Off the shelf systems will always be a part of our industry and I guess they do have their place in some ways. The problem with an off the shelf system is that the majority of the time, it ends up right back on the shelf gathering dust.
By off the shelf system I mean a system that has already been implemented elsewhere and just basically has a different business name slapped on it. Majority of the time the documentation will meet the requirements of the standard but when you audit it, the processes don't reflect the business at all or there are massive gaps.
These systems will only work if you use it purely as a guide. Have a look at what someone else has done to see what kind of information has been included and then re-write the whole thing.
Systems are only beneficial when they accurately describe YOUR business processes, not someone elses.
Chevron HSEQ
HSEQ Management Systems Consulting
Thursday, July 28, 2011
Tuesday, July 26, 2011
Using Sustainability to Improve Bottom Line
I just read this article and thought it was worth sharing
Safety Risk Assessments
I have been harping on about the new Workplace Health and Safety laws lately but I believe it is hugely important. Workers should always go home just as happy and healthy as when they came to work. If they come to work unhealthy and grumpy then that's their problem.
Work Safe Australia has put out a number of draft codes of practice that are really informative and should definitely be read by anyone with a duty of care to employees and workers.
I've provided this one today as it's a good starting point. It's the new draft code of practice for Managing and Assessing Risk. Click the link for the PDF version
Monday, July 25, 2011
Supplier Evaluation
Whether you are building a certified system or not it pays to perform an evaluation of your suppliers at least annually at a minimum.
Depending on what service they provide you, there may be critical information that they need to supply you on a regular basis that might be overlooked otherwise. For example if a supplier requires licenses, certifications etc to be able to perform work, you should know that they are current and applicable.
By ensuring that your suppliers have up to date public liability insurances and Workcover certificates of currency, you help lower your risk if something happens. Professional Indemnity Insurance also gets overlooked. We pay quite a lot each year to make sure that we are insured for professional indemnity and yet no one ever asks us for a copy of our policy.
Develop a checklist of critical information and send it out to your suppliers. Keep the information on a spreadsheet and put any expiration dates into your calendar so that you can chase it up when the time comes
External Audits
Evening all. Apologies for the for the large delay since my last post, been quite a hectic few days as we are looking at purchasing another consulting business.
I had an external audit today and I have to say being audited is probably the least enjoyable part of my job. On a positive note though if you get a good auditor it can be a little less stressful. If you get a non-conformance of any sort it's not the end of the world. Generally it will just mean that you have to undertake a corrective action and show evidence that it has been fixed.
I think there is a lot of pressure on people to go through audits without any form of corrective action arising from it. There really shouldn't be. Corrective actions help you to learn and improve your systems.
If you believe that the non-conformance is unjustified though remember that you can disagree with your auditor. Some auditors interpret the standard differently, you just need to explain your interpretation and back it up with evidence.
Monday, July 18, 2011
The Importance of Compliance
The number of people I speak to in day to day travels and in social settings that either run a business or own a business and are unaware of the importance of compliance is a little scary.
I use the term compliance in terms of regulatory compliance, in other words what laws and regulations businesses have to adhere to. Just because you don't have a certified Safety, Quality or Environmental Management System doesn't mean you don't need to regularly assess your compliance.
If you are reading this and you are in a position of seniority, ask yourself a few basic questions.
1. Am I aware of ALL regulations that are applicable to my business?
2. How do I stay up to date if a regulation changes?
3. When was the last time we assessed our compliance with current regulations?
4. Do I know the penalties that apply to me individually for con-compliance?
You have to remember that when it comes to being a business owner or Senior Manager, there are laws that if not followed and lead to death of a worker or other catasrophes, you personally may be fined or imprisoned on top of fines for the business.
It doesn't take long to get yourself up to speed and there are many wonderful people out there like myself to assist you.
I use the term compliance in terms of regulatory compliance, in other words what laws and regulations businesses have to adhere to. Just because you don't have a certified Safety, Quality or Environmental Management System doesn't mean you don't need to regularly assess your compliance.
If you are reading this and you are in a position of seniority, ask yourself a few basic questions.
1. Am I aware of ALL regulations that are applicable to my business?
2. How do I stay up to date if a regulation changes?
3. When was the last time we assessed our compliance with current regulations?
4. Do I know the penalties that apply to me individually for con-compliance?
You have to remember that when it comes to being a business owner or Senior Manager, there are laws that if not followed and lead to death of a worker or other catasrophes, you personally may be fined or imprisoned on top of fines for the business.
