Questions? Call us: 1-800-214-7060

Quality

World-Class Compliance Assurance Program Part 5: Maintaining a Compliance Assurance Program

June 22, 2017 - Kestrel Management

This is the fifth in a series of five articles on developing and maintaining a world-class compliance assurance program.

A well-designed and well-executed compliance assurance program provides an essential tool for improving and verifying business performance and limiting compliance risks. Ultimately, however, a compliance program’s effectiveness comes down to whether it is merely a “paper program” or whether it is being integrated into the organization and used in practice on a daily basis. 

The following can show evidence of a living, breathing program:

  • Comprehensiveness of the program
  • Dedicated staff and resources
  • Employee knowledge and engagement
  • Management commitment and employee perception
  • Internal operational inspections, “walk-abouts” by management
  • Independent insider, plus third-party audits
  • Program tailoring to greatest risks
  • Consistency and timeliness of exception (noncompliance/nonconformance) disclosures
  • Tracking of timely and adequate corrective/preventive action completion
  • Progress and performance monitoring

Best Practices

To achieve a compliance assurance program on par with world-class organizations, there are a number of best practices that companies should employ:

Know the requirements. This means maintaining an inventory of regulatory compliance requirements for each compliance program, as well as of state/local/contractual binding agreements applying to operations. It is vital that the organization keep abreast of current/upcoming requirements (federal, state, local).

Plan and develop the processes to comply. Identify and assess compliance risks, and then set objectives and targets for performance improvement based on top priorities. From here, it becomes possible to then define program improvement initiatives, assign and document responsibilities for compliance (who must do what and when), develop procedures and tools, and then allocate resources to get it done.

Assure compliance in operations. The organization needs to establish routine checks and inspections within departments to evaluate conformance with sub-process procedures. Process audits should be designed and implemented to cut across operations and sub-processes in order to evaluate conformance with company policies and procedures. Regulatory compliance audits should further be conducted to address program requirements (e.g., environmental, safety, mine safety, security). Audit performance must be measured and reported, and then expectations set for operating managers to take responsibility for compliance.

Take action on issues and problems. Capture, log, and categorize noncompliance issues, process nonconformances, and near misses. Implement a corrective/preventive action process based on importance of issues. Be disciplined in timely completion, close-out, and documentation of all corrective/preventive actions.

Employ management of change (MOC) process. Robust MOC processes help ensure that changes affecting compliance (to facility, operations, personnel, infrastructure, materials, etc.) are reviewed for their impacts on compliance. Compliance should be assured before the changes are made. Failure to do so is one of the most common root causes of noncompliance.

Ensure management involvement and leadership. Set the tone at the top. The Board of Directors and senior executives must set policy, culture, values, expectations, and goals. It is just as important that these individuals are the ones to communicate across the organization, to demonstrate their commitment and leadership, to define an appropriate incentive/disincentive system, and to provide ongoing organizational feedback.

Maintaining Ongoing World-Class Compliance Assurance Program

The compliance assurance program must be a living, breathing program. As risks change, the program must be refreshed, refined, and redeployed. A Management System framework can help ensure operational sustainability. A Management System drives the auditing process and helps companies say what they will do, do what they say and, importantly, verify it.

Together, there is real value at the intersection of a compliance assurance program and Management Systems. Management Systems define the internal controls that are in place to reduce risks, prevent losses, and sustain and improve performance over time through the Plan-Do-Check-Act (PDCA) cycle of continual improvement.

Testing and Monitoring

Testing, monitoring, and measuring are crucial elements of this cycle. Without them, it is difficult to understand what is working and what needs improvement. Robust testing and monitoring programs can serve as early warning systems for identifying potential compliance risks before they become enforcement issues.

Compliance should be tested and monitored throughout each level of the organization. A strong testing program will evaluate the results of the compliance risk assessment and assign compliance risks to the business units and processes where they are most likely to occur, creating clear lines of responsibility and accountability. Key risks and the related controls should be tested periodically using statistically valid sampling methodologies, and monitoring activities should be performed on an ongoing basis. Doing so produces trend data that provides the rationale needed for making changes to underlying business processes, as well as emerging risks.

Ongoing compliance excellence relies on top management, operations managers, EHS personnel, and individual employees throughout the organization working together to build and sustain an organizational culture that places compliance on par with business performance. Senior management must focus on the overall culture of the company in terms of taking the necessary steps to reduce risk and make prevention part of daily operations. While it may be impossible to eliminate all risk exposure, a solid risk framework, assessment methodology, and compliance assurance program can help to prioritize risks for active management, sustained compliance, and positive business impacts.

Read the other articles in this series:

Submitted by: Tom Kunes

 

World-Class Compliance Assurance Program Part 4: Audit Program Best Practices

April 18, 2017 - Kestrel Management

This is the fourth in a series of five articles on developing and maintaining a world-class compliance assurance program.

Audits provide an essential tool for improving and verifying compliance performance. Audits may be used to capture regulatory compliance status, management system conformance, adequacy of internal controls, potential risks, and best practices. An audit is typically part of a broader compliance assurance program and can cover some or all of the company’s legal obligations, policies, programs, and objectives.

There are a number of third-party auditing standards that offer guidelines for ensuring accurate, complete, and reliable EHS audits, including:

  • The Board of Environmental, Health, and Safety Auditing Certifications (BEAC) Standards, 2008
  • ISO 19011 Auditing Guidelines, 2002
  • Auditing Roundtable Standards, 1993
  • USEPA Auditing Policy, 1986, 2000
  • Institute of Internal Auditors Standards, 1997

Best Practices

Companies come in a variety of sizes with a range of different needs, so auditing standards remain fairly flexible. There are, however, a number of audit program elements and best practices that can help ensure a comprehensive audit program:

Goals. Establishing goals enables recognition of broader issues and can lead to long-term preventive programs. This process allows the organization to get at the causes and focus on important systemic issues. It pushes and guides toward continuous improvement. Goal-setting further addresses the responsibilities and obligations of the Board of Directors for audit and oversight and elicits support from stakeholders.

Scope. The scope of the audit should be limited initially (e.g., compliance and risk) to what is manageable and to what can be done very well, thereby producing performance improvement and a wider understanding and acceptance of objectives. As the program is developed and matures (e.g., management systems, company policy, operational integration), it can be expanded and, eventually, shift over time toward systems in place, prevention, efficiency, and best practices.

