Juggling Multiple Standards, Audits and Multiple Risk Assessments: Too Many Standards? Reduce Complexity and Save Money! Integrated Management Systems Integrated Management Systems – Risk Mitigation Approach Chad Kymal CTO and Founder, Omnex Inc. Table of Contents • Current Business Environment for Standards • Multiple Management Standards – Integration and Standardization • Planning, Performing and Managing Audits – Multi-Site • Integrated Risk Management Enterprise Risk Assessment • Conclusions
27
Embed
Chad Kymal CTO and Founder, Omnex Inc.– Many Audit Programs – ISO 9001, ISO 14001, OHSAS 18001, Safety Audits, SOX Audits – Different Audit Types – Syy, ,stem, Process, and
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Juggling Multiple Standards, Audits and Multiple Risk Assessments:
Too Many Standards? Reduce Complexity and Save Money!
Integrated Management SystemsIntegrated Management Systems – Risk Mitigation Approach
Chad KymalyCTO and Founder, Omnex Inc.
Table of Contents
• Current Business Environment for Standards
• Multiple Management Standards – Integration and Standardization
• Planning, Performing and Managing Audits –Multi-Site
4. Review performed in order to operate the business
I really don’t have time for this! Do I need this??
Copyright 2009 Omnex. All Rights Reserved.10
Do I need this??
Lack of Integration – Duplication of ProcessesProcesses
Confusion for the Engineerg
• When designing a product:St d lit d f FMEA d C t l– Study quality procedure for FMEA and ControlPlan
– Study EMS planning procedure for aspects andStudy EMS planning procedure for aspects andimpacts
– Study OH&S planning procedure for health andf t i ksafety risks
I don’t do QMS, EMS or OHSAS; I just do my job!
Copyright 2009 Omnex. All Rights Reserved.11
Why am I doing Risk Analysis multiple times?
Lack of Integration and Standardization in ProcessesProcesses
Integration and Standardization CombinedCombined
13
Omnex Integration Methodologyg gy
• 80% of ISO 9001 integrates with ISO 14001 / OHSAS 18001
• Over 90% of ISO 14001 and OHSAS 18001 can be integrated
Process / System ISO 9001 (and other ISO 9001-based standards)
ISO 14001
Planning Use Business Planning and Policy Deployment Process
Integrate
Document Control Document Control Process Use the Same Process as ISO 9001 With Some Change
Operational Controls Work Instructions on the Plant Floor Integrate the EMS Controls into the ISO 9001 Work Instructions
Internal Audit Internal Audit Process Use the Same Process With Different Checklist
Nonconforming Nonconforming Process for Quality Rejects Document a Similar but Different Process forNonconforming Nonconforming Process for Quality Rejects Document a Similar but Different Process for Environmental Nonconformities
Corrective and Preventive Corrective and Preventive Action Process for Quality Problems
Use the Same Process as ISO 9001 for Environmental Problems
Management Review Business Review Process Use the Same Process as ISO 9001
Copyright 2009 Omnex. All Rights Reserved.14
Implementing Integrated Management Systems DocumentationSystems Documentation
• Manage integration – including documents from other it /l l t i l lsites/levels to any given level
Copyright 2009 Omnex. All Rights Reserved.15
Implementing Integrated Management Systems DocumentationSystems Documentation
Copyright 2009 Omnex. All Rights Reserved.16
Implementing Integrated Management Systems DocumentationSystems Documentation
Copyright 2009 Omnex. All Rights Reserved.17
Lack of Integration – Increased Cost to Implement and Maintainto Implement and Maintain
• Duplication of Documents– Multiple teams/personnel work on the same or similar
documents and Risk Analysis• For example: management review, document control, training
and risk analysis
• More Costly to Maintain– It is costly for an organization to conduct four managementIt is costly for an organization to conduct four management
reviews or to have three document control procedures or three risk analysis processes
We estimate that implementation costs reduce by half when they are integrated
The biggest savings are actually seen in the elimination of maintaining duplicate processes – three separate processes integrated into a single
Copyright 2009 Omnex. All Rights Reserved.18
duplicate processes three separate processes integrated into a single process will see a 60% reduction in maintenance costs
Planning, Performing and Managing Audits – Multi-Site
Enterprise-Wide
Conducting Integrated Auditsg g
• Current Auditing Environment– Many Audit Programs – ISO 9001, ISO 14001, OHSAS
18001, Safety Audits, SOX Audits
– Different Audit Types – System, Process, and Product Auditsyp y , ,• Different Forms, Checklists and Audit Reports for each Audit
• Risk Analysis and Reduction is built into each d d d i h h f ISO 14001 dstandard, and is at the heart of ISO 14001 and
OHSAS 18001– Although ISO 9001 does not directly require a risk analysis, g y q y ,
it reduces risks by exception by requiring known practices
– Other QMS standards such as ISO/TS 16949 and AS9100 require that organizations assess both design and q g gmanufacturing risks using DFMEA and PFMEA tools
Copyright 2009 Omnex. All Rights Reserved.34
Lack of Integration and Standardization of Risk AnalysisStandardization of Risk Analysis
• Duplicate Risk Analysis of the same process p y pis conducted for Quality, Environmental and Safety/Health by different teams
• The same risk analysis is duplicated by multiple plants in the same Enterprisemultiple plants in the same Enterprise
Cost to conduct Risk Analysis is multiplied between multiple standards and different Entities of the same plantsmultiple standards and different Entities of the same plants
