Add to collection(s) Add to saved
  1. Business
  2. Management
Uploaded by scott.lane

Whitepaper-Using ISO 19600 as a Framework for Modern Day Slavery Compliance

advertisement 
Using ISO 19600 as
A FRAMEWORK
FOR MODERN
DAY SLAVERY
COMPLIANCE
The Red Flag Group is a global provider of products and
solutions to organisations to build compliance programs
and maximise their own integrity for the benefit of their
stakeholders. The Red Flag Group was founded by an
Australian lawyer that has decades of experience in
building integrity and compliance programs. The Firm is
a provider to over 1000 global companies World-wide as
part of their integrity and compliance programs.
www.redflaggroup.com
USING ISO 19600 AS A
FRAMEWORK FOR MODERN
DAY SLAVERY COMPLIANCE
Content
Executive Summary
4
Selecting a Framework for an effective MDS Program
5
Overview of the ISO 19600 Compliance Management
Guidelines
6
Setting the context of the MDS Program (Article 4 of
the ISO 19600 Framework)
7
Getting Leadership on-board and engaged (Article 5 of
the ISO 19600 Framework)
9
Plan the MDS Program (Article 6 of the ISO 19600
Framework)
11
Get Committed support for the MDS Program (Article 7)
12
Operating your planned MDS Program (Article 8)
14
Checking the performance of your MDS Program
(Article 9)
17
Improving your MDS Program (Article 10)
19
01
Executive Summary
The Red Flag Group (RFG) is an independent
corporate governance and compliance firm with a
distinct focus managing risks for global companies
by using established ISO frameworks. The Firm has
over 300 staff spread across 12 countries and was
founded in 2006.
The Firm is a mix of ex in-house counsel,
compliance officers, accountants, and trainers,
each with significant experience working for
large multinational organizations. Our focus areas
are around reputational risks, anti-corruption,
corporate integrity and modern day slavery.
The Firm was founded on three key values:
Innovation, Integrity & Quality. These three
values underpin our commitment to customers and
our commitment to each other.
Our solutions regarding Modern Day Slavery
Practices (MDS) is comprised of three core
practice areas:
• Advisory & Consulting services focused on
assisting clients to align their MDS initiatives with
a recognised framework with best practices (ISO
19600 Compliance Programs)
4
• Industry-leading standard-scope Due Diligence
reports on a proposed supplier to a full review
and audit of that organization’s MDS initiatives
• Technology and managed services to support
the operation of some of the functions of
an MDS Program and its related compliance
functions
Provided below is an outline of the proposed
frameworks for building an effective Modern
Day Slavery Program (MDS Program) using the
ISO 19600 Compliance Management System
Guidelines framework (The 19600 Framework).
This is not intended to be a deep overview of the
laws or mechanisms to manage MDS risks but how
to apply a framework to managing those risks as
part of a broader compliance program.
02
Selecting a Framework for an
effective MDS Program
Nearly every country in the world prohibits slavery
in all its forms, yet few too many companies have
a robust and complete MDS Program that ensures
compliance with the relevant and emerging
laws, customer, investor and increasingly societal
expectations.
At a high level, having a successful MDS Program
is about ensuring that the risks to the organization
of engaging, supporting or funding for slavery
are managed effectively. In our view, this is best
achieved by following a recognized compliance
framework that will ensure that each step of
the MDS Program is robust and can be executed
flawlessly.
An MDS Program should be built using ISO
19600:2014 Compliance Management Systems
Guidelines.1 This is by far the most simplest, yet
robust mechanism to follow to ensure complaince
with whatever risk areas is the subject of the
program. The guidelines can be applied to any risk
area where compliance is necessary.
Building an MDS Program is not subscribing to a
database of highly rated ‘green’ companies nor
conducting simple checks on suppliers (largely
based on self-certification paper shuffling). Rather,
it is a wholistic approach of establishing a MDS
Program using a recognized framework of which
some technology or database solutions might be a
part but not the whole of the MDS Program.2
How RFG can help?
2
Our Firm can help establish the MDS Program based on
the fundamental aspects of ISO 19600. Our Advisors can
work with you to look at each of the steps involved in
the 19600 Framework and determine whether they have
been addressed adequately and implemented effectively.
