Six Sigma

Six Sigma has received much attention worldwide as a management strategy that is said to have brought about huge improvements and financial gains for such big-name companies as Allied Signal, General Electric (GE) and Motorola.

If you want to give your business the chance to attain the same resounding success, Six Sigma could be the method that will steer you towards that direction.

What is Six Sigma?

So what really is it? Six Sigma is a business management tool that was developed using the most effective quality improvement techniques from the last six decades. Basing its approach on discipline, verifiable data, and statistical calculations, Six Sigma aims to identify the causes of defects and eliminate them, thereby resulting in near-perfect products that meet or exceed customer’s satisfaction.

The core concept behind the Six Sigma method is that if an organisation can quantify the number of “defects” there are in a particular process, improvement activities can be implemented to eliminate them, and get as close to a “zero defects” scenario as possible. Defect here is defined as any process output that fails to meet customer specifications.

Six Sigma is also unique from other programs in that it calls for the creation of a special infrastructure of people within the organisation (“Champions“, “Black Belts“, “Green Belts“) who are to be expert in the methods.

Six Sigma Methodologies

When implementing Six Sigma projects, two methodologies are often employed. Although each method uses five phases each, these two are distinguished from each other using 5-letter acronyms and their specific uses.

DMAIC ? is the project methodology used to improve processes and maximise productivity of current business practices. The 5 letters stand for:

  • D ? Define (the problem)
  • M ? Measure (the main factors of the existing process)
  • A ??Analyse?(the information gathered to deter mine the causes of defects)
  • I ? Improve (the current process based on the analysis)
  • C ? Control (all succeeding processes so as to minimise additional defects)

DMADV – is the method most suitable if your business is looking to create new products or designs. The acronym stands for:

  • D ? Define (product goals as the consumer market demands)
  • M ? Measure (and identify product capabilities and risks)
  • A ??Analyse?(to create the best possible design)
  • D ? Design (the product or process details)
  • V ? Verify (the design)

How does Six Sigma differ from other quality programs?

If you think that Six Sigma is just another one of those business strategies that produce more hype than actual results, think again. Six Sigma uses three key concepts that sets it apart from other business management methods.

  • It is strictly a data-driven approach, where assumptions and guesswork do not figure in the decision making.
  • It focuses on achieving quantifiable financial results ? the bottom line ($) ? as much as giving emphasis on customer satisfaction.
  • It requires strong management leadership, while at the same time creating a role for every individual in the organisation.

Is Six Sigma right for your business?

While many other organisations such as Sony, Nokia, American Express, Xerox, Boeing, Kodak, Sun Micro-systems and many other blue chip companies have followed suit in adopting Six Sigma, the truth is, any company — whether you have a large manufacturing corporation, or a small business specialising in customer service.

Certainly, there is a lot more to Six Sigma than what you can probably absorb in one sitting or reading.

With our wide range of business management consultancy services, we can help you understand the Six Sigma method in the context of your business. We can also help you establish your improvement goals, set up your program, and train your own team of “champions” who can lead in implementing your Six Sigma goals.

Find out more about our Quality Assurance services in the following pages:

Check our similar posts

How To Get Started with your IT Compliance Efforts for SOX

There’s no question about it. For many of you top executives in the corporate world, all roads leading to a brighter future have to go through SOX compliance. And because the business processes that contribute to financial reporting (the crux of the Sarbanes-Oxley Act) are now highly reliant on IT systems, it is important to focus a good part of your attention there.

It is a long and arduous path to IT compliance, so if you don’t want your company to fall by the wayside due to inefficient utilisation of resources, it is important to set out with a plan on hand. What we have here are some vital information that will guide you in putting together a sound plan for SOX compliance of your company?s IT systems.

Why focus on IT systems for SOX compliance?

We’ll get to that. But first, let’s take up the specific portions of the Sarbanes-Oxley Act that affect information technology. These portions can be found in Section 302 and Section 404 of the act.

