Sandford Quality Consulting Slide 1 091007 Down With Silos Linking Management Systems Sandford Liebesman. Ph.D. Sandford Quality Consulting, LLC 973-898-0082

Sandford Quality ConsultingSlide 1091007

Down With SilosLinking Management Systems

Sandford Liebesman. Ph.D.

Sandford Quality Consulting, LLC

973-898-0082

[email protected]

http://www.asq.org/communities/sox


Linking Management SystemsAgenda

• Linking Management Systems• Management Systems Descriptions• QMS/EMS Support of Financial

Management• Methodology for Implementing Linked

Management Systems• Conclusions


Knock Down the Barriers

• The biggest barrier to effective operation of an organization is the lack of communication.

• Quality’s goal is customer satisfaction. Finance’s goal is improving the bottom line

• Linking improves both goals


Linking Management Systems:

• Linking Financial, Quality, Environmental and IT Management Systems.

• What do we need to keep in mind?– Satisfy organization’s objectives

– Improve understanding of each others languages & Methods

– Reduce duplication and cost of operations

– Manage risks



• Linking Management Systems:• Management Systems Descriptions• QMS/EMS Support of Financial




ISO 9001 Process Management

• Process approach defines characteristics essential to effective system management– All process and interactions are defined– Resources are identified for all processes– Support operation and monitoring of the processes– Analyze and continually improve processes – Also: Identify Process Owners, Inputs, Outputs,

Suppliers, Customers & constraints for each process• Not in current ISO 9001


ISO 14001:2004 Environmental Management System

• ISO 14001:2004 and 9001 are a matched pair

– ISO 14001:2004 was aligned with ISO 9001:2000

14001:2004 processes should work in unison with those of 9001 and financial management


Information Security Management System

• A key support of all systems

• Access to data

• Application software

• Security software protection

– ISO/IEC 27001:2005: Information Security

– CoBIT: Good practices for IT control


Financial Management System• Investment Management

– Profit & Loss of initiatives go directly to the Bottom line• Statement of Cash Flow

– Day to day business operations– Cash flow from operations, investments and

financing– Sources and uses of funds

• Profit & Loss Statement– Measures business performance at a particular time– Inputs: Income & expenses– Quality has a major effect on operating expenses


Financial Management System

• General Ledger – Where all accounting transaction are recorded– Quality provides a major portion of the data

• Balance Sheet– Measures financial health over time– Equity = Assets – Liabilities

• System of Internal Control (Sarbanes-Oxley)– COSO guidance can be supported by ISO 9001– See article in Quality Progress September 2005







QMS/EMS Support of Financial Management

• Help accountants understand the business operations

• Inputs for budgeting & forecasting• Analysis of products & services:

– Understand profitability of individual products and services

• Strategic planning & management of the product mix


QMS/EMS Support of Financial Management (Cont.)

• Inventory Management

• Using Lean-Six Sigma to support financial management

• Hard Savings: impact on P&L

• Soft Savings– Managing risk– Improved customer and employee satisfaction







Implementing a Linked Management System

Phase 1Planning

Phase 2Development

Phase 3Internal

Assessment

Phase 4ExternalAudits

Linked ManagementSystems


Phase 1: Planning

• Establish governance team• Understanding current processes• Training on Sarbanes-Oxley (SOX)

and ISO standards• Create documentation• Develop implementation schedule


Other Activities During Phase 1

• Assess the organization’s risk

• Run comprehensive workshop

– COSO system of internal control

– Linking Environmental, Quality & Financial processes

– Gap analysis of management systems

• Develop documented plan for phases 2,3 and 4


Phase 2: Development Phase

• Update documentation• Develop records for each management system• Define key processes in each MS• Train internal auditors and other members of the

organization


Phase 2 deliverables

• Revised documentation and records• A document describing the internal control system

and its relationship to ISO 9001, 14001 & IT• ISO 9001, ISO 14001 and internal controls (SOX)

training – Provision of products/services

– Risk management

– Financial activities.


