Using an Integrated Management System Approach to Increase Resilience The World is Getting Riskier Traditional corporate strategies are no longer protecting us from unexpected events. The imperative to be resilient is high with the need to ensure the continuity of essential services in the face of all hazards. Attributes of organizational resilience need to be better understood and integrated into an organization s everyday life, philosophy and culture. 2013 ICOR ALL RIGHTS RESERVED 2 1
ISO 22316: Organizational Resilience Principles Cultural Attributes and Behaviors Evident in Resilient Organizations Attributes Systems The Implementation & Integration of Risk-based Management System Standards Systems 2013 ICOR ALL RIGHTS RESERVED 3 The Role of Management Systems in Increasing Resilience The implementation of management systems encourages risk management across the organization 2013 ICOR ALL RIGHTS RESERVED 4 2
The Value of Management Systems Management systems standards return a bottomline financial value larger than any investment or time incurred. Adopters of management system standards have higher rates of survival than non-adopters. Adopters of management system standards have higher sales than non-adopters. Small businesses achieve proportionally more benefits than larger organizations. Harvard Business School, 2008 2013 ICOR ALL RIGHTS RESERVED 5 The Value of Management Systems Management systems are those activities used to anticipate, prevent, and resolve known problems. Flexibility Discipline Consistency Harvard Business School, 2008 2013 ICOR ALL RIGHTS RESERVED 6 3
The Value of Management Systems Harvard Business School study of 1,000 ISO 9001 adopters showed the following: Sales increases of nearly 9% after certification Higher level of employee competence Total payroll in firms certified to management systems standards grew 17.7% Harvard Business School, 2008 2013 ICOR ALL RIGHTS RESERVED 7 The Value of Management Systems Management systems encourage and provide discipline across the entire organization Found dramatic improvements in the areas of quality and customer satisfaction Also significant reductions in employee injuries on the job Additional attention is paid to preventing problems with products and services also pay more attention to employee safety.. Harvard Business School, 2008 2013 ICOR ALL RIGHTS RESERVED 8 4
The Value of Management Systems Performance gains from ISO 14001 certification: Reduction in waste = 96.7% Increase in use of recycled materials = 93.3% Reduction of environmental incidents = 90% Improvement in emergency preparedness = 98.3% Reduction in permit violations = 84.6% Reduction of utility consumption = 91.9% Improved environmental performance of their product = 96.5% 2007 Wharton Risk Management & Decision Process Center 2013 ICOR ALL RIGHTS RESERVED 9 Lifecycle Process of Continual Improvement Policy Management Review Planning Checking & Corrective Action Implementation & Operation 2013 ICOR ALL RIGHTS RESERVED 10 5
Types of Management Systems ISO 9001: Quality ISO 14001: Environmental, Health & Safety OHSAS 18001: Occupational Health & Safety ISO 22301: Business Continuity ISO 20000: IT Service Management ISO 27001: Information Security ISO 28000: Supply Chain Security 2013 ICOR ALL RIGHTS RESERVED 11 Integration of Management Systems Different management systems can be integrated into a single, joint system The integration is expected to facilitate synergies in using supporting processes that may be common to them thus eliminating waste and increasing efficiency 2013 ICOR ALL RIGHTS RESERVED 12 6
Integration of Management Systems ISO 9001 e.g. QMS product-specific processes ISO 2000 2013 ICOR ALL RIGHTS RESERVED 13 Integration of Management Systems Eliminating Silos 2013 ICOR ALL RIGHTS RESERVED 14 7
ISO Guide 83: A System for MS Standards 1. Scope 2. Normative References 3. Terms & Definitions 4. Context of the Organization 5. Leadership 6. Planning 7. Support 8. Operation* 9. Performance evaluation 10. Improvement *contains bulk of the requirements 2013 ICOR ALL RIGHTS RESERVED 18 Understanding the Organization & its Context 2013 ICOR ALL RIGHTS RESERVED 16 8
Leadership Demonstrated Management Commitment Policy Roles, Responsibilities & Authorities Defined Management Shall Demonstrate Leadership 2013 ICOR ALL RIGHTS RESERVED 17 Planning: Managing Project Risk Just like other projects, the management system project needs to ensure that risks to the project itself are evaluated as well as risks of the management system itself to the organization The ISO 31000 framework can be used for this risk assessment 2013 ICOR ALL RIGHTS RESERVED 18 9
Support The organization needs to determine the resources it needs for the MS and ensure its availability Achieve policy & objectives Manage change Enable effective communication Demonstrate continual improvement 2013 ICOR ALL RIGHTS RESERVED 19 Operation ISO 28000: Supply Chain Security Social Accountability ISO 22301: Business Continuity Future Standards? 2013 ICOR ALL RIGHTS RESERVED 20 10
Performance Evaluation Internal and / or External Audit Self-Assessment Quality Assurance Performance Appraisal Supplier Performance 2013 ICOR ALL RIGHTS RESERVED 21 Improvement Conformities Non-Conformities 2013 ICOR ALL RIGHTS RESERVED.22 11
What are your resilience objectives? An organization accepts that adversity may cause it to cease operating Exist in a reduced form after adversity Regain pre-adversity position quickly and effectively Improve aspects of its functioning so that it not only survives but possibly gains from event 2013 ICOR ALL RIGHTS RESERVED 23 Management Systems & Resilience Which management system(s) can assist your organization in meeting its resilience objectives? 2013 ICOR ALL RIGHTS RESERVED 24 12
Integration and the Executive Team From the company s point of view, integrating those systems was the most logical thing to do, since it seemed absurd to them to decide not to do it, as the standards share quite a few elements. (Karapetrovic, S. and Casadesu M., 2009 2013 ICOR ALL RIGHTS RESERVED 25 Industry Perspectives there are no tariffs or barriers to overseas competition so we have to continually lift our game to compete. Robert Crow, Quality Manager, New Zealand Sugar Company the discipline and thought process that makes a QA system work for your properly is a process that must be inherent with in a business. Derek Pearson, General Manager, Pacific Door Systems Ltd 2013 ICOR ALL RIGHTS RESERVED 26 13
Toyota NZ Thames Vehicle Operations 2013 ICOR ALL RIGHTS RESERVED 27 Challenges for Resilience Practitioners There is surely nothing quite so useless as doing with great efficiency what should not be done at all. Peter F. Drucker 2013 ICOR ALL RIGHTS RESERVED 28 14
QMS Specifics ISMS Specifics Management System Core xms Specifics BCMS Specifics Potential Leverage Points from MS s and Caveats Management Commitment Documented Information Resources Monitoring and Measurement Internal Audit Management Review 15
Caveats on existing BCP s Individual Plans/Programs May not cover the entire enterprise May not account for dependencies May not align with one another May be obsolete Likely do not cover all Management System requirements Pitfalls from BCM Experts Management System Basics Backfilling BCM Components Understanding 3 rd Party Certification 16
Certification Considerations Scope Personnel Integrated Audit Abilities CB, Auditor, etc. Integrated Audit Time Value of Certification Organizational Buy-In Assembling a Team Creating a Roadmap Next Steps 17
For more information contact: Andrew Nichols NQA, Regional Sales Manager ANichols@nqa-usa.com www.nqa-usa.com Lynnda Nelson ICOR President Lynnda@theICOR.org www.theicor.org 2013 ICOR ALL RIGHTS RESERVED 35 18