Committed resources. Sufficient resources must be provided for staffing and training and then applied, as needed, to encourage a robust auditing program. Resources also should be applied to EHSMS design and continuous improvement. It is important to track the costs/benefits to compare the impacts and results of program improvements.

Operational focus. All facilities need to be covered at the appropriate level, with emphasis based on potential EHS and business risks. The operational units/practices with the greatest risk should receive the greatest attention (e.g., the 80/20 Rule). Vendors/contractors and related operations that pose risks must be included as part of the program. For smaller, less complex and/or lower risk facilities, lower intensity focus can be justified. For example, relying more heavily on self-assessment and reporting of compliance and less on independent audits may provide better return on investment of assessment resources.

Audit team. A significant portion of the audit program should be conducted by knowledgeable auditors (independent insiders, third parties, or a combination thereof) with clear independence from the operations being audited and from the direct chain of command. For organizational learning and to leverage compliance standards across facilities, it is good practice to vary at least one audit team member for each audit. Companies often enlist personnel from different facilities and with different expertise to audit other facilities. Periodic third-party audits further bring outside perspective and reduce tendencies toward “home-blindness”.

Most common options for compliance audit team design include the following:

  • Facility-based EHS Team
    • Advantages – awareness of operations and specific facility EHS regulated activities
    • Disadvantages – lack independence and objective outside perspective; may have some responsibilities for activities audited; likely to have limited regulatory expertise needed; likelihood of significant inconsistencies and variability from facility to facility
    • Best use – routine and frequent inspections and monitoring, including progress checks on completion of corrective actions arising from other audits; desirable to have staff from other facilities participate on audit team; auditors should not audit their own departments or operations; may conduct and submit to corporate annual facility compliance self-assessments and assurance statements by facility management
  • Independent Inside EHS Team
    • Typically, from corporate headquarters (may include facility EHS representatives from other facilities)
    • Advantages – improved independence from operations; likely to provide regulatory know-how and multi-facility perspective; consistency in audit methods and content likely across facilities
    • Disadvantages – can be subject to limited independence and internal business pressures; may have limited perspective on best industry practices from outside organization; may not have up-to-date regulatory requirements awareness
    • Best use – dedicated corporate EHS lead auditor(s) supported by subject matter experts on audit team; EHS personnel from other facility(s) participate on team for cross-facility learning; audit protocols maintained to be current; audits conducted annually at higher risk facilities; team review of facility self-assessments at lower risk facilities
  • Third-Party Independent Audit Team
    • Advantages – organizational independence; outside perspective and experience with compliance practices of other companies; auditor credentials and up-to-date awareness of audit methods and regulatory requirements; ability to bring specialized know-how, as needed; must meet client expectations for deliverable quality and timeliness
    • Disadvantages – may not have organizational standing to ensure necessary cooperation and openness of auditees
    • Best Use – periodic audit of the company’s audit program and process (5-year cycle); periodic compliance audits of selected facilities (3-year cycle), including auditing the completion of corrective actions initiated as a result of internal audits by corporate team; audits of company’s management system as part of compliance audits; done under attorney-client privilege

Audit frequency. There are several levels of audit frequency, depending on the type of audit:

  • Frequent: Operational (e.g., inspections, housekeeping, maintenance) – done as part of routine EHSMS day-to-day operational responsibilities
  • Periodic: Compliance, systems, actions/projects – conducted annually/semi-annually
  • As needed: For issue follow-up
  • Infrequent: Comprehensive, independent – conducted every three to four years

Differentiation methods. Differentiating identifies and distinguishes issues of greatest importance in terms of risk reduction and business performance improvement. The process for differentiating should be as clear and simple as possible; a system of priority rating and ranking is widely understood and agreed. The rating system can address severity levels, as well as probability levels, in addition to complexity/difficulty and length of time required for corrective actions.

Legal protection. Attorney privilege for audit processes and reports is advisable where risk/liability are deemed significant, especially for third-party independent audits. To the extent possible, make the audit process and reports become management tools that guide continuous improvement. Organizations should follow due diligence elements of the USEPA audit policy.

Procedures. Describe and document the audit process for consistent, efficient, effective, and reliable application. The best way to do this is to involve both auditors and those being audited in the procedure design. Audit procedures should be tailored to the specific facility/operation being audited. Documented procedures should be used to train both auditors and those accountable for operations being audited. Procedures can be launched using a pilot facility approach to allow for initial testing and fine-tuning. Keep procedures current and continually improve them based on practical application. Audits include document and record review (corporate and facility), interviews, and observations. 

Protocols & tools. Develop specific and targeted protocols that are tailored to operational characteristics and based on applicable regulations and requirements for the facility. Use “widely accepted or standard practice” as go-by tools to aid in developing protocols (e.g., ASTM site assessment standards; ISO 14010 audit guidance; audit protocols based on EPA, OSHA, MSHA, Canadian regulatory requirements; GEMI self-assessment tools; proprietary audit protocol/tools). As protocols are updated, the ability to evaluate continuous improvement trends must be maintained (i.e., trend analysis).

Information management & analysis. Procedures should be well-defined, clear, and consistent to enable the organization to analyze trends, identify systemic causes, and pinpoint recurring problem areas. Analysis should prompt communication of issues and differentiation among findings based on significance. Audit reports should be issued in a predictable and timely manner. It is desirable to orient the audit program toward organizational learning and continual improvement, rather than a “gotcha” philosophy. “Open book” approaches help learning by letting facility managers know in advance what the audit protocols are and how the audits will be conducted.

Verification & corrective action. Corrective actions require corporate review, top management-level attention and management accountability for timely completion. A robust root cause analysis helps to ensure not just correction/containment of the existing issue, but also preventive action to assure controls are in place to prevent the event from recurring. For example, if a drum is labeled incorrectly, the corrective action is to relabel that drum. A robust plan should also look for other drums than might be labeled incorrectly and to add and communicate an effective preventive action (e.g., training or posting signs showing a correctly labeled drum).

Action item closure. Address repeat findings. Identify patterns and seek root cause analysis and sustainable corrections.

Training. Training should be done throughout the entire organization, across all levels:

  • Auditors are trained on both technical matters and program procedures.
  • Management is trained on the overall program design, purpose, business impacts of findings, responsibilities, corrections, and improvements.
  • Line operations are trained on compliance procedures and company policy/systems.

Communications. Communications with management should be done routinely to discuss status, needs, performance, program improvements, and business impacts. Communications should be done in business language—with business impacts defined in terms of risks, costs, savings, avoided costs/capital expenditures, benefits. Those accountable for performance need to be provided information as close to “real time” as possible, and the Board of Directors should be informed routinely.

