Good Business Sense Is the Key to Confronting ISO 9000.

First established in Europe, ISO 9000 quality standards are now used worldwide. There are advantages, costs and limitations to the ISO 9000 certification process. In the end, good business sense is the guide to confronting ISO 9000.

Business is not immune to the fads of American society.

The role of ISO 9000 is becoming clear, and a new phase has begun. More information on the costs and benefits is available, and the limitations are becoming apparent. ISO 9000 should not be adopted as a "cure-all." Using ISO 9000 can wisely be separated from seeking certification. Most companies should be involved with ISO 9000, but good business judgment is needed to determine its proper role for a company.

ISO Background

The last decade saw a remarkable growth in the acceptance of ISO 9000 quality standards. More than 90 countries adopted ISO 9000 or its equivalent. Adherence to the standards is mandatory for companies selling medical devices or telecommunications equipment in Europe, where more than 20,000 companies are registered. In the U.S., suppliers to the electrical, chemical and nuclear industries expect certification to become mandatory. The number of ISO 9000 registrations is doubling every nine to 12 months in the U.S., from 100 in 1990 to 4,000 in 1994 to 8,400 in 1995. It has been called "the most influential single meta-standard so far, a movement toward global business requirements" [12].

As companies gained first-hand knowledge, they learned that ISO certification does not guarantee success in business. The focus is often on paperwork, which may not directly benefit a firm. Registration can be expensive and unfortunately has become a vehicle to increase consulting revenues. Studies show that the majority of certifications derive from customer demands, such as a vendor qualification checklist, instead of internal needs to improve quality. ISO 9000 certification is being re-evaluated, and management has important choices to make.

What Is ISO 9000?

According to the original 1987 bulletin from the International Organization for Standardization (ISO), ISO 9000 is "a series of international standards dealing with quality systems that can be used for external quality assurances purposes." The ISO was founded in 1946 to develop international quality standards to facilitate worldwide trade and help Western countries regain their competitiveness. The organization consists of a coordinating group of members from more than 90 countries. The U.S. representative is the American National Standards Institute.

ISO 9000 sets standards and provides guidelines on how to establish systems for managing quality products or services. Organizations must document practices that impact the quality of their products or services and use the procedures to gain and maintain certification. Proponents see the key to quality as the creation of an internal auditing system where all company functions are constantly monitored.

As shown in Exhibit 1, ISO 9000 is actually five different programs. ISO 9000 provides the general guidelines. The most comprehensive program, ISO 9001, covers research, design, building, shipping and installing. ISO 9002 is for companies that only produce and supply existing products. ISO 9003 is for companies that do less, such as assembly only. ISO 9004 is a guide for further internal quality development New developments include QS 9000 and ISO 14000, which address environmental concerns.

After all the systems are in place, certification rests on an audit by an independent registrar. The original ISO technical committee did not anticipate the profusion of outside groups offering to guide, audit and register companies. It saw ISO 9000 as a guide for self certification or certification by customer companies.

A certified sticker on a package is an important driving force for ISO 9000. Half the companies seek certification because of customer expectations, market advantage and competition. Less than a quarter of them cite reduced costs and quality improvement as the reasons. International issues drive only one out of ten.

Benefits of Certification

Cost savings. A survey by Lloyd's Register Quality Assurance indicated ISO 9000 increased net profit Some companies saw cost reductions of five to 30%. A joint study by Deloitte-Touche and Quality Systems Update reported that companies averaged annual savings of $175,000 from registration. Another Deloitte-Touche survey reported that the costs of registration were recovered in three years. Registration is actually a cost, but savings are indirect, resulting from improvement of company practices.

Market expansion. ISO 9000 is not a requirement for doing business in the U.S. but is in other countries. The European Council of Ministers requires certification for producers of certain types of goods including commercial scales, construction products, gas appliances, industrial safety equipment, medical devices and telecommunication equipment. In the European community, any product that is potentially hazardous or involves personal safety is a candidate for ISO 9000 requirements.

Most ISO requirements are not government mandated. Large corporations, mainly in Europe, are requiring ISO 9000 certification of their suppliers. ISO 9000 requires certified companies to qualify their vendors, and many companies require their suppliers to be certified as well.

ISO 9000 certification may improve company standings in the European Union. The EU is the second most powerful economy in the world and the largest trade partner of the U.S. The U.S. exports more than $100 billion to the EU annually. More than half of this is impacted by ISO 9000 standards. In Europe, there are more than 70,000 sites registered, so ISO 9000 certificates are like passports or visas. For international companies, certification offers an opportunity to do more business in Europe.

