chad kymal cto and founder, omnex inc. kymal cto and founder, omnex inc. ... – ohsas 18001...

Juggling Multiple Standards, Audits and Multiple Risk Assessments:

Too Many Standards? Reduce Complexity and Save Money!

Integrated Management SystemsIntegrated Management Systems – Risk Mitigation Approach

Chad KymalyCTO and Founder, Omnex Inc.

Table of Contents

• Current Business Environment for Standards

• Multiple Management Standards – Integration and Standardization

• Planning, Performing and Managing Audits –Multi-Site

• Integrated Risk Management Enterprise Risk Assessment

• Conclusions

Management Systems Todayg y y

• Organizations today adhere to multiple g y pstandards – some examples include:– ISO 9001:2008 – QMS Standard

– ISO/TS 16949:2009 – QMS Standard

– ISO 14001:2004 – EMS Standard

OHSAS 18001 2007 OH&S St d d– OHSAS 18001:2007 – OH&S Standard

– ISO 17025:2005 – Laboratory Standard

Sarbanes-Oxley (SOX) Financial Controls– Sarbanes-Oxley (SOX) – Financial Controls

– Malcolm Baldrige – Excellence Standards

– JACHO – Medical Industry Quality Standardy Q y

– AS9100 – Aerospace StandardCopyright 2009 Omnex. All Rights Reserved.3

Why Multiple Standards?y p

• Management wants to reduce risks– Quality

– Environmental

– Health & safetyHealth & safety

– Financial

• Markets require itMarkets require it

• Customers require it

• Certification required in order to supply product– Industry

– Government– Government

Copyright 2009 Omnex. All Rights Reserved.4

The Challenge of the Enterprise –Multi-Site, Multi-Language, and Multi-Cultural with Multiple Standards, Audits and Risk Management

Plants

Design Centers

Plants

Corporate

E titi i N A i Sales OfficesEntities in N. America, Europe and Asia

Copyright 2009 Omnex. All Rights Reserved.55 Copyright 2009 Omnex. All Rights Reserved.

Enterprise Problem Statementp

• Lack of consistency (of standards, processes, audits, risk t bl l i ) th E t imanagement, problem solving) across the Enterprise

• No central access for improvement data– Outdated systems, non-complaint software

– Systems Incompatibility – Integration needs

• Process Inefficiencies – Little or no knowledge transfer or best practices between facilities

– No common nomenclature for quality metrics (including audit nonconformities)

– No integration in quality and business planning efforts (audit ti )practices)

• Lack of flexibility and functionality in current practices

This leads to financial loss due to nonconforming product/processes and non-


g p pvalue added activities

6 Copyright 2009 Omnex. All Rights Reserved.

Multiple Management Standards

Single Entity - Stand-Alone Implementations Mean More WorkImplementations Mean More Work

OHS BMS Manual

EMS Manual

Lack of Integration – Resultsg

• Duplication of processes, audits and risk p p ,assessment

• Increased cost to implement and maintain management systems, audits, and the risk

l ianalysis

• Increased cost to maintain system, conduct audits or risk management systems


Lack of Integration – Duplication of ProcessesProcesses

Confusion for Top Managementp g

• Management has four reviews – for example:1 ISO 9001 2008 (QMS)1. ISO 9001:2008 (QMS)

2. ISO 14001:2004 (EMS)

3 OHSAS 18001:2007 (OHSAS)3. OHSAS 18001:2007 (OHSAS)

4. Review performed in order to operate the business

I really don’t have time for this! Do I need this??


Do I need this??

Lack of Integration – Duplication of ProcessesProcesses

Confusion for the Engineerg

• When designing a product:St d lit d f FMEA d C t l– Study quality procedure for FMEA and ControlPlan

– Study EMS planning procedure for aspects andStudy EMS planning procedure for aspects andimpacts

– Study OH&S planning procedure for health andf t i ksafety risks

I don’t do QMS, EMS or OHSAS; I just do my job!


Why am I doing Risk Analysis multiple times?

Lack of Integration and Standardization in ProcessesProcesses

Integration and Standardization CombinedCombined

13

Omnex Integration Methodologyg gy

• 80% of ISO 9001 integrates with ISO 14001 / OHSAS 18001

• Over 90% of ISO 14001 and OHSAS 18001 can be integrated

Process / System ISO 9001 (and other ISO 9001-based standards)

ISO 14001

Planning Use Business Planning and Policy Deployment Process

Integrate

Document Control Document Control Process Use the Same Process as ISO 9001 With Some Change

Operational Controls Work Instructions on the Plant Floor Integrate the EMS Controls into the ISO 9001 Work Instructions

Internal Audit Internal Audit Process Use the Same Process With Different Checklist

Nonconforming Nonconforming Process for Quality Rejects Document a Similar but Different Process forNonconforming Nonconforming Process for Quality Rejects Document a Similar but Different Process for Environmental Nonconformities

