Prerequisite: Basic understanding of some industry standards such as ISO 27001, ITIL and COBIT
To implement a successful quality system such as ITIL, COBIT and ISO 27001; there are more than just technologies. For the companies implementing those quality systems, the following barriers I have observed are the things we have to deal with:
>they don’t really understand what they can benefit from that. In other words, it’s difficult to get their buy-in. We need to educate them and give them success stories as well as concrete benefits.
>normally, it’s costly to implement the quality systems, especially for large companies with existing heavy and not well-documented processes. Without sufficient fund, it’s almost impossible to implement an appropriate quality system and as already mentioned above, companies want to see tangible benefits. Otherwise, they feel they are being charged for something that doesn’t have a clear target.
>as for managerial view, they sometimes cannot get transparency from their auditors or certification bodies. They don’t really know what are happening. The reason might be the process is so complex and the auditors are not explaining themselves clearly. Besides that, it can be the case in which the management skill of the auditors are not strong enough so managers are kept outside and they don’t know what is happening actually except for some general status reports. Management skills are also mentioned here simply because implementing any quality systems is also a project.
>now there are diverse quality systems on the market, and all are saying they are the best. That can make companies confused. They need consultation that can assist them in understanding and taking appropriate actions.
>for quality standards to become really helpful, auditors should understand the business of the companies they are working for. It means they should have a very close relationship with the companies which is not easy at all. Sometimes it can take months to really understand the whole process and time is critical for companies.
>lack of management’s support, implementing a standard is a project in itself and it is believed that to make a project successful, there must be adequate support in terms of resources and political forces from the managers.
>lack of training, education and communication
Any technologies, any quality systems are built to support people. Without people, they cannot give any positive results. However, quality systems are sometimes complex and it’s recommended to teach the users so they know why they have to do that and how to do that. The reason is that they don’t have the same level of capabilities and background.
>the indicators are not set clearly. After or during implementing the quality systems, business executives want to see the progress. Hence, this is a required skill for auditors to balance between technology and business to create views that can be understandable for different people in the business. Once again, we have to remember the background of the people we have to submit reports to so we have to transform technical things to monetary information.
>moreover, it can be the case in which the auditors hired are not helpful. Put it another way, they don’t have enough knowledge or they just have only the understandings for some standards but not the general view that can guide the company in selecting which standards are suitable for them. After that, they should show companies the way to implement the quality systems based on the existing infrastructure of the companies. To do this, once again, they need to understand the companies and map the current infrastructure against the standards to analyse the gaps and to see what needs to be improved.
>sometimes after implementing the quality systems, they don’t feel they are getting something that is of value to them. The reasons can be 1) they didn’t have enough knowledge in choosing which systems are right for them 2) it takes time to have something new become really beneficial and tangible because the gains from these quality systems are sometimes intangible such as efficiency and staff/customers’ satisfaction. Furthermore, everything needs improvement. It means they need to keep doing it and keep improving it continually so that it can show its value. 3) lack of information due to lack of appropriate goals and indicators set out when companies decided to build the quality systems. Sometimes, the lack of information can lead to misinterpretation of the results of building the quality systems.
>misled intention: some companies are running after these standards because they want to have good reputation not because of the quality or benefits. Hence, after getting the certifications of these standards, everything gets back to normal and no continual improvement will be performed probably. To make this really happen, the companies need to put in more commitment, especially from the managers.