Blog

What is a Management System? Do businesses need a Management System to become Certified to ISO Standards?

Published on: December 19, 2022

You’ve probably heard the term ‘Management System’ before, but do you know what it actually is? In its most basic sense, a Management System is how an organisation ensures that things get done, but there’s so much more to it. This blog will run you through what a management system is, how it relates to the ISO Management System Standards, and how to develop, implement, and audit a Management System for Certification readiness.

In many organisations, employees are making decisions on a daily basis, which without a proper structure in place could make or break the business, due to a lack of clarity and consistency in business operations. Human resources decide who to hire, fire and promote. Procurement decides who to buy from. IT chooses what information to secure. Each of these decisions is layered with complexities: ethics, corporate social responsibility, internal standards and regulations.

With all of this in mind, how can businesses ensure that their processes are robust enough to keep the business on track, that they will achieve objectives and targets cohesively, and that operations across the business are consistent? This is where Management Systems come into play.

What is a Management System?

A Management System is an organisational framework which enables businesses to achieve and sustain their operational and business objectives through a process of continual improvement. It is designed to identify and manage risks through a set of policies, processes, procedures, templates and other relevant documents which apply to the business.

An effective Management System is based on and controls structured and optimised processes. Ultimately, it establishes systematic continual improvement of a business through clear policies, roles, and processes. The level of complexity of the system will vary from business to business, depending on its size, type, and nature.

For context, the International Organisation of Standardisation (ISO) develops Management System Standards (MSS), which are established to reflect global best practice for specific areas. ISO has developed over 80 MSS, all containing a set of requirements, which businesses must implement into their Business Management System to achieve their goals and achieve Certification. For example, if a business wants to achieve Certification to the ISO 9001:2015 Quality Management System Standard, their management system must conform to the requirements of the quality standard. A certified business means that they are acknowledged as operating in accordance with the internationally recognised quality standard.

If a business wishes to achieve Certification to two or more ISO Management System Standards, they should ideally have an Integrated Management System (IMS). An IMS refers to the process of integrating multiple sets of requirements into one comprehensive framework, to support the business objectives. To find out more about IMS’s, you can read more here.

How can a Management System help a business?

Management Systems are an important part of a business’s operations. They ensure that the business has a solid structure that promotes growth and continual improvement, manages risks, and helps achieve the organisation’s objectives and targets.

Regardless of size, type, or industry, all businesses will benefit from an effective management system. Where a management system is actually practised and continually improved, it supports the business in preventing mistakes, identifying opportunities and risks, and meeting the requirements of all stakeholders. At the same time, it makes it easier to adapt to constantly changing conditions.

Some other benefits of an effective Management System include:

  • Consistent structures and clear responsibilities;
  • Transparent and efficient policies, procedures and processes;
  • Organisational anchoring of a continual improvement process;
  • Foundation of a resilient and forward-thinking workplace culture;
  • Pronounced customer and employee satisfaction;
  • Increased stakeholder confidence;
  • Cost reduced through error prevention;
  • Systematic achievement of company goals; and
  • Improved reputation and improved access to new markets.

Even for businesses who are not aiming to achieve Certification to an ISO Management System Standard, they will still see benefits from implementing the requirements.

What makes up a Management System

What makes up a Management System?

The information that a business includes in their Management System will depend on their objectives and which ISO Standard(s) they choose to implement. It will also depend on the nature of the business, and which industry the business operates in. For example, if a construction company wants to achieve Certification to the requirements of the ISO 9001:2015 Quality Management System Standard, they will need to develop and implement a number of documents that reflect their core operations. These documents should be made up of:

  • Business Planning Documentation, such as a SWOT analysis, company objectives and targets, identification of the businesses interested parties, risk and opportunity assessment, business continuity plan;
  • Policies, including a Quality Policy, Risk Management Policy, Code of Conduct, and other relevant policies that apply to the specific company and the ISO Standard;
  • Management Procedures, such as legal and other requirements procedure, internal audit procedure, etc.;
  • Supporting Procedures could contain document control, change management, management of external suppliers, just to name a few;
  • Core/Operational Procedures outlining the core processes to operate, such as tendering, sales, design and project management etc.;
  • Templates and Registers which should be accessible by relevant responsible workers and used as required to capture data for analysis and decision making.

