Authors Posts by ISOUpdate.com

ISOUpdate.com

104 POSTS 5 COMMENTS
ISO Update aims to provide information, resources, and updates around the Standards and Certification industry. We believe that organizational standards can help businesses of all shapes and sizes become more efficient and successful on a local, federal, or global scale.

0 36

More organizations are looking to upscale their business and benefit from the implementation of international standards. To determine the factors that play an important role in the growth of an organization we must determine the disruptive forces that affect the organization’s growth directly or indirectly. There are four major trends which ISO deemed crucial disruptive factors for organizations and their interested parties, which were highlighted by the ISO General Assembly:

  • Economic and trade uncertainty
  • Changing societal expectations
  • The impact of climate change
  • The digital transformation

In this article, we will shed light on each of the above points which were discussed during ISO Week 2019 held in Cape Town, South Africa on 16-20 September 2019.

Jodi Sholtz, Group Chief Operation Officer, from the South African Department of Trade and Industry, said, “Without appropriate standards, it will be impossible to address multiple challenges at a global and national level. Standardization provides the tools to achieve sustainable development, to counter the immediate threat posed by climate change and, amongst other things, secure gender equality and optimal health.”

INCREASING TRADE UNCERTAINTY

Today, organizations develop international influence and operate on a global scale which helps bring economic growth but also brings about trade uncertainty. To combat uncertainty, inclusive economic growth is essential through standardization and the use of internationally recognized standards to minimize the growing inequality, economic concentration and marginalization of many developing countries. 

As ISO President John Walter explained, “The economy is obviously one of the most important drivers of change and there is an unquestionable role for us to play in restoring faith in the values of free trade and multilateralism.”

CHANGING SOCIETAL EXPECTATIONS

New models like the “sharing economy” bring new challenges for regulators and policymakers who must adapt and problem solve through standardization.

Standards are crucial in a sharing economy because of the disruptive nature of these evolutions. As with any other changing factor, adaptation is key to many problems.

“Those who stand to lose in the sharing economy are traditional industries that refuse to adapt and those using conventional business models that refuse to evolve,” said Tarryn Daniels from the Consumer Goods Council of South Africa.

IMPACTS OF CLIMATE CHANGE     

Climate change is affecting every aspect of human life globally, and its impact on trade may affect your business. Unpredictable weather will greatly impact industries throughout the world.

“International trade depends critically on well-functioning transport links. Environmental challenges such as extreme storms, floods, changes in temperature, humidity or precipitation and rising sea levels will have significant impacts on transportation infrastructure such as ports,” according to Regina Asariotis of the United Nations Conference on Trade and Development (UNCTAD). Better risk assessment and preparation will help ensure successful adaptation to climate change.

DIGITAL TRANSFORMATION

Speakers looked at what the rapid evolution and adoption of digital technologies could mean for businesses and society. For example, what does digital transformation mean for businesses? How are digital technologies changing what and how we trade? And how are digital technologies driving entrepreneurial growth and innovation? Technology brings about many positive changes from providing efficiency and accuracy to facilitating speed and ease. Life without digital interference seems to be unfeasible now. The rapid evolution and adoption of digital technologies is more vital now than ever before for organizations who wish to stay relevant and efficient in their industry.

ISO SOLUTIONS

The objective of the ISO General Assembly is to develop International Standards in response to market needs. Innovation is not just about change or a few bright ideas; it’s about filling the void between old and new, it’s about finding solutions to the problems that have already arisen and that have yet to come through mindful analysis, and it’s about addressing crises internationally and providing improved solutions through standardization. Together, these four trends – economic and trade uncertainty, changing societal expectations, the urgency for sustainability, and digital transformation – make up the disruptive forces that will shape the direction of ISO’s future strategy on the path to 2030. As a first step, ISO is developing a new series of International Standards on innovation management. Stay tuned to ISO Update to learn more about new and updated standards as they are released.

0 165
Importance of Audits - ISOUpdate

Audits, specifically those done to prove compliance with an ISO standard, are on-site verifications which include inspections and thorough examinations of your organization’s systems that verify their compliance with a certain ISO standard. This is done to ensure sufficient compliance with the requirements of the management system(s) and to track and improve the efficiency of your operational processes. There are various types of audits depending on what they are meant to audit or who your auditors are, each with their own range of unique benefits. We will talk about the different types of audits you will experience in each cycle of your certification, some of the requirements of each type of audit, their purpose and goals, how they will help you as an organization, and the overall importance of auditing to the growth of your company.

Types of Audits

The classification of audit types is based primarily on the relationships between the participants and the examiners. ISO audits have 2 main types, Internal and External Audits.

Internal Audits

These are performed by internal auditors who are employed by the organization being audited and are also known as first-party audits. They’re performed within a company to verify the efficiency of their own adopted procedures and check for conformance to international standards and possible shortcomings. An internal auditor typically has a working knowledge of your organization and knows “what makes your company tick”. Internal audits are meant to dive deeply into your processes and uncover anything and everything that could or might be a non-conformance to the External Auditor. It is during Internal Audits that you want to find, report, and later act on these findings to help improve your organization.

When conducted by an audit team comprising of employees from a different department, you can maintain impartiality and ensure less conflict of personal interest. If provided with the appropriate training, these teams of internal auditors can offer objective insight with the added advantage of knowing the context of the organization inside out by virtue of working there and offering more specific feedback in view of it.

Internal audits allow you to inspect your company and ensure compliance with laws and regulations in a more casual environment with lower stakes. Because the internal auditor is typical a colleague, you should feel much more at ease when the auditor is around. The Internal Auditor is your friend! As with any audit, you do not want to hide information or mislead the auditor to make the audit go by quicker; you should view these audits as an opportunity to learn and grow from shortcomings and prove to your external auditor that you are working towards constant improvement. They operate as an essential tool in preparing you for your next external audit.

Most international standards include internal audits as an important part of the ongoing process towards continual improvement for an organization because they allow you the opportunity to constantly monitor and review the efficiency of your processes. Internal Audits give your organization an opportunity to identify potential risks and gaps in your system and design corrective actions before they start costing the company. They also help you track and document changes that are important to present to external auditors when seeking certification.

