Management Systems

A management system refers to what an organization does to manage its structures, processes, activities and resources in order that its products or services meet the organization’s objectives, such as satisfying the customer’s quality requirements, complying with regulations and/or meeting environmental objectives.  Elements of a management system include policy, planning, implementation and operations, performance assessment, improvement and management review.  By systemizing the way it does things, an organization can increase efficiency and effectiveness, make sure that nothing important is left out of the process and ensure that everyone is clear about who is responsible for doing what, when, how, why and where.  While all organizations should benefit from some form of management system, they are particularly important for larger organizations or ones with complicated processes.  Management systems have been used for a number of years in sectors such as aerospace, automobiles, defense and health care.

Even though they may not realize it, all organizations have some sort of management system–“the way things get done”—in place.  Elements of the system may be documented in the form of policies and checklists, but much of the system is based on unwritten rules and customs.  The interest of organizational leaders in management systems is based not only on the desire to understand how things are currently done but also to find out how “things should be done” in order to improve organizational performance.  Fortunately, reference can be made to management system standards, such as those promulgated by the International Organization for Standardization (ISO) (www.iso.org), which are intended to provide all organizations with easy access to international “state-of-the-art” models that they can follow in implementing their own management systems.  Management systems standards are concerned with processes, meaning the way that organizations go about carrying out their required work—they are not product and service standards, although processes certainly impact the quality of the organization’s final products and services. 

Many of the ISO standards are intended to be generic, which means that they can be applied to any organization, large or small, whatever its product or service; in any sector of activity; and whether it is a business enterprise, a public administration or a government department.  The standards specify the requirements for a management system (e.g., objectives, policy, planning, implementation and operation, performance assessment, improvement and management review); however, the actual format of the system must be determined by the organization itself taking into account its specific goals and the environment in which it operates.  The first ISO standard for many organizations is ISO 9001, which is one of the best known and widely used ISO standards and provides a structure (i.e., a “quality management system”) to help organizations develop products and services that consistently ensure customer satisfaction and continuously improve their products, services and processes to fulfill the customer’s requirements.[1]  ISO standards are available for management systems covering a broad range of additional topics including environment (ISO 14001), medical device quality (ISO 13485), medical devise risk (ISO 14971), information security (ISO 27001 and ISO 27002), business continuity (ISO 22301), supply chain security (ISO 28000), corporate risk (ISO 31000), food safety (ISO 22000), management auditing (ISO 19011) and environmental, health and safety (ISO 45001).  Well-known ISO 26000, which can be used by organizations interested in improving their practices with respect to social responsibility, is actually not a management system standard and does not contain requirements. 

Implementing any management system, regardless of the system’s particular focus (e.g., quality, environment, risk etc.), is a challenging task.  In many cases, reference can be made to published management systems standards available from ISO and others; however, there are certain key activities that should always be considered[2]:

• Identifying and understanding the organizational context
• Ensuring that senior management provides leadership in developing and implementing the system
• Developing a plan for the system that incorporates the risks and opportunities that could influence the performance of the system
• Ensuring that the organization is committed to supporting the system with the necessary internal and external resources
• Developing, planning, documenting, implementing and controlling the organizations’ operational processes
• Planning in advance for monitoring, measuring, analyzing and evaluating the performance of the system

While not a requirement of standards such as ISO 9001, organizations may, and often do, seek and obtain certification by independent outside parties that their management systems conform to the requirements of ISO standards.  Certification, known in some countries as registration, means that an independent, external body conducts an audit of the organization’s management system and verifies that it conforms to the requirements specified in the applicable ISO standard.  While organizations often implement and benefit from management systems based on ISO standards without incurring the additional expense of going through the certification process, they may be driven to pursue certification for important business reasons such as satisfying contractual, regulatory or market requirements; meeting customer expectations and preferences; strengthen a risk management program; and/or motivating managers and employees by establishing clear performance goals and objectives. 

