ISO Compliance: The role of ISO Standards and Corporate Governance

The importance of corporate governance in today’s progressive business environment cannot be denied. Emphasis is put on organisations achieving trust and a good reputation, rather than their tangible assets.

What is Corporate Governance?

ICSA: The Governance Institute defines corporate governance as “the way in which companies are governed and to what purpose.” It is a system of rules, practices and processes by which a company is directed and controlled. However, just as no two business strategies are alike, a corporate governance policy is likely to vary from one company to the next. While the inner workings of the corporate governance policy may differ, the basic business principles will remain the same.

What is the relationship between ISO and Corporate Governance?

The drive for improved governance of organisations has resulted in a structured approach in the development of all management system standards. ISO has achieved this by publishing Directives 1 and 2 which provide rules for the teams that develop standards, in the case of ISO 9001, ISO/TC 176. Directive 1 contains annex SL which provides a common structure to be used by all management system standards. It therefore shares common headings and common text, that addresses good governance requirements, with other management system standards and is used as the framework into which the management requirements are written. There are also common definitions that address the issues associated with good governance.

How does ISO compliance work together with good corporate governance?

ISO standards were initially established to supplement the confidence provided by quality inspection and control. They were developed to enforce and promote a minimum set of legal requirements and standards that need to be applied to conduct better business practices and improve performance.

There are close to 23 000 different ISO standards, each relevant to different industries. A small subset of about 80 of these are management system standards, the most widely used management system standard is ISO 9001:2015 which sets out requirements for quality management systems. These various ISO management system standards are the tools which organisations can use to improve areas of governance that the individual standards target. An efficient management system is one that is tailored to the organisation’s individual needs, as well as one that conforms with ISO standards.

Undergoing an ISO conformity assessment process has a number of benefits for an organisation. Firstly, it provides consumers and other stakeholders with added confidence. Getting certified with one of ISO’s management system stands, such as ISO:9001:2015, is a way of showing outsiders that the organisation has an effective quality management system in place.

Complying with ISO standards also gives your organisation a competitive edge, particularly against competitors who are not complying with ISO standards.. ISO standards also assist with better corporate governance, integrity, and transparency. They also look to improve ethics, social responsibility, and sustainability within an organisation.

No matter which ISO standard your business adopts, getting a certificate of conformity is a useful part of achieving good corporate governance. There are certain issues and risks that arise when a business is non-compliant, which we will get into later.

Do you have the right questions on hand to assess your Top Management's Compliance to ISO 9001:2015?

Download our FREE GUIDE featuring “Checklist: Evaluating Top Management’s Conformance to ISO 9001:2015” and learn more about the extent to which your organisation is complying with the key ISO 9001:2015 standard requirements! Please note that the use of the checklist doesn’t guarantee a successful audit.

Audit for compliance

Audits, either internal or external, are a vital part of the management system approach as they enable the company or organisation to check how far their achievements meet their objectives and show conformity to the standard.

The audit processes in ISO 9001:2015, for example, are a framework for helping organisations identify and fix their own quality management issues before they result in product/service quality concerns or waste. This is one of the key objectives of auditing.

Internal vs external audits

An internal ISO audit is a critical review of the business processes and related management arrangements. Internal conformance audits are not required by law, but are part of good corporate governance and are required by all management system standards.

A third party ISO audit, on the other hand, is an audit conducted by an external  organisation looking into the organisation. The external auditor will usually compare against a specific set of requirements or guidelines, generally stipulated by the organisation’s chosen Management Standard, its own internal business rules, policies and procedures as well as any applicable legislation relating to the particular standard.

A comprehensive internal audit is the vital step before ISO certification in a formal process to align quality systems with internationally recognized standards. It is also part of an iterative process that drives continual improvement of the management system.

Issues and key risks around nonconformance

Nonconformity is the failure to meet one or more of the existing requirements prescribed by the ISO management system, the ISO standard, the customer or by related legislation. Nonconformity can be found at any level of an organisation’s operations and ISO standards always demand that the underlying cause for nonconformity is removed to prevent recurrence..

In most cases, non conformances negatively impact organisations in terms of cost, reputation, efficiency and effectiveness. Identification of a nonconformance, however, should not be considered a bad thing. By identifying a nonconformity and addressing it at a root cause level will assure all stakeholders that the event  will not become a pattern.

Repeated failures indicate that the organisation is failing to identify, measure, communicate or improve the processes that matter within the system. The organisation, therefore, could be facing bigger issues than just barriers to certification. When considering ISO 9001,  non conformities or systematic failures are a significant red flag about the organisation’s ability to manage quality effectively.

Certification Bodies categorise nonconformities into major and minor when reporting on an audit. Any number of minor nonconformities will not prevent the organisation from getting certification. On the other hand, a single major nonconformity will prevent certification. Both categories of nonconformity have to be assessed and corrective action implemented.

Ultimately, if not taken care of, nonconformity (whether minor or major) can lead to long term issues within the organisation.

Download our FREE GUIDE featuring “Checklist: Evaluating Top Management’s Conformance to ISO 9001:2015” and learn more about the extent to which your organisation is complying with the key ISO 9001:2015 standard requirements! Please note that the use of the checklist doesn’t guarantee a successful audit.

ISO Certificate of Conformity

ISO certification, when considering management system certification, is the provision by an independent body of written assurance (a certificate of conformance) that the management system in question meets specific requirements..

Third-party certification, like those offered by Wynleigh International Certification Services, shows that your organisation has met the specific requirements set out in the ISO standards. Our Audits are customised through feedback from your customers, in order to close out gaps – this means a reduced need for your customers to perform second-party audits.

We also share your ISO certified status with your insurer and key customers to create trust which will ultimately give your company the competitive edge. The WICS Risk Assurance Service means less risk to transfer to your insurer and improved assurance for your stakeholders.

Contact WICS for more information on how our services will give you the reassurance of ISO conformity. We understand that quality is at the top of your priorities, which is why our certification service delivers a significantly higher value proposition. Contact us on +27 (0) 31 941 4790 or by email on

Get A Quote
close slider
Scroll to Top
× Chat to us on WhatsApp