How can we use the process approach (part II)

Part I.

3. The process approach – a quality management principle

The process approach is one of the seven quality management principles included in ISO 9000:2015. Let us see the statement of that principle:

Consistent and predictable results are achieved more effectively and efficiently when activities are understood and managed as interrelated processes that function as a coherent system.

It is easy to relate those “Consistent and predictable results” with the objectives referred to in the definition of a management system. 

And what does the same ISO 9000: 2015 say about what a process is? 

set of interrelated or interacting activities that use inputs to deliver an intended result

So, we may see an organization as a coherent system made of a set of interrelated or interacting elements called processes, and it is through those processes that an organization achieves its intended results, its objectives.

At a first glance, we have: 

The intended results may be: 

Now, let us zoom the organization to find out which processes are present and how they interrelate.

 For example, the processes may be:

 

When this organization wins a new project, they have to start ordering resources needed to provide the service. At the same time, winning a new project means developing a new service, new resources need will be determined, and service preparation may start. Then, at an agreed date the service provider may start.

Let us go back to the management system definition:

System to establish policies and objectives, and processes to achieve those objectives

Now, our system is our set of interrelated processes, and it through those processes that you try to meet intended results. Processes are like variables in a mathematical equation that we operate in order to meet our intended results: 

Let us go back again to ISO 9000:2015, clause 2.4.1.3, where we can read:

These processes interact to deliver results consistent with the organization’s objectives and cross functional boundaries. Some processes can be critical while others are not.

When we model how an organization works, we include in the model a set of processes. Those processes are needed, but not all processes have the same impact or influence in meeting each objective or intended result.

Just as an example, let us consider this matrix that relates processes and objectives:

 Processes are where the rubber meets the road. Whatever an objective the management wants an organization to achieve, it is only a dream if one or more processes of the organization are not mobilized and changed to that. In the matrix above, meeting objective “Better sales” requires working on the process “Win project”. Meeting objective “Less complaints” requires working on processes “Prepare service” and “Provide the service”. Meeting objective “More satisfied customers” requires working on processes “Develop a new service”, “Prepare service” and “Provide service”. 

Now, look into the process “Maintain equipment”. It must exist but does not contribute directly to any overall objective. These processes are tricky. If you are excellent in these kinds of processes, they will be expensive but will not contribute to customer satisfaction, but if you make a mistake in these processes, they can contribute to customer un-satisfaction. 

No one says: we are very satisfied with our electrical power supplier because at the end of the day there were no power failures. We say, it is the minimum someone can expect, no failures 

Next: Process and strategy

How can we use the process approach (part I)

 1. Management system definition

Let us start with the management system definition.

Do you know what is the ISO 9000:2015 management system definition?

set of interrelated or interacting elements of an organization to establish policies and objectives, and processes to achieve those objectives

Let us substitute “set of interrelated or interacting elements of an organization” with the word “system”. According to ISO 9000:2015, a system is a “set of interrelated or interacting elements”. So, a management system is:

A system to establish policies and objectives, and processes to achieve those objectives

Have you ever looked at this definition of a management system? Seriously, have you ever looked at this definition with eyes to see? I confess, for years and years I looked at it and never gave it importance, until one day I read it again and I was shocked ... I have been working with ISO 9001 since the 1980s. At that time, I was trained in another view on quality systems, very focused on procedures and quality control. 

Now, I was looking at the definition of a management system and saw something I had never seen before. A management system is a system that establishes a policy, that is, a strategic orientation, a set of priorities, translates that policy into a set of objectives aligned with the policy, the objectives are concrete challenges to be achieved, and then, start working systematically to achieve these objectives. 

2. Systemic thinking

An organization is a system. A system generates results and these results do not happen by chance, they are a perfectly normal product resulting from the system, the way people work, their culture. Thus, the current system generates the current results. If an organization wants to achieve different results in the future, it will have to transform, it will have to stop being the current organization to become the organization of the future. 

When we look into the current organization, the one generating the current results, we can discover a network of loops, a network of practices, that reinforce desired or undesired results:

Parts of these loops are intentional design, but others have evolved without a central command. To achieve the desired objectives for the future, it is necessary to act on these loop networks. 

