Call Us Today: 608-260-7468

Blog

12 Feb
Drones Terminology Technology
Drones 101: Terminology & Technology

This is the first article in Kestrel’s Drones 101 series.

Industries like transportation, manufacturing, utilities, mining, construction, oil and gas, and agriculture are crucial to our country’s infrastructure, particularly in a rapidly changing global market. Yet these industrial sectors continually face the challenges of an aging workforce and high-risk job tasks, including exposure to moving freight cars, high-voltage transmission lines, and hazmat materials and risks of slips, trips, falls, maiming and premature death.

Emerging Technology

Fortunately, drones are an emerging technology that offers a solution both to the shrinking workforce and as an additional mitigation tactic for various operational safety needs of heavy industries.

What was once a very niche market, drones are emerging into an important new phase: everyday use of drone technology in the workplace. It’s no longer just tech-savvy companies that are using drones. Enterprise-level Unmanned Aerial System (UAS) operations are becoming a big deal in industry. Organizations ranging from municipalities and agriculture companies to the Fortune 500s are getting involved in drone operations.

In another three to five years, it will potentially make business sense for nearly every major industrial company to incorporate UAS technologies into their operations for two reasons:

  1. Drones are effective at both mitigating risks and increasing operational efficiency.
  2. Drones are a tool that can bolster workforce recruitment and retention efforts.

Terminology & Technology

As drones become more popular and the industry continues to grow, newer and more varied versions of them are hitting the market, making it difficult to keep up with the technology and the related terminology.

If you’ve observed or read anything about drones, you may have noticed a few acronyms thrown around, and that can be a little confusing. Some of the most common terminology includes the following:

  • Drone is used to define just about any type of Unmanned Aerial Vehicle (UAV). The term refers to many different types of an unmanned aircraft of various sizes, which are used for multiple functions, ranging from armed forces aircraft to hobbyists taking amateur digital photography.
  • Unmanned Aerial Vehicle (UAV) refers to the platform, airframe, or body of the craft you are flying. The term can be used interchangeably with drone.
  • Unmanned Aerial System (UAS) includes the vehicle or aircraft, the controller, and the link(s) that connect them. A small Unmanned Aerial System (sUAS) is a UAS weighing less than 55 pounds at takeoff and landing.

It is best practice to use UAS in formal documents like policies and procedures. If you have a diverse approach that includes both light and heavy drones, then specifying whether a document pertains to sUAS or UAS operations would be optimal, as the regulations vary based on weight, and your operational policies and procedures would need to reflect this.

Types of UAS

While there are variety of drone technologies on the market, the three main types of UAS available in the commercial space are the following:

  1. Multi-rotor UAS is the most popular drone type for both commercial use and for hobbyists. This type of drone is typically less difficult to operate. They offer vertical take-off and landing and the ability to hover, both of which can result in highly detailed data points and targeted insights. Quad-, hexa-, and octo-copters are all available (i.e., 4, 6 or 8 rotors). There are a number of typical use cases of multi-rotor drones, including industrial inspections, aerial mapping, site planning and monitoring, cause finding, resource management, crop spraying and many more.
  1. Fixed-wing UAS function more like an airplane than their multi-rotor counterpart. These drones often resemble small airplanes or mechanical stingrays. They consist of two fixed wings on either side of the craft. This design provides for more efficient aerodynamics and longer flight times (~45-60 min per flight). Fixed-wing have high aerial coverage (up to 2,400 acres per flight) but offer less detailed imagery, are typically unable to hover, and are more suited for covering large areas of land, resulting in large data sets with less detail than you would collect using a multi-rotor or a hybrid UAS. These drones require a suitable runway area for takeoff and landings and are usually able to carry heavier payloads than other types of UAS. Typical uses include beyond visual line of sight (BVLOS) operations, photogrammetry and 3D mapping, crop inspections, and other tasks that require significant area coverage.
  1. Hybrid UAS are gaining popularity, as these platforms offer the benefits of a vertical takeoff and landing and the ability to fly quickly in a forward motion to cover larger areas of land, while still having the ability to hover. Hovering allows for close-up inspections and produces more detailed information than a quick fly by. Hybrids range in their load carrying capability. Hybrids can be used in many of the same ways as fixed wings and multi-rotors but are most excitingly known for their use in delivery services and unmanned air taxi applications.