In simplified form, Section 302 grants the SEC (Securities and Exchange Commission) authority to come up with rules requiring you, CEOs and CFOs, to certify in each annual or quarterly financial report the following:

  • that you have reviewed the report;
  • that based on your knowledge, the report does not contain anything or leave out anything that would render it misleading;
  • that based on your knowledge, all financial information in the report fairly represent the financial conditions of the company;
  • that you are responsible for establishing internal controls over financial reporting; and
  • that you have assessed the effectiveness of the internal controls.

Similarly, Section 404, stated in simplified form, allows the SEC to come up with rules requiring you, CEOs and CFOs, to add an internal control report to each annual financial report stating that you are responsible for establishing internal controls over financial reporting.

You are also required to assess the effectiveness of those controls and to have a public accounting firm to attest to your assessment based upon standards adopted by the Public Company Accounting Oversight Board (PCAOB).

While there is no mention of IT systems, IT systems now play a significant role in financial reporting. Practically all of the data you need for your financial reports are stored, retrieved and processed on IT systems, so you really have to include them in your SOX compliance initiatives and establish controls on them.

Now that that’s settled, your next question could very well be: How do you know what controls to install and whether those controls are already sufficient to achieve compliance?

Finding a suitable guide for IT compliance

The two bodies responsible for setting rules and standards dealing with SOX, SEC and PCAOB, point to a well-established control framework for guidance – COSO. This framework was drafted by the Committee of Sponsoring Organisations of the Treadway Commission (COSO) and is the most widely accepted control framework in the business world.

However, while COSO is a tested and proven framework, it is more suitable for general controls. What we recommend is a widely-used control framework that aligns well with COSO but also caters to the more technical features and issues that come with IT systems.

Taking into consideration those qualifiers, we recommend COBIT. COBIT features a well thought out collection of IT-related control objectives grouped into four domains: Plan and Organise (PO), Acquire and Implement (AI), Deliver and Support (DS), and Monitor and Evaluate (ME). The document also includes maturity models, performance goals and metrics, and activity goals.

A few examples of COBIt’s detailed control objectives are:

DS4.2 – IT Continuity Plans
DS4.9 – Offsite Backup Storage
DS5.4 – User Account Management
DS5.8 – Cryptographic Key Management
DS5.10 – Network Security
DS5.11 – Exchange of Sensitive Data

By those titles alone, you can see that the framework is specifically designed for IT. But the document is quite extensive and, chances are, you won’t need all of the items detailed there. Furthermore, don’t expect COBIT to specify a control solution controls for every control objective. For example, throughout the control objective DS4 (Ensure Continuous Service), you won’t find any mention of virtualisation, which is common in any modern business continuity solution.

Basically, COBIT will tell you what you need to attain in order to achieve effective governance, management and control, but you’ll have to pick the solution best suited to reach that level of attainment.

Articles highly relevant to the one you just read:

Month End Accounting The Way It Should Be Today
Spreadsheet Woes ? Burden in SOX Compliance and Other Regulations
Spreadsheet Woes ? Limited Features For Easy Adoption of a Control Framework
How Internal Auditors Can Win The War Against Spreadsheet Fraud

A Definitive List of the Business Benefits of Cloud Computing ? Part 3

Strengthens business continuity/disaster recovery capabilities

Today’s business landscape calls for companies to have reliable business continuity and disaster recovery capabilities. After all, when the system goes down, customers and even employees would rarely ask ‘why‘ or ‘what happened‘ but instead go directly to the ‘how soon can we get back up‘ part.

So unless they’ve been struck by the same unforeseen disaster your business is also experiencing, a couple of hours downtime is plenty enough for most of these people. What’s worse is when they simply don’t wait until they get access again and just go to other providers that can offer the same services. In short, your inability to provide continuous IT and business services could translate to lost opportunities which your competition would only be too willing to gain. And that’s not even counting the possibility of losing essential data and other potential negative impact that critical IT failure can bring about.

The answer to avoiding such a scenario is of course, having a sound business continuity and disaster recovery plan in place. But this is actually easier said than done.