Leadership philosophy. Senior management should exhibit top-down expectations for program excellence. EHSMS quality excellence goes hand-in-hand with operational and service quality excellence. Learning and continual improvement should be emphasized.

Roles & responsibilities. Clear roles, responsibilities, and accountabilities need to be established. This includes top management understanding and embracing their roles/responsibilities. Owners of findings/fixes also must be clearly identified.

Funding for corrective actions. Funding should be allocated to projects based on significance of risk exposure (i.e., systemic/preventive actions receive high priority). The process should incentivize proactive planning and expeditious resolution of significant problem areas and penalize recurrence or back-sliding on performance and lack of timely fixes.

Performance measurement system. Audit goals and objectives should be nested with the company business goals, key performance objectives, and values. A balanced scorecard can display leading and lagging indicators. Metrics should be quantitative, indicative (not all-inclusive), and tied to their ability to influence. Performance measurements should be communicated and widely understood. Information from auditing (e.g., findings, patterns, trends, comparisons) and the status of corrective actions often are reported on compliance dashboards for management review.

Degree of business integration. There should be a strong link between programs, procedures, and methods used in a quality management program—EHS activities should operate in patterns similar to core operations rather than as ancillary add-on duties. In addition, EHS should be involved in business planning and MOC. An EHSMS should be well-developed and designed for full business integration, and the audit program should feed critical information into the EHSMS.

Accountability. Accountability and compensation must be clearly linked at a meaningful level. Use various award/recognition programs to offer incentives to line operations personnel for excellent EHS performance. Make disincentives and disciplinary consequences clear to discourage non-compliant activities.

Deployment plan & schedule. Best practice combines the use of pilot facility audits, baseline audits (to design programs), tiered audits, and a continuous improvement model. Facility profiles are developed for all top priority facilities, including operational and EHS characteristics and regulatory and other requirements.

Relation to best practices. Inventory best practices and share/transfer them as part of audit program results. Use best-in-class facilities as models and “problem sites” for improvement planning and training.  The figure illustrates an audit program that goes beyond the traditional “find it, fix it, find it, fix it” repetitive cycle to one that yields real understanding of root causes and patterns. In this model, if the issues can be categorized and are of wide scale, the design of solutions can lead to company-wide corrective and preventive measures. This same method can be used to capture and transfer best practices across the organization. They are sustained through the continual review and improvement cycle of an EHSMS and are verified by future audits.

In our fifth and final article in this series, we talk about compliance program best practices and what it takes to maintain an ongoing world-class compliance assurance program.

Read the other articles in this series:

Submitted by: Tom Kunes

World-Class Compliance Assurance Program Part 3: Compliance Risks and Compliance Program Assessment

February 15, 2017 - Kestrel Management

This is the third in a series of five articles on developing and maintaining a world-class compliance assurance program.

Compliance risk assessment helps to identify and assess risks related to applicable regulatory requirements. Internal and external events or conditions affecting the entity’s ability to achieve objectives must be identified, distinguishing between risks and opportunities. These risks are analyzed, considering the following:

  • Size of the risk – where, how big, how often/many?
  • Severity of the outcome – to what extent can it impact safety, environmental, operational, financial, customer relations, regulatory compliance?
  • Likelihood/probability of each risk – how likely is the occurrence of a negative outcome, considering the maturity of existing controls?

Based on this assessment, management can prioritize risks, select appropriate risk responses (avoiding, accepting, reducing, sharing), and develop a set of actions to align with the entity’s risk tolerance/appetite. An acceptable level of residual risk is considered after selected improvements and controls are applied. From there, policies and procedures can be established and implemented to help ensure the risk responses are effectively communicated so operating managers and individuals can carry out their responsibilities.

A deeper dive compliance program assessment may be performed for those risks that are identified as the company’s most significant.

Compliance Program Assessment

A compliance program assessment looks beyond “point-in-time” compliance to critically evaluate how the company manages compliance programs, processes, and activities, with compliance assurance as the ultimate goal. Capability, capacity, programs, and processes to comply are examined as part of this review. Conducting routine process and compliance audits are also key components of a compliance assurance program.

Compliance program assessment should follow a disciplined and consistent process, resulting in an effective program that guides alignment of activities to an EHSMS for sustained compliance and continuous improvement. An essential part of the assessment, audits capture regulatory compliance status, EHSMS conformance, adequacy of internal controls, potential risks, and best practices.

Compliance program assessment enables a company to define and understand:

  • Compliance requirements and where regulated activities occur throughout the organization
  • Current company programs and processes used to manage those activities and the associated level of program/process maturity
  • Deficiencies in compliance program management and opportunities for improvement
  • How to feed review recommendations back into elements of the EHSMS to create a roadmap for sustaining and continually improving compliance

There are six phases associated with a compliance program assessment:

Phase 1 – Regulations, Requirements, and Applicability Analysis: Phase 1 focuses on identifying, organizing, validating, and understanding all of the requirements (legal or other) with which the company must comply. It provides an applicability analysis of the requirements to company operations by functional area and evaluates the associated risks. This stage engages representatives across the company who are responsible for activities subject to the requirements.

Phase 2 – Activities Analysis: This phase involves developing an inventory/profile of all company activities that may trigger the requirements identified in Phase 1. It asks the question, “What activities does the company carry out that are covered by the requirements?”

Phase 3 – Desired Compliance Program Standard: Establishing the company’s expectations for compliance program processes and controls—the desired condition—is essential. This “to-be” standard integrates Management System principles into compliance program management. Programs should examine relative risks and ensure that risk-based priorities are being set.

Phase 4 – Actual Compliance Program Condition: In contrast to the desired standard identified in Phase 3, Phase 4 is about describing the company’s current compliance program. It defines how the company performs the activities outlined in Phase 3 (along with who, when, and where)—the “as-is” condition. This is done in the same framework as the desired standard in order to compare them in the next phase.

Phase 5 – Gap Analysis: The gap analysis compares actual compliance program management against the desired standard. It evaluates compliance program management processes, controls, and maturity to determine if they are good as is, need improvement, or are missing. These gaps and opportunities provide the basis for the improvement actions developed in Phase 6.

Phase 6 – Improvement Actions: Phase 6 moves the process along to developing action plans and an approach for ongoing management review that will guide the compliance program development and improvement activities. Compliance program management review is established at the end of this last phase. If there is an EHSMS in place, program review information and action plan tracking can be integrated into that Management System.

