When implementing management system, the organizations are really not trying to reinvent the wheel. The availability of ISO standards gives us a well tried, over the years updated approach in terms of the available clauses. The PDCA (plan, do, check and act) cycle approach in the harmonized standards enables designing an effective management system, monitoring it and updating it to not just produce confirming products and services but also to use inputs at the check stage to continually improve it. Yet the systems fail. Non-conforming products are released. Is there then an anatomy of a quiet failure? Indicators that will enable discovering these signals proactively. If that can be analyzed organizations would appreciate these hidden signals of the system breakdown and take proactive measures. Risks and trends are data driven. Can we expect our auditors to proactively recognize these.
There is the lagging indicator trap between being reactive and proactive. Up to the 2015 version of ISO 9001 (and equivalent industry specific standards in the harmonized structure) preventive action was taken based on data, invariably at the act stage of the PDCA cycle. From the 2015 version onward clause 6.1 introduced the risk appreciation requirement at the plan stage itself and then throughout the work cycle. Separating knowledge (clause 7.1.6 of ISO 9001) from competence (clause 7.2 of ISO 9001), has introduced us to corporate knowledge in terms of lessons learnt. Leadership in analyzing changing context and risk thereof should be on the lookout for indicators. Therefore, the PA (preventive action) concept needed a change to risk. The idea was not to throw the baby with the bathwater. NC (non-conformity) did drive correction and CA (corrective action), however, as the organization collected data it became proactive wherein data drives risk and trends. Waiting for a nonconformity (NC) is a reactive strategy. Therefore, organizations should not be we waiting for NCs. By the time an NC appears, the financial or quality damage is already done. Being proactive therefore, is the need of a functioning system.
With the ISO 9001 revised 2026 version expected in September 2026 there is, quite correctly the need to strengthen the check stage. The organizations will expect better auditing instead of just a check list being completed. The auditor’s sixth sense to ask better questions and to establish how the system is working will be important. Just having a frame and expecting it to do magic and pinpoint failures of the system is not sufficient, but the need is for a high-level pattern recognition. The skilled auditors look for the erosion of intent, where the way work is done drifts away from how it was designed. They need is to provide these inputs during audits to the leadership.
For the organizations and the auditors there are many signals of this hidden failure. There is the tribal knowledge drift as recognizing the symptoms, where the question is: “how do you do XXX?” and the employee reaches for a handwritten sticky note or a personal notebook instead of the official SOP (standard operating procedure). The hidden meaning here is that the official process is likely too rigid, outdated, or inaccessible. This is indicative of a workaround culture in its infancy. Then there is the risk scalability. The process lives in heads, not in the systems. This is indicated by when those people leave, the process collapses. Technically it was not a system. The system instead of being a working process was dependent on individual competence.
Good auditors are conscious of another signal indicated by the language used and the linguistic friction. The Symptom here is in phrases like “we usually just…”, or “on a good day, we…”, or “that’s just how we have to do it.” In these and similar cases the hidden meaning is indicating to the organization and to the auditors that the standard process is no longer the path of least resistance. For a good auditor the clue is the hesitation or glance-exchanges between team members when answering simple procedural questions. Looking ahead at expectations of the ISO 9001, 2026 version of the standard the auditors need to be conscious of how the system is actually working, working or not working.
The next signal to watch out for could be the ghost workload (shadow processes) indicated by the excessive use of excel trackers to manage data that should be in the ERP/QMS, or the need for frequent offline meetings to fix recurring errors or the use of tiger teams to cover the back log. The hidden meaning of this should be clear. The formal system is failing to provide the necessary utility. Also, that the risk is not being proactively data driven. Data integrity and lack of visibility by the management leads to the leadership seeing a green dashboard, when the reality is red and it is showing a mirage of being held together by manual labor.
Related to this is the physical and digital clutter. The clear symptom of this e.g. in a physical plant, it’s unlabeled bins or “red tag” areas that haven’t moved in months. In a digital space, it’s numerous versions of the same document with names like final_vrn2_use_this.pdf. etc. The implication of this is the loss of 5S discipline (sort, set in order, shine, standardize, sustain). Clutter is a visual representation of a mind and of a process that has lost its focus.
Good auditors must also consider the human element and its connected emotional cues like the defensiveness vs. transparency conflict. If a process owner is overly protective of their territory, they are often hiding a breakdown they don’t know how to fix. It can also be a conflict between fatigue and apathy leading to when and why? This is answered with rationalization, because that’s the rule, the connection between the task and the value (quality) has been severed.
My concluding thought is to prepare for implementation of ISO 9001:2026 (expected in September 2026). In preparing understand that the auditors should be becoming proactive auditors. They need to shift the goal and change their attitude. The goal isn’t to catch people; it’s to catch the process before it fails them and therefore the organization. The value add is that a skilled auditor saves the company money by identifying these frictions before they turn into a notice of inspection by a statutory body, a client, a recall, or a lost certification. Organizations should expect their auditors to catch these hidden signals of process breakdown timely and report them. A good audit report should include these and this should be the expectation.
—
This article was written by IJ, Principal Consultant at QMII. With extensive experience in ISO standards, auditing, and organizational transformation, IJ has guided global organizations in strengthening their management systems. His approach focuses on aligning ISO implementation with strategic business objectives to drive long-term performance improvement.
