How Data Governance Programs Fail Even Before They Start

You may see several articles that talk about data governance program failure; however, I will have a different approach here to capture mistakes that are made when the program is in proposing phase. These mistakes make the program fail even before it starts. We can identify these mistakes at a very early stage of our initial planning. Therefore, we will be aware if we make some mistakes that may cause to program fail. Therefore, it is going to be our choice to start or not to start a Data Governance program that we already know will fail.Before start to talk about how and why Data Governance programs fails, I would like to summarize what exactly data governance is; Data management is the exercise of guidance over the management of data assets and the performance of data functions. Data governance refers to the overall management of the availability, usability, integrity, and security of the data employed in an enterprise. A sound data governance program includes a governing body or office(s), a defined set of procedures, and a plan to execute those procedures. In practical terms, that means putting personnel, policies, procedures, and organizational structures in place to make data accurate, consistent, secure, and available to accomplish organization’s mission. It takes on special importance because of organization’s responsibilities, expectations and the legal requirements it must fulfill.Effective data governance makes organizations more efficient by saving money, allowing re-use of data, and supporting enterprise analytics. However, data governance requires more than just a few members of the IT staff with a project plan. It requires participation and commitment of IT and business management, as well as senior-level executive sponsorship and active consultation with stakeholders of interest. The correctly built data governance program enables organization to effectively manage data assets due to assigned responsibilities and rules of the engagement. If your understanding does not match the description above than you are not planning to have a Data Governance work but assuming to have some kind premature data work done which will cause your executives loose their belief in the program and will not let you to attempt this again for a long time. Therefore, I suggest you to stop right now and first read these items below before carrying out these mistakes.I divided these reasons that cause failure to eight sections, so we will talk each one separately and will have a summary. Here is the most known reasons:1. Not exactly believing Data Governance will help and resolve our data problemsConsidering it is a nice work to have done but not important. Underestimating and under-judging the value of Data Governance and the work that needs to be done by team. Not devoting adequate effort to help stakeholders understand how serious and valuable the Data Governance is. How big value will be gained when the task is done and how much will be lost if we fail.2. Planning a Data Governance program without having full support and understanding from executive management is a big mistake.If you even think of planning a your program without getting full support and understanding from executive management, you have a big potential of failure of your Data Governance program. It is a dead baby in your belly from now on. Because in any case executive management can withdraw their support and cancel a program that they don’t really believe. Have the executive management really understand and believe that the value is bigger than the cost. Do not make the executive management to focus on the cost, instead of what they will gain. This is the key, if cost becomes more important then the value that will be added then you have already failed, I suggest you to not to start this program.3. Paying more attention and spending more effort on how to cut from the resources, budget and minimizing the scope and the deliverables rather than focusing on the success of the Data Governance project.We know some organizations try to get services and products cheaper than proposed to them however; this is one of the main reasons of the failure of the the programs. Because this organization does not see the value that they will gain and does not focus on succession just at the beginning and instead they focus on spending less and getting less and this work for them. What happens is that they build some premature programs touching data here and there but not governing, not fixing, not improving at all. Instead, since these programs not well budgeted and planned, instead of gaining control they create chaotic solutions. New environment becomes worse than before because now there are new departments like an non-functional Data Governance offices, stewardships who do not know what to do, and thousands of pages unorganized documents, with tools installed but not in use, because no one knows what to do with them.4. Trying to minimize the scope of the Data Governance to save some money and having some unrealistic small phase ideas.Disregarding that the Data Governance is one solid program at the beginning; you should not divide it to unrealistic pieces and should not think this is a try-and-see program. Then you are dividing a solid piece at the beginning and losing the actual focus. Instead, program can be divided in to solid phases, which will help each phase to cover end-to-end approaches then for each phase you can move to more advanced implementation of program rather than having premature pieces done, and later having another premature piece