Payloads

In addition to the drone itself, there are many types of payloads, which is a generic term for the cameras, sensors, or other equipment that can be attached to and carried by drones:

  • Specialized cameras are the most often used payloads for drones.
  • Various cameras offer the ability to gather higher resolution images with greater detail.
  • LiDAR units can be attached to gather data points from any work site, which can then be translated into 3D-modeling efforts to aid in volumetric applications.
  • Thermal/infrared cameras provide heat sensing capability.
  • Gas detection cameras detect fugitive gas leaks at pipelines and tanks.
  • Multispectral and hyperspectral sensors are electromagnetic energy sensors that offer insight into details on resources that would otherwise be invisible to the human eye.
  • Environmental sensors (e.g., chemical sensors) can measure chemical compositions and traces of particular chemical substances, including radioactive particles and particulate matter.

Undoubtedly, the types of drones and the payloads will continue to expand as the market and applicability of drones continues to grow.

Learn more about Kestrel’s UAS Program Management services. Stay tuned for the rest of our Drones 101 series, featuring:

  • Terminology & Technology
  • Applicability
  • Regulations
  • Drone Program Management
  • Top 6 Tips for Managing Your Drone Program
10 Oct
AirWorks 2018
Kestrel to Present at AirWorks 2018

The AirWorks 2018 Conference is focused on the growing commercial drone industry and how developers, partners, and operators can work to reshape the global economy with drones. This year, Kestrel Management will be teaming with Union Pacific Railroad to talk about our experience and lessons learned from managing industrial-scale drone programs.

AirWorks 2018
October 30 – November 1, 2018
Dallas, Texas
register now

Kestrel Presentation: Bringing Your Drone Program to Scale: Lessons Learned from Going Big

Thursday, November 1 at 11:00 a.m.
Rachel Mulholland, Kestrel Management Consultant, Industrial UAS Programs
Edward Adelman, Union Pacific Railroad, General Director of Safety

This presentation will discuss the risks and opportunities associated with building an industrial drone program and share some of the lessons learned from our experience. We’ll discuss common questions, including the following:

  • What does it take to build an industrial drone program?
  • How can UAS technology fit into your current business model?
  • What challenges can occur with fleets of certified remote pilots and unmanned vehicles?
  • How do you ensure you operate in compliance with FAA regulations?
  • What are some common pitfalls to avoid and best practices to incorporate into your program?

Why You Should Attend

If you currently have a drone program or are looking to implement one, this event is for you!

  • Attend sessions focused on the industry track most relevant to your business: construction, energy, agriculture, public safety, infrastructure
  • Network with companies that are on the forefront of enterprise drone adoption
  • Get a preview of the latest drone technologies
  • Receive hands-on training from experienced industry leaders and instructors

register now

19 Sep
Tariff
USTR Finalizes China 301 List 3 Tariffs

On Monday, September 17, 2018, the Office of the United States Trade Representative (USTR) released a list of approximately $200 billion worth of Chinese imports, including hundreds of chemicals, that will be subject to additional tariffs. The additional tariffs will be effective starting September 24, 2018, and initially will be in the amount of 10 percent. Starting January 1, 2019, the level of the additional tariffs will increase to 25 percent.

In the final list, the administration also removed nearly 300 items, but the Administration did not provide a specific list of products excluded. Included among the products removed from the proposed list are certain consumer electronics products, such as smart watches and Bluetooth devices; certain chemical inputs for manufactured goods, textiles and agriculture; certain health and safety products such as bicycle helmets, and child safety furniture such as car seats and playpens.

Individual companies may want to review the list to determine the status of Harmonized Tariff Schedule (HTS) codes of interest.

View the final tariff list here.

Read the USTR press release.

30 Aug
risk management
Assessing Risk Management Program Maturity

Maturity assessments are designed to tell an organization where it stands in a defined area and, correspondingly, what it needs to do in the future to improve its systems and processes to meet the organization’s needs and expectations. Maturity assessments expose the strengths and weaknesses within an organization (or a program), and provide a roadmap for ongoing improvements.

Holistic Assessments

A thorough program maturity assessment involves building on a standard gap analysis to conduct a holistic evaluation of the existing program, including data review, interviews with key staff, and functional/field observations and validation.

Based on Kestrel’s experience, evaluating program maturity is best done by measuring the program’s structure and design, as well as the program’s implementation consistency across the organization. For the most part, a program’s design remains relatively unchanging, unless internal modifications are made to the system. Because of this static nature, a “snapshot” provides a reasonable assessment of the design maturity. While the design helps to inform operational effectiveness, the implementation/operational maturity model assesses how completely and consistently the program is functioning throughout the organization (i.e., how the program is designed to work vs. how it is working in practice).