Back to the definition of a management system. In a management system, the focus must be on the work to be carried out systematically to modify an organization, so that it can achieve objectives aligned with strategic priorities. I would almost say that everything else is noise. 

Next: Process approach definition

Quantos riscos e oportunidades reais consegue determinar?

Muitas empresas, ao implementarem um sistema de gestão da qualidade, pedem a um consultor para lhes listar um conjunto de factores externos relativos ao seu contexto. Infelizmente, muitas nunca mergulham numa reflexão sobre quais são, o que representam e como devem ser utilizados. 

Ao ler a introdução a este artigo "The Current State of Substrates in 2021":

"The value, demand and dependency for soilless substrates (growing media) has never been greater. NEVER. Last year brought unprecedented challenges as well as many opportunities to the horticulture industry worldwide. These challenges and opportunities set the stage for what should be a very interesting 2021 for all sectors of the industry. Factors affecting the current and future status of soilless substrates include the COVID-19 pandemic, political trade wars, extreme weather patterns and climate change, existing and proposed environmental regulations, and product and consumer trends."

Quantos riscos e oportunidades reais consegue determinar para a sua empresa, com base em cada um dos factores sublinhados?

 

"a boring bureaucratic arrangement to keep the status quo"

"Have you noticed the definition of a management system? 

I know that a lot of people don't care about this definition thing, but if you work with management systems, I invite you to read the definition of the ISO 9000 standard.

Management system - System to establish a policy, an orientation, a set of priorities. Then, translate these priorities into objectives, into concrete challenges. Then work, transform the organization to meet those objectives. 

While writing the management system’s policy one must include in the text a commitment to continuous improvement. Thus, a management system must aspire to continuously improve its performance. 

Today's organization generates today's performance. Today's performance is a perfectly normal product of the current organization. The commitment to improvement means aspiring to a desired future performance better than the current one. Aspiring for future performance better than the present means transforming the current organization into the organization of the desired future, the only one capable of generating the desired future results in a perfectly normal and sustainable way. 

In this way, maintaining a management system means continuously investing in transforming the current organization into the organization of the desired future. However, in many audits conducted in 2020 I found the same non-conformity: 

Organizations should seek to continuously improve the suitability, adequacy, and effectiveness of the management system to improve its performance. The organization did not demonstrate the establishment of improvement objectives for its management system. All the objectives foreseen for 2020, associated with the system indicators, refer to the same objectives of 2019. 

From my initiation to systemic thinking, I remember this image:

Why are organizations not meeting the commitment to continually improve? 

I don't think it's because of powerlessness or unworthiness beliefs. I think it is more due to ignorance or even contempt for the management system. The management system is a separate thing, it’s not a Force to stretch the organization and move forward, but a boring bureaucratic arrangement to keep the status quo, to tick “done” in a to-do list.

Function, organizational knowledge and competence (part II)

Part I.

One part of the picture above is abstract and the other is very tangible.

Performance and context can act on both parts:

Context and performance is what is behind what I use to say:

"What is true today tomorrow is a lie and vice versa"

To be continued.

 

Function, organizational knowledge and competence

Some time ago, when carrying out an audit, I again found a situation unfortunately too common.

After reading a training procedure, I asked for the annual training plan. I selected a training course and asked what were the competence gaps that the course aimed to fill.

Silence....

It seemed that I was speaking Chinese or Greek.

- Competence? We ask managers what training needs are and it is based on the responses that we prepare the training plan.

I tried to approach the situation in another way:

- Do you have a document describing the competence profile of a job?

- We have! - they answered

- Can I see it?

The document, however, only linked the names of people to a list of activities that they could perform more or less frequently.

- Have you any document that describes what a person has to master to perform a function autonomously?

- No!

- How do you show that a certain person is competent?

To be continued.

Guideline for the future

 Yesterday had an interesting phone conversation with a client about its quality policy. He sent me a first draft and I said I didn't like it. It was a text full of vague statements, applicable to any company in any sector of activity. So, I got back to the charge with my approach. A quality policy can be much more useful if it states:

• Who we are and what we do
• Who we work for
• What do we have to be really good at.

At one point I said to him:

Look at current customers, I know that organizations want to serve all types of customers, which is a mistake, but look and choose 3 or 4 who are the ones that represent the ideal customers, you may not send any customers away, but you want everyone to be like these 3 or 4.

