Upload
clarissa-pitts
View
241
Download
1
Embed Size (px)
Citation preview
Sandford Quality ConsultingSlide 1091007
Down With SilosLinking Management Systems
Sandford Liebesman. Ph.D.
Sandford Quality Consulting, LLC
973-898-0082
http://www.asq.org/communities/sox
Sandford Quality ConsultingSlide 2091007
Linking Management SystemsAgenda
• Linking Management Systems• Management Systems Descriptions• QMS/EMS Support of Financial
Management• Methodology for Implementing Linked
Management Systems• Conclusions
Sandford Quality ConsultingSlide 3091007
Knock Down the Barriers
• The biggest barrier to effective operation of an organization is the lack of communication.
• Quality’s goal is customer satisfaction. Finance’s goal is improving the bottom line
• Linking improves both goals
Sandford Quality ConsultingSlide 4091007
Linking Management Systems:
• Linking Financial, Quality, Environmental and IT Management Systems.
• What do we need to keep in mind?– Satisfy organization’s objectives
– Improve understanding of each others languages & Methods
– Reduce duplication and cost of operations
– Manage risks
Sandford Quality ConsultingSlide 5091007
Linking Management SystemsAgenda
• Linking Management Systems:• Management Systems Descriptions• QMS/EMS Support of Financial
Management• Methodology for Implementing Linked
Management Systems• Conclusions
Sandford Quality ConsultingSlide 6091007
ISO 9001 Process Management
• Process approach defines characteristics essential to effective system management– All process and interactions are defined– Resources are identified for all processes– Support operation and monitoring of the processes– Analyze and continually improve processes – Also: Identify Process Owners, Inputs, Outputs,
Suppliers, Customers & constraints for each process• Not in current ISO 9001
Sandford Quality ConsultingSlide 7091007
ISO 14001:2004 Environmental Management System
• ISO 14001:2004 and 9001 are a matched pair
– ISO 14001:2004 was aligned with ISO 9001:2000
14001:2004 processes should work in unison with those of 9001 and financial management
Sandford Quality ConsultingSlide 8091007
Information Security Management System
• A key support of all systems
• Access to data
• Application software
• Security software protection
– ISO/IEC 27001:2005: Information Security
– CoBIT: Good practices for IT control
Sandford Quality ConsultingSlide 9091007
Financial Management System• Investment Management
– Profit & Loss of initiatives go directly to the Bottom line• Statement of Cash Flow
– Day to day business operations– Cash flow from operations, investments and
financing– Sources and uses of funds
• Profit & Loss Statement– Measures business performance at a particular time– Inputs: Income & expenses– Quality has a major effect on operating expenses
Sandford Quality ConsultingSlide 10091007
Financial Management System
• General Ledger – Where all accounting transaction are recorded– Quality provides a major portion of the data
• Balance Sheet– Measures financial health over time– Equity = Assets – Liabilities
• System of Internal Control (Sarbanes-Oxley)– COSO guidance can be supported by ISO 9001– See article in Quality Progress September 2005
Sandford Quality ConsultingSlide 11091007
Linking Management SystemsAgenda
• Linking Management Systems:• Management Systems Descriptions• QMS/EMS Support of Financial
Management• Methodology for Implementing Linked
Management Systems• Conclusions
Sandford Quality ConsultingSlide 12091007
QMS/EMS Support of Financial Management
• Help accountants understand the business operations
• Inputs for budgeting & forecasting• Analysis of products & services:
– Understand profitability of individual products and services
• Strategic planning & management of the product mix
Sandford Quality ConsultingSlide 13091007
QMS/EMS Support of Financial Management (Cont.)
• Inventory Management
• Using Lean-Six Sigma to support financial management
• Hard Savings: impact on P&L
• Soft Savings– Managing risk– Improved customer and employee satisfaction
Sandford Quality ConsultingSlide 14091007
Linking Management SystemsAgenda
• Linking Management Systems:• Management Systems Descriptions• QMS/EMS Support of Financial
Management• Methodology for Implementing Linked
Management Systems• Conclusions
Sandford Quality ConsultingSlide 15091007
Implementing a Linked Management System
Phase 1Planning
Phase 2Development
Phase 3Internal
Assessment
Phase 4ExternalAudits
Linked ManagementSystems
Sandford Quality ConsultingSlide 16091007
Phase 1: Planning
• Establish governance team• Understanding current processes• Training on Sarbanes-Oxley (SOX)
and ISO standards• Create documentation• Develop implementation schedule
Sandford Quality ConsultingSlide 17091007
Other Activities During Phase 1
• Assess the organization’s risk
• Run comprehensive workshop
– COSO system of internal control
– Linking Environmental, Quality & Financial processes
– Gap analysis of management systems
• Develop documented plan for phases 2,3 and 4
Sandford Quality ConsultingSlide 18091007
Phase 2: Development Phase
• Update documentation• Develop records for each management system• Define key processes in each MS• Train internal auditors and other members of the
organization
Sandford Quality ConsultingSlide 19091007
Phase 2 deliverables
• Revised documentation and records• A document describing the internal control system
and its relationship to ISO 9001, 14001 & IT• ISO 9001, ISO 14001 and internal controls (SOX)
training – Provision of products/services
– Risk management
– Financial activities.