As a whole, this process will help companies evaluate the degree to which:

  • EHS compliance goals and objectives are set and communicated by management.
  • Hazards and risks are identified, sized, and assessed, including an inventory of activities subject to the compliance requirements and the relative risks.
  • Existing controls are adequate and effective, recognizing and addressing changed conditions.
  • Plans are in place to address risks not adequately covered by existing controls.
  • Plans and controls are resourced and implemented.
  • Controls are documented and operationalized across functions and work units.
  • Personnel know and understand the controls and expectations, and are engaged in their design and improvement.
  • Controls are being monitored with appropriate metrics and compliance auditing and assurance.
  • Information system is sufficient to support EHSMS-required functions (e.g., document management and control, action tracking, notifications, training tracking, task calendaring, metrics reporting). Information dashboards can be used for reports to management.
  • Deficiencies are being addressed by corrective/preventive action and are being tracked to completion.
  • Processes, controls, and performance are being reviewed by management for ongoing improvement, including the maintenance and continual improvement of the ISO 14001 and OHSAS 18001-certified EHSMS.

With this foundation, the next article in this series discusses audit program best practices.

Read the other articles in this series:

Submitted by: Tom Kunes

World-Class Compliance Assurance Program Part 2: Management Systems & their Importance to Compliance Assurance

December 16, 2016 - Kestrel Management

This is the second in a series of five articles on developing and maintaining a world-class compliance assurance program.

The connection between Management Systems and compliance assurance is vital in avoiding recurring compliance issues and in reducing variation in compliance performance. In fact, reliable and effective regulatory compliance is commonly an outcome of consistent and reliable implementation of a Management System.

Management System Document HierarchyA Management System is the organizing framework that enables companies to achieve and sustain their operational and business objectives through a process of continuous improvement. As shown, policy is the foundation of the Management System. It establishes the vision and overall corporate expectations. Processes and standards set corporate expectations for performance. They establish what must be done to meet the requirements of the policy—but they don’t define “how” it will be done. Procedures, then, define “how” the processes/standards will be met and, thereby, meet the requirements of the policy. Finally, proof/metrics provide the measurable “proof of performance”.

A Management System is designed to identify and manage risks—safety, environmental, quality, business continuity, security (and others)—through an organized set of policies, procedures, practices, and resources that guide the enterprise and its activities to maximize business value. In its simplest form, a Management System implements the Plan, Do, Check, Act/Adjust cycle of continual improvement and addresses the following:

  • What is done and why
  • How it is done and by whom
  • How well it is being done
  • How it is maintained and reviewed
  • How it can be improved

The following table compares the attributes of a program with a “Compliance Only” emphasis against those of a “Compliance within a Management System” program.

compliance_table

Management System Standards

Industry standards are available to guide the design and implementation of the EHSMS. The most widely recognized and applied are the harmonized ISO standards—ISO 14001 (Environmental), OHSAS 18001 and draft ISO 45001 (Safety), and ISO 9001 (Quality).

The figure below depicts the standard Management System cycle of control and improvement. Two key procedures within this cycle that guide auditing involve understanding legal, regulatory and other requirements (under “Planning and Management of Change”) and evaluating compliance (under “Checking & Corrective Action”).

Management System Cycle of Control & Improvement

Creating Value

Each company’s Management System reflects its unique culture, vision, and values. To be effective and valuable, the Management System must be tailored and focused on how it can enhance the business performance of the organization. It must also be:

  • Useful to people in the operations
  • Intuitive—organized the way operations people think
  • Flexible—making use of methods and tools as they are developed and documented
  • Valuable from the outset—addressing the most critical risks and processes
  • Linked to the business of the business (not “pasted on”), with ownership at the operational level
  • A means to better align operational quality, safety, and environment with the business

There are a number of business reasons for implementing a well-documented Management System and associated support methods and tools:

  • Establishes a common documented framework to achieve more consistent implementation of compliance policies and processes—addressing the eight core functions of compliance: inventories, permits and authorizations, plans, training, practices in place, monitoring and inspection, records, reporting.
  • Provides clear methods and processes to identify and prioritize risks, set and monitor goals, communicate those risks to employees and management, and allocate the resources to mitigate them.
  • Shifts from a command-and-control, centrally driven function (or, at the other extreme, totally decentralized and lacking adequate guidance and oversight) to one that depends heavily on teamwork and implementation of a common system, taking into consideration the necessary local differences and building better know-how at the facility level.
  • Establishes a common language for periodic calls and meetings among managers, facility managers, and executives, which yields better goal-setting, priority ranking, and allocation of resources to the areas with greatest risk or the greatest opportunity to add business value.
  • Empowers facilities to take responsibility for processes and compliance performance without waiting to be told “what” and “how”.
  • Enables better collaboration and communication across a distributed company with many locations.
  • Enables the selection and implementation of a robust information system capable of tracking and reporting on common activities and performance metrics across the company.
  • Employs a design and implementation process that builds company know-how, captures/retains institutional knowledge, and enables ongoing improvement without having to continually reinvent the wheel.
  • Creates consistent processes and procedures that support personnel changes (e.g., transfers, promotions, retirements) and training of new personnel without causing disruption or gaps.
  • Allows for more consistent oversight and governance, yielding higher predictability and reliability.
  • Better ensures that employees and contractors return home from work safely every day, and that the public and the environment are protected.
  • Reduces incident costs and accrued liabilities and protects assets.
  • Improves and sustains regulatory compliance and allows the organization to continually improve quality, environmental, and safety performance (employee, public, equipment, infrastructure).

The next article in this series will move on to identifying and assessing risks and the subsequent compliance program assessment.

Read the other articles in this series:

Submitted by: Tom Kunes

Conducting a Management System Internal Audit: What You Can Expect

June 21, 2016 - Kestrel Management

Many companies face requirements to conduct management system internal audits. And many probably consider it to be one of those “necessary evils” of doing business. In reality, an internal audit can be a great opportunity to uncover issues and resolve them before an external audit begins. An internal audit can sometimes even enable more improvements than an external audit because it allows the company to review processes more often and more thoroughly. So what, exactly, goes into an internal audit?

What Is an Audit?

First, conducting a management system internal audit encompasses all of the efforts to gather, accumulate, arrange, and evaluate data so that there is sufficient information to arrive at an audit opinion. According to the ANSI/ASQC Standard Q1-1986 Generic Guidelines for Auditing Management Systems, an audit is:

a systematic examination of the acts and decisions by people with respect to Q/EHS issues, in order to independently verify or evaluate and report conformance to the operational requirements of the program or the specification or contract requirement of the product or service.