An overview of the 19600 Framework is best
described in verbatim by the Introduction:
“Compliance is an outcome of an organisation
meeting its obligations and is made sustainable by
embedding it into the culture in the organisation
and in the behavior and attitude of people working
for it. While maintaining its independence, it is
preferable if compliance management is integrated
with the organization’s financial, risk, quality,
environmental and health & safety management
processes and its operational requirements and
procedures”.
FOOTNOTE
1
ISO 19600 is currently a non-certifiable set of guidelines; however, a certifiable ISO Standard will be released in 2021 and programs developed
under the 19600 Framework will be able to be certified by an ISO accredited body.
5
03
Overview of the ISO 19600
Compliance Management Guidelines
The ISO 19600 Compliance Management Guidelines, known here as the ISO 19600 Framework sets out
a series of steps to build the MDS Program with the required executive commitment that will make it a
success. These steps are the foundation of any compliance program and work well in establishing the
fundamentals of any successful MDS program.
Improvement
of the MDS
Program
Setting the
Context of the
MDS Program
Engaging
Leadership in the
MDS Program
Evaluating the
effectivenmess
of the MDS
program
Implementation
and Operating
the MDS
Program
We will now move through each of these 7
steps to explain how they work specifically for
an MDS Program.3 As stated above, the ISO
19600 Framework can, and should, be applied to
the management of other risk areas in addition
to MDS. That way, you apply a consistent
methodology to building a compliance framework
across your organisation.
6
Planning the
MDS Program
Building
Support for the
launch of the
MDS Program
How RFG can help?
3
Our Team can help gain the executive commitment for
the MDS Program and gain commitment to using the
ISO 19600 Frameworks. The 19600 frameworks were
strongly based on an Australian Standard known as
AS3806 and has a long pedigree in the region. The ISO
framework has made it more recognized, developed it
further and Internationalized it to be globally relevant.
Setting the Context of the MDS
Program (Article 4 of the ISO 19600 Framework)
04
Before launching into the planning or operations aspect of the MDS Program, the ISO 19600 Framework
has in Article 4 a series of areas that allow you to document the scope, depth and ownership of the MDS
Program. The areas below are self-explanatory, although we will comment on a few areas to give more
guidance to those new to ISO Guidelines and Standards.
Background
People
Are there any internal factors that
might affect the success of the
MDS Program
What are the people needs for the
Program
Who are the key Stakeholders and
what are their Expectations?
Any external Factors that will
affect the success of the MDS
Program
What functional support is needed?
What external resources are
needed?
Are there any social, economic and
cultural factors that will affect the
success of the MDS Program
Scope
What are the Roles &
Responsibilities of all participants
Obligations
Is the MDS Program limited in
scope?
What MDS Obligations are we
complying with?
Any geographical limitations?
How do we keep track of those
obliagtions? Prioritise and risk assess
those obligations
Anything that is outside the scope
of the MDS Program?
Prioritise and risk assess those
obligations
Governance
Risks
Is the MDS Program endorsed by
the Board?
Where is MDS a risk in the
organisation?
Are the Objectives agreed and
documented?
Analysis: Causes, sources and
Severity of MDS risks
Reporting Mechanisms Obligations
agreed?
Evaluation: Risk Tolerance and
Prioritisation of the MDS risks
7
The People element is important to establish,
especially the budgets and the ownership of
the people involved in the MDS Program. Too
many times, there are directions from a Board or
management to ‘sort out MDS’ but there is no
structure to the scope, the resources required, the
budgets and the ownership of the MDS Program.
The people element is often left silent, hoping
that existing resources with little or no increase
in funding can build and maintain a program or
that a piece of technology will ‘sort out MDS’. It
is important to clearly scope out the MDS program
and establish clear resourcing.4
Scope is important to establish and lock down.
Are the MDS initiatives contributing to the
MDS Program going to be across the entire
organization? Some of it, certain groups, regions?