Design Maturity

A design maturity model helps to evaluate strategies and policies, practices and procedures, organization and people, information for decision making, and systems and data according to the following levels of maturity:

  • Level 1: Initial (crisis management) – Lack of alignment within the organization; undefined policies, goals, and objectives; poorly defined roles; lack of effective training; erratic program or project performance; lack of standardization in tools.
  • Level 2: Repeatable (reactive management) – Limited alignment within the organization; lagging policies and plans; seldom known business impacts of actions; inconsistent company operations across functions; culture not focused on process; ineffective risk management; few useful program or project management and controls tools.
  • Level 3: Defined (project management) – Moderate alignment across the organization; consistent plans and policies; formal change management system; somewhat defined and documented processes; moderate role clarity; proactive management for individual projects; standardized status reporting; data integrity may still be questionable.
  • Level 4: Managed (program management) – Alignment across organization; consistent plans and policies; goals and objectives are known at all levels; process-oriented culture; formal processes with adequate documentation; strategies and forecasts inform processes; well-understood roles; metrics and controls applied to most processes; audits used for process improvements; good data integrity; programs, processes, and performance reviewed regularly.
  • Level 5: Optimized (managing excellence) – Alignment from top to bottom of organization; business forecasts and plans guide activity; company culture is evident across the organization; risk management is structured and proactive; process-centered structure; focus on continuous improvement, training, coaching, mentoring; audits for continual improvement; emphasis on “best-in-class” methods.

A gap analysis can help compare the actual program components against best practice standards, as defined by the organization. At this point, assessment questions and criteria should be specifically tuned to assess the degree to which:

  • Hazards and risks are identified, sized, and assessed
  • Existing controls are adequate and effective
  • Plans are in place to address risks not adequately covered by existing controls
  • Plans and controls are resourced and implemented
  • Controls are documented and operationalized across applicable functions and work units
  • Personnel know and understand the controls and expectations and are engaged in their design and improvement
  • Controls are being monitored with appropriate metrics and compliance assurance
  • Deficiencies are being addressed by corrective/preventive action
  • Processes, controls, and performance are being reviewed by management for continual improvement
  • Changed conditions are continually recognized and new risks identified and addressed

Implementation/Operational Maturity

The logical next step in the maturity assessment involves shifting focus from the program’s design to a maturity model that measures how well the program is operationalized, as well as the consistency of implementation across the entire organization. This is a measurement of how effectively the design (program static component) has enabled the desired, consistent practice (program dynamic component) within and across the company.

Under this model, the stage of maturity (i.e., initial, implementation in process, fully functional) is assessed in the following areas:

  • Adequacy and effectiveness: demonstration of established processes and procedures with clarity of roles and responsibilities for managing key functions, addressing significant risks, and achieving performance requirements across operations
  • Consistency: demonstration that established processes and procedures are fully applied and used across all applicable parts of the organization to achieve performance requirements
  • Sustainability: demonstration of an established and ongoing method of review of performance indicators, processes, procedures, and practices in-place for the purpose of identifying and implementing measures to achieve continuing improvement of performance

This approach relies heavily on operational validation and seeking objective evidence of implementation maturity by performing functional and field observations and interviews across a representative sample of operations, including contractors.

Cultural Component

Performance within an organization is the combined result of culture, operational systems/controls, and human performance. Culture involves leadership, shared beliefs, expectations, attitudes, and policy about the desired behavior within a specific company. To some degree, culture alone can drive performance. However, without operational systems and controls, the effects of culture are limited and ultimately will not be sustained. Similarly, operational systems/controls (e.g., management processes, systems, and procedures) can improve performance, but these effects also are limited without the reinforcement of a strong culture. A robust culture with employee engagement, an effective management system, and appropriate and consistent human performance are equally critical.

A culture assessment incorporates an assessment of culture and program implementation status by performing interviews and surveys up, down, and across a representative sample of the company’s operations. Observations of company operations (field/facility/functional) should be done to verify and validate.

A culture assessment should evaluate key attributes of successful programs, including:

  1. Leadership
  2. Vision & Values
  3. Goals, Policies & Initiatives
  4. Organization & Structure
  5. Employee Engagement, Behaviors & Communications
  6. Resource Allocation & Performance Management
  7. Systems, Standards & Processes
  8. Metrics & Reporting
  9. Continually Learning Organization
  10. Audits & Assurance

Assessment and Evaluation

Data from document review, interviews, surveys, and field observations are then aggregated, analyzed, and evaluated. Identifying program gaps and issues enables a comparison of what must be improved or developed/added to what already exists. This information is often organized into the following categories:

  • Policy and strategy refinements
  • Process and procedure improvements
  • Organizational and resource requirements
  • Information for decision making
  • Systems and data requirements
  • Culture enhancement and development

From this information, it becomes possible to identify recommendations for program improvements. These recommendations should be integrated into a strategic action plan that outlines the long-term program vision, proposed activities, project sequencing, and milestones. The highest priority actions should be identified and planned to establish a foundation for continual improvement, and allow for a more proactive means of managing risks and program performance.

