Remove the Silos
ISO 9001 revisions and COSO
can make allies of quality,
by Sandford Liebesman
The most significant and costly silos that exist in most organizations today are the ones representing finance and quality management.1
Two international standards—ISO 9001 and the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control—Integrated Framework2—influence the structure of these silos. COSO, as the document is known, was revised in 2012, while the 2015 revision of ISO 9001 is scheduled to be published later this year.
For management and boards of directors, the COSO framework provides a means to apply internal control to any type of organization, regardless of industry or legal structure. COSO now contains:
- Principles on implementing and conducting internal controls that can be applied at the entity, operating and functional levels.
- Requirements for an effective system of internal control by considering how components and principles are present and functioning and how components operate together.
- A way to identify and analyze risks and to develop and manage appropriate responses to the risks within acceptable levels and with a greater focus on anti-fraud measures.
The 2015 revision of ISO 9001 will provide a new structure for quality management systems called risk-based thinking.3 It’s a method that includes key tools for identifying, managing and mitigating risks. The method consists of defining the organization’s objectives, specifying the risk categories, identifying risks to the objectives and developing methods for managing the risks.
It is clear the silo between quality and finance is one of the major risks faced by organizations. The revisions of COSO and ISO 9001 include risk management requirements.
COSO risk principles
COSO identifies 17 principles in five categories in an organization. The five categories are:
- Control environment.
- The risk principles.
- Control activities.
- Information and communication.
- Monitoring activities.
The principles related to risk are:
- The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.
- The organization identifies risks to the achievement of its objectives across the entity and analyzes risks to determine how they should be managed.
- The organization considers the potential for fraud in assessing risks to the achievement of objectives.
- The organization identifies and assesses changes that could significantly impact the system of internal control.
Controls of financial reporting
Internal control is a process designed by or under the supervision of the organization’s executive and financial officers and is affected by the board of directors, management and other personnel.
The controls must provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. They must include policies and procedures that:
- Pertain to the maintenance of records that in reasonable detail accurately and fairly reflect transactions and dispositions of assets.
- Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles.
- Assure receipts and expenditures of the organization are being made only in accordance with authorizations of management and directors of the organization.
- Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of assets that could have a material effect on financial statements.
Quality and environmental management support
Quality improvements contribute to financial management in a number of ways. First, hard savings affect profit and loss statements, and increased income from the sales of high-quality products affects the bottom line of organizations.
Soft savings are more difficult to quantify than hard ones, but they affect the balance sheet. For example, reduction in cash tied up in inventory or the avoidance of planned capacity enhancements results in decreased spending of capital. Significant soft savings include improved customer and employee satisfaction, and increased workplace safety.
Environmental management provides an understanding of significant aspects of environmental and related legal requirements and the means to satisfy them. Environmental problems can be quite costly and can take significant resources to correct.
Finally, two supporting aspects play important roles in an organization. Without an effective IT system, financial, quality and environmental management systems will have difficulty operating. Lean Six Sigma projects provide bottom-line improvements that directly affect the financial results of organizations.
New technical committee
The effort to link financial, quality and environmental management started in ASQ’s Electronics and Communications Division. I led conferences on integrating management systems in 2005 and 2006.4
Later, I partnered with the Quality Management Division and was a member of the team that developed the Quality Alignment with Governance and Financial Systems (QLMS) Technical Committee (TC). The TC has brought in organizations outside of ASQ to work on the effort to link quality, environmental and financial management.
The QLMS TC includes six members of ASQ’s Quality Management Division, four members of the Institute of Management Accountants, two members of the Constraint Management Group, two members of Lean Frontiers and a member of Demand Driven Institute (www.demanddriveninstitute.com).
In addition to me, the ASQ members of the committee are J.D. Marhevko (chair), Mike Parrillo, Jay Patel, Jeff Thompson and Arvind Tripathi.
The goals of the committee are to expand the understanding of tools that create the links of the three management systems and to develop a certification process for linking quality, environmental and financial management. The groups’ members welcome anyone who wishes to contribute to the development of the tools for linking management systems to join them. If you are interested, email me at firstname.lastname@example.org.
References and notes
- Quality and finance silos are described in my book Competitive Advantage: Linked Management Systems, Paton Professional, 2011.
- COSO is published by the Committee of Sponsoring Organizations of the Treadway Commission. It was released in September 1992 and first revised in May 1994. The most recent revision was completed in September 2012.
- Sandford Liebesman, "Brought Into Focus," Quality Progress, September 2014, pp. 22-29.
- "Beyond Compliance: Financial Benefits From Integrating Your Management Systems" conference, Philadelphia, Sept. 27-28, 2005 (presentations published by ASQ), and "Integrating Management Systems in Support of SOX Compliance," online conference, Oct. 24-26, 2006.
Sandford Liebesman is a fellow of ASQ and a member of the Institute of Management Accountants. He has been a member of the U.S. Technical Advisory Group (TAG) to International Organization for Standardization Technical Committee 176 since 1982 and helped develop all versions of ISO 9001. In March 2011 he received the U.S. TAG’s honorary Lifetime Membership Award. He also participated in the 2012 revision of the COSO guidance.