The management of organizations needs to consider the risk across the respective operating disciplines, to satisfy the Audit Standard ISO 19011:2018. The post-2015 Standards are risk-based and require risk-driven management.
The post-2015 Standards are intended to engage Top Management through risk-based decisions to facilitate its context, strategic direction, and interested parties. The Operations consider the risk of failure of the processes to meet the objectives of the organization, set by Top Management at Management Review. Organizations continue to maintain silo management, in spite of the risk-based standards. ISO 19011:2018 directs that combined or integrated audits be conducted across multi-disciplinary organizational processes. For example, if a company is ISO 9001 certified, other discipline risks still exist.
Conducting risk-based process audits requires a) an alternative approach to silo management for managing multi-discipline processes b) A change from clause based auditing to an alternative risk-based approach to conduct an audit over a process.
Clause 5.1.1 c of the Management Standards state ‘ensuring the integration of the “discipline “management system requirements into the organization’s business processes’ The integration of the discipline Standards conflicts with silo management. Generally, management standards auditor training is on a single discipline Standard. The offered course demonstrates the methodology for combining management systems and disciplines, risk-based techniques, and audits. For any process industry, this program is necessary.
The Single Management System is an award-winning Quality Assurance Institute alternate management method; made possible by the post-2015 Management Systems and referenced in the 19011:2018 Audit Standard.
Transitioning from silo to risk-driven management
Three factors are considered as a result of risk-based organizations.
- Individual management systems are silo driven based on the respective disciplines. Transitioning to risk-based management involves combining the disciplines into a single management system.
- Clause-based audits per each management system are irrelevant, a holistic approach of risk across the combined system as a – single management system
- ISO 19011:2018 mandates a risk-based approach to audits as distinct from the previous clause based audits.
Top Management, Operations, Discipline Managers, and Auditors should participate to determine for the operating disciplines come together as a single management system and the means to audit it.
Traditional Silo Management for ISO Standards. The practice usually considers the risk of individual standards that are applied to each discipline silo or department. Audits are usually conducted for each discipline separately. The disciplines interface with each other, which presents risks to the operations and is likely to be a source o conflict. An alternative format to silo management for the operations to support a risk-based approach is necessary.
The application of the respective Standards across the operations, is as a Single Management System because the risks are to be evaluated holistically, simultaneously across all disciples. For a successful audit in order to adopt ISO 19011:2018, organizations have to be appropriately formatted to conduct audits to fulfill the latest Audit Standard. The Single Management System formats the respective Standards to unite in a single Plan, Do, Check Act format..The techniques to fulfill the integrated disciplines are delivered via PowerPoint and tested.
Single Management System
Clause vs Risk-based Audit Analogy
The clauses of the Standard can be viewed as part numbers of an engine on a workbench. It is still an engine! Clause-based Auditing is like an inspection for measuring each part to verify the specifications of the parts.
The engine’s components are assembled and cranked to start its operation. Risk-based auditing is based on measuring the performance of the engine as a system of the components.