and try to integrate these works together. Do not do this at the beginning, plan your phase end-to-end and deliver it, you can have a pilot scope for data re-architecting, data improvement part with choosing smaller database domains but do not shave your Data Governance scope. Follow program pattern always as initial planning, planning, executing, monitoring and controlling phases, do not skip any of these steps if you do not want to plan a program born prematurely at the beginning.5. Team Resources are everything, starting a data governance program with ineligible team means failure is coming soon.Some organizations may thing that they can do this by getting consultancy from a SME and do the rest themselves. It sounds good, is it not? However, real world is not that simple. First, if an organization requires Data Governance program and does not have the right resources, this is a good reason to fail. Do not overestimate your own resources and reject getting help from professionals. A Data Governance program requires set of expertise in wide area of data, management, politics and software development life cycle as well as needs heavy loaded work of tasks that also requires teamwork of professionals. Start with a professional team and get as much as know-how transferred to your team in a suitable time. Usually the first phase is similar to your high school graduation and the second is your college degree, do not miss and skip these phases.6. Do not put yourself in a position like “I am client and I want it this way”. Because this is the one of the biggest mistake, you can do for a Data Governance program.A Data Governance program is not a playground; do not behave as you are in one. It is dangerous to move to any direction as you wish, if experts warning you this will cause a program failure. Are you ready to take the responsibility of couple of hundred thousands of dollars wasted, and nothing earned, and losing the support of the executive management that will cause burying of the your program for eternity? You may thing the budget is too much and let us cut it down from few millions to five hundred thousand bucks. Do you really think you save the money or did you just threw half a million to trash? So, be careful most of this kind of behavior ends with disappointment, loss and frustration. Moreover, a hiding cost will come through and will make you pay more than the number estimated at the beginning.7. Do not discard Roadmap, metrics, targets that provided to you by experts.Sometimes organizations think they can reshape the roadmap, metrics and change targets and deliverables so that they can save money. This is seriously dangerous, because it may cause a chaotic environment and may require you to pay additional cost to the experts to govern your ungoverned Data Governance program. So do not do this, be careful at the beginning so you will not have any surprise costs later.8. Losing momentum and recognizing Data Governance as a software project. Data Governance programs are not projects, projects ends and programs not.This programs need to be alive for organization’s whole life term. To make this happen you should have your momentum increased, and understand clearly that Data Governance requires a lifecycle attention starting from the day one.Finally, I would like to see as much as Data Governance programs success, to do reach this target we should follow right patterns and right roadmap for a real life program without skipping necessary steps, planning shortcuts and not creating a path that will cause our failure. Hope my article will help some organizations to understand what they are going to face if they ignore valid rules of this program. Happy governing!

Everything You Need To Know About Identity Theft

With our increasing dependence on the World Wide Web, identity theft is now more than ever a threat to all of us. There are no guarantees that we will not become the next victim of this crime. This is why the more we know about identity theft, the more equipped we will be to protect ourselves against in.The History of Identity TheftWhile identity theft is not a new crime, it has mutated over time to respond to the ever evolving technology and most importantly the World Wide Web, credit cards and ATMs.Before the popularization of credit cards in the 1950s, stealing someone’s identity meant getting their passport, driver’s license or Social Security number. However, what made identity theft far less common in those days was the fact that a person had to be physically present at a bank branch in order to open a credit card.Everything changed in the 1980s when the Fair Isaac Corporation invented the FICO system of credit scoring. This system rates a person’s credibility in a report which also contains other personal and financial information. When an identity thief gets a hold of that information, they are likely going to be able to access other banking and financial information. Unfortunately, with the automation of transactions and the ever more common online banking, stealing one’s identity has become easier than ever. Fortunately though, this ever increasing threat is recognized and today your maximum liability under federal law for unauthorized use of your credit card is $50.Identity Theft ScamsThe criminals specializing in identity theft are very skilled in the “craft” and constantly come up with new and improved ways to scam people just like you and I. No one is really protected because the schemes are getting more and more believable and sophisticated. The best way to find out about identity theft scams is to check out the resources on the