Improved operations. Certification provides credibility for corporations. A certified company has demonstrated and documented adherence to worldwide standards for quality systems. Potential suppliers can provide products of a consistent quality, and certification cuts down on the number of audits performed by customers on their suppliers. If the supplier base, including first-, second- and third-tier suppliers, are ISO certified, then the final products, which can include thousands of parts and components, should be of superior quality and reliability.

Also, ISO 9000 certification allows a company to control risks and exposures associated with defective products. With extensive quality systems in place and operating properly, failures and defective product litigation is minimized.

Communications. ISO 9000 is not only a quality tool but a communication system. If implemented correctly, the ISO 9000 system:

* Builds interpersonal communication between managers and employees

* Resolves political conflicts, procedural inconsistencies and conflicts between formal and informal communication flows

* Trains management and employees in communication skills

* Creates systems to document and disseminate information company wide and to all customers

* Provides a networked communications system

* Lays a foundation for using employees as sophisticated information gatherers and sorters [10].

ISO 9000 guidelines provide a comprehensive model for quality management systems that can make any company competitive. The standards offer a solid foundation for establishing a total quality management philosophy, and they help companies establish the discipline, procedures and methods to assure that all areas are aligned with the principles set forth in the quality policy statements. There are indeed many potential benefits from the ISO 9000 program.

The ISO 9000 Process

The program is complex with all its requirements. Many books and articles suggest a step by step process to achieve certification. Davies has a workbook to guide the process, ISO 9000 Management Systems Manual [3]. Peach has edited The ISO 9000 Handbook, a collection of independent papers to cover all aspects of ISO 9000 [5]. Johnson's 150 9000: Meeting the New International Standards and Zuckerman 's ISO 9000 Made Easy: A Cost Saving Guide provide authoritative coverage [4,11]. There are five steps for certification.

ISO 9000 assessment. The initial assessment is a detailed review of the company's quality systems and procedures compared to ISO 9000 requirements. The process defines the scope of the ISO 9000 project. It can take two or three days to complete.

Quality assurance manual. ISO 9000 standards require that the company document everything it does and every system affecting the quality of its finished product. A quality manual is a good way to have all the necessary documentation together in one place.

Training. From the top to the bottom, everyone needs training in two areas. An overall understanding of ISO 9000 vocabulary, requirements, quality manual and the benefits derived from the system is needed. The second area involves the day-to-day process of upgrading and improving procedures.

Documentation of new process. Any improved process will need new documentation. Once completed, a manual should outline every process that a company undertakes affecting the quality of its finished product.

Registration audit. The final step is an audit by a company-chosen registrar to see that the system is actually working as described in the quality manual and meets ISO 9000 requirements.

The Registration Process

The ISO certification process is now the focus of considerable criticism. The length of the process depends on a firm's size and complexity, current level of quality, extent of current documentation and degree of management commitment. Typically, a six- to 12-month training and preparation period is followed by an intensive yearlong effort to adapt procedures to the ISO standards. The timeframe is outlined in Exhibit 2.

In 1992, about 35% of companies failed the assessment the first time around. The success rate has now risen to more than 70%. About half the failures are due to a lack of documentation. A registered organization faces follow-up visits by auditors every six months to make sure the company maintains its quality procedures. After three years, the organization must undergo another full assessment.

Bethlehem Steel required eight months to achieve certification in one plant, while a similar sized company with no prior quality program took two and a half years. This indicates that tasks undertaken in ISO certification are already being addressed by some companies.

Cost of Registration

Certification can be expensive. "Quality Systems Update" reported that the average total cost including training and implementation was $245,200 [9]. Factors influencing the cost are the size of the company, the number and type of products, and the existing state of the quality control system.

A 1994 survey of equipment manufacturers showed large corporations spending more than $1 million for certification and smaller companies with about $25 million in annual sales spending an average of $250,000, plus annual maintenance costs of more than $70,000. These costs included registration fees of about $35,000 for a three-year cycle, employee time and new employees in some cases [12:8]. The annual saving from the onetime costs of being certified are shown in Exhibit 3.

In another survey, ISO 9000 certified companies on average invested nearly $100,000 to prepare and achieve certification. However, Maxim Integrated Products spent only $25,000 because many systems were already in place.