Now tell me, why do these 3 or 4 customers work with you? What attracts them? What should your company bet on to make a difference with these customers?

It was then that the answer really surprised me ...

We are new in this area, we know that we are in an evolutionary path and now we really have no customer like these...

I soon jumped to seize the opportunity.

- So even more important is doing the exercise. Which 2 or 3 customers would you like to win over the next 3 to 4 years?

And my mind was full of metaphorical images developed in more than 30 years of work... like the children in the playground. I think that companies see their customers as children in a playground. They only see the collective and forget that at the end of the day each child goes home to be a singular person to its parents. 

The customer, even if it is a corporate, must be seen as a unique entity that we can, we should look into the eyes.

Another feeling before the end of the meeting was that my client found something that made sense, something to help, to guide his company in the journey to a desired future state.

Sensemaking, punctuated equilibrium, sudden shifts, radical change

 It is interesting to realize that in these last days we are finding more and more articles about context analysis and making sense of the surronding environment. Yesterday found this one, "The Overlooked Key to Leading Through Chaos". 

"Ask executives to list traits of great leaders and they will probably name vision, honesty, or the ability to execute change. Rarely mentioned is one critical capability that leaders need most in turbulent times: sensemaking, the ability to create and update maps of a complex environment in order to act more effectively in it. 

Sensemaking involves pulling together disparate views to create a plausible understanding of the complexity around us and then testing that understanding to refine it or, if necessary, abandon it and start over.

...

Leaders need to know what’s happening around them in order to drive organizations forward. Today this task is harder than ever, given the ever-increasing rate of change in technology, business models, and consumer tastes — and it is now further complicated by the global pandemic and its related economic and political aftershocks.

...

Rather than immediately jumping to solutions, we must start with collecting data and scrutinizing it for trends and patterns that point to better solutions; rather than ignoring warning signs of failure, we should learn from others what those warning signs might be. This is not the time to do less sensemaking — it is the time to supercharge your organization’s ability to do more."

Certainly a symptom that the world in which organizations operate is in one of those phases of the punctuated equilibrium where everything undergoes sudden shifts leading to radical change.

 Other recent posts on the subject:

• Sense, organize, capture and renew
• Covid 19 and context analysis in ISO 9001, and
• "Toto, I've a feeling we're not in Kansas anymore"

Sense, organize, capture and renew

"First, develop a comprehensive set of processes to actively sense new insights (whether internal or external) that could affect the business, and hence identify threats or opportunities [Moi ici: Attention, threats and opportunities are not intrinsec qualities of context issues, they are a function of the current strategy. Covid 19 is a threat or an opportunity? It depends] as early as possible. Second, organize in response to those threats or opportunities; this is likely to involve reallocating resources, revamping processes, filling capability gaps, and aligning the company’s structure and governance. Third, capture value by revising business models and restructuring relationships with other players in various ecosystems. And fourth, renew the organizational capabilities needed to create and capture value by continuing to monitor and assess results and making small adjustments over time — while also preparing for the major disruptions that require a more comprehensive overhaul."

A text taken from "Plotting Strategy in a Dynamic World". A text in line with:

• Covid 19 and context analysis in ISO 9001, and
• "Toto, I've a feeling we're not in Kansas anymore"

Covid 19 and context analysis in ISO 9001

This week I was asked a question by email about ISO 9001:

"Do you think we should consider covid 19 as an external factor?"

Of course yes!!! Which organization was not affected by Covid 19?

It is an event with implications for all organizations. For some it creates risks, but for others it creates opportunities. It changes the external context, modifying both the level of demand, the channels used, and the value proposition for new and different groups of customers, but it can also change the internal context with teleworking and preventive measures on the production lines or during service provision.

As an auditor, I look forward to seeing Covid 19 in the context analysis update.