website of the Federal Trade Commissions, the FBI, and the websites of your local Better Business Bureau or Chamber of Commerce.Types of Identity TheftAlthough there are many ways to steal an identity, below are the three more common types that everyone concerned about identity theft should know about.Application Fraud (or True Name Identity Theft) – In this case the thief will use your personal information to open new accounts or purchase large items on credit. Most common forms of application fraud are a thief opening a credit card in your name or cell phone service. The biggest issue with this type of fraud is that it may take a while for it to be noticed. Very often people do not even realize that they have become victims of identity theft until they order a credit report and see consumer credit account that they do not recognize.Account Takeover – in this case the thief uses your existing accounts to make purchases or withdrawals. This type of fraud is easier to notice and with the protection mechanisms many financial institutions currently have about identity theft, it is usually caught relatively efficiently. Many credit card issuers, for example, have protection mechanisms in place, such that in an event that a transaction meets their suspicion criteria, a call is generated to the credit card holder to verify the transaction was legitimate.Criminal Identity Theft – possibly the most devastating type of identity theft, this is where the thief uses your identity and presents a counterfeit ID assuming your identity to law enforcement when questioned concerning a crime. This may seem an unlikely scenario to you but it is a form of identity theft that you should guard against.What Identity Thieves are AfterSocial Security – a gateway to all your personal informationDate of Birth – to verify identity and confirm most transactionsAccount Numbers – to with draw money or make purchases onlineMother’s Maiden Name – the ultimate identity verifierPins and passwords – to access various accountsDriver’s license – to obtain fraudulent identificationHow Is Your Identity Stolen
Identity Theft Online

Spyware – is type malicious software that collects information about your online activity. Spyware can come in the form of backdoor entry – which gives thieves access to your computer or keystroke logging when thieves get a log of everything you type online including passwords and account numbers. The presence of spyware is typically difficult to detect.
Phishing – is when you receive emails which seem to be coming from a reputable institution, your bank from example, asking you to update personal information. This way thieves can obtain your account numbers and other personal information
Fraudulent Sites Online – are fraudulent e-commerce sites offering various goods and services through spam or online price comparison sites. Therefore, when your purchase something online, the thieves gain access to your personal information.
Wireless Snooping – occurs when the thieves access directly your unsecured wireless network and steal your private financial information directly from your computer.

Identity Theft At Home

Mail – stealing your mail can give thieves access to bank statements, credit carsd information, auto loans etc. Make sure your mailbox is locked or opt for paperless statements from your financial institution.
Trash – all personal information from above can be found in your trash. The solution is simple – get a shredder.
Phone Fraud – if you receive a call from your “financial institution” notifying you that there has been fraud suspected on your account and need you to verify your personal information, suspect that it may be a fraudulent call.
Identity Theft From Third parties – Sometimes thieves can access your information from a third party such as accessing your credit report illegally or hacking in the records of a business that has your information (stores, restaurants etc.)

How Identity Thieves Can Use Your Information
Make purchases – usually large ticket items that can later be resold for cash
Make withdrawals – can be done from both credit and debit cards
Change your address – so it delays you discovering the fraudulent activity on your accounts
Open new accounts – using your Social security, a thief can open new credit cards and/or new auto loan or other loan accounts.
Get employment – it may sound strange but it happens often than you may think. Your identity may be used to secure employment.
Receive Social Security payments.
To prevent identity theft online you could take these measures:
Ensure your Operating System is up to date
Make sure your Browser is up to date
Get good antivirus software
Get anti spyware software
Do not click on pop ups
Be careful what you download
When using email you could take the following measures:
To protect yourself from phishing scams, do not respond to emails asking you to verity your personal information. Beware that thieves are very skilled and unfortunately they have succeeded at making those emails appear legitimate. Always use caution and suspect fraud. Keep in mind that it is highly unlikely that your financial institution will ask you for such verification via email
Make sure your antivirus software scans incoming emails.
Do not open attachments from people your do not know.
To open links that friends have sent always copy and paste the URL directly into your browser. Remember that sometimes fraudulent emails appear to come from people you know. This happens when their email accounts have been hacked.
Consider investing in encryption software to use each time you need to send personal information via email.
