How it works?
Compliance Master uses internationally published statistical sampling methods (ISO 2859.1:1999 / AS1199.1:2003 Sampling procedures for inspection by attributes) to accurately monitor, assess and control operational risks.1
Unlike other solutions, the software's smart data-analytics will determine whether an organisation's operational risk levela have exceeded user- specified limits (risk appetite) by analysing the type and number of non-compliant products and activities found in a much smaller statistically calculated “sample”.
One of the benefits of this highly rigorous approach to auditing and inspection is the result is classified into one of two classes; i.e. compliant / non-compliant, conforming / non-conforming, acceptable / unacceptable, etc. This enables the software to determine when an organisation needs to take action to mitigate or improve its risk-control performance.
Originally developed by the Bell Telephone Company during the mid-1920’s, these methods have stood the test of time and are published by most major standards bodies worldwide; refer below.
Auditing, Assessment and Control Process
The following diagram provides a high-level overview of how Compliance Master uses the statistical sampling methods outlined above to create a highly efficient and effective risk-based auditing and inspection system. Compliance Master can be used to undertake one-off audits and inspections, but its biggest benefits are derived when it is used to continuously monitor and improve process and third-party risk control performance.
RISK TARGETS (APPETITE)
To start performing audits and inspections using Compliance Master you must first define your organisation's operational risk limits; or risk appetite. These limits represent the maximum level of process or third-party non-compliance your organisation or its customers are willing to accept as a long-term average. The software uses this information to optimise audit and inspection efficiency, control process and supplier outputs, and to benchmark and report risk control performance; refer below.
AUDIT / INSPECTION POPULATION
To initiate audits and inspections using Compliance Master you must first estimate your total audit / inspection population. This is just one of several risk-factors taken into consideration by the software when calculating the optimum sample-size for each audit and inspection.
Another risk-factor used to calculate the optimum sample-size is the capacity of the responsible process or third-party to consistently achieve the user-specified risk targets; which is represented by a simple risk-performance-dial rating; Excellent, Good and Poor. Initially, this rating is manually assigned to each process and third-party manually when configuring the software. But from here, Compliance Master's advanced data-analytics automatically evaluate and where necessary, update the rating following each audit and inspection.
The above risk-factors are used to calculate the optimum sample-size for each audit and inspection. This process is performance-based, meaning processes and third-parties with a “Poor” risk-performance-rating are audited and inspected more intensely than those with an “Excellent” or "Normal" risk-performance-rating. This dynamic, risk-based approach to audit and inspection leads to substantial time and cost savings compared to conventional non-statistical solutions. It also ensures an organisation’s limited auditing and inspection resources are always focused on its areas of highest risk exposure.
Compliance Master creates a tailored on-line checklist for each audit or inspection; which can be accessed from any web-enabled device. Captured data is automatically uploaded onto the system, analysed and reported in real-time. There is also tablet app available with auto-sync for remote off-line auditing and inspection applications. Over and under auditing and inspection is eliminated by terminating the data collection process as soon as the required sample-size requirement has been achieved.
CONTROL ACTIONS (PROTOCOLS)
Following each audit and inspection collected data is automatically analysed to determine what, if any, user-defined actions (Protocols) are needed to mitigate non-compliance risk levels and strengthen risk controls. Actions can be automatically allocated to a nominated person for implementation and close-out. Compliance Master will optimise your organisations response to audit and inspection outcomes by ensuring they are always proportionate to the assessed risk level.
1 AS 1199.1-2003 Sampling procedures for inspection by attributes, Part 1: Sampling schemed indexed by acceptance quality limit (AQL) for lot-by-lot inspection. These procedures are reproduced with permission from SAI Global under license 1004-c068. To purchase this standard online follow link: http://www.saiglobal.com.