25 October DEMYSTIFYING ISO MANAGEMENT SYSTEM STANDARDS AND RELATED GUIDELINES (2019-10-25) October 25, 2019 General, Integrated Management Systems, ISO Standards ISO 37000, iso management system standards, ISO Standards, Stephen Simmonds By Stephen Simmonds (Independent Lead Consultant - Integrated Management Systems: CGF Research Institute) and peer reviewed by Terrance M. Booysen (Director: CGF Research Institute) The number of management systems has risen dramatically in recent years, reflecting the increasing governance demands being placed on more and more organisations and their boards, and especially so in the wake of a myriad of governance scandals and corporate collapses locally and abroad. Indeed, as organisational stakeholders become more informed of business best practices and codes of governance such as King IV™ -- which require organisations to report upon their 6-capitals -- it comes as no surprise that improving the organisation’s performance across a wide range of areas becomes a critical imperative for the organisation’s overall sustainability. The challenge many organisations have today is that most of them have more than one management system and these are often duplicated, redundant or inadequate which ultimately affects the organisation’s performance and resilience. In the same way there are many different types of ISO management system standards and related guidelines that have been developed to suit different business sectors. These standards apply to product or service quality, operational efficiency, environmental performance, health and safety in the workplace and many more. The benefits of applying these standards within an organisation include: more efficient use of resources and improved financial performance; improved risk management practices; increased protection of people and the environment; increased capability to deliver consistent and improved services and products, thereby increasing value to customers and vested stakeholders, and greater stakeholder assurance that the organisation is being properly governed. To demystify how all these standards, relate to one another, it is important that organisational leadership -- namely the board and its executive -- understand the inter-connectedness of these standards, moreover that they also support the principles of many codes of governance adopted across the world. In the illustration, the four (4) quadrants set out some of the ISO (International Standards Organisation) documents and their relevance to the organisation’s management systems. Indeed, the overall standard that covers the actual governing of the organisation and its collective management systems, will be covered by the imminent ISO 37000, which is expected to provide guidelines for governing the organisation as a whole. It is anticipated that ISO 37000 will provide the key principles, relevant practices and a governance framework to assist the organisation’s leadership to direct and control the activities required in the business. In this regard, ISO 37000 is also expected to provide clear guidelines pertaining to the accountability of the board, including management’s responsibilities such that they are adequately equipped to fulfil their purpose and fiduciary duties. Quadrant 1 in the illustration refers to generic ISO management system standards examples that give requirements (or guidance) to assist organisations to manage their policies and processes in order to achieve specific objectives. Example standards shown in this quadrant are those which organisations can adopt and once implemented, they will make use of an ISO-approved certification body to verify, audit and certify the organisation’s compliance with the applied standard. Each one of the management system standards shown in this quadrant -- namely ISO 9001, ISO 14001 and ISO 27001 -- have their own family of standards, but the management system standard is the only one in each family that is certifiable. As an example to understand what a “family” (sometimes known as a series) is, in the context of ISO standards, we can use ISO 9001 as an example. There are three (3) other standards that together with ISO 9001, form a family. They are: ISO 9000: Quality Management Systems - Fundamentals and Vocabulary (definitions) ISO 9004: Quality Management - Quality of an Organisation - Guidance to Achieve Sustained Success (continuous improvement) ISO 19011: Guidelines for Auditing Management Systems These additional standards provide guidance and direction that assist in the effective implementation of an ISO 9001 management system. Their importance cannot be understated by management responsible for implementing an ISO management system. Quadrant 2 refers to some of the sector specific management system standards. Sector-specific standards are requirements developed by a particular industry to address their specific needs. These standards are used in the main by subject matter experts that are part of the management system implementation team and provide specific knowledge and experience that is utilised in the design of the content of a generic management system. Quadrant 3 refers to ISO management system related example standards that provide further guidance on specific aspects of the management system, the standard itself and various support techniques. ISO 10013 provides guidelines issued by those persons responsible for the development and maintenance of the documentation necessary to ensure an effective quality management system, tailored to the specific needs of the organisation. The use of these guidelines will aid in establishing a documented system as required by the applicable quality management system standard. This standard can be used to document management systems other than that of the ISO 9000 family, for example environmental management systems and safety management systems. The other examples are related to guidelines for the auditing of management systems. These documents provide guidance on auditing management systems, including the principles of auditing, managing an audit programme and conducting management system audits, as well as guidance on the evaluation of the competence of individuals involved in the management system audit process. These activities include the individual(s) managing the audit programme, auditors and audit teams. Quadrant 4 refers to some of the ISO management standards that -- although specific -- have a broad impact on the management system and should be known and understood by leadership and senior management. The ISO 26000 guideline on social responsibility provides guidance on the underlying principles of social responsibility, moreover, recognising the importance and value of engaging the organisation’s stakeholders pertaining the organisation’s social responsibility programme. The standard furthermore emphasises the importance of results and improvements in performance on the organisation’s social responsibility programme. ISO 26000 can be used with most generic standards where social responsibility should be recognised along with stakeholder identification and engagement. ISO 31000 provides the organisation with guidelines for managing its risks. The purpose of the risk management framework within ISO 31000 is to