Expanding Your Role in ISO 9000

By Wayne A. Label and Wilbur Priester

The adoption of ISO 9000 by countries throughout the world, aided by the regulatory requirements set by the European Union, has generated sufficient momentum for certification in the U.S. The authors answer the questions: Where did it come from? What is it? How do companies qualify? What are the opportunities to assist companies seeking to adopt?

The Industrial Revolution took place in the 1800s; the computer revolution happened in the early 1980s. Now it has been said that we are in the midst of the quality revolution. Modern manufacturing practices and the rise of global sourcing strategies have led companies to seek suppliers with a required minimum level of quality assurance. A body of standards, the ISO 9000 series, promulgated by the International Organization of Standards, has become increasingly important as companies look for uniform methods of quality assurance across country borders. Within the European Union (EU), many products related to health or safety--medical devices, construction products, industrial safety equipment, telecommunications equipment--require ISO registration prior to sale. Consequently, by 1993, over 20,000 companies in the United Kingdom were ISO 9000 registered.

Adoption of these standards by U.S. companies has lagged behind European competitors--less than 2,700 U.S. companies were ISO registered as of December 1993. Because multinational corporations and the "Big Three" U.S. automakers have embraced the ISO 9000 series of standards, however, it is a matter of time before these standards become a minimum requirement for doing business in the U.S. The Big Three have created an industry-specific system standard, QS 9000, and are targeting supplier compliance by the end of 1997. While the number of U.S. registrations now exceeds 7,000, over 13,000 first tier suppliers will be affected by the QS 9000 program. The majority of U.S. registrants operate within the electronic, chemical, or industrial equipment sectors (see Exhibit 1).

CPA firms with consulting competencies have an opportunity to develop services to capitalize on this growing market. By leveraging company relationships, they can establish a strong advantage.

The Origin of ISO 9000

The concept of quality system assessment rather than product assessment was born during World War II. In response to some quality-related issues, the British military procurement agency responsible for munitions developed a series of characteristics which could indicate a company's ability to consistently build a high-quality product. These standards were the precursor to the Allied Quality Assurance Publication (AQAP) series of standards developed and adopted by certain NATO countries. The U.S. military had also developed a series of standards (MIL STD 9858A) that focused upon quality system assessment. In addition to these military standards, over the years companies operating outside the military arena developed a series of voluntary guidelines, titled BS 5179, that paralleled the AQAP and U.S. military standards.

These quality standards continued to develop and evolve in Europe and the U.S. throughout the 1970s and 1980s. European countries began to discuss and debate the value of a single standard for quality management systems. In 1987, the International Organization of Standards (ISO), founded in 1946 and based in Geneva, Switzerland, published the ISO 9000 series of standards. These quality system standards included many of the characteristics of the AQAP and later generations of standards. The ISO 9000 system was adopted by the European Community as EN 29000. The U.S. followed and adopted the standard as ANSI/ASQC Q-90. The Q-90 series consists of five books, Q-90 through Q-94 which correspond to the five parts of ISO 9000 (ISO 9000 through ISO 9004). A copy of the document describing the Q-90 series of standards can be purchased from the American National Standards Institute (ANSI) or the American Society for Quality Control (ASQC).

What Does ISO 9000 Do?

ISO 9000 is a quality system standard. Because it was designed to apply to virtually any product or service, ISO 9000 does not dictate specific methods or practices that must be followed. Simply, it mandates the adoption of quality assurance goals and principles. ISO 9000 standards require that activities affecting quality must be planned, controlled, and documented. The underlying assumption is that if the quality management system is properly designed, effective quality assurance programs will be properly established. If a comprehensive system of quality assurance standards are in place, then good quality should follow. Many ISO 9000 proponents insist that the process of creating, documenting, and establishing controls for a quality management system can produce substantial benefits. The acquired knowledge and focus directed to quality objectives often leads to the discovery of cost-saving and value-enhancing change.

ISO 9000 standards have no provision for evaluating the quality of a product or service. The same part could be purchased from three ISO-certified suppliers with the end result of three parts of significantly different quality. There is no requirement to meet a minimum quality level as long as there is a satisfactory complaint-resolution system in place. A company's minimum requirement is conformance to its own criteria.

Certification or registration--terms used interchangeably--require that a firm set up an internal quality assurance system. This system is subject to audit by a third party prior to certification. Independent assessment of compliance with the ISO 9000 standards must be performed on a regular basis in order to retain certified status.

The Certification Process

The following four-step process details the tasks a company would follow in order to receive certification (also, see Exhibit 2):

1. Review ISO 9000 series of standards to determine which standard (9001, 9002, or 9003) applies to the business. The company must publish policies on each of the elements (i.e., management responsibility, design control, document control, training) the standard requires. All internal procedures must be documented.

2. Perform an internal assessment of the existing quality assurance system and determine how closely it conforms to the relevant standard (ISO 9001, 9002, or 9003). It is important to note that the ISO auditor will focus on the management system's ability to document the quality of products and services, not actual quality performance.