Is it phased in at all? Are there any areas simply
out of scope?5
Obligations are focused on working out what MDS
laws, regulations, rules, best practices, industry
codes etc. apply to you and what are you actually
trying to comply against. In some cases, there will
be clear laws and in others there will not be. It is
important to decide here what precisely are you
are complying against. In most cases, the Board or
body that is requiring ‘compliance’ has not really
thought through what that means and hasn’t
given you much guidance. It is essential that you
work out a list of obligations that apply to the
business and to harmonise them to establish some
common elements if they differ across regions. In
some cases, you will meet the obligations precisely
and in many you will go over and above them with
more cautious compliance, greater transparency
and reporting and perhaps high standards and
expectations on your suppliers and other key
business partners.6
Risks are easy said and very complex to do. This
requires a deep review of the organisation and its
supply chains to assess how you engage suppliers,
of what types, in what countries and with what
MDS risks. It often involves a risk analysis system
8
of interviews, business assessments, discussions,
focus groups, historical analysis and on the
ground experience. There is no magic system or
technology that can do all this – it is good oldfashioned assessment and deep analysis. The
aim is to get to the smallest number of real risks
that you have identified where MDS issues can
touch your business (including your supply chain).7
Making a list of places where MDS risks might
lie in your organization is only half the process.
You then need to prioritise, rate, classify and
determine the likelihood of the risk arising and
the costs associated with them. In our view, you
should focus on 5 key areas where MDS risks will
arise. These should be tight and focused, not
general words like ‘supply chain’. You are better
off focusing on specific risks like “buying white
fish from a Thailand based supplier’ where you can
then build controls around that activity. In short,
the more targeted you are – the better off your
MDS program will be.
How RFG can help?
4
Our Firm can support in the scoping, budgets, resources
and building a fiscal plan for the MDS program.
5
This area is especially important when the guidelines are
converted to a certifiable standard as the ISO system
allows parts or all of a business to gain certification. A
piecemeal approach is totally fine and a good way to
build up the disciplines required in an MDS Program.
6
RFG is able to support an Obligations Review to establish
relevant applicable laws (working alongside your law
firm or legal department) in each market in which you
operate to establish the relevant laws and obligations. In
many areas, the laws will not exist, and you will need to
establish best practices through codes, informal industry
standards and peer reviews.
7
RFG can help with a MDS risk assessment based on the
scope of your MDS Program (i.e. global, local, regions,
business unit focused). We do this in several ways
including surveys, discussion groups, risk roundtables,
business reviews, and supplier analysis.
05
Getting Leadership on-board and
engaged (Article 5 of the ISO 19600 Framework)
When a MDS Program fails, it almost always
comes back to the fact that leadership,
management and the employee base were
either not on board at the outset. They never
‘bought in’ to the initiative or that the roles
and responsibilities of the Program were
poorly laid out. In many cases, people say
that they are ‘bought in’ but when forced to
make a commitment in terms of money or
resources, they start to falter and the doubt
creeps in and the program collapses. In most
cases, it collapses because a clear budget was
not set and the ‘buy in’ was misaligned with
expectations.8
How RFG can help?
8
RFG can help get people aligned by setting out
clear roles and responsibilities, presenting realistic
case scenarios and giving real life examples of how
programs can work and be successful. Our focus
is alignment and to make sure that the business
goals and the MDS goals are aligned and that
there are consequences to the business if the MDS
Program is weak or identifies issues. Having clear
goals, accountability and defined responsibility for
success is essential in making the MDS Program
add value and also meet compliance requirements
and obligations. Having clear non-compliance
consequences and making this effective through
bonus, reversals and other initiatives also helps to
drive acceptance and focus.
