chad kymal cto and founder, omnex inc. kymal cto and founder, omnex inc. ... – ohsas 18001...
TRANSCRIPT
Juggling Multiple Standards, Audits and Multiple Risk Assessments:
Too Many Standards? Reduce Complexity and Save Money!
Integrated Management SystemsIntegrated Management Systems – Risk Mitigation Approach
Chad KymalyCTO and Founder, Omnex Inc.
Table of Contents
• Current Business Environment for Standards
• Multiple Management Standards – Integration and Standardization
• Planning, Performing and Managing Audits –Multi-Site
• Integrated Risk Management Enterprise Risk Assessment
• Conclusions
Management Systems Todayg y y
• Organizations today adhere to multiple g y pstandards – some examples include:– ISO 9001:2008 – QMS Standard
– ISO/TS 16949:2009 – QMS Standard
– ISO 14001:2004 – EMS Standard
OHSAS 18001 2007 OH&S St d d– OHSAS 18001:2007 – OH&S Standard
– ISO 17025:2005 – Laboratory Standard
Sarbanes-Oxley (SOX) Financial Controls– Sarbanes-Oxley (SOX) – Financial Controls
– Malcolm Baldrige – Excellence Standards
– JACHO – Medical Industry Quality Standardy Q y
– AS9100 – Aerospace StandardCopyright 2009 Omnex. All Rights Reserved.3
Why Multiple Standards?y p
• Management wants to reduce risks– Quality
– Environmental
– Health & safetyHealth & safety
– Financial
• Markets require itMarkets require it
• Customers require it
• Certification required in order to supply product– Industry
– Government– Government
Copyright 2009 Omnex. All Rights Reserved.4
The Challenge of the Enterprise –Multi-Site, Multi-Language, and Multi-Cultural with Multiple Standards, Audits and Risk Management
Plants
Design Centers
Plants
Corporate
E titi i N A i Sales OfficesEntities in N. America, Europe and Asia
Copyright 2009 Omnex. All Rights Reserved.55 Copyright 2009 Omnex. All Rights Reserved.
Enterprise Problem Statementp
• Lack of consistency (of standards, processes, audits, risk t bl l i ) th E t imanagement, problem solving) across the Enterprise
• No central access for improvement data– Outdated systems, non-complaint software
– Systems Incompatibility – Integration needs
• Process Inefficiencies – Little or no knowledge transfer or best practices between facilities
– No common nomenclature for quality metrics (including audit nonconformities)
– No integration in quality and business planning efforts (audit ti )practices)
• Lack of flexibility and functionality in current practices
This leads to financial loss due to nonconforming product/processes and non-
Copyright 2009 Omnex. All Rights Reserved.6
g p pvalue added activities
6 Copyright 2009 Omnex. All Rights Reserved.
Multiple Management Standards
Single Entity - Stand-Alone Implementations Mean More WorkImplementations Mean More Work
OHS BMS Manual
EMS Manual
Lack of Integration – Resultsg
• Duplication of processes, audits and risk p p ,assessment
• Increased cost to implement and maintain management systems, audits, and the risk
l ianalysis
• Increased cost to maintain system, conduct audits or risk management systems
Copyright 2009 Omnex. All Rights Reserved.9
Lack of Integration – Duplication of ProcessesProcesses
Confusion for Top Managementp g
• Management has four reviews – for example:1 ISO 9001 2008 (QMS)1. ISO 9001:2008 (QMS)
2. ISO 14001:2004 (EMS)
3 OHSAS 18001:2007 (OHSAS)3. OHSAS 18001:2007 (OHSAS)
4. Review performed in order to operate the business
I really don’t have time for this! Do I need this??
Copyright 2009 Omnex. All Rights Reserved.10
Do I need this??
Lack of Integration – Duplication of ProcessesProcesses
Confusion for the Engineerg
• When designing a product:St d lit d f FMEA d C t l– Study quality procedure for FMEA and ControlPlan
– Study EMS planning procedure for aspects andStudy EMS planning procedure for aspects andimpacts
– Study OH&S planning procedure for health andf t i ksafety risks
I don’t do QMS, EMS or OHSAS; I just do my job!
Copyright 2009 Omnex. All Rights Reserved.11
Why am I doing Risk Analysis multiple times?
