When doctors go bad

What do you do when doctors go bad?

Of course it happens. Doctors are human beings, and they have the same faults as other human beings. They can be rude, short-tempered, and hard to work with. They can make enemies in the workplace. They can make mistakes with patient care, and sometimes those mistakes are serious. Some doctors commit sexual harrassment. Some doctors are addicted to alcohol or other drugs. All these things happen. But what can anyone—a clinic, a hospital, or the profession at large—do about it?

Is it a Quality problem?

In a sense this sounds like a Quality problem. Certainly when a doctor goes bad, his patients (and colleagues) aren't "getting what they want." But in the same breath we have to admit that it is a very unusual kind of Quality problem!

• As noted, doctors are human beings; and we don't know nearly as much about human behavior as we do about machines. So while a machine may require no more than simple adjustment to correct its behavior, humans are more complicated.
• In fact, humans have free will, and therefore cannot be simply adjusted the way a machine can. So if a doctor is behaving badly, we have to get his consent before we can expect him to behave any better.
• Why do we need his consent?
• Partly to respect his innate human dignity, that he is free and not a slave.
• And partly because if he does not consent, he or his friends may take steps to frustrate the changes we want him to make.¹ 
• There may also be barriers of an organizational kind.² 
• Complainants might fear legal or organizational retribution.
• The offending doctor might be sufficiently valuable to the organization that management takes his side in a complaint.
• The delay built into processing a complaint might give the offending doctor time to build alliances, and might contribute to a sense in the workplace that the offending behavior is considered "normal."

What has been done so far?

"Disruptive behavior" by doctors is not new. I found one article that surveyed the relevant literature, all the way back to a news item in the New York Times from June 20, 1875.³ But it seems that systemic responses are a comparatively recent development. Back in the late 1970's Dr. Kent Neff, a psychiatrist working in Portland, Oregon, chaired a committee created by the Oregon Medical Association to address concerns about alcoholism among doctors working in hospitals. In 1994, he used the lessons learned from this committee to take charge of the Professional Assessment Program at Abbott Northwestern Hospital in Minneapolis, a program to help hospitals and medical groups with troubled doctors.⁴ Neff has continued to champion this topic in the years since then, as have others of course. In 2012, he prepared a presentation⁵ for The Foundation for Medical Excellence, summarizing the research and practical steps that had been taken at that time. And over the last two decades (at least in the United States), the medical community has been making progress on this front.

Why is it happening only now? I don't know. Studies suggest that disruptive physician behavior (DPB) is not uncommon,⁶ and it is obviously detrimental both to the workplace and to patient outcomes. And yet it seems that even during a century when medicine became ever more professionalized, this topic was overlooked or brushed to the side. According to one study, part of the problem is that there are at least 207 different terms used to describe DPB, so that systematic literature searches are prohibitively difficult. It is possible that this question belongs in a history of medicine, and not in a Quality blog. In any event, the topic of how to respond to DPB is alive today.  

Can we approach this as a Quality problem?

Actually, yes! That's more or less the approach that has been taken. After what I said above about how unusual a Quality problem this is, you might be skeptical. On the other hand, remember that I have characterized the 8D process as "a way to apply the scientific method to solving your organization's problems." And in fact, it turns out to be general enough that we can apply it here too.

So, for any medical organization (hospital, clinic, or other medical provider) to innoculate itself against DPB, the steps look something like this:

Ground rule: Don't blame individuals

• Neff's research is absolutely clear that disruptive physicians are often good doctors (at least potentially) who are caught in a maladaptive system. He insists that the process must be respectful, confidential, and based on objective data. All of these provisions are critical parts of getting the consent of the affected physicians to the new culture that you plan to implement.

D1: Name a team

• Because the solution involves a system-level approach, there will have to be a team to implement it.
• More critically, the team has to include top management, because the work needs their support. They are the only ones who can break down the organizational barriers that might stand in the way. Therefore the administration must clearly understand the cost—in dollars!—that DPB drains from the business every year in operational friction, on top of the risk of huge damages in case of patient harm. And remember—when I reviewed the Quality culture of the Mayo Clinic two years ago, one of my findings was that their "whole Quality initiative had unflinching management support over the long haul."    

