Auditing collaborative business relationship management systems

ISO 44001:2017 Collaborative Business Relationship (CBR) management systems – Requirements and framework is one of many frameworks and/or models for collaborative working. These include the Six Critical Success Factors Model (Constructing Excellence), the Alliance Model and, more recently, Project 13 (Institute of Civil Engineers). Even one of the ISO 9001:2015 seven quality management principles found in Section 0.2 is ‘Relationship Management’.

ISO 44001, existing standards process integration, and management

What do organisations hope to achieve by implementing ISO 44001:2017?

First, a strategic framework to establish and improve collaborative relationships in organisations of all sizes. Also important is the creation of extra value for organisations and their partners in conjunction with innovation and continual improvement; as well as systematically managing and improving those qualitative factors and the associated risks. 

ISO 44001 can be fully integrated into an existing ISO 9001:2015 quality management system and audit programmes. The aims outlined above are fully compatible with an existing quality management system. ISO 44001 is a tool for culture change and organisational transformation that can be used to facilitate existing continual improvement aims of an ISO 9001:2015 management system.

There are three themes of ISO 44001 that need to be embedded at corporate level and on projects that evidence collaborative business relationships (CBR). Auditing is a key requirement of Clause 9.2 Internal Audit.

The three themes are: 

• common vision and collaborative leadership;
• collaborative culture and behaviours; and 
• collaborative processes and tools.

"Auditing a collaborative business relationship can be quite different to auditing ISO 9001. It involves understanding occupational behavioural process management, business objectives, relationship risks and their impacts on a successful project, while also assessing continual improvement and leadership commitment."

Louise Jones, Senior Quality & Collaborative Working Consultant at WSP UK

Integrated audit programming

Quality audit programmes are risk-based. It can be argued that ISO 44001:2017 is a standard that is based on all of the following – quality, business/contract risk management and occupational psychology. The emphasis on relationship risk management and issues resolution processes being process-controlled and systematically managed is something that emerged with the original BS11000 standard. Qualitative processes can have a huge impact on the quantifiable. Uncollaborative behaviours and organisations’ cultural differences can lead to programme delays, leading to late deliverables and costing organisations both goodwill and potential bonuses.

CBR auditor training and competencies

External certification bodies can vary in their approach to what constitutes a formal CBR auditor competency, as they may accept experiential competencies, or whether an IRCA-accredited ISO 9001:2015 Internal Auditor or Lead Auditor is sufficient. The BSI and other certification bodies offer ISO 44001-specific auditor training. I attended the original Pera Neville Clarke/ICW BS11000 auditor training and then the BSI ISO 44001 transition training. 
Auditing CBR can be quite different from auditing ISO 9001. It involves understanding occupational behavioural process management, business objectives, relationship risks and their impacts on a successful project, while also assessing continual improvement and leadership commitment. 

It cannot be approached with a dismissive attitude that all you need is in ISO 9001:2015. An understanding of the biggest variable in any process – the human element ¬– is imperative. For example, collaborative leadership behaviours have additional different requirements to collaborative working project team behaviours. In addition, project controls items such as business risk management, key performance indicators and contractual items will also be involved.

You are usually auditing a relationship that is the product of two or more different organisations. A CBR management system needs to accommodate the joint activities of the parties. Multidimensional relationships will vary within the context and lifecycle of the relationship and the commitment of the organisations. Therefore, a more nuanced approach than a typical ISO 9001-based process audit is required.

As noted in ISO 44001:2017 standard: “These evolving themes impact the behaviour and organizational culture of collaborating organizations to ensure they are effective, optimized and deliver enhanced benefit to the stakeholders through collaborative approaches.” 

A supplement to any training is ISO 19011:2018 Guidelines for Auditing Management Systems.

What type of organisation are you auditing?

Review the context of the collaborative relationship. An alliance is audited differently than a joint venture partnership. Consult the Institute for Collaborative Working and the CBR standards for further guidance.

Types of collaborative business relationships and organisations include:

• corporate management system, operations, organisations and process controls;
• collaborative network;
• project;
• consortium;
• extended enterprise;
• joint venture;
• cluster;
• partnering programme;
• business eco system;
• outsourcing.

Audit approaches

The ISO 44001:2017 Table B.1 – RMP: general contents guide is the best quick start for your audit checklist. Approaches to auditing ISO 44001 vary depending on who and what is being audited. 

If working with the originating organisation, consult your UK senior executive responsible (SER) and steering group about any high-risk areas. You should also consider the following questions:

• What is the overall aim of your CBR management system/relationships audit programme and what are the business objectives of these?
• What are the non-conformances or observations from last year’s internal audit, as well as last year’s certification audit?
• Do you have time to do an overall gap analysis? In what phase of the standard is the collaborative relationship?

For a themed audit, you, as auditor, should ensure alignment throughout the organisation and identify opportunities for improvement, which allows the auditor to maintain focus on a certain subject. 

This process approach leads to skills development through personnel training, as well as increasing the collaborative skills and competency of those involved. This has a positive impact on process inputs and outputs, while focusing attention of key areas such as risk management, issues resolution, key account management and communication. 

Remember, always ask yourself at what stage of the standard is the CBR currently in, and make sure to audit that. CBR is iterative.