In a recent article published by S&P Global, the Consumer Financial Protection Bureau (CFPB) hit the Washington Federal Bank in Seattle with hefty penalties when they found the bank had inaccurately reported Home Mortgage Data Act data for 2016 and 2017.
When they reviewed the 100 files submitted by the bank, the CFPB found significant errors, demonstrating failures in the bank’s systems and compliance management, by its board and management in overseeing daily operations, and in monitoring and implementing policies and procedures. The CFPB has ordered the bank to pay $200,000 in penalties and implement practices that will prevent any future violations.
If Washington Federal had the appropriate checks and balances in place to begin with, and a robust Quality Management System, all this could have been avoided. (And before you think $200,000 might be small potatoes to a bank the size of Washington Federal, remember, repairing the damage to their reputation and credibility as a result of this issue coming to light is going to take a lot more.)
Purpose and principles: Creating repeatable, sustainable practices
As the world’s most recognized Quality Management System (QMS), ISO9001 Standard is designed to help organizations build a quality framework to deliver goods and services at a consistent standard to their customers, while still meeting their stakeholders’ needs.
ISO9001 is centred around seven management principles.
- Customer focus
- Engaging people
- Process approach
- Evidence-based decision making
- Relationship management.
When you apply each principle in your business, you’ll be better able to create value for your customers, maintain any regulatory requirements, and have a path to continuous improvement. There’s no order of priority in these principles, either. The significance of each to your organization will change depending on the needs of your customers, your business, your strategy, and your market.
The premise behind ISO9001 is that any business of any size in any industry can implement it. While organizations in industries like software engineering, transportation, gas, medical and legal must be certified, organizations in any other industry can still get ISO9001 certified if they wish.
A good QMS will ensure your team is carrying out their work in a streamlined and repeatable way. And in maintaining these patterns and routines, you’re better able to achieve and sustain the standards of excellence you aspire to.
Why you should get certified
For some businesses, ISO9001 certification is just a once-off activity to fulfil a single customer’s request. But once you’ve got it, it’s a way to answer all your customers’ needs, and even attract new markets. But before you go down the certification path, it’s important to be aware of some of the pros and cons.
|Boost credibility||ISO9001 certification demonstrates your commitment to quality and sets you apart from competitors. Some organizations, particularly in the public sector, will cite ISO9001 certification as a condition of engaging suppliers. A certified QMS will give you the credibility and the confidence you need to expand into new markets.|
|Better employee engagement||Engaged employees mean better productivity. A well-implemented QMS sets your employees up for success, with clear expectations of quality, processes and performance metrics, as well as channels for feedback and improvement. And remember, the quickest path to successful implementation is to involve everyone in the business, not just management. After all, the best people to find process improvements are those who are doing the work every day.|
|Better processes||A key aspect of your QMS is having thorough, well-planned processes that effectively relay work instructions and specifications to your employees. Make sure each process has defined responsibilities, detailed instructions on how work should be completed, and clear outcomes.
Way We Do’s Activated Checklist tool helps you capture these requirements, along with evidence of your team actively using these processes. The built-in version control feature lets you adapt and test changes to your processes, allowing you to easily update and modify tasks as part of your continual improvement activities.
|Better decision making||Making decisions about what to improve and when is based on solid information, not guesswork. Insights on process activity, and user and customer feedback is invaluable. You can draw this information from process owners, or from Checklist Instance Reports in Way We Do, with metrics like process completion rates or bottlenecks relatively easy to spot.|
|Better compliance management||Getting your QMS implemented and executed properly means you can better meet any legal and regulatory requirements that apply to your market sector. A sound QMS gives your business a solid foundation for achieving consistency in your day-to-day operations.
