More praise for clerical staff (or, Why the fox should not watch the henhouse)

Who should manage your Engineering Change Order process? Should that be ... umm ... Engineering, based on the name? Bzzzzzt! No, sorry, thank you for playing. It was a trick question.

Last summer I wrote about why companies need clerical support staff, to offload activities that add comparatively low value from highly-compensated employees so that they are free to do the work for which they are so well paid. Using engineers as an example, I wrote:

[W]ho is supposed to fill out the forms if not the affected personnel? Who but the design engineers can possibly ... fill out Engineering Change Orders?

Let me draw a distinction:

• On the one hand, the detailed technical information has to come from the technical experts -- for example, the design engineers. No-one else can possibly provide it.
• On the other hand the typing can be done by someone else. The metadata can be filled in by someone else. The routine information that is nonetheless required can all be added by someone else.

And that way the design engineers can focus on the work that no-one else in the company can possibly do.

The argument is fine as far as it goes, but I left out one important part. The Engineering Change process – and you can generalize this to other kinds of paperwork – is too important to the company to be left in the hands of the engineers. 

A few nights ago, I had dinner with a friend of many years. We used to work together but he's at another company now, managing their Quality department. He said he had been there about a year before he realized that in all that time he hadn't been asked to approve a single ECO. He asked his people, and none of them were approving ECO's either. Why not? After a little digging, he found that Engineering managed the ECO process; and whenever a new ECO had to be approved the responsible design engineer just copied the list of approvers from the last one. Apparently Quality had been dropped off somehow, years ago, and this copy-paste approach to identifying approvers meant they were never added back on.

My friend made a fuss, and sure enough he was added to the approval cycle for the very next ECO. He reviewed it, and sent it back to the design engineer after identifying a few issues that had to be corrected. So the design engineer deleted my friend's name and replaced it with the name of the most junior guy in the Quality department – presumably someone who would approve it without quibbling.

The story turned out all right in the end. My friend talked to the engineer and resolved whatever the issue was. But it still bothered me, because every step of that story was absolutely predictable.

Of course the Engineering department wasn't focused on keeping the list of approvers up to date. And of course any individual engineer would try to get his change approved as quickly as possible, with a minimum of fuss or delay, and wouldn't worry about the (seemingly extraneous) fretting of some other department. Those things aren't the job of Engineering! The job of Engineering is to create designs subject to requirements, not to manage or equilibrate the impact of those designs across the rest of the company. And that is exactly why Engineering provides critical inputs into the Engineering Change process but should never own it or manage it.

Who, then? Some other department, someone used to managing process. I suppose you could offer the responsibility to Project Management (if that's a separate department for you), or to Quality. But you could also offer the responsibility to a documentation group, along with the responsibility to fill in all the boring metadata on the ECO – metadata that is critical to those groups downstream who are trying to implement the change (Purchasing, Manufacturing, and others) but that is more or less incidental to the engineers themselves. In fact, if you offer to take the burden of seemingly mindless paperwork off their hands, I bet most Engineering departments would gladly give up authority over the approval process in exchange. That's a trade that benefits everyone.

Is there a general rule here? Probably, though it's a little hard to formalize. But every department has activities that affect the rest of the company, even if they look mostly internal. When you're dealing with activities like that, you have to manage them that way. And that is one strong reason why any company larger than the "three-friends-in-a-garage" model needs support or system functions that stand to one side of the core processes and enable them to work.     

       

How to work from home

I keep seeing articles that claim work-from-home is here to stay. But if that's true, we should figure out how to institutionalize it. We should figure out how to build it into our management systems.

When I google "work from home checklists," I see lots of them out there. So far the ones I've looked at seem to be about how to set up your space at home, how to keep your kids and your dog from interrupting you, how to keep yourself on-task instead of on YouTube, how not to spend all your time eating snack food ... things like that. And of course those are all important topics.

But so far I haven't seen any checklists that ask if you have actually coordinated your work-from-home with your business's systems and processes, or whether those systems and processes can continue to support you. I haven't seen any that ask you to think about the risks of working from home, even though I assume that both employees and supervisors have their heads full of risks that they worry about every day.

So I decided to give it a try.

On my Downloads page, you can find two checklists: 

• WFH_organizational-planning
• WFH_employee-readiness

The first checklist, as you might guess, is for an organization planning a work-from-home program. The intent is to cover all ways that such a program might affect a company's Quality Management System, so there are no unpleasant surprises where your external auditor thinks you sent everyone home without checking for risks, or for an impact on stakeholders.

