This article considers the structure of management system standards and suggests that many standards are in fact variations on a general common management model. Organisations that embrace different standards will find commonality between them that means they can reuse a single implementation team to implement and support each standard, saving time, money and ensuring consistent levels of quality across each implementation project.

It seems that hardly a week goes by without a new management standard being issued. They are everywhere - standards for security, quality, environmental management, business continuity, project management, and even a standard for standard management.

Some of the more common standards that businesses address today include:

• ISO9001 - quality management systems;
• ISO27001 - information security management systems;
• ISO14000 - standards for environmental management;
• IIP - Investors in People, for HR management;
• EFQM - European Framework for Quality Management, a quality management system; and
• CMMI - capability maturity model integration, for various topic areas such as development, services, product, and acquisition.
  

Tackled individually, these standards are quite substantial. There is a management system to put in place for the particular area that the standard is supposed to address. Each system has its own vocabulary. New roles are required. Processes are supposed to be followed. And there is a whole area of certification, inspection and audit.

The interesting thing is when you compare management systems side by side. Patterns begins to emerge. And with patterns there is commonality, reducing the extent to which each framework requires new skills or organisational roles.

So what features do management frameworks have in common?

• Processes - frameworks require work to be performed in a consistent and repeatable way. This is only possible if these processes are documented to some degree and are used and complied with.
• Accountability - for the use and effectiveness of the management system itself, and for each of the processes it introduces.
• Continuous improvement - each has a variation on the well-known plan-do-check-act (PDCA) management framework, a management control cycle that provides for control over process execution, the detection of issues or problems, and their correction through a feed-back loop.
• Scope - each asks for the scope of the management system to be carefully defined, increasingly requiring the scope to include the whole business rather than an isolated part of the business service.
• Assessment- the requirement to assess the business and identify the area where the management framework can have the greatest impact on the measures the management framework is interested in. Based on this assessment, the management framework is asked to put greatest effort into those areas of greatest return, while not forgetting to have a complete system in place. So, for example, ISO27001 requires an information asset risk assessment to take place and mitigation to be put in place to address risks appropriate to the likelihood and impact of each risk.
• Certification - each standard allows organisations to be certified as compliant with the standard. This requires the creation of certification bodies that can assess compliance and an industry around certification and implementation services.
• Audit- standards require audit to ensure continued compliance. Audit in the modern sense is intended to be used in suport of continuous learning by identifying areas of non-compliance, and identfying management system failures that encourage this non-compliance so that the system can be improved, making it more difficult to be non-compliant.
• Training - in the processes, accountabilities and techniques used. 
• Measurement - defining system and process metrics and measuring them on a routine basis; often translating into establishing a scorecard to present these metrics in a digestible and actionable way.
  

As many frameworks share the above points in common a single team in an organisation could be responsible for liaison with certification bodies, internal audit for compliance, measurement, and for documentation and training of processes. It also means that projects to implement these standards can be run by the same team, and careful use of a certification body, e.g. by doing a readiness assessment, will help determine which areas of the management system the certification body considers important to implement first.