D2: State the problem

• Spell out clearly what exactly constitutes unacceptable behavior, and also what constitutes acceptable behavior. It sounds extreme, but there are some physicians who have never had these things articulated for them.
• As Peisah et al. state: "How can those who lack internal loci of control or appropriate social and behavioural skills (for whatever reason), behave appropriately if nobody has articulated what behaviour is expected of them, or the consequences of such behaviour?"

D3: Contain the problem

• Every organization will do what it must to keep the doors open while working this topic.

D4: Find the root cause

• A lot of research has already been done on this question, and mostly the root causes aren't different from one organization to the next. Among the common characteristics of doctors who exhibit DPB are:
• High intelligence but poor emotional or social skills.
• A history of suffering emotional neglect or abuse. 
• A maladaptive personality.⁷ (Naturally some of these features interrelate.)
• Genuine psychiatric disorders (e.g., depression).
• "Life in the fast lane."
• Medical illness.
• That having been said, it's still early days. Peisah et al. lament that "much of the abundant literature pertaining to DPB is theoretical, with little empirical investigation."
• This is a long list of causes. There does not appear to be a single root cause that can be proven responsible because turning it on and off turns the effect on and off like a light switch. But Peisah et al. argue, "We make this complicated because it is, and because ironically, the more contributors to the problem, the more there are potential targets for remediation, again justifying our position of hope."

D5: Brainstorm possible corrective actions

• Mostly not needed, because some well-defined corrective actions already exist.

D6: Implement corrective actions

• Staff education and training. Identify champions within the staff for the new culture.
• Write policies and procedures to define a consistent reporting and review process supported by audits of adherence.
• Access to support for physical and mental health, and to interventions when necessary.

D7: Assess risks and learn lessons

• Reflect on how the system attracts and fuels bad behavior.
• Institutionalize the new culture through constant repetition. Again, remember our earlier consideration of the Mayo Clinic. In fact, the literature on DPB highlights the Mayo Clinic in particular as an organization where this kind of cultural change has been successful.⁸  

D8: Close the 8D and thank the team

• It's hard to go wrong with pizza.

Of course there are subtleties that are specific to medical care. And clearly there is a whole literature addressing this topic with only the thinnest connection to the Quality discipline.

But I find it reassuring that the basic techniques of Quality can be made to fit this kind of problem too, unusual though it be. It's another indication that these tools really are as broadly applicable as we have always said they are. So that's nice to know. 

__________

¹ There is an extensive discussion of this risk in Markian Hawryluk, "Doctors under the influence," The Bend Bulletin, Thursday, December 9, 2010. A successful Oregon program for alcoholic doctors, one which guaranteed their confidentiality and emphasized recovery, was replaced by a program with a more punitive focus. The intent was to prioritize justice for patients who had been harmed. The unintended consequence was that doctors stopped volunteering for the program, and also stopped referring their colleagues to it. 

² Citations to professional medical literature will generally be made with a URL. (And when possible, I will direct the URL to the specific relevant section of the article.) But the first time I reference an article, I will give the formal citation as a footnote. For this point, see specifically: Peisah C, Williams B, Hockey P, Lees P, Wright D, Rosenstein A. Pragmatic Systemic Solutions to the Wicked and Persistent Problem of the Unprofessional Disruptive Physician in the Health System. Healthcare (Basel). 2023 Sep 1;11(17):2455. doi: 10.3390/healthcare11172455. PMID: 37685490; PMCID: PMC10487014. I will refer to the authors of this article in the text as "Peisah et al." As for the article's title, Wikipedia defines a "wicked problem" as "a problem that is difficult or impossible to solve because of incomplete, contradictory, and changing requirements that are often difficult to recognize." 

³ Yes, more than a hundred and fifty years ago. That date is not a misprint. The article surveying the literature is: Petrovic MA, Scholl AT. Why We Need a Single Definition of Disruptive Behavior. Cureus. 2018 Mar 18;10(3):e2339. doi: 10.7759/cureus.2339. PMID: 29796352; PMCID: PMC5959733. 

