Operations Consulting Overview - RSM India publication

Astute Consulting

OPERATIONS CONSULTING- AN OVERVIEW

Astute Consulting


OPERATIONS CONSULTING - AN OVERVIEW

Partnering

Always. For Your Success...

Indian member of RSM International

International delivery capabilities

Audit, Tax, Consulting and OutsourcingServices

Multi-disciplinary team

RSM International in India

Members include

Suresh Surana & AssociatesLemon Consulting

Nation-wide presence in 10 cities

Personnel strength of over 750

Astute Consulting

RSM International

Founded by RSM McGladrey, the 5thlargest accounting and consulting

group in the USA (next only to the Big 4)

World's 7th largest accounting andbusiness advisory organisation

Annual revenue of US$ 3.06 billion

662 offices across 64 countries

PREFACE


Astute Consulting

BACKGROUND

Operations Consulting represents a bouquet of service offerings that impacts every link in the value chain of an organization. Factors that have created the need for this range of services include increased competition, complex and dynamic operating environment and technological advancements.

We believe that Organizations have the potential to gain unprecedented performance from each link in the value chain and it is our endeavour to help our clients achieve this through the following:

•Assisting organizations achieve higher levels of productivity from their core assets, their business processes and their strategic relationships.

•Helping clients gain a distinct and durable competitive advantage.

•Seeing it through every phase of implementation.

Astute can be your ideal service provider in the area of Operations Consulting, due to:

•Access to global best practices due to our membership of RSM International (the seventh largest accounting and consulting group worldwide with annual revenue of US$ 3.06 billion)

•Availability of highly qualified, experienced & skilled staff – We have professionals from varied backgrounds viz. Chartered Accountants, Cost Accountants, MBAs, Engineers etc. this enables us to address a variety of issues from different perspectives

•Exposure to various industries – Engineering, Gem & Jewellery, Hospitality, Entertainment, Financial Services, Retail etc.

•Emphasis on a “Solution Oriented” approach

•Ability to service your multi-geographic locations in India due to Astute Consulting Group's presence in 10 cities across India

As always, Astute is committed to incorporating the latest techniques and highest skills in our service offerings. We are sure that many of the service offerings listed in this publication will be of interest to your organization. Our representatives will be

Astute Consulting

pleased to meet you in person and provide you with assistance in identifying areas that need attention.

We trust that you will find this publication of interest to your organization and look forward to a mutually beneficial relationship.

In this circular compiled by us, we intend to offer a broad outline of various operations consulting services provided by us.

This circular should not be relied upon for taking actions or decisions without appropriate professional advice as the facts of each case have to be studied and the legal position analyzed properly before taking any action or decision in the matter. We have taken all care and effort to ensure that the information provided herein is correct and upto date. However, we take no responsibility for any inaccuracy or omission that might have occurred in this Circular. This note is for private circulation only. No part of this note may be reproduced or transmitted in any form or by any means without our written permission.

SCOPE AND LIMITATION


Astute Consulting


CONTENTS

1 Certification to Various International Standards 1

1.1 ISO 9001:2008 - Quality Management System 1

1.2 ISO 14001:2005 - Environment Management System 3

1.3 OHSAS 18001:2007 - Occupational Health AndSafety Assessment Series 4

1.4 SA 8000:2008 - Social Accountability 6

1.5 ISO 27001:2005 - Information SecurityManagement System 9

2 Compliance / Certification toCertain Industry Specific Standards 12

2.1 BPP Best Practice Principles for Sightholdersof Diamond Trading Company 12

2.2 BEM Business Excellence ModelApplicable to select Diamantaires of Rio Tinto Diamonds 13

2.3 Healthcare Industry Specific Standard ( NABH) 14

2.4 TS 16949:2002 Standard for Automotive Industry 16

2.5 ISO 22000:2005 Standard forFood Safety Management System 17

3 Process / Performance Improvement 19

3.1 Six Sigma 19

3.2 Diagnostic Studies leading to Business Improvement 21

3.3 Cost Optimization Materials / Manpower /Establishment & Administrative 23

4 Enterprise Risk Management andInternal Control Framework 24

5 Documentation of Systems, Procedures, SOPs. 26

About Astute Consulting Group 27

ChapterNo.

Topic PageNo.


1.1 Certification to ISO 9001:2008 Standard for Quality Management System

1.1.1 What is ISO 9001:2008?

1.1.2 How to achieve certification to ISO 9001:2008?

ISO stands for International Organization for Standardization. This organization with its Head Quarters in Geneva has representatives from more than 140 countries and is involved in developing standards that are accepted internationally.

ISO 9001:2008 is one such standard developed by ISO and this standard addresses Quality Management System (QMS). QMS refers to managing the processes within the organization that affect quality so that customer requirements are fully taken care of. This standard is applicable to any organization irrespective of the nature of product or service provided. Thus, the standard has been successfully implemented in Manufacturing, Service, Software, Hardware and other industry segments.

The main focus of this standard is to achieve high level of customer satisfaction and ensure continual improvement in all internal processes.