Internal Audits are typically held at least once per year and before external auditors are brought in. Internal audit findings will not put your certification in jeopardy and help to prove to the external or third-party auditor of your compliance with the standard.

External Audits

Also called “third-party” audits, external audits are performed by impartial auditors and can be called objective assessments of company procedures and provide transparency and confidence to interested parties that your organization is truly running an effective and compliant management system. Objective assessments and their feedback allow these interested parties to be better informed about your organization. With most ISO standards, you are not required to disclose audit results, but if you receive favorable feedback from your audits, you may be inclined to promote that with permission.

External Auditors are typically contracted by your accredited Certification Body and assigned to audit your processes during your 3-year certification cycle. The auditor will come to your site for a set period to prove compliance with an ISO Standard resulting in the certification approval or approval pending corrective action. It is important to note that external, or third-party, audit length is determined based on requirements published by the International Accreditation Forum (IAF) that apply to all accredited Certification Bodies.

Corrective actions must be taken if the external auditor finds a non-conformance in your system that will be detailed in their closing meeting with you and in their report. External Audits are necessary if you wish to hold an accredited ISO Certification, and are a great way to help your organization with impartial evaluation and reports, international certification and recognition.

Summary

Audits are a stressful time for most organizations. They can be seen by employees as head office spying on them and they may feel their jobs are at risk. It’s important to explain the role of audits for the greater good of the organization and to reassure your people that this is meant to show how the company can improve, and not an opportunity to point fingers and blame.

Internal audits should be a chance for employees to speak up, have their voices heard and shed light on aspects of their processes that could be improved. The internal auditor should be someone who understands your organization but can remain objective. It is during the internal audit that your organization wants to find areas for improvement, so don’t hide things or avoid things to make your job easier.

External audits are typically stressful because there is a lot more at “stake”. Don’t worry, the auditor does not want to take away your certification, they want to prove why you should achieve it. An external audit cycle is 3-years with Year 1 granting certification and Years 2 and 3 providing surveillance to ensure your certification can be maintained. External audits are typically more formal but should still be viewed as a learning and growth opportunity. Do not hide or avoid topics with your auditor and be sure you are prepared to report on the findings from your internal audit and how you are making the changes and improvements from those audits. Third-party audits should add value to your organization, and provide a chance to demonstrate you are running an effective and successful business.

What to Do If you Feel Your Audits or Certification Isn’t Effective

If you feel your audits are not adding value to your organization, before you drop your certification, consider if your audits are effective. You may want to bring in a consultant or expert to help your organization truly understand just how helpful ISO Certification is and how important audits are to the continual improvement of your organization.

If you are unhappy with your current audits or auditor, do not feel trapped. Talk to your Certification Body, they should be more than willing to accommodate an auditor change depending on your location, auditor availability and certification cycle. Consider the cost-benefit here. If you are not seeing the value of audits with your current auditor, a slight change in cost for a new one who might have a higher travel cost may be more cost-effective for your organization than simply accepting a lower quality audit. If your CB will not accommodate your change request, know that you are never obligated to remain with a CB. You may want to consider transferring your certificate and understand the cost-benefit from transfer fees to better service or higher satisfaction. When searching for a new CB, express your current troubles and expect an answer for how this new CB will rectify the issues.

0 240
SMART Goals for Internal Audits - ISOUpdate

Despite how important and often necessary internal audits are for the growth of a company, very rarely does most management take the time out to concisely list their expectations and objectives for them.
To make the most of your internal audit and reap maximum benefits from them, having precise and smart goals is essential. Not only do they save precious time for your company, but they also ensure that your audit goes smoothly and prepares you for the future.

What is a SMART Goal?

Setting strategic and attainable goals is a vital part of growing your business as they provide you with a target to work towards. Goals function as a means of motivation and help you focus on a specific task rather than a vague concept of betterment. Since they’re so important, it’s also prudent to spend time to ensure the goals you set are SMART.

Here SMART is an acronym that stands for:

Specific: The goal needs to be clear and precise. Specific goals have a higher likelihood of being accomplished than generic ones. To check if your goal is specific enough, see if it answers a few questions like “What needs to be done?” “Who will work on the documentation process?” and “What apparatus will the work involve?” These will provide you with a sense of direction regarding your goal and take the guesswork out of the process for better efficiency in your operations.

Measurable: You need to create a scale that helps measure your progress towards your goal. Having measurable goals provides an opportunity for positive feedback on the progress you have made and a source of motivation to achieve your objectives. Additionally, having well-defined goals and a means to measure them accordingly helps you identify possible setbacks and trends so you can work on these problems proactively for the future. Ask yourself questions like: “How will I know if my goal has been achieved?” “In the meantime, what are some progress indicators to look out for?”

Achievable: Needs to be within the realm of possibility to achieve. If a goal is too difficult it will quickly demotivate anyone set out to accomplish it; similarly, if a goal is too easy it’s prone to fall into a procrastination pile for the same reasons. Because of this, a smart goal must be both challenging yet achievable.

Realistic: Goals should be realistic within the set time frame. You need to give yourself enough resources to ensure the goal is achievable. Ask yourself if you’re able to commit to the goal and if it’s one that has previously been accomplished within similar parameters.

Timely: Specify a timeline that includes a set starting and ending date to complete your project. You need to remember to allow yourself ample room for error or delay while also setting reasonable time frames to create a sense of urgency so you’re more likely to start on it.

Smart Goals and Objectives for Internal Audits

When setting out to create objectives for internal audits, it’s a good idea to include a list of benefits for successfully completing the audit to help remind you of why you’re doing this. Personal goals and ambitions can be tied in with the company’s objectives here to help lend it a more personalized touch.

Prior to setting out your plan of action, brainstorm on topics such as availability of possible mentors during the process, connections and previously encountered obstacles. These may come in handy during the auditing process and help you to better understand your options.