ISO itself does not carry out certification and does not issue or approve certificates.  It is important that the certification body be accredited, which means that a specialized accreditation body has formally endorsed the certification body as being competent to carry out ISO certification in specified business sectors.  In lieu of certification, or in preparation for a certification audit, organizations should conduct formal self-assessments on a regular basis that cover quality management system requirements; management responsibility requirements; resource management requirements; product realization requirements (e.g., planning, determination of customer requirements, design and development, purchasing, production and service provision); and measurement, analysis and improvement requirements.[3]

ISO 26000

Organizations interested in improving their practices with respect to social responsibility, including engagement with their stakeholders, may refer to ISO 26000.  It is important to remember that although ISO 26000 draws on principles included in management systems developed by the ISO, it is not itself a management system standard and does not contain requirements.  Instead, ISO 26000 sets out certain core principles and explains the core subjects and associated issues relating to social responsibility including organizational governance, human rights, labor practices, the environment, fair operating practices, consumer issues and community involvement and development. For each core subject, information is provided on its scope, including key issues; its relationship to social responsibility; related principles and considerations; and related actions and expectations.  For example, with respect to labor practices, one of the core subjects, organizations are reminded to integrate consideration of the following issues into their policies, organizational culture, strategies and operations: employment and employment relationships; conditions of work and social protection; social dialogue; health and safety at work; and human development and training in the workplace.[4]  ISO 26000 also emphasizes the importance of “stakeholder identification and engagement” as being central to addressing an organization’s social responsibility. 

ISO 14001 and Environmental Management Systems

ISO 14001 is an internationally agreed standard that sets out the requirements for a structure (i.e., an environmental management system (EMS)) to help organizations manage and minimize their environmental impacts, conform to applicable legal requirements and improve their environmental performance through more efficient use of resources and reduction of waste, thereby gaining a competitive advantage and the trust of stakeholders.[5]  An EMS helps organizations identify, manage, monitor and control their environmental issues in a holistic manner and also includes the need for continual improvement of an organization’s systems and approach to environmental concerns.  In general, an EMS that is to be based on ISO 14001 standards should include the following elements[6]:

• Development and establishment of an appropriate environmental policy that is documented and communicated to employees and also made available to the public and which includes a commitment to continual improvement and pollution prevention, regulatory compliance and a framework for setting policy objectives
• A planning phase that covers the identification of the environmental aspects of the organization’s activities, identification and access to legal requirements, establishment and documentation of objectives and targets consistent with the and establishment of a program for achieving said targets and objectives (including the designation of responsible individuals, necessary means and timelines)
• Implementation and operation of the EMS including the definition, documentation and communication of roles and responsibilities, provision of appropriate training, assurance of adequate internal and external communication, written management system documentation as well as appropriate document control procedures, documented procedures for operational controls, and documented and communicated emergency response procedures
• Checking and corrective action procedures, including procedures for regular monitoring and measurement of key characteristics of the operations and activities, procedures for dealing with situations of non-conformity, specific record maintenance procedures and procedures for auditing the performance of the EMS
• Periodic management reviews of the overall EMS to ensure its suitability, adequacy and effectiveness in light of changing circumstances

CSR/CG Management System

An illustration of how a sustainability-focused management system might be designed and implemented was provided by Castka et al., who described a Corporate Social Responsibility/Corporate Governance (CSR/CG) management system intended to be compatible with other management system standards, particularly ISO 9001 and ISO 14001.[7]  The key elements of their system include defining the organization’s CSR/CG policy; identifying the expectations of stakeholders; identifying and evaluating the organization’s environmental and social impacts and risks; strategic planning and establishing the organization’s CSR/CG objectives, targets and indicators; establishing and discharging the responsibilities of the board of directors and senior management with respect to managing the system; disclosure and reporting activities; monitoring, measuring and analyzing the processes included in the system; and managing change and ensuring the continual improvement of the system.

_______________

This article is an excerpt from the author’s forthcoming book on Sustainability Management, which will be published by Routledge in late 2020.  For further information, visit the following page on the author’s Sustainable Entrepreneurship Project website: https://alangutterman.com/topics/governance-management/

