5.3 Organizational roles, responsibilities and authorities
Last week’s discussion focused on creating, communicating and understanding the organization’s mission and commitment to quality. Your homework was to consider how well, in fact, everyone understands the quality policy. In other words, the quality policy is meant to communicate that quality is “everyone’s job”. Thankfully, the standard follows the quality policy clause immediately with the “organizational roles, responsibilities and authorities” clause. Because when something is “everyone’s job”, it often results in missed cues and everyone assuming that “someone did it”, when in fact, no one really has.
The first change in this section standard that stands out for me is the addition of the term, “and understood within the organization”. Ok, fine, let’s be honest, the first change is really the removal of the requirement of a Management Representative, per se. But, even though the Management Representative has been removed, the responsibilities must still be assigned. So, it’s more a function of who’s going to do what? Each of these responsibilities may or may not be done by a single individual. Let’s look at them one by one:
a) Ensure that the QMS meets the standard – one might assume that is a major function of the internal audit process, so it would be logical to assign responsibility for internal audits and their outputs to someone or a team of someones, which brings us to:
b) Ensure that the process are “delivering their intended outputs”. The revision moves the actual identification and definition of the necessary processes to top management when the QMS is created in the first place. (This used to be the responsibility of the Management Rep). Once the organization’s context, processes and quality policy are created, responsibility must be assigned to ensure that the key processes are delivering on their intent. Woo hoo! One step closer to ISO9001 compliance = actual improved product/service!
c) Reporting performance and responding to the metrics of the QMS “especially for reporting to top management”. This does more to ensure real engagement and ownership of the QMS by top management. Someone must be identified to report, but also to respond appropriately to the data reported. Again, I put this one in the WIN column.
d) Ensuring the promotion of customer focus throughout the organization – the revision changes the sentence structure a bit, but the intent remains the same. Personally, I’d like to see this one moved to position “a)”, but I nitpick…
e) Ensuring the integrity of the QMS is maintained through changes and transition of the business. This is one of the most overlooked, and yet critical areas of maintaining an effective QMS. This item has been moved from “planning” to actually making it an assigned responsibility. But I still get the feeling it will continue to be buried. In my experience, CBs/auditors aren’t tough enough on this point. I’ve worked with many organizations who have seen real decline in their QMS as a result of changes to the business without consideration for the QMS. But I’ve rarely worked with anyone who has actually received a nonconformance or finding on this point. Perhaps moving this to an assigned person will result in more interaction and exploration of this point and exactly how it is managed, and more visibility and understanding of the importance it deserves.
The minor changes to this small clause, 5.3 Organizational roles, responsibilities and authorities, have the potential to have a very positive impact. Two major benefits:
1. Ties together processes and the expectation that ISO9001 compliance will result in better quality and
2. Ties together the quality management system and the business management system
All in all, I’m a big fan of all the changes in Clause 5 Leadership and everything in it. In my opinion, it does a much better job of setting the table for an effective management system intended to operate a business and provide tools for achieving its performance goals.
THIS WEEK’S HOMEWORK
How did you meet the former requirement of a “Management Representative” and all the assigned responsibilities? Was it a job description? An org chart? A responsibilities matrix? A combination of all of the above? Update your current system to meet the new requirements. Consider whether now is time to find a better way. Is there a way to use the processes you identified in 4 Context of the Organization and perhaps assign responsibilities for each process? What other methods might you use to ensure that the people who are assigned responsibility and authority know they are responsible, and that everyone in the organization also understands who does what.
Stay involved and engaged – SUBSCRIBE!
I like the changes that you’ve noted – that top management is required to be engaged in the process and providing direction.
In two previous places where I worked where a QMS was in place and both companies were ISO certified, both had findings where management did not even fulfill their requirement to have & document their management meetings.
I think that a lot of good CAN come from this new requirement IF top management doesn’t try to delegate and remains engaged.
@GarySamler – agreed. Management really must be the driver for any system to be successful.