A good general action plan may look like this:

  1. Interview management, decide audit scope while setting parameters, decide on suitable audit procedures.
  2. Test out and experiment in reference to scope decisions to ensure these are fair parameters.
  3. Study and document various systems or operations in perspective of the audit.
  4.  Identification of potential risks in operations as well as suggested changes.
  5. Communicate with management regarding the previous phase and finalize changes.
  6. Finish documentation and include findings of the audit.
  7. Include a safety buffer of timing in case of unexpected delays in the previous procedures.
  8. Successful completion of the Audit.

0 264
Improving Your Root Cause Analysis - ISOUpdate.com

When analyzing a problem and determining its root cause, you need to apply logical and critical thinking, analytical skills and calculations to fit pieces together like a puzzle to present a picture that makes sense to the beholder. When fixing a problem, it shouldn’t be enough to just use a band-aid solution – if you fix the symptoms only, the problem is more likely to occur again. You should want to determine the root cause of the problem to ensure that it never happens again. Determining a root cause can be an easy few questions and answers, but here at ISO Update, we want to help you improve your ISO 9001 Root Cause Analysis to ensure your organization is performing at its best.

Determining your Root Cause

A root cause analysis is a technique used to understand and solve a problem. It helps the observer to locate the cause and reason/factors that led to the problem in the first place. Simply put, by performing a root cause analysis you will identify the problem, find its cause and determine what measures should be taken to erase the problem to ensure it won’t happen again.

  • What is the problem?
  • What are the symptoms?
  • What circumstances prompted this problem to arise?
  • What caused the problem?
  • Are there other problems related to this problem?

Using open-ended questions and continuing to be curious will allow you to determine the actual problem, and its actual cause, not just your initial assumptions. It’s entirely possible your assumption is correct, but ensure you are properly investigating every aspect of the problem and its cause to ensure you are not providing band-aid solutions to problems that aren’t really a problem. The more you polish your ability to question your surroundings, the more your brain will grow its powers of analysis, cause detecting abilities, and potential abilities to root out any problem. Using frameworks and techniques like the 5 Whys – used in the Analyze phase of the Six Sigma DMAIC (Define, Measure, Analyze, Improve, Control) methodology – can help you organize your thoughts into a rational flow while digging deep into the root cause of a problem.

The 5 Whys & Its Benefits

The 5 Whys Methodology asks you to “Ask Why”. It’s an interview and questioning tactic meant to help in identifying the root cause problem quickly, and logically. Furthermore, it helps in determining the relationship between different root causes, it can be learned quickly and doesn’t require statistical analysis. The first rule of thumb for determining any cause of the problem is understanding the fundamental issue. It consists of identifying what exactly is the problem.

Let’s consider an example – Problem Statement: You are on your way to work and your car stops in the middle of the road.

1. Why did your car stop?

  • Because it ran out of gas.

2. Why did it run out of gas?

  • Because I didn’t buy any gas on my way to work.

3. Why didn’t you put gas in your car on your way to work?

  • Because I was running late

4. Why were you running late to work?

  • Because I over-slept

5. Why did you over-sleep?

  • Because I worked late last night working overtime.

6. Why did you work overtime

  • Because I need more money to afford XYZ

Interesting. Here we learnt that our employees are late to work and losing sleep because they feel they need to work overtime to afford something. What was an original assumption that a person was lazy or unreliable to work, is actually a person struggling and needing more money to enjoy their life outside of work. What may have been a management decision to discipline a late employee now becomes a discussion on employee work satisfaction, wages and overtime best practices. Do not restrict yourself to 5 Why’s, and sometimes 5 is too many, instead use this method to help find answers, ask more questions, and stop asking why when you are satisfied you have valid information to work from.

Why should companies embrace root cause? According to ERIC RIES of Harvard Business Review, there are four benefits

  1. It helps find the human problem.
  2. Determine the time to fix the problem.
  3. Prevent operational problems.
  4. Find your optimal pace of work.

Improving your Analysis

A good way to start expanding your analytical skills is through the power of the observation. The more you expose yourself to different ideas, the more you’ll increase your own cognitive abilities. Analysis is more of a learned skill, like Sherlock Holmes, a powerful observation could reveal to you the most deeply hidden secrets and faults. It’s about honing your skills, keeping your eyes open to the minor details and then filing them away one by one like puzzle pieces. Done properly all the data you store up in your brain will present itself to be sorted in order.

After completing your Root Cause Analysis and learning Why? the next step is figuring out How? How did your system allow this problem to happen? – How to place the data you have collected in its proper order? How to properly do things moving forward? Answering this will help determine the correct order and importance of the events you need to complete to correct your system. Improving your Root Cause Analysis with the 5 Why’s and finding the root of a problem and not just fixing a problem with a band-aid will help your overall business and most likely increase employee morale. Strive to constantly improve your analysis skills by practising your problem-solving skills. Ask questions of your employees and interested parties, and care about their answers. Collect information in the most simple ways – observe your everyday organization, their problems, their triumphs and collect data, categorize everything and then go deeper to the root of the problem to rule out all the symptoms that are causing the problems in the first place. Improve your root cause analysis by always staying curious.

1 285
Becoming an ISO 9001 Auditor - ISOUpdate.com

Are you interested in becoming an ISO 9001 auditor, either for your own organization as a quality specialist internal auditor or for a third-party Certification Body? The role of an ISO Auditor is described as: “responsible for ensuring that the production systems and processes of manufacturing firms comply with ISO standards. They must conduct surveillance and assessment of these firms and report any non-conformity in audit reports. ISO auditors also make necessary recommendations to help the system operate in compliance with required ISO standards.” – Source

You will need to take the necessary steps to train yourself and seek training on the various companion requirements, the standard, and its best practices. Becoming an auditor will take time and a detailed understanding of the ISO 9001:2015 standard.