 

16 Aug
Audit program best practices
Audit Program Best Practices: Part 2

Audits provide an essential tool for improving and verifying compliance performance. As discussed in Part 1, there are a number of audit program elements and best practices that can help ensure a comprehensive audit program. Here are 12 more tips to put to use:

  1. Action item closure. Address repeat findings. Identify patterns and seek root cause analysis and sustainable corrections.
  2. Training. Training should be done throughout the entire organization, across all levels:
    • Auditors are trained on both technical matters and program procedures.
    • Management is trained on the overall program design, purpose, business impacts of findings, responsibilities, corrections, and improvements.
    • Line operations are trained on compliance procedures and company policy/systems.
  3. Communications. Communications with management should be done routinely to discuss status, needs, performance, program improvements, and business impacts. Communications should be done in business language—with business impacts defined in terms of risks, costs, savings, avoided costs/capital expenditures, benefits. Those accountable for performance need to be provided information as close to “real time” as possible, and the Board of Directors should be informed routinely.
  4. Leadership philosophy. Senior management should exhibit top-down expectations for program excellence. EHSMS quality excellence goes hand-in-hand with operational and service quality excellence. Learning and continual improvement should be emphasized.
  5. Roles & responsibilities. Clear roles, responsibilities, and accountabilities need to be established. This includes top management understanding and embracing their roles/responsibilities. Owners of findings/fixes also must be clearly identified.
  6. Funding for corrective actions. Funding should be allocated to projects based on significance of risk exposure (i.e., systemic/preventive actions receive high priority). The process should incentivize proactive planning and expeditious resolution of significant problem areas and penalize recurrence or back-sliding on performance and lack of timely fixes.
  7. Performance measurement system. Audit goals and objectives should be nested with the company business goals, key performance objectives, and values. A balanced scorecard can display leading and lagging indicators. Metrics should be quantitative, indicative (not all-inclusive), and tied to their ability to influence. Performance measurements should be communicated and widely understood. Information from auditing (e.g., findings, patterns, trends, comparisons) and the status of corrective actions often are reported on compliance dashboards for management review.
  8. Degree of business integration. There should be a strong link between programs, procedures, and methods used in a quality management program—EHS activities should operate in patterns similar to core operations rather than as ancillary add-on duties. In addition, EHS should be involved in business planning and MOC. An EHSMS should be well-developed and designed for full business integration, and the audit program should feed critical information into the EHSMS.
  9. Accountability. Accountability and compensation must be clearly linked at a meaningful level. Use various award/recognition programs to offer incentives to line operations personnel for excellent EHS performance. Make disincentives and disciplinary consequences clear to discourage non-compliant activities.
  10. Deployment plan & schedule. Best practice combines the use of pilot facility audits, baseline audits (to design programs), tiered audits, and a continuous improvement model. Facility profiles are developed for all top priority facilities, including operational and EHS characteristics and regulatory and other requirements.
  11. Relation of audit program to EHSMS design & improvement objectives. The audit program should be fully interrelated with the EHSMS and feed critical information on systemic needs into the EHSMS design and review process. It addresses the “Evaluation of Compliance” element under EHSMS international standards (e.g., ISO 14001 and OHSAS 18001). Audit baseline helps identify common causes, systemic issues, and needed programs. The EHSMS addresses root causes and defines/improves preventive systems and helps integrate EHS with core operations. Audits further evaluate and confirm performance of EHSMS and guide continuous improvement.
  12. Relation to best practices. Inventory best practices and share/transfer them as part of audit program results. Use best-in-class facilities as models and “problem sites” for improvement planning and training.  The figure below illustrates an audit program that goes beyond the traditional “find it, fix it, find it, fix it” repetitive cycle to one that yields real understanding of root causes and patterns. In this model, if the issues can be categorized and are of wide scale, the design of solutions can lead to company-wide corrective and preventive measures. This same method can be used to capture and transfer best practices across the organization. They are sustained through the continual review and improvement cycle of an EHSMS and are verified by future audits.

Improving by Analyzing Audit Results

 

Read the part 1 audit program best practices. 