The risk number is not comparable across standards and
Copyright 2009 Omnex. All Rights Reserved.35
Entities
Integration of Risk Analysisg y
• Integrated Risk Analysis benefits from the use of the same tool – i.e., FMEA for risk analysis
• The FMEA prioritizes risks based on Severity x Occurrence x DetectionSeverity x Occurrence x Detection
• The FMEA tool starts with the Process or Operational Step and assesses different factors of the same process – i.e., Quality, Environmental and Safety and Health Risks
• The same “team” can use the same “tool” and the• The same team can use the same tool and the same “thought process” to discern the Q, E, and S&H Risks
Copyright 2009 Omnex. All Rights Reserved.36
Benefit of Integrated Risk Analysisg y
• The benefits come when Risk is understood and assessed using th P Fl d FMEAthe Process Flow and FMEA– When the same process flow is used by the same team, it becomes
clear that there is nothing extraordinary about Risk Analysis; it is the studying of the same process for a different factor or businessthe studying of the same process for a different factor or business risk
• There is more consistency in understanding, rating and evaluating risk when the format is standardized and the ratingsevaluating risk when the format is standardized and the ratings are made consistent
• Since the whole exercise was conducted to arrive at a risk number, the VALUE of using the FMEA and Standardizednumber, the VALUE of using the FMEA and Standardized Rating table is immense– Suddenly, the numbers can be compared between Q, E, and H&S
risks in one plant p
Copyright 2009 Omnex. All Rights Reserved.37
Consistency Between PlantsConsistency Between Plants
• Typically, organizations have similarTypically, organizations have similar processes– For example, all our plants have a Molding
process and Laboratory
How have we rated risk between plants?
Were we consistent in rating common manufacturing
processes?
Copyright 2009 Omnex. All Rights Reserved.38
Standardizing Risk by Process FamiliesFamilies
• Once we understand that there are “Global Process” types in the company, we can conduct risk analysis for a “Process Type” and then use this risk assessment as the basis for other similar processes worldwide
• Organizations can use this as a starting point and if there is any disagreement on the risk rating, they can discuss it with the “Global Champion”
Copyright 2009 Omnex. All Rights Reserved.39
Using Software for Integration and Standardization of Risk
AQuA Pro Software
Integration and Standardizationg
Copyright 2009 Omnex. All Rights Reserved.41
Integration and Standardizationg
Copyright 2009 Omnex. All Rights Reserved.42
Integration and Standardizationg
43
Integration and Standardizationg
Copyright 2009 Omnex. All Rights Reserved.44
Integration and Standardizationg
Capabilitiesp
• Global Processes and Tables
• Process FamiliesProcess Families– Sub family inheriting the family (parent) process is
able to change the parent process without ff ti th taffecting the parent
– New process development focuses on what is being changed not redeveloping what is knownbeing changed not redeveloping what is known
Copyright 2009 Omnex. All Rights Reserved.45
Why Integrated Risk Assessment?y g
• The value of implementing ISO 9001, ISO 14001 and OHSAS 18001 is to manage risk in organizations
• Companies worldwide are implementing these standards many times using different methodologiesstandards, many times, using different methodologies and tools even within the same company– Often times the Severity, Occurrence and Detection tables
t t d di d d i t tlare not standardized or used consistently
• Risk numbers and priorities are meaningful in organizations (across entities) only if the g ( ) ytool/methodology is standardized and Severity, Occurrence and Detection tables are standardized
Copyright 2009 Omnex. All Rights Reserved.46
Why Integrated Risk Assessment? (cont’d)(cont’d)
• Efficient risk analysis and standardization of yrisk assessment takes place when an entire organization uses the same methodology
• Furthermore, techniques of risk assessment such as Family of Processes (called Global P F ili ) d P d t F ili h lProcess Families) and Product Families help organizations save time by transferring knowledge between entities of an enterpriseknowledge between entities of an enterprise– Integration and Standardization of Risk is what
can be coined as Enterprise Risk Assessment
Copyright 2009 Omnex. All Rights Reserved.47
Lack of Integrationg
• Causes Confusion
• Increases Cost to Implement and Maintain
• Increases Costs overall for managing standards, audits, and risk management
Do We Agree?
So What Do We Do To Integrate?Copyright 2009 Omnex. All Rights Reserved.48
Conclusions – Why?y
• Integrated Management Systems, Integrated Audits and Risk Analysis are inevitable
• Integrated Management Systems, Integrated Audits and Risk Analysis save moneyand Risk Analysis save money– Reduces confusion and duplication of efforts
– Reduces implementation costs by 50%, reduces i t t b 60%maintenance costs by 60%
– Reduces internal and external auditing costs by 25%
– Reduces Risk Analysis for QMS, EMS, and OHSAS by over 50%
• Using Enterprise Software Integrated Management Systems and Risk Analysis is made easySystems and Risk Analysis is made easy
Copyright 2009 Omnex. All Rights Reserved.49
For More Information on …
• Integrated Management Systems– Webinar: Managing Documents in the Global Environment of
the 21st Century
– Webinar: Juggling Multiple Standards – Integration, gg g p g ,Standardization and Linkages
• Enterprise Audit ManagementWebinar: Save Time and Money Through Enterprise Audit– Webinar: Save Time and Money Through Enterprise Audit Management