Quality Assurance

 

There is a truism that goes “The bitterness of poor quality is remembered long after the sweetness of low price has faded from memory”.

While every consumer can probably relate to this idea, business enterprises offering goods and services are the ones that should heed this the most.

Quality Management Systems

The concept of quality was first introduced in the 1800’s. Goods were then still mass-produced, created by the same set of people, with a few individuals assigned to do some “tweaking” on the product to bring it to acceptable levels. Their idea of quality at that time may not have been that well-defined, but it marked the beginnings of product quality and customer satisfaction as we know it now.

Since then, quality has developed into a very basic business principle that every organisation should strive to achieve. Yet while every business recognises the importance of offering product and service quality, it is not something that can be achieved overnight.

If you’ve been in any type of business long enough, you should know that there is no “quick-fix” to achieving quality. Instead, it is an evolving process that needs to be continually worked on. And this is where the importance of having a workable Quality Management System (QMS) in an organisation comes in.

Whatever Quality tools and processes you need to implement the change needed in your organisation, we can help you with it. We are ready to work in partnership with your team to develop strategic systems which will produce significant performance improvements geared towards the achievement of quality.

What is a Quality Management System?

A Quality Management System is defined as the set of inter-related objectives, processes, and operating procedures that organisations use as a guide to help them implement quality policies and attain quality objectives.

Needless to say, the ultimate goal of every quality management system is to establish quality as a core value of the company among all employees, and across all products and services. Why? Because quality services make for happy customers, and satisfied customers ensure continued business for the company.

A Quality Management System does not stop with simply having a set of guidelines that the leaders of a company can easily have their organisation members accept and adhere to. Rather, effective QMS can be implemented when management provides a culture of pride and patience, which will inspire acceptance of individual and group responsibility.

In this manner, not only the heads of the organisation but the employees as well, will develop the desire to achieve company goals that will benefit:

  • All contributing teams;
  • The customers; and
  • The company as a whole.

Find out more about our Quality Assurance services in the following pages:

Check our similar posts

Technology and process improvement

Tightening organisational flow to improve productivity and minimise costs is a growing concern for many businesses post the Global Financial Crisis. Businesses can no longer afford to waste time and personnel on inefficient processes. Organisations using either Six Sigma or Lean techniques better manage their existing resources to maximise product out-put. Both of these techniques involve considerable evaluation of current processes.

What is Six Sigma?

Six Sigma is an organisational management strategy that evaluates processes for variation. In the Six Sigma model, variation equates waste. Eliminating variation for customer fulfilment allows a business to better serve the end-user. In this thought model, the only way to streamline processes is to use statistical data. Each part of a process must be carefully recorded and analysed for variation and potential improvements. The heart of the strategy embodied by Six Sigma is mathematical. Every process is subject to mathematical analysis and this allows for the most effective problem solving.

What is a Lean Model?

Lean businesses do not rely on mathematical models for improvement. Instead, the focus is on reducing steps in the customer delivery cycle, which do not add value to the final deliverable. For example, maintaining excess inventory or dealing with shortages would both be examples of waste behaviour. Businesses that operate using Lean strategies have strong cash flow cycles. One of the best and most famous examples of Lean in action is the Toyota Production System (TPS). In this system, not only is inventory minimised, but physical movement for employees also remains sharply controlled. Employees are able to reach everything needed to accomplish their tasks, without leaving the immediate area. By reducing the amount of movement needed to work, companies also remove wasted employee time.

Industry Applications for Lean and Six Sigma

Lean businesses reduce the number of steps between order and delivery. The less inventory on hand, the less it costs a business to operate. In industries where it is possible to create to order, Lean thinking offers significant advantages. Lean is best utilised in mature businesses. New companies, operating on a youthful model, may not be able to identify wasteful processes. Six Sigma has shown its value across industries through several evolution’s. Its focus on quality of process makes it a good choice for even brand new businesses. The best use is the combination of the two strategies. With the Lean focus on speed and the Six Sigma focus on quality combined, the two organisational processes create synergy. By itself, Lean does not help create stable, repeating success. Six Sigma does not help increase speed and reduce non value-added behaviours. Combined, these two strategies offer incredible value to every business in cost savings.

Using Technology to Implement Lean Six Sigma

Automation processes represent an opportunity for businesses to implement a combination of both Lean and Six Sigma strategies. Any technology that replaces the need for direct human oversight reduces costs and increases productivity. A few examples of potentially cost saving IT solutions include document scanning, the Internet, and automated workflow systems.