Lack of Integration and Standardization in ProcessesProcesses
Integration and Standardization CombinedCombined
13
Omnex Integration Methodologyg gy
• 80% of ISO 9001 integrates with ISO 14001 / OHSAS 18001
• Over 90% of ISO 14001 and OHSAS 18001 can be integrated
Process / System ISO 9001 (and other ISO 9001-based standards)
ISO 14001
Planning Use Business Planning and Policy Deployment Process
Integrate
Document Control Document Control Process Use the Same Process as ISO 9001 With Some Change
Operational Controls Work Instructions on the Plant Floor Integrate the EMS Controls into the ISO 9001 Work Instructions
Internal Audit Internal Audit Process Use the Same Process With Different Checklist
Nonconforming Nonconforming Process for Quality Rejects Document a Similar but Different Process forNonconforming Nonconforming Process for Quality Rejects Document a Similar but Different Process for Environmental Nonconformities
Corrective and Preventive Corrective and Preventive Action Process for Quality Problems
Use the Same Process as ISO 9001 for Environmental Problems
Management Review Business Review Process Use the Same Process as ISO 9001
Copyright 2009 Omnex. All Rights Reserved.14
Implementing Integrated Management Systems DocumentationSystems Documentation
• Manage integration – including documents from other it /l l t i l lsites/levels to any given level
Copyright 2009 Omnex. All Rights Reserved.15
Implementing Integrated Management Systems DocumentationSystems Documentation
Copyright 2009 Omnex. All Rights Reserved.16
Implementing Integrated Management Systems DocumentationSystems Documentation
Copyright 2009 Omnex. All Rights Reserved.17
Lack of Integration – Increased Cost to Implement and Maintainto Implement and Maintain
• Duplication of Documents– Multiple teams/personnel work on the same or similar
documents and Risk Analysis• For example: management review, document control, training
and risk analysis
• More Costly to Maintain– It is costly for an organization to conduct four managementIt is costly for an organization to conduct four management
reviews or to have three document control procedures or three risk analysis processes
We estimate that implementation costs reduce by half when they are integrated
The biggest savings are actually seen in the elimination of maintaining duplicate processes – three separate processes integrated into a single
Copyright 2009 Omnex. All Rights Reserved.18
duplicate processes three separate processes integrated into a single process will see a 60% reduction in maintenance costs
Planning, Performing and Managing Audits – Multi-Site
Enterprise-Wide
Conducting Integrated Auditsg g
• Current Auditing Environment– Many Audit Programs – ISO 9001, ISO 14001, OHSAS
18001, Safety Audits, SOX Audits
– Different Audit Types – System, Process, and Product Auditsyp y , ,• Different Forms, Checklists and Audit Reports for each Audit
Type
– Corrective Action Category – Major, Minor, OFIg y j , ,
– Audit schedules and strategies for audit timing vary for each type of audit in different Entities in an Enterprise
– Auditor qualifications varyAuditor qualifications vary
Integrated Audits require Integrated Management Systems and Enterprise Audit Software
Copyright 2009 Omnex. All Rights Reserved.20 Copyright 2009 Omnex. All Rights Reserved.20
and Enterprise Audit Software
Instituting Oversight Company Wideg g p yCorporate Site
Division A – Plt 1 Site
The Rules for all the Div. and Plants for Audit
Division A Site
Division A – Plt 2 -Site
Division A – Plt N-
Plants for Audit Practices are set centrally or collectively
Enterprise software
Division B Site
Division A – Plt N-Site
software can define Sites and Entities Omnex recommends
Division C Site Division A – Plt 1 Site
Standardized Audit Rules instituted through Software Controls enforced
Division X Site
Division A – Plt 2 -Site
Controls, enforced through Security and followed by standardized
Division A – Plt N-Site
21
training
21 Copyright 2009 Omnex. All Rights Reserved.
Audit Templates and Audit Cyclesp y
22 Copyright 2009 Omnex. All Rights Reserved.22 Copyright 2009 Omnex. All Rights Reserved.
Assigning Standard Forms for Audit TypesTypes
23 Copyright 2009 Omnex. All Rights Reserved.23 Copyright 2009 Omnex. All Rights Reserved.
Assigning and Managing Auditsg g g g
Copyright 2009 Omnex. All Rights Reserved.2424 Copyright 2009 Omnex. All Rights Reserved.