⁴ Atul Gawande, "When Good Doctors Go Bad," New Yorker, July 31, 2000. (Published in the August 7, 2000, print edition.) 

⁵ Kent Neff, "Understanding & Managing Physicians With Disruptive Behavior," The Foundation for Medical Excellence, Organizational Professionalism, October 19, 2012.

⁶ "The data presented show that disruptive behaviors are frequently observed in the daily life of health professionals, and compromise the quality of care, the safety of the patient, and can lead to adverse effects." See: Moreno-Leal P, Leal-Costa C, Díaz-Agea JL, Jiménez-Ruiz I, Ramos-Morcillo AJ, Ruzafa-Martínez M, De Souza Oliveira AC. Disruptive Behavior at Hospitals and Factors Associated to Safer Care: A Systematic Review. Healthcare (Basel). 2021 Dec 23;10(1):19. doi: 10.3390/healthcare10010019. PMID: 35052183; PMCID: PMC8775368. 

⁷ Compare, for example, this article: Bucknall V, Burwaiss S, MacDonald D, Charles K, Clement R. Mirror mirror on the ward, who's the most narcissistic of them all? Pathologic personality traits in health care. CMAJ. 2015 Dec 8;187(18):1359-1363. doi: 10.1503/cmaj.151135. PMID: 26644545; PMCID: PMC4674404. 

⁸ Mueller PS. Incorporating professionalism into medical education: the Mayo Clinic experience. Keio J Med. 2009 Sep;58(3):133-43. doi: 10.2302/kjm.58.133. PMID: 19826207.      

      

The risk is always there

Last Wednesday—a week ago yesterday—I read two stories that had nothing to do with each other, except they somehow breathed the same air. In a funny but uncanny way they echoed each other.

Amazon lays off 16,000 employees

One story was widely reported. On that day, Amazon laid off 16,000 workers ... and notified them by accident. You can find the basic story multiple places around the Internet—for example, here. Discussion on LinkedIn (for example here and here) fleshed out some of the details. In principle it is no surprise these days when a tech giant announces layoffs. What was surprising in this case was precisely that Amazon failed to announce them! The layoffs just kind of happened all by themselves, or so it seemed, and then were referenced off-handedly in other, subsequent emails. Finally there was an official announcement (you can read it here), but only after the damage had been done.  Amazon employees shared their experience on Reddit. [Quotes are mostly as-is, and not edited for grammar or spelling.]

I work in SLU. I went to check on my baby at 2am and got and email at 230 that I've been let go. What a great day.... 

i got a txt saying check your personal email before coming to work; work email was disabled. so yeah, break up over txt. 

I didn't know until I got to Blackfoot at 0530 this morning, and my badge didn't work. Tried to slack my boss, and no slack access. Went to email, no email access. After being escorted out of the lobby, got the email in my personal account that my position was eliminated.

Dam I’m at Blackfoot and had to pack up my coworkers stuff.

Again, what's remarkable about this story is not that thousands of people were laid off, but that the communications were handled so ineptly.

Dorx Communications shuts off one account

The second story was a lot smaller. A blogger I follow was moving from Rhode Island to Maryland, and tried to cancel the Internet service at his old lodgings. John Michael Greer tells the story as follows:

In the process of getting all my Rhode Island utilities shut down and all my Maryland ones switched on, I contacted my former [Internet] provider―to keep the lawyers at bay, let’s call the firm Dorx Communi­cations, shall we? You can get almost any other imaginable service from the Dorx website with a few clicks, but shutting off service is a different matter entirely. You have to go to chat, put up with the maunderings of their clueless robot, and get trans­ferred to a supposedly live agent, who then does everything possible to keep you from doing what you’ve come there to do. I slogged patiently through the process, and finally got the allegedly live person to agree that my service would be shut off on January 30.

The moment the chat ended, my phone and internet access shut down. When I walked three blocks to the local public library to get online and contacted Dorx to inform them politely that they’d made a mistake, I found that my shutoff order had been redated to that day, January 18. What’s more, once I was in my account, I was unable to access the chat function at all. It was a pretty obvious middle finger from the dorks at Dorx.