It doesn't take long to get yourself up to speed and there are many wonderful people out there like myself to assist you.
Sunday, July 17, 2011
Continuous vs Continual Improvement
Whoever decided that the term "Continual Improvement" should be part of the ISO9001 standard probably didn't realise the drama that it would cause. If they did they probably would have chosen a different term.
The difference between the two is that continual occurs over a long period of time but with intervals of interruptions where as continuous occurs over a long period of time uninterrupted.
It is due to this "same same but different" issue that many people building a system for the first time will use the terms interchangeably. Just like people use the terms "certification" and "accreditation" interchangeably.
At the end of the day, if you just use "continual" you won't have any issues. In my early days building systems I was given a corrective action for using the word continuous instead of continual in a quality policy. As far as I am concerned that is just a prime example of an auditor being a jerk as opposed to a genuine fault in the system requiring in depth root cause analysis. In this case my root cause analysis determined that my highschool English teacher failed to cover the complexities of continual vs continuous. My corrective action could only be to go back to highschool and do English all over again.
Friday, July 15, 2011
A Different Approach to Management
Well it's a Saturday Morning and I have a slight hangover so no advice this morning.
I just wanted to post this video because I thought it was hillarious and seeing as I no longer have facebook this is my only way of sharing pointless videos.
I think this is how I should run my business from now on.
Wednesday, July 13, 2011
Setting Environmental Objectives and Targets
When setting objectives and targets for an Environmental Management System I see these same mistakes all the time.
1. Setting too many targets.
2. Setting targets that are unrealistic
3. Setting targets that you cannot have a direct influence on.
Firstly, you don't need to set targets for every environmental impact you have. You don't even have to set targets for all of your significant impacts.
My suggestion is that you pick a project each year. Select one area that you think you can make a difference in and put all of your effort into doing it well, rather than doing 10 half heartedly. You will meet the requirements of the standard and have a better result at the end of the year.
1. Setting too many targets.
2. Setting targets that are unrealistic
3. Setting targets that you cannot have a direct influence on.
Firstly, you don't need to set targets for every environmental impact you have. You don't even have to set targets for all of your significant impacts.
My suggestion is that you pick a project each year. Select one area that you think you can make a difference in and put all of your effort into doing it well, rather than doing 10 half heartedly. You will meet the requirements of the standard and have a better result at the end of the year.
Monday, July 11, 2011
Managing Portable Data Risks
After my post this morning about Cloud Computing I decided to set up an online filing system using Dropbox
www.dropbox.com
Now I can access all of my files anywhere using my laptop, desktop, Smartphone etc as well as share it with my business partner and not have to worry about backups. As seems to be my mantra these days, with benefit comes risk. If I lose my laptop or phone there is a potential for my data to be accessed by undesirables. To reduce this risk I have added password protection to keep all but the most determined hacker out.
Portable data is a much bigger risk for larger businesses however. The majority of employees now have smartphones, tablets and all number of portable devices containing sensitive information. Once again, controls should be built into your document control processes and here are a few things to think about.
1. Do you have a register of portable devices?
2. How do you control company information stored on devices not owned by the business?
3. have you assessed company controlled devices to see how easily sensitive information could be accessed?
www.dropbox.com
Now I can access all of my files anywhere using my laptop, desktop, Smartphone etc as well as share it with my business partner and not have to worry about backups. As seems to be my mantra these days, with benefit comes risk. If I lose my laptop or phone there is a potential for my data to be accessed by undesirables. To reduce this risk I have added password protection to keep all but the most determined hacker out.
Portable data is a much bigger risk for larger businesses however. The majority of employees now have smartphones, tablets and all number of portable devices containing sensitive information. Once again, controls should be built into your document control processes and here are a few things to think about.
1. Do you have a register of portable devices?
2. How do you control company information stored on devices not owned by the business?
3. have you assessed company controlled devices to see how easily sensitive information could be accessed?
Cloud Computing & Document Control
Cloud Computing is the next step up in the growing functionality of the internet, providing the means through which everything — from computing power to computing infrastructure, applications, business processes to personal collaboration — can be delivered to you as a service wherever and whenever you need (providing you have an internet connection of course).
