In my last post, I talked in general about the meaning and intent of the management system clause 4 requirement which covers Context of the Organization. In this post, I’ll be talking about one aspect of this process which requires the organization to determine its “internal issues”.
So what does it mean, “internal issues”? And how might we go about doing it? The word ‘issues’, in my book, implies a more negative connotation to the subject at hand. But this is not necessarily the literal meaning here. Issues can be thought of as being the source of both risk and opportunity, and I prefer to think about this activity as identifying current business challenges or the current situation.
What should be considered?
Internal issues are about things inside of the company. I.e. things that you have control over. They can be anything that is relevant to the intended outcome or purpose of your management system. Here is a list of considerations to get you started, as suggested in ISO 9002:2016:
- Overall performance of the organization
- Resource factors, such as infrastructure, environment, or organizational knowledge
- Human aspects, such as competency, behavior, and culture
- Operational factors, such as process or production and service provision capabilities, management system performance, and feedback from interested parties
- Factors in the governance of the organization, such as rules and procedures for decision-making or organizational structure
Techniques to identify internal issues
SWOT analysis (Strength, Weakness, Opportunities, Threats) is a technique commonly used by companies at a strategic level and can be used here as a means to identify and document strengths and weaknesses within the organization’s internal environment (opportunities and threats focus on the external environment).
Another simple technique is to use brainstorming as a means to capture and document internal issues. So get everyone in a room with a whiteboard, and make it interesting!
The key to getting good results in this process is to ensure that the right people are involved in the discussions. For example, top/senior management, department heads, and staff that have experience in key business activities, should be consulted.
Most management system standards do require this information to be recorded. It is certainly a good idea that this information is documented and maintained as you will need to review and update this information on an ongoing basis and it will play a key role as an input into other processes, and therefore will need to be referenced.
Internal issues: examples
Some examples of internal issues could be:
- Staff and management regularly deviate from company policies without consequence or formal repercussions
- Most of the company’s procedures are either undocumented or, where documented, have not been maintained. Many critical procedures are only known to one person and are not written down or shared.
- Staff complaints and suggestions are often ignored by managers and go unresolved
- Objectives set by management are often too vague or subjective, making it difficult or impossible to demonstrate measurable achievements
- Staff responsibilities and accountability are not well defined which leads to a culture of finger pointing when something goes wrong
- Repeated false alarms with the fire system has led staff to become complacent to emergency procedures
- Staff are regularly being asked to achieve targets and deadlines but are not provided the necessary time or resources, which is demotivating to staff
- Risk assessments are being carried out by staff per company procedures, but results can vary greatly depending on who is assessing the risk as there are no clearly defined risk criteria communicated by management
- The company has no policy on acceptable usage of IT systems and many staff are using company resources for personal use
Identifying internal issues is a requirement in management systems that ensures that the organization is aware of current challenges that are internal to the organization, and therefore has direct control over.
It is important that these factors are identified and known as they provide input necessary for other processes, such as determining the appropriate scope of the management system, developing policies and objectives, and provides valuable information in the risk assessment process, among other things.
In my next post, I’ll be discussing the subject of ‘external issues’.
Got questions or examples to share? Feel free to post them below.