Tags Posts tagged with "management"

management

by -
Risk Management in Your Organization - ISOUpdate.com

Risk Management (RM) is the process of identifying, quantifying, evaluating and managing the exposure to all kinds of dangers, damages or losses faced by an organization in pursuit of its objectives. Part of Risk Management is to coordinate, assign resources and take the appropriate measure to reduce, minimize, monitor, and control the probability and/or impact of unfortunate events, or to maximize the benefits of an investment or an action.


Assessing Threats and Opportunities

We are all exposed to threats and opportunities that can either prevent us from achieving a specific goal or, in the case of opportunities, help us meet them in an effective way. Assessing, managing and mitigating losses is a process carried out by every organization whether they are conscious about it or not. However, this process is not always carried out in the best possible way. In order to effectively manage risk, it is essential for this process to be systematic, transparent and credible.

Risk Management in Your Organization - ISOUpdate.com
In order to effectively manage risk, it is essential for this process to be systematic, transparent and credible.

Risk Management

Risk Management considers the identification of two types of events: negative events which are classified as risks and positive events which are classified as opportunities. This process involves the following actions:

  • Understanding of the current situation (the context of the organization).
  • Identify the types of risk and opportunities an organization is exposed to.
  • Measure the potential risks/opportunities in terms of likelihood and magnitude of impact.
  • Define actions to respond in order to avoid or minimize damage or maximize the benefits of opportunities.
  • Monitor the progress of the actions.

Planning

Risk Management also involves having a plan in place in order to get things back to normal as quickly as possible if something bad does occur.

The benefits that a successful risk management may bring to an organization include:

  • Compliance to legal requirements or other requirements.
  • Assurance and enhanced decision-making.
  • Improve the efficiency of an organization’s processes.
  • Increases the effectiveness of actions taken within a project.
  • Efficacy of the strategy of an organization.

Risks affecting organizations can have consequences in terms of economic performance and professional reputation, as well as environmental, safety and societal outcomes.


Managing risk effectively helps organizations perform well in an uncertain environment and not giving due importance to risk can result in severe consequences for organizations as well as individuals.

Standards

There are many standards and regulations that address Risk Management, some of these are:

  • ISO 31000:2018, Risk management – Principles and guidelines.
  • ISO 14971:2000 Medical devices — Application of risk
  • Management to medical devices
  • ISO 17776:2000 Petroleum and natural gas industries — Offshore production installation — Guidelines on tools and techniques for hazard identification and risk assessment
  • CSA Q 850:1997 Risk Management Guidelines for Decision Makers
  • JIS Q 2001:2001 Guidelines for development and implementation of risk management system

by -

The concept of risk has always been implicit in ISO 9001; this new revision only makes it more explicit and builds it into the whole management system.

In ISO 9001:2015, risk management is being added with focus on risk-based thinking.  Here a systematic approach to risk is established by considering and including it throughout the standard.



In the Introduction the concept of risk-based thinking is explained. Risk is defined as the effect of uncertainty on an expected result, where:

  1. An effect is a deviation from the expected – positive or negative.
  2. Risk is about what could happen and what the effect of this happening might be.
  3. Risk also considers how likely it is to take place.

The main goal of this quality management system is for an organization to achieve conformity and customer satisfaction. In ISO 9001:2015 a risk-based thinking is used to achieve this goal.

  • In Clause 4 (Context) the organization is required to determine the risks which may affect its ability to meet the system’s objectives. The new ISO 9001 recognizes that the consequences of risk are not the same for all organizations, and this is why every organization will need to consider risk quantitatively as well as qualitatively, depending on their context.
  • In Clause 5 (Leadership) top management is required to demonstrate leadership and commit to ensuring that risks and opportunities that can affect the conformity of a product or service are determined and addressed.
  • In Clause 6 (Planning) the organization is required to take action to identify risks and opportunities, and plan how to address each of them.
  • Clause 8 (Operation) establishes that the organization is required to plan, implement and control its processes to address its risks and opportunities.
  • In Clause 9 (Performance evaluation) the organization is required to monitor, measure, analyze and evaluate the risks and opportunities.
  • In Clause 10 (Improvement) the organization is required to improve by responding to changes in risk.