As with any new technology, with the benefits comes new challenges and risks. If your business is moving towards a cloud system as opposed to an on site server based system, you need to take a look at the risks that come with it and build some controls into your document control processes.
When looking into a cloud system you should really assess the following risks and ask a lot of questions from your potential cloud provider such as:
1. Where will the information be stored? Some countries may have differing views on privacy
2. What is the backup and recovery process if something goes wrong?
3. How viable is the cloud provider ie. will they still be around in 2 years? What will happen to your data if they go bust?
4. How is the data encrypted? The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists.
As long as you do your homework and revise your processes, cloud computing can be a great tool.
As with any new technology, with the benefits comes new challenges and risks. If your business is moving towards a cloud system as opposed to an on site server based system, you need to take a look at the risks that come with it and build some controls into your document control processes.
When looking into a cloud system you should really assess the following risks and ask a lot of questions from your potential cloud provider such as:
1. Where will the information be stored? Some countries may have differing views on privacy
2. What is the backup and recovery process if something goes wrong?
3. How viable is the cloud provider ie. will they still be around in 2 years? What will happen to your data if they go bust?
4. How is the data encrypted? The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists.
As long as you do your homework and revise your processes, cloud computing can be a great tool.
Sunday, July 10, 2011
The Carbon Tax
With yesterdays announcement that the Carbon Tax will go ahead the online chatter about the issue has been in overdrive. As with any large issue everybody has their opinions and as this blog is my outlet I am going to voice mine.
I am against putting a price on carbon. Does charging big business to produce pollution then legitimise it's production?
As any environmental consultant would know, finding efficiencies and improvements in environmental performance costs money. It takes commitment from senior management and is generally driven by the bottom line. By increasing the production costs of 500 big polluters it is essentially taking away the incentive to find efficiencies. Would you bother spending money on improvements when you can pass the costs of pollution onto the consumer?
Why not provide tax incentives for spending profits on research and development?
I could go on and on all day about this one but I won't. I'm happy to discuss/debate the issue in the comments section though.
I am against putting a price on carbon. Does charging big business to produce pollution then legitimise it's production?
As any environmental consultant would know, finding efficiencies and improvements in environmental performance costs money. It takes commitment from senior management and is generally driven by the bottom line. By increasing the production costs of 500 big polluters it is essentially taking away the incentive to find efficiencies. Would you bother spending money on improvements when you can pass the costs of pollution onto the consumer?
Why not provide tax incentives for spending profits on research and development?
I could go on and on all day about this one but I won't. I'm happy to discuss/debate the issue in the comments section though.
Thursday, July 7, 2011
Something a little different
It's a friday so I don't have much to say today. For something different the video below is a cheesy documentary my business partner and I made about our time running the cleaning contract at a large Vegas casino in Macau. I was 19 at the time so it was a massive learning curve for me.
Ignore the advertising that pops up when you press play.
Ignore the advertising that pops up when you press play.
Wednesday, July 6, 2011
Corrective Action
Stuff ups in day to day business are inevitable. How you deal with them and use those stuff ups to improve your systems often means the difference between a good business and a great business.
Take a moment to think of the three biggest things in your business that always seem to have problems. Have you done a proper root cause analysis on these issues to see what the deeper issue is? Often the cause of the problem is not what you think.
You don't have to have a Quality Management System in place to implement a good corrective action system, all you need is a way of recording issues, analysing the root cause and implementing short and long term solutions.
The best place to start is with a register for customer complaints and feedback. Record all feedback for a 6 month period and look for trends. Perhaps one employee receives more complaints than others. The root cause analysis may show that the problem is not the employee but their lack of training. Once you know this information you can develop short and long term solutions to help combat the issue.
Take a moment to think of the three biggest things in your business that always seem to have problems. Have you done a proper root cause analysis on these issues to see what the deeper issue is? Often the cause of the problem is not what you think.
You don't have to have a Quality Management System in place to implement a good corrective action system, all you need is a way of recording issues, analysing the root cause and implementing short and long term solutions.
The best place to start is with a register for customer complaints and feedback. Record all feedback for a 6 month period and look for trends. Perhaps one employee receives more complaints than others. The root cause analysis may show that the problem is not the employee but their lack of training. Once you know this information you can develop short and long term solutions to help combat the issue.
