CHAPTER 1: BENEFITS OF AN IMS
Prevents duplication of effort
Many organisations will find that when integrating all or most of their existing management systemās programmes (be these quality, information security, health and safety, and others), they will all have their functional processes and teams. An IMS can fuse these together, avoiding duplication in processes, procedures and functional middle-management time.
Efficient use of senior management time
Risk and opportunities can be looked at more strategically with an IMS and there is less duplication of time, money and effort in leadership governance. Monitoring and measurement processes for each of the management systems can be fused into more focused reporting, i.e. less time on considering multiple reports and less chance of key risk trends being missed in a mass of detail.
Uses resources to implement and manage systems more efficiently
While time and effort may be expended in creating the IMS, this can be more than recovered through the streamlining of systems and risk-based thinking once the IMS is achieved. Processes such as training and compliance auditing can be resourced on a process basis rather than individually resourcing different functional programmes.
The other key issue is that if an organisation is working in silos, there will be multiple demands for resources to support management systems. This can lead to tension, or competition for resources and attention at leadership level. For example, the quality and environmental management teams might compete for resources, but this will be based on their own siloed perceptions of risk-based priorities. If the organisation accepts they would benefit from a more holistic or strategic approach to risk and opportunities, the competition between such teams for resources is simply illogical and wasteful. Also, in the medium term, an IMS should create a greater sense of common priorities among the team(s) supporting the IMS, and less duplication of processes will also use finite resources more efficiently.
Reduces audit fatigue
Less siloed thinking leads to more integrated auditing, e.g. quality, health, safety and environmental management audit trails can be combined. Overall, less internal audit time may be necessary or, at least, the number of individual audits will certainly reduce. This can mean less disruption to day-to-day processes, and reduced āaudit fatigueā in some participantsā minds.
Enables a united management approach
The above points show how an IMS often arises from looking critically at the silos within your organisation and asking if this is the most effective way of managing stakeholder expectations.
While silos are the most effective way for some organisations to manage affairs, the two tests are:
1.Are we using joined-up thinking, or are parts of the organisation working independently or even in inadvertent opposition?
2.Are we duplicating effort ā could those duplicated resources be used for more productive outcomes?
If the answer is ānoā to either of these questions, the resources needed to create or evolve an IMS are almost certainly worth it.
Achieves more cost-effective certification
For larger organisations an IMS is likely to lead to less overall assessment time being required by the certification body (CB) concerned. Donāt forget it is not just the assessment fees that form the true cost ā it is the management time spent preparing and hosting the assessments, so any reduction in this has many benefits. Also, the assessment team is more likely to focus on the overall key risk and opportunities that the IMS is currently configured upon. This, in turn, can contribute towards continual improvement goals, rather than tick-box outcomes.
CHAPTER 2: TERMS AND DEFINITIONS
As outlined in the previous chapter, there are a number of concepts or guidelines that could help plan an IMS implementation and decide upon its strategic approach. Just as importantly, they can help define what the IMS policy and objectives can achieve.
We havenāt discussed specifications such as PAS 99:2012 (a Publicly Available Specification for integrated management systems) because many organisations will be taking existing management systems and creating an IMS from them. While PAS 99 is an excellent tool, looking at Annex SL will provide more of a grounding in the principles behind the purpose of an IMS. If you look at the heading of PAS 99 after looking at Annex SL, the synergies are obvious.
The other reason for not looking too specifically at PAS 99 is organisations that are using European Foundation for Quality Management (EFQM) Excellence Model (but more from a quality management perspective ā or using specifically or more broadly Lean or Six Sigma approaches, may find using Annex SL principles as a starting point more helpful in terms of understanding practical implications. The fundamental difference for Lean and Six Sigma readers is that there is more emphasis on risk management within Annex SL and metrics can be hard as well as soft ā see chapter three. For EFQM readers there are a number of subtle differences with Annex SL. Yet in many ways the strategic part of Annex SL is not as wide as EFQM but, arguably, presents more emphasis on how risk-based strategy impacts on day-to-day organisational processes, rather than just the organisationās strategic direction.
In fact, readers may find their IMS planning is encouraged by taking a helicopter overview of how different management systems approach things ā be it the ISO 9001 series, EFQM, Lean and Six Sigma. These, and many other proprietary approaches (e.g. COBIT 5Ā®, for IT management, and Hazard Analysis and Critical Control Points (HACCP) for food safety) can be interpreted for a much wider business audience, i.e. they can provoke ideas and discussion about how risk is managed in any organisation. Sounds confusing, but in reality the similarities and differences can be surprisingly obvious when each organisation applies its own circumstances to these different approaches.
For example, HACCP is about food safety. However, whatever the processes are, HACCP can make you think about your own processes, which may have absolutely nothing to do with food safety. Consider how each stage of a process creates risks and how each stage of that process may then need different controls. These controls may be in isolation or form a series of controls as the process progresses.
Understanding risks on a stage-by-stage basis can also help identify opportunities, e.g. more efficient ways of doing things. Admittedly, in very broad terms HACCP is one example of how integration is about holistic thinking across processes and not just functional responsibilities. So, integration shows how a true process approach is about looking at the process itself, rather than the individual or functional aspects, e.g. many risks relate to archiving a file ā from sourcing the paper the documents are prepared on, to the data protection issues of its long-term storage, and everything in between.
So, an IMS is really as much about developing efficient and risk-based processes as much as any management systems that support them ā integrated or not. This is one strategic point to keep in mind in terms of outcomes being achieved.
Annex SL
In broad terms, Annex SLās high-level structure (HLS) does what it says on the tin. It means that all future assessable ISO standards will need to follow the high-level requirements outlined in Annex SL:
ā¢Clause 1 ā Scope
ā¢Clause 2 ā Normative references
ā¢Clause 3 ā Terms and definitions
ā¢Clause 4 ā Context of the organization
ā¢Clause 5 ā Leadership
ā¢Clause 6 ā Planning
ā¢Clause 7 ā Support
ā¢Clause 8 ā Operation
ā¢Clause 9 ā Performance evaluation
ā¢Clause 10 ā Improvement
As the International Organization for Standardization (ISO) says:
Annex SL harmonizes structure, text and terms and definitions, while leaving the standards developers with the flexibility to integrate their specific technical topics and requirements.1
The British Standards Institution (BSI) and the American Society for Quality both have interesting discussions of what Annex SL means:
ā¢www.bsigroup.com/LocalFiles/nl-nl/iso-9001/BSI-Annex-SL-Whitepaper.pdf
ā¢https://videos.asq.org/explaining-annex-sl-and-top-managements-new-roles
However, Annex SL should be read as a document and not just consulted ā even if the proposed IMS doesnāt follow ISO standards. The approach taken with the HLS can assist with defining strategic ideas and might provoke other ideas within some organisations, e.g. is risk-based thinking the only approach to take with management systems? Or, just as likely, ...