These requirements are considered to cover the concept of preventive action (which has been replaced) and takes a wider view that looks at risks and opportunities. By understanding those risks and exploring ways in which the risks can be mitigated, the organization will also have an opportunity to drive change and improvement.

In order to effectively meet the quality management system’s goal, ISO 9001:2015 will require organizations to consider their risks as part of their management’s plan, which will call for an improved commitment and more involvement of top management.



by -
Getting Top Management Invested in Certification

The commitment and involvement of top management is essential for the success of any management system. Top management must participate in the implementation process and must ensure the continuity and improvement of the system. Also, they are the ones that should guarantee the availability of resources necessary for the establishment and maintenance of the management system. However, in too many cases, top management’s involvement ends with the appointment of a Management Representative.

There are reasons why top management doesn’t truly commit to a management system, and one of them is that they just don’t see the value of it. They don’t see why they need to be attending management reviews, looking at audit results, and spending money on trainings and “improvements” that don’t seem to improve anything.



Because top management’s involvement is essential for the success of the management system, here are some ways to help them see the true value of any management system.

Speak their language

Management usually speak the language of money. The information presented to them should consist of a cost analysis. They want to know facts such as how the ISO management system will:

  • Help the organization use their resources more efficiently.
  • Promote improvements that reduce cost.
  • Create a work environment that will increase productivity.

Present information that motivates them.

Show them how the ISO management system is helping achieve the organization’s objectives, how targets are being improved, how customer satisfaction has increased (less complaints, increase in sales), or how the organization has received less complaints from other interested parties (regulatory bodies, community, etc). Show them what the system is doing for their business.

Make Management Reviews important to them.

Management doesn’t want to spend time on a meeting just to comply with an ISO requirement. During management reviews, present an overall picture of the organization’s performance; make sure that these meetings represent an opportunity to make important decisions regarding the improvement of processes and performance.

Explain the importance of improvements.

Among other things, top management is responsible for questioning anything that adds activities, time and requires money. When asking for resources for an improvement, show them what the nonconformity or non value added activity is costing the organization, how will the improvement save them money, how will a process become more efficient and how it will help the organization achieve its goals.

Make sure they understand their responsibilities.

Top management needs to understand their role within the ISO management system. They need to know its requirements, the benefits it may bring if it is implemented correctly and what is most important, they need to understand that without their participation, any management system will fail to bring success to the organization.




Learn about how to Outsource an Internal Audit.

by -
Quality

Have you ever stood staring at a range of products in a supermarket trying to make up your mind which one to buy?  They all look quite similar, but one stands out and you buy it.  Why?  It’s got a sign on the shelf and a logo on the product to tell you that it’s won an award for quality.

So you’ve just based your purchase on Quality – Your customers are making the same decision every day!

Quality is more than just finished product, it’s the processes, systems and people that are behind the product.   Quality is everybody’s responsibility.



Quality is the pursuit of excellence, striving to be the best we can and getting ahead of our competitors.  It is meeting the needs and expectations of all stakeholders – our customers, our suppliers, our staff and the community at large.

How can we ensure that we are exploiting all avenues to be the very best?  A recognized standard such as ISO 9001 certification promotes the use of quality tools in business.   The ASQ (American society for quality) estimates that for every €1 spent on a quality management system, such as ISO 9001, returns €6 in revenue, €16 in cost reduction and €3 in profit – that’s €25 for every €1 spent!

93% of organisations agree that the implementation of a quality management system such as ISO9001 was a significant driver of success and most would agree that without it they could not justify their pricing to customers.

If you are looking at ways to improve your ROI by improving your quality then consider ISO certification.   Using an expert to help you implement a quality management system will ensure ISO 9001:2015 accreditation which will in turn help you make significant improvements and lead to significant growth.

 

This post has been a guest posting from Joann O’Brian over at our friends at CG Business Consulting Ireland .



by -
standards moving forward.

