This is what an audit schedule used to look like…. Welcome to the 1970’s PROCEDURE JAN Corrective and Preventive action RG Documentary control Internal audits Purchasing Design Management Review FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC RG RG RG FB FB GM GM RG RG RG RG There had to be a better way. What is risk based auditing (RBA)? • • • • • • Focus your limited audit resource where it can do the most good (areas of high net risk / where failure has highest impact). Do not waste time auditing what your metrics tell you doesn’t really matter Ensure you assign appropriate audit resources to appropriate audits (skills and competencies) In order for RBA to work the organisation needs to understand its risks and be able to rank them Risks change through time therefore your audit programme must change through time Don’t forget opportunities. New standards talk in terms of R&O. Audits will need to focus on more than just the problems. Just add rationale… Risk based audit programme RISK AREA JAN Production of steel fabrications, Korea RG FEB MAR APR RG MAY JUN RG JUL RG Back office functions, UK SEP OCT RG NOV RG RG Design studio, Spain FB Denver bridge contract documentation FB GM Concrete research facility, UK 2014 Project initiations AUG RG RG GM GM FB GM GM GM GM DEC Risk Based Auditing - Case Studies 1 x Engineering focus 1 x Construction focus Case study 1 Meet Paula Adkins Executive Vice President Quality Assurance and Supplier Quality • Ownership of the Rolls Royce QMS • Ownership of the Supplier Management System • Global certification programme (Q & HSE) and management of certification body relationship • Independent Corporate audit programme management • Process ownership of a number of Company-wide Group Procedures • Professional competency development for key Quality roles Risk based QHSE auditing at Roll-Royce PLC There are a number of types of audits carried out at corporate and local level: • • • • • • Quality systems Business processes HSE systems/ topics Production process Special process Supplier Risk criteria used to determine Rolls Royce audit plan Impact on brand/ reputation Previous audit findings Impact on customers Shareholder priority Impact on profit Time since last audit Impact on people safety Operational Performance Impact on product safety Change management Impact on business continuity Part classification Impact on product / service process Third party /external/ regulatory approval status Weightings applied to risk criteria to determine audit priority Category Description Brand Profit Rating 5 3 1 0 Non-compliance damages the RR reputation Global external exposure in the public domain Regional external exposure in the public domain Local external exposure in the public domain No external exposure in the public domain Impact of the results of non-compliance on the company bottom line (cash out and potential earnings lost) Greater than £100m Between £20m and £100m Less than £20m No impact Non-compliance to process leads to unsafe product being released to the customer Could lead to Could lead directly to Could lead to product additional limitations product failing in an operation being being imposed on unsafe manner suspended product operation No impact Risk that could lead to multiple short term absences, long term disability or multiple number of series injuries or an event which would take between two and six months to rectify No impact Non-compliance of process could potentially generate the following HS&E outcomes Safety Risk that could lead HS&E Guidance to multiple long term Health issues: Radiation, Biological (e.g. Legionella), absences, serious Dust (e.g. Asbestos), noise, Hand Arm Vibration, disability or death or carcinogens, stress etc an event which would Safety issues: Chemicals, Fire, Explosions, electricity, take over six months height, confined spaces, machines etc to rectify Environmental issues: Emissions, carbon foot print, airborne contamination, water contamination, soil contamination etc Risk that could lead to short term disability, serious injury or large number of minor injuries or an event which would take between a week and two months to rectify ‘The risk based auditing approach ensures resources are engaged appropriately, on the important areas and topics for our business to enable direct focussed continuous improvement’. ‘As a result there has been a reduction in the number of major findings even with an increased level of auditing across the organisation’. Case study 2 Global Undercarriage Product Group Member Meet Steve Blackett Caterpillar Skinningrove Limited Quality Manager • Manager of the Caterpillar SL QMS (extension of ISO 9001:2008) • Responsible for Caterpillar SL 1st and 2nd party audit programmes Risk based Quality and HSE auditing at Caterpillar SL There are a number of types of audits carried out: • • • • • • Quality systems In process validation (IPV) Supply chain and incoming quality Caterpillar Production Systems and business processes Pre-delivery inspection Safety Risk based Quality and HSE auditing at Caterpillar SL There are a number of types of audits carried out: • • • • • • Quality systems In process validation (IPV) Supply chain and incoming quality Caterpillar Production Systems and business processes Pre-delivery