09 Aug
Audit program best practices
Audit Program Best Practices: Part 1

Audits provide an essential tool for improving and verifying compliance performance. Audits may be used to capture regulatory compliance status, management system conformance, adequacy of internal controls, potential risks, and best practices. An audit is typically part of a broader compliance assurance program and can cover some or all of the company’s legal obligations, policies, programs, and objectives.

Companies come in a variety of sizes with a range of different needs, so auditing standards remain fairly flexible. There are, however, a number of audit program elements and best practices that can help ensure a comprehensive audit program:

  1. Goals. Establishing goals enables recognition of broader issues and can lead to long-term preventive programs. This process allows the organization to get at the causes and focus on important systemic issues. It pushes and guides toward continuous improvement. Goal-setting further addresses the responsibilities and obligations of the Board of Directors for audit and oversight and elicits support from stakeholders.
  2. Scope. The scope of the audit should be limited initially (e.g., compliance and risk) to what is manageable and to what can be done very well, thereby producing performance improvement and a wider understanding and acceptance of objectives. As the program is developed and matures (e.g., Management Systems, company policy, operational integration), it can be expanded and, eventually, shift over time toward systems in place, prevention, efficiency, and best practices.
  3. Committed resources. Sufficient resources must be provided for staffing and training and then applied, as needed, to encourage a robust auditing program. Resources also should be applied to EHSMS design and continuous improvement. It is important to track the costs/benefits to compare the impacts and results of program improvements.
  4. Operational focus. All facilities need to be covered at the appropriate level, with emphasis based on potential EHS and business risks. The operational units/practices with the greatest risk should receive the greatest attention (e.g., the 80/20 Rule). Vendors/contractors and related operations that pose risks must be included as part of the program. For smaller, less complex and/or lower risk facilities, lower intensity focus can be justified. For example, relying more heavily on self-assessment and reporting of compliance and less on independent audits may provide better return on investment of assessment resources.
  5. Audit team. A significant portion of the audit program should be conducted by knowledgeable auditors (independent insiders, third parties, or a combination thereof) with clear independence from the operations being audited and from the direct chain of command. For organizational learning and to leverage compliance standards across facilities, it is good practice to vary at least one audit team member for each audit. Companies often enlist personnel from different facilities and with different expertise to audit other facilities. Periodic third-party audits further bring outside perspective and reduce tendencies toward “home-blindness”.
  6. Audit frequency. There are several levels of audit frequency, depending on the type of audit:
    • Frequent: Operational (e.g., inspections, housekeeping, maintenance) – done as part of routine EHSMS day-to-day operational responsibilities
    • Periodic: Compliance, systems, actions/projects – conducted annually/semi-annually
    • As needed: For issue follow-up
    • Infrequent: Comprehensive, independent – conducted every three to four years
  1. Differentiation methods. Differentiating identifies and distinguishes issues of greatest importance in terms of risk reduction and business performance improvement. The process for differentiating should be as clear and simple as possible; a system of priority rating and ranking is widely understood and agreed. The rating system can address severity levels, as well as probability levels, in addition to complexity/difficulty and length of time required for corrective actions.
  2. Legal protection. Attorney privilege for audit processes and reports is advisable where risk/liability are deemed significant, especially for third-party independent audits. To the extent possible, make the audit process and reports become management tools that guide continuous improvement. Organizations should follow due diligence elements of the USEPA audit policy.
  3. Procedures. Describe and document the audit process for consistent, efficient, effective, and reliable application. The best way to do this is to involve both auditors and those being audited in the procedure design. Audit procedures should be tailored to the specific facility/operation being audited. Documented procedures should be used to train both auditors and those accountable for operations being audited. Procedures can be launched using a pilot facility approach to allow for initial testing and fine-tuning. Keep procedures current and continually improve them based on practical application. Audits include document and record review (corporate and facility), interviews, and observations.
  4. Protocols & tools. Develop specific and targeted protocols that are tailored to operational characteristics and based on applicable regulations and requirements for the facility. Use “widely accepted or standard practice” as go-by tools to aid in developing protocols (e.g., ASTM site assessment standards; ISO 14010 audit guidance; audit protocols based on EPA, OSHA, MSHA, Canadian regulatory requirements; GEMI self-assessment tools; proprietary audit protocol/tools). As protocols are updated, the ability to evaluate continuous improvement trends must be maintained (i.e., trend analysis).
  5. Information management & analysis. Procedures should be well-defined, clear, and consistent to enable the organization to analyze trends, identify systemic causes, and pinpoint recurring problem areas. Analysis should prompt communication of issues and differentiation among findings based on significance. Audit reports should be issued in a predictable and timely manner. It is desirable to orient the audit program toward organizational learning and continual improvement, rather than a “gotcha” philosophy. “Open book” approaches help learning by letting facility managers know in advance what the audit protocols are and how the audits will be conducted.
  6. Verification & corrective action. Corrective actions require corporate review, top management-level attention and management accountability for timely completion. A robust root cause analysis helps to ensure not just correction/containment of the existing issue, but also preventive action to assure controls are in place to prevent the event from recurring. For example, if a drum is labeled incorrectly, the corrective action is to relabel that drum. A robust plan should also look for other drums than might be labeled incorrectly and to add and communicate an effective preventive action (e.g., training or posting signs showing a correctly labeled drum).

