The 10 things that can go wrong when implementing ISO 9001 in your organization

In this blog, I will explain the 10 things that can go wrong when implementing ISO 9001. ISO 9001 is a quality management system that has been developed since 1987 with multiple versions of the standard coming out roughly every eight years. I can say that this standard truly helps companies to improve their operational performance. However, I do understand that things can go wrong while we are trying to implement such a management system with our company.

This is because of various factors and in this video I would like to explain about 10 things that can go wrong or that could cause us to not have the full benefit of such ISO certification.

Luke Desira talks about the 10 things that can go wrong when implementing ISO 9001

Things that can go wrong when implementing ISO 9001

Here’s the full list of things that can go wrong when implementing ISO 9001 in your organization:

  1. Misconceptions about ISO 9001 – knowledge of previous standards
  2. Overdoing it with the requirements/documentation
  3. Over complicating procedures & processes – to cater for all individual cases
  4. Having a mindset that the system has to be perfect before certification – it is a system for continual improvement
  5. Not having involvement of top management to allocate resources (time & money)
  6. Doing things “for ISO” rather than to improve the management of the processes
  7. Having unrealistic timeframes for implementation
  8. Working with a non-accredited certification body
  9. Employee resistance & culture change
  10. Working with the wrong advisors and consultants 

Misconceptions about ISO 9001

The first thing that can go wrong is that we start the implementation process with misconceptions about what iso 9001 really is. First of all, I wanted to explain that in the previous versions of the standard:

  • the 2008 version of the standard
  • the 2000 version of the standard

Previous version of the standard

It is true that there was much more focus on documentation and about having as many procedures as possible. However, with the latest version of the standard, this mentality has changed. Now the standard is asking us to focus on a risk-based approach. Here, we are only considering the areas that have the most impact or most potential negative impact on our business. Therefore, it is asking us to focus on these areas.

The latest version of ISO 9001 is attuned to your business needs

The latest version of the ISO 9001 standard has also been adapted in a way that it is much more suitable for companies of this day and age. Whereby we are not only working within the manufacturing industry, but the service industry has blossomed. Therefore, this standard has also adapted its requirements to cater to these companies.

Finally with topics such as the internal and external issues and the context of the organization ISO 9001 implementation, has become much closer to actually writing a business plan for your organization.

Misconceptions about the actual requirements of iso 9001 are the first thing that can go wrong when attempting to implement ISO 9001.

Overdoing it with the requirements/documentation

Overdoing it with the requirements or documentation is one thing that can go wrong when implementing ISO 9001. I do consult companies and sometimes they would have done some work in-house before hiring me. What I do notice is that when companies are trying to implement iso 9001 with their own knowledge they overdo it. In the sense that they overcomplicate the requirements and they create so many forms and most of them would not be an actual requirement for the standard.

A system that works for our business

It might have been that they found the information somewhere on the internet and assume that all the requirements of all types of companies apply to their organization. However, that is not true and we should make sure that we avoid overdoing it with the requirements and documents created. We have to make sure that we are implementing a system that will actually help our business to improve on its level of quality and also efficiency.

The last thing that we want to see when implementing a system is to create a bureaucratic system. A system that rather than helping our company to grow forward instead of having a system of drags our company because there is way too much documentation that needs to be done was the second stumbling block.

The 10 things that can go wrong when implementing ISO 9001

Over complicating procedures & processes

The third topic I’d like to speak about is overcomplicating procedures and processes and mind you this is something that happens very often. Even when I am trying to create procedures for how I work with my clients I tend to overcomplicate procedures. This is because when we are creating procedures for our own work we tend to consider all the examples and all the outliers and all the particular instances of all clients. To try to fit them into the same procedure.

It is important that when creating procedures, we design them in a way that they are simple and easy to understand. And that they cater for around 80 percent of the activities that we do in our organization. The other 20 percent would be outliers and it is still okay for such activities to happen. To achieve this an outsider’s perspective, like having an ISO consultant, can help you create practical procedures.

A system designed for continual improvement

The main idea is that we are creating systems and procedures that cover most of the work that we do with our clients. So it’s very important to create procedures processes and systems that are easy to use for the employees especially when we are just implementing the system. We cannot go from zero to hero. We cannot go from not having any procedures to having overly bureaucratic procedures. We have to find the fine line and we have to create systems and procedures that are easy to understand for all the employees in our company to follow. And eventually, year over year, we will be refining on our system to achieve continual improvement.