Internal audits should be carried out to look for areas for improvement and best practices. In an internal audit, the auditor is evaluating, verifying, and reporting conformance or non-conformance in terms of related documentation. The auditor assesses systems, processes, and products against the related documentation:

  • Systems are compared against company directives and requirements.
  • Processes are compared against procedures, process charts, and work instructions.

The auditor examines where and how “operational requirements of the management system” are described. This is done by reviewing each policy, procedure, work instruction, checklist, and form looking for each “actionable item” listed within.

The Interview

The auditor will go out into the workforce and ask the prepared questions to various employees.  Based on the responses given, the auditor may need to ask follow-up questions to get a clear understanding of how an operation works. Questions asked by auditors are generally open-ended to give the auditee the opportunity to elaborate. The auditor’s goal is to give the employee the opportunity to think prior to answering and to follow the audit trail wherever it leads—within or outside of the department.

Tangible Evidence

In order for an internal audit to support improvement steps, the auditor will seek tangible evidence. For example, work instructions require that inspections are completed every day, but the checklist shows that no checks have been performed for the last week. Tangible evidence may include taking a photo copy of the checklist to document this issue.

Evaluating Internal Controls

During the audit, the auditor is looking for internal controls that regulate an operation. There are seven steps in evaluating internal controls:

  1. Observe the Operation: The auditor needs to understand what processes and systems to review, where they are located, and who is responsible for them.
  2. Identify Constraints: The auditor will identify constraints to the extent possible, such as:
    • Scattered information
    • Internal opposition
    • Process not capable
    • Process not in control
    • Unavailable information
  3. Evaluate Risk: The auditor will assess the importance and risk of internal controls not detecting and preventing non-conformances. The auditor will ask personnel being audited and management if there is anything more that could be done to identify and control risk.
  4. Evaluate the Internal Control Structure: Usually extensive internal controls exist, operate properly, and maintain/improve the process; however, this may not be an accurate assumption. Controls may not exist, may be weak, or may control and measure unimportant variables. It is very important for the auditor to resist assuming that the way an existing system has been set up is the correct way to do something. Auditors should challenge how and why something is being done to encourage system improvements.
  5. Test the Effectiveness of the Internal Control Structure: Gathering evidence is the process of collecting data and information critical to support a decision or judgment rendered by the auditor.
  6. Evaluate Evidence: Once evidence has been gathered from interviews, observations, or records, the auditor must distill and summarize the data into useful information for the company. The evidence is then reviewed to determine whether systems and controls are working effectively.
  7. Issue an Opinion: When all is said and done, the auditor must issue an opinion of conformance or non-conformance. In a deficiency finding (non-conformance), the audit report will clearly state that there is a variance between what is and what should be. All evidence findings should be listed to support this conclusion.

Clarify Issues and Non-Conformances

Upon completion of an audit, there may be times when clarification of an issue or concern will be warranted.  This is when the auditor may go back to the department head and review the current understanding of the audit results. The department head should have ample time to discuss and clarify any issues of concern.

Any outstanding issues that warrant a non-conformance report should be discussed to ensure that the company understands: 1.) why the issue is considered a non-conformance, and 2.) what may need to be done to rectify the situation. It is important to also discuss all positive findings from the audit to leverage best practices. 

By using an internal audit to actually improve operations—and not just as another requirement to fulfill—companies can realize significant value through:

  • Meeting regulatory/certification requirements prior to the external audit
  • Improving operational controls and processes
  • Enhancing overall management system effectiveness

Submitted by: Dana Marks

ISO 9001:2015 — Major Organizational Changes

December 9, 2015 - Kestrel Management

The new ISO 9001:2015 standard is upon us—and the transition period to become certified now begins. Change can certainly present challenges; however, the ISO 9001:2015 update is designed to simplify the requirements, focus more on business needs, and make the ISO standards more user-friendly. (Read the related Kestrel article.)

That being said, organizations will need to make adjustments to their Quality Management Systems (QMS) to meet the new requirements. The major impacts that organizations need to consider for ISO 9001:2015 certification include the following:

  • Increased management responsibility
  • Organizational identification of risks and opportunities
  • Impacts of process implementation vs. guidance procedures
  • Overhaul of internal audit requirements

Management Responsibility

The increase in management responsibility requires an organization’s objectives and targets to be:

  • Business-driven
  • More explicit in content
  • Reviewed and monitored on a regular basis

Importantly, the QMS must be connected to the business strategy. This involves management taking ownership for the QMS and creating a vision and strategy for the organization, its employees, and customers to follow and interact with in a mutually beneficial manner. The idea is that this will foster a sustainable business plan.

Identification of Risks and Opportunities

The organization must identify and quantify the risks and opportunities presented by each new business endeavor or market driver they seek to enter. This will help management understand the full operational requirements and potential related consequences that must be addressed prior to moving the organization in a new direction.

The process of identifying risks and opportunities involves reviewing and evaluating employee skill sets, equipment capabilities, facility requirements, logistics requirements, environmental and safety risks, and others. In addition, quality control requirements must be reviewed in terms of possible training and equipment needs, and then verified as either adequate or in need of required changes prior to startup.

Process Implementation

The single largest change to the QMS is arguably the notion of written procedures guiding the organization vs. the use of a process approach to enhance the organization’s ability to exhibit systematic control over any/all changes to the products and/or services it provides. This change represents a shift in the approach regarding business operations.

Under a process approach, the management team must:

  • Define inputs and outputs of each process
  • Determine the correct performance indicator(s) to assure compliance and customer specifications have been met
  • Assign appropriate responsibility for these steps

To comply with ISO 9001:2015, the organization must be able to stop a process and rectify the issues of concern prior to a nonconforming product and/or service being given to a customer. As such, employees are empowered to complete a root cause analysis and then notify management of possible change(s) required.

Internal Audit

Corresponding to the process orientation discussed above, the internal audit program will also need to be revamped to go from auditing a single clause to auditing an entire process. This may require additional auditor training for internal auditors, as well as an overall better understanding of the processes the organization follows in its daily business.

The following tips can all help modify the internal audit process to work under the ISO 9001:2015 standard.

  1. Audit one complete process at a time. This will allow auditors to better assess the process itself, identify possible areas for review and improvement, and verify adequacy of current controls in place.
  2. Develop flow charts that outline every step in the process(es) and the associated procedures, work instructions, and forms required to assure compliance of each identified step.
  3. Look for areas throughout the audit where the product and/or service hand-off between departments and equipment cells may be unclear or confusing, leading to a potential nonconformance to the customer.

