Your organisation must undertake planning in order to determine how its management system objectives will be achieved. This planning includes determining the work required in order for the organisation to realise its objectives - you should look for evidence that effective planning is taking place to support the achievement of your organisation’s objectives. Additionally, your organisation must determine how it will evaluate the work done, including the use of indicators, and whenever possible, to integrate these planned actions into its business processes. The use of indicators needs to be audited in detail in order to determine whether:
Establishing an action plan for each objective may require effort on the part of the personnel at relevant levels within your organisation. To ensure the progress of the action plan and a coordinated effort, a target leader should be selected for each target. The target leader will be responsible for ensuring a target is achieved within the specified timeframe. Once the action plan is established, you must implement it. You may find that the following suggestions will help foster a cooperative effort in accomplishing the plan:
The management programme should be revised regularly to reflect changes in your organisation’s objectives and targets. Track all new or modified operations, activities, and/or products in case the management programme needs to be amended to reflect these changes. Review a set of interrelated objectives, ensuring that they are mutually consistent and that they are aligned with the strategic direction of your organisation. Documented information of objectives typically is in the form of a description or matrix of the objective and corresponding means and timeframe to achieve the objectives. You should ensure that your planning activity takes into consideration the following points:
If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us. Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses).
0 Comments
An effectively implemented management system aligns the policy with strategic and management system objectives and provides the framework upon which to translate these objectives into functional targets. Establish and maintain documented quality objectives and targets at each relevant function and level within the organisation. The objectives and targets establish an important link between the policies and the management programmes. The objectives and targets must be consistent with the policies, including the commitment to, for example in the case of ISO 14001, prevention of pollution and continual improvement. Depending on the size, management structure, and other factors pertaining to your organisation, the objectives may be established and reviewed by various personnel and with direct Top Management input. Your organisation will need to set their environmental, quality and health & safety objectives for relevant functions, levels and processes within the management system. It is for your organisation to decide which functions, levels and processes are relevant. You should also use indicators to monitor the achievement of objectives. Indicators should have a measurable representation of the status of operations, management or conditions. Each objective should have one or more associated indicators. Objectives can apply to an entire organisation, can be site-specific, or can be specific to individual activities. The appropriate level(s) of management personnel should define the objectives and targets. In some cases, personnel who set objectives may not be the same as those who set targets. Remember that the objectives are the overall goals as reflected in the principles established in the policy. The scope and number of the objectives and targets must be realistic and achievable. Otherwise, the success and continued commitment from Top Management and employees will diminish. Consider the factors below, as you begin to formulate your objectives:
Targets must be quantified where practicable and the units that are used to quantify the targets are referred to as Key Performance Indicators (KPIs). A KPI is defined as an expression that is used to provide information about management system performance. The following are some examples of KPIs:
Carefully consider the type of KPI you choose to use. Suppose your organisation establishes a target to reduce its non-hazardous waste by 40% and the KPI you choose is the total tonnage of waste produced each year (tonnes/year). If your organisation triples its production of units and reduces the amount of waste by 50% per product unit, the KPI (tonnes per year) does not show the reduction. In this case, the better KPI would have been the weight amount of waste per product unit (kg per unit). In many cases, measuring against the production units proves to be more accurate. The following is an example of an objective with a specific target and an environmental performance indicator:
Organisations need to establish and maintain one or more management improvement programmes for achieving their objectives. The management improvement programme is a key element to the success of the management system. Properly designed and implemented, management programmes should achieve the objectives and, consequently, improve your organisation’s performance. The management programme must:
If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us. Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses). The objective of Risk Treatment and Risk Mitigation is to identify how your identified risks will be treated. Risk treatment involves identifying the options for treating each risk, evaluating those options, assigning accountability (for Very High, High and Moderate residual risks) and taking relevant action. For each risk, the risk owner must establish an appropriate level of treatment. Control measures in addition to those already existing may be needed to achieve this level of mitigation. Accountable managers should engage with risk owners to develop a satisfactory response for each risk in order to:
The risk owner is responsible for the development of the response. When a response action is completed, the risk should be reassessed to reflect any newly introduced control measure. Monitoring Continuous systematic and formal monitoring of implementation of the risk and opportunity process and outputs take place against appropriate performance indicators to ensure process compliance and effectiveness. Monitoring takes a variety of forms that range from self-assessment, inspections and internal audits, to detailed reviews by independent external experts. Escalation On occasion, it may be appropriate to escalate a health and safety risk to ensure it is assessed and/or managed by the person or party best placed to do so (able and with appropriate authority). For example, where a more substantial or coordinated response is required than the current risk owner can authorise or implement will justify higher level assessment and/or management, as appropriate:
Managing opportunities Your organisation recognises an ‘opportunity’ as a set of circumstances which makes it possible to leverage positive factors and attributes, for example:
Opportunities may be identified as positive effects of risks, as in a risk forcing implementation of a risk reduction measure that is beneficial in a broader context than just reducing a particular risk. For example, health risks may require measures to improve working environment. These measures also create opportunities to attract and retain better qualified employees, improve morale and job satisfaction, and reduce turnover, and so the initial health risk creates positive opportunities to improve the overall job satisfaction. Check that any actions taken to address the risks and opportunities are recorded and ensure that the effectiveness of each action was effective at addressing the issue, and that the action taken was proportionate to the risk or opportunity. Consider the following as useful tools:
If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us. Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses). Understanding the risks and managing them appropriately will enhance your organisation’s ability to make better decisions, safeguard assets, and enhance your ability to provide products and services and to achieve your mission and goals. By considering risk throughout your organisation the likelihood of achieving stated objectives is improved, output is more consistent and customers can be confident that they will receive the expected product and/or service. Risk-based thinking therefore helps to:
I suggest that you use the familiar Plan-Do-Check-Act (PDCA) methodology to manage your organisation’s transition to risk-based thinking, also using an approach that ring-fences processes into ‘risk themes’ or groups such as:
Risk and opportunity assessment Assessment of the severity of a risk drives management attention and supports planning for risk mitigation. A qualitative risk assessment scheme consisting of qualitative probability and impact scales is undertaken to ensure consistency. Ensure that all accountable managers should engage with risk owners to:
Forecasting probability, cost and time data is about assessing each risk based on the causes and effects described, taking into account the existing controls and active responses. Probability or likelihood estimations should be established giving due consideration to the effectiveness of existing control measures. The consequence evaluation criteria is about assessing against potential financial loss, reputation impact, health and safety, legal and regulatory compliance and management time and effort. Risk assessments should be undertaken to provide an improved understanding of the risk profile and derive a more detailed understanding of certain cost and time risks. Forecast probability, cost and time data can be assessed for each risk based on the causes and effects described, considering the existing controls and active responses. Probability or likelihood estimations should be established giving due consideration to the effectiveness of existing control measures. The consequence evaluation criteria define the consequence criteria, assessed against potential financial loss, reputation impact, health and safety, legal and regulatory compliance and management time and effort. If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us. Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses). Risk identification should be carried out with the full involvement of the relevant parties to ensure the relevant perspectives and expertise should be represented (e.g. appropriately qualified representatives from various functions, contractors, stakeholders, suppliers and specialists as appropriate). Risk and opportunity identification is a critical activity at both a strategic and operational level. It needs to include all significant sources of risk, including those beyond our organisation’s control. If a risk, threat, or opportunity is not identified, there can be no strategy to address it. The objective of this step is not to create an onerous and lengthy list of all possible risks, but to identify all significant risks that could impact our organisation. Risks and opportunities are identified through the use of:
Plan the actions needed to address the risks and opportunities When deciding how to plan and control the management system, including its component processes and activities, your organisation needs to consider both the type and level of risk associated with them. Ensure that your organisation is taking a planned approach to addressing risks and realising opportunities, and that any actions taken have been recorded. Options to address risks and opportunities can include:
Formal business risk assessment can be performed by the organisation taking into consideration its context, associated risk and opportunities and mitigation plan. The use of the process approach by your organisation can identify sources of input, activities, output, end-user/customer, performance indicators to control and monitor processes, and the risks and opportunities associated with them, and action plans used to address them:
If you would like to look at how to implement an ISO 9001 quality management system, then simply contact us. Or, if you want to see what's involved in more detail, then get a completely free, no obligation, totally tailored ISO Gap Analysis for your business (only available to UK businesses). |
WelcomeHere you'll find the latest blog articles on all things compliance, particularly focussed on quality, environment, health & safety and information security. Get a completely free, no obligation, totally tailored ISO Gap Analysis for your business...
Categories
All
Archives
April 2024
|