One of the major changes with ISO 9001 (Quality Management System), 14001 (Environmental Management System) and ISO 45001 (Safety Management System) is the involvement and role of Leadership. I am often asked how to implement the Leadership clause or how will the auditor check leadership. This article will help you to be prepared.
For some companies, where the senior management are already actively involved in the management system, and the management system is a true reflection of how the company runs, this clause does not cause as much of a problem. If there is already effective communication and employees are engaged and involved it is likely that you are doing a lot right already. The only challenge here is recognising what you do habitually in order to answer the question when asked !!
However, in a company where traditionally the management of “quality”, “environmental” and “safety” has been the role of a particular person or group without involvement from senior management, this clause provides a few challenges. However, addressing these can lead to a more effective management system that gives back a lot more than just the marketing benefit of an ISO certification!
If starting out on the ISO journey, or just trying to breathe life into your current management system, it can help to consider what is already working well in your company – you are obviously doing something right to be where you are – and see where you can integrate the management system and where the leadership team can actively evaluate and drive improvement in the management system. For example, look at which meetings are working well, and can you incorporate elements such as reviewing objectives or non-conformities as a part of these meetings. This is often more effective than trying to have dedicated “ISO “meetings which often get postponed or shelved!!
What forms of communication are working well – how can these be used to encourage participation and feedback of employees, customers, and other interested parties.
Simple things like having a mechanism for suggestions or observations of risks and opportunities and acknowledgment of same, can encourage involvement of employees. However, be warned it is important that if you look for suggestions you ensure a response even if the answer is no, so that further suggestions and participation is encouraged. In addition, the ISO 45001 standard is specific about ensuring that employees are protected if they report any issues.
Preparing for the Audit
Auditors will now interview the Managing Director/CEO and members of the leadership team to look for evidence that they are accountable for the management system and are leading from the top. If you have a board over the MD they can be asked questions too to see if the support and leadership is there.
So, what can top management expect to be asked during an audit? Here is a sample of some typical questions, however keep in mind every auditor is different and asks in a different way but if you can answer these comfortably you are well on your way!
- Why did you implement the management system, what benefit does it give your organisation?
- What is the scope of your management system – does it cover all activities?
- How does it ensure customer focus and satisfaction/ improve environmental performance/ ensure a safer workplace?
- How did you determine what the main internal and external issues were for your company? What are the main ones, what are you doing about these? When and how do you review this?
- Who are the main interested parties (stakeholders) for your industry/activities, what are their requirements that you must meet and how do you ensure you are managing these?
- How/where are risks and opportunities considered or determined. Which risks, and opportunities, are critical to your management system and business goals? Has a plan been put in place to mitigate or take advantage of these risks and opportunities.? Who monitors this to ensure the actions are followed up?
- For environmental and Health and Safety, what are the main hazards in your organisation, how do you assess and control the risks? How are these communicated to employees and how can they give feedback on the controls or new/changing risks.
- How do you provide and demonstrate leadership for the management system? How do you communicate with employees and ensure they are involved and understand their role? Where have roles and responsibilities been defined
- How did you determine your quality/env/safety policy and what are the main points of the policy.
- What are the main objectives established for the organization. How do you monitor achievement and progress of these? Are there resources for the achievement of these? What happens if objectives are not met?
- What are the main legal and compliance obligations for your industry/activities?
- How/ where do the management team review the management system for example where are objectives and progress on actions including non-conformances reviewed, changes to the organisation considered, competence and training requirements and status etc
Many senior managers can be good at talking the talk, but your auditor will also look for evidence which may include the following:
- Attendance and outcome (actions and decisions) of the management review
- Achievement of objectives, close out of Non-Conformities, action taken on identified risks or opportunities.
- Operational or management meeting minutes to see if the management system effectiveness is included – for example is customer satisfaction, environmental performance, incidents, achievement of objectives etc considered in management level meetings.
- Discussion with other managers and employees to establish if support is provided and in cases where there is clear support from leadership, is there communication and awareness at other levels in the organisation.
- Performance indicators to see if continuous improvement is being monitored and achieved.
- Review of the Policy and objectives to determine if it is aligned with the strategic direction of the company
- Are roles & responsibilities assigned and clear and evidence that the responsibilities are being carried out.
- Are resources in place to be able to fulfil the requirements of the management system. For example, if records need to be maintained, is there a person assigned to do this and with the available time, equipment, information to do it. If a procedure or risk assessment says a task must only be done by two trained people, are two trained people provided for the task.
The best way to ensure that you meet the requirements for leadership is to implement a management system that is integrated into your business and reflects how you actually work. Build on what is already working well in your company and use this to enhance your management system. Keep communicating and involving others in the development, implementation and improvement of your management system and ensuring evidence of continual improvement. Implementing the requirements of Clause 5 leadership effectively should help you to establish and maintain a positive culture in your company and give you a framework to help you achieve your company goals including happy customers, safe employees and a protected environment as well as business growth and success.