By adhering to ISO standards, organizations establish best practices and ensure compliance with regulatory requirements. The case study examines how BSC Designer clients integrate their ISO certification programs with functional scorecards to fulfill the standards’ requirements in defining interested parties, objectives, actions, risks, and measurements.
Standards in the Case Study
To analyze the general approach to aligning ISO standards with functional scorecards, we interviewed 18 organizations among our clients certified in the following standards:
- ISO 9001 – Quality management (practical case study available)
- ISO 14001 – Environmental management
- ISO 45001 – Occupational health and safety management
- ISO 50001 – Energy management
- ISO 22000 – Food safety management
- ISO 27001 – Information security, cybersecurity, and privacy protection
Architecture of Aligned Functional Scorecards
In section 4, ISO standards require defining the application area or scope of the standard.
Organizations in the case study employed the architecture of aligned strategy and functional scorecards. Each scorecard focused on a specific aspect of the company’s strategy, aligning with the requirements of a particular standard.
Some standards introduced additional functions, such as emergency preparedness, functions along the value chain (for example, procurement function), leadership, and corporate governance. Organizations aligned primary scorecards with other functional scorecards using normalized goals/indicators.
In most cases, the use of ISO functional scorecards extended beyond formal audits/reviews. The ISO scorecards and their outcomes were aligned with corporate-level strategy scorecards and other strategy and functional scorecards.
Business Context and Stakeholders
ISO standards emphasize the need for contextual analysis (section 4 of the standards), including external factors (business context, competitions, stakeholders) and internal factors.
Organizations in our case study generally followed a classical approach to strategic planning, including a thorough analysis of internal and external factors, competition, constraints, etc.
During the facilitation sessions, the ecosystem diagram (a part of the Strategy Implementation System) was used for formulate a roadmap for the analysis.
ISO standards require stakeholder analysis (section 4.2). BSC Designer users typically conduct stakeholder analysis as part of the business environment analysis, utilizing the stakeholder analysis template available in the software.
Objectives
Section 6.2 of ISO standards outlines the requirement to define objectives:
- ISO 14001 environmental and compliance objectives
- ISO 9001 objectives for relevant functions and leadership (section 5)
- ISO 45001 occupational health and safety objectives
- ISO 50001 objectives and energy targets
- ISO 22000 objectives for food management system
- ISO 27001 information security objectives
According to ISO, objectives must align with consistency, measurability, monitoring, communication, and regular updates.
When automating objectives in BSC Designer, organizations used various levels of decomposition, assigned owner users for communication, quantified objectives with relevant KPIs, and linked action plans to objectives in the form of initiatives.
Digital Transformation Strategy.The relationship between objectives in external scorecards was visualized on the context tab, and objectives were communicated via reports, visual strategy maps, and dashboards.
Action Plans and Resource Allocation
ISO standards (section 6.1 and 6.2) establish requirements for actions, including defining the scope of action, resources, persons responsible, timeline, evaluation criteria, and additional relevant information.
Balanced Scorecard for HR.The companies in the case study formulated their action plans via initiatives aligned with objectives and KPIs. A typical definition of an initiative included:
- Definition of its name and other details in the description field
- References to supporting documentation in the aligned document property
- Timeline data
- Total budget, used budget, Earned Value calculated
- Definition of the person responsible and stakeholders involved via owner property
- Tracking the evolution of the action plan via the status property
- Automating evaluation criteria or progress via the aligned KPI property
- Definition of dependencies, contributions, and contexts via the Context section.
ISO standards recognize the importance of risk (effect of uncertainty) on the operating environment (section 6.1). Organizations automated risk management in BSC Designer using the initiatives mechanic, changing the type of the record to “Risk.”
Quantification of Objectives and Action Plans
A common theme of analyzed ISO standards (see sections 9.1) is the requirement for the definition of objectives that are measured (quantified), monitored, communicated, and updated.
Organizations automated these requirements via KPIs:
- KPIs were aligned with an objective or with an initiative
- Owners were assigned to the KPIs
- Owners were automatically communicated about the changes in KPIs
- The update interval properties of the KPIs were used to automate reminders to update data and ensure data consistency.
A case study on performance measurement in the aviation industry might be of interest to those in similar regulated domains.
User Involvement
ISO standards (sections 7.3 and 7.4) require involved parties to have access to relevant data, with a focus on awareness, communication, and documentation.
Organizations achieved stakeholder involvement using the user role model in BSC Designer, including:
- Observers (view-only users),
- Data input users, and
- Power users.
Internal Audit / Review
Sections 9.2 and 9.3 of ISO standards mandate regular internal audits and management reviews.
Companies from the case study employed various mechanics to automate the requirement for internal audit:
- Separate functional scorecards were created with audit progress/completion indicators. These indicators were configured with specific update intervals to ensure compliance with the regular updates policy.
- Findings from the audit were aligned with objectives or KPIs using the commenting function, as well as by creating new initiatives/hypotheses.
- A formal data approval workflow was established for a certain type of tasks (the input from data input users should be approved by power users).
Summary
While each ISO standard provides a unique perspective on the applied domain, a common theme emerges in the requirements for:
- Context and stakeholder analysis,
- Formulating objectives,
- Action plans, and
- Their quantification.
Organizations in the case study utilized BSC Designer software to automate aspects of standards’ compliance via functional scorecards and align them with the overall strategy.
With the increasing number of regulations, compliance is not limited to ISO standards. Check out our compliance template to create scorecards for specific regulations.
CEO | Author | Speaker
BSC Designer is strategy execution software that enhances strategy formulation and execution through tangible KPIs. Our proprietary strategy implementation system reflects our practical experience in the strategy domain.