The second checklist is for the individual employee. It's all very well for your company to be prepared to send you home to work, but are you prepared? Do you have a desk you can use? Do you have the equipment you need? Are you going to have to do something new for time-tracking? And so on.

Both these checklists sit at a very high level: you may need to attach other documents to spell out the details. But the details will differ for every organization. My goal is to cover all topics in breadth, but to leave the depth to you.

Also, both checklists are built around the ISO 9001 standard. That's not just a failure of imagination on my part, but a test. ISO 9001, after all, claims to model how any organization's management system ought to run. But that should mean that any model built on it is complete. In particular, if I write these work-from-home checklists based on the clauses of ISO 9001, I should have covered everything that has to be covered. If you find something important missing, then either I goofed or there is a hole in ISO 9001.

So download these checklists. Please. Look them over and try them out. 

And then send me your feedback. Tell me what's missing, or what's wrong, or what's awkward.

And if you find them useful, please tell me that too. Thanks!

           

Rethinking the case of universities

A couple of weeks ago, I discussed the question whether it makes any sense to certify a university to ISO 9001. More exactly, the original context of the discussion was the question whether ISO 9001 certification could replace academic accreditation. To that narrow question I finally answered No, but I left open the possibility that ISO 9001 might have some residual utility in organizing a university's activities.

Several people commented on the post (mostly through LinkedIn), but the most detailed response came from Rasha Alkabbanie (see her LinkedIn profile here), a Lecturer in the Faculty of Engineering of Tishk International University in Erbil, Iraq, who has studied – and published on! – the applicability of ISO 9001 to university operations. Besides sharing her expertise in an extensive comment, Ms. Alkabbanie linked to an article she published in June 2020, where she compared ISO 9001:2015 with other guidelines for institutions of higher learning. In particular, she focused her comparison on a set of international standards published as the Standards and Guidelines for Quality Assurance in the European Higher Education Area (ESG), (Brussels, Belgium, 2015), or "ESG 2015" for short.

The argument in Ms. Alkabbanie's paper, "ESG 2015 vs. ISO 9001:2015 Regarding Stakeholders," turns implicitly on a subtle point which I failed to consider in my own blog post. This point is that a university, like any other organization (and particularly any other large-scale organization) has to have some kind of Quality Management System underlying its operations. 

• This system does not necessarily have to be called a QMS, though clearly sometimes it is; ESG 2015, for example, makes extensive use of "quality assurance" terminology. 
• It is even possible (I suppose) that some institution might not recognize that they have such a system in place, thinking of it simply as "the way we've always done things" without taking a step back to see how all of "the things we do" fit together as a coherent system when you see the picture whole.
• But what is not possible is that an underlying QMS actually fails to exist. A QMS, after all, is just the basic organizational framework of roles and responsibilities, and of activities and controls, that allows the institution to get things done. If a university – or any organization – can keep its doors open, then one way or another it has some kind of (formal or informal) QMS.

And as soon as you recognize that a university has to have some kind of QMS, you see how ISO 9001 could apply (subject as always to my qualifications in last week's post). But please note: this does not mean that ISO 9001 can take the place of accreditation. It can never do that, because accreditation imposes specific content-based requirements related to subject-matter expertise; or to professional qualification; or to expectations from regional, national, or international bodies. These content-based requirements can never be subsumed under a generic management system standard, in the same way that every industry has its own specialized requirements not shared by others. We all know that restaurants, and electronics manufacturers, and trucking companies can all implement ISO 9001, but each one has industry-specific requirements that the others don't. In the field of education, accreditation requirements play the same role.

But in order to meet these requirements, the university has to have some kind of system for meeting requirements in general; and that system can be judged by an external standard. Pick whichever standard you like: for example, you might choose ESG 2015, or you might choose ISO 9001. And here we come to the heart of Ms. Alkabbanie's research: comparing these two. Her conclusion is that ISO 9001 is a more demanding standard than ESG 2015, because it is more comprehensive. In particular, her analysis shows that ESG 2015 is somehow a subset of ISO 9001: every requirement in ESG 2015 is matched by a requirement in ISO 9001, but the reverse is not true. There are requirements in ISO 9001 that ESG 2015 never dreams of.