BECOMING AN AUDITOR

To become an auditor, you will first need the necessary training. As an auditor, you need to demonstrate knowledge of ISO standards and comprehension of the standard you will audit against, along with its companion material and standards for proper auditing techniques and expectations. Consider taking introductory-level courses if you are brand new to ISO 9001 like an awareness course or introduction to the standard course. These courses are often low cost, and low time commitment and allow you to learn about the standard either in class or online. You will also need to take a Lead Auditor or Internal Auditor course to learn auditing techniques and requirements.

Looking for a training program? ISO Update can help!

Completing audits as an observer or auditor-in-training will help you meet requirements for audit experience and learn from experienced auditors.

Consider your work history and work experience too. Once you become an auditor, obtaining technical industry codes will help you with booking jobs. For example, if you have experience in construction, you can obtain that specific code which will allow you to audit for organizations with its respective IAF, SIC and NACE codes. Use your work history and experience to your advantage when you are becoming an auditor.

EARNINGS OF AN AUDITOR

The amount of money an ISO auditor makes depends upon their experience and auditing skills. An auditor has an earning potential that ranges but is typically around $90,000 USD per year.

INSURANCE

Due to the nature of certification, auditors do expose themselves to legal claims and liability that could be financially detrimental. It is important to recognize these risks, and properly prepare yourself for this with insurance and coverage. If you are working for a CB, they may demand a certain level or plan for you with their own insurance provider, or an industry-standard option in your region. If you are in the United States or Australia, consider looking into Exemplar Global options, found here.

DIFFERENCE BETWEEN AUDITOR AND LEAD AUDITOR

As a Lead Auditor, you are responsible for leading the audit team, preparing the audit plans, delivering meetings and submitting the audit reports and findings at the end of each audit.  If you are part of the audit team, you report to the Lead Auditor who will assign you specific areas to audit and report on, and a timeline to submit your report. You will not be responsible to present during opening and closing meetings, and you will not be responsible for creating and submitting the final audit report.

LEAD AUDITOR ESSENTIAL DUTIES AND RESPONSIBILITIES

  • Possess strong analytical and problem-solving abilities
  • Manage a team of auditors
  • Evaluate an organization’s processes for compliance with quality requirements
  • Develop audit plans and schedules
  • Participate in quality audits (and lead a team of quality auditors, when needed)
  • Identify processes, situations, etc., where an organization is meeting requirements, as well as identify opportunities for improvement
  • Develop audit reports and present to top management
  • Assist with follow-up audits, as required

BECOMING A LEAD AUDITOR:

To be a lead auditor you must have a varying minimum number of years of full-time general work experience and practical experience in applying ISO principles, procedures and techniques. You will need to seek out certification training from a personnel certification body and perform the required auditing time via shadowing other auditors. Lead auditor certification generally requires tertiary education plus two years of work experience as a lead auditor in training.

Auditors should also have strong interpersonal skills and be comfortable with public speaking, and proficient in the written and spoken language in which you will be auditing. Being proficient in Microsoft Office is also helpful as you will need to develop written reports and format appropriately for the organization you are working for.

Auditors should also be able to think outside the box to problem-solve if audit plans do not go according to plan. Whilst an auditor should be prepared well in advanced and aware of time management due to the interpretive nature of auditing an organization, the auditor should also be able to re-prioritize if circumstances out of their control change the plan.

0 317
Big Data in Auditing - ISOUpdate.com

Written by: Ken Lynch of Reciprocity Labs

Behind any pile of data is a story. Ideally, the data provides a well-outlined plot of the strengths, weaknesses, risks, and opportunities that your business faces. Unless your business can analyze this data, the story it tells remains hidden behind facts and figures.

Lucky for modern-day businesses, the conventional approach for auditing and data analytics has provided a baseline for firms to leverage the power of big data. Using these strategies, organizations can predict market patterns, investment opportunities, and business risks- all which influence the decision-making process.

Sadly, the precision at which these conventional strategies can predict the future isn’t enough. The good thing is that big data looks to fill the gaps that conventional approaches have, and revolutionize the entire auditing and analytics industry. As long as you can leverage big data, auditing for clients will be a walk in the park.

Read on to learn about the opportunities that big data presents your business and common challenges to its adoption:

The Perks Of Big Data

1.   Enhanced Audit Quality

Conventionally, auditors had to sample their client’s data to come up with useful insights. Though sampling has been effective for some time, it doesn’t provide enough precision. You typically have to ignore data anomalies a well as outliers, which can often help identify risks before they occur. Big data analytics systems will help you to analyze a wider scope of data, if not all the necessary data, to come up with more precise conclusions.

Also, it will allow you to analyze your client’s data early in the auditing process, making it easy to streamline the rest of the process. You can pick metrics for analysis early, identify problems, and know the kind of audit evidence to look for.

2.   Improving The Auditing Frequency

Other than being costly, data analysis can be quite time-consuming, especially if you lack the necessary analytics tools. This is why firms choose to analyze their data after every fiscal quarter or year- even though they know that frequent analysis will yield better results. Luckily big data streamlines the data analytics process, reducing auditing lead times.

As a result, businesses can enjoy more audits at a reduced cost. Not only does this continuous testing revolutionize risk identification, but it also paves the way for accurate control assessments as well as timely insights.

3.   Improved Client Service

As outlined above, big data helps shorten the auditing process as well as improve the results. Such factors can be quite helpful in the decision-making process by clients. Even better, this new approach to data analytics ensures that you can communicate time-sensitive threats and opportunities early enough, making the role of auditors in the business growth scene even more appreciated.

How Big Data Is Transforming The Audit

Auditors work in the interest of all stakeholders. They help with the quality assurance of businesses, from a financial to a security standpoint. They deliver insights that improve reporting, identify business risks, and even offer insights on tailored fields.

While conventional technology had played a significant role in supporting the task of the auditor, it limited their power. With big data and developments in the analytics field, everything changes for you as an auditor. You can now focus on an entire population of audit-relevant data instead of trying to fixate your judgment on a mere sample. It even allows you to tailor your auditing journey to deliver the right results.  

Algorithms For Data Analysis Make Big Data Even More Useful

Present-day auditing applications that are based on big data are designed with a series of algorithms. This provides a platform for both running checks for completeness and formatting analysis. At the very least, such algorithms help to streamlines a formerly manual process.

