Continuous improvement with effective management
Phase 3 Co-Sourced Internal Audit
Continuous Improvement
An effective compliance management system requires continuous improvement.
Monitor
Monitor the business for the continuous growth.
Continuously improve your assurance
Once the baseline has been established the focus turns to continuous improvement.
Strytex works with organisations to focus on four main areas…
Obligations
The Obligation Hierarchy
The obligations hierarchy prioritises compliance by the potential consequence of non-compliance for an organisation.
Mandatory governmental obligations are the top priority and dealt with first and then all the remaining voluntary obligations are dealt with in turn.
Risk
The Risk Matrix
The risk matrix prioritises non-compliance by likelihood and consequence.
Very high risk non-compliances are the top priority and dealt with first and then all the remaining risk are dealt with in decreasing priority.
Document Quality
Document Quality
Document quality is a constant problem.
- Templates are often badly designed making it difficult for users to complete and
- Completed forms are missing vital information like dates, signatures, uncompleted tasks, defect ratings.
Strytex works with organisation to improve the quality of their documentation. We help redesign template forms to make them easy to follow and complete; we audit every compliance certificate to check it provides organisation with the protection and assurance they need.
Suppliers
Suppliers
Suppliers of maintenance service often simply tick the boxes however, our clients rely on their suppliers for their specialist knowledge and expertise to keep their staff and stakeholders safe.
Strytex, on behalf of our clients, works with suppliers to modify their approach from box-ticking to assurance, keeping our clients and their stakeholders safe and sound.
Monitoring the business
The Strytex portal dashboard provides management and staff with near real-time compliance data so they can quickly see who or what is non-compliant and drill down to see why they are non-compliant.
The RAG report
The RAG (red, amber, green) report provides a daily snapshot of what documents
— are about to expire
— have expired but within tolerance
— have expired and are now out of tolerance
The RAG report enables staff to chase expired activities as well as execute corrective actions and plan for activities that are about to expire. or that are current but failed.
The Exception Report
The exception report not only takes into account the known knowns from the RAG report but also applies the control groups to highlight the known unknows, i.e. what’s missing.
The exception report provides the artificial intelligence and measurable assurance that the controls are in place and being followed.
Our Insights
This article provides organisations with a model from which to build a comprehensive obligations register.
A bias-free framework for prioritising and categorising obligations for any sized organisation in any industry.
James Frost makes some excellent points in ‘The rise and rise of the risk officers’, that CROs are responsible for a vast range of risks and that CROs need a...
To improve total compliance assurance, the widely used industry acronym GRC needs to be challenged and updated by adding O, for obligations.
Based on anecdotal evidence from talking to multiple prospects and clients we have come across four compliance types.
The purpose of this article is to raise awareness of non-financial risks by coining the term ‘operational [governance, risk and compliance] GRC’ (OpGRC) to elevate it to the same level...
Next time you are getting any equipment installed, make sure your installer is aware that you require a full and complete Installation and Commissioning report, including all baseline data.
After months of coding, coffee, doughnuts and testing, we have released 4.3 to the world! - Customisable grids, which means customisable reports - Define your own sub-glossary to eliminate confusion...
We've just made the Strytex platform even more powerful. We've added a risk matrix so you can prioritise all your assurance certificates by risk!
In 2008, a study by R Doleman found that 87% of 160 audited fire and smoke doors were non-compliant with over 935 failure items!
We track thousands of certificates for our clients and have seen quite a few bad quality documents. Had an absolute classic one a few days ago, so I thought I’d...
Compliance administration is a three legged stool and when it breaks, it can be a very painful experience.
Because of IoT, many maintenance schedules will soon go the way of the dinosaur. So what happens to the thousands of national and international standards and regulations that define maintenance...
Websites selling template Safe Work Method Statements (SWMS) for activities like carpet cleaning, hand tools etc. drive me crazy, it's just wrong.
First published by Procurement Professional, the official magazine of CIPS Australia, June 2011 Purpose Actions by suppliers are damaging brands and reputations and more and more company directors, officers and...
Not only is there confusion around some of the IT buzzwords floating around, some people question if “IT fads” can deliver measurable business benefits for an industry. This article clears...
Why organisations are COINing it to protect their brand and reduce their risk.
Are your suppliers putting your company's brand and reputation at risk? The importance of supplier compliance management and the impact of the COIN approach.
Summaries the key findings of the survey into the Importance of Supplier Compliance Management carried out by Strytex during May 2010.
Collecting compliance information from suppliers and subcontractors is a costly, time-consuming, soul-destroying task. Nigel Dalton-Brown suggests an alternative approach which distributes the administration costs across the industry.
So what's next?
Take a look around and get in touch.
Strytex will help your organisation get ready for ISO 37301 accreditation before your competitors so you can increase your market share, reduce your risk and make customers, shareholders and regulators happy.