Leadership Commitment
to MDS
Program consistent to core values
Policy and Procedures, resources
are effective
Communication across the
organisation
Engage management for support
Alignment with business targets
Accountability for compliance and
reporting of non-compliance
Meeting targets and continue
improvement
The MDS Policy
Drafting effective policies
Integration of policy into business
process
Responsibility and accountability
for policy
Consequences for non-compliance
MDS Roles & Responsibilities
Defining the roles of Governing
Body
Defining the roles of Compliance
Defining the roles of Management
Defining the roles of Employees
9
In a MDS Program, our experience shows that
the major failing is around developing high
standards in policy documents, but the policy is not
integrated into the business effectively. Often this
is because the roles and responsibilities have not
been accurately set. For example, when changing
a procurement process to conduct pre-selection
MDS due diligence, there is a lack of clarity on the
roles of procurement, compliance, management,
and leadership when an issue arises. Who makes
the call? When do you walk away from a supplier
that has ‘some risk’ but nothing proven? What
happens if walking away costs significantly more to
the business to find an alternative supplier? Who
is going to pay for the reviews, the audits, the due
diligence and the ongoing monitoring mechanisms
when in the vast majority of cases, nothing ever
gets found or highlighted?9
In most cases, the MDS program takes a too high
approach at risk – and hasn’t drilled down to
specific risk areas effectively. The actions, objectives
and goals are then built for such a high-level set
of risks and either ‘everything is caught’ in the
MDS Program or nothing is caught. It is important
when dealing with MDS to be very clear on how
MDS will affect your organization and that requires
a very in-depth analysis of your business and your
supply chain.
10
How RFG can help?
9
We often run workshops around scenarios to develop
case studies and gain the ‘buy-in needed’ for the
Program. Embedding these into the ethics, integrity
and ethos of the business, into the code of conduct,
posters, all helps to gain that acceptance. We can assist
in building both an internal and external communication
program to identify the key messaging that shows the
commitment to the removal of MDS in business and
your industry. We encourage people to take a leadership
position.
06
Plan the MDS Program
(Article 6 of the ISO 19600 Framework)
Now that you know all the MDS risks and the
likelihood of them happening and the effect on
the business if one happens, you can now work
out how to manage those risks. What specific
actions will the business take and how will they
be managed. How will you know that those
actions have been done and how will you monitor
their effectiveness? What are the goals of the
MDS Program and initiatives, how will they be
measured and how do you define success? It is
too simplistic to say a goal is ‘to never find an
occurrence of MDS’ because there will be other
intermediate goals around launch, operation,
support, budgets, effectiveness, timing and
measurements that can be implemented to see
how the MDS Program is working.10
How RFG can help?
10
We can help set SMART goals and to put in place
measuring tools. If it can’t be measured, then it is not
effective. These programs rely on evidence. Evidence
that something has been done, evidence that an
obligation has been completed, evidence that a goal
has been reached, evidence that an action has been
taken. We can help you build an evidence-based set of
objectives, goals and actions that enable you to prove
the effectiveness of the MDS Program.
Actions to Manage Risk
Design actions to ensure no MDS
issues and full compliance with
obligations
Prevent, detect and reduce MDS
occurences
Objectives and Goals
Develop S.M.A.R.T goals for the
MDS Program
Measure and Monitor the Program
objectives
Remember, this is the Planning phase, you have
not yet started to ‘operate’ the MDS Program
yet. This phase is working out the key actions
that need to be done to manage the risks
identified and failing to meet an obligation.
11
07
Get Committed support for the
MDS Program (Article 7)
Article 7 says that before you go and start implementing and ‘running the MDS Program initiatives’,
you must ensure that you have the right support to make those things happen. You will need people,
they need to be trained & certified, you will need some awareness and communication across the
organization.
Awareness
Resources
Appropriate resources for the MDS
Program
Increasing awareness
Behavioural change in dealing
with MDS
Engagement of Management to
drive focus
Communication
Internal communications
Developing a culture around MDS
Documentation
External communications
Competence and Training
Clear Documentation of the
Program
Establish competence levels of the
Resources
Updating Cycle for the Program
Education & Training
Document Controls
Testing Effectiveness of training
Getting the support infrastructure in place to operate
the MDS Program is important and should not be
underestimated. The Awareness, Communication and
Training (ACT) is essential to make sure that everyone
knows what is happening, and, importantly, knows ‘why’ it
is happening. It is likely that there will be some resistance to
the new process, inherent delays in existing processes due
to the new requirements and to gain the necessary buy-in,
ACT is very important.
In most cases, the MDS Program will need a comprehensive
internal, and, potentially, external marketing program. This
needs to be combine with a training program.11
12
How RFG can help?
11
We are able to provide various assistance
in providing the ACT initiatives of the
MDS program including a communication
strategy, material, announcements,
training, e-learning, messaging, and
other support to make the MDS Program
effective.