Make sure all your employees – particularly those who provide services to your customers – are aware of the business’ compliance requirements. Your Way We Do account gives you everything you need to effectively communicate your QMS to your team. Use it to assign responsibilities to the appropriate people, communicate updates and changes, and gather metrics on how each process is used.
|Meet your customers’ needs||A well-designed QMS will help you consistently meet your customers’ needs over time. Actively adopting a QMS across your business can help you deliver better quality products and services, all the time. And better quality means less re-work, fewer product recalls, and less chance of having to give refunds.|
|Effort and time||Creating, implementing and executing a new system will take time and effort, often on top of an already full workload. The immediate impact may be a drop in productivity. One way to manage this is by spreading the load across the business, giving those with the appropriate skills the task of recording processes.|
|Increased accountability||The effectiveness of a QMS relies on continuous improvement. The criteria for quality can change over time, and some businesses can struggle with maintaining their QMS and documentation. It’s important for senior management to maintain the business’ commitment to the QMS and allow the appropriate resources to uphold it.|
|Few short-terms gains||Introducing a QMS is a long game. While you may see some benefits early, such as better productivity, and more customer accolades, other benefits will take time to show themselves. For instance, financial growth, improved efficiency, and new business opportunities.|
What you need to know about getting ISO9001 certified
Way We Do spoke to a Lead Auditor at Southpac Certifications, Amy Kight, recently, to learn more about certification, and what auditors look for during the auditing process.
Way We Do: What’s your experience of taking businesses through the certification process been like?
Amy Knight: Generally I find that client is quite anxious about being audited. There is quite a negative pre-conception of auditors and the audit process. I immediately try and reinforce that this is a positive exercise. We try to assist in identifying potential problems before they have a negative impact on the organisation. Of course, that includes suggesting improvements they can tap into that will help them boost their overall efficiency.
WWD: What’s involved in getting certified?
AK: If the organisation is new to certification, they need to go through a Stage 1 Audit first. This involves a document review to ensure the organisation has key processes in place and is ready for success in the following audit. We’ll ask questions about their current practices and try to understand how committed they are to implementing these processes.
At the end of Stage 1, which can take between half to a full day, we’ll give them a report that outlines any ‘deficiencies’ we’ve found. Depending on how many ‘deficiencies’ are found, and the time the organisation has to work on these, we will make a recommendation as to when to book in a Stage 2 Audit.
In the Stage 2 Audit, the auditor reviews documents and records and conducts interviews to confirm key processes are being implemented. At Southpac Certifications, we take this a step further and instead of just asking “Are you doing what you say you’re doing? Or what the standard says you should be doing?”, we ask, “Is it working? And Can it be done more efficiently?”.
WWD: How long does a business have between a Stage 1 Audit and Stage 2?
AK: There are a number of factors that influence this – like the amount and severity of deficiencies found, and the time that the client has to address these – but generally, it’s between two and six weeks.
WWD: What happens after Stage 2?
AK: If all goes well, the business will be accredited to the standards they have applied for. After that, they’ll need to maintain their certification by undergoing annual audits. This is a 3-year cycle.
- Year 1: Stage 1 & 2 Audit (Certification)
- Year 2 & 3: Surveillance Audit
- Year 4: Recertification Audit
- Year 5 & 6: Surveillance Audit
And so on. Surveillance audits are a less in-depth review of key processes.
WWD: So is the recertification as involved as the first?
AK: We do need to perform another full system audit similar to the Certification (Stage 2) audit.
WWD: You mentioned earlier that people take a negative view of the auditing process. Are there any other misconceptions you regularly come up against?
AK: Definitely. The most common is around documentation and the purpose of their QMS. There’s less emphasis on documentation now, due to Standard’s last update in 2015. While businesses need to provide evidence that they’ve got controlled processes in place, the format that information is in can now vary, from flowcharts and process models to step-by-step checklists and working instructions.
As for the purpose of a QMS, some businesses see it as separate from what the business does day-to-day, rather than as the foundation for all they do. At Southpac, we believe a business’ QMS should be built and live within the organization’s existing systems.
WWD: How does ISO9001 compare to Business Process Management (BPM) and Continuous Improvement (CI)?
AK: From what I understand BPM and Continuous improvement are ‘best practice’. ISO9001 allows organisations to get certified to an international standard, providing assurance to themselves and others.
WWD: What are some things businesses can do now to help their businesses build and maintain their QMS?
AK: Make sure you carry out regular internal audits so you can keep your business processes and practices on track and continue looking for opportunities for improvement. Remember to be objective during the audit! This can be tricky if your business is small and you and your staff wear multiple hats.
Get regular feedback from your customers and clients. This means capturing positive experiences, as well as complaints and negative comments. It can help you figure out what you’re doing really well, and potentially extend that to other areas of the business.
Regularly evaluate your suppliers and contractors too, so you can manage any risks they may pose to your business and your clients, and make sure they’re performing to the standards you’ve set for your organization.