Q&A Blog – Exploring Standards with Len Howard

As part of Assent’s mission to champion the consultancy industry, Jess from Assent Risk Management has been interviewing experts from all sectors of the consulting profession. In this interview, Jess talks with Len Howard the founder of THC Consultants and the winner of UK Consulting’s, ISO Consultant of the Year.

How did it feel winning the UKConsulting ISO Consultant of the Year Award?

Well, I’m quite proud, but I was also quite surprised. I know I’ve been around a long time and I tried to do things to shape the industry, to be in my own image, but I didn’t think I’d had quite that much impact, so I was not really expecting to win against the competition. So I was pleasantly pleased. And my family actually said to me it was probably meant to be the posthumous lifetime achievement award, but I frustrated everybody by staying alive. 

But no, seriously, I’m very proud and I’m very pleased to have been recognised by the industry because I am passionate about what the industry does and it is a boring subject, I’m afraid, for most people. We are a distress purchase for most people, but I try to make it a little bit more interesting for people and a little bit more value.

How did you get into consulting?

Well, I actually intended to get into consulting because I structured myself out of the job that I was in and I was an internal consultant in a PLC, working in various different parts of the PLC. I came out of marketing in the first place. I had no qualifications in marketing whatsoever. I’m a biochemist by training and got into marketing in the mid-70s. Consumer goods, brown goods, then into food. And eventually, by the mid-80s, I was moving further and further into strategic marketing and strategic management. That took me into corporate development, which took me into restructuring businesses, looking at how businesses operated within the group, looking at ways we could make them more efficient, get added value out of what we were doing and mergers, acquisitions, divestments and what have you. 

And eventually [I] was part of the team that engineered an MBO at the PLC I was in at the time and decided I didn’t want to participate. So I set myself up in [19]91 as an independent consultant. [The] Name was different then, It wasn’t THC then. 

But that’s how I got into it originally, I was looking at a general management consultancy and we [THC] still do general management consultancy and indeed we still do marketing projects for people and business development projects for people. But in [19]92, I was asked by a client what I’d heard of BS 5750 and I said, ‘Well, I’d heard of it’. I’d heard it didn’t have a particularly good reputation for doing much for business other than giving them a set of rules that it had to move to, but it was becoming mandatory for people to have it if they wanted to succeed. 

He said, ‘Well, I want to get it’. I said, well, I don’t particularly want to do it for you, but I’ll find somebody who can. So I found somebody who could and pointed him in the direction of this chat and they got together and the consultant that I found basically, took his money and disappeared, never to be seen again. So he said to me, Right, you’ve got me into this mess, get me out of this mess. And I thought, right, yeah, okay, well, it can’t be that hard. [I] Looked at the standard, looked at what it was doing, and I thought, this is dull.

It’s just a set of rules. Thou shalt do this, thou shalt do that. So I said, this is going to be a doddle, and got him through it. And then from that, I got more and more contacts within his industry and then spent a decade working in the exhibition industry solely with Elscort and Olympia and with spin-off businesses around that, and then moved from that into broader business, diversified at the end of the doing other things. And we’ve been a general consultancy focusing on ISO, but using ISO’s standards as a tool for people to be actually able to improve and develop their businesses.

What are some of the developments that you have seen in the years in quality management?

It’s very interesting. It follows the way people think. When PS 5750 first came out, it was supposed to be quality assurance, but it was more about quality control. And the difference between quality control and quality assurance is in quality control, if something goes wrong, you don’t let it go out to the customer. In quality assurance, you look to where things may go wrong and you try to stop things from going wrong before they get sent out to the customer. And it was very simplistic in its early stages. It was saying, inspect at this stage, inspect at this stage, inspect at this stage, and then inspect again before it goes out to the customer. That was in the 5750 standards. Then in the mid-90s, we went from those to the ISO 9000 series. Originally we had ISO 9001, which was for everything, including design, and ISO 9002, which was everything, excluding design. And that was a little bit better. It started to bring in this concept of preventive action. So what are you going to do if you find these things are going wrong? How are you going to stop them from happening again? But it wasn’t really firing anybody up. 