Tuesday, July 5, 2011
Workplace Health & Safety Act 2012
Change is great for a consultant like me but can be difficult for business. The new Workplace Health and Safety Act is going to be one of those changes.
Thankfully you have plenty of warning so my suggestion is to start readying for it ASAP. The below link is a good starting point to familiarise yourself with the new laws.
http://goo.gl/cfgUD
A copy of the new act (June 23 revision) is also available here.
http://www.safeworkaustralia.gov.au/Legislation/ModelWHSAct/Pages/ModelWHSAct.aspx
This will replace the current OH&S regulations.
The new law will place a greater emphasis on duty of care and will also drastically change the way safety risk is assessed.
If you are a business owner/manager, you need to know what your obligations are to protect your staff and your own ass.
Thankfully you have plenty of warning so my suggestion is to start readying for it ASAP. The below link is a good starting point to familiarise yourself with the new laws.
http://goo.gl/cfgUD
A copy of the new act (June 23 revision) is also available here.
http://www.safeworkaustralia.gov.au/Legislation/ModelWHSAct/Pages/ModelWHSAct.aspx
This will replace the current OH&S regulations.
The new law will place a greater emphasis on duty of care and will also drastically change the way safety risk is assessed.
If you are a business owner/manager, you need to know what your obligations are to protect your staff and your own ass.
Q & A
Well it's a hump day and no blog topics come to mind this morning so I'll leave this post as an open question and answer. If you have any questions relating to either QA, Safety, Enviro, Risk or Integrated Systems fire away. Hopefully my creative synapses will be firing better tomorrow.
Monday, July 4, 2011
Managing Social Media Risk
I've just come from a meeting with a new client and a big part of a new project they are starting revolves around social media.
Social media such as facebook, twitter, google plus (when google finally lets us try it out) etc, can be fantastic tools IF they are managed properly. I would not be at all suprised if future ISO9001 Standards contain a requirement for managing social media.
In order to minimise risk to your business you need to develop strong external communication policies and regularly monitor what is being sent out into the big wide world.
A few things to consider:
1.. Who is responsible for Managing your social media? How much authority to do they have to post on behalf of your business?
2. What guidelines have you set as to what can be spoken about in an open forum?
3. Who owns the social media account?
4. What damage control procedures do you have in place?
5. Where do you draw the line between personal and business?
Here's an example of what I mean. If I hire a consultant and they have a blog similar to mine, have a private facebook page and have a twitter account I need to set some guidelines straight off the bat. Personally I don't want my business referenced anywhere in personal blog posts, twitter posts etc without my approval. The consultant may set up an 80:20 facebook page and 80:20 twitter account but in the end I own those accounts and have full access to them.
Legal & Other Requirements
The necessity to determine your legal and other requirements and assess conformance is one of the areas that is specific to Environmental Management Systems and Safety Management Systems but not Quality Management Systems. In my mind this one area where the Quality Assurance Standard is lacking. All businesses should have systems in place that determine what their legal requirements are, what the conformance criteria is and how often they should be assessed.
When developing your register of legal and other requirements, I suggest using a tool such as enviroessentials.com as they have already done a lot of the leg work for you and save you reading through page after page after page of mind numbing EPA or Worksafe documentation. They can also help you find information specific to your industry and send you regular notifications of changes to legislation.
Remember that it is a legal and OTHER requirements register. You are required to not only determine your legal requirements, but also specific non legal requirements such as customer reporting requirements. In order to capture all of your other requirements you will need to read back through your contracts and agreements with current clients and add in any specific conformance requirements that may be included.
As always if you require any assistance setting up your Legal and Other Requirements register or performing a conformance assessment give me a yell.
Sunday, July 3, 2011
Risk Assessments Vs Aspects & Impacts
When building a Safety Management System or Environmental Management System one of the first steps in the planning process is assessing risk.
One of the most important things to realise early on is that Environmental Risk and Safety Risk are two very different things and therefore require a different criteria for assessment. The standard safety risk assessment matrix like the one below (taken from www.dpmc.gov.au)
Is fine for assessing safety risk but I would not recommend using this model for assessing your environmental risk. When I perform an aspects and impacts assessment there are a number of criteria that I use that have no correlation with safety risk.
My recommendation for an Integrated Management System is to not fully integrate your risk management processes. I have yet to see a system that works for both safety and environmental risk.
Subscribe to:
Posts (Atom)