Lesson 10 of 12
What Is Management Review
4 min
The safety manager at a food facility in Damascus works tirelessly: weekly inspections run on schedule, corrective actions get closed out, training happens on time. And yet her request to hire an additional safety technician has been sitting in an inbox for four months, and the general manager only hears about safety when an incident happens.
The system runs from the bottom up, while decisions are made at the top — and between the two there's a disconnect. That exact disconnect is what Management Review closes: a mechanism the standard mandates (clause 9.3) where top management sits down periodically in front of the system's full performance and walks away with decisions and resources.
It isn't an optional meeting or a ceremonial presentation: it's a documented evaluation with defined inputs and defined outputs, and the external auditor will ask for its minutes by name.
Why Top Management, Specifically
Because the most consequential safety decisions aren't technical — they're managerial: budget, hiring, halting a production line, revising a target. The safety manager can diagnose the gap precisely, but she doesn't hold the cure if the cure is resources. The standard recognizes this, and makes the review the responsibility of top management itself — specialists may prepare the material, but it cannot be delegated to someone who doesn't hold the decision. The general manager's presence isn't ceremonial: he's the one who will sign off on the outputs and be held accountable for them.
As for frequency, the facility decides: semi-annual is common and comfortable, annual is the practical minimum. More important than frequency is consistency — a review rushed together a week before the external audit gives itself away by the date on its minutes.
An Agenda With Inputs That Aren't Improvised
Back to the food facility, now that it has gotten its act together. The semi-annual July review arrives at the table with a file prepared in advance:
- Audit results: the latest internal audit turned up three nonconformities, one of them in storage temperature control — alongside findings from the last external audit.
- Status of corrective actions: nine actions opened since the previous review; six closed, three still open, two of those past their due date.
- KPI trends: the recorded incident rate dropped from 4.2 to 3.1 per hundred thousand work-hours — but the average corrective-action closure time is 41 days against a target of 30.
- Objective achievement: the goal of training every new hire within their first week was met at a rate of 87%.
- Changes in context: a new packaging line is going in this September — new hazards awaiting assessment and resources.
- Voice of the floor: results of worker consultation and reports, plus proposed improvement opportunities.
These inputs aren't our own judgment call — the standard names them one by one, and minutes missing any of them are incomplete. And notice what characterizes the whole file: numbers and trends, not impressions.
The Outputs: Decisions That Get Executed, Not Minutes That Get Filed
A meeting that changes nothing isn't a management review. In our example, the review produced four documented decisions: approval to hire the additional safety technician — the request that had sat for four months got resolved in an hour because the numbers were on the table; an assignment to assess the packaging line's hazards before installation, not after; a monthly review of corrective-action closure time until it comes back under the 30-day target; and an update to the onboarding program for new hires to close the 87% gap.
Every decision has an owner and a due date, and the next review's minutes open by holding these decisions to account: what got done? What stalled, and why? This is how the review becomes the Act step for the entire facility within the PDCA cycle — not an isolated stop along the way.
The minutes document the chain carefully: the inputs presented, the substantive discussion, and the decisions with their owners and due dates. The external auditor will read two consecutive sets of minutes looking for one thing: were the first review's decisions carried out before the second? If the same decisions keep reappearing from one review to the next, he'll know the review is a ritual, not a tool.
Common Mistakes
- The ceremonial presentation: polished slides, mutual compliments, and minutes without a single decision. The external auditor reads the outputs before the inputs — find no decisions, and he finds no review.
- Management in absentia: the safety manager meets with his own team and calls it a management review. With no decision-holder in the room, there are no resources — and with no resources, no improvement.
- Impressionistic inputs: "things are generally fine" instead of numbers and trends — which produces equally impressionistic decisions, impossible to measure the impact of at the next review.
In goiso
Review material accumulates on the platform throughout the period, so there's no late-night prep before the meeting: the KPI board shows trends from periodic snapshots along with their thresholds — take it as a ready-made input as is, see How do I read the KPI board and How do I set KPI thresholds. The corrective-action board gives you CAPA status live: open, overdue, and closed. And the readiness loop on the compliance surface sums up clause status in a single view the general manager can grasp in a second — green, amber, and red.
Summary
- Management Review is a periodic evaluation that top management conducts itself — the standard requires it, and it cannot be delegated.
- Its inputs are named specifically: audit results, corrective-action status, KPI trends, objectives, changes in context.
- Its outputs are documented decisions and resources with an owner and a due date, held to account at the next review.
- Consistency matters more than polish: a sober semi-annual review beats a lavish annual conference.
Your system now audits itself and its leadership reviews it — what remains is for the verdict to come from outside. Next: How do you prepare for an external audit.