The four types of ISO 9000 costs cover training, consultants, registration and employees' time. Training for a single site may cost $4,000 to $5,000. A core group, including the ISO coordinator, senior managers and team leaders, receive a formal overview at a one-day introductory class typically costing about $500 per person. The coordinator takes two advanced seminars over two days at a cost of $1,000. Internal costs of document preparation, document control and employee retention are major expenses.

Consultants can assist with any part of the process. For a fee ranging from $700 to $1,500 a day, they provide a package to take a company from start to finish, promising quick, easy passing of the ISO audit.

To clarify the costs of registration, the National ISO 9000 Support Group asked a sample of registrars to submit a quote for a 250-employee automotive supplier with a single manufacturing site. The average registration fee was $11,300 with a range from $4,000 to $20,000. Half the registrars had special pricing packages for businesses with fewer than 75 employees. The fee for a large business site could reach $40,000. Surveillance costs over the three-year period run another $3,000 to $4,000 plus travel. Bibby reported the base costs of registration may be over $50,000. Fees paid to consultants, employees' time and documentation can drive costs over $200,000 [1].

Doing business in Europe will cost even more. In Britain, it costs a 15-person facility about $25,000 for a three-year certification process. Fifty-eight percent of ISO registered companies did not keep track of costs because the decision to seek registration was strategic, customer driven or in the long-term interest of the company. Ninety-three percent reported that they did not attempt to justify the cost of the ISO 9000-registration process [9].

This is an area calling for good business decisions. Each cost should be subject to a cost/benefit analysis. Some suggested activities are so logical they should already be implemented. Others have no benefit except for obtaining certification. Management should clearly understand where each proposal fits between these extremes. It may not be necessary, or desirable, to buy into the whole program.

Certification Problems

The current commercial certification process was not envisioned when ISO 9000 was established. Many experts believe that ISO 9000 is a pursuit of quality certificates rather than quality.

While rooted in good intentions, once dissected, it is painfully obvious that ISO certifications are merely more expensive and elaborate schemes that promise high quality and a competitive edge... namely, certification costs are astronomical and growing, and an ISO registration in the U.S. means little in Europe. When the smoke clears, the only organizations guaranteed to profit from this experience will be those deemed qualified to do the audits and issue the certificates [2].

The Chicago Metal Working Consortium considers ISO 9000 a "cash cow" for consultants and the service sector.

Regulation and implementation of the standards were left to participating countries, which designate organizations qualified to issue ISO 9000 certifications. Once registrars are accredited, there is no single set of operating guidelines, and the amount of work required varies depending on the registrar. Therefore, not all companies or countries will acknowledge certification from all registrars. Furthermore, many companies in Europe only accept certification from European registrars. To eliminate this problem, the national standards organizations are trying to create operating guidelines.

Hewlett-Packard, Motorola, Novell and Microsoft are leading a self-certification movement. This option provides greater flexibility to meet a company's objectives, reduce costs and increase customer understanding of quality management systems. Likewise, the National Tooling and Machining Association is asking its 3,000 members to comply with the ISO 9000 rather than pursue actual certification. Self-paced compliance is clearly an option for domestic U.S. companies, and industry-specific programs have merit.

Some argue that ISO 9000 is overrated, even counter productive. The Senior Officials Group for Standardization Policy of the EU Directorate, concerned that ISO 9000 has turned into a pursuit of certificates rather than quality, is calling for the creation of a Europewide quality program that would include a quality award like the Deming or Baldridge Awards [12:51].

The ISO 9000 certification process requires a mountain of paperwork. Opponents claim that it is only for documentation. Proponents believe that if a company has documented its quality systems, then most of the paperwork has already been completed.

Some say ISO 9000 discourages free thinking and employee empowerment. They claim that the ISO 9000 program is structured so that companies lose their power to develop creative solutions to problems or think of new and better ways of doing business.

Need for Industry Specifics

ISO 9000 is not industry specific, and opponents claim it is too general and fails to address inherent issues in particular industries. ISO certification is strongest worldwide in the transportation, oil, chemicals, electronics and computer industries. Tool manufacturers, automakers, steelmakers and woodwork machine manufacturers claim that ISO 9000 is a program created by consultants primarily to benefit consultants.

There is little enthusiasm for ISO 9000 in the steel industry where leaders view certification only as a marketing tool. Bethlehem Steel, the first integrated mill to be registered, views ISO 9000 as a means of cuffing down on customer audits. On the other hand, the chemical processing industry faces tough international competition and has openly embraced ISO 9000. In fact, DuPont has created its own ISO 9000 consulting service for use both within and outside the chemical industry.