____________________

About the Author

This article was written by Alan S. Gutterman, whose prolific output of practical guidance and tools for legal and financial professionals, managers, entrepreneurs and investors has made him one of the best-selling individual authors in the global legal publishing marketplace.  His cornerstone work, Business Transactions Solution, is an online-only product available and featured on Thomson Reuters’ Westlaw, the world’s largest legal content platform, which includes almost 200 book-length modules covering the entire lifecycle of a business.  Alan has also authored or edited over 90 books on sustainable entrepreneurship, leadership and management, business law and transactions, international law and business and technology management for a number of publishers including Thomson Reuters, Practical Law, Kluwer, Aspatore, Oxford, Quorum, ABA Press, Aspen, Sweet & Maxwell, Euromoney, Business Expert Press, Harvard Business Publishing, CCH and BNA.  Alan is currently a partner of GCA Law Partners LLP in Mountain View CA (www.gcalaw.com) and has extensive experience as a partner and senior counsel with internationally recognized law firms counseling small and large business enterprises in the areas of general corporate and securities matters, venture capital, mergers and acquisitions, international law and transactions, strategic business alliances, technology transfers and intellectual property, and has also held senior management positions with several technology-based businesses including service as the chief legal officer of a leading international distributor of IT products headquartered in Silicon Valley and as the chief operating officer of an emerging broadband media company.  He has been an adjunct faculty member at several colleges and universities, including Berkeley Law, Golden Gate University, Hastings College of Law, Santa Clara University and the University of San Francisco, teaching classes on corporate finance, venture capital, corporate governance, Japanese business law and law and economic development.  He has also launched and oversees projects relating to sustainable entrepreneurship and ageism.  He received his A.B., M.B.A., and J.D. from the University of California at Berkeley, a D.B.A. from Golden Gate University, and a Ph. D. from the University of Cambridge.  For more information about Alan and his activities, and the services he provides through GCA Law Partners LLP, please contact him directly at alangutterman@gmail.com, follow him on LinkedIn (https://www.linkedin.com/in/alangutterman/) and visit his website at alangutterman.com.

About the Project

The Sustainable Entrepreneurship Project (www.seproject.org) was launched by Alan Gutterman to teach and support individuals and companies, both startups and mature firms, seeking to create and build sustainable businesses based on purpose, innovation, shared value and respect for people and planet.  The Project is a California nonprofit public benefit corporation with tax exempt status under section 501(c)(3) of the Internal Revenue Code dedicated to furthering and promoting sustainable entrepreneurship through education and awareness and supporting entrepreneurs in their efforts to launch and scale innovative sustainable enterprises that will have a material positive environmental or social impact on society as a whole.  

Copyright Matters and Permitted Uses of Work

Copyright © 2020 by Alan S. Gutterman.  All the rights of a copyright owner in this Work are reserved and retained by Alan S. Gutterman; however, the copyright owner grants the public the non-exclusive right to copy, distribute, or display the Work under a Creative Commons Attribution-NonCommercial-ShareAlike (CC BY-NC-SA) 4.0 License, as more fully described at http://creativecommons.org/licenses/by-nc-sa/4.0/legalcode.

---

[1] ISO 9001 gives the requirements for what the organization must do to manage processes affecting the quality of its final products and services; however, ISO 9001 is not a product or service standard, nor does it specify what the objectives of the organization should be with respect to “quality” or “meeting customer requirements”, each of which must be defined by organizations on their own.  See the ISO publications “Overview of ISO 9001 and ISO 14001” and “ISO 9001:2015”, each of which is available at the ISO website (www.iso.org).

[2] “ISO 9001 2015 – Plain English Outline” available at http://www.praxiom.com/iso-9001-outline.htm

[3] See http://cw.routledge.com/textbooks/eresources/9781856176842/Requirement_checklist.pdf

[4] ISO 26000 Guidance on Social Responsibility: Discovering ISO 26000 (International Organization for Standardization, 2014) and Handbook for Implementers of ISO 26000, Global Guidance Standard on Social Responsibility by Small and Medium Sized Businesses (Middlebury VT: ECOLOGIA, 2011).  The discussion of ISO 26000 in this section is adapted from ISO 26000 Basic Training Manual (ISO 26000 Post Publication Organization, March 15, 2016).  ISO 26000 is available for purchase from ISO webstore at the ISO website (www.iso.org) and general information about ISO 26000 can be obtained at www.iso.org/sr.

[5] The summary discussion of ISO 14001 herein is adapted from “Introduction to ISO 14001: 2015” prepared and distributed by the International Organization for Standardization in 2015.

[6] ISO 14001: Environmental Management System Self-Assessment Checklist (Washington DC: Global Environmental Management Initiative, November 2000), 2.  While the guidelines in the text are based on a prior version of ISO 14001, they remain relevant as an overview of how organizations should approach the process of fulfilling the ISO 14001 standards.

[7] P. Castka, C. Bamber and J. Sharp, Implementing Effective Corporate Social Responsibility and Corporate Governance: A Framework (British Standards Institution and the High Performance Organization Ltd., 2005).