Today I found this article on the FT, "How coronavirus changed gardening forever". A good example of Covid 19 as an opportunity increasing demand. but also bringing new and different customers looking for different value propositions:

"In early March, when Covid-19 began to take hold of the globe, something changed in the world of gardening.
...
On March 16, the British government ordered people to avoid pubs, restaurants and non-essential travel. That morning, David Robinson, Managing Director of Suttons Seeds in Paignton, Devon, settled in for his usual Monday ritual of checking weekend sales numbers. He had a shock. “I said, ‘I think we have a problem with the sales numbers, it looks like they’ve been double or tripled.“”
.
Converted gardener Sonja Ruetzel: “I was feeling anxious during the lockdown, and gardening makes it look like you have an area where you have a little bit of control”
.
But the numbers were right: suddenly millions more people went online to find out what they could develop. In the weeks that followed, Suttons experienced days when sales were 20 times higher than the same day a year earlier – with lettuce, beetroot and cilantro seeds being the bestsellers.
...
Sowing a seed or renovating an overgrown garden was a balm to the pain of foreclosure, offering hope for some foods that didn’t have to come from an overcrowded and under-supplied supermarket, and the opportunity to improve and to embellish the little pockets of greenery around us.
...
Food culture YouTuber Charles Dowding has seen a huge spike in popularity, with 2.8 million views between March 24 and April 23 and 37,000 new subscribers. The Candide gardening app saw an average increase in the number of new members of 50% compared to the same period last year.
...
This wave of new gardeners is already bringing change to an industry that is slow to embrace a new audience. Garden designer and TV presenter Diarmuid Gavin started a daily live gardening conversation on Instagram during the lockdown that caught the attention of TV production companies, and he ended up doing a six-part TV show. titled Gardening together who tapped his mind to taste.
.
“There is a whole new breed of gardener who is so enthusiastic and hungry for information,” he says. “It’s less about the tricks of journalism and more about listening directly to people trying their hand at themselves.”
.
Will this shift to gardening last or is it a short-lived phenomenon caused by unique circumstances? Everyone I interviewed is optimistic that many of the newcomers will persist.
.
As Gavin says, “What we’ve heard from garden centers, compost makers and seed growers is that these new customers are coming back and coming back. They really want to know how to do it right. They are really invested because it means something to them. Once they have grown a spud, they will never stop. “"

Estratégia, processos e ISO 9001

Relacionar estratégia, processos e a ISO 9001:2015

Imagem retirada de "Business Process Change - A Business Process Management Guide for Managers and Process Professionals" de Paul Harmon (4ª edição)

Shuffling the cards and dealing

With companies, what today is true, tomorrow is a lie and vice versa. Why?
Because economics is not a Newtonian science and is a function of humans and the ever-evolving context.
Companies’ size is somewhat related to the scope and depth of the analysis of the relevant context.

The following article, "What’s At Risk: An 18-Month View of a Post-COVID World", lists a number of issues associated with the context for the next 18 months, which will somehow influence the future of companies in a kind of shuffling the cards and dealing, changing assets and rules.

Plano de reflexões

Ainda esta semana numa empresa começámos a preencher um Plano de Comunicação. Um documento que irá crescer ao longo do tempo, em função das necessidades que irão emergir tendo em conta diferentes propósitos e audiências.

Ontem li este artigo, "Four ways to reflect that help boost performance" onde encontrei esta interessante tabela:

Que reflexões são feitas na sua empresa? Com que propósito e com que participantes?

Nestes tempo após a 1ª vaga COVID-19 julgo tão importante aquele "Scanning the horizon"... e no entanto, tenho apanhado tantas surpresas negativas... venha ou não venha esmola da UE, os próximos tempos vão piorar antes de melhorar. E o que vejo? Gente confiando que o layoff os vai proteger da necessidade de se reconfigurarem. Gente que acha que isto de reflectir sobre o contexto é treta para a ISO 9001.

Fará sentido desenhar um Plano de Reflexões para a sua empresa?

Relevance, not quantity

You don't need to have a huge list of internal and external issues in the context analysis of your quality management system. You need to have a list of truly relevant issues. That is how ISO 9001:2015 uses the word determine, not identify.

Example from "Health and safety, environment and quality audits: a risk-based approach" from Stephen Asbury.

An uncomfortable feeling

When you are auditing how an organization has treated its context analysis according to ISO 9001:2015,  you may conclude that the organization has answered to all requeriments and yet... feel some how uncomfortable with the exercise. An organization may tick all requirements and yet miss the most important.

I found this passage that I think applies to this feeling:

"As you will see, auditing is concerned with seeking to provide a level of confirmation (or assurance) that an organization has addressed reasonably foreseeable significant risks to its operations and to the achievement of its objectives with a suitable framework (or series of interconnected frameworks) for internal control.

