ISO 9001 Standards – Risks and opportunities

The first things to consider when we want to change a people intensive process are:

• What do the people involved fear? These are the risks – things that we must prevent.

• What do people hope for? These are the opportunities – things that we must strive to obtain.

In order to better understand risks and opportunities, we used a two-step approach. We started by interviewing two developers and one manager. The interviews were semi-structured in that we had a set of questions that we needed answers to but in

addition, we used follow-up questions to gain a better understanding of the answers to the predefined questions. The focus of the interview was on what they expected would happen if the company implemented an ISO 9001 certified process. Two typical examples of what came out of the interviews are shown below – one from a developer and one from a manger.

Manager: Implementing ISO 9001 will cost quite a lot. At the same time, the company will get a better overview of its competence, its experience and its document templates. ISO certification is an investment. We are, however, unsure of how long we have to wait before we can reap the benefits.

Developer: Some of the developers may have a negative attitude towards ISO certification because they are afraid it will hurt creativity. This is not only true for ISO 9001 standards but holds also for coding standards and other rules and regulations. Rules

and standards can take away all the fun from the job. In many ways this is the same attitude as we saw when we started to reuse components – many developers were afraid that they would not be allowed to develop things but just had to use “toy bricks”.

After the interviews we found that:

A. Everybody in the company – both mangers and developers – filled in the questionnaire.

The items in the questionnaire that got an average score of 5.0 or more were considered for risk and opportunity analysis. This gave us the following items:

• When we get ISO certified, we will have to generate more documents for each development project.

• It is important that all employees participate actively in the introduction of new processes, standards and procedures. This is consistent with e.g. Trittmann et al’s observation

• Active management participation is important in order to make the introduction of an ISO certified process a success.

• Active management support is important in order to make the introduction of ISO certification a success.

• An ISO certified process will lead to better working practices in the company in general.

Based on our findings, we identified the following risks that needed to be controlled throughout the implementation of the ISO 9001 certified process:

Risk 1: The introduction of new documents or additions to existing documents.

We decided that we should not make new documents except if absolutely needed.

Risk 2: Developer participation. The developers must be included at all steps in

the process. Their experiences and advices are important input to the new processes and procedures.

Risk 3: Management participation and support. Management must show their commitment by allocating money and time to the ISO implementation activities.

Opportunity 1: Better working practices. The changes in the development process must be considered to be improvements by the developers.

Management and developers are in agreement in the sense that everything the developers found important also was ranked high by management. There were, however, some cases where the two groups disagreed strongly – average score difference greater than 2.0. In all cases, management ranked these items higher than the developers.

The points are:

• Introducing an ISO certified process will cost a lot but will be a good investment – developers 3.3 vs. mangers 6.0

• Introducing an ISO certified process will give the company a better control over the order situation – developers 3.0 vs. mangers 6.0

• Introducing an ISO certified process will give us more satisfied customers already after one year – developers 3.2 vs. mangers 6.0

Management is more optimistic than the developers when it comes to business related issues such as order situation and customer satisfaction.