Corrective and Preventive Corrective and Preventive Action Process for Quality Problems

Use the Same Process as ISO 9001 for Environmental Problems

Management Review Business Review Process Use the Same Process as ISO 9001


Implementing Integrated Management Systems DocumentationSystems Documentation

• Manage integration – including documents from other it /l l t i l lsites/levels to any given level






Lack of Integration – Increased Cost to Implement and Maintainto Implement and Maintain

• Duplication of Documents– Multiple teams/personnel work on the same or similar

documents and Risk Analysis• For example: management review, document control, training

and risk analysis

• More Costly to Maintain– It is costly for an organization to conduct four managementIt is costly for an organization to conduct four management

reviews or to have three document control procedures or three risk analysis processes

We estimate that implementation costs reduce by half when they are integrated

The biggest savings are actually seen in the elimination of maintaining duplicate processes – three separate processes integrated into a single


duplicate processes three separate processes integrated into a single process will see a 60% reduction in maintenance costs

Planning, Performing and Managing Audits – Multi-Site

Enterprise-Wide

Conducting Integrated Auditsg g

• Current Auditing Environment– Many Audit Programs – ISO 9001, ISO 14001, OHSAS

18001, Safety Audits, SOX Audits

– Different Audit Types – System, Process, and Product Auditsyp y , ,• Different Forms, Checklists and Audit Reports for each Audit

Type

– Corrective Action Category – Major, Minor, OFIg y j , ,

– Audit schedules and strategies for audit timing vary for each type of audit in different Entities in an Enterprise

– Auditor qualifications varyAuditor qualifications vary

Integrated Audits require Integrated Management Systems and Enterprise Audit Software

Copyright 2009 Omnex. All Rights Reserved.20 Copyright 2009 Omnex. All Rights Reserved.20

and Enterprise Audit Software

Instituting Oversight Company Wideg g p yCorporate Site

Division A – Plt 1 Site

The Rules for all the Div. and Plants for Audit

Division A Site

Division A – Plt 2 -Site

Division A – Plt N-

Plants for Audit Practices are set centrally or collectively

Enterprise software

Division B Site

Division A – Plt N-Site

software can define Sites and Entities Omnex recommends

Division C Site Division A – Plt 1 Site

Standardized Audit Rules instituted through Software Controls enforced

Division X Site

Division A – Plt 2 -Site

Controls, enforced through Security and followed by standardized

Division A – Plt N-Site

21

training


Audit Templates and Audit Cyclesp y

22 Copyright 2009 Omnex. All Rights Reserved.22 Copyright 2009 Omnex. All Rights Reserved.

Assigning Standard Forms for Audit TypesTypes


Assigning and Managing Auditsg g g g


Uniform Auditor Qualifications



Auditee Work Flow


28 Copyright 2009 Omnex. All Rights Reserved.28

Nonconformity Managementy g


NC’s by Planty

7

8

4

5

6

of

NC

's John Deere Plant 1

Plant 2

2

3

4

No

. o Plant 3

Corporate

0

1

3/30/2005 6/31/2005 9/30/2005 12/30/2005


Revealing Site Strengths or WeaknessesWeaknesses

Thi l i i i t t t l dit k l


This analysis is important to reveal auditor weakness also


Lack of Integration – Increased Cost to Audit and Riskto Audit and Risk

• External Audit Costs– Registrars use tables to estimate number of days to audit

– Travel costs

– Preparation costsPreparation costs• The cost of an external audit, including travel costs, will be

reduced by 25% for a medium-sized organization with integrated standards

• Internal Audit Costs, i.e., time will be reduced for auditees and auditors

B tt f it t d d d i k• Better nonconformity management and reduced risk to the enterprise


Integrated Risk Management Enterprise Risk Assessment

Quality, Environmental, and Health/Safety

Risk Reduction a Management PrerogativePrerogative

• Top management embraces standards to reduce risks – Business, Personal and Financial– ISO 9001 – Reduce Quality Risks

– ISO 14001 – Reduce Environmental RisksISO 14001 Reduce Environmental Risks

– OHSAS 18001 – Reduce Health and Safety Risks

• Risk Analysis and Reduction is built into each d d d i h h f ISO 14001 dstandard, and is at the heart of ISO 14001 and

OHSAS 18001– Although ISO 9001 does not directly require a risk analysis, g y q y ,

it reduces risks by exception by requiring known practices

– Other QMS standards such as ISO/TS 16949 and AS9100 require that organizations assess both design and q g gmanufacturing risks using DFMEA and PFMEA tools


Lack of Integration and Standardization of Risk AnalysisStandardization of Risk Analysis

• Duplicate Risk Analysis of the same process p y pis conducted for Quality, Environmental and Safety/Health by different teams

• The same risk analysis is duplicated by multiple plants in the same Enterprisemultiple plants in the same Enterprise

