Archive for November, 2013

Effective Internal Audits

Tuesday, November 19th, 2013

When effectively implemented, internal auditing can be considered the most important tool in your business management system. It’s the primary method for continuously monitoring a company’s business management system (BMS). In fact, the feedback from internal auditing is critical to the growth of business effectiveness and the standardization of effective processes.

Through an audit, an organization can identify a system’s ineffectiveness, take corrective action, and ultimately support continuous improvement. Unfortunately, a poorly deployed internal auditing system can lead to increased nonvalue-added costs, many hours of wasted human resources, and a BMS breakdown.

The following is an example of a common pitfall to poor and ineffective internal audit deployment: Not understanding the definition of, and not basing audits on status and importance.

Status and importance can be interpreted differently, but their intent is often misunderstood. Status can be defined as how a particular department, discipline, facility, or process is performing against established policies, goals, objectives, and expectations.

Some questions to ask when considering status include:

  • What are the performance indicators for an area, group, or department reflecting?
  • What does the performance history indicate?
  • Have these indicators been the result of root cause corrective actions? Are they recurring?
  • Have there been changes in process, equipment, personnel, or management?
  • Has the area or department been restructured or reorganized?

When scheduling internal audits, consider other important aspects such as:

  • What’s been the past performance history?
  • Are there any new employees, equipment, or management personnel?
  • How effective is the training system?
  • What do past audit results indicate?
  • How critical is that area? (risk or customer touch point).

When you build your company audit plan on status and importance your focus is process oriented, not checklist mandated. Truly effective audits don’t just concentrate on process weakness, but on process potential.

Celebrate World Quality Month

Sunday, November 3rd, 2013

 Sustaining Edge Solutions, Inc. Newsletter

Performance Improvement Solutions for Your Business                                 November  2013

 

 
This Month
* Celebrate World Quality Month 2013
* ISO 27001:2013 ISMS Revision
* Effective Internal Audits
* In the News
* Training Courses

 

Events…
2014 Lean and Six Sigma Conference  Feb 24-25, Phoenix, AZ.  See you there!
 

 

 
Helpful Links…

Join Our Newsletter List!

 
What We Do 
  • Operational and Quality Systems 
  • Training
  • Lean Enterprise 
  • Six Sigma
  • Kaizen Events
  • ITAR
  • NADCAP
  • Improved Profits and More!

 

Connect With Us
Our newsletters provide information on business management systems.  These systems include ISO 9001 QMS, AS9100 Aviation, Space and Defense, ISO/TS 16949 Automotive, ISO 27001 Information Security, ISO 13485 Medical Devices, ISO 14001 Environmental, and others.  Subjects include performance improvement methods such as Six Sigma, Lean Enterprise, and other topics of interest to our readers.

If you have any questions regarding the content or have a subject of interest for a future newsletter, please let us know.  

 

Happy World Quality Month!

 

November is World Quality Month. World Quality Month is an annual celebration of quality and its impact in the world. This is a time to celebrate – a time to showcase the advancements and valuable quality contributions in businesses, communities, and institutions. Together-through our collective passion for the community-we will raise the voice of quality worldwide. 

World Quality Month was inaugurated in November 2010. World Quality Month was established to reignite attention once generated in the 1980s by National Quality Month in the U.S. and to create a united, global forum for the people and organizations that have celebrated World Quality Days in November to come together and raise their voices for quality.
As the convener of World Quality Month, the American Society for Quality calls upon the global quality community to submit news about upcoming events, stories on the impact of quality, research articles/white papers/best practices, or any other appropriate content that raises the voice of quality. Having a diverse collection of stories, events, and resources from around the world will effectively showcase the advancement and valuable quality contributions in businesses, communities, and institutions worldwide.

 

Current information and resources include:
  • Success Stories: Over 30 subject tags to quality success stories, case studies and best practices.
  • Knowledge Resources: Many videos on subjects such as how organizations are creating a culture of quality, lean and economics of speed, and turn around or shot down. Blog resources are also highlighted. 
  • World events and conferences on business and quality improvement
  • Share your Story: Quality events, case studies, and recognition of quality minded associates.  

  

ISO 27001:2013 ISMS Revision          

  

ISO/IEC 27001:2013 Information Security Management System (ISMS) specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization

The new revision is substantially different to the 2005 edition of the standard. The 2013 edition of the standard has been developed using Annex SL, part of a document published by ISO which provides a common approach and structure for management system standards. Since ISO/IEC 27001:2013 adopts Annex SL it more easily lends itself to integration with other management system standards.

Whereas the 2005 edition of the standard specified the Plan-Do-Check-Act (PDCA) cycle as the method for developing and continually improving an ISMS, the 2013 edition does not mandate this approach. Instead the 2013 edition of the standard allows you to use either PDCA or other approaches.

The terms and definitions that appeared in the 2005 edition of the standard have now been removed, and instead ISO/IEC 27000:2012 is referenced as the source for terms and definitions; the terminology in the standard has also been updated.

There is an increased focus on setting objectives, assessing performance and metrics in ISO/IEC 27001:2013. Additionally, the risk assessment requirements in the standard are less prescriptive and are aligned with ISO 31000 – the international standard for risk management.

What are the main changes?

  • The revised standard has been written using the new high level structure, which is common to all new management systems standards. This will allow easy integration when implementing more than one management system
  • Terminology changes have been made and some definitions have been removed or relocated
  • Risk assessment requirements have been aligned with BS ISO 31000
  • Management commitment requirements have a focus on “leadership”
  • Preventive action has been replaced with “actions to address, risks and opportunities”
  • SOA  requirements are similar, with more clarity on the need to determine controls by the risk treatment process
  • Controls in Annex A have been modified to reflect changing threats, remove duplication and have a more logical grouping. Specific controls have also been added around cryptography and security in supplier relationships.
  • Greater emphasis is on setting objectives, monitoring performance and metrics

As certification to this standard continues to grow globally, this revision helps ensure the standard’s continued relevance to the issues and challenges companies face today.

