Hypothetical Case: Organization Reporting, Policies, and Management System
This is a hypothetical situation I am posing for Quality Manager and Quality Auditors:

Consider Organization A.

- Regular annual report, normally provided and available to stakeholders in May-June span, remains unavailable in August with no disclosure of a future publication or release.
- Since the publication of the previous annual report (June 2019), the organization has encountered
  1. - significant restructuring and
  2. - asset transfers,
  3. - change of participants in the executive roles.
- Policies regulating the production of this report (and similar functions) have not been updated since prior to 2015 (some policies were last updated in 2011, 2008, even 1997).

If you were auditing or evaluating the management system for Organization A, what would be among your top concerns?
8 Replies
I am seeking inputs from various perspectives.  Luigi Sille‍  ; Amanda Foster‍  ;  David Harry‍  ;  are among the greatest contributors to myASQ.  I invite them and others in their respective networks to share their opinions.  I also enjoyed hearing from Janet Lentz‍  ; Jeremiah Genest‍ ; and others who have been very articulate and insightful on myASQ.
Dear Daniel,
Your case is describing a failure of the governance function of the organization, not the management function. Governance should provide the oversight of the executive team to assure that the organization can sustain its purpose and deliver on value to owners (this is true for either privately-held organizations, or publicly-held organizations). 
Your situation describes an ideal case to argue for the need of quality thinking in the governance of the organization at the level of board membership. 
Marcos E. J. Bertin has been pushing for this since he delivered the first paper on the subject in 1997. There had been planned a "Quality Governance Cafe" at the WCQI. It was piloted with executives in Buenos Aires in May. There is an IAQ Think Tank that is working on this concern with the World Bank. 
Clearly to me, the Board needs a better system of governance controls and establishing an operative quality policy for the entire organization that can be the foundation of its improvement-based DNA.
Best regards,
Regarding the organization A, if we were auditing the organization there will be the below concerns:
1. Policies and procedures are living documents that should grow and adapt to the organization, policy review and revision is a crucial part of an effective policy and procedure management plan. Outdated policies can leave the organization at risk. as old policies may fail to comply with new laws and regulations. They may not address new systems or technology, which can result in inconsistent practice.
Amanda Foster
664 Posts
Well, Daniel Zrymiak‍, I would first review the policies that govern the aforementioned practices to see if these polices are still being followed. If the regularly provided annual report is not mandated by the policies it may be inconvenient to those expecting it release, but acceptable within the approved policies and procedures. If the annual report is mandated by the policies and procedures I would then look for contingency plans or alternative for release inside these same documents. If these exist, I would check to see if they are being followed. If so, there is no conflict. If they are not being followed corrective action is needed.

If policies do not exist then it is time to start investigating why. In the current climate so many businesses are struggling it's not surprising that things are not being released as usual. I would want to look for patterns of not meeting requirements, stated or self-imposed. Clearly the organization is struggling with changeover and restructuring challenges and it would be a concern to an auditor evaluating the management system. It is not necessarily in peril though.
Dear Amanda,

Your first comment seems a little "idealistic" as I know of no major corporation that requires the executive function to do anything! Most senior management teams scope the policies and procedures to apply to the "lower" extremities of the organization and not to themselves. This may be a convenient avoidance of responsibility; however, it is what they do. Perhaps an interesting, although a somewhat moral question, would be should organizations establish strict policies for the executive function? What would be thought of as an adequate penalty for non-compliance? Terminate the CEO? Who should conduct the audit? Surely not an ISO9000 auditor! Managing the governance function of the organization, especially in large organizations is the job of the Chairman and the Board of Directors. External financial auditors do their job under the oversight of the board and failure to comply with this direction can, indeed, get an executive terminated. I do not think I have ever met an ISO9000 auditor with the expertise to do these kinds of audits, or for that matter to work with the Board of Directors of a major company. While this might work with a small organization, when the auditor has significant experience, most large corporations do not perceive much value in the growing "auditing creep" that is being sponsored by ISO. I think that this could be a wrong signal for ISO to send to the business community - and that it has a tremendous risk of creating alternative "quality system audits" so that no longer is there a truly global standard.
Food for thought!
Best regards,
The company I work at Top Management does take their roles in the QMS very seriously. When I first got here, we were going to have a certification audit to the 2015 ISO standard for the first time. Most employees had the perception that the Leaders in the Office were not going to be audited either the internal audit or the registration audit. I told some of them, that is not the case as I was auditing Senior Leadership. After the audit, a couple of the shop floor employees asked the COO how his audit went. They were very surprised to find out I put him through a tough audit. During the registration audit, the auditor had the VP for Sales in his office for the better part of 45 minutes and one of the Customer Service women for 20 minutes. Needless to say that ended the Office don't get audited" myth. Top management knows they will get tough internal audits and they want that because they want to make improvements to the QMS to make us a better company. My audit team has endeavored to to be as through as possible whether they audit the shop floor, office engineering or Senior leaders. We're out to find flaws with our QMS and have those responsible for the process where the flaws lie, to fix them through team efforts.
Said Malki
2 Posts
Hello Daniel, 

I think there are  concerns and problems at the level of the governance's process and outcomes.  It may be urgent to evaluate and tackle quickly major drawbacks  to safeguard timely and effective future delivery. In the other hand, it is  important to explain ASAP to all stakeholders aspects behind the report's delay and thank them for their patience. 

Dear Said,
If external reports of the business have not been released on time, then the company may be in violation of the law and subject to legal reprisals from either the commercial or tax authorities. A "Must-be" quality item for companies is compliance with the legal and regulatory constraints on their business. These organizations do not have patience, nor should they. Any organization entering into business must understand the essential ingredients that are absolutely required of their business model. Failure to understand and comply cannot be a matter of an apology and request for patience.- it is fundamental to the principles guiding the organization.
Of course some may say that apology and requesting patience apply to customer issues. However, my comment is that customers only retain patience for so long. They prefer the other "p" word - performance over promises.
Best regards,