Follow these suggestions to protect your wireless network:
Enable 128-bit encryption
Change the routers default user ID and password
Change the default Service Set Identifier (SSID)
Disable SSID broadcasting

Implementing an ISO 9001 Quality Management System

Implementing a quality management such as ISO 9001:2008 requires transforming the culture. It will affect the entire company, not just the quality department. More people in the organization are affected by it than just the management representative, or the person spearheading the effort. Implementing a quality system to the point of certification and registration is a daunting task but is achievable with your current resources. Implementation times can vary but it can be accomplished.When considering implementation of a quality system such as ISO 9001:2008 you should consider “why are you doing it?” Companies pursue quality system implementation for various reasons, to become better, their customer’s are requesting it, they are having quality problems or they would like the recognition of being certified. In either scenario, the circumstances are different as will be the driving force to implement the quality management system. An organization should consider the benefits of having an ISO 9001:2008 quality system and are not concerned about flying the flag. The following steps best describe the implementation process:1. Why do you want to implement an ISO quality system?2. Educate Top Management3. Commitment from Top Management4. Select a Management Representative5. Select Implementation Team6. Understand the current system and processes7. Understand the Standard8. Gap Analysis9. Create an Implementation Plan10. Employee Training11. Monitor12. Internal Auditor Training13. Internal Audits14. Select Registrar15. Management Reviews16. Continual Improvement17. Pre-Assessment Audit18. Registration AuditWhy implement a quality management system such as ISO 9001:2008 To understand why you would consider implementing a quality management system, let us understand the various quality management systems. There is the ISO 9001:2008 standard along with the industry specific standards such as ISO/TS 16949 (Automotive), TL 9000 (Telecommunications) and AS9100 (Aerospace). In addition to these standards is the Malcolm Baldrige Award.The ISO 9000 standards cover all areas of control which has a potential to impact the degree of compliance of a product or service. The standard is not a cookie cutter quality system that means you will have the same quality system as your competitor, or customer. It means you will have quality systems that meet the minimum requirements but the details of how the requirements are met can vary dramatically.There are several misconceptions surrounding the standard, one is it creates a great deal of non value added paperwork, another misconception is it does not provide any value because all I have to do is “say what I do and do what I say” and they third misconception is it restricts creativity by burdening employees with structured approaches.Addressing the first concern of generating non value added paperwork. The belief is you must document, document, document everything you do. Actually, the standard requires one quality manual, six procedures, instructions where necessary and 26 records. This may sound like a lot but it really is not. The need for extensive documentation can be mitigated with a thorough training program that reinforces what is to be done and how it should occur. It is common for companies to utilize more documentation than the standard requires, simply because they find it valuable. When you are in an environment of continuous change and improvement, processes, duties and tasks are continually changing to keep pace with improvement. It could be extremely hard to know what the agreed upon method was without a formal documentation and change process. The end process would drift because the tasks within the process drift. It would be analogous to not having maximum speeds posted; they would be verbally communicated from area to area.The second misconception is that the standard does not really benefit a company because it simply means you documented what you do (even if it is wrong) and you can show you do it. I recall an example when I was touring a manufacturer and I could see they were lacking in quality systems. I asked the Vice President of Quality if they considered adopting an ISO quality system. He replied, “ISO is nothing more than doing what you say you’ll do. We could make cement life jackets and we could get certified. Our customers wouldn’t buy cement life jackets”. I listened to what he said (laughing inside) and suggested he get some training on the standard, because that is not the intent. The current standard focuses on ensuring you provide a product or service that continually meets the requirements of the customer with the aim of improving customer satisfaction. To make a long story short you could have a system that is extremely well documented and everyone follows the procedures and instructions. If this system is not producing an output that is meeting the requirements of your customer you will not get certified, end of story. Understand, the documentation portion of the standard is a tool or method, the end game is customer satisfaction and meeting you business goals.The third misconception perceives the standard as restrictive in that it binds employees into a specific, structured way to do their job. It removes creativity and replaces it with a mundane repetitive approach. This is to some degree true and dependent upon the organization. The level of control is at the discretion of the company. My experience supports having a level of structure that is consistent with achieving the desired output of the process. For example, if the process is purchasing, the desired output is to have quality product delivered on time in the correct