  • Document Scanning – Reducing dependency on paper copies follows both Lean and Six Sigma strategies. It is a Lean addition in that it allows employees to access documents instantly from any physical location. It is Six Sigma compliant in that it allows a reduction on process variation, since there is no bottleneck on the flow of information.
  • The Internet – The automation potential offered by the Internet is limitless. Now, businesses can enter orders, manage logistics and perform customer service activities from anywhere, through a hosted portal. With instant access to corporate processes from anywhere, businesses can manage workflow globally, allowing them to realise cost savings from decentralisation.
  • Automated Work Systems – One of the identified areas of waste in any business is processing time. The faster orders are processed and delivered, the greater the profits for the company and the less the expense per order. When orders sit waiting for attention, they represent lost productivity and waste. Automated work systems monitor workflow and alert users when an item sits longer than normal. These systems can also reroute work to an available employee when the original worker is tied up.

Each of these IT solutions provides a method for businesses to either reduce the number of steps in a process or improve the quality of the process for improved customer service.

Identifying Areas for Lean Six Sigma Implementation

Knowing that improved processes result in improved profits, identifying areas for improvement is the next step. There are several techniques for creating tighter processes with less waste and higher quality. Value Stream Mapping helps business owners and managers identify areas of waste by providing a visual representation of the total process stream. Instead of improving single areas for minimal increases in productivity, VSM shows the entire business structure and flow, allowing management to target each area of slow down for maximum improvement in all areas.

Seeing the areas of waste helps management better determine how processes should work to best obtain the desired outcomes. Adding in automated processes helps with improved process management, when put in place with a complete understanding of current systems and their weaknesses. Start with mapping and gain a bird’s-eye view of the situation, in order to make the changes needed for improvement.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
IT Risk and Control Solutions Specialists – Why you need them more than ever

Over the years, the capabilities of IT systems have certainly grown by leaps and bounds. But so have the risks that accompany them. Countless threats to IT systems now exist that are capable of seriously disrupting business operations. That’s why companies have to conduct assessments aimed at making sure their systems are still capable of functioning effectively, efficiently, and securely all the time.

If you think you’ve been lucky enough to be spared from these threats, then maybe it’s because you haven’t conducted a risk assessment on your IT system recently. All too often, we hear of CIOs who believed their IT system was in tip-top condition, only to be later caught off-guard by a critical system breakdown that would eventually cripple their business for days or weeks.

More information assets to look after

If, before, you only had to worry about regular office applications, workstations, a LAN and a server, today’s varied and more sophisticated information assets are more challenging to maintain.

In addition to network operating systems, database management systems, content management systems, email systems, virtualization platforms, document management systems, business intelligence applications, and accounting software, a typical enterprise may also have to look after firewalls, intrusion detection systems, storage and backup systems, and data loss prevention systems, to mention a few.

These understandably require the services of experts spanning a wide range of skill sets.

Rising threats to corporate identity and privacy

Individuals are no longer just the ones being preyed upon by identity thieves. Businesses can now be subject to corporate identity theft as well. You could wake up one day finding your business already accused of carrying out illegal activities, a big chunk of your money gone, and your directors? seats already occupied by complete strangers.

To make things worse, corporate threats aren’t just coming from the outside.

Threats to corporate privacy, for instance, can come from within the organisation itself. Sensitive information like trade secrets and financial data are often leaked out (purposely or inadvertently) by employees. This is largely caused by the ever growing number of options for communications and transferring data (e.g. emails, instant messaging, blogs, social networking sites, ftp, P2P, etc.).

Greater challenges in designing, developing, and implementing policies and programs

Laws and regulations like SOX and Solvency II, which have direct impacts on IT, are on the rise. That is why corporate policies and programs now require sweeping changes. You now have to be more deliberate in integrating IT when establishing governance, internal controls, change management, incident management, and performance management.

A solid understanding on widely accepted frameworks and good practices like COBIT, COSO, and CMMI will help you considerably in such undertakings. Using these frameworks as guidelines will not only help you keep your policies and programs attuned to the times, they will also keep you in compliance with regulations.

Increasing demand for disaster recovery and business continuity capabilities

Every time you have a down time, you increase the probability of losing your customers to competitors. The longer the down time, the greater that probability becomes. Therefore, when a major disruption strikes, you should be able to recover at the soonest. If possible, you should be able to deliver products and services as usual.

This of course requires spending to increase your disaster recovery (DR) and business continuity (BC) capabilities. Are you ready for it? Migrating your IT infrastructure from traditional systems to the latest technologies that are better equipped for BC/DR requires careful planning and implementation to ensure an optimal return on investment.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
How to Reduce Costs when Complying with SOX 404

Section 404 contains the most onerous and most costly requirements you’ll ever encounter in the Sarbanes-Oxley Act (SOX). In this article, we?ll take a closer look at the salient points of this contentious piece of legislation as it relates to IT. We?ll also explain why companies are encountering difficulties in complying with it.

Then as soon as we’ve tackled the main issues of this section and identify the pitfalls of compliance, we can then proceed with a discussion of what successful CIOs have done to eliminate those difficulties and consequently bring down their organisation’s IT compliance costs. From this post, you can glean insights that can help you plan a cost-effective way of achieving IT compliance with SOX.