Every organization desirous of achieving certification to ISO 9001:2008 must go through the following steps:

•Obtain management commitment and appoint a “Management Representative” to coordinate all activities

•Identify the processes within the organization that affect the quality of the product / service provided by the organization

•Document the processes and train personnel to implement these processes

•Set functional objectives and create system for measurement and monitoring

CHAPTER 1: CERTIFICATION TO VARIOUSINTERNATIONAL STANDARDS

1

Astute Consulting


•Conduct internal audit to check effectiveness of the implemented system

•Review by the Senior Management of the organization to check adequacy and effectiveness of the Quality Management System

•Conduct third party assessment by a professional certification body and Obtain certification of the QMS to the ISO 9001:2008 standard

•Maintain the system with necessary changes from time to time and work for Continual Improvement of the system

•Get periodic surveillance audits conducted by the certification body

The certificate has a validity of 3 years and has to be renewed thereafter.

This standard is applicable to all organizations irrespective of their size, manpower strength and the nature of product or service provided by the organization to its customers. Thus, any organization that desires to improve its process orientation and demonstrate its commitment to quality should go in for this certification. Obtaining certification to this standard is considered as a basic step in setting up sound systems and paves the way for adopting additional initiatives in the realm of Total Quality Management.

There are essentially two significant advantages of this certification:

Marketing Tool – Customers trust ISO 9001 certified organizations more than those that are not certified. Thus the certification enhances the organization's image in the eyes of its customers. In certain situations, customers demand that the organizations must be certified to this standard in order to qualify for doing business with them.

Improved Internal Controls – An organization that follows the requirements of the ISO 9001 standard will have well defined processes and sound internal control systems. Obtaining third party certification ensures rigorous implementation of the systems and helps to achieve stable and effective process orientation.

1.1.3 Which organizations can apply for certification to ISO 9001:2008?

1.1.4 Benefits of obtaining certification to ISO 9001:2008

2

Astute Consulting


3

Astute Consulting

1.2 Certification to ISO 14001:2005 Standard for Environment Management System

1.2.1 What is ISO 14001:2005?


ISO stands for International Organization for Standardization. This organization with its Head Quarters in Geneva has representatives from more than 140 countries and is involved in developing standards that are accepted internationally.

ISO 14001:2005 is one such standard developed by ISO and this standard addresses Environment Management System (EMS). EMS refers to managing the processes within the organization that affect the Environment so that adverse impacts to the environment are minimized. Running industries in an eco-friendly manner is no more an option but a pre-requisite for their existence.


•Obtain management commitment and appoint a “Management Representative” to coordinate all activities

•Identify the processes within the organization that have an impact on the environment

•Document the aspects and their impacts on the environment

•Identify projects that will reduce the impact on the environment and set measurable targets to be achieved with well defined time frame

•Conduct internal audit to check effectiveness of the implementation of the identified projects

•Review by the Senior Management of the organization to check adequacy and effectiveness of the Environment Management System

•Conduct third party assessment by a professional certification body and Obtain certification of the EMS to the ISO 14001:2005 standard



4

Astute Consulting


Validity of ISO 14001 : 2005 certificate is for a period of 3 years and needs to be renewed thereafter.

This standard is applicable to all organizations irrespective of their size, manpower strength and the nature of product or service provided by the organization to its customers. Thus, any organization that desires to ensure environment friendly processes within the organization and demonstrate its commitment to a clean environment should go in for this certification.

Fulfilling requirements of the ISO 14001:2005 standard helps an organization to reduce the impact on environment of its operations as well as it helps in controlling depletion of natural resources. The certification enhances the organization's image in the eyes of knowledgeable and demanding customers.

OHSAS 18001:2007 addresses Occupational Health & Safety Management in organizations. This standard helps in managing occupational health and safety impact of organizations' operations. By adopting this standard, organizations can eliminate or minimise risk to its employees and other interested parties who may be exposed to OH&S risks associated with its activities Occupational Health & Safety is being well recognized as an Integral Part of the Company's Business and any neglect at any stage from concept stage to design, Erection, Testing, Commissioning, and Operation & Maintenance of Plant can result in Disaster in the shape of Human Loss and Sufferings. The management system does not target the product or service safety, but the safety of employees, temporary employees, contractors, visitors, and other personnel. This systems is applicable to service organizations as well. Especially to those organizations where there is high stress level/work pressure (e.g. software/BPO due to working hours) or the


1.2.4 Benefits

1.3 Certification to OHSAS 18001:2007 Standard for Occupational Health and Safety Assessment Series

1.3.1 What is OHSAS 18001:2007?


5

Astute Consulting

organizations which are exposed to the treat of being an easy target of any kind of disaster, be it man made or natural (like malls, shopping complexes etc.) due to number of people operating in the physical boundary limit of the organization.

OHSAS 18001 has been designed to be compatible with ISO 9001 and ISO 14001 to help your organization meet their health and safety obligations in an efficient manner. Every organization desirous of achieving certification to OHSAS 18001:2007 must go through the following steps:

•Assemble a team and define your strategy - The adoption of a management system needs to be the strategic decision of the whole organization. It is vital that your senior management is involved in the creation process. They decide the business strategy that an efficient management system should support. In addition, you need a dedicated team to develop and implement your management system. Obtain management commitment and appoint a “Management Representative” to coordinate all activities

•Identify hazards and assess risks in your work environment and develop methods to eliminate hazards and risks. Document the processes related to risk management.

•Implement measures to evaluate further improvement and strengthen your organization's ability to meet strategic objectives.

•Conduct internal audit to check effectiveness of the implementation of the system

•Review by the Senior Management of the organization to check adequacy and effectiveness of the Management System

•Conduct third party assessment by a professional certification body and Obtain certification to OHSAS 18001:2007



Validity of OHSAS 18001:2007 certificate is for a period of 3 years and needs to be renewed thereafter.

1.3.2 How to achieve certification to OHSAS 18001:2007?


6

Astute Consulting

1.3.3 Which organizations can apply for certification to OHSAS 18001:2007?

1.3.4 Benefits

1.4 Certification to SA 8000 Standard for Social Accountability

1.4.1 What is SA 8000?

OHSAS 18001 can be adopted by any organization wishing to implement formal systems and procedures to reduce the risks associated with health and safety in the working environment for employees, customers and the general public.

Occupational Health and Safety Management System

With a systematic and effective OHSMS, you will reduce:

•The number of personnel injuries through prevention and control of workplace hazards.

•The risk of major accidents occurring.

•The material loss caused by accidents and production interruptions.

•The insurance costs as well as costs due to absence of employees.

Your work to safeguard employees will give you a more enthusiastic workforce. But it also proves to your customers that you are working actively to ensure that your operations are safe not only for your employees but also the surrounding environment.

SA 8000 is a standard that covers labour rights and workplace conditions in factories. The standard was created by Social Accountability International (SAI) that was founded in 1997 and brings together business and stakeholders to develop and implement social accountability systems.

Ensuring fair treatment of employees in today's complex business environment is an important requirement and numerous stakeholders -- suppliers, manufacturers, buying agents, contractors and subcontractors --

An (OHSMS) promotes a safe and healthy working environment by providing a framework that allows your organization to consistently identify and control its health and safety risks, reduce the potential for accidents, aid legislative compliance and improve overall performance.


7

Astute Consulting

share the responsibility of safeguarding worker rights.

The Social Accountability Requirements includes nine subsections that cover such topics as child labor, forced labor, health and safety, freedom of association and right to collective bargaining, discrimination, disciplinary practices, working hours, compensation and management systems.

The following steps must be adopted by organizations for obtaining the certification:•Learn What SA8000 Requires - Familiarize yourself with the SA8000

Standard and Certification system by reviewing the SA8000 Standard and Guidance Documents.

•Seek SA8000 Applicant Status - You should apply for SA8000 Applicant status by requesting an application form from an accredited certification auditing body. Submit the application with supporting documentation showing that your facility complies with relevant national and local regulations, assessing your facility against the SA8000 standard and making the commitment to apply for a certification audit within one year by placing a non-refundable deposit for auditing fees. Applicant status is an important signal to buyers and others that a facility is committed to pursuing SA8000 certification in a timely fashion. Buyers that have committed to implementing SA8000 through the SA8000 Corporate Involvement Program (CIP) must give preference to suppliers who are SA8000 Applicants. CIP companies must also report publicly of the number of suppliers who have achieved Applicant status and goals for the near future.

•Initial Assessment - Once you have completed your internal assessment of compliance to SA8000 and made any changes to conditions, policies and management systems required by the standard, you can arrange for an assessment audit (also known as a "pre-audit" by one of the accredited auditing firms).

•Certification Audit and Surveillance Audits - You have made the changes identified by the pre-audit. Now, contact your Certification Auditor to make arrangements for a full certification audit. This will include scheduling the timing of the audit, the amount of auditor time needed to conduct the audit and the fee for the audit. A specially

1.4.2 How to achieve certification to SA8000 ?


8

Astute Consulting

trained local audit team will be assigned to your business. The team should know applicable local laws, local NGOs will brief them and trade unions and speak the local language(s) of your managers and workers. You will be asked to provide the audit team with access to relevant records as well as the freedom to interview your employees. If any aspect of your operations does not meet what is required by the standard, the audit team will issue a major or minor corrective action request. As part of the certification audit process, you will have the opportunity to address these corrective action requests by taking immediate action or developing a plan for addressing the non-compliance in a brief period. The audit team will review your responses to any corrective action requests and then make a recommendation on whether or not to issue a certificate to their management who will then make a final decision and communicate it to you. An SA8000 certification is good for 3 years. There will be surveillance audits every 6 months or once a year if the certification auditor deems that the facility is performing very well in complying with the standard. Every three years, the facility must undergo a full certification audit to maintain its certification.

Any organization desirous of demonstrating its commitment to employee welfare, decent working conditions and compliance to local and international labour laws should go in for certification to SA 8000. If you are a supplier to any large multinational chain, certification to SA 8000 may be a pre-requisite for doing business with the client. The certification is a way for retailers, brand companies, suppliers and other organizations to maintain just and decent working conditions throughout the supply chain. SA8000 certified facilities are posted on the SAI Web site. Companies that join level two of the SA8000 Corporate Involvement Program (CIP) release annual progress reports verified by SAI.

Along with humane workplaces, the implementation of SA8000 offers more benefits to workers, companies and others:

•Putting company values into action.

1.4.3 Which organizations can apply for certification to SA 8000?

1.4.4 Benefits


9

Astute Consulting

•Enhancing company and brand reputation.

•Improving employee recruitment, retention and performance.

•Better supply chain management and performance.

•Clear and credible assurance for ethical purchasing decisions.

•Identification of products made ethically and companies committed to ethical sourcing.

•Public awareness of companies committed to assuring humane working conditions.

Information is an asset that, like other important business assets, is essential to an organization's business and consequently needs to be suitably protected. This is especially important in the increasingly inter connected business environment. As a result of this increasing inter connectivity, information is now exposed to a growing number and a wider variety of threats and vulnerabilities.

Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities.

ISO 27001:2005 is an international standard that provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security management System (ISMS).


•Obtain management commitment and appoint a person to coordinate all activities related to Information Security

•Establish ISMS policy, objectives, processes and procedures relevant to information security

1.5 Certification to ISO 27001:2005 Standard for Information Security

1.5.1 What is ISO 27001:2005?



10

Astute Consulting

•Identify security requirements carrying out a process of risk assessment and selecting controls to ensure that risks are reduced to an acceptable level

•Implement and operate the system created as above


•Measure process performance against ISMS policy, objectives etc.

•Review by the Senior Management of the organization to check adequacy and effectiveness of the ISMS

•Conduct third party assessment by a professional certification body and Obtain certification of the QMS to the ISO 27001:2005 standard



ISO 27001:2005 is aligned with ISO 9001:2008 and ISO 14001:2004 and one suitably designed system can satisfy the requirements of all these standards.

Validity of ISO 27001:2005 certificate is for a period of 3 years and needs to be renewed thereafter.

Information can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by post or by using electronic means, shown on films or spoken in conversation. Whatever form the information takes, it should always be appropriately protected. Any organization that needs to ensure security of its information should go in for certification to this standard. Typically, organizations involved in processing customer information need this certification to assure their customers about the security of the information provided to them. Besides, organizations can adopt this standard to protect their internal information systems. Thus, organizations from a wide variety of industries have been certified to this standard.



11

Astute Consulting

1.5.4 Benefits

Certification to this standard enables organization to:

üDemonstrate a high, and appropriate, standard of security

üIncrease the ability to manage and survive a disaster

üEstablish mutual trust between networked sites

üEnhance Quality Assurance- ISO 9000,SEI-CMM

üEnable future demands from clients, stockholders and partners to be met

üCompliance / Certification to certain industry specific standards.


2.1 Compliance to Best Practice Principles (BPP) for Sightholders of Diamond Trading Company

2.1.1 What are the Best Practice Principles?

2.1.2 How to achieve compliance to BPP?

The Best Practice Principles (BPP) have been defined by De Beers as a compliance requirement for the sighthoders of the Diamond trading Company. The BPP Assurance Programme is a systematic means of monitoring the compliance of sightholders and their business partners in the diamond industry with the BPPs. It has been developed to provide evidence to pipeline partners, consumers and other interested stakeholders that the exploration, extraction, sorting, cutting and polishing of diamonds, and the manufacture and sale of diamond jewellery by entities that are owned or controlled by the De Beers Group or by Diamond Trading Company sightholders, are undertaken in a professional, ethical and environmentally friendly and accountable way.

The BPP Assurance Programme comprises a management system and set of audit tools, the most important of which is an audit workbook. The information provided by completing the Assurance Programme Audit Workbook (the “BPP Audit Workbook”) measures compliance with the BPPs systematically, in accordance with the BPP Requirements. This programme is based on various international standards such as 9001, 14001, OHSAS 18001 and SA8000.

Sightholders of the Diamond Trading Company are required to go through the following steps in order to achieve compliance to the BPP:

•Document the policies and procedures of the group addressing BPP requirements

•Train personnel to understand and implement the procedures

•Conduct First Party audit to check effectiveness of implementation – Identify Material, Major and Minor Breaches

12

Astute Consulting

CHAPTER 2 : COMPLIANCE / CERTIFICATION TO

CERTAIN INDUSTRY SPECIFIC STANDARDS


•Review by the Senior Management of the breaches and identify corrective action

•Submit BPP Workbook to the verification agency, SGS

•SGS will choose 10% of the entities for physical verification

•Complete verification audit by SGS and submit corrective actions

•Repeat this cycle every year as per the schedule given by De Beers

It is mandatory for all sightholders of Diamond Trading Company to comply with BPP.

The Business Excellence Model (BEM) has been developed by Rio Tinto Diamonds for the Diamond and Jewellery industry based on the various National and International standards such as ISO 9000, ISO 14000, OHSAS 18001, SA8000 etc.

The BEM is applicable to any organization in the diamond and diamond jewellery manufacturers and retailers that wishes to demonstrate its ability to consistently provide a product and / or service that meets customer and applicable regulatory requirements.