What do these stories have in common?

Both stories involve companies doing something unpleasant. In each case, the company behaves in ways that look to be at best careless and callous; and in each case it is easy to slide from that (admittedly generous) perspective towards one that evaluates the company's actions as "a pretty obvious middle finger." But I have to disagree with Greer. When he reads Dorx's behavior as hostile, he is forgetting an important principle that the Internet calls Hanlon's Razor.

"Never attribute to malice that which is adequately explained by stupidity."

Stupidity is always a risk. It is especially a risk in the actions of corporations, and even more especially in the actions of large corporations. 

But why?

At the most basic level, stupidity is always a risk because we are all human beings, and human beings make mistakes. That's why there is such a discipline as Quality in the first place—to protect against the inevitability of human failure.

Stupidity is a risk in the actions of corporations because many of the "actions" that corporations take aren't based on the decision of any single individual. Multiple people have to work together, often through business processes, and nobody sees the whole picture. Outcomes are the result of the processes themselves rather than of a concrete decision. And if a process is not very well-designed, it can misfire. This is why John Seddon says that his first step working with a new client is to send top management to the front office to watch a single order come in, and then to track that order through its life-cycle. Invariably they learn that the company's systems actually work very differently from how they are supposed to work! (I discuss the point at greater length in this post here.)

And stupidity is especially a risk in the actions of large corporations because those organizations have disporportionately many employees on the inside, where their only contact is with other employees and they are insulated from customers. This means that they are (overall) more likely to trust their business processes than the employees of small companies, because they have fewer opportunities for disconfirmation or falsification.* If unhappy customers can walk into your store and disrupt your day, you are more likely** to take care to keep them happy regardless what the process tells you to do.

Constant vigilance

Of course, at some level everyone knows all this. As noted, the only reason we have a Quality discipline in the first place is that everyone knows people are fallible. But it is important to understand that the most any Quality system can ever do is to help. No system can ever eliminate the risk of human stupidity.

And even the best system can grow flabby and ineffective over time. In earlier posts, I have cited Amazon as a company that strove to avoid bureaucratization. Back in November 2019, Franklin Foer wrote in The Atlantic that "In contrast to the dysfunction and cynicism that define the times, Amazon is the embodiment of competence, the rare institution that routinely works."*** And yet here was Amazon, just one week ago, laying off 16,000 employees without remembering to let them know! 

"The embodiment of competence"? Well, times change. (For other examples, search this blog site for "Boeing.")

Ultimately the only way to avoid stupid mistakes is through constant vigilance. Quality systems can help. Caring about your work makes a huge difference. Paying attention, following through ... all these things are pretty basic. But they are also frighteningly easy to lose track of.

Constant vigilance.   

_____

* In the sense made famous by Sir Karl Popper. See also, for example, this discussion of bureaucracy, which highlights the connection to size.  

** Of course this is no guarantee. Small companies fail too. 

*** Franklin Foer, "Jeff Bezos's Master Plan," The Atlantic, November 2019, p. 58.      

      

Getting regulatory standards for free

How do you get a copy of a standard?

Let's say you need one for work. You want to check what ISO 14001 says about management review, to make sure you are doing it right. Or you want to know what the American Welding Society says in Z49.1 about "Safety in Welding and Cutting." Where do you find the document?

You could try the organization's website. Some standards (such as Z49.1, in fact) are available for free. But many of them are for sale. So someone—you, or the organization you work for—has to pony up cash to get a copy. 

That's the normal expectation. And the assumption has always been that if you don't want to pay for the standard, no one is forcing you. There's no law that you have to hold management review, after all. If your customers expect it from you—because your customers expect ISO 14001 certification—that's a cost of doing business. And you are free to choose whether it is better to pay for the certification (which includes paying for the standard) or to forego the chance to hang that diploma in your lobby.

But there's a catch. Sometimes there is a legal requirement to comply with one of these standards. And that complicates the calculation.