assist organisations in integrating risk management into significant activities and functions. The effectiveness of risk management will depend on its integration into the governance structures of the organisation, including decision-making. This requires support from the organisation’s key stakeholders, particularly top management. ISO 31000 can be used with most generic standards where risk-based thinking needs to be part of the management culture and the treatment of risk managed in a planned manner. In conclusion, the involvement of the organisation’s leadership -- as part of the implementation of management systems -- is key to its success as they establish unity of purpose and direction of the organisation. They should create and maintain the internal environment in which people can become fully involved in achieving the organisation’s objectives. Applying the ISO standards as outlined in this article, amongst others, will assist the organisation’s leadership to ensure that: people will understand, and be motivated towards the organisation’s goals and objectives; activities are evaluated, aligned and implemented in a unified way; miscommunication between different levels of an organisation will be minimised; a clear vision and purpose of the organisation’s future is established and entrenched; challenging goals and targets are set; shared values, fairness and ethical role models are established at all levels of the organisation; trust is established and fear that paralyses required actions is eliminated; people are provided with the required resources, training and freedom to act with responsibility and accountability; and people are inspired, encouraged and their contributions to the organisation are recognised. ENDS Words: 1,292 For further information contact: CGF Research Institute (Pty) Ltd Stephen Simmonds (Independent Lead Consultant) Tel: +27 (0)11 476 8264 / Cell: +27 (0)82 881 9389 E-mail: email@example.com Web: www.cgfresearch.co.za CGF Research Institute (Pty) Ltd Terrance M. Booysen (Director) Tel: +27 (0)11 476 8264 | Cell: +27 (0)82 373 2249 E-mail: firstname.lastname@example.org Web: www.cgfresearch.co.za Follow CGF on Twitter: @CGFResearch Click below to read more... Attached Files 20191025-Demystifying-ISO-Management-System-Requirements-and-Guidelines.pdf 302.25 KB Related Articles TANGIBLE BENEFITS OF A CORPORATE GOVERNANCE FRAMEWORK® Article by Jene’ Palmer Forward-thinking organisations have realised that corporate governance does not merely fall into the portfolio of the Company Secretary. Indeed, the draft King IV Report on Corporate Governance for South Africa 2016 (‘King IV’), describes corporate governance as “the exercise of ethical and effective leadership by the governing body” of an organisation. Why then is corporate governance still viewed by many organisations as a process which increases bureaucracy and drives a ‘tick box’ exercise? Perhaps the explanation lies in not understanding and appreciating the value which can be unlocked by implementing a purpose-built Corporate Governance Framework® which is tailored to the organisation. Empirical research supports the fact that good corporate governance translates into tangible and sustainable benefits for the organisation. Some of these benefits are set out below. DO YOU REALLY NEED A CORPORATE GOVERNANCE FRAMEWORK®? By Jene’ Palmer and reviewed by Terrance M. Booysen We know that both local and international organisations are continuously having to adapt to operate in uncertain business environments. Locally, the release of the Preferential Procurement Regulations 2017, which places stronger emphasis on ‘radical transformation’, against the backdrop of persisting low economic growth rates are only some of the elements giving rise to further uncertainty. Internationally, the business and regulatory implications of the election of President Donald Trump and the vote in favour of Brexit and how these events will impact on local markets and businesses, is still unfolding. It therefore comes as no surprise that recent governance, risk and compliance (‘GRC’) surveys all indicate an increasing need to improve risk oversight and to balance opportunity management with risk management. The challenge lies in being able to achieve these objectives! BOARDS THAT CREATE VALUE: CORPORATE GOVERNANCE FRAMEWORK® By Jene’ Palmer and reviewed by Terrance M. Booysen It has been painful to watch the likes of Lance Armstrong, Mike Tyson and Hansie Cronje sabotage their futures through poor decision-making. Similarly, many organisations and their boards have failed to demonstrate strong and responsible leadership qualities to motivate and drive their organisations to success. Awareness, decisiveness and accountability are some of the business leadership qualities required to achieve remarkable performances. The ‘buck’ stops with the board of directors and it is the board of directors who are ultimately held accountable for the success of the organisation. However, with the business landscape changing at an accelerating rate, risk management and decisive decision-making are becoming more challenging and business failures more prominent. A recent Harvard Business Review reports the failure rate for mergers and acquisitions to be between 70% and 90%. According to the United States Small Business Administration, only 44% of new businesses are still in existence after four years. Against this backdrop, how does a board create a sustainable organisation in what are clearly turbulent times? SUSTAINABILITY DEPENDS ON A STRONG GOVERNANCE FRAMEWORK Article by Terrance M. Booysen Corporate governance is one of the key elements many investors consider when they reflect upon the organisation’s success, as well as when deciding upon their investment choices. But when the organisation’s governance system shows signs of stress or failure, not only do astute investors understand the unsettling impact it has upon the organsation’s supply chain, they also become wary about its sustainability which may give rise to them re-considering to ‘weather the storm’ or ‘bail out’ so to speak. Over the years so much has been written about failures of corporate governance within organisations, including the financial, social and political consequences which are typically found in its trail. Yet in spite of numerous regulation to improve the overall conduct of organisations, including the various King Codes of Corporate Governance written in South Africa, even more organisations are becoming affected by poor governance. COMBINED ASSURANCE: IS YOUR ORGANISATION ADEQUATELY ASSURED? (2019-10-01) If we have both internal and external auditors, we have combined assurance, right? Wrong! For the board of directors to claim that they have discharged their obligations to implement a Combined Assurance Model requires much more than just the appointment of internal and external auditors. INTERNAL AUDIT REQUIRE GREATER REPRESENTATION ON THE BOARD (2019-08-05) A plethora of corporate governance codes has been written across the world, and in spite of their recommendations which inter alia seek to protect stakeholder interests and shareholder value, many governance failures and organisational collapses continue seemingly unabated. Comments are closed.