Real Quality Assurance
I grew up in two very different worlds: Europe, where we had huge amounts of resources but seemed to accomplish very little, and Africa, where the reverse was true—we had very few resources and accomplished the seemingly impossible. I began my career in engineering and construction in Africa, where we practiced Quality Assurance religiously, systemically and systematically. We didn’t name it as such, we just knew that because we couldn’t afford to correct mistakes, we had to do things right the first time, every time. Sadly, when I came to the U.S. I found that in America we are emulating what I saw in Europe.
There are many reasons this is so. First, QA properly practiced is neither simple nor formulaic: it requires long-term commitment, long-range planning and the patience to tolerate delayed gratification—none of which are typical characteristics of American companies. Second, too few companies recognize consequences from failure to practice real QA. Finally, and insidiously, easy access to capital resources encourages correction of mistakes through expensive re-work.
Insurance, regulatory and the economic challenges bring a renewed interest in the benefits of real QA because real QA serves as a risk management methodology, a business strategy, and a profit driver. A real QA program can be viewed, metaphorically, as the seat-belt that no company should operate without.
Real QA Is a Risk Management Methodology
Real QA serves as a risk management methodology by reduces the probability of liability events and the cost of insuring against such events. In the past five years, the insurance environment has undergone tremendous change (see the sidebar on Risk Management, Before and After 2008).
The better insurers understand the positive influence of QA programs on company wide operations, the lower the potential risk, the lower the cost to offset that risk, and ultimately, the lower the insurance premium. Companies with comprehensive and effective QA programs produce better products and avoid more catastrophic events. Premiums rise for companies that fail to practice what their dusty QA manuals teach—if their eligible for coverage at all.
SOx and Other Regulatory Risk
The risk of violating regulations and paying ensuing fines or penalties is virtually uninsurable. Somewhere, on every insurance application form, a company officer or designee must attest affirm the company adheres to regulations governing its industry. While different industries operate under different production related regulations, all companies must abide by financial regulations. The Sarbanes–Oxley Act of 2002 (SOx) produced a slew of new financial regulations for public.
Ten years later, the implications of SOx are just beginning to be fully understood. In particular, the impact of the requirement that management and the external auditor report annually on the adequacy of the company’s internal control over financial reporting (§ 404) continues to be debated.
While regulators and legislators do not always name QA as an outright requirement, QA programs—where they exist—play a significant role in demonstrating to regulators and auditors a company adheres to regulations or accepted best practices. Indeed, in many industries license to operate depends on attestation that a QA program is in place.
Real QA Is a Business Strategy
The underlying operating principle of virtually all quality assurance systems is an iterative four-step quality assurance cycle of continuous improvement—Plan Do Check Act, then start over again at Plan. It’s simple, and it works—but only if QA is applied systemically and systematically. You cannot isolate one function of a company or a process, apply QA only there, and expect success. Nor can you mount a time-limited QA blitz and expect persistent results. QA is an iterative system that embraces the entire operations of a company.
Real Quality Assurance Is …
Real Quality Assurance is a systematic methodology for doing things right. In many ways, it is a state of mind. It is all encompassing in that a promise of quality must be a reflection of the total operations of the company as a whole. We have all heard it said in jest that “the operation was a success, but the patient died.” If QA is implemented piecemeal, with some departments adhering to a specific quality control protocol and others to a different one or even to none, it might be said that one aspect of the total effort was executed with excellent quality—but the customer was not satisfied with the product.
QA is a Program, Not a Manual
For a long time, quality certification programs relied on documentation to demonstrate a company was applying QA in its operations. Unfortunately, this fueled a focus on documentation to the detriment of action. Many QA programs that exist today are really manuals of policies, procedures and checklists. Often, the entire manual simply sits on a shelf and is dusted off when the auditor comes.
In other cases, individual policies or procedures are faithfully carried out in isolation by individual departments. These may be the departments that have regulatory or contractual compliance requirements. These departments may individually be practicing Quality Control, but the company does not have a Quality Assurance program!
We see proof of this when we are called in to do root cause analysis on a catastrophic project failure. We ask: “What was the primary controlling QA program that you were using during this failed project?” The most frequent answer is some sort of specific QC protocol—a good indicator that there really was no company-wide QA program in place. But then, companies that adhere to a real QA program as described in this article rarely have to analyze failed programs.
Quality Assurance is Not Quality Control
Quality Assurance is a radically different approach from enforced Quality Control. At a psychological level, QC attempts to enforce seemingly arbitrary rules for human behavior—which we know is not often a successful approach. QA, on the other hand, promotes organizational structures that encourage employees to act in certain ways.
Quality Assurance strives to deliver customer and employee satisfaction; Quality Control, too often, seeks compliance with external mandates (such as regulatory compliance requirements) or generic checklists. An internal culture of collaboration drives QA while outside forces dictate QC. Real QA programs focus on people and their actions; statistics and reporting represent byproducts that serve as useful tools but not the true measure of success.
Finally, real QA is a continuous, iterative, and active process. A true QA program is never “completed” but instead manifests continuous improvement, not about inspecting individual outputs. We represent the Plan–Do–Check–Act cycle as a spiral, because real QA is a repetitive process that is always looking for further improvement by a continuous re-examination of the complete activity. Tremendous problems are caused by QC systems that take the opposite viewpoint and mandate that what is happening in the real world is irrelevant, the written record is all that counts.