quantities.The ISO 9001:2008 quality system standard provides an organization with a solid quality management system to build upon and improve. The objective of the ISO 9001:2008 standard is to provide a guideline which enables an organization to deliver a consistent product or service that meets the customer’s requirements and strive to enhance customer satisfaction. The requirements within the standard are developed for a company to maintain a predictable output from their key business processes and continually improve those processes.ISO 9000 is a combination of three quality system standards, ISO 9000, ISO 9001 and ISO 9004. The ISO 9000 standard covers the concepts and vocabulary. The ISO 9004 standard is guideline for improvement. The ISO 9001 standard is for quality system requirements and is the only standard with requirements. ISO 9001:2008 means the ISO 9001 standard with the revision year of 2008. From this point forward when I reference the standard I am referring to the ISO 9001:2008 requirements standard.Is an ISO 9001 quality system right for you? To answer that you must first answer why are you going to implement and possibly get certified to the standard? Let me give you a few scenarios that may help.Scenario 1 Your company is doing well. Your sales are increasing, you have little or no competitive pressure to reduce costs and upper management is happy with the current state of the company and the business climate. Your customers are not requesting you to become certified and do not perceive a competitive advantage with having an ISO 9001:2008 certification. Implementing and becoming certified to the standard is probably not right for you at this time. Chances are you will not get the support you need or convince anyone in upper management there is a need. Could implementing an ISO 9001 quality system improve your current situation? Absolutely, you could see cost savings and improvements in all types of areas. Implementation is more of timing thing and right now sounds like the wrong timing.Scenario 2 Your company is doing well. Your sales are increasing, you have competitive pressure but your current business practices are able to keep you competitive. Upper management is happy with the current state of the company, but your customers are requesting it of you. You are pursuing ISO 9001:2008 certification because your customers require it. I have experienced this difficult situation many times. The major obstacle is that nobody in the organization wants it or realizes a need for it. The driving force is external. An ISO 9001 quality system will probably be implemented and certified. The big question lies in the long term effectiveness and sustainability of the system or is it only needed to “fly the flag”. You can approach this by learning as much as you can about the standard so you can speak intelligently about it. You will continually “sell” this program to upper management to obtain their buy in. Once the benefits of the program begin to surface, your selling efforts will diminish.Scenario 3 Your company is doing marginal to bad. Sales are level to decreasing; you have quality problems that are adding a lot of cost. You are experiencing pressures from global competitors. Upper management is not content with the current state of the business, but they are unsure what to do. The climate is good for implementing an ISO 9001 quality system. If you can convince top management of the benefits and expected results of having a quality system this can be very good environment for implementation. You can choose to not become certified, you will gain benefits by simply having a quality system modeled after ISO 9001:2008. The benefits of having a structured quality system will provide the incentive and reward. Having implemented ISO 9001 quality systems in all three scenarios, experience has proven scenario 3 is the best. It is much easier to achieve buy in and commitment from the top.The overwhelming question for top management to answer is “why are we doing this and what do we want from it?” Understand why you are doing it and be fair regarding what you want from it. Don’t go in with expectations of an elite quality system generating a great deal of benefits if you’re going to seek the path of less resistance toward implementation and registration.Educate Top Management The education process for top management is a two-part approach. One part is to educate them on what ISO 9001:2000 is, the benefits, how it fits into your current business and what it will take to implement the system and be certified. The second part is to educate them and ensure they understand why they are doing it and what the challenges are.What are the ISO 9000 standards? We discussed this previously; ISO 9000 is a combination of three quality system standards, ISO 9000, ISO 9001 and ISO 9004. The ISO 9000 standard covers the concepts and vocabulary. The ISO 9004 standard is guideline for improvement. The ISO 9001 standard is for quality system requirements and is the only auditable standard.The ISO 9000 standards are internationally recognized. They are developed, maintained and revised by the International Organization for Standardization or ISO. ISO maintains thousands of standards. The ISO 9000 standards deal with quality management. You may have heard of ISO 14000 which deals with environmental management.The ISO 9001:2000 standard is adopted as a national quality system in more than 100 countries throughout the world. There are over 700,000 ISO 9001:2000 certificates issues in more than 140 countries worldwide. The number of certificates in Europe exceeds 200,000; the number in the US is over 60,000 with an estimated 30,000 organizations currently pursuing ISO 9001:2000 certification.The benefits of an ISO 9001:2008 quality system The soft benefits of an ISO 9001:2008 quality system are improved quality and customer satisfaction. The hard savings come in the form