Traditionally, setting up a business continuity plan entailed some tedious procedures in addition to very costly infrastructure. We’re talking here about acquiring and maintaining practically a replication of the hardware infrastructure and environments currently existing for business-critical systems and data. Note that these mirror systems should be set-up, housed, and maintained in a remote facility or location.

Making the deployment even more complex is the constant need to update the data in storage as well as keep software applications in sync between the system in use and the one on standby mode. This process would involve the physical transfer of data and syncing of applications, which is cumbersome and again, expensive.

While large enterprises would not even think twice about having to spend so much to ensure that operations would never come to a grinding halt, most small and mid-sized organisations would not have the required financial means for them to even start considering this option. Often, the bulk of their disaster recovery plan would simply consist of some tape backups, and a lot of hoping that they would never have to suffer from any outage or IT failure.

But all that can be changed with the arrival of cloud computing.

A cloud strategy offers an affordable solution for business continuity and disaster recovery for SMBs with limited resources and even big companies trying to minimise expenses by looking for alternative options.

A reliable service provider would already have the required infrastructure and software vital to a viable BC/DR plan and complete with the appropriate security measures. Organisations need not spend upfront for these facilities, but get to benefit from having updated data backup and a virtualised mirror system that would allow them to quickly get back up in the event of an outage or catastrophic disaster.

When looking to the cloud for a cost-effective BC/DR plan however, it’s worth keeping in mind that not all cloud providers are created equal. That’s why businesses also have many important factors to take into account before signing cloud contracts.

Yes, provision for continuity and and taking necessary precautions against outages are inherent in the cloud service itself, but you’d be surprised how many of these providers don’t actually take responsibility for service interruption. To give organisations some assurance of the cloud company’s capacity for continued service, contracts should stipulate availability guarantees and liability for downtime that the provider is willing to answer for.

Once these relevant issues are ironed out however, it’s easy for business to see how cloud-based data storage and computing can significantly lower the costs involved for SMB BC/DR while greatly improving efficiency, mobility, and collaboration capabilities.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
2015 ESOS Guidelines Chapter 3 to 5 ? The ESOS Assessment

ESOS operates in tandem with the ISO 50001 (Energy Management) system that encourages continual improvement in the efficient use of energy. Any UK enterprise qualifying for ESOS that has current ISO 50001 certification on the compliance date by an approved body (and that covers the entire UK corporate group) may present this as evidence of having completed its ESOS assessment. It does however still require board-level certification, following which it must notify the Environment Agency accordingly.

The Alternate ESOS Route

In the absence of an ISO 50001 energy management certificate addressing comprehensive energy use, a qualifying UK enterprise must:

  1. Measure Total Energy Consumption in either kWh or energy spend in pounds sterling, and across the entire operation including buildings, industrial processes and transport.
  2. Identify Areas of Significant Energy Consumption that account for at least 90% of the total. The balance falls into a de minimis group that is officially too trivial to merit consideration.
  1. Consider Available Routes to Compliance. These could include ISO 500001 part-certification, display energy certificates, green deal assessments, ESOS compliant energy audits, self-audits and independent assessments
  1. Do an Internal Review to make sure that you have covered every area of significant consumption. This is an important strategic step to avoid the possibility of failing to comply completely.
  1. Appoint an Approved Lead Assessor who may be internal or external to your enterprise, but must have ESOS approval. This person confirms you have met all ESOS requirements (unless you have no de minimis exceptions).
  1. Obtain Internal Certification by one of more board-level directors. They must certify they are satisfied with the veracity of the reports. They must also confirm that the enterprise is compliant with the scheme.
  1. Notify the Environment Agency of Compliance within the deadline using the online notification system as soon as the enterprise believes is fully compliant.
  1. Assemble your ESOS Evidential Pack and back it up in a safe place. Remember, it is your responsibility to provide proof of the above. Unearthing evidence a year later it not something to look forward to.

The ESOS assessment process is largely self-regulatory, although there are checks and balances in place including lead assessor and board-level certifications. As you work through what may seem to be a nuisance remember the primary objectives. These are saving money and reducing carbon emissions. Contact ecoVaro if we can assist in any way.

Ready to work with Denizon?

Contact Us Today