Consistency as a Measure of Quality
Consistency of practices is one of the most important indicators that a company is practicing real QA. This is a fundamental but simple principle. Real QA is both systemic and systematic. Evidence that real QA is being practiced will be pervasive throughout an organization. Any manager or administrator can check this by simply looking at any practice or problem and checking four aspects of any activity. When we do a process audit, the first thing we do for any process is ask four questions:
- You say you are running a Quality Assurance program: describe it to us.
- Show us the written documentation that supports your statement.
- Show us your MIS/IT system and allow us to verify that, at all stages the programmed workflow, activity logs, and web records support your original statement
- Allow us to visually observe as you do the work you have described.
We call this the Say–Write–IT–Do cycle (see the sidebar on Say–Write–IT–Do). Very simply, if the answers to all four questions are consistent among themselves, it gets a green light; if not, it gets a red or amber light.
You can perform this check on any activity, it’s a very simple check that takes little time, and anyone can ask the questions (it doesn’t have to be an expert in the field). Companies that practice real QA will have lots of green lights, whereas companies that don’t will have lots of red lights. Paradoxically, this simple test is at the same time much easier to perform, far more detailed, and generally more actionable than an ISO floor audit.
Real QA is a Profit Driver
QA may be my personal religion, but the practical reason that companies who have real QA programs practice it is because, when practiced correctly, Quality Assurance improves the bottom line. When systems of production and service are being continuously improved, both quality and productivity improve. When people and organizations focus primarily on quality, quality tends to increase and costs fall over time. This has been represented formulaically as:
Quality = Results of work efforts
Total Costs
Of course, the right side of the equation is also one definition of profit. The positive impact of real QA can be measured against the corporate bottom line, and the formula is still relevant today in all industries.
Integrating Real QA
Let’s recap:
- QA is a state of mind
- QA is a system that embraces the entire operations of a company
- QA is a business strategy
- QA is a risk management methodology
- QA is a profit driver.
With the technologies available today, QA can easily be integrated into the information systems of any company. A simple dashboard like the one illustrated in the sidebar can become a continuous monitoring system that not only alerts management when a process is veering off track, but also reassures funding sources and insurers that a company is actively practicing QA, and that its QA system is in good health.
Ultimately, however, it’s the first bullet that counts. When QA is integrated into the culture of a company, waste is radically reduced and profits increase. It’s that simple.
This article is adapted from “Real Quality Assurance: An Article for Executive Managers and Administrators,” a white paper from IDEAS that can be found at http://www.ideapete.com/pdfs/RealQAforExecs.pdf. Pete Baston’s presentation on this topic is proving to be one of the most sought after presentations in boardrooms everywhere, and the nearly universal response is “So that’s what QA does to our bottom line! Why didn't anyone explain it like this before?” Major re-insurance companies are also watching the development of IDEAS’ XML templates for web-based consistency reporting with interest.
Sidebar: Risk Management, Before and After 2008
Businesses manage risk by identifying and assessing potential risks, then prioritizing the allocation of resources to minimize, monitor, control, or insure against them. Until about 2008, the core of a risk management plan could often simply be described as “quantify the risk and insure to that amount.” With easily obtainable insurance as a safety net, few perceived a need to qualify risks and adjust internal procedures to actually reduce the probability of an event.
Companies qualify for insurance based a risk analysis profile. Up to 2008, a declaration that QA was in place could influence the profile and enable the company to obtain General Liability, Product Liability, and Errors and Omissions insurance coverage—without which it could not operate—at very affordable rates. Neither businesses nor insurers performed real risk assessment.
Insurance companies aggregate their risks and offset them by bundling them up and reinsuring them. In essence, prior to 2008 risk management was accomplished by handing off risk: businesses passed it to insurers and insurers passed it to reinsurers. As with every good game of pass the hand-grenade, eventually there was a loser. In 2008 claims escalated to stratospheric proportions, and top reinsurers started to reject claims, on the basis that many of the risk analysis profiles on which risk assessments and coverage had been based had never been verified, thus invalidating coverage.
Post-2008, insurers have increased the level of scrutiny and due diligence investigation of the declarations on which the risk profile is based. True risk management profiles are being drawn that are a total reflection of the risk potential of the company as a whole. As insurers are now insisting, risk assessment must be based not on paper declarations, but on the actual operations of the company.
Sidebar: Say–Write–IT–Do
Previously, we described a simple four-step process analysis that we use during process audits. We called it the Say–Write–IT–Do cycle. Performing this kind of analysis is a quick and easy way to tell if a company is adhering to best practices of any kind, or practicing QA. To analyze processes in this way, you do not have to know the jargon, understand highly technical issues, or have had extensive training at the highest level of any specific QA or QC program.
We use a simple web-based system to collect the results of individual process analyses, which can be logged on a mobile device. When a log entry is created, the entry envelope automatically associates each record with a location and a time. Coupled with a model of the workflow, the system uses an algorithm to calculate the overall process health based on the Say–Write–IT–Do scores.
The results of the analysis of individual processes are aggregated at any desired level (department, division, etc.) Above is a comparison of the display of results from two different companies. You can see at a glance which company is on relatively sound footing and which one is in trouble. Would it surprise you to know that Company B entered bankruptcy shortly after this snapshot was taken?
Pete Baston is the CEO of IDEAS, a very different business technology integration company. IDEAS uses intelligent quality metrics to perform due diligence and risk analysis of large projects in many different industries worldwide. An expert in the configuration of integrated parametric technologies for project, operational and fiscal management, Pete has a passion for doing it right in the real world and a reputation for accomplishing the seemingly impossible.