Perhaps I should add that there are other applicable standards you could choose from, besides these two. ISO 21001, for example, is specifically a standard for "Management systems for educational organizations." It resembles ISO 9001 very closely, adding a number of topics that are specific to educational institutions: for example, admissions criteria, grading of student work, and policies for special-needs students. But then in the supplemental material at the end, in Annex F, ISO 21001:2018 provides a comparison between its own requirements and those of yet another standard, in this case the European Quality Assurance Framework for Vocational Education and Training (EQAVET). (As a confirmation that every educational institution has to have some kind of QMS, the EQAVET web page – just like ESG 2015 – makes heavy use of "quality assurance" terminology. It also deploys a version of the Plan-Do-Check-Act cycle.)

So that's the relevance of ISO 9001 to universities: as an enabler of accreditation, not a replacement or substitute for it. And I am very grateful to Ms. Alkabbanie for her detailed comments, and for her willingness to share the results of her research, all of which helped me better understand this point.

        

Is ISO 9001 really worth it?

At the very end of my last post, I talked about the possibility that an organization (in that case, a university) might seek to apply ISO 9001 for the sake of intrinsic benefits: not because anyone required it, but for its own sake. But is that possible? Are there any intrinsic benefits to ISO 9001, benefits other than getting a certificate because your customers demand it? Often I get the same question posed in slightly different words: "Is ISO 9001 certification really worth all that time, effort, and money? Where's the payback?" 

Of course there is nothing magic about certification. An ISO 9001 certificate won't guarantee success, and it doesn't prove that your products and services are any good; at best it attests that you have systems in place to react when they are bad, and to improve over time. Likewise, as I have said before, there is nothing magic about following any system blindly; the rules are at best just techniques to help you get the right results, but you still have to know what you are doing and to care about it. With all that in mind, is ISO 9001 really worth it?

It's a fair question. ISO 9001 really does require a certain amount of time, effort, and money to implement, and no business should have to spend those without a reason. But the answer starts by pointing out that it is really two questions.

The first question is whether it is worth the time and effort to run your company in the way it would have to be run so that you could be certified any time you choose. This means doing all the things that the ISO 9001 standard requires: identifying your interested parties, their needs, and your risks; and then implementing accountability and control, process and review, conscious decision and continuous improvement. And the answer to this question is that every organization benefits from these things, so this part is always worth it.

As an aside, a month or two ago I saw this point picked up in an article in Quality Digest, called "Quality 2022: Two Big Changes Ahead." The author argues precisely that Quality can be a profit center, or at any rate a value-adding activity. He writes:

... rather than using ISO 9001 as a compliance tool, we’re seeing it embraced as a strategy for business excellence. Some fearless quality teams are asking: “Why should we deal with ‘risk management?’ Why don’t we focus on risk avoidance? Why can’t our processes be set up to completely sidestep risk altogether? Why do we have the equivalent of a line item in our consumer products division’s product liability budget to cover the cost of killing two people annually? Let’s not have to plan for that! Let’s make very sure we don’t.”

When you start thinking about risk avoidance that results in not just saving, but creating piles of money, you in fact are thinking of quality as a profit center.

The second question is whether it is worth the money to get formal certification: this means paying for an external auditor to look you over and write a report, and then it means paying a certification body to act on that report so you can get your certificate. These costs are not prohibitive, but they are certainly not trivial. And the answer to this question is that while every company benefits from doing things well, not every company benefits from having a certificate to hang on the wall attesting that they do things well. If having this certificate will bring you more new business than it costs you to get it — because more new customers will be willing to trust you, or because your major existing customers have announced that all their suppliers must henceforth be ISO 9001 certified — then it is worth the money to get the certificate. If not, not.

      

Can you certify a university to ISO 9001?

Years ago, back when I took my first Lead Auditor training class, the instructor started by giving us a little history of the development of the ISO 9001 standard. He explained that it had started as an attempt to unify the various national Quality standards that governments had put in place a generation before, to standardize their procurement activities during World War Two. And he went on to say that over time the standard had gained an ever-wider acceptance. As an example, he remarked that some American universities (he named no names) had recently chosen to seek ISO 9001 certification instead of more traditional forms of academic accreditation.

During the break I asked him about this.

Me: You said that some universities are seeking ISO 9001 certification instead of accreditation, but how is it possible to certify a university?

Instructor: The same way you certify any other organization.

Me: But that can't be. The ISO 9001 standard is based on the concept of customer satisfaction. Who is the customer for a university?

Instructor: The students, of course.

Me: The students aren't customers. The students are the product!

This conversation didn't get very far.

But was I wrong? Narrowly speaking, even on my own terms, yes I was. I should have said that students were the raw materials, and that graduates were the product. But who is the customer? That answer is more elusive. 