In what follows, I explain how this came about, and then I tell you how to get the documents you need for FREE. 

How can you be required to follow a "voluntary" standard?

Let's back up a minute. In the United States, many industries operate within guidelines defined by federal regulations. In some industries—the design and manufacture of medical devices is a prime example—those regulations became so numerous that they ended up covering the same scope as the relevant "voluntary" quality standards (in this case, ISO 13485, "Medical devices — Quality management systems — Requirements for regulatory purposes"). 

For a while, medical device companies had to comply to two complete sets of rules, those from the Food and Drug Administration (FDA) and those from ISO. This mandate was awkward, because there is no way that two different sets of rules can ever completely coincide. Finally, the FDA repealed those detailed individual regulations which duplicated the terms of the ISO standard, and replaced them all with a general regulation that medical device companies must comply to ISO 13485. Technically this means that Title 21 of the Code of Federal Regulations now "incorporates ISO 13485 by reference." (The same thing happens in other industries.)

Did that solve the problem?

Yes and no. It clarified the rules for medical device manufacturers. But ISO 13485 is a document sold by the International Organization for Standardization (ISO) for CHF196. On the other hand, it's a basic principle of American law that Federal regulations are made available for free. The idea is that it's not fair to hold someone accountable to a law and then charge him a fee to find out what the law says!

But if 21CFR Part 820 now incorporates ISO 13485 by reference, doesn't that mean that medical device companies should have access to the standard for free? And likewise for other industries whose regulations incorporate standards by reference?

What's the answer?       

In the end, the regulatory agency has to come to some kind of agreement with the standards-developing organization to make the standard "reasonably available" to persons who are affected by the law. For standards written by a dozen major organizations—including ISO and IEC (International Electrotechnical Commission)—there is a one-stop shop hosted online by the American National Standards Institute (ANSI) where you can download for free read-only copies of those standards which have been incorporated by reference into legislation or regulation.

Start here: https://ibr.ansi.org/Default.aspx 

Now to be clear, none of these organizations have relinquished their copyrights on the documents in question. And in order to respect those copyrights, ANSI's access is not exactly convenient. 

• You cannot print the documents you download from this site. 
• You cannot select text and copy it. 
• You cannot highlight it or add notes. 
• Before you can open any of these documents, you have to download a special plug-in for the Acrobat Reader, and then you have to open them in Acrobat (not in your browser). 
• You have to register with your name and address for each document you download, each time you download it. 
• There is a Frequently Asked Questions page with more information at https://ibr.ansi.org/Faq/Default.aspx. 

If you want access that doesn't suffer from all these limitations, you have to pay for the document like a regular customer.

But strictly speaking, you can get access to these standards for free—just like any other federal regulation.

      

How do the bad units know where to go?

When your customer returns a failed product, there are things you regularly do to understand the problem. Depending on the product, you might check its serial number against your production logs, to see when it was manufactured. Was it part of a batch that you already know had problems? Maybe you check its composition. Does it include components that have given you trouble before? There are multiple avenues you can explore, as part of your root-cause analysis investigation. But do you remember to ask your customer, What exactly were you doing when the product stopped working?

This is not who the story is about!
But I found the illustration on the
Internet and couldn't resist. 

Last week I heard the craziest story. Some customer had an accident that left him unable to walk. But his job required him to move around a lot, so he got a motorized wheelchair. After a month, the engine burned out, and he had it replaced. A month later, the new engine burned out, so he had that one replaced too. And the month after that ... well, you get the idea.

It seems that the wheelchair manufacturer and the customer's insurance company let this cycle go on for some time before they finally began to investigate. What exactly was this guy's job, anyway? It turns out he was a high school football coach. And his idea of how to do the job involved racing back and forth on the sidelines during games, so he could get a close look at what was going on. On the grass. In the mud. All through football season. If he got stuck in a mud patch or a gopher hole, he just jammed the wheelchair into overdrive until he got free. And somehow the engines in his wheelchair kept burning out.

Gosh, who would have guessed?