All management systems require a periodic review by the organization’s top management. The purpose of such a review is to evaluate if the management system is performing as intended and if it’s producing the desired results as efficiently as possible. While in review, there are steps that can be taken to make sure your organization’s management review process goes smoothly.

The management review inputs for standards may vary however, there are some key characteristics that all management reviews should have to ensure its success.

Top Management Involvement

For this process to have the expected outputs, top management needs to attend; they are the ones that decide where the resources – people, time and money, will be placed to improve the management system.

Clear Presentation

All the required inputs are presented in a simple and clear manner. Every standard is specific about the review’s inputs. This information can sometimes be extensive, therefore, it’s fundamental that it’s presented in an easy to follow way and that it gives an overview of the systems current status, its weaknesses and possible areas for improvement. Here are some examples of the information that needs to be highlighted:

  • Internal and external audit results:
    • number of audit findings
    • current status
    • audit findings increasing or decreasing compared with the year before?
  • Corrective and preventive actions: 
    • current status of corrective/preventive actions
    • are resources available to effectively close them?
    • possible trends – are there fewer corrective and preventive actions compared to previous years?
  • Legal compliance: 
    • is the organization complying with all applicable requirements?
  • Process performance:
    • are targets/objectives being reached and maintained?
  • Communications and complaints:
    • has positive or negative feedback been received from interested parties?
  • Upcoming changes:
    • are there any changes that can affect the effectiveness of the system -i.e., staff changes, new projects or standards, efficiency improvements, etc.?
    • what actions/decisions need to be taken?

Record Outputs

It is essential to record, as a minimum;

  • the date of the review,
  • participants in the review,
  • decisions taken,
  • deficiencies found in the system, and
  • recommendations for improvement or corrective actions.

The actions and recommendations to be taken should stipulate deadlines, resources needed and the individuals responsible for the actions.

Monitor Outputs

The results of this review should be monitored over time, and if problems persist, more frequent reviews should be scheduled.

Frequent Management System Reviews

Management System reviews are required at least once a year. It is recommended that during the first 2 years of the management system, this review is held more frequently (twice a year), and after the system has “matured” it can be performed once a year. However, if it’s considered necessary, a specific topic – i.e., audit findings, corrective actions, process performance, etc. – can be reviewed on a more frequent basis.

Broadly speaking, a successful management review process provides top management; and everyone responsible for the effectiveness of the management system; a diagnosis of the system’s current situation so deficiencies can be identified, changes and/or actions can be established to correct these deficiencies and recommendations for improvement can be made.

 

by -

Improving your Quality Management System is simpler than you think. By learning about ways to improve, you are already well on your way to achieving success with your organization or auditor training. Follow these 10 simple suggestions and you will see changes.

10 Simple Ways to Improve your Quality Management System

1. Commit to improvement

For any QMS to improve, it is essential that everyone is committed to seeking problems, evaluating efficiency and effectiveness of processes and implementing better and improved ideas. Management should be the first to make this commitment and if management “walks the talk” then everyone will follow.

2. Analyse and assess current QMS

Organizations need to take a closer look at their current practices in order to identify any gaps between what is being done and what should be done. This can be achieved by interviewing workers in critical control points, reviewing procedures and records and observing how processes are occurring. Any steps that are not adding value to the process, the system or the organization must be identified, removed or improved.

3. Include everyone in training programs

A QMS is not the responsibility of one person or one department. Everyone must be involved in improving the quality of products, services and processes.

Organizations should establish a training program for new employees and existing ones.  These programs should promote knowledge, produce skills and capacities and reduce resistance when implementing new ideas for improvement.

4. Define clear goals and objectives

QMS should aim at achieving specific goals. If a clear path is not drawn, there’s a risk that people will be working real hard but in different directions. Time should be spent in assuring everyone knows these goals, how they’ll be achieved, how they’re measured and periodically they should be informed of where the organization is standing in relation to these goals.

5. Use the correct key performance indicators

Organizations need to carefully select and review their KPI’s (Key Performance Indicators). KPI’s let an organization know how efficient and effective processes are, and indicate where possible problems could be. If they are not giving a real overall picture of where the organization is at regarding quality, then another look should be taken to change or improve what and how performance is being measured.

