Ever wonder where ISO 9000 got its name?
Not long ago I was approved as a vendor for a company whose name you’d instantly recognize were I dopey enough to make snide comments about a new client. My new client outsourced its vendor approval process to a company proud of its ISO 9000 certification.
The process began in August and completed the end of December.
That’s how ISO 9000 got its name: It means your processes are certified to have at least 9,000 steps each.
Between us, my contacts and I jumped through a lot of flaming hoops. Which makes little apparent sense. If bringing me in is a profitable proposition, the company should have accelerated the process to get the benefit earlier. Otherwise, someone should have rejected the idea right away so we could all get on with our lives.
We should define terms. A flaming hoop is an activity that is required, but does little or nothing to help evaluate an idea. The only challenge in clearing a flaming hoop is going through the effort – everyone willing to do so passes the test.
Flaming hoops are, by any rational analysis, pure waste, so why would executives who are, in theory, rational and talented create so many of them?
As an exercise in pure reason, make the hypothetical assumption that flaming hoops aren’t examples of the Dilbert or Peter principles … that executives have good reasons for erecting them and mandating their use. Our challenge is to figure out their reasons using nothing but logic and inference.
My hypothesis: It’s an example of what I’m starting to call the Third Axle Alternative.
A third axle is what a motorist welds onto a car instead of fixing the flat tire. It’s someone adding a kludge because they aren’t willing to fix the problem.
Through the miracle of mixed metaphors, a bunch of flaming hoops is a third axle. Here’s how I think it works:
The executives in charge at my new client don’t trust their employees’ business judgment, and especially they don’t trust their employees to exhibit prudent spending discipline. That’s my guess.
If they’re right about their employees they have a big problem, and it’s a tough one to solve. The company would have to do much more than replace its current employees with better ones … and doing just that would require a tremendous effort, for all the obvious reasons.
But it wouldn’t solve the problem, because someone hired all of these bad employees … lots of someones. Leave them in place to hire the replacements and the company will end up with bad employees again. Better to fire everyone who helped hire such an untrustworthy workforce.
But wait! It’s even worse! Someone hired the bad managers. Those people have to go too. By the time the company has replaced everyone it can’t trust to display good business judgment, up and down the chain of command, it will have lost so much institutional knowledge that it won’t be able to continue to operate.
And so the company welds on a third axle: Flaming hoops. Far from being a display of inept management, it’s a deliberate plan. Make the process of spending sufficiently annoying and employees will think long and hard before putting themselves through it.
The company hasn’t fixed the problem, of course. It has the same untrustworthy employees and the same bad managers it had before. What it’s done instead is to create what would be called in Sarbanes-Oxley-land a “compensating control.”
A third axle.
The fallacy in all of this is presuming the company has so many untrustworthy managers and staff in the first place. Very few employees come to work every day planning to fail at what they do, after all. Even fewer come to work every day with malicious intent.
If employees don’t know what constitutes a good business decision, the root cause isn’t that they’re a bunch of losers. It’s more likely that nobody in management, from the CEO on down, has ever thought to explain what they think a good business decision looks like, let alone how to make one.
Whether it hasn’t been a priority, or too many managers are the sort of egotistical souls who figure the effort would be wasted on mere mortals, or an endless stream of crises has never left the time, or (and it’s very common) it’s because everyone “trusts their gut” and can’t explain how that works in any coherent way … whatever the reason, employees are (to layer on yet another metaphor) left in the dark.
And then blamed for not seeing the light.
The third axle is a good name for this. Another great automotive related analogy came from Scott Adams in a long ago Dilbert strip. Discussing some problem, the pointy-haired boss says, rhetorically, to Dilbert “What do you do when you have a flat tire.” The response he gets is something like “Apparently if I’m you I rotate the tires and keep on driving.”
Having been intimately involved in supplier selection, supplier management and spend management at a small US oil company, I have another perspective on spending.
You wouldn’t divorce your spouse if they bought groceries from Whole Foods even though you had made a great deal with Trader Joe’s would you (would you?) So these aren’t bad employees, they just take their purchasing (spending of someone else’s money) seriously. And they absolutely hate anyone (especially from a corp dept) telling them what to do. So the challenge is: how to get the benefit from negotiated contracts when employees want to exercise their own ‘good’, unbiased, local judgment for every purchase? Having said that, the controls shouldn’t be flaming hoops. The hoops should be well defined, simple & clear and at the right height, and there should be demostrated business value for getting through one.
Otherwise, I agree.
I think Bob’s being a little unfair to ISO 9000 (disclosure: I’m no ISO 9000 expert, but I work with ISO 27000, the international security standard, and its control and management concepts are based on ISO 9000). In its early days, some of the jokes about ‘concrete lifevests’ were well deserved, but things have moved on since then.