...

Along with providing assurance for the present, auditing should also provide a future focused view of the suitability of this control framework(s) for the changing business environments of the months and years ahead. Information about the future is generally much more valuable to managers than information about the present or the past."

Sometimes it is not easy to communicate that feeling to the organization. You are an auditor not a consultant, and it is not easy to judge the strategic thinking skills of a top management team. 

Sometimes those that are not immersed in a specific situation, that don't live it daily are more aware of the background trends.

 

Passage from "Health and safety, environment and quality audits: a risk-based approach" from Stephen Asbury.

 

"Risk is failure of a projected narrative"

A ISO 9001 aborda a abordagem baseada no risco. 

“The Oxford Dictionary defines risk as ‘the possibility that something unpleasant or unwelcome will happen’,

…

Risk in its ordinary meaning concerns unfavourable events, not beneficial ones.

.

Risk is asymmetric. We do not hear people say ‘there is a risk that I might win the lottery’ because winning the lottery is not something they would describe as a risk. They do not even say ‘there is a risk I might not win the lottery’ because they do not realistically expect to win the lottery. The everyday meaning of risk refers to an adverse event which jeopardises the realistic expectations of the individual household or institution. And so the meaning of risk is a product of the plans and expectations of that household or institution. Risk is necessarily particular. It does not mean the same thing to J. P. Morgan as it does to a paraglider or mountain climber, or to a household saving for retirement or the children’s education.

…

Very often, the risks that concern us are not risks to the status quo, but risks to our plans to change that status quo.

…

We believe the best way to understand attitudes to risk is through the concept of a reference narrative, a story which is an expression of our realistic expectations. For J. P. Morgan, the overarching reference narrative is one in which the bank continues profitable growth. A large corporation will have many strategies for achieving that overarching objective in particular areas of its business and there will be a reference narrative relating to each business unit. Some of these business unit reference narratives may be very risky, but the corporation may tolerate such risks provided they do not endanger the reference narrative of the organisation as a whole.

…

And since different people start with different reference narratives, the same risk may be assessed by different people in different ways. Risk may not be the same for those who work in an organisation as it is for the shareholders of that organisation.

…

Risk is failure of a projected narrative, derived from realistic expectations, to unfold as envisaged. The happy father anticipating his daughter’s wedding has in mind a reference narrative in which events go ahead as planned. He recognises a variety of risks – the prospective bridegroom has cold feet, a torrential downpour drenches the guests. There is an implied measure of risk in such assessment – an outcome can fall short of expectations by a narrow margin or a wide one. The scale of that risk may or may not be quantifiable, before or after the event. But this interpretation is very different to the view that has come to dominate quantitative finance and much of economics and decision theory: that risk can be equated to the volatility of outcomes.”

Trechos retirados de “Radical Uncertainty” de John Kay e Mervyn King 

Free webinar – How to perform an internal audit remotely (new date)

Webinar session on Thursday, June 25, 2020 is fully booked. So, another session was set-up for Wednesday, June, 24, 2020.

Webinar designed for internal auditors for ISO 9001, ISO 14001, ISO 27001, and other ISO management standards. The webinar explains what changes must be made, and what risks and obstacles must be considered during the preparation, performance, and reporting of a remote internal audit.

• What can be remotely audited during an internal audit
• What are the differences between remote and on-site audits
• Which tools to use
• What risks can be found and how to overcome them

You can register here.

One of the slides is about the big picture:

Free webinar – How to perform an internal audit remotely

An invitation to attend - June, 25th

Webinar designed for internal auditors for ISO 9001, ISO 14001, ISO 27001, and other ISO management standards. The webinar explains what changes must be made, and what risks and obstacles must be considered during the preparation, performance, and reporting of a remote internal audit.

• What can be remotely audited during an internal audit
• What are the differences between remote and on-site audits
• Which tools to use
• What risks can be found and how to overcome them

You can register here.

Que objectivos para uma auditoria?