Sandford Quality ConsultingSlide 20091007
Phase 3: Internal Assessment Phase
• Internal financial, quality & environmental audits
• Information Technology Capability Maturity Model Integration (CMMI) level
• Methods of linking financial, quality & environmental audits
• Corrective actions for weaknesses
Sandford Quality ConsultingSlide 21091007
Document Audit Results
• Assure system of internal control (SOX) is effective• Identify key controls
– ID flow of significant transactions– Are controls operating effectively?– Perform tests for design and operational effectiveness– ID control gaps– Document test results
• Document Audit Teams test results and opinion on effectiveness of SOX and related controls
Sandford Quality ConsultingSlide 22091007
Phase 3 Deliverables
• A completed linked internal audit
• Evaluate effectiveness of “system of internal control”
• Understand use of controls in supply & service organizations
• Review corrective actions
• Determine whether to proceed to Phase 4
Sandford Quality ConsultingSlide 23091007
Phase 4:External Audits
• 3 separate audits
• Audit support team for each audit
• Set up a command post
–Top manager team to interaction with senior auditors
Sandford Quality ConsultingSlide 24091007
Phase 4 Deliverables• Prepare for 3 separate audits
– Review each management system– Check lists for each audit – Expert support during each audit
• Training on how to deal with the auditors– Use role playing extensively
• Set up command post– Make sure of the leadership team availability
• And experts to advise
Sandford Quality ConsultingSlide 25091007
Linking Management SystemsAgenda
• Linking Management Systems:• Management Systems Descriptions• QMS/EMS Support of Financial
Management• Methodology for Implementing Linked
Management Systems• Conclusions
Sandford Quality ConsultingSlide 26091007
Results of Linking Management Systems
• Satisfy objectives
• Understand each other’s language & Methods
• Reduce duplication and cost of implementation• Example: Conduct joint internal audits
• Effective risk management process
• Clarify role of Information Technology
• Improve corporate governance
Sandford Quality ConsultingSlide 27091007
Keys to Linking Management Systems
• Implement the process approach in all MS• Connect common processes across all MS
– Document control– Control of records– Audit processes– Preventive action– Corrective action– Management review
• Link operations to SOX compliance• Implement continual improvement in all MS
Sandford Quality ConsultingSlide 28091007
What have we Learned• Linking Management Systems is important in
– Satisfying Organizational Objectives and goals
– Improving understanding between Organizations & removing Silos
– Reducing Duplication and Cost
• Example: Joint internal audits
– Implementing an effective risk management Program
– Importance of IT Systems to an Effective Operating System
– Using of LSS in all management systems
• An effective 4 phase system of implementation was described
Sandford Quality ConsultingSlide 29091007
How to Order1. Paton Press: 4 ways to order: Mail: Paton
Professional P.O. Box 44Chico, CA 95927; Fax: (530) 342-5471; Phone: (530) 342-5480; Web: www.patonprofessional.com
2. Amazon.com http://www.amazon.com/Competitive-Advantage-Linked-Management-Systems/dp/1932828354/ref=cm• Kindle or paperback Edition $39.95
3. Barnes & Noble• http://www.barnesandnoble.com Nook Book (e-book)
$39.95
Sandford Quality ConsultingSlide 30091007
Backup Slides
Sandford Quality ConsultingSlide 31091007
Linked Management Systems Structure & Development
Sandford Quality ConsultingSlide 32091007
Financial Management System• Investments
– Evaluate investments• Statement of Cash Flow
– Day to day business operations– Sources of funds– Use of funds
• Profit & Loss Statement– Measures performance of business over time
• Income• Expenses
– COGS– Operating expenses
Sandford Quality ConsultingSlide 33091007
Financial Management System (Cont.)
• Balance Sheet– Measures financial health and liquidity
• Current and Long-term Assets – Cash– Accounts Receivable– Inventory– Capital
• Liabilities and equity – Financial obligations– Accounts payable (Invoices & bills)– Taxes– Short-term debt
– Equity = Total assets – total liabilities• Common and preferred stock• Retained earnings
Sandford Quality ConsultingSlide 34091007
Financial Management System (Cont.)
• General Ledger– Where all accounting transactions are posted
• System of Internal Control (Sarbanes-Oxley)
Sandford Quality ConsultingSlide 35091007
Key Definitions
• Internal Control Deficiencies exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.– A deficiency in design exists when (a) a control necessary to
meet the control objective is missing or (b) an existing control is not properly designed so that, even if the control operates as designed, the control objective would not be met.
– A deficiency in operation exists when a properly designed control does not operate as designed, or when the person performing the control does not possess the necessary authority or competence to perform the control effectively.
Sandford Quality ConsultingSlide 36091007
Key Definitions (Cont.)• Significant deficiency: a deficiency, or a
combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company's financial reporting.
• Significant Deficiency Example: The lack of controls in place to ensure reconciliation of all inter-company accounting, such as cash transfers from one department to another regardless of transaction size
Sandford Quality ConsultingSlide 37091007
Key Definitions (Cont)• Material Weakness: is a deficiency, or a combination of
deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis.
• Material Weakness Examples: • The lack of controls in place to ensure reconciliation of inter-company
material transfers, such as inventory transfers, allocation of research and development costs, and corporate charges
• Frequent failure of a single source supplier to ship key components which resulted in major losses of business
Sandford Quality ConsultingSlide 38091007
Key Definitions (Cont)
• Entity level typically refers to the department or organization as a whole– Can also include discrete units, such as regional or field
offices, assessable units or significant accounts• Activity level refers to the major functions within an
assessable unit or significant account• Evaluating internal control at the entity-wide level
is generally accomplished through observation, inquiry, and inspection, rather than the detailed testing that lends itself to the Activity level internal controls