Read the part 2 audit program best practices

26 Jul
10 Reasons to Implement a Management System
10 Reasons to Implement a Management System

A management system is the framework that enables companies to achieve their operational and business objectives through a process of continuous improvement. In its simplest form, a management system implements the Plan, Do, Check, Act/Adjust cycle. Several choices are available for management systems (ISO is commonly applied), whether they are certified by third-party registrars and auditors, self-certified, or used as internal guidance and for potential certification readiness.

Business Benefits of a Well-Documented Management System

The connection between management systems and compliance is vital in avoiding recurring compliance issues and in reducing variation in compliance performance. In fact, reliable and effective regulatory compliance is commonly an outcome of consistent and reliable implementation of a management system.

Beyond that, there are a number of business reasons for implementing a well-documented management system (environmental, safety, quality, food safety, other) and associated support methods and tools:

  1. Establishes a common documented framework to achieve more consistent implementation of compliance policies and processes—addressing the eight core functions of compliance:
    • Inventories
    • Permits and authorizations
    • Plans
    • Training
    • Practices in place
    • Monitoring and inspection
    • Records
    • Reporting
  1. Provides clear methods and processes to identify and prioritize risks, set and monitor goals, communicate those risks to employees and management, and allocate the resources to mitigate them.
  2. Shifts from a command-and-control, centrally driven function to one that depends heavily on teamwork and implementation of a common system, taking into consideration the necessary local differences and building better know-how at the facility level.
  3. Establishes a common language for periodic calls and meetings among managers, facility managers, and executives, which yields better goal-setting, priority ranking, and allocation of resources to the areas with greatest risk or the greatest opportunity to add business value.
  4. Empowers facilities to take responsibility for processes and compliance performance without waiting to be told “what” and “how”.
  5. Enables better collaboration and communication across a distributed company with many locations.
  6. Enables the selection and implementation of a robust information system capable of tracking and reporting on common activities and performance metrics across the company.
  7. Employs a design and implementation process that builds company know-how, captures/retains institutional knowledge, and enables ongoing improvement without having to continually reinvent the wheel.
  8. Creates consistent processes and procedures that support personnel changes (e.g., transfers, promotions, retirements) and training of new personnel without causing disruption or gaps.
  9. Allows for more consistent oversight and governance, yielding higher predictability and reliability.

 

19 Jul
compliance assurance best practices
Six Best Practices for Compliance Assurance

A well-designed and well-executed compliance assurance program provides an essential tool for improving and verifying business performance and limiting compliance risks. Ultimately, however, a compliance program’s effectiveness comes down to whether it is merely a “paper program” or whether it is being integrated into the organization and used in practice daily.

The following can show evidence of a living, breathing program:

  • Comprehensiveness of the program
  • Dedicated staff and resources
  • Employee knowledge and engagement
  • Management commitment and employee perception
  • Internal operational inspections, “walk-abouts” by management
  • Independent insider, plus third-party audits
  • Program tailoring to greatest risks
  • Consistency and timeliness of exception (noncompliance/nonconformance) disclosures
  • Tracking of timely and adequate corrective/preventive action completion
  • Progress and performance monitoring

Best Practices

To achieve a compliance assurance program on par with world-class organizations, there are a number of best practices that companies should employ:

