FAQ

A management system such as a quality management system is simply the way you run your business. Management systems may be formal (Written and communicated), informal or a mix of each.

A management system is often developed to meet the requirements of a number of disciplines, such as quality management, occupational health & safety, food safety, environmental management, security management, and information Security management.

In many cases, it can be better for a company to have an overall business management system to help reduce duplication of management processes.

A good management system will include processes for checking the system is followed and improved.

Management systems tend to be developed in the following ways:

• The system emerged with little planning.
• Another company’s system was copied or a template was used and adapted to your business.
• Management write down what they do.

Although there is merit in each method, the most effective way of developing a management system is the 3rd method.

A formal management system is a documented plan of how you will run your business. Often a formalized management system will consist of policies and procedures, forms and training.

A management system does not need to be large and bulky, or overly complicated.

A management system should never be a rigid, set of enforced practices that provide little or no benefit to the running of the business. A management system should regularly be improved to represent the best you are doing at the time. It is actually your own set of standards.

There are a number of internationally recognised management system standards. These provide criteria on which to build a management system. The management system standards outlined below are familiar to most and cover the following areas:

• ISO 9001 for quality assurance
• ISO 14001 for environmental management
• OHSAS 18001 for the management of occupational health and safety
• HACCP Warranty for the management of food safety
• ISO 27001 for information security
• ISO 31000 for the management of risk

Generally, the standards are not easy to read unless you are familiar with their language. However, they offer very practical and useful information on managing each of the disciplines they cover. There are similarities throughout the standards. These similarities allow the standards to be easily integrated into one system for managing the business.

One of the most basic similarities is their use of the PDCA cycle presented below:

PDCA Cycle

PLAN

Refers to a plan of how you want to run the business using the standard of your choice

DO

Refers to following the management system. This often includes training and communication.

CHECK

Refers to the process of checking whether the management system is running as planned. Can sometimes cover checking whether the plans reflect what is being done. The primary checking mechanism of a formal management system is an internal audit. External auditors from certification bodies can also contribute to this section of the PDCA cycle.

ACT

When a discrepancy is found, the Act part of the cycle refers to correcting actual and potential problems.

The circular arrows on the PDCA cycle represent ongoing or continual improvement

3rd party certification introduces the principle of independent verification of compliance to a standard.

3rd party certification is mostly important for customers, giving them some assurance that you have planned your operations and that you at least meet a standard.

There are a number of certification bodies providing 3rd party certification in a variety of disciplines.

Once your management system is set up ,you apply for certification through a registered certification body. The process has 4 simple steps:

Application

An application for certification is sent to the certification body (Application forms are provided by the certification body).

Document Review of the management system

The certification body conducts a review of the management system documentation to ensure that it meets the necessary requirements of the standard.

Initial/Certification Audit

The certification body conducts an on-site audit to check that the management system has been properly implemented. If the management system has been implemented, the organization becomes certified to the standard.

Surveillance Audits

Surveillance audits are conducted annually to provide continued evidence of conformance

How confusing. In my experience:

• The plans meet the standard, but the plans are crook. This is often the fault of trying to get certified for as cheap and as quick as possible
• Management seek certification solely for the purpose of getting contracts
• The management system is near impossible to follow and no one is willing to, or game enough change it
• Management are not committed to investing their best time, effort and resources
  In short, businesses that are struggling to remain certified or to deliver superior products and services are those businesses that are not willing to put in the effort and resources to improve.

There are essentially three approaches to developing compliance management systems:

• Internal development
• Internal development using a template document
• External development (i.e. using a consultant / mentor)

Things to remember:

1. Whatever approach is taken, ideally, you should always strive to understand the standards and legislation for yourself. If leaving it to someone else to do all the work for you, you are always relying on their interpretation. Understanding the standards takes time and effort.
2. When using the first approach, if you decide to take on the work, internally and there is no internal expertise, the process can take a long time, and the finished product may yield little value. The process can potentially cost more than using consultants.
3. When using approach 2 and 3, ensure that you have contributed substantially to your plans, they are yours and you need to be comfortable with them and willing to follow them
4. When using approach 2, be very careful of buying a template set of policies, procedures and forms. They can assist with formatting, and basic set up of any documentation, but that is where their value should end. You need to make the system your system, not force yourself to fit into a generic system.
5. When using approach 3, a consultant can be a very cost effective method for complying with applicable standards and legislation. A consultant should have a plan of attack that maximizes your results, but minimizes your costs. There are some things to watch out for when working with a consultant:

• Remember that a consultant is not an expert on how you run your business, you are
• Do not leave it up to the consultant to do it all for you
• Make sure you know how much the services cost before you engage a consultant and that you are sure of what you are going to get
• Make sure you like your consultant
• Make sure your consultant knows what he / she is talking about before you engage him / her.

There are various ways of engaging a consultant from getting the consultant to do all the work for you, to using the consultant as a mentor to compliance.

Attending training courses can also be a useful exercise.

 The duration of the project is based on the number of standards require by organization, strength of the organization, number of process and complexity of the process.