ISO Procedures are cumbersome and nobody looks at them anyway. What’s better?

Before we address that issue, procedures should not be cumbersome. Procedures should be easy to maintain, be useful as training documents, for auditing and for occasional reference. They are also the definitive document that defines the process. There is nothing in ISO that says they can’t, so if yours are not then the problem is not ISO.

That said there is generally some truth in the concern over the value of procedures. Regulated industries usually learn quickly that procedures are essential. Without them (including ensuring they are accurate) the regulatory authorities have concerns about how effective the organization is. When they are found inaccurate the authorities rightly question whether the organization has effective control.

The truth is that procedures are a poor form of control to make a process operate the way you want it to. They do a good job of defining it (so long as they are written well) but if you want something to happen you need to implement controls into the process. Controls come in many types and forms and some are more effective than others. Think of controls as those things along the way that keep things consistent and ensure we end up where we want to. When things don’t go right we need to put in place more controls. Often when things go wrong its because of the humans involved and the subsequent human error – whether it is “forgot”, a mistake, or even “too lazy.” While there are arguments that we have poorly trained or motivated humans in the process (and they may be valid root causes), the truth is that it is the humans who often cause the variation in our organizations management processes. From this it is possible to see that training is a control that we apply to a process but that it is not always as reliable as we would like. We could strengthen that control by defining repeated, regular (say annual) training so that it is hard to forget. Of course training is a process too and so there needs to be a mechanism – a control, that ensures the process is effective.

Common forms of control are forms (to ensure information is captured consistently ….and that forces behavior by requesting data), checklists (which are a form of procedure in their own right), templates, software, etc. It is possible to perceive how tooling is a form of control and even signs posted in an organization.
The better controls are the ones that cause behavior to be consistent and so it often captures data too – such as forms, checklists and many types of software. Signs may change behavior – they may not. But if you have to capture information on a form, then consistent behavior should ensue (of course it doesn’t always).
It is things like this that cause people to operate processes effectively. When you determine there are problems (perhaps a tangible nonconformance from an audit) you could/should look for solutions that include effective controls. Without them you may just be hoping that the problem doesn’t re-occur.

There is obviously more to it than this but the solution is a balance between all of the options. Well written, meaningful and optimal procedures, detailed work instructions, photo samples, product examples, forms, templates, software, etc. The exact balance – that’s up to you.

Cavendish Scott, Inc. helps organizations review their processes and where appropriate challenges the controls that exist. We document procedures that meet ISO requirements without changing what you do if the controls demonstrate conformance and suggest sensible alternatives where changes need to be made. Click here to ask for help.