  1. Know the requirements. This means maintaining an inventory of regulatory compliance requirements for each compliance program, as well as of state/local/contractual binding agreements applying to operations. It is vital that the organization keep abreast of current/upcoming requirements (federal, state, local).
  2. Plan and develop the processes to comply. Identify and assess compliance risks, and then set objectives and targets for performance improvement based on top priorities. From here, it becomes possible to then define program improvement initiatives, assign and document responsibilities for compliance (who must do what and when), develop procedures and tools, and then allocate resources to get it done.
  3. Assure compliance in operations. The organization needs to establish routine checks and inspections within departments to evaluate conformance with sub-process procedures. Process audits should be designed and implemented to cut across operations and sub-processes in order to evaluate conformance with company policies and procedures. Regulatory compliance audits should further be conducted to address program requirements (e.g., environmental, safety, mine safety, security). Audit performance must be measured and reported, and then expectations set for operating managers to take responsibility for compliance.
  4. Take action on issues and problems. Capture, log, and categorize noncompliance issues, process non-conformances, and near misses. Implement a corrective/preventive action process based on importance of issues. Be disciplined in timely completion, close-out, and documentation of all corrective/preventive actions.
  5. Employ management of change (MOC) process. Robust MOC processes help ensure that changes affecting compliance (to facility, operations, personnel, infrastructure, materials, etc.) are reviewed for their impacts on compliance. Compliance should be assured before the changes are made. Failure to do so is one of the most common root causes of noncompliance.
  6. Ensure management involvement and leadership. Set the tone at the top. The Board of Directors and senior executives must set policy, culture, values, expectations, and goals. It is just as important that these individuals are the ones to communicate across the organization, to demonstrate their commitment and leadership, to define an appropriate incentive/disincentive system, and to provide ongoing organizational feedback.
09 Jun
quality management
ISO 9001:2015 — Major Organizational Changes

The new ISO 9001:2015 standard for Quality Management Systems (QMS) was issued in late 2015—which means the three-year transition period to become certified to the new version is now in full swing. Change can certainly present challenges; however, the ISO 9001:2015 update is designed to simplify the requirements, focus more on business needs, and make the ISO standards more user-friendly.

That being said, organizations will need to make adjustments to their QMS to meet the new requirements. The major impacts that organizations need to consider for ISO 9001:2015 certification include the following:

  • Increased management responsibility
  • Organizational identification of risks and opportunities
  • Impacts of process implementation vs. guidance procedures
  • Overhaul of internal audit requirements

Management Responsibility

The increase in management responsibility requires an organization’s objectives and targets to be:

  • Business-driven
  • More explicit in content
  • Reviewed and monitored on a regular basis

Importantly, the QMS must be connected to the business strategy. This involves management taking ownership for the QMS and creating a vision and strategy for the organization, its employees, and customers to follow and interact with in a mutually beneficial manner. The idea is that this will foster a sustainable business plan.

Identification of Risks and Opportunities

The organization must identify and quantify the risks and opportunities presented by each new business endeavor or market driver they seek to enter. This will help management understand the full operational requirements and potential related consequences that must be addressed prior to moving the organization in a new direction.

The process of identifying risks and opportunities involves reviewing and evaluating employee skill sets, equipment capabilities, facility requirements, logistics requirements, environmental and safety risks, and others. In addition, quality control requirements must be reviewed in terms of possible training and equipment needs, and then verified as either adequate or in need of required changes prior to startup.

Process Implementation

The single largest change to the QMS is arguably the notion of written procedures guiding the organization vs. the use of a process approach to enhance the organization’s ability to exhibit systematic control over any/all changes to the products and/or services it provides. This change represents a shift in the approach regarding business operations.

Under a process approach, the management team must:

  • Define inputs and outputs of each process
  • Determine the correct performance indicator(s) to assure compliance and customer specifications have been met
  • Assign appropriate responsibility for these steps

To comply with ISO 9001:2015, the organization must be able to stop a process and rectify the issues of concern prior to a nonconforming product and/or service being given to a customer. As such, employees are empowered to complete a root cause analysis and then notify management of possible change(s) required.

Internal Audit

Corresponding to the process orientation discussed above, the internal audit program will also need to be revamped to go from auditing a single clause to auditing an entire process. This may require additional auditor training for internal auditors, as well as an overall better understanding of the processes the organization follows in its daily business.

The following tips can all help modify the internal audit process to work under the ISO 9001:2015 standard.

  1. Audit one complete process at a time. This will allow auditors to better assess the process itself, identify possible areas for review and improvement, and verify adequacy of current controls in place.
  2. Develop flow charts that outline every step in the process(es) and the associated procedures, work instructions, and forms required to assure compliance of each identified step.
  3. Look for areas throughout the audit where the product and/or service hand-off between departments and equipment cells may be unclear or confusing, leading to a potential nonconformance to the customer.

Big Steps toward Continuous Improvement

While any one of the changes discussed above would represent a significant improvement over the 2008 version of ISO 9001, taken together and implemented properly, the 2015 updates are set up to help organizations take large step towards continuous improvement.

Under ISO 9001:2015, day-to-day operations should:

  • Be more functional and harmonious
  • Allow for improvements in product and/or service hand-offs between departments
  • Improve the consistency of delivering to the customer exactly what is requested
  • Reward the organization with improvements to internal functions and lower costs over time

 

22 Jun
World-Class Compliance Pt 5: Compliance Assurance Program

This is the fifth in a series of five articles on developing and maintaining a world-class compliance assurance program.