Rio Tinto Diamonds awards certificates to those organizations that successfully pass an audit conducted by a third party agency appointed by Rio Tinto.

Entities in the Diamond and Diamond Jewellery manufacturing and retailing business are required to go through the following steps in order to achieve certification to the BEM:

•Document the policies and procedures of the group addressing

2.1.3 Which organizations should comply with BPPs?

2.2 Consultancy for certification to Business Excellence Model (BEM) of Rio Tinto Diamonds

2.2.1 What is the Business Excellence Model?

2.2.2 How to achieve compliance to BEM?

13

Astute Consulting


14

Astute Consulting

BEM requirements

•Train personnel to understand and implement the procedures

•Conduct internal audit to check effectiveness of implementation •Review by the Senior Management of the non conformance and

identify corrective action

•Invite DNV for document review and physical verification - DNV conducts an audit and confirms that the organization complies with BEM requirements

•DNV submits its report to Rio Tinto Diamonds

•Rio Tinto Diamonds issues the certificate based on DNV's report

•BEM Certificate is valid for three years during which surveillance audits are conducted

Any organization in the Diamond and diamond Jewellery manufacture and / or retail can apply to Rio Tinto for obtaining certification to BEM.

National Accreditation Board for Hospitals & Healthcare Providers (NABH) is a constituent board of Quality Council of India (QCI). NABH is set up to establish and operate accreditation program for healthcare organizations. NABH is structured to cater to much desired needs of the consumers and to set benchmarks for progress of health industry. The board has full functioning autonomy and is supported by industry, consumers and government. In December 2005, NABH has drafted Accreditation Standards for the Hospitals & Healthcare industry.

“Standards for Hospital” has been drafted by the Technical committee of NABH and contains complete set of standards for evaluation of hospitals for grant of accreditation. The standard provides a framework for quality assurance and quality improvement for hospitals and focuses on patient safety and quality of care. The standard also calls for continuous monitoring

2.2.3 Which organizations can apply for certification to BEM?

2.3 Accreditation to the NABH Standard for Hospitals and Healthcare Providers

2.3.1 What is the NABH Standard for Hospitals and Healthcare Providers?


15

Astute Consulting

and comprehensive corrective action plan leading to building of quality culture at all levels and across all the functions. The standards are equally applicable to hospitals and nursing homes in the government as well as in the private sector.Accreditation to the NABH standard provides a public recognition of the achievement of standards by a healthcare organization, demonstrated through an independent external peer assessment.

The NABH standard addresses the following issues:

•Access, Assessment and continuity of Care (AAC)

•Patient Rights and Education (PRE)

•Care of Patient (COP)

•Management of Medication (MOM)

•Hospital Infection control (HIC)

•Continuous Quality Improvement (CIQ)

•Responsibility of Management (ROM)

•Facility Management and Safety (FMS)

•Human Resource Management (HRM)

•Information Management System

The steps involved in achieving accreditation to the NABH standard are:

•Understand the NABH Standard

•Carry out Self assessment vis-à-vis standard

•Identify gaps and draw action plan

•Prepare protocols at department level

•Develop policy & procedure documentation

•Implementation of the procedures

•Submit application form for assessment

•Pay accreditation fees

•Pre-assessment audit

2.3.2 How to achieve accreditation to the NABH standard?


16

Astute Consulting

•Take corrective actions

•Accreditation audit

•Receive recommendation - Accreditation

Any organization in the Hospital and Healthcare industry can go in for this accreditation.

ISO/TC 16949:2002 is a standard that is applicable to organizations in the automotive industry. This standard has been based on ISO 9001:2008 and supersedes the QS 9000 standard. This standard was prepared by the International Automotive Task Force (IATF) and Japan Automobile Manufacturers Association (JAMA) with support from ISO/TC 176. The goal of this Technical Specification is the development of a QMS that provides for continual improvement, emphasizing defect prevention and the reduction of variation and waste in the supply chain.

An Organization that has already implemented ISO9001:2008 can upgrade to ISO/TS 16949:2002 by setting up additional documents to include the additional requirements of this standard.

Every organization desirous of achieving certification to this standard must go through the following steps:

•Prepare Quality Manual and other documents required to define the processes

•Set functional objectives and create system for measurement and monitoring


2.3.3 Which organizations can apply for accreditation to NABH Standard?

2.4 Certification to the ISO/TS 16949:2002 standard for Automotive Industry

2.4.1 What is ISO/TS 16949:2002?

2.4.2 How to achieve certification to ISO/TS 16949:2002?


17

Astute Consulting

•Review by the Senior Management of the organization

•Conduct third party assessment and Obtain certification




This standard is applicable to all organizations in the automotive industry.

ISO 22000:2005 specifies requirements for a food safety management system where an organization in the food chain needs to demonstrate its ability to control food safety hazards in order to ensure that food is safe at the time of human consumption. The standard involves the elements of interactive communication, system management, prerequisite programmes and HACCP principles. Communication along the food chain is essential to ensure that all relevant food safety hazards are identified and adequately controlled at each step within the food chain. This implies communication between organizations both upstream and downstream in the food chain. Communication with customers and suppliers about identified hazards and control measures will assist in clarifying customer and supplier requirements. ISO 22000 has been aligned with ISO 9001:2008 in order to enhance the compatibility of the two standards. ISO 22000 can be applied independently of other management system standards or integrated with existing management system requirements.

