What exactly is the Process Approach?
Since the year 2000 release of ISO 9001, all ISO certified companies have wrestled with the practical application of the “Process Approach” that was introduced in the current version of the standard. In fact, other than the reduction of the number of “required” (i.e. prescribed) documents, the shift to the Process Approach was the most significant change from older editions of ISO 9001. This struggle has been expressed by a number of common questions:
- What exactly is a “process” as required by ISO
- How do we document our processes
- How does the rest of the Quality Management System (QMS) support our processes?
- How do we audit using the Process Approach?
- What are the Registrar’s auditors really looking for?
If you’ve found yourself asking these or similar questions or you’ve had other people in your organization ask them and you’ve struggled with a response, then understand that you are not alone. The continued confusion about this aspect of ISO 9001 seems from the generic language of the standard and the various ways companies have attempted to comply. It hasn’t helped that Registrars seem to have different approaches to interpreting and auditing these requirements. Let’s see if we can take some of the mystery out of this for those of us trying to make ISO add value to our businesses on a day-to-day basis.
A Simpler Explanation
From the language of the ISO 9001 standard itself, the “process approach” is described as:
“The systematic definition and management of processes, and their interactions, so as to achieve the intended results in accordance with the quality policy and strategic direction of the organization.” (ref. section 0.3.1).
Let’s put that into simpler terms. The process approach means that you improve your business by managing and improving certain key business processes that directly impact your ability to serve your customer. Since your business processes are basically “how you get things done,” by improving these processes you improve your company’s ability to meet customer requirements. Gains made by improving your key processes pay dividends today and in the future as your QMS drives meaningful improvement in your business.
So, that takes the focus of your ISO efforts off of “getting ready for the next audit.” While a necessary part of ISO, passing the audit will only maintain your certification. This is the minimum benefit you should receive from your efforts.
The real opportunity for measurable business benefit from ISO 9001 is for better efficiency, reduced failures and higher levels of performance for your customers. The most effective ISO “lever” to achieve these results is the management and improvement of key business processes. Often, the most critical processes in your business are cross-functional, cutting across boundaries within your organizational structure. Improvements in these processes have an ongoing payback if such improvements are sustainable and sustained. The process approach, when correctly applied to your QMS, is the way this gets done.
So, what is a process?
For those who may not have a strong background in studying processes and quality improvement, it is common to ask, “What exactly is a process?” Using the text from the ISO 9001 standard:
“A set of interrelated or interacting activities that use inputs to deliver an intended result” (ref. 3.4.1; ISO 9001:2015).
In other words, a process is basically how you are operating a certain activity within your business to convert something such as an unfinished product, some data or information, an untrained employee, or other “input” into an “output” such as a finished product, decisions based on data or information or a fully skilled employee. The steps you’ve followed to accomplish the intended results is the process.
Keep in mind that your business processes exist whether or not you understand them or are trying to improve them. Some are more informal than formal. Others are less effective than you assume. There are those that are surprisingly effective though you’re not sure why. Processes are simply “the way we get things done”.
Processes come in different shapes and sizes. A process can be as “small” as a task someone has to do, such as entering data into a computer. A somewhat larger process would involve several people within a certain department to complete something, such as putting together and implementing a new marketing campaign. A process can also span several departments who all have to work together for a common goal, such as developing, producing and releasing a new product or service.
These different process scopes illustrate how smaller processes “fit” into larger processes and support them. Generally, you should consider bigger processes to be more important to your business performance overall than the smaller ones. But it is often the case that the broader cross-functional processes are not well managed, despite their greater importance.
This is because cross-functional processes cut across organizational boundaries, involving several department heads. The organizational structure, in this case, tends to work against efficiency because of the “hand-offs” between departments and conflicting goals between organizational groups. Yet, because of their importance to meeting customer requirements and management objectives, they should be considered among your most critical “key processes” to be managed within your ISO system.
What’s involved in managing processes?