The mindset of continual improvement

The mindset that a management system has to be perfect before we go for certification is not accurate. First of all, I want to make it clear that there is no such thing as a perfect management system. What we have to strive to strive for is to create a management system that has the mentality for continual improvement. And therefore, we should not try to overdo it. To cram the management system with information before we go for the certification audit. Invariably that mindset will overwhelm us and probably will not even go for certification.

My suggestion to you for this point is to create a simple basic management system that meets all the requirements. And that you should have the mindset that you are striving to continually improve upon this management system. Rather than create the perfect management system which doesn’t exist, before we go for certification.

I would also like to remind you that the idea of continual improvement is inbuilt within this standard. As evidenced throughout the various times that the term continued improvement and continuous improvement is mentioned within the standard. And this is apart from clause 10 which is specifically dedicated to the idea of continual improvement.

Not having involvement of top management to allocate resources (time & money)

Not having the involvement of top management committed to implementing this management system is another thing that can go wrong when implementing ISO 9001. And unfortunately, I do see this sometimes even with some of my clients. Some companies would have received the request from either a client or suppliers or regulations to get iso certified.

Their main motivation behind getting certified is just to have that certificate attached to a wall. Rather than actually improve on their system. I think that this mentality is a major stumbling block towards the implementation of ISO 9001.

This is because invariably top management with this mindset will not allocate the resources that are required both in terms of time and money to make sure that the company is achieving the full benefit of implementation. And to make sure that the implementation process runs smoothly from start to finish and even after getting certified. To have the commitment of the management to continually improve the management system year over year after certification.

Doing things “for ISO” rather than to improve the management of the processes

The next thing that can go wrong when implementing ISO 9001, is that some people and some companies follow the mindset that there is kind of a folder that is created with information for iso. And it’s like these systems and procedures that are created during iso implementation are only there for iso.

The idea for example of getting customer feedback isn’t done for iso but it is for us to truly understand what the clients need from us. So that we can continually improve. If we follow the mindset that we are doing things for iso and then there are other things that are done to run the business that will invariably create double handling double work.

Create one system

So it is important to merge the requirements of the standard with what we are actually doing as a company. To make sure that we improve what we are doing as a company based on the suggestions and requirements of the ISO 9001 standard. And that is the correct implementation of the standard I have never talked to you personally about your organization, but I can tell you that if you are working in a successful company that is growing then you have more than 80 percent of the requirements of the standard already implemented within your company. How do I know this? I know this because the standard asks us to do simple things with basic common sense.

Let’s not forget that how the requirements are implemented and how they are interpreted for each and different and every different organization will change depending on the risks that are associated with that particular organization. So with this what I wanted to say was that we should not do things specifically for ISO but rather merge the requirements of the standard with our day-to-day work. And that is how we will get the full benefit of the standard.

Having unrealistic timeframes for implementation

An unrealistic time-frames for implementation are a sign that the company needs ISO certification. And it is one of the things that can go wrong when implementing ISO 9001. Sometimes I do meet people and they tell me we would like to get certified within the next couple of weeks because they need the certification for a specific tender or client.

Implementation Process

Getting certified in a few weeks is not possible. There is a certain process for implementing ISO 9001 that you have to go through for implementation. I like to tell my clients that they should allow around six months time to get certified. We need six months from the start of the implementation to the actual certification so that we would have enough time to create the systems and procedures. To implement the system to let the systems run for a while so that when we are doing an internal audit, we are auditing systems that have been implemented with the requirements of the standard in mind.

Certification body

Apart from that, you might also understand that you would need to contact a certification body to get certified. and most certification bodies would not be available within the same week or month. So we should always allow roughly one month from the time where we contact the certification body to the actual date of the certification audit.

So having unrealistic time frames is not beneficial to anyone and that is one of the principles actually of having a correct management system where we do not operate our business based on firefighting but rather on strategic planning. Getting iso 9001 certified should be one of the items within your strategic plan as a company if you feel that it will help you to add value to your customers, supplies, or regulation.

I usually like to allow around six months for smaller-sized organizations. Multinational organizations and companies with more than one site might need a longer period of time. Caution is advisable on that front to allow even more time for the implementation.