When the change really started was in 2000 and with the 2000 iterations of ISO 9000, 2004 iteration of ISO 14000, you started to get this idea of continual improvement and you started to get the idea of how you actually manage your improvement and how you learn from your errors, how you perceive what your errors might be. But it wasn’t really until we got to the current batch of standards, which started in 2012, and the new Annex SL, and the first one, I think, was ISO 20121 where you’re actually looking at a broader range of what can possibly go wrong with your business, but not only what can possibly go wrong with your business, who’s affected by your business, who are the people that you affect? Who are the people that affect you? How do those interrelationships work? What can you do to influence them? What do people expect of you and the needs and expectations of interested parties? 

[It] sounds really dull and boring, but it’s actually just saying, right, what are we going to do to make our lives easier when we’re interacting with suppliers, when we’re interacting with customers, when we’re even interacting with our neighbours and our competitors? And then, right, what [are] the risks to the business if something goes wrong with that?

Some people from the security industry, when I say security, I mean information security, say that you should be looking at where your risks lie in the first place and then deciding who your interested parties are. I take the opposite view. Who do we deal with? Who deals with us? It’s mainly looking at sort of like it’s almost taking a PR approach and looking at who your publics are. And then you look at your public and you say, right, what’s the risk of our relationship with this person? What’s the risk? And you’ve got to think about your internal market as well as your external market. You have to think about your internal suppliers as well as your external suppliers. And if you’re in a business, think of what the finance department needs from you. The finance department needs you to give them information so they can actually turn around and say, we’re not making a profit on this. You need to do something different. You need the finance department to be able to give you the money. You need to be able to develop what you want.

So you start to look further and further into the business and it becomes a much more holistic approach. And I understand that the next generation of what I call the basic standards, ISO 9000 and ISO 14000 are going to start to look into things more in a much more holistic way, taking into account things like sustainability of the business.

There’s not just environmental sustainability and the carbon footprint. That is a major part, a major element, because if we don’t get that right, none of us are going to be able to do business and nothing’s really going to matter. But you’ve got to look at how healthy the business is as a business. How do we retain our people? How do we actually make sure that our people want to work with us as opposed to working for our competitors? How do we make sure we are making sufficient money and getting sufficient investment to do what we need to do, develop our people? How can we make sure that the business so you start to get in business continuity? How can we make sure that the business is actually going to be able to continue to supply its customers? What happens if we lose the supplier? 

So all the risk elements of it come back again, but you start a broader view of it. And that, I think, will be a good thing. I’m concerned about the preponderance of standards so specialist, very specialist standards. And if you look at the list of standards that originally started out with ISO 9001 and developed from that, there’s got to be about 50 standards now.

And my concern is that in SMEs, which is the market that I tend to concentrate on, it’s becoming a burden, it’s becoming a distress purchase. So it’s something you’ve got to have if you want to do business, you got to have this. So I feel from that point of view, we’re going back to the people will just start to look at it as, right, I’ve got to do this, I got to do this, I got to do this, I got to do this. Let’s do the minimum. Let’s not worry about getting anything out of it. It becomes an overhead. It becomes something that isn’t adding value to the business. The auditors get bored with it. They just go into tick-box mode, and nobody gets any value of what’s going on.

And [it’s] not actually achieving anything other than essentially being almost a subscription process and being something more akin to the accreditation sector in the construction industry, where you just feed them your policies, you feed them your answers to questions, and you get a tick in the box. And that’s a concern that could develop further as we get further and further into more and more standards and the costs of the increase for the client.

And I’m a big fan of integrated standards. So if you have to have the basic standards of [ISO] 9000, [ISO] 14000, [ISO] 45000, [ISO] 27000, why not have them all as just a single system, it’s just managing different metrics?

You’re managing different aspects of the business, but all those aspects of the business are intertwined anyway, and if one of them goes wrong in one place, it’s going to have knock-on effects in the rest of it. So if you have a problem in information security, that’s going to have a problem for your commercial side of the business, certainly if you have an environmental problem that’s got an implication for your commercial side of the business. The more integrated we can get, the better it will be. 

I’m a big fan of a standard called ISO 20121, which was the first ever of the Annex SL standards in 2013. And that is all about sustainability, but it’s only linked to the event industry. But within that, you’re looking at your corporate social responsibility, your socioeconomic impacts, your environmental impacts, your client satisfaction, how you actually manage the quality of what you’re doing, how you manage the experience from your customers, how you deal with stakeholders, and they used to have the term stakeholders, but they changed it to interested parties because people were confused between the difference between a stakeholder and a shareholder.