Every organization desirous of achieving certification to this standard must go through the following steps:

•Prepare Documentation including Food Safety Policy required by the standard

2.4.3 Which organizations can apply for certification to ISO/TS 16949:2002?

2.5 Certification to the ISO 22000:2005 standard for Food Safety

2.5.1 What is ISO 22000:2005?



18

Astute Consulting

•Assist in conducting hazard analysis and reducing it to acceptable level


•Review by the Senior Management of the organization

•Conduct third party assessment and Obtain certification




It is applicable to all organizations, regardless of size, which are involved in any aspect of the food chain and want to implement systems that consistently provide safe products.



Astute Consulting

CHAPTER 3 : PROCESS / PERFORMANCE IMPROVEMENT

19

3.1 Six Sigma

3.1.1 What is Six Sigma?

3.1.2 Benefits of Six Sigma

Six Sigma is a rigorous & disciplined methodology that uses data & statistical analysis to improve operational performance by reducing the defects that occur as an inherent nature of the process. The Six Sigma methodology uses a specific problem solving approach and selected Six Sigma tools to improve processes and products. This methodology is data driven and the goal is to reduce unacceptable products or events.

The original goal of Six Sigma methodology was to reduce process variation such that the number of unacceptable products would be no more than 3.4 parts per million (PPM). As currently practiced by most companies, however, the real – world application of Six Sigma is to make a product that satisfies the customer and minimizes supplier losses.

Successful implementation of Six Sigma methodology requires organizations to have data relating to their operations. If the data is not available there is a need to set up systems to collect data.

Six Sigma can be applied to all types of organizations – Manufacturing, Service, BPO's etc. The reports regarding Mumbai's dabbawalas achieving Six Sigma compliance demonstrates the versatility of the technique.

Six Sigma implementation can provide the following benefits:-

•Reduction in defects

•Improved customer satisfaction

•Reduction in cycle time

•Improved resource utilization

•Cost Reduction

•Better control on the operation


3.1.3 Typical applications

3.1.4 Methodology and Company's role

Six Sigma can be applied to all functions within an organization. Some of the examples are:

The first step is to identify areas that need to be addressed and create project teams that will be assigned responsibility for addressing the issues. Top management commitment is essential and the project team members need to undergo training to be designated as Green belt, Black Belt and Master Black Belt. The team should consist of members drawn from all the affected areas.

Six Sigma methodology is generally defined through the following steps:

D – Define – Refers to accurately and completely defining the problem M – Measure – Create systems for measurement of defined parameters / collection of dataA – Analyze –Use of statistical tools to identify the root causes and possible solutionsI – Improve – Bring about improvements by implementing the solutionC – Control – Institute measures to ensure sustainability of the improvement

20

Astute Consulting

Sr. No. Function Areas of Improvement

1 Commercial / Finance •Cost Reduction•Working Capital optimization•Document Processing Time

2 Operations / Quality Control •Reduction in defects / rejections•Reduced inspection stages•Reduction in cycle time•Reduction in downtime

3 Logistics •Improved inventory turnaround•Improved delivery performance•Reduction in transportation costs

4 Human Resources •Reduction in staff turnover

5 Marketing and Sales •Improved Enquiry to Order ratio•Greater levels of customer

satisfaction


Astute Consulting

3.2 Diagnostic Study Leading to Business Improvement

3.2.1 What is Diagnostic Study?

3.2.2 Benefits of Diagnostic Study

3.2.3 Areas covered by the Diagnostic Study

Every organization is interested in getting a fair view of its strengths and weaknesses through an independent assessment process. A diagnostic study fulfills this need. Diagnostic study refers to a detailed review of various operational areas of an organization with a view to benchmark them against internationally accepted best practices and arriving at areas of concern. These are then prioritized for initiating corrective actions. The diagnostic study also includes identification of appropriate corrective actions and an action plan with a time table and responsibility matrix.

Each functional area and activity being performed is subjected to a critical evaluation. The actual conduct of the process and its effectiveness are benchmarked against the best practices followed by internationally successful organizations. Thus, the diagnostic study brings up issues that may not come up in normal reviews. Since it is conducted by an independent agency, it is objective and fair. Astute's experts look into the relevance of the activities with reference to the goals set by the organization while conducting the study. Thus the results help the management to get a very accurate assessment of its activities and identify areas that need attention.