inspection Safety Risk criteria used to determine audit programme at Caterpillar SL Impact on brand/ reputation Previous audit findings Impact on customers Perceived process robustness and performance Impact on profit / growth Degree of change and new product introductions Impact on product safety Impact of cost of poor quality Impact on business strategy / target adherence Quality System RBA Title Severity of non conformities raised at last audit Impact to organisation or customer if process not followed 1 1 1 1 12 1 1 1 1 12 Organisational chart 3 1 1 3 12 Matrix of ISO clauses 1 1 1 1 12 1 2 3 6 6 3 1 2 6 6 1 1 2 2 12 2 2 2 8 6 1 2 2 2 12 3 2 2 12 6 Management system manual Interaction of business processes Planning procedure Engineering changes and new products Subcontracting Direct purchasing Yard operations Plasma Operations Significant process or personnel changes in last six months Risk rating Audit frequency In process validation and quality gates at Caterpillar SL In process validation RBA QG1 QG2 Process 1 Activity A Activity B QG1 risk based assessment Checklist weighted score Staffing plan weighted score Tools and technologies weighted score Non conformance mgt weighted score QG1 pass mark set Pass, gate opens, Fail gate shuts and remedial action taken Activity C Activity D Activity E QG2 risk based assessment Checklist weighted score Staffing plan weighted score Tools and technologies weighted score Non conformance mgt weighted score QG2 pass mark set Pass, gate opens, Fail gate shuts and remedial action taken Partnership working with TATA Supply chain and incoming quality 80% of supply costs QG1 QG2 Process 1 Activity A Activity B Activity C Activity D Activity E CAV IPV risk rating audit system example (in-process validation) Does RBA work? ‘The quality gates & in process validation put in place by Caterpillar & TATA has seen real cost benefits to both businesses. The key has been working together by means of weekly meetings & updating the checklists & also moving quality gates to other areas of the value streams if required. Risk based auditing allows us to direct resource appropriately & helps deliver bottom line results’. So where do IRCA fit into the audit picture? The International Register of Certificated Auditors (IRCA) is the leading professional body for management system auditors, offering a globally recognised business qualification • Formed in 1984 – Government enterprise initiative • First of our kind - structure replicated around the world • 12,000 members in 155 different countries • 101 IRCA approved Training Organisations • Offices in London and Tokyo So where do IRCA fit into the audit picture? The International Register of Certificated Auditors (IRCA) is the leading professional body for management system auditors, offering a globally recognised business qualification • Formed in 1984 – Government enterprise initiative • First of our kind - structure replicated around the world • 12,000 members in 155 different countries • 101 IRCA approved Training Organisations • Offices in London and Tokyo Vision • To make a positive and profound contribution to the business management systems audit profession • To inspire and empower auditors and auditor training organisations worldwide to achieve excellence • To promote the value auditors add to businesses Sector Schemes AEROSPACE MARITIME BUSINESS CONTINUITY OCCUPATIONAL HEALTH & SAFETY EICC (ELECTRICALS) PHARMACEUTICAL ENVIRONMENTAL QUALITY ENERGY SOCIAL SYSTEMS FOOD SAFETY SSIP INFORMATION SECURITY TickIT IT SERVICE Sector Schemes AEROSPACE MARITIME BUSINESS CONTINUITY OCCUPATIONAL HEALTH & SAFETY EICC (ELECTRICALS) PHARMACEUTICAL ENVIRONMENTAL QUALITY ENERGY SOCIAL SYSTEMS FOOD SAFETY SSIP INFORMATION SECURITY TickIT IT SERVICE IRCA Grades available • • • • • • Provisional Internal Auditor Internal Auditor Provisional Auditor Auditor Lead Auditor Principal Auditor New ‘business stream’ grades to be introduced + CMSA What identifies an IRCA registered auditor? IRCA registered auditors are auditors who have: • met the required standards of training, technical experience, work experience and audit experience • committed to and undertake on-going professional development to keep up to date with developments in standards, auditing methodology, industry and regulatory requirements • committed to working to the professional standards set out in the IRCA code of conduct. Meet the parent • IRCA are a division of the CQI • The CQI was founded in 1919 as the Institute of Engineering Inspection • The CQI provides a focus for quality professionals, (Quality Directors, Quality Managers) and organisations who are serious about quality • 1,000 current CQI members working in Construction and 1,950 working in Engineering • Operate Construction and Engineering special interest groups Types of CQI membership Individual membership – Associate, Practitioner, Member, Fellow (CQP) Company membership – Access to CQI body of knowledge no formal accreditation Corporate membership – formal accreditation of your organisation There are case studies on CQI site setting out the benefits of membership from organisations’ perspectives Examples of Construction and Engineering company members of the CQI Opportunity for questions Thank you
© Copyright 2024 ExpyDoc