22,000 US companies, or less than 10% of US manufacturing firms, maintain ISO 9001 certification, a reduction of 50% in the last decade.

I built a case in my book that Annex SL has had a negative impact on the quality management system standard and should be replaced with a guidance document that recognized the uniqueness of management system standards.

The guidance document for management systems standards should not weaken or dilute the requirements unique to quality, environmental, Occupational Health & Safety management systems (and others) by forcing commonality of unrelated clauses, which is the case for the current Annex SL.

What do you think ISO should now do?

My book describes why the ISO 9001:2015 standard is a flawed document. I contend that ISO 9001:2015 is inferior to its predecessor ISO 9001:2008.

The Technical Committee 176 (TC176) responsible for generation of quality management system standards should expedite the replacement of ISO 9001:2015 with a document that more closely resembles ISO 9001:2008. TC 176 and the Technical Committee 176 (US TAG176) should adopt a more transparent communication process in receiving and responding to feedback from interested parties. TC 207, representing the environmental management system for ISO 14001, has a transparent feedback process that could be a model for TC176. All the US TAGs should operate a communications website, with portions open to access by interested parties.

One of the criticisms of ISO 9001:2015 is the inclusion of Risk Based Thinking (RBT). From your perspective as an auditor, what was the impact of RBT’s inclusion in ISO 9001:2015 on your clients?

I believe the addition of risk analysis (and deletion of preventive action) is a good addition to ISO 9001:2015. The application of, and auditing of preventive action (PA), has been a continual source of conflict for organizations and auditors since the beginning of ISO 9001 in 1987. If an organization has excellent quality metrics and very few corrective actions, why would an auditor insist (issue a nonconformance) the organization needs to create preventive actions? Or, as often exclaimed by auditors: “That’s not a preventive action- your PA is an action that prevents the recurrence of a corrective action”.

Unfortunately, ISO 9001:2015 created a new confusion with RBT. The Annex to ISO 9001:2015, allows risk analysis to be voluntary: ISO 9001:2015 Annex; A.4 Risk-based thinking states: “Although (6.1) specifies that the organization shall plan actions to address risks, there is no requirement for formal methods for risk management or a documented risk management process.”

All of the Certification Body (CB) auditors I encountered during the certification audits to ISO 9001:2015 expected the auditee to provide documented evidence to conform to the RBT “requirement”. One especially zealous CB auditor required the auditee to provide evidence that documented risk analysis was applied to each of the identified processes of the organization’s quality management system (QMS).

I advised my clients to establish a “risk register” or worksheet to identify and mitigate risks in their QMS. Whether an organization is ISO 9001 certified or not, companies (especially small companies) can benefit from a risk register. An example of a risk worksheet can be found on the link:  http://users.neo.registeredsite.com/9/2/0/18247029/assets/RISK_worksheet.pdf.

While I support including risk analysis and risk management as a replacement for preventive action, I think the authors of ISO 9001: 2015 made a mistake attempting to make RBT a key driver of ISO 9001. The ISO 9001:2015 standard does not adequately define the requirements for assessing risks in an organization’s business—and the CB auditors are generally not capable of assessing an organization’s total business’s risks. An organization’s risks related to cybersecurity, competitive threats, protection of intellectual property and continuity of material supply are better audited by individuals trained under the ISO 31000 Enterprise Risk Management Standard. ISO 9001 certification and auditing should focus on the management of risks encountered in quality management processes.

Risk analysis in a quality management system can effectively be linked to change control. Change control (and risk analysis) related to ISO 9001:2015 requirements can be found in the following processes: Process or equipment changes; Raw material specification control; Document control and review; Design; Regulatory updates; Outsourced processes; Planning of internal Audits; Effectiveness of corrective actions. A change control process used by many organizations is the ECN (engineering change notice) that manages how functions or processes interact when changes are made in product, materials, or processes. An almost military-like administration of the ECN process needs to be maintained if an organization is committed to a disciplined change control culture- and risk protection and mitigation.  I suggest a company that has a robust—and disciplined culture of change control is the ultimate risk-based thinker.

Thank you.

Bio

Milt Dentch has over 50 years’ manufacturing experience in a wide variety of industries, including pulp and paper, chemical, plastic and rubber processing, battery manufacturing, converting, electronics assembly, and machine building. He was an Exemplar Global (RABQSA) qualified lead auditor for eighteen years, approved to conduct quality, environmental and OH&S management system audits. Milt has conducted over 500 audits in companies as diverse as a floating oil rig in the Gulf of Mexico and an electronics manufacturer in Ukraine with 4,000 employees.

Milt received a BS in mechanical engineering from Worcester Polytechnic Institute and an MS in quality management systems from the National Graduate School of Quality Management (NGS). Milt was employed by the Polaroid Corporation in Waltham, Massachusetts for 27 years, starting as a plant engineer and retiring as the Director of Worldwide Materials in 1996. After Polaroid, he was plant manager for the Custom Coating and Laminating plant in Worcester for the Furon Corporation for several years. Milt currently provides consulting, training, and auditing related to the International Organization for Standardization (ISO) requirements for quality, environmental and Occupational Health and Safety (OH&S) management Systems.

In 2012, Milt wrote Fall of an Icon—Polaroid after Edwin H. Land (RiverHaven Books), an insider’s history of the Polaroid Corporation. His books The ISO 14001:2015 Implementation Handbook, The ISO 9001:2015 Implementation Handbook and The ISO 45001:2018 Implementation Handbook were published by Quality Press of ASQ in 2016 and 2018. His current book: The Rise and Impending Demise of ISO 9001 was published by Myles-James Books in August 2020.

Bio:

James J. Kline is a Senior Member of ASQ, a Six Sigma Green Belt, a Manager of Quality/Organizational Excellence and a Certified Enterprise Risk Manager.  He has over thirty years of experience working in all level of government. He has over ten year’s supervisory. He has consulted on economic, quality and workforce development issues for the private sector and local governments.  He has authored numerous articles on quality in government and risk analysis. His book Enterprise Risk Management in Government: Implementing ISO 31000:2018 is available on Amazon. He can be reached at jeffreyk12011@live.com