6. Listen to the suggestion

Create a system that will promote workers and customers to share improvement ideas. Many great improvement ideas come directly from the people processing a product or the people that actually use it.

7. Give credit

Giving credit to those who deserve it encourage participation throughout the organization and motivates workers by recognizing their work and their ideas. Compensation or recognition should not necessarily be monetary, a simple public recognition in working meetings to can have great effects in lifting workers morale.

8. Make the system simple

A QMS that is extremely complex and overloaded with documents is not necessarily the best one. If documents and procedures are long and complicated, it is very likely that people will never use them.

Evaluate the system and make sure that it makes sense and that it’s as simple as possible.

9. Create quality groups

Some organizations face difficulty with workers from different departments or areas that are reluctant with sharing information. By bringing together people from different areas to evaluate processes and recommend improvements, an open and more effective communication can be achieved between areas that operationally seem to be apart.

10. Have a quality attitude

In order to reach the goals that have been set, organizations need to identify and detect problems and weaknesses but they must focus on improvements. If managers are constantly focusing on failures and defects and not on how to remove or improve them, the right attitude and mindset for quality will never be achieved.

Learn how to prepare your company for the ISO Implementation Process.

by -

There are different approaches to auditing; these can be performed by clause, department, tasks, etc. The most commonly used by auditors is the clause approach,  where the auditor goes by each clause, usually with a checklist, searching for evidence of requirement conformance and writing nonconformities (minors or majors) if any are found.

These approaches tend to focus mainly on procedures and not on the performance, outcomes and results of the organization’s processes. Hence, audits result in the correction of minor problems and not in the improvement of the system and its processes.

Also Read: Understanding the Process Approach to Auditing

Also Read: Get Your Company Ready for the ISO Implementation Process



The process approach to auditing focuses on reviewing the sequence and interaction of processes and their inputs and outputs. It analyzes the management system not just as if it were a set of documented procedures, but rather as an active system of processes that addresses business risk and its applicable requirements. The main elements that a process-approach audit reviews are:

  • Process Owners
  • Inputs and Outputs of the process
  • Resources
  • Methods/ Procedures/ Instructions
  • Controls/ Measurements/ Metrics
  • Documents/Records
  • Efficiencies/ Effectiveness

In order to take this approach, it is required to plan and perform the audits so they are based on the processes that achieve organization’s objectives. The audit needs to be conducted through business processes and across department boundaries; some of the processes that need to be audited are:

  • Business management
  • Marketing and sales
  • Resource management
  • Purchasing
  • Product / service production processes

Audits conducted with a process approach provide information on whether performance targets are being met, they identify opportunities for improving performance through a better control of processes and determine how processes can be more effective and efficient in meeting the applicable requirements. Some of the aspects that make this approach a valuable one are:

  • It focuses on results, not on procedures.
  • Determines the management system’s effectiveness.
  • Evaluates the outcomes and results of the system.
  • Evaluates linkages between departments and processes.
  • Follows flow of work throughout organization.
  • Determines if operations are under control and if controls are effective.
  • Allows judgment on significance of findings.
  • Helps determine depth of problems across organization.
  • Focuses on benefits of correcting nonconformities related to improving organizational effectiveness.

Organizations that wish to comply with a standard have to meet the requirements established in it, but in some cases, just meeting these requirements does not necessarily add value to the organization. In order for an organization to be competitive and successful, its operational processes must work together in achieving its goals and objectives. A process based audit assists organizations in assessing the effectiveness of these processes; it serves as a tool to identify weaknesses and opportunities to improve the connections between policy, requirements, performance, objectives and targets, which will ultimately contribute to an organization’s overall success.

Also Read: Understanding the Process Approach to Auditing

Also Read: Get Your Company Ready for the ISO Implementation Process



by -
Auditor Training

Risk-based thinking refers to thinking ahead of a situation (as in a chess game) to consider threats and opportunities and their possible effects on a specific goal, in order to take the necessary actions that will allow us to maintain or improve the desired results. Risk-based thinking is done by everyone automatically and in most cases, we are not even aware of it.