As part of the ACT initiatives you might prepare a communications strategy similar to this
model.
Some possible communication channels and approaches are:
You might choose to build some eLearning:
Changing behaviors is a challenge in implementing any
new initiatives for MDS Programs. The behavioral elements
need to be considered and focused on to drive the changes
necessary. We recommend looking at the ways to drive
adoption and buy-in through incentives and disincentives.
How RFG can help?
12
We are able to help look at various ways
to build incentives around the MDS
Program and make the initiatives ‘stick’.
The successful implementation of the controls will be
impacted if the underlying behavior or previous modus
operandi are not addressed across the Company. Looking
at each stakeholder group and understanding what
behavior is being attributed to them and looking at the
ultimate motivators that can redirect that behavior.12
13
08
Operating your planned MDS
Program (Article 8)
Now that you have worked out the basics of
your program, including the obligations and
risks (Article 4), you have leadership & employee
support (Article 5), you have set out the actions,
objectives and goals in place (Article 6), and you
have all the support needed (article 7), you can
now start to put in place the MDS Program and
‘turn the key’. Article 8 is all about operating the
MDS Program.
One of the most important elements here is that
everything you do and every control that you put
in place has to be able to be measured and proved.
The old saying ‘if it can’t be measured, then we
shouldn’t be doing it’ is very appropriate here. It is
essential that the controls that are put in place can
be accurately measured.
The controls that you determined in Article 6
to limit the risks from occurring (those risks you
identified in Article 4) are out in place here. These
controls could be a mixture of:
You should have already determined what controls
will work for your organization based on the risks
(Article 4), the Support you have (Article 7) and
the resources you have from leadership (Article 5).
These controls will depend on the risks and what
you are trying to achieve.
Typical controls in the MDS might be around
checking suppliers, obtaining self-certifications,
conducting due diligence and interviews, doing site
visits on suppliers or conducting detailed audits.
Again, all or some of these may be right for your
organization depending on your risk and how you
wish to manage those risks. Some organisations
might think their risk is small and simply rely on
self-certification from suppliers (with or without
some form of validation) and others might not and
seek more detailed public records due diligence or
on-site audits.13
How RFG can help?
• Financial controls
• Process and procedure controls
• Gates and approvals
• Policy based controls
14
13
Our Firm provides public records due diligence on
companies and people across 180 countries and
provide due diligence reports on MDS and other
risks. Our reports are research based and can include
interviews of the subject company and a review of
their MDS initiatives. Our due diligence services are
not reliant on self-certification models, although our
technology solutions can support collecting information
from the subject companies in the form of profiles and
questionnaires.
Planning & Controls
Drafting procedures to effect
controls
Ongoing monitoring of
procedures
Assessment and reporting of
effectiveness
Escalations for non-compliance
risk ratings. The technology is much dependent
on what you are after, what you are trying to
automate and the budgets and needs of your
MDS Program.14
For an effective MDS Program, another essential
element is the existence of a clear MDS Policy.
In the past, these policies were typically drafted
by external lawyers and consisted basically of a
summary of the relevant law with an overview of
the exceptions to the law.
Nowadays, policies tend to be:
Controls and Procedures
• Shorter
Policies & procedures
• Written in plain English
Exception procedures
• Focused less on the law and more on the
company’s guidelines and direction regarding
certain relevant risk areas
Approval mechanisms
IT system integrations
Financial Controls
Outsourced processes
Ensure third parties meet
compliance standards
As you can see from the above, the controls are
one thing. Being able to test them, review them,
measure them and report out on them is another.
Compliance with ISO 19600 requires proof that
the control and mechanisms put in place can be
measured and reported out. In short, you need to
know that the controls are working, and you need
to actively check them to verify this in the form of
internal or external independent audits.
Some of the controls that you put in place are
likely to use technology in some form. This
might be as simple as approvals built in email or
SharePoint or it might be sophisticated software
that can plug into your procurement or ERP to
screen suppliers, conduct due diligence or conduct
MDS policies range in the details they cover.
Some are lengthy documents that encompass
every potential issue related to human resources,
while others are shorter and point outside to
specific external guidelines for support, resources
and training requirements.