of a tangible reduction in the cost of quality. Appraisal costs will decrease significantly as will failure costs. A slight increase in prevention costs should be observed, which is desired, but the savings in the other two areas will overshadow the slight increase you see in prevention costs. For a quick review, appraisal costs are those costs associated with inspecting, evaluating and testing. Failure costs are costs associated with scrap, both internal and external along with warranty. Prevention costs are associated with quality planning, fmea’s, control plan development and quality engineering. Depending upon your company’s current situation including market, size, business practices and culture, it should be safe to estimate a savings in the area of 1% of sales. There is no reason why you can’t realize savings of up 2 – 5% of sales. This amounts to approximately $1,250,000 annually for a $50,000,000 company. On average for a $10,000,000 company you could expect savings in the $250,000 range. Where do the savings come from? They are in the form of reduced inspection, rework, scrap, warranty and handling customer complaints. How does the implementation of an ISO 9001:2008 quality system realize cost savings? It is estimated that approximately 75% of the total quality costs are the result of internal and external failures. For a manufacturing company, failure costs are associated with sorting or reworking product. For a service company, examples of failure costs would be working with a customer to resolve a problem or revising documents because they were not done correctly. Having a quality system in place will reduce significantly the amount of failure costs incurred. You will also be able to reduce the amount of appraisal costs or how much you test, inspect or validate the product or process. Below is an example of the savings realized by a company after implementing an ISO 9001:2008 quality system.A study was completed that showed a company reduced it’s total cost of quality from $1,323,302 to $748,567.  These are staggering improvements. Keep in mind that sales remained level but direct labor hours did not. A reduction in direct labor hours was observed due to process improvements. The cost of quality breakdown does not include financial gains in productivity, inventory reduction and reduction in changeover time. An important feature to recognize in the chart above is the shift in costs from appraisal and failure category to prevention.The important thing to remember is the savings are only visible if the accounting systems are in place to accurately report them. The process to capture, report and analyze the cost of quality is very detailed and beyond the scope of this article. There is a financial reward for implementing an ISO 9001:2008 quality system.How ISO 9001:2008 fits into your current business model The thought of a quality management system similar to ISO 9001:2008 brings fear to people because they believe they have to adopt someone else’s program, or force a system or method to work for them. The intent of the standard is to adopt a system that works for you. You could benchmark a company and observe how they determine customer satisfaction and your first thought is, “that would never work at our place”. That is alright, there is more than one way to “skin a cat”.Here is the best piece of advice I can offer, there is no best way to implement a process or create a system. There is no single best method or the right way to do it. That is where continual improvement becomes important. Don’t become overwhelmed with trying to find the one correct method, get something implemented and continually improve it. The power and value with the standard is that you start somewhere and improve. Not everyone starts at the same place or ends at the same place. This endeavor to implement an ISO 9001:2008 quality system does not end with certification. Not all ISO 9001:2000 registered companies quality systems are the same. Just like not all doctors, lawyers, teachers or car mechanics are the same. They all have certifications and credentials but differentiation lies in their approaches to the job.The implementation and maintenance of a quality management system can be tailored to a specific company. Don’t confuse this with allowance to not meet the requirements. It means there are many ways to meet the requirements. You can choose to meet the requirements or you can choose to exceed the requirements. It is dependent upon the organization. My hope is that should you adopt the ISO 9001:2008 standard and implement it, your decision is to do more than just simply meet the requirements of the standard. This is where so many companies fall short in realizing gains from a quality management system. They do just enough to meet the requirements but never push themselves to exceed. The implementation of a quality management system is like anything else in life, you get out of it what you put in.What it will take to implement ISO 9001:2000 This is dependent upon how fast you want to go, status of your current business practices and what type of resources you have. A typical timeline would be a year. I see no reason why you can’t go from where you are now to certification in one year. Can you do it quicker, say six months, three months, yes. It just takes time and money. Time and money can cure just about anything. I wish it could cure everything, but unfortunately it can’t.   