How it works?
Optimised Risk Auditing and InspectionCompliance Master® combines world-best statistical auditing and inspection methods1 with the very latest in cloud-computing technology to accurately monitor, assess and control an organisation's compliance and operational risks within defined limits, or risk appetite; while significantly reducing the amount of time and effort normally spent collecting, analysing and reporting audit and inspection findings and recommendations to internal and external stakeholders.
Originally developed by the Bell Telephone Company during the mid-1920’s, the Acceptance Sampling by Attributes methods used by Compliance Master® to optimise audit and inspection effectiveness and efficiency have stood the test of time, and are published by most major standards bodies worldwide. These methods provide organisations consistent levels of confidence and assurance in their auditing and inspection results, eliminating the need for expensive and time-consuming 100% inspection.
Risk Assessment and Control Overview
The following diagram provides a high-level overview of how Compliance Master® uses the above statistical sampling methods to collect and analyse audit and inspection data, and to assess whether an organisation's risk appetite has been exceeded and what actions, if any, are needed to mitigate non-compliances and/or improve process performance.
Compliance Master® can be used to undertake one-off and ongoing compliance audits and inspections, but the biggest benefits are derived when it is used to continuously monitor and improve process and third-party compliance and operational performance.
RISK APPETITE (TARGETS)
To start using Compliance Master®'s risk auditing and inspection products you need to define your organisation's risk limits; or risk appetite. This establishes the maximum level of non-compliance or rate of process failure your organisation is willing to accept as a long-term average. Compliance Master® uses this information to optimise audit and inspection efficiency, control risk levels, and benchmark and report risk control performance. This step is not required with some Compliance Master® products and applications as the software assumes a zero risk appetite i.e. system audits and 100% inspection.
AUDIT / INSPECTION POPULATION
To initiate an audit or inspection you must first estimate and enter the total number of items i.e. products, activities, data, documents, etc. to be assessed by the software i.e. audit / inspection population. This is just one of several risk-factors taken into consideration by Compliance Master® when calculating the optimum sample-size for the audit and inspection. There is no restriction on the type or number of items included in each audit/ population; other than they must to be produced by the same process, group or third-party over the same timeframe.
Another risk-factor taken into consideration by the software when calculating the optimum sample-size for each audit and inspection is the capacity of the responsible process, group or third-party to consistently achieve the organisation's specified risk targets. This assessment is represented by a simple risk-rating i.e. Excellent, Good and Poor. Initially, this risk-rating is manually assigned to each process, group and third-party using historical data or expert opinions. Once auditing and inspection commences Compliance Master® uses its advanced data-analytics and machine-learning to continuously evaluate and update this risk-rating as necessary.
The above risk-factors are used by the software to calculate the optimum sample-size for each audit and inspection. This process is performance-based; meaning processes, groups and third-parties with a “Poor” risk-rating are audited / inspected more intensely than those with an “Excellent” or "Good" risk-rating. This dynamic, risk-based approach to audit and inspection leads to substantial time and cost savings compared to conventional non-statistical solutions. It also ensures an organisation’s limited auditing and inspection resources are always focused on its areas of highest risk exposure.
Compliance Master® produces a tailored on-line checklist for each audit and inspection, which can be accessed from any web-enabled device. Audit and inspection data is automatically uploaded to the system, analysed and reported in real-time. Over and under auditing and inspection is eliminated by terminating the data collection process as soon as the required sample-size requirement has been achieved.
CONTROL ACTIONS (PROTOCOLS)
Following each audit and inspection collected data is automatically analysed to determine what, if any, user-defined actions (Protocols) are needed to mitigate risk levels or strengthen risk controls. Actions can be automatically allocated to nominated personnel for implementation and close-out; thereby ensuring an organisation's response to audit and inspection outcomes is always consistent and proportionate to the assessed risk.
1 AS 1199.1-2003 Sampling procedures for inspection by attributes, Part 1: Sampling schemed indexed by acceptance quality limit (AQL) for lot-by-lot inspection. These procedures are reproduced with permission from SAI Global under license 1004-c068. To purchase this standard online follow link: http://www.saiglobal.com.