 

Contact us for more information about the revision and for all your company ISO 27001 ISMS needs.    

 

Effective Internal Audits           

  

When effectively implemented, internal auditing can be considered the most important tool in your quality system. It’s the primary method for continuously monitoring a company’s quality management system (QMS). In fact, the feedback from internal auditing is critical to the growth of business effectiveness and the QMS.   

Through an audit, an organization can identify a system’s ineffectiveness, take corrective action, and ultimately support continuous improvement. Unfortunately, a poorly deployed internal auditing system can lead to increased nonvalue-added costs, many hours of wasted human resources, and a QMS breakdown.

Management must buy into the fact that the internal audit process is just as critical and important an activity as any other process within the QMS. The number one issue that has been repeated over the years by internal auditors is that ” management does not provide us enough time to conduct effective audits.”  This may be the case, however using your time and methods effectively can bolster your results.

The following is an example of a common pitfall to poor and ineffective internal audit deployment: 

 

  • Not understanding the definition of, and not basing audits on status and importance

Status and importance can be interpreted differently, but their intent is often misunderstood. Status can be defined as how a particular department, discipline, facility, or process is performing against established policies, goals, objectives, and expectations. Some questions to ask when considering status include:  

 

  • What are the performance indicators for an area, group, or department reflecting?
  • What does the performance history indicate? 
  • Have these indicators been the result of root cause corrective actions? Are they recurring? 
  • Have there been changes in process, equipment, personnel, or management? 
  • Has the area or department been restructured or reorganized?   

 

When scheduling internal audits, consider other aspects such as:   

 

  • What’s been the past performance history?
  • Are there any new employees, equipment, or management personnel?
  • How effective is the training system?
  • What do past audit results indicate? 
  • How critical is that area? (risk or customer touch point).  

 

Truly effective audits don’t just concentrate on process weakness, but on process potential.  We will continue with further internal audit pitfall information in our next newsletter.

 

  
In the News      
   
Latest ISO Survey Confirms Boost in Management Systems  

The annual survey, now in its 20th edition, gives a worldwide panorama of certification to ISO’s management system standards. The latest edition reveals a healthy growth across the board for all certifications at the end of 2012, exhibiting a worldwide total of 1,504,213 certificates across 191 countries.

All seven ISO management system standards are showing an increase compared to 2011. Here’s just one example. Only in its second year, ISO 50001 on energy management has shown impressive growth (332 %), generating special enthusiasm in Europe and South-East Asia. Certification in this area is expected to rise over the next few years as the short-term benefits of energy efficiency become noticeable.   

Free OSHA Consulting     
 
The Occupational Safety and Health Administration (OSHA) has an On-site Consultation Program that offers free and confidential advice to small and medium-sized businesses in every state, with priority given to high-hazard worksites. In the past fiscal year, the On-site Consultation Program conducted about 30,000 visits to small business worksites covering over 1.5 million workers across the nation.

The On-site Consultation services are separate from enforcement and do not result in penalties or citations. The program is state-run but federally funded. Consultants from state agencies and universities work with employers to identify workplace hazards, provide advice on compliance with OSHA standards, and assist in establishing injury and illness prevention programs.

Find out more about the free consulting at this OSHA webpage.

 
NIST Creates Website for Manufacturing-Research and Reports

The site is intended to serve as a resource for the manufacturing community and to fuel vibrant discussion and debate about the future of manufacturing in the United States. The posting of these works does not necessarily imply that NIST MEP endorses the views they express. NIST states that a lot of organizations are putting out research relevant to manufacturers. The goal was to make it easy for the community to find by gathering it all in one place.

The website is organized by topic areas such as (1) Current state of manufacturing, (2) Productivity, and (3) Capital and Cost.   Visit the NIST website for this and much more information.

Training Courses

To see the course description, schedule, and on-line registration click on the course title below. We deliver onsite training for all these courses and customized training to fit your specific needs.  We offer group discounts.  

 

View all our Courses

View Our Web Based E-Training Courses   

ISO 9001 Quality Management

Understanding and Implementing ISO9001:2008

ISO 9001:2008 Process Based Internal Auditor 

Documenting Your Management System

AS9100 Aviation, Space and Defense

Understanding and Implementing AS9100C (9110 &9120) Aviation, Space and Defense

AS9100C:2009 Process Based Internal Auditor

Documenting Your Management System 

ISO/TS 16949 Automotive

Understanding and Implementing ISO/TS16949:2009 Automotive

ISO/TS16949:2009 Process Based Internal Auditor
Documenting Your Management System 

ISO 14001 Environmental

Understanding and Implementing ISO14001:2004 Environmental
ISO14001:2004 Process Based Internal Auditor

Lean Enterprise and CI 

5S Five Pillars of a Lean Workplace Organization
Continuous Process Improvement
Lean Six Sigma
8 Disciplines (8D) of Problem Solving

ISO 13485 Medical Devices

Understanding and Implementing ISO 13485:2003 Medical Devices
ISO 13485 Process Based Internal Auditor 

ISO 27001 Information Security

Understanding and Implementing ISO 27001:2005 Information Security
ISO 27001 Process Based Internal Auditor 

All courses can be delivered at your company. Don’t see a course, location, or date that fits your needs?

Contact Us

 

 

 

Phone: 888-572-9642 toll free