The management of key business processes basically involves the following:
- Identifying the processes that most directly impact your customer and overall business performance.
- Establishing reliable measures of performance for those processes.
- Assigning responsibility for monitoring and improving each process.
- Proper procedural documentation to control each process.
- Effective action to root out obstacles in the process and to resolve root causes to performance gaps.
- Integrating the process with the requirements of other business processes.
The management of your key processes should serve as the “top level” of your QMS – that is, it should provide the overall purpose and structure to your procedures, work instructions, training, etc. In addition, the selection of processes and establishment of process measures should be derived from your overall business and quality objectives.
What does ISO require?
When reading the ISO 9001:2015 standard, it’s easy to miss this central emphasis on managing key processes. This is in part because the requirements for managing processes are sprinkled throughout the standard under various headings. Piecing together a complete understanding involves pulling a number of requirements together.
0.2 Process approach
It is helpful to start with the Introduction to the standard that introduces the concepts of managing your business through the identification and management of a “system of processes”. Four parts of managing key processes are listed:
a. Understand and meet requirements.
This indicates that the purpose of each key process is to meet specified requirements. If those requirements are not clearly defined and communicated, those involved in the process won’t know if they are achieving what is needed.
b. Consider the added value of the process.
Processes to be managed should be selected based on the “value” they add to the ability to meet customer requirements or to meet business objectives. That means that you should start with the most “key” (critical) processes to your business.
c. Monitor process performance and effectiveness through actual results.
Once you’ve identified and defined your key processes, each should be monitored using a few performance measures. The measures should be selected based on the most important objectives for each process and its overall purpose.
d. Data-driven continual improvement.
Monitoring these results and analyzing the data will clarify specific improvements needed in the process to drive performance up. Using root-cause analysis to determine needed corrective action (and preventive action) will ensure that improvement efforts pay off with better overall results.
The model shown in Figure 1 within the ISO 9001:2015 standard helps to give a “big picture” of how the overall QMS works to ensure that customer satisfaction is achieved. Essentially, the model depicts how your organization translates customer requirements into customer satisfaction through your internal QMS processes. The model aligns with the 5 major sections of the standard (4.0 – 8.0) to help you understand how the requirements fit together. From a conceptual perspective, the diagram is helpful.
Do we have to Audit using a Process Approach?
One final question is commonly asked relating to whether or not your internal audit program must be reorganized to audit “processes” rather than “ISO requirements”. Many ISO internal audits are structured around a requirement-by-requirement review of the quality management system following the sections of ISO 9001:2015. It is common for an audit checklist to itemize questions to confirm whether the QMS:
- a) conforms to:
- 1) the organization’s own requirements for its quality management system;
2) the requirements of this International Standard [i.e. ISO 9001:2015] (ref 9.2.1).
The scheduling in such an audit program is often by departments within the company. If this is your current procedure for auditing, the question that comes to mind is “do I have to change to auditing processes? If so, how do I do that?”
Well, the ISO standard does not really say how you need to organize your audits; just that you need to consider in your audit plan:
The importance of the processes concerned, changes affecting the organization, and the results of previous audits (ref: 9.2.2)
So, bottom line is that you are not required to rearrange your audit program to “audit processes” per se. But you do need to be sure your auditors are aware of your processes and how they are organized, managed and currently performing. They can then provide useful feedback to your key process owners as to how well they are implemented and areas needing improvement. As a minimum, you need to determine the scope and frequency of your audits based on, among other factors, how well your key processes are performing.
The Need for a Process to Manage Processes
So, an effective implementation of the “Process Approach” would start by laying out how you will select, manage and improve the most critical business processes that impact your customers and internal management objectives. This would include assigning responsibility to certain individuals or teams to take charge of your key processes. Teams work well when processes cut across your organizational structure. Then, these process owners will monitor and improve these processes on an ongoing basis taking full responsibility for their performance.
Perhaps, then, one of your first processes to establish is the process for how you will manage your key business processes within your organization.