Working with a non-accredited certification body

Another topic that might still get you certified but you wouldn’t be getting the certification that you were after is should you work with a non-accredited certification body. You would not be getting actually iso 9001 certified. It is very important that you make sure that you are working with an accredited certification body such as Lloyds or bureau veritas, and other certification bodies all around the world. These certification bodies are able to provide your organization with an accredited certification.

Recently I’ve had an experience where one of my clients before engaging me was working with a non-accredited certification body. And when their client realized that, they decided to stop working with them for the time being. It is good to know that my client only had one client at the time so effectively they have had to halt the operation of their business until they get certified by an accredited certification body. This is where I came into the picture and we created management systems that are actually up to the standard required.

Conflict of interest = untrustworthy certification

Usually, when you are working with a non-accredited certification body the external auditor might also be doing the internal auditing and doing consulting. Effectively the certification the external auditor will be checking themselves. Naturally, that doesn’t make much logical sense. Like what we do in accounts where you would have the accountant and the auditor who should be a separate firm. If we are working with non-accredited certification bodies more often than not these people tend to take over your management system and be doing internal and external audits that create a certain conflict of interest and it is not acceptable within the International Standardisation Organisation.

Just a quick word on how certification bodies are accredited:

  • first of all there is iso which is the international organization for standardization and this gives accreditation to one body within each country. For example in the UK it is UKAS, in Italy, it is Accredia.
  • Then these accredited bodies give the certifications to companies to act as certification bodies and as part of having an accredited certification body they will be audited by the national authorities. The national authorities will in turn check that the certification body is carrying out its work in a professional and compliant way.

Employee resistance & culture change

Another thing that can go wrong when implementing ISO 9001, or stumbling block to the correct implementation of iso 9001 is employee resistance and culture change. I know that if you have tried to ever make a change within your organization, then I’m sure you understand how much people find it hard to change. Implementing iso 9001 is not different.

People will most likely resist change. And that is why I like to use the group participative method when I am implementing the standard with my clients. In the sense that I do not like telling people what they should do but rather I like to speak about a particular problem that might exist in their organization or about a particular requirement that is not being met. I explain this to the employees and explain the possible implementation implications for not meeting such requirements. And only after I make them see the benefit of making the change then I will ask them to come up with ideas on which such a change can be implemented.

Involvement of people running the process

So rather than getting people to accept the changes that we are trying to impose on them, I would prefer to gather feedback from them on the best way to solve that problem. Because once a person comes up with a suggestion or an idea of how a problem can be improved, they will own that solution. And they will make sure that the solution actually solves the problem. But if we come up with the solutions and tell the employees what they need to do, then they will find a million and one reasons why our solution isn’t right for their work.

And over here I’m not saying that we should allow employees to only come up with the solutions they want to implement themselves. This depends on the level of skill and educational background of the employees. We must employ different tactics. I am not in favor of disciplinary tactics to get people to follow the systems that we want to implement. However should we come down to that, I wouldn’t mind doing it because after all we are running a business and a business has to have one leader and everyone should fall in line with that leader who is guiding the way forward.

I do believe that people do have a lot to offer especially when they are working in the process themselves. We should always make sure to listen to the ideas and suggestions of people doing the day-to-day work. Because they see how the actual work is being done and their opinion is extremely valuable for us to be able to improve our company not in an idealistic way but in a realistic way. A way that meets the requirements of the standards.

A thought about employee resistance is that things get harder before they get easier. In the first few weeks or months, or possibly even years, change might be hard. But then, as people are recruited and they are immediately informed of the way in which we do work in our organization, then it is much more likely for them to have the right mindset and culture as soon as they join the company.

Working with the wrong advisors and consultants 

And finally, one of the major stumbling blocks of implementing iso 9001 in the correct way is to work with the wrong advisors or consultants. Not all companies choose to work with consultants, but all companies will need to train their employees. And the mindset that your employees will have about iso 9001 is greatly impacted by the trainer, the mentor, the person who is teaching your employees, or your colleagues. The person who will be explaining the actual requirements of the standard.

And therefore i greatly suggest that when working with consultants or trainers for iso 9001, you do a background check. To make sure that these people are realistic and grounded. And they do not want to make as many changes as possible in your organization. But that they want to make the small changes that will have big improvements on your organization.

Conclusion about things that can go wrong when implementing ISO 9001

Above I have discussed the 10 things that might go wrong when we are trying to implement iso 9001. If you have any questions or comments, please feel free to get in touch with me at and I would be very happy to help.