A well-designed and well-executed compliance assurance program provide an essential tool for improving and verifying business performance and limiting compliance risks. Ultimately, however, a compliance program’s effectiveness comes down to whether it is merely a “paper program” or whether it is being integrated into the organization and used in practice on a daily basis.

The following can show evidence of a living, breathing program:

  • Comprehensiveness of the program
  • Dedicated staff and resources
  • Employee knowledge and engagement
  • Management commitment and employee perception
  • Internal operational inspections, “walkabouts” by management
  • Independent insider, plus third-party audits
  • Program tailoring to greatest risks
  • Consistency and timeliness of exception (noncompliance/nonconformance) disclosures
  • Tracking of timely and adequate corrective/preventive action completion
  • Progress and performance monitoring

Best Practices

To achieve a compliance assurance program on par with world-class organizations, there are a number of best practices that companies should employ:

Know the requirements. This means maintaining an inventory of regulatory compliance requirements for each compliance program, as well as of state/local/contractual binding agreements applying to operations. It is vital that the organization keep abreast of current/upcoming requirements (federal, state, local).

Plan and develop the processes to comply. Identify and assess compliance risks, and then set objectives and targets for performance improvement based on top priorities. From here, it becomes possible to then define program improvement initiatives, assign and document responsibilities for compliance (who must do what and when), develop procedures and tools, and then allocate resources to get it done.

Assure compliance in operations. The organization needs to establish routine checks and inspections within departments to evaluate conformance with sub-process procedures. Process audits should be designed and implemented to cut across operations and sub-processes in order to evaluate conformance with company policies and procedures. Regulatory compliance audits should further be conducted to address program requirements (e.g., environmental, safety, mine safety, security). Audit performance must be measured and reported, and the expectations set for operating managers to take responsibility for compliance.

Take action on issues and problems. Capture, log and categorize noncompliance issues, process nonconformances, and near misses. Implement a corrective/preventive action process based on the importance of issues. Be disciplined in timely completion, close-out, and documentation of all corrective/preventive actions.

Employ management of change (MOC) process. Robust MOC processes help ensure that changes affecting compliance (to the facility, operations, personnel, infrastructure, materials, etc.) are reviewed for their impacts on compliance. Compliance should be assured before the changes are made. Failure to do so is one of the most common root causes of noncompliance.

Ensure management involvement and leadership. Set the tone at the top. The Board of Directors and senior executives must set policy, culture, values, expectations, and goals. It is just as important that these individuals are the ones to communicate across the organization, to demonstrate their commitment and leadership, to define an appropriate incentive/disincentive system, and to provide ongoing organizational feedback.

Maintaining Ongoing World-Class Compliance Assurance Program

The compliance assurance program must be a living, breathing program. As risks change, the program must be refreshed, refined, and redeployed. A Management System framework can help ensure operational sustainability. A Management System drives the auditing process and helps companies say what they will do, do what they say and, importantly, verify it.

Together, there is a real value at the intersection of a compliance assurance program and Management Systems. Management Systems define the internal controls that are in place to reduce risks, prevent losses, and sustain and improve performance over time through the Plan-Do-Check-Act (PDCA) cycle of continual improvement.

Testing and Monitoring

Testing, monitoring, and measuring are crucial elements of this cycle. Without them, it is difficult to understand what is working and what needs improvement. Robust testing and monitoring programs can serve as early warning systems for identifying potential compliance risks before they become enforcement issues.

Compliance should be tested and monitored throughout each level of the organization. A strong testing program will evaluate the results of the compliance risk assessment and assign compliance risks to the business units and processes where they are most likely to occur, creating clear lines of responsibility and accountability. Key risks and the related controls should be tested periodically using statistically valid sampling methodologies, and monitoring activities should be performed on an ongoing basis. Doing so produces trend data that provides the rationale needed for making changes to underlying business processes, as well as emerging risks.

Ongoing compliance excellence relies on top management, operations managers, EHS personnel, and individual employees throughout the organization working together to build and sustain an organizational culture that places compliance on par with business performanceSenior management must focus on the overall culture of the company in terms of taking the necessary steps to reduce risk and make prevention part of daily operations. While it may be impossible to eliminate all risk exposure, a solid risk framework, assessment methodology, and compliance assurance program can help to prioritize risks for active management, sustained compliance, and positive business impacts.

Read the other articles in this series:

  • 1
  • 2
Sidebar: