Companies have spent a lot of money to comply with ISO's popular management standards. Now, many wonder why they bothered.
In 1904, electrical experts from around the world gathered in St. Louis. Noting that different countries had different names and units for electrical gear, they came up with the idea of creating an international industry standard so that machines made in one country could run on another country's power source. A century later, a Geneva-based group called the International Organization for Standardization, or ISO, continues that work; over the years, it has established more than 15,000 standards for everything from screw threads and the dimensions of freight containers to the JPEG digital-photo format.
More recently, ISO has been moving into a new area: setting standards for nearly every aspect of a business's operations. At last count, in 2003, more than 600,000 companies worldwide had been certified to ISO's management standards. Moreover, many of the world's largest enterprises, such as Ford, Northrop Grumman, and some branches of the federal government, demand that many of their suppliers be certified.
And therein lies a problem for entrepreneurs. Getting an ISO certification is expensive and time-consuming. What's more, doing so requires codifying nearly every aspect of business operations -- something that runs counter to the style of a fast-moving entrepreneurial organization. But if you don't go through the process, you often can't work for the big guys. "The larger customers always have it in their RFPs -- are you ISO certified?" says Eric Vetrano, senior VP of operations at Redemtech, a tech outsourcer in Columbus, Ohio. "We got shut out a few times since we didn't have a certification." Redemtech has since remedied that, obtaining its ISO 14001 certification earlier this year.
ISO began setting management standards in 1987, beginning with a framework of rules known as ISO 9000, which governed the production-line operations of major manufacturers. In 2000, the organization broadened the rules to apply to service companies as well, covering everything from hiring to market research. In 1996, it introduced a set of environmental policies known as ISO 14000, and the organization is currently considering new standards for safety, corporate social responsibility, and financial planning. To qualify for either 9000 or 14000 certification, a company must write a specific, step-by-step guide for each process, and then demonstrate that it follows the procedure. Such management rules, says Alan Bryden, ISO's secretary-general, are "distillations of good management practice worldwide for the way an organization accomplishes its work."
But can something as ephemeral as good management be distilled, analyzed, and measured like a manufacturing process? Peter Kolesar, a quality expert at Columbia Business School's Deming Center, isn't so sure. "When you try to make a simple parallel between blowing plastic bottles for detergent and running one-of-a-kind advertising campaigns, the ideas don't carry over in this nice, mechanistic way," Kolesar says.
Certification also requires a lot of time and money, which can be especially hard on entrepreneurial companies. John Huey learned just how involved the process was when he directed the ISO certification for the division of Delaware North Companies that manages guest services in tourist spots like Yosemite and Sequoia national parks. First, Huey drafted an environmental-management policy. Then, he documented the company's environmental impact, tracking water use, energy use, and food recycling. Next, he devised a plan to reduce waste, researched legal requirements for pollution and contracts, trained employees, brought in a consultant to prepare for the compliance audit, and conducted his own preliminary audit.
And still, there was more work to be done. Huey shipped 300 pages of documents to a third-party auditor for a "desk audit" (ISO doesn't certify companies itself -- 750 or so independent firms handle that) and flew the auditor to each of the five sites he was certifying. The auditor spent a day or so in each spot, interviewing employees, reviewing Delaware North's adherence to ISO, and noting any infractions. Two months later, Huey had to fly the auditor in again to confirm that the infractions had been corrected, re-interview staffers, and re-review documents. Finally, in summer 2001, 18 months and about $115,000 after the process began, the sites were certified.
The problem is, it can help drive a company to a plateau level of performance, but it will keep it at that level and, in fact, stifle improvement.
The payoff? That's a tough one. The certification probably helped Delaware North win some contracts and certainly burnished its environmental standards. Employee morale also rose, as workers took pride in their newfound status as a certified environmentally friendly operation. But as for concrete financial rewards, there has been no spike in sales, Huey says. Shiv Krishnan, CEO of Indus Corp., an IT outsourcer based in Vienna, Va., made an even bigger commitment to ISO: He spent $1 million to get his $75 million company into shape in 2003. He saw direct results, however-he landed a lucrative federal contract.
Whose experience is more typical? Three years ago, ISO's own journal, ISO Management Systems, published a study that tracked the effects of ISO 9000 certification on public companies over a 10-year period. The authors concluded that firms that were certified tended to do better than firms that were not. But they also wrote that certification "is more often a necessary condition to maintain current [financial] performance rather than a sure-fire way to improve performance." A 2002 study by the journal Total Quality Management was more pointed, finding that "ISO 9000 certification has a very limited impact on financial performance, as measured by return on assets; however, this effect dissipates quickly over time."
Nor does certification necessarily lead to a boost in quality. "There's a belief that ISO will bring a company to a standard level of performance, like a UL sticker on an electrical appliance," says Bill Robinson, who oversaw more than 50 ISO registrations at Lucent Technologies. "The problem is, it can help drive a company to a plateau level of performance, but it will keep it at that level and, in fact, stifle improvement."
Now Robinson oversees quality at EasyLink Services, a Piscataway, N.J., electronic-document company. And rather than going after ISO certifications, he prefers to work with Six Sigma, the quality system popularized by Jack Welch at General Electric. Arunas Chesonis, CEO of telecom company Paetec Communications, based in Rochester, N.Y., is also de-emphasizing ISO in favor of Six Sigma, in part because GE is both an investor and a customer. He began instituting ISO soon after starting Paetec in 1998. The standards, he says, were "a pretty powerful training tool" for new employees and signaled to potential customers "that we were the type of company that was focused on quality and process improvement." But now that his company is approaching $500 million in sales, Chesonis wants to layer Six Sigma on top of ISO. "ISO is really not one of the better systems for process improvement," he says.
Which begs the question: If an organization doesn't set the standard in its own field, why should it be able to dictate standards in yours?
Staff writer Stephanie Clifford can be reached at email@example.com.