3. After correcting deficiencies in the system, select a registrar to perform a third-party assessment. Registrars are certified by a national body of accreditation. In the U.S., that body is the Registrar Accreditation Board (RAB). The selection of a registrar is not a trivial task--it may impact the markets in which the ISO certification will be recognized. Because ISO 9000 has spread across the globe and been modified by designated national accreditation bodies, ISO registrars may not be recognized across country borders: Any company seeking registration should consider their customer base before settling on a registrar. Some U.S. registrars have "memoranda of understanding" with European registrars. This means that a company could be recognized as ISO-certified in several countries by successfully completing a single certification process (see Exhibit 3 for the Top 10 registrars in the U.S.).

4. Third-party assessment. The assessment process can be broken down into several stages.

Preassessment. A company can obtain a quick review of documented evidence of conformance. Based upon the results of this review, the company can elect to proceed or delay formal assessment based upon the discovery of system deficiencies. The registrar looks at Level II documents to design the assessment plan and prepare checklists for the auditors. Level II documents include standard operating procedures and quality manuals.

Formal assessment. Auditors look over management system documentation and interview company personnel. By looking at Level III documents, auditors can confirm whether certain written procedures are being performed. Level III documents are written instructions issued as a part of implementing Level II
procedures.

Audit Report. The lead auditor summarizes audit-results and notes where corrective action is necessary. If there are deficiencies, the company can work to correct problems and later submit a report to the registrar documenting procedures put in place to correct prior nonconformance. The registrar can award certification based upon this report.

Certification. Once certified, the company can place the ISO 9000 seal on its letterhead.

Surveillance Assessments. Twice a year, with little or no warning, the registrar will send auditors to verify that the company is still in conformity. These audits tend to focus on weak areas noted during the original assessment. Nonconformities must be corrected by the following surveillance assessment. The third-party audit agency will perform a complete assessment every three years.

Internal Audits

Going forward, to comply with ISO 9000, the company must implement an internal audit-quality program. While the function of the internal audit department may not change as a result of certification, it is in the best interest of the company to use this tool to ensure continued compliance. The functioning of the internal audit system is typically reviewed during each surveillance assessment. Properly designed, the internal audit group can identify nonconformity and implement corrective action in a timely manner. This is particularly important when a business, or segment of the company, is going through significant change. Internal audits can then be directed toward ensuring ISO 9000 conformity in a proactive fashion.

The effectiveness of the internal audit system is an indicator of the state of the quality system as a whole. It therefore makes sense for companies to invest sufficient resources in this system. To build a strong internal audit group, a company must establish a comprehensive set of audit policies and procedures and ensure that audit personnel receive proper training to keep current with ISO standards. An audit charter, approved by senior management, should be adopted. This document formally gives auditors the authority to conduct internal audits and describes the responsibilities of the auditors and auditees. Audit policies should address the frequency of audits, the required level of training for auditors, delivery of the audit report, how long records are kept, and how disagreements between auditors and auditees are resolved.

Value of Certification

One major benefit of ISO 9000 certification is the ability to reach the consumers of the European Union--a market similar in size, as measured by GDP, to the U.S. While companies that export regulated products into Europe stand to benefit from access to this substantial market, all producers can gain from ISO registration. Consumers, accustomed to seeing the ISO 9000 seal, are likely to assume that products and services from certified companies are of higher quality. Even when selling nonregulated products, a company may acquire a marketing advantage from receiving ISO 9000 certification. As companies leverage the perceived value of this designation and customers indicate a preference for ISO 9000 certification, those producers that have not been certified will feel increased pressure to pursue registration.

A survey conducted by Research International for Lloyd's Register Quality Assurance (LRQA) noted that service companies cited marketing benefits as the primary objective in pursuing certification. The ability to bid for jobs and increase market share were named as key goals. Nearly two-thirds stated that marketing benefits were achieved. Survey data indicated that 69% of companies believed that registration had opened up new business opportunities. Data gathered by the United Kingdom Department of Trade from 2,500 registered firms was consistent with the LRQA findings. Almost half the companies reported increased profitability, and 89% believed that the introduction of a quality management system had a favorable impact on operating efficiency. Three-quarters of all respondents claimed improved marketing capability and, where appropriate, increased export sales. Results from a British Standards Institution study reveal that a company with a quality management system in place stands a four times better chance of survival than a similar firm that does not.

The required level of documentation and study of the manufacturing and quality processes in place can highlight areas that are ineffective in promoting product or service quality. In addition, the quality system structure, modified to conform to ISO 9000, will yield ongoing improvements to production and service. Such measures have resulted in cost savings or enhanced customer satisfaction. Findings from the LRQA survey indicated that the impact of internal benefits were much greater than anticipated. Over 85% of the companies asserted that conformance with ISO 9000 standards had resulted in better management control. Almost 70% observed increases in productivity and efficiency, and 40% cited cost savings.

In order to understand better the economic benefits that accrue upon certification, LRQA conducted a study that compared ISO-registered companies with firms in the same industry that had not registered. The study found that profits were double for registered companies, return on capital doubled in the years after registration, and sales and profits per employee increased over 100% in the year following certification. The study also suggested that for smaller companies, the benefits were even greater.