Ontem ao procurar informação sobre um tema relacionado com auditorias fui a um dos livros que tenho em minha posse há mais tempo sobre o tema, "Quality Audits for Improved Performance" de Dennis Arter. A certa altura encontro este exemplo para um objectivo de uma auditoria:

1 - "Determine whether the corrective action procedure conform to aerospace industry quality program requirements, and wheter they are effectively implemented in the production of adhesive compounds"

E recordei uma velha luta minha... sistemas da qualidade maduros deveriam concentrar-se mais na eficácia, no desempenho, do que na conformidade. E comecei a desenhar um objectivo de auditoria alternativo:

2 - "Determine whether the corrective action procedure help the organization in developing and implementing corrective actions with sound impact on results, on improvement"

A versão 1 foca-se na verificação da conformidade. A versão 2 não refere a conformidade, para uma empresa com um sistema de gestão da qualidade maduro isso não é prioritário. O que é prioritário é ser capaz de responder à pergunta: até que ponto o procedimento de acções correctivas ajuda a empresa a conseguir resultados. Quantos euros se pouparam? Quantos eventos negativos se evitaram? Quantos minutos foram ganhos? Quantos clientes não foram perdidos?

A versão 1 copia os objectivos de auditoria das entidades certificadoras, a versão 1 faz todo o sentido para quem está a implementar um sistema de gestão a partir do zero.

A versão 1 é tanto menos útil quanto mais maduro for o sistema de gestão. Quem compra livros de auditorias e frequenta acções de formação está a montar sistemas a partir do zero.

Pouca gente evolui para a versão 2. Ou porque não pensa sobre o tema, ou porque não valoriza o potencial de uma auditoria, ou porque tem receio de partir o molde em que foi enformada.

Auditorias remotas

O coronavírus atua como um acelerador de alterações que já estavam em andamento
...
As auditorias remotas são sobre o uso da tecnologia para recolher evidências, recolher informações, entrevistar auditivos, etc., quando os métodos "presenciais" não são possíveis ou aconselháveis.
.
A ISO 19011: 2018 menciona a possibilidade de usar auditorias remotas e auditorias virtuais.
Há uma nota importante: a realização de auditorias remotas depende do maior ou menor risco que coloquem no cumprimento dos objectivos da auditoria, vai depender do nível de confiança entre o a equipa auditora e o auditado, e de quaisquer requisitos regulamentares.

Recomendo a consulta de:

• Anexo A.1 da ISO 19011: 2018 Aplicando métodos de auditoria; 
• Anexo A.15, Visitando a localização do auditado; e 
• Anexo A.16, Auditando atividades e locais virtuais.

A decisão de quando e como usar as técnicas de auditoria remota depende dos objetivos, âmbito e critérios da auditoria, da tecnologia disponível, da competência do auditado e do auditor em usar a tecnologia e do tipo de evidência de auditoria que precisa ser recolhida.

As auditorias remotas podem ser úteis para auditar actividades durante circunstâncias fora do controlo da organização, comumente referidas como "Força Maior". As auditorias remotas podem também ser úteis para reduzir os custos de auditoria e aumentar a eficiência da auditoria.

Actividades de uma auditoria remota:

• Garantir que, quer auditores quer auditados usam os protocolos de acesso remoto acordados, incluindo dispositivos solicitados e software etc;
• Se forem feitos print screens de qualquer tipo de documento, há que pedir permissão com antecedência e considerar questões de confidencialidade e segurança
• Evitar registar indivíduos sem a sua permissão;
• Se ocorrer um incidente durante o acesso remoto, o líder da equipa de auditoria deve rever a situação; com o auditado e, se necessário, com o cliente da auditoria e chegar a um acordo sobre se o a auditoria deve ser interrompida, reagendada ou continuada;
• Usar plantas / diagramas de localização remota para referência;
• Manter o respeito pela privacidade durante as paragens da auditoria.

O meu conselho para os auditores internos é o de começar a praticar auditorias remotas para testar diferentes abordagens, testar diferentes tecnologias, aprender a responder a novos riscos:

• O equipamento de comunicação falha ou não é confiável;
• O acesso à Internet falha ou não é confiável;
• Segurança na Internet - confidencialidade e integridade das informações;
• Os auditados não seguem os horários agendados das reuniões;
• Os auditados saem constantemente das reuniões agendadas para tratar de outros assuntos;
• O auditor aceita evidências de auditoria que não são objetivas nem aleatórias;
• A maior ou menor capacidade do representante do auditado no uso de tecnologia para que o auditor circule pela organização e entreviste auditados.