How can a business implement these documents?

A management system must reflect the business’ unique culture, vision and mission. Therefore, to be effective and valuable, it must be tailored to the business needs and be fully embedded in the business operations. To achieve that, a management system should be:

  • Useful to employees who are part of the operations;
  • Intuitive to how the business operates; and
  • Flexible as the business improves and grows.

Once all the documentation required is developed, the Management System needs to be effectively implemented. Implementation of a Management System means to live by the policies and work in accordance with the processes and procedures, monitoring plans, capturing data, and analysing it for decision-making. Relevant processes and related documentation must be assigned to a respective responsible person, who ensures the process is current and followed.

Let’s take a look at an example:

A procedure about communication should outline when and how the company communicates to both internal and external parties (i.e. employees, suppliers, contractors). In order for the procedure to be effectively implemented, the organisation should also be able to show evidence that such communication happened. Evidence will depend on the item and method of communication, but it could include: signage in the office for company policies, records of emails for important announcements or memos, or meeting minutes. This evidence is checked in both internal and external audits, and failure to demonstrate them can result in issues being raised (Opportunities for Improvement or Non-conformances).

Once the Management System has been implemented, a continual cycle of planning, implementing, reviewing and improving the system is required, to ensure that obligations and objectives are still being met. In the ISO Management System Standards, this process is called the Plan-Do-Act-Check (PDCA) cycle, which acts as a tool that drives continual improvement, and is the core operating principle for the Standards. Internal Audits are a key component of this cycle, which you can read more about it here.

Auditing a Management System

Auditing a management system

Conducting periodic Internal Audits is a practical way to assess both the effectiveness and maturity of a management system, and continually improve the business processes and operations. One of the many benefits of auditing the management system is the identification of any gaps, so that corrective and/or preventative action can be taken to improve the system and avoid any non-conformances. Internal Audits also help businesses with continual improvement initiatives, where properly developed audit programs will help measure the results of these improvements over time, and identify opportunities for doing things more effectively.

For ISO Management System Standards, it is a requirement to complete regular Internal Audits of the Management System. Some businesses may opt to engage with an external consultant to conduct these audits, while others may choose to use their own internal resources (their employees).

However, in order for someone in the business to conduct Internal Audits, they need to be deemed competent to do so, and the first step is training. With our Management Systems Internal Auditor Training, you can study online and achieve three levels of internationally recognised certificates, including the one for competency after successful assessment of your first internal audit by one of our experts. Our Internal Auditor training also provides the tools to develop all the skills and resources needed to become a competent internal auditor.

Independent professionals can also benefit from our online training, as it provides an internationally recognised certification. Check out our Management System Internal Auditor Training to learn more – there you can also download the course guide and watch the video, or if you prefer, give us a call on 1300 614 897 to find out more about our training!
Erica Smith
Erica Smith
Managing Director at ICExperts Academy and ISO Certification Experts

Erica is the Managing Director of ISO Certification Experts and ICExperts Academy. She has been helping businesses with their ISO Certification needs for over 20 years. Erica is also a Certified trainer, implementer and auditor for ISO 9001, ISO 14001, ISO 45001 and ISO 27001 standards. Erica primarily heads up the day-to-day operations of the businesses, and is also a current member of the Australian Organisation for Quality and Brand Integrity Committee.

All information on this blog site is for informational purposes only. As this information is based on our professional experience, opinion, and knowledge, we make no representations as to the suitability of this information for your individual business circumstances. Especiality Pty Ltd trading as ICExperts Academy and all related businesses and brands will not be liable for any errors, omissions, legal disputes or any damage arising from its display or use. All information is provided as is, with no warranties and confers no rights.

We will not be responsible for any material that is found at the end of links that we may post on this blog site. The advice, ideas, and strategies should never be used without first assessing your own personal business situation or seeking professional and/or legal advice. Information may also change from time to time to suit industry and business needs, requirements and trends.