David Kingston of Extraction Systems, Inc. states that "the company is streamlining its operation...We are able to eliminate mistakes and become more efficient. We discover better ways of doing things." The estimated cost of certification for Extraction Systems was $15,000, not including the cost of internal labor. The company was able to defray the costs of training their workers through receipt of a state (Rhode Island) Workforce 2000 grant.

Delphi Automotive of Pontiac, Michigan had a similarly favorable experience. Louise Angelo, Delphi's quality coordinator for Europe states that "companywide commitment to ISO 9000 has led to many more benefits than initially anticipated...The standardized framework is also helping to harmonize quality systems within Delphi and to improve communications between sites and disciplines." The role of quality and how it can be measured has also been developed within Delphi at the individual job level.

Peter Jackson and David Ashton, authors of Implementing Quality Through BS 5750 (ISO 9000), argue that there is often a substantial cost involved in obtaining and maintaining registration, but this will normally be exceeded many times by the benefits from holding on to existing customers and winning new ones. This is supported by results of a Deloitte & Touche survey of 620 ISO registered companies. Eighty percent stated that ISO certification influences their selection of suppliers. Greater than 80% of the respondents indicated that they are encouraging their suppliers to pursue such registration. Savings achieved through ISO-inspired corrections, such as improved efficiency in production or fewer product defects, ranged from $25,000 per annum for companies with sales up to $11 million to $532,000 per annum for firms with sales of at least $1 billion. Such survey results make a strong argument for certification. Lorne Abrams, an industrial engineer at Technical Help in Engineering & Marketing (THEM), explains it all quite succinctly--"If you want to be in business through the year 2000 you have to be committed to quality. The best way to prove it is to be ISO certified."

Consulting and
Auditing Opportunities

The National ISO Support Group has identified a key factor that should encourage market entry by established consulting practices. A certification body for ISO consultants does not yet exist; anyone can market him- or herself as an ISO 9000 consultant. A National ISO Support Group Survey found that only one in every six consultants polled (111 of 660) had formal assessment training. Consequently, consultants with a reputation for integrity and business competence will hold an advantaged position in the marketplace as trustworthy service providers.

Consultants will find opportunities to provide services supporting ISO 9000 certification on three fronts. They can provide documentation services in support of companies' registration efforts. They may also perform audits of the quality assurance systems in order to better prepare companies for the formal assessment described above. Some firms will choose to provide ISO training for staff focusing on documenting or auditing the quality assessment system.

Given the need for a comprehensive write-up of internal procedures and analysis of quality controls, it is likely that managements may look for some assistance in pulling together the requisite documentation. The generic language used within the published standards allows for a wide range of interpretations. A firm may choose to become an expert in deciphering the intent of the ISO with regard to any standard or substandard. Companies seeking registration could then leverage the knowledge of the "experts" in determining how close they are in conforming to ISO 9000. In a competitive environment, the race to certification could take on great importance if initial registrants are able to differentiate their products or services on the basis of the ISO certification.

A firm may elect to perform quality system audits for companies in order for them to maintain ISO 9000 status. This need exists because the predictable but relatively infrequent work required to conform to ISO 9000 may not be sufficient to justify hiring full-time internal audit staff. In addition, outsourcing some portion of the audit can help ensure that the results reflect an independent assessment of the quality assurance system.

In order to provide these services, firms need to build an infrastructure of quality assurance experts. These specialists must be able to demonstrate competency in the target industries, products, and services in which the companies participate. It is likely that consultants can contribute significant value given their exposure to a variety of industries, systems, and products. Only the larger, more diversified entities can afford to assemble a similar variety of qualified and experienced personnel and they are limited by the bias of an "insider."

Recent Developments

The ISO recently released a draft of standards that address environmental issues, the ISO 14000 series. The standards seek to harmonize practices in environmental management, auditing, performance evaluation, labeling, and life-cycle analysis. The adoption of these standards in their current form is uncertain because there is a need to reconcile ISO 14000 to Eco-Management and Audit Scheme (EMAS) standards adopted by the European Union. It seems apparent, however, that business will need to establish and maintain environmental management systems in accordance with a common framework in the near future. In addition, the ISO is studying the need for a standard for worker health and safety.

The multistep certification process provides consulting firms with a number of service points. Firms may choose to build industry specialization, concentrate on niche markets, or offer a portfolio of services. As the market is still in its infancy in the U.S., the market for ISO consulting services is quite fragmented. Those firms that successfully establish a reputation for providing high-quality ISO 9000 support may be able to build a strong position in this growth market. *

Wayne A. Label, PhD, CPA, is a visiting professor of accounting at Georgetown University. Wilbur Priester is chief financial officer of Blue Water Capital, LLC. The authors wish to thank M. Monte for her assistance with this article.

EXHIBIT 1

TOP TEN NUMBER OF REGISTRATIONS BY SIC CODE ­ U.S.

EXHIBIT 2

THE CERTIFICATION PROCESS

EXHIBIT 3

TOP 10 REGISTRARS BY NUMBER OR REGISTRATIONS--U.S.