Typically, the following areas are covered:

21

Sr.No. Area Elements

1 Organisational Profile üOrganisational EnvironmentüOrganisational Relationships

üCompetitive EnvironmentüStrategic ChallengesüPerformance Improvement System

2 Leadership üVision and valuesüCommunication and Organisational PerformanceüOrganisational GovernanceüLegal & Ethical behaviourüSupport of key communities


3 Strategic Planning üStrategy Development ProcessüStrategic ObjectivesüAction Plan Development and

DeploymentüPerformance Projection

4 Customer and Market Focus üCustomer and Market KnowledgeüCustomer Relationship BuildingüCustomer Satisfaction Determination

5 Knowledge Management üPerformance MeasurementüPerformance Analysis and ReviewüData and Information AvailabilityüData, Information and Knowledge Quality

6 Human Resource Focus üOrganisation and Management of WorküEmployee Performance Management

SystemüHiring and career ProgressionüEmployee Education, Training and

DevelopmentüMotivation and Career DevelopmentüWork EnvironmentüEmployee Support and Satisfaction

7 Process Management üValue Creation ProcessesüSupport ProcessesüOperational Planning

8 Business Results üProduct and Service ResultsüCustomer Focused ResultsüFinancial and Market ResultsüHuman Resource ResultsüOrganisational Effectiveness ResultsüLeadership and Social Responsibility

Results

3.2.4 Methodology and Company's Role

The Diagnostic Study includes interactions with all the stakeholders of the organization. Besides meeting and eliciting the views of the top management, our experienced consultants will carry out the study through a combination of interviews with operating personnel, inspection of the records

22

Astute Consulting

Sr.No. Area Elements


23

Astute Consulting

and observation of the activities as they are performed. If required and with your consent, we will visit your customers and suppliers to obtain feedback regarding their perception of your organization. It is necessary that the organization nominates a coordinator to facilitate the above process.

Subsequent to the Diagnostic Study, Astute will assist the organization in implementing the identified corrective actions.

In the current business scenario, cost optimization is an ongoing goal for an organization. Increased competition has made it necessary for every organization to be conscious of optimizing its costs in several areas. Though an organization has in existence good systems and procedures to optimize its costs, a periodic review must be undertaken to evaluate the effectiveness of such systems and procedures and also look at possibilities for improvement. By resorting to such reviews, the organization can continue to focus on areas of cost optimization.

The nature of operations of an organization provides a clue regarding the area of cost optimization. For any manufacturing organization, materials cost optimization is an essential area while for service organizations, administrative areas may offer an opportunity for cost optimization. Manpower costs need to be reviewed in order to set benchmarks for productivity and utilization. Solid leadership and continuously paying attention to a razor-sharp implementation are essential to such an approach.

3.3 Cost Optimization – Materials / Manpower / Establishment & Administrative

3.3.1 Introduction

3.3.2 Avenues for cost optimization


Astute Consulting

24

4.1 Why Enterprise Risk management (ERM)

4.2 Regulatory requirement

4.3 The Solution

Today's businesses across the globe seek for

•better decision-making,

•greater shareholder value and

•stronger internal controls.

In the wake of dynamic market conditions and regulatory initiatives, protecting shareholders' interests is becoming a top priority for boards. External perceptions of a company are affected by a level of risk that it faces and the way its risks are being managed. No business is immune to Risk, managing it to create a sustainable shareholder value is a critical challenge. Businesses need smart solution for this purpose.

The Clause 49 of the Listing agreement, which comes into effect on 1 January 2006, says,

“The Company shall lay down procedures to inform board members about the risk assessment and minimization procedures. These procedures shall be periodically reviewed to ensure that executive management controls risk through means of a properly defined framework.”

The clause also makes the CEO/CFO certification on Internal Controls mandatory.

An enterprise wide initiative involving all levels of management and steered by the Board of directors is a need of the hour. A well-defined Internal Control Framework and structured approach to risk management can, not only limit the damage to the company but also enable it capture opportunities.

CHAPTER 4 : ENTERPRISE RISK MANAGEMENT ANDINTERNAL CONTROL FRAMEWORK


Astute Consulting

25

4.4 Business Benefits

Potential benefits of adopting integrated approach to Internal Control & ERM frameworks would be

Greater likelihood of achieving business objectives

Reduction in management time spent in fire fighting

Ability to respond quickly to market demands & avoid losses

Lower cost of capital

Better strategy setting & implementation


Risk Identification

Business

Objectives

FutureRisks

Present Risks K

nown

Risks

Unk

nown

Risks

Risk Management

Risk Assessment

Ris

kM

itiga

tionR

isk

Co

ntr

ol

Processes and

Systems

Risk Reporting

Board of DirectorsSenior Management

Operating ManagementInternal Controls

Risk Identification

Business

Objectives

FutureRisks

Present Risks K

nown

Risks

Unk

nown

Risks

Risk Management

Risk Assessment

Ris

kM

itiga

tionR

isk

Co

ntr

ol

Processes and

Systems

Risk Reporting


Operating Management

Risk Identification

Business

Objectives

FutureRisks

Present Risks K

nown

Risks

Unk

nown

Risks

Risk Management

Risk Assessment

Ris

kM

itiga

tionR

isk

Co

ntr

ol

Processes and

Systems

Risk Reporting


Operating ManagementInternal Controls

Astute Consulting

26

5.1 Why Document Systems / Procedures?

5.2 What Are Good Documentation Practices?

“An hour spent in documenting at 2 PM may prevent an emergency at 2 AM”. The importance of documentation cannot be over emphasized. As organizations grow, they cannot depend only on individual brilliance to ensure compliance to processes. An organization can sustain its performance levels only if the systems are documented and made available to its operating personnel in an unambiguous manner.