The applications will offer you, as an auditor, a dashboard-based information pool from which you can draw conclusions. It also becomes easy to check for anomalies and outliers, as well as pay attention to any red flags early. By combining them with the traditional approach to analysis and auditing, the extent to which such algorithms can change the business world is huge.

Auditors And Analysts Can Shift Their Focus Towards Risks

Ideally, data collection, processing, and checking are one of the most time-consuming tasks for auditors. These algorithms help reduce the role that you can play in the initial stages of data collection as well as the processing and checking the data. As the application does it all for you, you can shift your focus on the intricate details of auditing.

This allows for better performance benchmarking and the use of resources. The biggest benefit is that auditing and analysis oversight is enhanced. However, it will be essential to train people on the skills needed to use big data and related tools in auditing and analytics.

Threats To The Integration Of Big Data

There is a reason why big data hasn’t yet gained enough traction in the auditing field. The threats that slow down its integration are many, but they aren’t insurmountable. Here are some of them:

1.   Barriers To Capturing Company Data

As long as you can access client data, it can be pretty easy to use big data analytics in the auditing process. You could draw conclusions and even identify threats in a fraction of the time it would have taken you to do so if you were using conventional means. However, the fact that you have to access company data brings in the form of complexity.

Businesses spend years layering security tools to reduce the data security risks their data faces. To gain access to this data, auditors have to rely on a time-consuming approval process, with some businesses being reluctant in providing the data completely. Instead, they claim that they will be putting their data at risk, which is understandable.

2.   Data Extraction Isn’t An Auditing Competency

Businesses typically use a number of accounting systems to achieve their accounting needs. Since data extraction is not a core competency for auditors, and most businesses lack this competency, it adds a layer of complexity.

Ideally, you might have to go through a lot of back and forth between you and the organization you are auditing to capture the necessary data. Without enough insights into how data extraction works, this might seem like an uphill task.  

While conventional audits focused on the general ledger, you will need to obtain information from the sub-ledgers to truly enjoy the benefits of big data. Sadly, this also increases the complexity of integrating big data into auditing.

3.   Finding The Balance Between Auditor Judgment And Analytics

It is pretty easy to use descriptive analytics to pinpoint threats and opportunities that lie in the shadows. For instance, if a situation of fraud has been plaguing a business, you can easily point it out to your clients. Sadly, it is a little bit tougher to produce audit evidence trying to respond to the identified risks.

Big data mainly relies on the black box nature of analytics, whereby rules and algorithms are needed to transform the collected data into reports and visualizations. Once the data gets to this stage, auditors need to find a balance between relying on these analytics and using their judgment to make the necessary conclusions.

4.   Auditor Training Is Yet To Change

As outlined above, big data completely revolutionizes the auditing job. It requires you to have both analytics and IT skills as an auditor. This will allow you to know the kind of questions to ask the collected data and know how to use the analytical output to produce quality audit evidence. Simply put, the new skills make deriving business insights and drawing conclusions pretty easy.

However, the modern-day training for auditors hasn’t yet caught up with the demand for big data. The learning and development programs at the college level are mostly based on the conventional approach to auditing. This means that an auditor that comes from these levels will have a hard time adjusting to the new requirements.

Ideally, getting rid of this problem requires a ground-up approach to auditing training. Learning institutions need to incorporate the necessary big data skills into their training to arm auditors with the right skills.

The Changes That Big Data Brings Along

1.   Auditing And Analytics Standards Have To Adapt

Since time immemorial, the role of auditors has been governed by a specific set of standards. These standards have been governing what you can and cannot do as an auditor. They have control over how you communicate with clients and what tools you can use. However, they limit the use of big data tools in auditing and analytics.

The new tools disrupt data management, workflow management, as well as data interrogation. Without changes in these standards, some of these tools might never be used as effectively as they should be used. Ideally, the regulatory bodies that make such standards need to update them to pave the way for big data and related tools.

2.   Skillsets Need To Change

Ignorance can never be an excuse in the face of disruption. You need to be well versed with the latest analytics skills to remain competitive in the world of big data. Ideally, it starts at the college level. Sadly, a single issue has made it tough for the necessary skillsets in a world run by big data to gain traction.

Having not taught students about the recent developments in the different fields, learning institutions choose not to test such areas. On the other and, students fail to study those specific areas since they know they won’t be tested. The good thing is that institutions are slowly updating their courses to incorporate ad hoc changes, and online platforms are offering courses that can help arm you with these skills.

Regardless of whether you are working or a student, you need to access courses that can help you sharpen your skills for a world centered on big data. While training on the job is possible, go beyond this. The only way to be effectively competitive is to immerse yourself in the most recent developments. The good thing is that this will be straightforward as long as you have the conventional auditing practices as your baseline.

3.   Audits And Analysis Need To Dig Deeper

Big data provides more insights than before. It allows auditors to dig deeper into their client’s data environments and identify anomalies and risks that they previously couldn’t. Even better, it makes it easy to turn analytics and audits into a continuous process, offering businesses real-time insights throughout the year.

As an auditor, you need to have the necessary applications and tools to achieve both of these improvements. You should also change the way you describe your offering to clients to ensure that they understand that audit and analytics quality is better than before.

4.   Security Needs To Be Improved

Big data uses both structured and unstructured data to come up with business insights. Some of this data can range from communications with clients to financial data. The bad thing is that there is a looming threat of this data falling in the hands of cybercriminals. If this happens, not only could be the future of businesses in jeopardy, but their relationships with their clients and other stakeholders could also be at risk.

Ideally, businesses need to invest in security tools that fit right into their data environments without making big data analytics tough. On the other hand, you- as an auditor- should assess the tools you use for auditing with a lot of criticism. The last thing any auditor wants is to compromise the security of their client’s data when doing their job. This is why training in the latest developments in a world run by big data is essential.