Uniform Auditor Qualifications
25 Copyright 2009 Omnex. All Rights Reserved.25 Copyright 2009 Omnex. All Rights Reserved.
26 Copyright 2009 Omnex. All Rights Reserved.26 Copyright 2009 Omnex. All Rights Reserved.
Auditee Work Flow
27 Copyright 2009 Omnex. All Rights Reserved.27 Copyright 2009 Omnex. All Rights Reserved.
28 Copyright 2009 Omnex. All Rights Reserved.28
Nonconformity Managementy g
Copyright 2009 Omnex. All Rights Reserved.2929 Copyright 2009 Omnex. All Rights Reserved.
NC’s by Planty
7
8
4
5
6
of
NC
's John Deere Plant 1
Plant 2
2
3
4
No
. o Plant 3
Corporate
0
1
3/30/2005 6/31/2005 9/30/2005 12/30/2005
30 Copyright 2009 Omnex. All Rights Reserved.30 Copyright 2009 Omnex. All Rights Reserved.
Revealing Site Strengths or WeaknessesWeaknesses
Thi l i i i t t t l dit k l
31 Copyright 2009 Omnex. All Rights Reserved.
This analysis is important to reveal auditor weakness also
31 Copyright 2009 Omnex. All Rights Reserved.
Lack of Integration – Increased Cost to Audit and Riskto Audit and Risk
• External Audit Costs– Registrars use tables to estimate number of days to audit
– Travel costs
– Preparation costsPreparation costs• The cost of an external audit, including travel costs, will be
reduced by 25% for a medium-sized organization with integrated standards
• Internal Audit Costs, i.e., time will be reduced for auditees and auditors
B tt f it t d d d i k• Better nonconformity management and reduced risk to the enterprise
Copyright 2009 Omnex. All Rights Reserved.32
Integrated Risk Management Enterprise Risk Assessment
Quality, Environmental, and Health/Safety
Risk Reduction a Management PrerogativePrerogative
• Top management embraces standards to reduce risks – Business, Personal and Financial– ISO 9001 – Reduce Quality Risks
– ISO 14001 – Reduce Environmental RisksISO 14001 Reduce Environmental Risks
– OHSAS 18001 – Reduce Health and Safety Risks
• Risk Analysis and Reduction is built into each d d d i h h f ISO 14001 dstandard, and is at the heart of ISO 14001 and
OHSAS 18001– Although ISO 9001 does not directly require a risk analysis, g y q y ,
it reduces risks by exception by requiring known practices
– Other QMS standards such as ISO/TS 16949 and AS9100 require that organizations assess both design and q g gmanufacturing risks using DFMEA and PFMEA tools
Copyright 2009 Omnex. All Rights Reserved.34
Lack of Integration and Standardization of Risk AnalysisStandardization of Risk Analysis
• Duplicate Risk Analysis of the same process p y pis conducted for Quality, Environmental and Safety/Health by different teams
• The same risk analysis is duplicated by multiple plants in the same Enterprisemultiple plants in the same Enterprise
Cost to conduct Risk Analysis is multiplied between multiple standards and different Entities of the same plantsmultiple standards and different Entities of the same plants
The risk number is not comparable across standards and
Copyright 2009 Omnex. All Rights Reserved.35
Entities
Integration of Risk Analysisg y
• Integrated Risk Analysis benefits from the use of the same tool – i.e., FMEA for risk analysis
• The FMEA prioritizes risks based on Severity x Occurrence x DetectionSeverity x Occurrence x Detection
• The FMEA tool starts with the Process or Operational Step and assesses different factors of the same process – i.e., Quality, Environmental and Safety and Health Risks
• The same “team” can use the same “tool” and the• The same team can use the same tool and the same “thought process” to discern the Q, E, and S&H Risks
Copyright 2009 Omnex. All Rights Reserved.36
Benefit of Integrated Risk Analysisg y
• The benefits come when Risk is understood and assessed using th P Fl d FMEAthe Process Flow and FMEA– When the same process flow is used by the same team, it becomes
clear that there is nothing extraordinary about Risk Analysis; it is the studying of the same process for a different factor or businessthe studying of the same process for a different factor or business risk
• There is more consistency in understanding, rating and evaluating risk when the format is standardized and the ratingsevaluating risk when the format is standardized and the ratings are made consistent
• Since the whole exercise was conducted to arrive at a risk number, the VALUE of using the FMEA and Standardizednumber, the VALUE of using the FMEA and Standardized Rating table is immense– Suddenly, the numbers can be compared between Q, E, and H&S
risks in one plant p
Copyright 2009 Omnex. All Rights Reserved.37
Consistency Between PlantsConsistency Between Plants
• Typically, organizations have similarTypically, organizations have similar processes– For example, all our plants have a Molding
process and Laboratory
How have we rated risk between plants?