From a human resources standpoint, for a single location company of about 500 people it will take about 4500 man-hours to implement on your own. Keep in mind a portion of that time will be consumed because it’s new to you. It wouldn’t take a consultant or someone with experience that long because they’ve done it before. If you hire a consultant you can reduce the amount of time it takes, but you will spend it in consulting fees. A good estimate would be about 8 man-hours per employee to complete it in a year by yourself. At an estimated cost of $25 per man-hour, you may look at it as $20,000 for a 100 person operation (8 x 100 x 25) = 20,000. One thing to keep in mind is the people working on the project are there anyway, you are not hiring extra people. You are going to temporarily reassign resources to accomplish the goal.Now let’s look at the cost to get certified. Depending on the registrar you select and we’ll talk about that later, the costs can vary slightly. A good baseline for costs to become certified and maintain certification, are as follows:Document Review $750 onetime cost, pre Assessment Audit $4,500 Registration Audit $7,500 one time cost Surveillance Audits $4,500 ongoing annual costTraining costs should be in the $1,400 – $10,000 range for internal auditor training. You can cut some costs of training by having one person in your facility trained and then have them train your internal auditors ($1,400) or you can have all of your internal auditors trained by an outside source ($10,000).Commitment from top management I can’t teach you how to get commitment from top management, I’m not that good, and nobody is. What I can teach you is how important it is, what it means and how to tell if top management is really supporting the implementation of a quality system. Can you implement an ISO 9001:2008 quality system without top management support and commitment? Yes, but the resultant quality system will not be as effective as it could be and you will probably find yourself asking where the benefits are. You will question the validity of the standard and the quality system because you won’t see a dramatic change in your complaints, quality levels, quality costs and warranty. You can implement a system, pass a registration audit and get your company ISO 9001:2008 certified. I have seen a large number of companies that are certified but are not reaping the benefits of the standard or the quality system. The root cause of this is most often top management support.In an attempt to avoid this scenario, it is important to educate top management of the commitment requirement and the ramifications of falling short. Educating top management does not guarantee the commitment. When the results are not there and people begin to question the initiative, you can point to this as a possible way to right the ship.Top management commitment does not mean they verbalize it. When it comes to an endeavor such as implementing an ISO 9001:2008 quality management system, people will not care what you say; they want to see what you do. It will be extremely difficult to get momentum when top management talks the talk but will not walk the walk. Employees at all levels of the organization will be watching to see if this is real, or is it another “flavor of the month”. They won’t look at the management representative singularly; they will be watching the members of top management and particularly the highest ranking individual at that site.That individual must provide continual support for the implementation process. They achieve that with actions that are consistent with what is spoken. For example, a situation exists where an area is having problems with a specific supplier. This has been occurring for six months and no activity is taking place. People will not believe top management is serious or supports the implementation of a quality system if this occurs. Take the same scenario but now the top ranking individual communicates to the employees what is being done and when. This is a big step. The biggest step is doing something to correct the problem.The key for top management is to be visible and active in the effort and have their actions consistent. If this hasn’t been a characteristic of top management at your facility then they need to change. Can it be implemented without this, yes but as we stated above it will be much more difficult and the results you get will be significantly reduced. This effort can’t be viewed as something the quality manager, improvement manager or any other anointed person does. This must be an effort spearheaded, guided and monitored by top management. If it is not, everyone associated will know and the progress will be slow, the results will be substandard and your frustration level will be high.Select Management Representative and Implementation Team The management representative is the person who has the responsibility to report on the status of the quality system and is most often the person who will spearhead the efforts. This person oversees the implementation process and is responsible to ensure management is aware of the condition of the quality system in order to facilitate continual improvement. It is not imperative this person is part of top management, but it does help. If the management representative is not a member of top management make certain they have direct report to someone in top management. The management representative is to the ISO 9001:2008 implementation what a black belt is to a six sigma project. They are the catalyst that makes the reaction move. Important characteristics of a management representative are forward thinking, change agent, and embody continual improvement, positive thinking and not content with just getting by.The next step is to identify the implementation team. This can vary depending upon the size of the organization. A 500 person facility could have an implementation team of perhaps 10 – 15 people. A 50 person facility could manage with an implementation team of 1 to 2 people. For the implementation team you’re looking for some resources that could carve 1 – 2 hours per day out of their schedule and work on the ISO implementation. You are also looking for change agents within the company. You do not want to fill your implementation team with individuals who are antagonistic, negative thinking and happy with simply doing what it takes to meet the requirements.