Big data promises a lot of opportunities in the world of audits and analytics- from increasing analytics efficiency to improving the decision-making process. As long as the challenges behind the adoption of big data in analytics and auditing are eliminated, it will be much easier for businesses to grow and tackle risks. Be sure to up-skill and keep up with trends in the big data world to take advantage of it.

About the Author

Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT.  Learn more at ReciprocityLabs.com.

0 478
What is an ISO Management System - ISOUpdate.com

The ISO 9001:2015 standard was designed by The International Organization for Standardization (ISO) to provide a framework for an effective system for organizations in any industry to demonstrate to their customers their commitment to quality and enhanced customer satisfaction. ISO 9001 was developed to facilitate international trade and allow organizations and consumers from all over the globe to understand that when they encounter an organization with an ISO 9001 certification, they can be confident in the quality of products and services they can expect. Subscribing to and becoming certified to an international standard like ISO 9001 means your system produces products and services of consistent and exceptional quality that consumers can rely on time and time again.

Before you can become certified to ISO 9001, you need to implement the management system effectively within your organization. The Standard includes base requirements like the needs and expectations of interested parties within the scope of the standard. The requirements are not industry-specific for ISO 9001, but certain industries like Aerospace do have a specific standard which includes ISO 9001 as the base model with specific industry requirements added for their industry needs.

The requirements of the standard must be met to fully implement an effective Quality Management System (QMS) that allows your organization to consistently produce products or provide services that not only meet your customers’ needs but also subscribe to its globally acclaimed regulatory requirements. If you are looking to become certified for the first time, give yourself adequate time to properly implement your system before you seek certification from a Certification Body, roughly 3 months should give your organization time to implement in house or with the help of a Consultant.

Find a Consultant in your area.

What is a Management System?
According to ISO, “A management system is the way in which an organization manages the inter-related parts of its business in order to achieve its objectives.”

In case that still sounds vague, a quality management system is just a detailed set of processes and policies that are incorporated in the core business area of an organization to ensure that it meets its organizational objectives like consistent service quality, environmental concerns, maximum operational efficiency, etc.

ISO 9001 is one of these Quality Management Systems, arguably the most comprehensive and acclaimed one, which can be applied to organizations in any industry.

What are the 7 Quality Management Principles?
ISO 9001:2015 is primarily guided by 7 principles, below we’ll give you a quick explanation on each of these and why there is focus on them specifically:

Customer focus: An organization can achieve sustained success when it focuses on customer needs and exceeding their expectations.
Leadership: Organizations maintain cohesiveness and internal engagement when they focus on establishing unity of purpose and direction in leaders at all levels.
Engagement of people: Enhanced capability to achieve set quality objectives is possible when employees at all levels are sufficiently informed and engaged.
Process approach: Consistency of quality services is achieved most efficiently when all activities and interrelated processes within the system are managed.
Improvement: Organizations can best maintain and surpass current performance levels by fostering an ongoing policy of continual improvement.
Evidence-based decision making: Organizations can make objectively better-informed decisions in regards to internal processes by analyzing and evaluating existing data and evidence.
Relationship management: Performance optimization is better achieved when organizations effectively manage relationships with supplier and partner networks that are existing/potential stakeholders towards sustained success.

Want to learn more about the 7 Quality Management Principles that Standards are Based on? Read the full article here.

ISO Certification

To fully reap the advantages of implementing an ISO standard you should investigate becoming certified to the standard by an accredited, third-party Certification Body (CB). What is involved in becoming certified to ISO 9001? You need to be able to demonstrate to a third-party auditor that your organization adheres to the requirements of the standard. The length and duration of your audit will depend on the size of your organization and the number of locations you have. When you contact a Certification Body for an estimate of cost, they will detail to you the number of days and auditors who will be present and explain to their rationale. Location of the auditor is also important as travel expenses, such as meals will be billable to your organization.

Certification audits happen in a 3-year cycle, year 1 being your first certification audit where the Certification Body auditor conducts a thorough audit of your system to determine if you are compliant with the requirements of the standard and meet the requirements for certification. Year 2 and 3 are “Surveillance Audits” where the CB auditor performs an audit of selected processes and requirements to ensure you are continuing to meet requirements and maintain your certification. By becoming ISO 9001 certified, you will be able to market your ISO certification to advertise your credibility and effective processes. Your company will become more credible to clients and offers you a substantial amount of competitive edge in the market which is especially beneficial when you’re on the lookout for business partners.

0 426
Choosing the Right ISO Consultant - ISO Update

The current competitive marketplace is demanding for quality products and services that deliver exceptional customer experience. Getting globally recognized as a “quality first” brand can be the key to achieving a competitive edge in today’s growing global marketplace. If you are considering certification, choosing the right ISO Consultant is a critical decision that will determine how efficiently and seamlessly your certification process will take place. The right consultant can also change how fast you achieve certification.

In the whole process of ISO certification, your ISO consultant plays a pivotal role in terms of providing solutions for problems you may not have even realized. Hence your consultant must be knowledgeable on the process flows, required optimizations and compliance parameters.

Important note: An ISO consultant cannot give you an ISO certificate, that is the role of a Certification Body (CB). Your consultant is responsible for setting you up to be ISO compliant and passing the external quality audit performed by a third-party auditor from a CB. It is only after passing your external audit that your organization is issued the ISO Certificate. Consider your ISO consultant an extension of your organization, not a third party.

Parameters you should be assessing while choosing your ISO Consultants:

Relevant Knowledge and Expertise

When selecting a consultant for the implementation of a standard in your organization, consider their knowledge on the fundamentals of ISO Standards, specific requirements, common mistakes they have seen in their history as a consultant, documentation support, etc., because you will need to rely on them to be the expert on ISO so you can remain the expert on your organization. You should also consider the consultant’s history and track record for the number of certifications issued for their clients and their current client base. Consider this your initial product review, you may even want to check references and/or reviews as this will illuminate the efficiency of the consultant you are interested in.

