By: Dr. Shaul Yanai, SQA Associate

SOX (the Sarbanes-Oxley Act) was the regulators’ response to the WorldCom, Enron and similar fiascoes. Are we going to see more regulations after the worldwide economic chaos, which follows some managerial disasters of the last decade? Many works will emerge from the present crisis, mostly in financial and economical concepts.

As quality people, involved in implementation and verification of Quality Management principles into businesses, we have to self-assess our ways of selling quality. If quality is related to performance and enhancing customer satisfaction, if applying a process approach concept to auditing means verification of streamlined core-business processes, how do we look at the present crisis? Can the quality management standards help in providing preventive means to protect a company’s stakeholder interests?

Apparently, the answer is NO! However, on a second thought we may expect some kind of inoculation, by modification of the standard scope. ISO 9001:2008 emphasizes fulfillment of “statutory and regulatory requirements”, but it narrows the perspective to effectiveness of achieving an organization’s “product”. For overall performance, efficiency and sustainability one has to address the ISO 9004:2008 standard, which is a non-auditable prescription.

Standards for organizations that must ensure food-safety (e.g. ISO 22000, BRC Global, IFS, Global GAP), require implementation of a systematic process of risk assessment. The HACCP methodology is the cornerstone for this industry. Environmental and Hygiene & Safety management systems adopt a similar approach. In many companies those management systems are considered jointly, for the process of certification. Auditors of certification bodies perform these joint audits, without asking why the risk assessment processes are not part of the managerial tools, for all processes of the business.

It seems that the TC 176 committee should reconsider the scope of the generic standard. Times are changing and questions will be raised on the added value of the standard. In order to stay relevant, the standard has to “look” inside companies, the way their processes are designed and implemented. The purpose should be to provide confidence to interested parties in regard to internal processes that ensure verified and validated outcomes.

Introduction of risk assessment processes should be a must of the generic standard. Managers are not going to like it, but don’t we want them to be much more “quality oriented”? Much more involved? Wouldn’t the customers want to be sure that the organization responses are an outcome of a rational process for identification, analysis and evaluation of risks process?

Sustainable standards need a genuine process and business orientation. The verification requires auditors that understand management processes, ones that know how to interpret a business report and ask the right questions. Adoption of this kind of approach may be the real contribution of the quality people to today’s crisis.