Big Steps toward Continuous Improvement

While any one of the changes discussed above would represent a significant improvement over the 2008 version of ISO 9001, taken together and implemented properly, the 2015 updates are set up to help organizations take large step towards continuous improvement.

Under ISO 9001:2015, day-to-day operations should:

  • Be more functional and harmonious
  • Allow for improvements in product and/or service hand-offs between departments
  • Improve the consistency of delivering to the customer exactly what is requested
  • Reward the organization with improvements to internal functions and lower costs over time

Submitted by: Randy Block

ISO 9001:2015 – A New Approach

August 19, 2015 - Kestrel Management

It has been years in the making—the new ISO 9001:2015 standard is getting ready for final publication (expected in September 2015). This is the first revision to ISO 9001 since 2008 and the first major revision since ISO 9001:2000.

The new ISO 9001:2015 standard is designed to simplify the requirements, focus more on the organization’s needs, and make the ISO standards more user-friendly by:

  • Making the standard more applicable to service industries, not just product industries
  • Integrating quality management into overall business strategy
  • Making it easier for companies to adopt multiple ISO and/or vertical standards

ISO 9001:2015 focuses on a core set of requirements, effective process management to produce desired outcome(s), and viewing the QMS through a risk management prism for all actions taken by the organization. Once published, the three-year transition period to become certified to ISO 9001:2015 will begin.

Simplification and Standardization

All ISO management systems standards are being developed and/or reformatted according to ISO Directive Annex SL 2013, to simplify their design and implementation by creating a “universal management system.” The idea is that, in the future, each standard will use a consistent structure and outline. This will allow an organization to easily add new ISO standards to its certified repertoire and create integrated management systems without having to learn new terminology and requirements for each standard.

ISO 9001 is first up to bat—ISO 14001 and others will be revised in accordance with the same structure to ensure consistency across the standards. ISO is going to issue a completely new standard for OHS Management (ISO 45001), which will follow the new format.

High-Level Structures

One of the most notable changes in ISO 9001:2015 is the use of High-Level Structures, which replace the concept of clauses under current ISO management systems. The High-Level Structure is designed to serve as a uniform basis for all standards to improve compatibility.

According to this structure, ISO 9001:2015 will expand to 10 sections (with additions for performance management and evaluation), as shown below.

ISO9001_table

Risk and Opportunities

Risk and opportunities is a new concept under ISO 9001:2015. Organizations are required to use risk-based thinking and analyze risks in operations, as they relate to quality management. This change signifies movement away from a traditional corrective/preventive action approach to a risk management model. Taking a risk-based strategy requires that the organization identify risks in QMS processes and then develop countermeasures to mitigate them.

This risk-based approach ties to additions regarding the context of the organization. Organizations must balance the relationship of the organization with “interested parties” and demonstrate broader measurement, planning, and implementation that takes into account sustainability/business continuity.

Management Responsibility

ISO 9001:2015 puts much more emphasis on management leadership. In fact, top management takes on the role of the QMS Representative and must take accountability for the effectiveness of the QMS. This includes the following:

  • Objectives and targets must be more explicit and monitored frequently, with the management team providing support for staff with relevant tasks.
  • Management needs to create vision and strategy for the organization.
  • There must be alignment of personnel to job duties.
  • The QMS must be connected to business strategy.
  • Management needs to develop and facilitate a sustainable business plan with a clear link to the QMS.
  • Management actions should address risks and opportunities.
  • Scope of management review should consider the strategic direction of the organization, relevant interested parties, and risks and opportunities.

Process Approach

Under a process approach, the organization needs to exhibit systematic control of any/all changes to products and/or services. This includes defining the inputs and outputs of each process, measuring performance indicators, and assigning appropriate responsibility.

Documentation

Documentation requirements become much more flexible under ISO 9001:2015. Organizations only need to maintain the documentation that the organization deems necessary for enhanced QMS performance. “Documented information” also offers more flexibility on the types and formats of documentation used to provide the necessary controls.

This flexibility helps companies avoid creating additional and/or unnecessary documents, and documentation can be aligned far more closely to the company’s individual needs and risks. A Quality Management Manual is no longer a requirement.

Next Steps

Once the standard is published, there will be a three-year transition period during which both the old (ISO 9001:2008) and new (ISO 9001:2015) standards will apply in parallel. This provides a good opportunity for companies to learn about the changes and begin to implement them during annual audits leading up to recertification.

Kestrel recommends following a simple approach to make recertification as simple as possible:

  • Learn and understand the new ISO 9001:2015 standard requirements
  • Complete a gap analysis
  • Implement strategies for critical activities
  • Complete process audits of new QMS
  • Complete Management Review meetings on QMS
  • Determine and implement improvement strategies
  • Earn ISO 9001:2015 certification

Maintaining certification to ISO 9001 will allow companies to continue realizing the benefits of a formal QMS, including:

  • Providing access to new markets
  • Meeting customer quality requirements
  • Increasing internal operating efficiency
  • Improving existing quality and preventing quality concerns
  • Enhancing overall customer satisfaction

Submitted by: Randy Block

Tips to Prepare for an Internal Audit

June 11, 2015 - Kestrel Management • Kestrel Food Safety

All types of business and operational processes demand a variety of audits and inspections to evaluate compliance with standards—ranging from government regulations, to industry codes, to system standards (e.g., ISO), to internal corporate requirements. Audits offer a systematic, objective tool to assess compliance across the workplace and to identify any opportunities for improvement.

Routine internal audits are becoming a larger part of organizational learning and development. They provide a valuable way to communicate performance to decision makers and key stakeholders. Even more importantly, audits help companies identify areas of noncompliance and opportunities for improvement.

