What is a management system?

A management system such as a quality management system is simply the way you run your business. Management systems may be formal (Written and communicated), informal or a mix of each. A management system is often developed to meet the requirements of a number of disciplines, such as quality management, occupational health & safety, food safety, environmental management, security management, and financial management. In many cases, it can be better for a company to have an overall business management system to help reduce duplication of management processes. A good management system will include processes for checking the system is followed and improved (See “What are management system standards” below).


How are management systems developed?

  • The system emerged with little planning.
  • Another company’s system was copied or a template was used and adapted to your business.
  • Management write down what they do.

Although there is merit in each method, the most effective way of developing a management system is the 3rd method.

What is a formal management system?

A formal management system is a documented plan of how you will run your business. Often a formalised management system will consist of policies and procedures, forms and training. A management system does not need to be large and bulky, or overly complicated. A management system should never be a rigid, set of enforced practices that provide little or no benefit to the running of the business. A management system should regularly be improved to represent the best you are doing at the time. It is actually your own set of standards.


What are management system standards?

There are a number of internationally recognised management system standards. These provide criteria on which to build a management system. The management system standards outlined below are familiar to most and cover the following areas:

  • 1ISO 9001 for quality assurance
  • 2ISO 14001 for environmental management
  • 3ISO 45001 and AS/NZS 4801 for occupational health and safety management
  • 4ISO 27001 for Information security
  • 5ISO 17025 for testing and calibration laboratories

Generally, the standards are not easy to read unless you are familiar with their language. However, they offer very practical and useful information on managing each of the disciplines they cover. There are similarities throughout the standards. These similarities allow the standards to be easily integrated into one system for managing the business. One of the most basic similarities is their use of the PDCA cycle presented below:

PDCA Cycle


Refers to a plan of how you want to run the business using the standard of your choice


Refers to following the management system. This often includes training and communication


Refers to the process of checking whether the management system is running as planned. Can sometimes cover checking whether the plans reflect what is being done. The primary checking mechanism of a formal management system is an internal audit. External auditors from certification bodies can also contribute to this section of the PDCA cycle


When a discrepancy is found, the Act part of the cycle refers to correcting actual and potential problems.The circular arrows on the PDCA cycle represent ongoing or continual improvement.

How do you get quality (or safety and environmental management) system certification? The process

Once your management system is set up (this is where Compliancehelp can help you) you apply for certification through a registered certification body. The process has 4 simple steps:


An application for certification is sent to the certification body (Application forms are provided by the certification body).


An application for certification is sent to the certification body (Application forms are provided by the certification body).

Document Review of the management system

The certification body conducts a review of the management system documentation to ensure that it meets the necessary requirements of the standard.

Initial/Certification Audit

The certification body conducts an on-site audit to check that the management system has been properly implemented. If the management system has been implemented, the organization becomes certified to the standard.

Certification is valid for 3 years, after which it is renewed.

Surveillance Audits

Surveillance audits are conducted annually to provide continued evidence of conformance

A flowchart of the certification process is provided below:

You can contact our office if you would like us to recommend a quality assurance, safety or environmental management certification body to help you through the audit process

Why do some ISO 9001 certified companies make more mistakes than uncertified companies?

How confusing. In my experience:

  • The plans meet the standard, but the plans are crook. This is often the fault of trying to get certified for as cheap and as quick as possible
  • Management seek certification solely for the purpose of getting contracts
  • The management system is near impossible to follow and no one is willing to, or game enough change it

Management are not committed to investing their best time, effort and resources.

In short, businesses that are struggling to remain certified or to deliver superior products and services are those businesses that are not willing to put in the effort and resources to improve.

Methods for developing a management system

There are essentially three approaches to developing compliance management systems:

  • Internal development
  • Internal development using a template document
  • External development (i.e. using a consultant / mentor)

Things to remember:

1. Whatever approach is taken, ideally, you should always strive to understand the standards and legislation for yourself. If leaving it to someone else to do all the work for you, you are always relying on their interpretation. Understanding the standards takes time and effort.

2. When using the first approach, if you decide to take on the work, internally and there is no internal expertise, the process can take a long time, and the finished product may yield little value. The process can potentially cost more than using consultants.

3. When using approach 2 and 3, ensure that you have contributed substantially to your plans, they are yours and you need to be comfortable with them and willing to follow them

4. When using approach 2, be very careful of buying a template set of policies, procedures and forms. They can assist with formatting, and basic set up of any documentation, but that is where their value should end. You need to make the system your system, not force yourself to fit into a generic system.

5. When using approach 3, a QA consultant can be a very cost effective method for complying with applicable standards and legislation. A QA consultant should have a plan of attack that maximises your results, but minimises your costs. There are some things to watch out for when working with a QA consultant:

  • Remember that a consultant is not an expert on how you run your business, you are
  • Do not leave it up to the consultant to do it all for you
  • Make sure you know how much the services cost before you engage a consultant and that you are sure of what you are going to get
  • Make sure you like your consultant
  • Make sure your consultant knows what he / she is talking about before you engage him / her.

There are various ways of engaging a consultant from getting the consultant to do all the work for you (To a point, this can increase your dependance on a consultant), to using the consultant as a mentor to compliance.

Attending training courses can also be a useful exercise.


Ready for a quote?