Were we consistent in rating common manufacturing
processes?
Copyright 2009 Omnex. All Rights Reserved.38
Standardizing Risk by Process FamiliesFamilies
• Once we understand that there are “Global Process” types in the company, we can conduct risk analysis for a “Process Type” and then use this risk assessment as the basis for other similar processes worldwide
• Organizations can use this as a starting point and if there is any disagreement on the risk rating, they can discuss it with the “Global Champion”
Copyright 2009 Omnex. All Rights Reserved.39
Using Software for Integration and Standardization of Risk
AQuA Pro Software
Integration and Standardizationg
Copyright 2009 Omnex. All Rights Reserved.41
Integration and Standardizationg
Copyright 2009 Omnex. All Rights Reserved.42
Integration and Standardizationg
43
Integration and Standardizationg
Copyright 2009 Omnex. All Rights Reserved.44
Integration and Standardizationg
Capabilitiesp
• Global Processes and Tables
• Process FamiliesProcess Families– Sub family inheriting the family (parent) process is
able to change the parent process without ff ti th taffecting the parent
– New process development focuses on what is being changed not redeveloping what is knownbeing changed not redeveloping what is known
Copyright 2009 Omnex. All Rights Reserved.45
Why Integrated Risk Assessment?y g
• The value of implementing ISO 9001, ISO 14001 and OHSAS 18001 is to manage risk in organizations
• Companies worldwide are implementing these standards many times using different methodologiesstandards, many times, using different methodologies and tools even within the same company– Often times the Severity, Occurrence and Detection tables
t t d di d d i t tlare not standardized or used consistently
• Risk numbers and priorities are meaningful in organizations (across entities) only if the g ( ) ytool/methodology is standardized and Severity, Occurrence and Detection tables are standardized
Copyright 2009 Omnex. All Rights Reserved.46
Why Integrated Risk Assessment? (cont’d)(cont’d)
• Efficient risk analysis and standardization of yrisk assessment takes place when an entire organization uses the same methodology
• Furthermore, techniques of risk assessment such as Family of Processes (called Global P F ili ) d P d t F ili h lProcess Families) and Product Families help organizations save time by transferring knowledge between entities of an enterpriseknowledge between entities of an enterprise– Integration and Standardization of Risk is what
can be coined as Enterprise Risk Assessment
Copyright 2009 Omnex. All Rights Reserved.47
Lack of Integrationg
• Causes Confusion
• Increases Cost to Implement and Maintain
• Increases Costs overall for managing standards, audits, and risk management
Do We Agree?
So What Do We Do To Integrate?Copyright 2009 Omnex. All Rights Reserved.48
Conclusions – Why?y
• Integrated Management Systems, Integrated Audits and Risk Analysis are inevitable
• Integrated Management Systems, Integrated Audits and Risk Analysis save moneyand Risk Analysis save money– Reduces confusion and duplication of efforts
– Reduces implementation costs by 50%, reduces i t t b 60%maintenance costs by 60%
– Reduces internal and external auditing costs by 25%
– Reduces Risk Analysis for QMS, EMS, and OHSAS by over 50%
• Using Enterprise Software Integrated Management Systems and Risk Analysis is made easySystems and Risk Analysis is made easy
Copyright 2009 Omnex. All Rights Reserved.49
For More Information on …
• Integrated Management Systems– Webinar: Managing Documents in the Global Environment of
the 21st Century
– Webinar: Juggling Multiple Standards – Integration, gg g p g ,Standardization and Linkages
• Enterprise Audit ManagementWebinar: Save Time and Money Through Enterprise Audit– Webinar: Save Time and Money Through Enterprise Audit Management
• Integrated Risk Management – Integrated Risk Management for Quality, Environmental,
Health & Safety – Enterprise Risk Assessment (presentation by Chad Kymal to NOSHCON)
50 Copyright 2009 Omnex. All Rights Reserved.
These items and more are available from the Omnex Resource Center
Enterprise-Wide Integrated Management SystemSystem
51
EwQMS Suite
© 2008 Omnex. All rights reserved52
Questions?Questions?
53 Copyright 2009 Omnex. All Rights Reserved.