Good documentation addresses the following issues:

§Audience is well identified – The personnel to whom the document is addressed are to be identified before setting out to prepare the document.

§Contents are well researched – The subject matter of the document must be well defined and should be self explanatory. The reader should be able to understand it without someone having to explain it.

§Purpose is well understood – It is important to know as to why the document is being prepared – What is the user going to derive from it? This knowledge will ensure that the effectiveness of the document is to the desired extent.

§Documents are dynamic – All documentation should be viewed as “living” documents. Once written, it should not be tossed aside and forgotten. Any failure to keep the document updated will bring the entire exercise into serious doubt.

§Documents must be well advertised – There has to be adequate effort to make all concerned aware of the existence of the documentation so that they will be inclined to study and follow the same.

CHAPTER 5 : DOCUMENTATION OF SYSTEMS,PROCEDURES, SOPS


Astute Consulting

27

Astute Consulting Group (Astute) is one of the leading accounting and management consultancy groups in India. It is Indian member of RSM International, the seventh largest international organization of accountants and business advisors with annual billings of about US$ 3.06 billion and offices in 64 countries. RSM International is

thfounded by RSM McGladrey, the 5 largest accounting and consulting group in the US (next only to the Big 4).

Our multi-disciplinary team of over 750, comprises of Chartered Accountants, MBAs, Engineers, Company Secretaries, System Professionals and Cost Accountants. With their respective competencies, our professionals are capable of developing the required competitive advantage and sustainable value for a wide range of businesses.

Astute operates through its offices in 10 cities viz. Mumbai, New Delhi, Chennai, Kolkata, Surat, Bangalore, Hyderabad, Ahmedabad, Gandhidham and Visakhapatnam, facilitating servicing of clients across India in a cost effective manner.

”To partner with our clients to facilitate achievement of their strategic objectives through creative solutions which integrate people,

processes & technology.”

3Operations Consulting

3Quality Management Systems (including ISO)

3Internal and Management Audits (including Techno Commercial Audits)

3International and Indian Taxation

3Corporate Advisory and Structuring

3Attestation Services

3Accounting and Business Process Outsourcing

3Legal and Commercial Documentation

MISSION

SERVICES

ABOUT ASTUTE CONSULTING GROUP


Astute Consulting

28

Some of our services for Operations Consulting and Quality Management Systems include :

3Preparing Plan for making the organization compliant with the requisite standard

3Developing policies and procedures to address the various requirements of various standards

3Preparing documentation of the system as per requirements of various standards.

3Implementing the documented system in an effective manner

Assistance in compliance with various legal requirements

3Training of personnel

3Conducting internal audits / periodic reviews

3Assistance during third party audits

3Assistance in certification/recertification audit

3Closure of non conformities and developing corrective and preventive actions


Astute Consulting

NOTES


Astute Consulting

NOTES


Astute Consulting

NOTES


Astute Consulting Group is the sole Indian member of RSM International, the seventh largest accounting and business advisory organisation worldwide.

Astute Consulting GroupMumbai 3rd Floor, Ahura Centre,82, Mahakali Caves Road,Andheri (E), Mumbai - 400 093.

602/603, Regent Chambers,208, Nariman Point,Mumbai - 400 021.

608, Sagar Tech Plaza B, Sakinaka, Andheri (E),Mumbai - 400 072.

New DelhiF-116, Himalaya House,23, K. G. Marg, Connaught Place,New Delhi - 110 001.

Chennai1A, Chamiers Apartments,62/121, Chamiers Road,R. A. Puram, Chennai - 600 028.

Kolkata2058/A, Mercantile Buildings,Block "A", 9, Lalbazar Street,Kolkata - 700 001.

Bangalore2nd Floor, No. 546,C.M.H. Road, Indiranagar,Bangalore - 560 038.

Surat604-605, Tirupati Plaza,Athwa Gate, Nanpura,Surat - 395 001.

T-720, Belgium Tower,Opp. Linear Bus Stop,Ring Road, Surat - 395 002.

HyderabadOffice No. 5, 3rd Floor,Farhat Afza Building, Road No.10,Banjara Hills, Hyderabad - 500 034.

Ahmedabad504, Narnarayan Complex,Navrangpura,Ahmedabad - 380 009.

Gandhidham216, Golden Arcade, Oslo Road,Plot No.141 & 142, Sector 8,Gandhidham - 370 201.

VisakhapatnamNo. 9, Merrylife Apartments,Doctors Colony, Peda Waltair,Visakhapatnam - 530 017.

Network Associate-Kochi & ThiruvananthapuramK.Venkatachalam Aiyer & Co.,41/3647B, Blue Bird Towers,Providence Road, Kochi - 682 018.

Tel : (91-22) 6696 0644 / 2287 5770 Email : [email protected]

Fax : (91-22) 2820 5685 / 2287 5771URL : www.astuteconsulting.com