For some audits, a company may work with a third-party auditor. This can be valuable in getting an objective assessment of overall compliance status if executed effectively. Here are some best practice tips to help prepare for an internal audit—and ensure that it goes smoothly:

  1. Audit scope: Make sure that the scope of the audit is well defined and documented (i.e., regulations, management system standards, company policies). This also involves identifying which areas and functions onsite are included. For example, if contractors are leasing space, are their areas in scope or out? What about other onsite lessees, if any?
  2. Documents, plans, and records: Prior to the audit, ask the auditor for a list of documents they may be looking for (e.g., OSHA logs, past audit findings). Depending on the nature of the audit, it can be an extensive list and knowing ahead of time will save time and money. If possible, collect all records in advance and have them easily accessible. If corporate policy allows, it is often advisable to send current versions of all facility-specific plans, permits, and other documents to the auditor in advance of the audit to aid in preparation and create a more efficient use of time onsite. When the auditor arrives, make sure you know where relevant records are and that they are available to the auditor (i.e., not locked up in someone else’s office). Records should be organized by type in separate folders and sorted by date. Not only does that save time, it creates less likelihood of a record being overlooked. In most cases, electronic versions of records are sufficient, as long as they can be easily retrieved and viewed on the computer.
  3. Interviews: Advise individuals who may be interviewed during the audit about the purpose of the audit. Communicate well in advance of the audit so that employees aren’t caught off guard when they see an individual walking around taking notes and pictures. Prepare your employees; encourage them to cooperate and provide helpful information when asked. Every employee should:
    • Be aware of the company quality/environmental/safety/food safety policy and able to state it in their own words.
    • Be aware of the quality/environmental/safety/food safety objectives the company has set for the current time period (i.e., what the company is working on to improve the current “state”).
    • Understand how they “make a difference” (i.e., how just by doing their jobs, they are following company policy and objectives and impacting performance).
    • Be knowledgeable about the procedures and practices required for doing their job properly.
  4. Schedule: Ask for an audit schedule. This can help you plan for when certain “in-the-know” people need to be available. This can save valuable time—especially for those individuals—and help ensure that those you absolutely need for the audit are available when you need them.
  5. Be available: Questions often arise during an audit. It is helpful to assure that qualified and knowledgeable personnel are available to answer questions and clarify information during the audit, in addition to being present during the audit debriefing.
  6. Housekeeping: Good housekeeping puts auditors at ease. Conversely, lax housekeeping is often a harbinger of compliance issues and may put auditors on heightened alert.
  7. Care of a third-party auditor: Make sure there is adequate work space available for the auditor to review records and other documents—with power, a desk or table, good lighting, and access to internet/email to exchange documents during the audit.
  8. Confidentiality: If the audit scope involves regulatory compliance and the company has elected to employ audit privilege mechanisms, make sure that all parties are aware of the means to be taken to ensure that audit privilege is preserved (e.g., marking notes and documents, limiting distribution of output, adhering to state-specific requirements).

Submitted by: Sarah Burton and Jake Taylor

Assessing Risk Management Program Maturity

June 11, 2015 - Kestrel Management • Kestrel Food Safety

Maturity assessments are designed to tell an organization where it stands in a defined area and, correspondingly, what it needs to do in the future to improve its systems and processes to meet the organization’s needs and expectations. Maturity assessments expose the strengths and weaknesses within an organization (or a program), and provide a roadmap for ongoing improvements.

Holistic Assessments

A thorough program maturity assessment involves building on a standard gap analysis to conduct a holistic evaluation of the existing program, including data review, interviews with key staff, and functional/field observations and validation.

Based on Kestrel’s experience, evaluating program maturity is best done by measuring the program’s structure and design, as well as the program’s implementation consistency across the organization. For the most part, a program’s design remains relatively unchanging, unless internal modifications are made to the system. Because of this static nature, a “snapshot” provides a reasonable assessment of the design maturity. While the design helps to inform operational effectiveness, the implementation/operational maturity model assesses how completely and consistently the program is functioning throughout the organization (i.e., how the program is designed to work vs. how it is working in practice).

Design Maturity

A design maturity model helps to evaluate strategies and policies, practices and procedures, organization and people, information for decision making, and systems and data according to the following levels of maturity:

  • Level 1: Initial (crisis management) – Lack of alignment within the organization; undefined policies, goals, and objectives; poorly defined roles; lack of effective training; erratic program or project performance; lack of standardization in tools.
  • Level 2: Repeatable (reactive management) – Limited alignment within the organization; lagging policies and plans; seldom known business impacts of actions; inconsistent company operations across functions; culture not focused on process; ineffective risk management; few useful program or project management and controls tools.
  • Level 3: Defined (project management) – Moderate alignment across the organization; consistent plans and policies; formal change management system; somewhat defined and documented processes; moderate role clarity; proactive management for individual projects; standardized status reporting; data integrity may still be questionable.Maturity_Matrix
  • Level 4: Managed (program management) – Alignment across organization; consistent plans and policies; goals and objectives are known at all levels; process-oriented culture; formal processes with adequate documentation; strategies and forecasts inform processes; well-understood roles; metrics and controls applied to most processes; audits used for process improvements; good data integrity; programs, processes, and performance reviewed regularly.
  • Level 5: Optimized (managing excellence) – Alignment from top to bottom of organization; business forecasts and plans guide activity; company culture is evident across the organization; risk management is structured and proactive; process-centered structure; focus on continuous improvement, training, coaching, mentoring; audits for continual improvement; emphasis on “best-in-class” methods.

A gap analysis can help compare the actual program components against best practice standards, as defined by the organization. At this point, assessment questions and criteria should be specifically tuned to assess the degree to which:

  • Hazards and risks are identified, sized, and assessed
  • Existing controls are adequate and effective
  • Plans are in place to address risks not adequately covered by existing controls
  • Plans and controls are resourced and implemented
  • Controls are documented and operationalized across applicable functions and work units
  • Personnel know and understand the controls and expectations and are engaged in their design and improvement
  • Controls are being monitored with appropriate metrics and compliance assurance
  • Deficiencies are being addressed by corrective/preventive action
  • Processes, controls, and performance are being reviewed by management for continual improvement
  • Changed conditions are continually recognized and new risks identified and addressed

Implementation/Operational Maturity

The logical next step in the maturity assessment involves shifting focus from the program’s design to a maturity model that measures how well the program is operationalized, as well as the consistency of implementation across the entire organization. This is a measurement of how effectively the design (program static component) has enabled the desired, consistent practice (program dynamic component) within and across the company.

Under this model, the stage of maturity (i.e., initial, implementation in process, fully functional) is assessed in the following areas:

  • Adequacy and effectiveness: demonstration of established processes and procedures with clarity of roles and responsibilities for managing key functions, addressing significant risks, and achieving performance requirements across operations
  • Consistency: demonstration that established processes and procedures are fully applied and used across all applicable parts of the organization to achieve performance requirements
  • Sustainability: demonstration of an established and ongoing method of review of performance indicators, processes, procedures, and practices in-place for the purpose of identifying and implementing measures to achieve continuing improvement of performance

This approach relies heavily on operational validation and seeking objective evidence of implementation maturity by performing functional and field observations and interviews across a representative sample of operations, including contractors.

