We can’t all be experts at everything, no matter how hard we try. One of the biggest issues we come across is the pressure on resource, both from a time perspective and also the specialist skills required to support a management system.
Splitting the two points, lets look at each individually and identify what is really required for ISO and hopefully clear the fog on any perceptions.
Not Enough Time
The managing of the management system is normally part of someone’s “real” job in most SME’s. That’s not normally a problem until the “real” job grows or expands. Often the role of the “management representative” (an old term but still a good one) can be fulfilled by someone with an interest or drive for improvement.
The ISO standards (with exception of some of the technical standards) don’t define the role, who or what needs to be done. Some organisations may split the role (share the pain) so that the resource requirement (time) is covered over a number of individuals with specific responsibilities. This could be:
- Each departmental head having responsibility for recording, monitoring and reporting into the management rep KPI’s for the management review.
- Middle management being responsible for non-conformance management
- Departmental representatives undertaking internal audits.
By spreading the role, no one persons is expected to undertake all the work, BUT there should be a focal point for collation of data (a collator, not a doer).
In an increasingly cost sensitive environment, overhead is under scrutiny and the want for additional responsibility to be undertaken on by an individual can sometimes be counter productive.
We often meet very busy systems managers working to 100% of their capacity but only completing 70% of all tasks with nothing completed to their satisfaction.
Not Enough Knowledge
We have all been in the awkward conversation with the external auditor when the discussion of training vs competence is raised. Often this is for both internal processes and organisational knowledge and ISO stuff such as internal audit and compliance review.
ISO doesn’t set specific requirements for audit training, but ISO 19011:2018 provides guidance on auditing management systems, including the principles of auditing, managing an audit programme and conducting management system audits, as well as guidance on the evaluation of competence of individuals involved in the audit process. It identifies three components of auditor competence:
- Personal behaviour
- Auditing knowledge and skills
- Technical knowledge and skills
Auditors need to possess the appropriate qualities, knowledge and skills in all three of these areas.
Often we find clients approach us because we are able to solve the ‘not enough time and not enough knowledge problem’. As an external resource, we don’t add to the head count and also posses the knowledge, skills, and competence required for effective auditing and system management. Chairing and minuting the management review, solving any problems identified or just supporting the internal systems manager (management rep), offering a shoulder to cry on or a sounding box for ideas.