The people who pay the bills are most often the students' parents. To be sure, sometimes some or all of the expenses are covered by other entities, including the federal government (through measures like the G.I. Bill) or the universities themselves (through scholarships or financial aid awards).

Do those who pay the bills also enjoy the benefits? Only indirectly. 

• The most direct beneficiaries of higher education are, indeed, the graduates themselves, even though I have also identified them as the products. 
• The next-most direct beneficiaries are probably their future employers, who benefit from hiring an educated labor force and who (for the most part) pay nothing at all into the educational process.* 
• Parents, who pay most of the bills, get the benefit of seeing their children graduate (if you call that a benefit); in principle this should also mean that their children do better financially than they would otherwise have done in life, and that the children are therefore less likely to depend on their parents for financial support as adults.** 
• Other entities who contribute towards educational costs presumably get something out of it, but again the benefit is indirect: when the federal government contributes money to educate military veterans, it supports the well-being of those veterans in reward for their service;*** when a university awards scholarships or financial aid, it enables students of modest means to attend when they otherwise could not, thus enhancing the overall diversity of the student body.
• There is also an idea that society-at-large benefits from having a more-educated population. Partly the supposition is that the educated should have more options in life than the uneducated and should therefore be less likely to turn to crime out of financial desperation.** Partly it may be thought that there are less tangible benefits as well. But in any event, the benefits that accrue to society from education are at best very indirect, and there is no financial contribution from society at all (unless you count taxes).

In short, it's not easy to identify who exactly counts as the customer for universities. Does this matter? Not really. Not any more.

While the most recent (2015) edition of the ISO 9001 standard still insists that it applies "when an organization ... aims to enhance customer satisfaction" [ISO 9001:2015, 1(b)], it also introduces the concept of "interested parties." There is in fact a general statement that "the concept of interested parties extends beyond a focus solely on the customer. It is important to consider all relevant interested parties." [ISO 9000:2015, 2.2.4.] And this expansion of scope dissolves all the complexities involved in identifying a university's customer, because all the parties named above are interested parties: students, employers, parents, governments, universities, and yes, society as a whole. If a university were to document the complete Context of its Organization, all of them would show up on the list along with their respective needs and expectations. And the university could then take all these into account in establishing its Quality Management System and defining its program.

So does that mean that my instructor was right after all? Can a university forego traditional accreditation and pursue ISO 9001 certification instead? Not so fast.

Of course a university can do whatever it likes in this regard. It's a free country. But there is an important difference between traditional academic accreditation and ISO 9001 certification. Traditional accreditation measures an institution against standards that are external to the institution itself; but ISO 9001 requires the organization itself to determine the scope and content of its own QMS [ISO 9001:2015, 4.3-4.4 et seq.]. So in principle a university could keep its ISO 9001 certification while operating in a way that would cause it to lose accreditation in a heartbeat.

But isn't this a spurious objection? Commercial companies could do the same thing, and maybe some do; but the majority don't. Commercial companies recognize that their reputations among customers are valuable, and so they count a reputation for high-quality products and services — along with fair and honest business practices — among the "needs and expectations" of their interested parties. Wouldn't any responsible university do the same? Why not count the accreditation authorities among their interested parties, in order to force themselves to meet those external standards along with other requirements? Surely that's no different from having to meet legal or regulatory requirements, which are likewise external to the organization.

Of course that's true. But if a university counts the accreditation authorities among its interested parties, then it hasn't given up on accreditation after all. The original assertion was about universities giving up on accreditation because they found ISO 9001 certification more valuable; but the argument in the previous paragraph seems to say that any university that wants ISO 9001 certification can (and perhaps should) nonetheless safeguard its reputation by keeping accreditation.

And in that case, why should the university seek ISO 9001 certification? What's the point?

Of course they might find it useful on its own, as a tool for organizing their operations and driving improvements. And in that case, by all means they should push ahead and let nothing get in their way. But unless and until some other, equivalent external standard emerges, I don't see any way that ISO 9001 can possibly replace academic accreditation for a university.        

__________

* Of course there is room to argue that employers might pay higher wages to educated employees than to uneducated ones, and that the extra wages help pay back student loans owed by recent graduates. And of course employers pay taxes, which support government expenditures that include (among many other things) a certain level of expense for education. But in any event the contribution of employers towards the cost of education is very indirect, and nothing like in proportion to the advantage they receive from it.

** There is currently some level of debate in the United States over how far these theoretical benefits are borne out in practice today, but that's not my topic here.

*** The government might benefit in other ways as well.