Cost to conduct Risk Analysis is multiplied between multiple standards and different Entities of the same plantsmultiple standards and different Entities of the same plants

The risk number is not comparable across standards and


Entities

Integration of Risk Analysisg y

• Integrated Risk Analysis benefits from the use of the same tool – i.e., FMEA for risk analysis

• The FMEA prioritizes risks based on Severity x Occurrence x DetectionSeverity x Occurrence x Detection

• The FMEA tool starts with the Process or Operational Step and assesses different factors of the same process – i.e., Quality, Environmental and Safety and Health Risks

• The same “team” can use the same “tool” and the• The same team can use the same tool and the same “thought process” to discern the Q, E, and S&H Risks


Benefit of Integrated Risk Analysisg y

• The benefits come when Risk is understood and assessed using th P Fl d FMEAthe Process Flow and FMEA– When the same process flow is used by the same team, it becomes

clear that there is nothing extraordinary about Risk Analysis; it is the studying of the same process for a different factor or businessthe studying of the same process for a different factor or business risk

• There is more consistency in understanding, rating and evaluating risk when the format is standardized and the ratingsevaluating risk when the format is standardized and the ratings are made consistent

• Since the whole exercise was conducted to arrive at a risk number, the VALUE of using the FMEA and Standardizednumber, the VALUE of using the FMEA and Standardized Rating table is immense– Suddenly, the numbers can be compared between Q, E, and H&S

risks in one plant p


Consistency Between PlantsConsistency Between Plants

• Typically, organizations have similarTypically, organizations have similar processes– For example, all our plants have a Molding

process and Laboratory

How have we rated risk between plants?

Were we consistent in rating common manufacturing

processes?


Standardizing Risk by Process FamiliesFamilies

• Once we understand that there are “Global Process” types in the company, we can conduct risk analysis for a “Process Type” and then use this risk assessment as the basis for other similar processes worldwide

• Organizations can use this as a starting point and if there is any disagreement on the risk rating, they can discuss it with the “Global Champion”


Using Software for Integration and Standardization of Risk

AQuA Pro Software

Integration and Standardizationg





43




Capabilitiesp

• Global Processes and Tables

• Process FamiliesProcess Families– Sub family inheriting the family (parent) process is

able to change the parent process without ff ti th taffecting the parent

– New process development focuses on what is being changed not redeveloping what is knownbeing changed not redeveloping what is known


Why Integrated Risk Assessment?y g

• The value of implementing ISO 9001, ISO 14001 and OHSAS 18001 is to manage risk in organizations

• Companies worldwide are implementing these standards many times using different methodologiesstandards, many times, using different methodologies and tools even within the same company– Often times the Severity, Occurrence and Detection tables

t t d di d d i t tlare not standardized or used consistently

• Risk numbers and priorities are meaningful in organizations (across entities) only if the g ( ) ytool/methodology is standardized and Severity, Occurrence and Detection tables are standardized


Why Integrated Risk Assessment? (cont’d)(cont’d)

• Efficient risk analysis and standardization of yrisk assessment takes place when an entire organization uses the same methodology

• Furthermore, techniques of risk assessment such as Family of Processes (called Global P F ili ) d P d t F ili h lProcess Families) and Product Families help organizations save time by transferring knowledge between entities of an enterpriseknowledge between entities of an enterprise– Integration and Standardization of Risk is what

can be coined as Enterprise Risk Assessment


Lack of Integrationg

• Causes Confusion

• Increases Cost to Implement and Maintain

• Increases Costs overall for managing standards, audits, and risk management

Do We Agree?

So What Do We Do To Integrate?Copyright 2009 Omnex. All Rights Reserved.48

Conclusions – Why?y

• Integrated Management Systems, Integrated Audits and Risk Analysis are inevitable

• Integrated Management Systems, Integrated Audits and Risk Analysis save moneyand Risk Analysis save money– Reduces confusion and duplication of efforts

– Reduces implementation costs by 50%, reduces i t t b 60%maintenance costs by 60%

– Reduces internal and external auditing costs by 25%

– Reduces Risk Analysis for QMS, EMS, and OHSAS by over 50%

• Using Enterprise Software Integrated Management Systems and Risk Analysis is made easySystems and Risk Analysis is made easy


For More Information on …

• Integrated Management Systems– Webinar: Managing Documents in the Global Environment of

the 21st Century

– Webinar: Juggling Multiple Standards – Integration, gg g p g ,Standardization and Linkages

• Enterprise Audit ManagementWebinar: Save Time and Money Through Enterprise Audit– Webinar: Save Time and Money Through Enterprise Audit Management

• Integrated Risk Management – Integrated Risk Management for Quality, Environmental,

Health & Safety – Enterprise Risk Assessment (presentation by Chad Kymal to NOSHCON)


These items and more are available from the Omnex Resource Center

Questions?Questions?