SOX 404 in a nutshell

Section 404 of the Sarbanes-Oxley Act, entitled Management Assessment of Internal Controls, requires public companies covered by the Act to submit an annual report featuring an assessment of their company?s internal controls.

This ?internal control report? should state management’s responsibility in establishing/maintaining an adequate structure and a set of procedures for internal control over your company?s financial reporting processes. It should also contain an assessment of the effectiveness of those controls as of the end of your most recent fiscal year.

Because SOX also requires the public accounting firm that conducts your audit reports to attest to and report on your assessments, you can’t just make baseless claims regarding the effectiveness of your internal controls. As a matter of fact, you are mandated by both SEC and PCAOB to follow widely accepted control frameworks like COSO and COBIT. This framework will serve as a uniform guide for the internal controls you set up, the assessments you arrive at, and the attestation your external auditor reports on.

Why compliance of Section 404 is costly

Regardless which of the widely acceptable control frameworks you end up using, you will always be asked to document and test your controls. These activities can consume a considerable amount of man-hours and bring about additional expenses. Even the mere act of studying the control framework and figuring out how to align your current practices with it can be very tricky and can consume precious time; time that can be used for more productive endeavours.

Of course, there are exceptions. An organisation with highly centralised operations can experience relative ease and low costs while implementing SOX 404. But if your organisation follows a largely decentralised operation model, e.g. if you still make extensive use of spreadsheets in all your offices, then you’ll surely encounter many obstacles.

According to one survey conducted by FEI (Financial Executives International), an organisation that carried out a series of SOX-compliance-related surveys since the first year of SOX adoption, respondents with centralised operations enjoyed lower costs of compliance compared to those with decentralised operations. For example, in 2007, those with decentralised operations spent 30.1 % more for compliance than those with centralised operations.

The main reason for this disparity lies in the disorganised and complicated nature of spreadsheet systems.

Read why spreadsheets post a burden when complying with SOX and other regulations.

Unfortunately, a large number of companies still rely heavily on spreadsheets. Even those with expensive BI (Business Intelligence) systems still use spreadsheets as an ad-hoc tool for data processing and reporting.

Because compliance with Section 404 involves a significant amount of fixed costs, smaller companies tend to feel the impact more. This has been highlighted in the ?Final Report of the Advisory Committee on Smaller Public Companies? published on April 23, 2006. In that report, which can be downloaded from the official website of the US Securities and Exchange Commission, it was shown that:

  • Companies with over $5 Billion revenues spent only about 0.06% of revenues on Section 404 implementation
  • Companies with revenues between $1B – $4.9B spent about 0.16%
  • Companies with revenues between $500M – $999M spent about 0.27%
  • Companies with revenues between $100M – $499M spent about 0.53%
  • Companies with revenues less than $100M spent a whopping 2.55% on Section 404

Therefore, not only can you discern a relationship between the size of a company and the amount that the company ends up spending for SOX 404 relative to its revenues, but you can also clearly see that the unfavourable impact of Section 404 spending is considerably more pronounced in the smallest companies. Hence, the smaller the company is, the more crucial it is for that company to find ways that can bring down the costs of Section 404 implementation.

How to alleviate costs of section 404

If you recall the FEI survey mentioned earlier, it was shown that organisations with decentralised operations usually ended up spending more for SOX 404 implementation than those that had a more centralized model. Then in the ?Final Report of the Advisory Committee on Smaller Public Companies?, it was also shown that public companies with the smallest revenues suffered a similar fate.

Can we draw a line connecting those two? Does it simply mean that large spending on SOX affects two sets of companies, i.e., those that have decentralised operations and those that are small? Or can there be an even deeper implication? Might it not be possible that these two sets are actually one and the same?

From our experience, small companies are less inclined to spend on server based solutions compared to the big ones. As a result, it is within this group of small companies where you can find a proliferation of spreadsheet systems. In other words, small companies are more likely to follow a decentralised model. Spreadsheets were not designed to implement strict control features, so if you want to apply a control framework on a spreadsheet-based system, it won’t be easy.

For example, how are you going to conduct testing on every single spreadsheet cell that plays a role in financial reporting when the spreadsheets involved in the financial reporting process are distributed across different workstations in different offices in an organisation with a countrywide operation?

It’s really not a trivial problem.

Based on the FEI survey however, the big companies have already found a solution – employing a server-based system.

Typical server based systems, which of course espouse a centralised model, already come with built-in controls. If you need to modify or add more controls, then you can do so with relative ease because practically everything you need to do can be carried out in just one place.

For instance, if you need to implement high availability or perform backups, you can easily apply redundancy in a cost-effective way – e.g. through virtualisation – if you already have a server-based system. Aside from cost-savings in SOX 404 implementation, server-based systems also offer a host of other benefits. Click that link to learn more.

Not sure how to get started on a cost-effective IT compliance initiative for SOX? You might want to read our post How To Get Started With Your IT Compliance Efforts for SOX.?

Ready to work with Denizon?

Contact Us Today