Phase 3: Internal Assessment Phase

• Internal financial, quality & environmental audits

• Information Technology Capability Maturity Model Integration (CMMI) level

• Methods of linking financial, quality & environmental audits

• Corrective actions for weaknesses


Document Audit Results

• Assure system of internal control (SOX) is effective• Identify key controls

– ID flow of significant transactions– Are controls operating effectively?– Perform tests for design and operational effectiveness– ID control gaps– Document test results

• Document Audit Teams test results and opinion on effectiveness of SOX and related controls


Phase 3 Deliverables

• A completed linked internal audit

• Evaluate effectiveness of “system of internal control”

• Understand use of controls in supply & service organizations

• Review corrective actions

• Determine whether to proceed to Phase 4


Phase 4:External Audits

• 3 separate audits

• Audit support team for each audit

• Set up a command post

–Top manager team to interaction with senior auditors


Phase 4 Deliverables• Prepare for 3 separate audits

– Review each management system– Check lists for each audit – Expert support during each audit

• Training on how to deal with the auditors– Use role playing extensively

• Set up command post– Make sure of the leadership team availability

• And experts to advise







Results of Linking Management Systems

• Satisfy objectives

• Understand each other’s language & Methods

• Reduce duplication and cost of implementation• Example: Conduct joint internal audits

• Effective risk management process

• Clarify role of Information Technology

• Improve corporate governance


Keys to Linking Management Systems

• Implement the process approach in all MS• Connect common processes across all MS

– Document control– Control of records– Audit processes– Preventive action– Corrective action– Management review

• Link operations to SOX compliance• Implement continual improvement in all MS


What have we Learned• Linking Management Systems is important in

– Satisfying Organizational Objectives and goals

– Improving understanding between Organizations & removing Silos

– Reducing Duplication and Cost

• Example: Joint internal audits

– Implementing an effective risk management Program

– Importance of IT Systems to an Effective Operating System

– Using of LSS in all management systems

• An effective 4 phase system of implementation was described


How to Order1. Paton Press: 4 ways to order: Mail: Paton

Professional P.O. Box 44Chico, CA 95927; Fax: (530) 342-5471; Phone: (530) 342-5480; Web: www.patonprofessional.com

2. Amazon.com http://www.amazon.com/Competitive-Advantage-Linked-Management-Systems/dp/1932828354/ref=cm• Kindle or paperback Edition $39.95

3. Barnes & Noble• http://www.barnesandnoble.com Nook Book (e-book)

$39.95


Backup Slides


Linked Management Systems Structure & Development


Financial Management System• Investments

– Evaluate investments• Statement of Cash Flow

– Day to day business operations– Sources of funds– Use of funds

• Profit & Loss Statement– Measures performance of business over time

• Income• Expenses

– COGS– Operating expenses


Financial Management System (Cont.)

• Balance Sheet– Measures financial health and liquidity

• Current and Long-term Assets – Cash– Accounts Receivable– Inventory– Capital

• Liabilities and equity – Financial obligations– Accounts payable (Invoices & bills)– Taxes– Short-term debt

– Equity = Total assets – total liabilities• Common and preferred stock• Retained earnings


Financial Management System (Cont.)

• General Ledger– Where all accounting transactions are posted

• System of Internal Control (Sarbanes-Oxley)


Key Definitions

• Internal Control Deficiencies exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.– A deficiency in design exists when (a) a control necessary to

meet the control objective is missing or (b) an existing control is not properly designed so that, even if the control operates as designed, the control objective would not be met.

– A deficiency in operation exists when a properly designed control does not operate as designed, or when the person performing the control does not possess the necessary authority or competence to perform the control effectively.


Key Definitions (Cont.)• Significant deficiency: a deficiency, or a

combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company's financial reporting.

• Significant Deficiency Example: The lack of controls in place to ensure reconciliation of all inter-company accounting, such as cash transfers from one department to another regardless of transaction size


Key Definitions (Cont)• Material Weakness: is a deficiency, or a combination of

deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis.

• Material Weakness Examples: • The lack of controls in place to ensure reconciliation of inter-company

material transfers, such as inventory transfers, allocation of research and development costs, and corporate charges

• Frequent failure of a single source supplier to ship key components which resulted in major losses of business


Key Definitions (Cont)

• Entity level typically refers to the department or organization as a whole– Can also include discrete units, such as regional or field

offices, assessable units or significant accounts• Activity level refers to the major functions within an

assessable unit or significant account• Evaluating internal control at the entity-wide level

is generally accomplished through observation, inquiry, and inspection, rather than the detailed testing that lends itself to the Activity level internal controls

Documents

Sandford Quality Consulting Slide 1 091007 Down With Silos Linking Management Systems Sandford Liebesman. Ph.D. Sandford Quality Consulting, LLC 973-898-0082