For an organization, risk-based thinking ensures risk is considered from the beginning and throughout a process, project,  plan or any strategic decision. Many consider risk in a negative sense; however, risk-based thinking can also help to identify opportunities, which can be considered to be the positive side of risk. By taking a risk-based thinking approach, an organization becomes proactive rather than purely reactive, preventing or reducing undesired effects and promoting continual improvement.

Organizations need to understand the overall level of risk embedded within their processes and activities. For all types of organizations, there is a need to understand the risks involved when seeking to achieve objectives and attain the desired results. This helps managers decide how they will minimize the effects of undesirable situations and also how to maximize the benefits of any opportunity.

Risk-based thinking therefore:

  • Establishes a proactive culture of improvement.
  • Assures consistency of quality of goods or services.
  • Builds a strong knowledge base.
  • Proactively improves operational efficiency and governance.
  • Improves management system performance and resilience.
  • Improves customer confidence and satisfaction.
  • Builds stakeholder confidence in the use of risk techniques.
  • Enables organizations to apply management system controls to analyze risk and minimize losses.
  • Enables organizations to respond to change effectively and protect their business as they grow.

Mastering risk-based thinking will allow any organization to fully understand their current situation, identify risks and opportunities and effectively manage them. When a risk-based thinking approach is considered throughout an organization the probability of achieving defined objectives increases, and the results are more likely to be consistent and long-lasting. Also, with this approach, customers can be confident that they will receive the expected product or service in the right time and at the right place.

by -
As any other manager, role of the Management Representative is that of planning, organizing, monitoring, evaluating, and reporting.
As any other manager, role of the Management Representative is that of planning, organizing, monitoring, evaluating, and reporting.

Corrective Action is a reactive process; something needs to have gone wrong in order for an organization to take actions to solve the problem or non-conformity. Depending on the way they are approached, non-conformities can be corrected and its recurrence prevented.

Organizations with well-established management systems can find that problems/non-conformities, in their processes, products or services, recur, in spite of all the efforts (time, work and money) spent to eliminate them. In order to ensure that a problem is fixed immediately and in the long-term, an effective corrective action process needs to be established. Here are some characteristics of what makes an excellent corrective action process:



Problems are identified. Problems can occur in processes, in the workplace, in a product or service provided, or in the management system itself. Some of these problems are easier to identify than others; that’s why organizations need to establish ways to identify them through:

  • Workplace and process inspections.
  • Testing, inspecting, and monitoring of equipment.
  • Reviewing interested party’s communications.
  • Audits.
  • Hazard reporting.
  • Investigating complaints, incidents and accidents.
  • Reviewing system failures.
  • Reviewing regulatory requirements.

Problems are temporarily fixed or contained. Most problems need a quick reaction. For that reason, the owner of the task or process needs to be located and informed immediately in order to take the necessary actions to solve the problem temporarily.

The problem’s root cause is found. This is the most important characteristic of an effective corrective action process. If an organization is unable to determine the root cause of a problem/non-conformity, it is condemned to face the same problem over and over, which can be exhausting and discouraging to everyone involved in the process.

There are numerous techniques to determine the root cause of a problem. An organization needs to make sure their employees have the time, resources and the required skills to investigate and draw the right conclusions from these investigations.

A long lasting solution is put in place. After identifying the root cause, an appropriate solution that will prevent the problem from happening again must be proposed. These actions need to be put in place. It’s useless to go through all the work of understanding the problem and identifying its root cause, if the actions to solve it, will not be taken.

Permanent changes are verified. After an appropriate period of time, a person needs to be assigned to verify if the actions were successful in preventing recurrence. It’s recommended that this person is someone that was not involved in the previous steps of this process, to ensure is impartiality.

Corrective actions are recorded. It’s essential to report all the details of the corrective actions: problem found, immediate actions taken, root cause, corrective actions, and verification.

If an organization learns to solve their problems by applying an effective corrective action process, they will ultimately improve their processes, their management system and their business.