The use of suppliers, agents, consultants
and intermediaries (together here known as
“suppliers”) is a well-known mechanism to engage
or deal with people in the human slavery chain.
How RFG can help?
14
Our Firm has several technology solutions available to
help in MDS Programs. These include a comprehensive
risk solution through Supplier Integrity®, assistance with
screening, due diligence and questionnaires through
ComplianceDesktop® or use of our API solutions to
connect to our screening databases for quick and easy
screening through your CRM or ERP. What solution is
best for you depends on your risks, objectives, controls
and budgets
15
An effective MDS Program should require
the following procedures to ensure that such
Suppliers are not engaged in MDS and that
their suppliers are also not engaged in MDS:
• Reviewing the due diligence at regular intervals
and constantly monitoring the parties concerned
against watch lists, sanctions lists and the media
for any MDS activity
• The approval of each Supplier prior to
engagement
• Providing direction to each supplier by giving
advice on policies, procedures and their code of
ethics especially around MDS practices
• Conducting due diligence to understand the
circumstances under which the supplier has been
engaged and instructed, including the business
and integrity background of the supplier
• Only engaging the supplier after first verifying
their level of integrity and transparency
• Providing training, tools and direction in the
standards expected of them in regard to MDS
issues
• Conducting ‘health checks’ and MDS audits at
regular intervals16
• Having a contract with the supplier that
addresses compliance with MDS and including
appropriate warranties and indemnities
• Paying the supplier only for services rendered
which have been properly verified and validated
that exclude MDS practices.15
Conducting and maintaining an effective supplier
due diligence program is an essential part of any
MDS Program. This involves investigating and
constantly reviewing the background and integrity
of all your suppliers throughout the term of their
relationship. Some of these options are available:
• Collecting material and background information
from the supplier to any engagement
• Having the supplier do a self-certification in the
form of a questionnaire
• Reviewing the material by using an independent
compliance-focused background screening
organization that tests the veracity of such
information and independently assesses their
integrity status in the marketplace and their MDS
position
• Having the due diligence assessment reviewed
and approved prior to engaging the supplier
16
How RFG can help?
15
We regularly provide the services listed here to clients
around the World. Both screening, due diligence and
audits on MDS risks.
16
We provide all of these services and are able to advise
on the best approach based on your risk profile, the
support available, budgets and also the objectives of
your MDS Program.
Checking the performance of your
MDS Program (Article 9)
09
The ISO 19600 Framework requires a large amount of time and effort on the performance of your MDS
Program and making sure that it works according to the scope, context, and goals that you set earlier
in the design of the MDS program. Measuring and monitoring the controls could utilize tools such as
sampling, questioning, auditing, or reviews of policies. All of these mechanisms need to be developed
when you determined the original actions to manage the risks.
In short, the framework requires you to have agreed, up front, a clear performance monitoring system.
This is not something that you decide ‘later’, it is a fundamental part of the development of the control
mechanisms that you have in place.
Monitoring and Measurement
Monitoring the Program
Monitoring Training
Effectiveness of Controls
Currency of Obligations
Near Misses
Feedback
From Employees, Customers,
Regulators, Stakeholders
KPI development and measurement
Reporting of Feedback collated
Record Keeping
Compliance Culture
Audit
Management Review
Scope and Criteria of Audits
Adequacy of Program
Selection of Auditors
Resource Adequacy
Documentation of audit and results
Achievement of compliance
objectives (goals)
Monitoring the MDS Program procedures is a crucial, yet often-overlooked, ingredient to the program.
Often companies rely simply on anonymous reporting hotlines and internal audit to conduct monitoring
and measurement but have no real program to support these claims. Putting in place or mandating these
procedures without also having a mechanism to manage them is a waste of resources.
17
Monitoring the MDS procedures is an area that
most compliance officers are relatively unfamiliar
with. They tend to focus only on whether
training (which is but only one of the compliance
procedures) has being completed. This is because
it is easy to assess (as it involves simply an
assessment of completed training vs. the overall
employee base) and involves minimal cost.
The monitoring of compliance procedures must
assess the actual effectiveness of the procedures;
whether they are in place; understood; and
working well.