Client Reference

Your ISO Consultants should be responsible for providing support for organizations across multiple disciplines and stages. They should be experts in advisory, consulting, management and internal auditing. When considering a consultant, the success rates, past projects, client satisfaction, diverse industry experience, client testimonials and case studies will help you in determining their credibility. Be sure to obtain honest, reliable and credible client references as they are an effective means to choose the right partner to initiate your ISO Certification process.

When finding client references, look for organizations in similar industries or niches to your own who have successfully obtained an ISO certificate as it will give you added confidence that this consultant is comfortable and familiar with your industry and the unique challenges it faces.

Communication and Building Rapport

You will be meeting your consultant for regular reviews, discussions, strategy formulation, internal audits, and other activities deemed necessary, so it is important to build a rapport and trust your consultant. You will be working together for the successful implementation of ISO Complaint processes, final certifications and for renewals each cycle of the certification process. Trusting your consultant to properly advise you is paramount. Ensure you set yourself and your team up for success with proper communication lines – consult your organization to determine if this consultant fits well into your organizational culture. You might want to consider using similar practices as to that of hiring for your own team, as your consultant should be viewed as an extension of your organization.

Customized Services

The ISO Consultants must be competent enough to deliver customized services for their clients as every client should begin with a clean slate. Each organization is different, even within the same industry as their other clients, so it’s important that they tailor every item to your specific needs and listen to your actual practices. It is important to remember that your processes that are written down, should be what you do or will do. When it comes time for your certification audit, the auditor will be checking and double-checking your processes, and if your consultant copied previous examples from their clients and it’s not something you do, you will be written up for a non-conformance. The accuracy and specificity must be detailed by your consultant to ensure your organization is set up for success. Standard implementation should be flexible enough for your needs and must align with the organizational goals while still being compliant with the ISO requirements.

Result Oriented

Being result-oriented is extremely important in the ISO industry. Your ISO consultant will outline an implementation timeline including the process improvements, general dates for internal audits, recommend necessary training, and other important KPI’s (key performance indicators), within the timelines and budgets discussed to ensure your organization will achieve certification. Process improvements and implementations should be selected carefully and strategically to utilize time and resources effectively within your organization to maximize your organization’s potential for future business growth and ensure the standard is a value-added system.

Pricing and Timelines

Proper ISO implementation and certification is a long-term investment and highly result-oriented, therefore, we recommend considering all other factors before you evaluate the dollar value of each consultant you are considering. While price should be a factor in your decision, it is important to know what is associated with the price tag including quality, experience, knowledge and all the factors we’ve already covered in this article.

Hence, while deciding on the pricing, have a detailed meeting and go through the service offerings and capabilities of the ISO Consultants. The quote you receive from your consultant will consider numerous factors like the timelines and turnaround of your certification, your organization’s size, industry, complexity, and if you’ve ever been certified before. If you are brand new to ISO standards, it will be a much more in-depth process to implement your system than if your consultant is simply reviewing and improving your system.

Your consultant must provide clear timelines with milestones and an estimated completion time of the ISO Certification process from the start to getting certified and the renewals when they provide you with a quote. Understand that this might not be exactly accurate to what will happen. As hidden costs and altered timelines might occur during implementation.

Your Checklist for choosing the right ISO Consultant

  • Do they have the required knowledge and expertise on the specific standard you are looking to get certified to?
  • What is their history within your industry? Can they provide you with client reviews and their client history within your industry?
  • Do you trust this consultant and does your organizational culture match with this individual or consulting team?
  • Does this consultant customize their services to meet your requirements and unique challenges?
  • Are they results-oriented and willing to outline specific KPI’s that will ensure your certification is a value-added process?
  • Do you believe the cost of their services is fair for the benefits you will receive?

When considering your ISO consultant, it is important to look at the bigger picture. Consider the time involved with your consultant, your trust and confidence in their work, and the value you believe their work will have in improving your operations. This is a lengthy process depending on your current status with the standard you wish to be certified to, so choosing the best consultant for your specific needs will make your time and investment well worth it in the end if you choose the right consultant for your organization.

About the Author

John Wick is an ISO Consultant working with Aurion ISO Consultants in Dubai. John likes to write on ISO Training, ISO Consulting, latest changes in ISO Standards, industry-wise benefits from getting ISO Certified. Reach out for expert consultation on any ISO related queries.

About Aurion

Aurion ISO Consultants, Dubai offers world-class ISO Services such as Training, Consulting, Certification, Implementation, and Audits in Dubai, UAE and Worldwide.

Aurion ISO Consultants is an Award-Winning Consultant firm in Dubai, UAE and one of the fastest-growing ISO Service provider in the UAE and GCC region. We have assisted 1800 clients across several countries globally.

We provide you with a Single-Window Solution with ISO Consulting, ISO Training, and ISO Implementation and ISO Audit Services. With our ISO Certification, you can transform your business into quality first one.

Contact Us: Aurion ISO Consultants | 0097142504150 | contact@aurioninternational.com |#213&214,6E-A Dubai Airport Freezone, Dubai | www.aurioninternational.com

While you are planning to implement ISO Certification Standards for your organizations, to know more about the ISO Certification standards and all ISO related services from Aurion ISO Consultants, you call us right away!

0 581
Developing an ISO 9001 Implementation Plan - ISO Update

Once companies have made the decision to implement a Quality Management System (QMS) like ISO 9001:2015, they are usually faced with a multitude of new considerations and issues to sort through. If you are currently running a successful business, chances are you are complying with a large percentage of the standard, it’s only a matter of being able to prove this to an auditor and document your processes effectively. By developing an implementation plan, you will give yourself goals and action points that will help you and your team efficiently tackle the objective of achieving certification. Working on a thorough implementation plan will not only help break the process down but will also give you a rough idea of the resources and time needed to start implementing the standard.

A bit of preplanning is also required. You will need to determine what your timeline and end goals are and whether they can reasonably be attained. Aim for realistic and practical goals and estimates and consider using generic checklists and “Gap Assessments” that will help you move in the right direction.