To continue with Bob’s car analogy, managing an organization can be compared to driving a car (although supertanker is the more common metaphor), with the difference that you’re not sure which (if any) of the brake, accelerator and steering wheel are actually connected. What ISO 9000 does is to check that these connections are working properly (in Britain, all cars over 3 years old are required to have such a check annually, I expect there’s something similar on your side of the pond). So, if it passes, you can be reasonably confident that your car will go where you point it and speed up or slow down as requested. This will not stop you driving it off the road by inappropriate use of the controls.
Similarly, ISO 9000 doesn’t certify that you have good controls and procedures, only that your procedures are well documented, followed consistently and (most important) that there’s a management process in place to ensure that they remain appropriate to the needs of the business. If I saw an ISO 9000 certified organization, such as the one that Bob describes, with superfluous procedures and this had been identified as a problem by management, but nothing was being done to ameliorate the situation, I would expect it to fail its next assessment.
I always think of your ‘third axle’ thingies as ‘compliance measures.’ They arise due to the same issues, refusal to fix personnel problems, but they usually arise one at a time.
In the govt (US Federal), one guy charged $35,000 worth of lap dances to his official credit card. Instead of realizing that the accounting rules already in place actually caught him, they decide to come up with new accounting rules, none of which would have prevented the false charges but at least the managers are ‘doing something.’
Compliance rules are easily seen with passwords. We can use the computers to force people to choose difficult passwords and to reset them every 30 days and to never use the same one ever again. Of course, these same compliance rules force people to write down passwords (because they are complex and must be changed every 30 days and cannot be reused).
Increasing security is tricky and hard to measure. However, it is easy to measure compliance with security or spending rules so organizations spend their time measuring what is easy instead of deciding what would bring the best results.
In government organizations, the cause is easy to pinpoint. Someone gets “beat up” for a mistake in a decision that is made lower down. Rather than pointing out the thousands of times the mistake was not made, they add a process (or a law/regulation/directive) to make sure the mistake never happens again. The fact that each process added adds additional time to the decision at the lowest levels is of little consequence because they were “reamed out” and the goal is to avoid that – but also because the decision is so slow (usually because of previous “fixes” that were made) that taking longer still does not matter.
I believe the corporate world has taken on a similar process for a similar reason – but I don’t know that for sure.
My company has added the 3rd axle for software purchases. Why? They have scary things like license agreements amongst other reasons. So, they set the bar very high with a process that requires 6+ forms and a 3 month process (at a minimum, usually more like 6+ months). Anyone who is willing to jump through all of the required flaming hoops has a chance to get the software. Of course, it can get rejected if the vendor’s license agreement is “non-standard”.
Having left IT to get some line experience as a Purchasing Manager for a contract manufacturing company that was undergoing ISO 9002 registration in the early 90s, I have some experience with this sort of thing. That experience leads me to do something I almost never do, which is disagree with Bob.
The point of the vendor approval process, creation of AVLs, and so on, is not so much to ensure that the company gets the best vendors it can, but to be able to demonstrate to other parties (i.e., customers) that it has a solid process for qualifying its vendors and for doing everything else. While the company itself may trust its employees to make good decisions, the company’s customers often do not share that trust, and the customers want some objective thing they can point to for reassurance that the company is actually doing things right. The customer’s buyer, in turn, can justify things to his superiors by saying “Well, they are ISO 9000 registered, and they do regular onsite audits of their suppliers, and they have a written quality process, etc.,” as opposed to saying “I’ve known them for years and they’ve always treated us well.”
Unfortunately, a buyer (or IT Manager) who vouches for a supplier based on historical performance is often suspected of some sort of corruption, but when the buyer (or IT Manager) can point to the ISO 9000 registration as the basis of qualification of a vendor, all is suddenly well.
I do not claim that the vendor qualification process leads to selection of better vendors, or that the vendor qualification process leads to better quality or a better company; I just claim that it’s often done to offer comfort to potential customers. In my experience, it can make the difference between losing a prospect and signing a new customer.
Bob:
I am a manager. I approve things my subordinates do. My subordinates do a good job. I know this because I review what they do.
My subordinates do a good job because they know someone will be signing off on their decisions.
Sometimes I wonder if I am needed to approve their decisions. My presence as a manager is one reason my employees do a good job. The other reason is I hired good people.
Your critique is overkill. Having a process is a good thing. Having a bad process is a bad thing. It is not the process or extra layer that is at fault, it is too much of a good thing that is a bad thing.
I like ice cream. But I do not eat it a gallon at a time.
The only thing missing in your rant is an Apple insult.
Just an opinion: If the only reason your subordinates do a good job is because they know you’ll be signing off on your decisions, then you’ve hired the wrong subordinates. I prefer to hire men and women who do a good job because they take pride in their accomplishments.
BTW: You’ll find the Apple insult in this week’s column, just below the Microsoft insult.