It reminded me of a story I heard years before, in a problem-solving class. A large manufacturer of high-end cookware kept getting pans returned where the ceramic finish had melted in a way that made the pans unusable.* They studied their manufacturing process, spent a lot of time and money on improvements, and it made no difference to the return rate for this particular failure.

Finally, after a lot of frustration, they hired a problem-solving expert who looked at the overall return data. This company shipped product throughout North America, but all the returns with this problem came from Toronto. Right away he told the company to stop wasting time and money reengineering their manufacturing process.

"Why?" they asked. "How can you be sure that's not the problem?"

"If the problem was caused by manufacturing, it would be evenly distributed across all your customers. But look at this map. How do all the bad pans know to go to Toronto?" 

"Then what's the cause?"

"Put me on the next flight to Toronto, and I'll tell you."

In the end, he discovered there was a popular cooking program on a local TV station which recommended that viewers clean their pans in a certain way. That cleaning method just so happened to destroy the ceramic finish on this company's pans. I don't remember how they finally solved the problem. But until they asked how their customers were using the products, their investigations were fruitless.

So remember to ask. If you see failure data that doesn't fit the patterns you expect, what other pattern does it fit instead? There has to be one. And when you have all the facts, the picture is going to make sense. As long as the failures make no sense, you don't have all the facts.

Just remember: How do all the bad pans know to go to Toronto?

It's a powerful question.

__________

* I heard this story years ago, so I may have some parts of the story slightly garbled. But the point should be clear.      

Upcoming Changes in ISO 9001

Late last week, Quality Magazine published my article, "Upcoming Changes in ISO 9001." In it, I review the recent DIS9001 and explain the changes that it introduced:

Quality culture and ethical behavior

Opportunity-based thinking

Changes to the terms and definitions

Other changes 

I also explain my conclusion (which I have already stated in other venues) that any company which is securely certified to ISO 9001:2015 should have no trouble upgrading to the new version ... unless some new, massive, unforeseen change is snuck in at the last minute. 

It's their article now so I won't post the text of it here, but you can find it by following the link. I hope you find it useful!

Write documentation you can use

People often associate Quality with documentation. To some extent, this is unavoidable: you need a written record of inputs and outputs to make sure they both match the requirements, for example. But it's also partly because of the enormous influence of ISO 9001, which—especially in its earlier editions—stated a number of specific documentation requirements.

In principle the association isn't a bad thing. Documentation is incredibly useful. The problem comes when companies start documenting things without regard to whether someone is going to use the documentation later. Pro tip: If nobody is ever going to read it, then writing it down might have been a waste of time.* By the same token, if you write something down it is only considerate to think about who is going to read it, and what it will take for your writing to be useful.

One of the best examples I ever saw for the latter point was implemented by a contract-manufacturing company my firm used to do business with. They were a small company, but they had carved out a specialty niche in the larger ecosystem of manufacturing for the high-tech market. Because they were a small company, they had only a few large machines and the rest of their product assembly was done by hand. This meant that each workstation along their assembly line needed work instructions, to tell the people there what to do.

Manufacturing work instructions can be handled in a lot of different ways. This company started with the drawings we gave them, along with all of our assembly notes, but then wrote their own instructions based on them. 

• Their manufacturing engineer wrote one document per workstation, so the people at Workstation 2 wouldn't get distracted by instructions for Workstation 3.
• Since most employees had a native language other than English, each document was bilingual in English and the other language.
• Each document included a photograph showing what the product was supposed to look like when it came into that workstation, and then when it left.
• After their manufacturing engineer generated this series of documents (based on our drawing), he sat down with his contact on our side to review the whole stack of them, to clarify any confusing points, and to get our approval.
• And of course these documents were kept under strict version control.  

Ironically, this company was not certified to ISO 9001. They had investigated what certification would require, and concluded that they already had plenty of business and didn't need it. They were also the only supplier of ours that never once caused us a serious problem! (I allude to them briefly in this post here.)

But they understood what they needed in order to do excellent manufacturing in their specific industry niche. So they focused on that, ignored distractions that didn't matter to them or weren't useful, and turned out flawless work. Every time. 