But it’s a good model for how a holistic standard could be, and I’m quite excited to see the new version of it, which I believe is coming down the track in the next couple of years. But that’s a good model for all the standards, in my view. And if people could take that integrated approach, you know what they’re doing, then I think that would be a great benefit to businesses around the country.

How do you think AI is going to affect the consulting industry?

AI is a marvellous tool, I must admit. I use chat GPT myself, it’s not perfect by a long shot, but it gives you a start. I was with a client yesterday who didn’t know where to start with writing an aviation security policy. So you type into Chat GPT, give me an example of a standardised aviation security policy and it comes back with about 1500 words. Now, it might be gobbledygook. But if you read into it, at least it’s given you a framework on which to start and it’s given you the ideas and the stimulation to be able to go from there. So from that point of view, I think AI is valuable.

It’s a great launch pad and I had to laugh helping a client prepare a tender document and it was for a group of schools in an academy trust, and it was to provide signage in the schools. So it wasn’t an enormous project, it wasn’t an enormous amount of money that was going to be spent maybe a few tens of thousands over a three year period. So one of the questions in the tender document was what you’re going to do to help the student experience and what can you do to enhance the well being of the students within school or within the schools? So I typed this into Chat GPT and he said, first we’ll build a gymnasium, then we’ll build a swimming pool, then we’ll build a large library. So it’s got the right idea, but it doesn’t really understand the context. From that point of view, [it’s] a useful tool, but needs some dealing with. 

I’m more concerned that AI is going to take the place of the people who support the clients. The people who support the clients are obviously the consultants, also the Cert Bodies and the auditors. And my concern is that coupled with what we were saying earlier about this surface treatment of the standards and the approach of the standards. I’m worried that as people become more and more facile in what they’re looking at, the options for automating the audit process become greater.

When the options for automating the audit process become greater, it’s natural for AI to do it. And indeed, one of the construction accreditation businesses, Construction Line, as you type your answers into the questionnaire on the portal now it comes back and says, AI is processing your answer. That is a major concern that we will lose the human touch. We’ll lose the understanding of what people are trying to do. 

I know from having tried to deal with Construction Line, with businesses that don’t fall into the standard model of I’m a builder, I build things. But are people who provide ancillary services such as architecture or building consultancy? No, they don’t have site welfare facilities. So AI says, I’m sorry, that’s wrong, you’ve got to have them. But they don’t and that’s my concern, that we’ll end up with something that is just very sterile, doesn’t do anything for anybody, but gives you a badge on the wall at the end of the day. So we need to look more, as I said, at integrating standards, taking a holistic approach and looking at the factors that influence everything we do rather than just as straight hard facts.

The thing was, I worked with a CB (Certification Body) as a consultant to them in the mid-90s and they conducted various customer research and they found that the client companies that gained their certification purely because it was a requirement that their customer didn’t have the same degree of satisfaction as those people who gained a certification because they wanted to do something better for their business. 

And in fact, the degree or the number of people who were doing it as a distress purchase because they had to have it was something in the region of 85%, and the level of satisfaction amongst that was something like 15%. Whereas the people who wanted to actually achieve it, their level of satisfaction with the standards in their later iterations was enormous because it was given tools to look at their business, to analyse their business and make them think about it. But they probably got nonconformances because they were thinking about their business as opposed to just ticking the boxes.

So I do get a bit annoyed when people just concentrate on the legislative aspects or the controls, or the operational controls and things and don’t actually look at what the meaning and what the purpose of the standard is and what the meaning and the purpose of what people are trying to do with their systems is. So that’s what worries me, that AI will take people down the first route of just being facile and being just a stamp.

And indeed, speaking to one of the big CB’s, they’re now starting to use AI to probe into standards, to actually find where the answers lie within a standard, because some of the standards are 200 pages long, so they’re looking for how to interpret them. But using AI to do that, I’m not sure how good it’s going to be. It may be excellent at finding out things because it is just essentially a very clever search engine. So from that point of view, it may be a useful tool. I honestly don’t know. But the jury is out at the moment. I want to be in the industry for at least another 15 years. I’m going to continue to rail against the machine.

Remote Auditing and Consulting

Watch on Youtube

Listen to the Podcast

Jessica Inglis
Jessica Inglis
Articles: 35