ISO 10006: Risky Business

Roger Pither 
William R. Duncan 

ISO 10006, Quality management — Guidelines to quality in project management, claims to

provide "guidance on quality system elements, concepts and practices for which the
implementation is important to, and has an impact on, the achievement of quality in project
management." In our opinion, application of this document is more likely to have the opposite
effect: if attention is given to the items identified in the standard at the expense of others critical
to project management, the result could very well be a poorly managed and unnecessarily costly
project that is compliant with the standard.

Strong words, perhaps, but let us look at some of guidance the standard provides, and you can
draw your own conclusion.

First of all, ISO 10006 does seem to cover the right subjects — scope, cost, time, risk, and so on.
In fact, it identifies virtually the same set of project management processes and knowledge areas
as A Guide to the Project Management Body of Knowledge. Not much of a surprise since the
ISO committee used a draft of that document as a key input during the development of their
document. There are, however, some notable omissions:

 There are no quality management processes. By failing to include the quality

management processes, ISO 10006 implies that these critical processes are outside the
scope of project management. How does one ensure quality without quality management?
 There is no project execution process. Lots of planning processes, lots of controlling
processes, but no place to actually do the work of the project. This omission regrettably
reinforces the notion that project management is limited to planning and controlling.
 ISO 10006 limits its discussion of scope to developing "a description of the project
product." In doing so, it minimizes the importance of project scope, of defining the work
of the project. Hardly a recipe for quality in project management.

Second, the document says that it is "not a guide to project management itself," yet the level of
detail provided and the phraseology used in most clauses and subclauses runs counter to this
stated intent. There is much use of prescriptive terms such as "action should be taken," decisions
should be "formally documented," "special attention should be given to," or "particular attention
should be given to." This language creates a false impression of priorities for successful project
management and raises the risk of misuse of the standard.

Third, the standard recognizes that project phases and project life cycles exist, but it provides no
guidance on how the identified project processes relate to project phases. Some of the ISO 10006
processes will occur only in some phases. Unfortunately, the standard fails to identify which
processes these are. This inconsistency is likely to reduce quality in project management if
project organizations attempt to implement processes in phases where they don’t belong.
Fourth, there are a number of statements that provide incomplete or poorly conceived guidance.
These errors were documented as part of the ISO review process, but ISO failed to address them
in the final version. The items below are representative.

 "Particular attention should be given to activities which involve new technologies."

(5.4.4) All activities which involve significant uncertainty should receive "particular
attention." New subcontractors, inexperienced personnel, and date constrained activities
are encountered more frequently than new technologies and are at least as likely as to
cause quality problems.
 "All informal agreements which affect the project performance should be formally
documented." (5.9.2) If informal agreements are documented, don’t they become formal?
If not, is it possible to have a formal agreement that is not documented?
 Work breakdown structure, critical path, project objectives, project life cycle, project
network diagram, project scope and many other project management terms are used
without being defined. Since many of these terms are understood differently in different
application areas, the absence of agreed definitions may cause considerable confusion.

Finally, the document is inconsistent in much of the guidance it gives. For example:

 In the subclauses related to cost and schedule control, the document states that "action
should be taken to ensure that unfavourable variances do not affect project objectives."
Similar text is missing from the subclauses related to resource and risk control: I can
ignore resource variances in these areas that affect project objectives and still be in
compliance!
 Subclause 5.11.4 says that "there should be a procedure for subcontracting" and 5.6.2
requires a "defined procedure" for budget acceptance. None of the other processes
suggest a need for procedures. I can do everything else ad hoc and still be in compliance.

In summary, the use of ISO 10006 as a reference document for an organization involved in
project management, for project management procurement, or by project managers themselves is
not recommended.

© 1998 Project Management Partners