_____

* Of course there are exceptions. If I write something down, the very act of writing also helps me remember it. That's why I said "might have been."     

      

Feedback on Santa's audit!

Wow! I got a lot of comments on last week's post about how far Santa Claus complies with ISO 9001. Thanks especially to Pia Hamrin, Dawn Ringrose, Petro Shoturma, and Jeremy Panitz for their detailed feedback!

What interested me was the remarkable level of unanimity among the responses. Of course each commenter had a unique perspective. But since Santa Claus is fictional,* any commonality among the responses must be traceable to the second half of the discussion—namely, to the expectations that grow naturally out of working with ISO 9001. Those of us who work with the standard regularly have come to know that some clauses need a lot more attention than others, because the impact they have on organizations is so consequential.

Even if you aren't worried about Santa Claus, ask yourself whether these same clauses aren't important topics in your organization.

Common concerns

It was no surprise to me that the two topics which attracted the most attention were Internal controls and Complaint handling. Businesses differ a lot: organizational contexts can be very different, as can the quality of customer requirements. For some companies those topics might require a lot of attention, while for others the same topics might manage themselves. But internal controls always matter—to everyone. And without complaint handling, you have no feedback on your operations to make sure your customers are satisfied. So nearly everyone agreed to focus on those areas.

Naughty or nice?

Everyone knows that Santa Claus checks whether each child is "naughty or nice," but how does this happen? Dawn's reply assured me that Santa uses a proprietary algorithm. But Pia asked how that algorithm is validated, and whether the sources are documented? Jeremy suggested that Santa consults with children's deities around the world to make his determinations.

Complaint handling

Petro and Pia both raised the issue that there is no publicized mechanism for complaint handling. Jeremy suggested a resolution to this topic, though, by arguing that "If the customer isn't satisfied with the gift they got from Santa Claus, the gift did not come from Santa Claus."**

Less worried

By contrast, nobody was very worried about document retention. Dawn suggested that the children's letters must be fully digitized, and nobody else took up the subject. I think this lack of concern reflects our common experience that yes, of course document retention is important; but on the other hand documentation findings are generally the weakest kind of finding in any audit.

Similarly, Dawn and Jeremy both assured me that internal audits were done by impartial elves, where "no one audits their own toy line." And I think we have all experienced that even in organizations where the Quality Management System is informal or not very mature, it is generally possible to find people who can treat the process objectively, and who can therefore do reliable audits.

Unique observations

Then there were the unique observations, that pushed the discussion in an unexpected direction.

Jeremy argued that Santa Claus is thought of as a toymaker, but that the real focus of his design expertise is in logistics. In commenting on clause 8.3.2 (Design and development planning), he explains, "Santa has only 24 hours to deliver toys and other gifts all across the world. That means he's got to know the weather patterns. So his design and planning is less on toys and gifts and more on safety and delivery of the goods." Jeremy doesn't use this example, but I assume he would compare Santa (in this respect) to McDonald's, who didn't redesign the hamburger but revolutionized how it was delivered to the customer.

For her part, Dawn answered the question about children changing their minds by enunciating the rule, "Last Wish Wins." But that rule means that the audit plan has to spend a lot more time checking scrap and rework under clause 8.7 (Control of nonconforming outputs). As long as the only topic was the elves' workmanship, we could assume that the elves are magical and don't make mistakes; so overall scrap should be minimal. But if children can change their minds late in the game, there is sure to be scrap as earlier gifts are replaced with later ones. Thus does any answer in one part of the audit open up new trails in another part—and this, too, is a familiar experience to all of us.

Naturally I don't mean to suggest that any clause is unimportant. In the right (or wrong) circumstances, any clause can trip you up. But I found it interesting and reassuring that the feedback on this topic aligned so closely with my own sense about where the critical risks are in any ISO 9001 implementation. Again, even if the North Pole doesn't interest you much, your own organization does. And it is worth looking over where your own risks are.

__________

* Or at any rate I'll assume so for the purposes of this post! 

** It's an interesting idea, to which I note only that, however this principle might work for Santa, it's not available for the rest of us.