Companies must take caution when building and integrating systems as an Integrated Management System (IMS) or Business Management System (BMS) styled approach. It takes years to build correctly and not something that should be a quick solution to fulfil external audits. External consultants can help to bridge the gap by entering the organisation to develop fantastic process maps, policies and guidance documents, however when they leave or finish their consultancy period, questions arise: Going forward who operates the compliance on that process or document? Who ensures it evolves with the business? Who is your Assurance or Compliance team and will it survive the long haul?
The risk with this approach is known as a ‘revolution’ style, where the BMS or IMS is not fully appreciative or inclusive of the organisation’s people and ways of working. It has been created based on an assumption made at a point in time of how the business should work or interact to satisfy ISO requirements rather than reflect how the business actually works in reality.
The system developed must be tailored to the organisation, and not only to satisfy the ISO clause requirements. Too often a ‘signpost manual’ or step by step ‘ISO reference manual’ is created and cast as the final system to highlight how and where the company complies with, but will this be suitable for the organisation to be able to deliver the fully functioning and comprehensive system that it needs?
Other risks can present themselves where those systems aren’t fully inclusive of all aspects of the organisation, as some can often be deemed not necessary, relevant, or applicable to all organisations. Not fully including all aspects of the organisation can lead to disjointing and the system in place can be limited, incomplete and selective in what it includes. ISO 9001 is inclusive of all departments; a system really is everyone and everything a business has, all are critical in their own right.