Team Approach

A supremely effective method of implementation of ISO 9001 for most companies, regardless of size or nature, happens to be the “Team Approach.” The sizes of these teams can vary from organization to organization, usually 1-2 people per team for smaller organizations vs 5-7 people per team for larger companies. The technique essentially utilizes the concepts of allocation of responsibility to more efficiently utilize resources like time and energy.

Amongst these teams there will be one Steering Team, this is the team chosen to lead the project. The make-up should consist of managers of relevant departments to ensure that the members have the appropriate knowledge and power to allocate further responsibilities within their respected departments. The steering team will be expected to meet regularly and discuss updates and plans. The steering team leader will be the project manager for the implementation and their responsibility will include scheduling meetings and preparing agendas etc.

The steering team will also be tasked with reviewing processes and monitoring the work of task teams. These task teams are expected to document required procedures, modify pre-existing processes and develop new ones according to the framework provided in the ISO standard. There is usually a task team for each system procedure that needs to be created and documented so that the work is efficiently allocated. If you are using a Gap Assessment checklist, it would be wise to indicate the responsible parties for each task on or beside each clause of the standard that they are responsible for. The steering team is also expected to choose a Certification Body for external audit purposes.

You can create any suitable number of task teams; just be sure they are well acquainted with already existing QMS procedures within the company and those outlined in ISO 9001. If this is not the case, consider looking into training courses specifically designed to give participants awareness into the specific standard you are looking to become certified to. Many organizations offer the option to bring their trainer into your office to have a whole team seminar or company-wide seminar to help your organization familiarize themselves with the standard and its purpose within your organization. It is important for your task teams to understand the standard because filling in any possible gaps and updating any outdated processes is a large part of their work. Some company processes will need to be tweaked or drastically changed in order to meet standard requirements; in addition to this, the task team will also be responsible for documenting these changes or any newly added procedures for the purpose of auditing for compliance.

Ideally, a task team will discuss any possible additions and changes during the first few meetings alongside the QMS procedure, any decisions will need to be recorded and sent for approval to the Steering Team.

Planning your ISO 9001 Planning Meetings

Overall, there are a few prime factors to consider before you start your meetings. The most important being to decide on desired procedure implementation according to project goals and setting time constraints for the entire process. Recall that the key to any effective meeting is preparation, this must be handled at both an individual and group level if you aim to see productive results.

0 430
ISO 27001 - ISO Update

ISO 27001, is a framework for information security management systems (ISMS). An ISMS is meant to manage sensitive company information to ensure that it remains secure. These are meant to be inclusive of all policies pertaining to legal, technical and physical controls within a company’s information risk management processes.

Developed to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system,”  ISO 27001 does this using an extensive 6 part approach or planning process. As the specification addresses a range of sections such as documentation, the need for internal audits, corrective action as well as stresses upon the universal ideal of continual improvement it inspires the need for a cooperative effort within an organization.

What are the requirements of ISO 27001?

According to IT Governance, the two most important activities when implementing ISO 27001 are:

  • Scoping your ISMS (clause 4.3), in which you define what information needs to be protected; and
  • Conducting a risk assessment and defining a risk treatment methodology (clause 6.1.3), in which you identify the threats to your information.

Organisations are also required to complete the following mandatory clauses:

  • Information security policy and objectives (clauses 5.2 and 6.2)
  • Information risk treatment process (clause 6.1.3)
  • Risk treatment plan (clauses 6.1.3 e and 6.2)
  • Risk assessment report (clause 8.2)
  • Records of training, skills, experience and qualifications (clause 7.2)
  • Monitoring and measurement of results (clause 9.1)
  • Internal audit programme (clause 9.2)
  • Results of internal audits (clause 9.2)
  • Results of the management review (clause 9.3)
  • Results of corrective actions (clause 10.1)

In her article, Melanie Watson and IT Governance details the requirements for certification, check it out here.

What are the benefits of ISO 27001?

Implementing an effective information security management system as outlined in the standard, protects your organization and minimizes any potential risks of security breaches which could have large-scale implications by implementing a system of policies to ensure security regardless of the format. The benefits of this include increased customer and business confidence, improved information management processes, and increased business resilience.

The format of any ISO standard and the emphasis on continual improvement also works to ensure the security processes will be updated and constantly improved upon so as to dismiss the possibility of outdated security measures.

If you have made the decision to implement ISO 27001 into your organization and reap the rewards of a robust information security management system, you need to start considering certification. Certification is proof to your interested parties of your conformity to the standard and provides a third-party, impartial assessment of your organization that is meant to be a means of improvement to your inner system to ensure it is working at its peak capacity. Certification is also a great way to motivate your team to work towards a goal and set stringent deadlines for achievement and improvement and give your organization a purpose and end goal for the management of your information security.

Because certification requires the stringent implementation of the procedures outlined in the standard as well as the production of all the mandatory documents and records, the process can be made simpler by having a detailed guide to follow or a checklist to reference.

Find our favourite checklist here.

Recommended references for ISMS

  • ISO/IEC 27001:2013 Information security management systems – Requirements
  • ISO/IEC 27002:2013 Code of practice for information security management
  • ISO/IEC 27004: 2016 Information security management – Measurement
  • ISO/IEC 27005:2018 Information security risk management

Implementation of ISO 27001 allows you to reap numerous benefits and advantages, but to assess whether certification makes sense for your organization you need to investigate what your security goals are and if the integration of ISO 27001 allows you to cover them. Other factors to consider are the experience and qualifications of your team and whether they will be able to implement the standard appropriately. If you do not think your team is capable, you should consider hiring the help of a new internal team member for your quality team, or search for an external consultant. ISO Update has a directory of highly qualified consultants and auditors for you to hire within your region. LINK
 
A detailed evaluation of your goals and how closely they align with those of ISO 27001 will help your team or consultant help you properly implement the standard and effectively utilize it to ensure certification year after year and the safety of your system for your company’s future. If these are realistic, and you are certain you can incorporate the standard with reasonable efforts it is well worth the resources and work to seek certification to ISO 27001. Read more about ISO 27001 from IT Governance


Hire a Consultant or Auditor for Implementation of ISO 27001

Find a Certification Body