This page contains a Flash digital edition of a book.
ISO 9001:2015 Addresses Risk. Is Your Organization Ready? Tracks


If the following activities are ineffective, a management system can be harmed:


• HR practices. • Management tools. • Data processing. • Call centers. • Marketing. • Contract administration. • Customer communication. • Design and development.


Top management and the board of directors must understand their management system and improve its effectiveness.


2. Customer satisfaction risk. Customer satisfaction risk is affected by customer communication, problems with delivery, product, design and repair, and poor response to customer feedback. To reduce this risk, data should be input into a process of analysis along with product quality data, product and process monitoring data, and inputs on supplier quality.


3. Supply chain risk. Procurement managers must be concerned with outsourced products and services, sole suppliers, timely delivery, inventory management and documentation. Communication is a key to effective supply chains. Metrics used to manage supply chain risk include delivery times, inventory levels and cost.


4. Revenue recognition risks affect profi ts. Managing this type of risk consists of tracing products from sales, through production, to delivery and payments receivable. Revenue recognition is affected by accounts payable, accounts receivable, revenues recorded before delivery, quotation to cash errors, spreadsheet errors and incomplete pricing information.


The quality manager has a major role in controlling the effectiveness of the revenue recognition process. There is overlap between quality and fi nancial management systems, including product realization, costs, sales, invoices, payments, inventory management and delivery. Data from shipping are a direct input into accounts receivables and revenue recognition. In many organizations, revenue recognition problems have a major effect on earnings and may result in a falling stock price.


There is also a risk of material misstatements due to fraudulent revenue recognition. An auditor should test the controls established to detect fraud in the revenue recognition processes.


5. Information security risks include viruses, unsecured fi les, inaccurate fi nancial records and reporting, poor change control, information retrieval errors, overuse of spreadsheets, use of contractors and consultants, the introduction of new technology, industrial espionage and fraud.


ISO/IEC 27001:2005—Information technology— Security techniques—Information security management systems— Requirements contains requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving information security management.


6. Logistics risks. A major concern for organizations today is the risk caused by the threat to national security. The search for concealed weapons of mass destruction slows the shipping process. One consideration is how containers will be screened, identifi ed and traced from the country of origin to the purchasing organization. The following factors affect logistics risk:


• Transportation of raw materials and completed products.


• Damage during shipping.


• Delays resulting in missing on-time delivery requirements.


• Delays causing understocking of materials. • Homeland security information requirements.


New tools must be developed for screening and tracing without supply line disruption. After the product is produced, you must overcome these logistics related challenges to ship it to the customer.


7. Natural disaster risk. In the past few years, the world has experienced a number of natural disasters. Businesses continuity (BC) requires safekeeping of information in protected storage and planning for disaster recovery.


IT plays an important role in the BC process. IT procedures should be specifi cally defi ned to assure that BC will operate in a timely and effective manner. The organization’s members of IT should be part of the BC development team.


IT must provide safekeeping and protective storage of information and must manage, secure and provide safety against


www.NATM.com November/December 2015 43


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68