Auto manufacturers have chosen their own system, QS 9000. In 1995, the Big Three automakers worked with American Society for Quality to develop an industry-specific standard, within the ISO 9000 framework but including a more comprehensive approach to quality management. They set deadlines for completion of the certification process by first-tier suppliers: Chrysler by July 1997, GM by December 1997 and Ford by June 1997.

At the beginning of 1997, only 12% of the first-tier suppliers were QS 9000 certified or compliant By the end of 1997, the vast majority had reached the goal because they could not do business with the Big Three without the certification. Many of the lower-tiers suppliers have not achieved certification and have been given more time to comply. The auto industry is quite happy with their quality success. Quality experts are hopeful QS and ISO may merge with improvements to both systems in the future.

What Should a Company Do?

It appears that ISO 9000 is emerging from a period of euphoria and wild promises. An editorial in "Quality Progress" called ISO 9000 Europe's "revenge" for years of American management fads. Good business sense will soon be reinstated, and several trends are apparent. The number of registered U.S. firms will continue to grow with more attention to industry-specific standards, such as the automakers' QS 9000 or Motorola's self-certification. Registrars will be subject to more regulations. The process will be streamlined to increase the effectiveness of registration in assuring quality products and services. The ISO 9000 registration will likely be de-emphasized, with the European Council agreeing.

What should a company do? First, decide if certification is needed. The sales department and top management can determine clearly the role of ISO certification in the industry and markets. Is certification itself important to the marketing plans of the company? If not, do not rush to certification.

Even without certification, companies should utilize the ISO 9000 model as a benchmark to assess the adequacy of its quality programs. Those responsible for the quality function should be thoroughly familiar with ISO 9000. This might take from one to 12 months, depending on the company's needs. During the ongoing quality operation, there should be routine opportunities for aligning the company's systems with the ISO model. This will contribute to the systematic improvement of quality and profit. If certification becomes important in the market, the company can then take that step with little disruption or costs. Good business sense is the guide to confronting ISO 9000.

References

(1.) Bibby, T. "ISO 9000, Not a Total Quality Solution, but a Catalyst for Continuous Improvement." Rubber World, 212, July 1995, 15-17.

(2.) Brown, R. "Does America Need ISO 9000?" Machine Design, June 6, 1994, 70-74.

(3.) Davies, J.S. ISO 9000 Management Systems Manual. New York: McGraw-Hill, 1997.

(4.) Johnson, P.L. ISO 9000: Meeting the New International Standards. New York: McGraw-Hill.

(5.) Peach, R. The ISO 9000 Handbook, 2nd Ed. Fairfax, VA; CEEM Inf Service, 1995.

(6.) "Quality Systems Update." Deloitte-Touche, Fairfax, VA, 1997.

(7.) Rabbit, J.T. and P.A. Bergh. The ISO 9000 Book: A Global Competitor's Guide to Compliance & Certification, New York: Quality Resources, 1993.

(8.) Uzumcri, M.V. "ISO 9000 and Other Metastandards: Principle for Management Practice?" Academy of Management Executive, XI(1), Feb. 1997.

(9.) Weston, F.C. "What Do Managers Really Think of the ISO 9000 Registration Process?" Quality Program, Oct. 1995,67-73

(10.) Zuckerman, A. "How Companies Miss the Boat on ISO 9000." Quality Progress, July 1996, 23-25.

(11.) _____. ISO 9000 Made Easy: A Cost Saving Guide. Amacon, 1995.

(12.) _____. "The High Price of Admission." Appliance Manufacturer, 42(5), 1994.

                             TIME REQUIREMENTS
Time Frame  Existing Conditions in Organization
  (mos.)
  3 to 6     Company is in full compliance with
            military- or nuclear-type standards.
 6 to 10    Company has specific procedures, job
           descriptions and quality organization.
 10 to 16      Company has sketchy procedures
                and keeps haphazard records.
 16 to 24      Company has no commitment from
                     senior management
                              ANNUAL SAVINGS
                         AND COSTS BY COMPANY SIZE
    Sales Volume     Average Savings Average Costs
        ($)                ($)            ($)
Less than 11 million      25,000         62,300
  11 - 25 million         77,000        131,000
  25 - 50 million         69,000        149,700
  50 - 100 million       130,000        188,800
 100 - 200 million       195,000        208,700
 200 - 500 million       227,000        321,700