Cultural Component

Performance within an organization is the combined result of culture, operational systems/controls, and human performance. Culture involves leadership, shared beliefs, expectations, attitudes, and policy about the desired behavior within a specific company. To some degree, culture alone can drive performance. However, without operational systems and controls, the effects of culture are limited and ultimately will not be sustained. Similarly, operational systems/controls (e.g., management processes, systems, and procedures) can improve performance, but these effects also are limited without the reinforcement of a strong culture. A robust culture with employee engagement, an effective management system, and appropriate and consistent human performance are equally critical.

A culture assessment incorporates an assessment of culture and program implementation status by performing interviews and surveys up, down, and across a representative sample of the company’s operations. Observations of company operations (field/facility/functional) should be done to verify and validate.

A culture assessment should evaluate key attributes of successful programs, including:

  1. Leadership
  2. Vision & Values
  3. Goals, Policies & Initiatives
  4. Organization & Structure
  5. Employee Engagement, Behaviors & Communications
  6. Resource Allocation & Performance Management
  7. Systems, Standards & Processes
  8. Metrics & Reporting
  9. Continually Learning Organization
  10. Audits & Assurance

Assessment and Evaluation

Data from document review, interviews, surveys, and field observations are then aggregated, analyzed, and evaluated. Identifying program gaps and issues enables a comparison of what must be improved or developed/added to what already exists. This information is often organized into the following categories:

  • Policy and strategy refinements
  • Process and procedure improvements
  • Organizational and resource requirements
  • Information for decision making
  • Systems and data requirements
  • Culture enhancement and development

From this information, it becomes possible to identify recommendations for program improvements. These recommendations should be integrated into a strategic action plan that outlines the long-term program vision, proposed activities, project sequencing, and milestones. The highest priority actions should be identified and planned to establish a foundation for continual improvement, and allow for a more proactive means of managing risks and program performance.

Submitted by: Tom Kunes

Management Systems – Back to Basics

February 12, 2015 - Kestrel Management

A management system is the organizing framework that enables companies to achieve and sustain their operational and business objectives through a process of continuous improvement. A management system is designed to identify and manage risks—safety, environmental, quality, business continuity, food safety (and many others)—through an organized set of policies, procedures, practices, and resources that guide the enterprise and its activities to maximize business value.

The management system addresses:

  • What is done and why
  • How it is done and by whom
  • How well it is being done
  • How it is maintained and reviewed
  • How it can be improved

Creating an Effective and Valuable Management System

Each company’s management system reflects its unique culture, vision, and values. To be effective and valuable, the management system must be tailored and focused on how it can enhance the business performance of the organization. It must also be:

  • Useful to people in the operations
  • Intuitive—organized the way operations people think
  • Flexible—making use of methods and tools as they are developed and documented
  • Valuable from the outset—addressing the most critical risks and processes
  • Linked to the business of the business (not “pasted on”), with ownership at the operational level
  • A means to better align operational quality, safety, and environment with the business

Attributes of an effective management system are senior management expectations and guidance coupled with employee engagement. Importantly, a management system involves a continual cycle of planning, implementing, reviewing, and improving the way in which safety, quality, and environmental obligations and objectives are met. In its simplest form, this involves implementing the Plan, Do, Check, Act/Adjust (P-D-C-A) cycle for continuous improvement.

mgmt_sys_cont_improvement

Auditing for Ongoing Compliance

The connection between management systems and compliance is vital in avoiding recurring compliance issues and in reducing variation in compliance performance. In fact, reliable and effective regulatory compliance is commonly an outcome of consistent and reliable implementation of a management system.

Conducting periodic audits is a practical way to test a management system’s implementation maturity and effectiveness. One of the many advantages of audits is that they help identify gaps so that corrective/preventive actions can be put into place and then sustained and improved through the management system.

Audits also help companies with continuous improvement initiatives; properly developed audit programs help measure results over time. To achieve best value, audits should emphasize finding patterns that can yield opportunities for learning and continual improvement, rather than “gotchas” for exceptions that are discovered.

Management System Standards

Several options are available for structuring management systems, whether they are certified by third-party registrars and auditors, self-certified, or used as internal guidance and for potential certification readiness.

The International Organization for Standardization (ISO) standards are some of the most commonly applied. The ISO standards for quality (ISO 9001), environment (ISO 14001), health & safety (OHSAS 18001), business continuity (ISO 22301), and food safety (FSSC 22000) have consistent elements, allowing organizations to more easily align their various management systems. Aligned management systems help companies to achieve improved and more reliable quality, environmental, and health & safety performance, while adding measurable business value.

Certification

Companies can become certified to each of the standards discussed above. Certification has a number of benefits, including the following:

  • Meet customer or supply chain requirements
  • Use outside drivers to maintain management system process discipline (e.g., periodic risk assessment, document management, compliance evaluation, internal audits, management review)
  • Take advantage of third-party assessment and recommendations
  • Improve standing with regulatory agencies (e.g., USEPA, OSHA, FDA, and state programs)
  • Demonstrate the application of industry best practice in the event of incidents/accidents requiring defense of practices

However, if there is no market or other business driver, certification can lead to unnecessary additional cost and effort regarding management system development. Certification in itself does not mean improved performance—management system structure, operation, and management commitment determine that.

Business Value

There are a number of reasons to implement a management system. A properly designed and implemented management system brings value to organizations in a number of ways:

  • Risk management
    • Identify risks
    • Set priorities for improvement, measurement, and reporting
    • Provide great opportunity to identify, share, and learn best practices, while recognizing operational differences
  • Protection of people
    • Send people home the way they arrived at work
    • Protect the public and the environment
  • Compliance assurance
    • Improve and sustain regulatory compliance
  • Business value
    • Continually improve quality, environmental, and safety performance across the organization (employee, public, equipment, infrastructure)
    • Reduce incident costs and accrued liabilities
    • Protect assets
  • Reliability
    • Assure processes, methods, and practices are in place, documented, and consistently applied
    • Reduce variability in processes and performance
  • Employee engagement
    • Help employees to find and use current versions of all procedures and documents
    • Provide a ready reference for field management to structure location-specific procedures
    • Enable the effective transfer of standards, methods, and know-how in employee training, new job assignments, and promotions

Submitted by: Tom Kunes

Insights & Updates

  • Categories

  • Archives