Monitoring the procedures could involve:
• Making sure the objectives of the procedures,
the overall program and the business needs are
aligned
• Assessing any cultural change brought about by
the procedures
• Identifying if there is a change in the behavior of
those following the procedures
• Determining whether business value has been
realized by putting in place the procedures
Measurement is all about how well the compliance
procedures are working and presenting evidence
to prove it. It requires that the objectives of the
program be assessed and measured.
Targets should have been set in the earlier stages
of the program and agreed with the CEO and the
Board on the future success of the program. All
these now need to be measured and reported.
Measurement involves active review of the
program. Most MDS programs include some form
of audit of each procedure in order to measure
the effectiveness of each procedure. An audit
should cover all aspects of the MDS program,
including the actual performance of the controls
and procedures. It is important to audit whether
the MDS Program is working and, if not, find out
why. Are employees aware of their obligations?
18
Do they know what they should and should not do
in a particular situation? Do they know where to
go to get help?
The nature of the audit-framework you develop
will very much depend on your company and its
background and culture, whether you are at the
initial stages of implementing your MDS Program,
how developed your auditing systems are and
other such considerations. It is important to make
sure that any audit is realistic in its purpose, maps
the objectives and targets of the MDS Program and
provides useful and insightful results which can be
used to ensure ongoing improvement.
It is essential for you to determine who or what
you are auditing. The audit typically includes:
• Awareness of the MDS Program throughout the
organization
• Assessment of whether the MDS Program has
been complied with and to what extent
• Assessment of whether the training has been
effective
• Determining whether approved suppliers are
correctly assessed and on-boarded
The frequency of measurement very much depends
on the MDS Program and the particular you are
measuring and is often agreed at the commitment
stage for reporting purposes.
10
Improving your MDS Program
(Article 10)
Improving the MDS Program is required and
mandatory. The ISO Standards and Guidelines
take this element very seriously and focuses on
words like Non-Conformity (major and minor)
and also corrective actions. These elements are
most important when considering the certification
standards but are still relevant in a noncertification environment.
The aim of ISO 19600 as a framework applied to
MDS matters is to never allow the MDS risks (that
are relevant to you) to appear in your organization.
Any failure, any break in policy or procedures
means that you need to improve your system. The
aim is zero failures and the system needs to be
checked, reviewed, refined and improved.
Non Conformity Management
Procedures to deal with
non-conformity
Implement corrective actions
Escalation Paths
Continuous Improvement
Check the suitability, adequacy
and effectiveness of Program
19
ABOUT
THE RED
FLAG GROUP
ABOUT
THE RED
FLAG GROUP
20
About The Red Flag Group®
The Red Flag Group® supports companies in ensuring that they only engage the best
suppliers and only the best suppliers remain in their supply chain.
With a mix of risk analyses, technology, data, research, audits and assessments, we
help companies manage the selection and onboarding of suppliers and conduct
screening, due diligence and assessments on companies and people in 194 countries.
The risks that suppliers can pose on a company are diverse. We identify these risks
up front using our proprietary risk algorithms and analyses (built into our technology
platform) and then support the management of those risks through awareness,
approvals, workflows, due diligence, certifications and audits.
We help proactively identify where suppliers may create risks for the company and
onboard those suppliers with the right review, approval and risk-management steps to
minimise those risks.
Learn more about The Red Flag Group® by visiting www.redflaggroup.com
LEARN MORE
To learn more about The Red Flag Group®,
visit our resources here:
WEBSITE:
www.redflaggroup.com
INSIGHTS AND EVENTS:
insights.redflaggroup.com
CONTACT US:
info@redflaggroup.com
21
Related documents
PRIVACY Issues 10/12/2008 Safe Harbor Global Marketing Chapter 6
PRIVACY Issues 10/12/2008 Safe Harbor Global Marketing Chapter 6
Mathematics 502 Homework (due Mar 28) 27) A. Hulpke
Mathematics 502 Homework (due Mar 28) 27) A. Hulpke
NOTE: #1# denotes the lecture/ ppt from which the questions have
NOTE: #1# denotes the lecture/ ppt from which the questions have
RKTO Newsletter May 2013 - University of Birmingham
RKTO Newsletter May 2013 - University of Birmingham
LPC position
LPC position
Download
advertisement